manualshive.com logo in svg

4IPNET WHG315, User Manual


Share
Download
background image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

 

User’s  Manual 

 

V2.20

 

 
 

  WHG  &  HSG  Series

 

Secure  WLAN  Controller  /   

Wireless  Hotspot  Gateway 

 

 

 

Summary of Contents for WHG315

Page 1: ...User s Manual V2 20 WHG HSG Series Secure WLAN Controller Wireless Hotspot Gateway...

Page 2: ...NET INC Disclaimer 4IPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights n...

Page 3: ...measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiv...

Page 4: ...N side VLAN option 39 3 3 1 Port Based Service Zone 39 3 3 2 Tag Based Service Zone 40 Chapter 4 User Authentication Database 41 4 1 Authentication Database Configuration 41 4 2 Built in Authenticatio...

Page 5: ...14 8 3 Certification 117 8 3 1 System Certificate 118 8 3 2 Internal Root CA 119 8 3 3 Internally Issued Certificate 120 8 3 4 Trusted Certificate Authorities 121 8 4 Management Access 122 Chapter 9 U...

Page 6: ...t 187 Chapter 14 VPN 190 14 1 Site to Site 190 14 2 Remote Client 192 14 3 Local Client 193 Chapter 15 Switch Management 195 15 1 Switch List 195 15 2 PoE Schedule Template 196 15 3 Backup Configurati...

Page 7: ...Area AP Management 285 a Overview 285 b List 286 c Adding 287 d Discovery 288 e Templates 289 f Firmware 297 g Upgrade 297 h WDS Management 298 i Rogue AP Detection 299 j AP Load Balancing 300 2 Wide...

Page 8: ...39 1 Administrator Account 339 2 Backup Restore 343 3 Certificates 344 4 Network Utilities 347 5 Simulation Tool 349 6 Restart 350 7 System Upgrade 351 G Status 351 1 System Summary 352 2 Interface 35...

Page 9: ...ing rules firewall rules usage terms and privileges which are collectively known as authorization Finally accounting are performed by 4ipnet WHG Controllers periodically while a client is using the ne...

Page 10: ...ing features can be found well packed into the 4ipnet WHG Controllers Providing three varieties of NAT function Walled Garden for free website surfing Network device monitoring tool Static DNS transla...

Page 11: ...Gateway Series 4ipnet HSG Gateways are feature rich network edge devices designed for network service provisioning authentication security and management Depending on the scale of deployment there are...

Page 12: ...into the 4ipnet HSG Gateway Providing three varieties of NAT function Walled Garden for free website surfing Network device monitoring tool Static DNS translation Proxy Server VPN and more 4ipnet HSG...

Page 13: ...e http www 4ipnet com for the latest product line status For more detailed listing of each model hardware and installation know how please refer to Appendix B 1 5 4ipnet Solution Overview 4ipnet WHG C...

Page 14: ...work in Port Based Mode Layer 2 Network in Tag Based Mode Layer 3 networks not only span physically under the LAN ports of 4ipnet WHG Controller it is also capable of reaching over different IP networ...

Page 15: ...e LAN side Local User is a type of user whose account credential is stored in the 4ipnet WHG Controller s built in database named Local The 4ipnet WHG Controller s Local database capacity varies with...

Page 16: ...ncluding Active Directory and NTDomain Win2K s NTDS External Authentication Database is useful for both implementing account roaming and centralized account management Service Zone is a logic partitio...

Page 17: ...eges login schedule routing rules and session limit which will be enforced to users of a particular Group A user may only belong to one Group but can be governed by different policies while accessing...

Page 18: ...s Manual WHG Controller HSG Gateway ENGLISH 18 Relationship of Service Zone Group and Policy Service Zone 1 Service Zone 2 Service Zone 3 Policy B Group Student Group Faculty Group Guest Policy C Poli...

Page 19: ...den Advertisement links if needed Set up Payment gateway to allow end user credit card self payment for On Demand accounts if needed Load SSL certificate for the Web Server before operation Monitor ge...

Page 20: ...essary functionalities and are for operation usage once your network is up and running Customers with needs to fulfill specific applications integration with 3rd party devices customization etc please...

Page 21: ...Chrome IE9 and higher recommended of any PC connected to the LAN interface with the default IP address of 192 168 1 254 The default administrator account and password is Username admin Password admin...

Page 22: ...User s Manual WHG Controller HSG Gateway ENGLISH 22 You may refer to part E of Appendix F for details on admin accounts configuration...

Page 23: ...corner of the interface to return to the login screen 2 2 Running the Wizard The Setup Wizard provides a collection of configuration steps which are essential in the setup and operation of your netwo...

Page 24: ...Step 2 Select Connection Type for WAN1 Port There are three types of WAN connections to be selected from Static IP Address Dynamic IP Address and PPPoE Client Select a proper Internet connection type...

Page 25: ...abase To add a user here enter the Username e g testuser Password e g testuser and assign an Applied Group to this particular user or use the default Group 1 Click Next to continue Step 4 Confirm and...

Page 26: ...anual WHG Controller HSG Gateway ENGLISH 26 A Confirm and Restart message will appear on the screen during the restarting process Please do not interrupt the system until the Administrator Login Page...

Page 27: ...Manual WHG Controller HSG Gateway ENGLISH 27 Please do NOT interrupt WHG restart process until the admin login page reappears which indicates the restart process has been completed Restart process co...

Page 28: ...opology with resiliency capacity and survivability in mind Typically organization networks today are a combination of manageable wired and wireless LANs sometimes even remote LANs Designed to fulfill...

Page 29: ...gation switch Locate the aggregation switch close to the network core e g mainframe housing Locate edge switches close to users e g one per floor Layer 3 Topology This network topology aims to build a...

Page 30: ...LAN If there are multiple switches in a building use an aggregation switch Locate the aggregation switch close to the network core e g mainframe housing Locate edge switches close to users e g one pe...

Page 31: ...d and duplex of the WAN connection When Auto Negotiation is On the System chooses the highest performance transmission mode speed duplex flow control that both the system and the device connected to t...

Page 32: ...opular method PPTP protocol for dialup connections is adapted by some ISPs in European Countries Your PPTP ISP will issue you an account with a password as well as the PPTP server address NOTE 1 When...

Page 33: ...k Click the Renew button to get an IP address automatically PPPoE If your ISP provides PPPoE Dialup connection then the ISP will issue you an account with a password You would need to enter the accoun...

Page 34: ...707 and above are carrier grade models designed with a SFP and Ethernet port for both WAN1 and WAN2 respectively Administrator can further decide which physical port to be deployed as WAN1 or WAN2 Eth...

Page 35: ...ice Fiber Port Deploy the SFP port for service Fiber Port and Ether Port Bridge Fiber port and Ethernet port physically only connect one uplink either via SFP port or Ether port Bonding Deploy both SF...

Page 36: ...hput under such constraint will not be greater than 1Gbps even if you configure 2Gbps on the Controller 3 2 5 Uplink Detection Failover Uplink Detection When the WAN interface has been configured with...

Page 37: ...s based on percentage load calculated using session bytes or packets WAN Failover Once enabled whenever WAN1 is down WAN2 will service the traffic originally handled by WAN1 If the nested option is se...

Page 38: ...User s Manual WHG Controller HSG Gateway ENGLISH 38 NOTE 1 Please note that WAN Failover feature cannot be enabled concurrently with Load Balancing feature...

Page 39: ...nd will not be able to service any Service Zone Configuration Path Main Menu System LAN Ports 3 3 1 Port Based Service Zone Port Based mode operates with the principle that each physical LAN port can...

Page 40: ...ration mode operates under the principle that different Service Zones are identified by VLAN ID This means that Tag Based operation allows each physical LAN port to accept traffic for any enabled Serv...

Page 41: ...ccess 4ipnet WHG controllers support built in and external authentication databases All the authentication options are listed below Built in Authentication options Local with user credentials stored i...

Page 42: ...stration of authentication databases in relation to WHG Controller The configurations of authentication options for Internal and External authentication are done separately The 5 external authenticati...

Page 43: ...authentication method checks the local database that stores user often the staff and credentials internally The Local user database is designed to store static accounts which will not be deleted unles...

Page 44: ...count and the controller 6 Expiration are optional time constraints which may be enforced to this account if the Account Span option is checked This is a useful attribute if used in complement with Mu...

Page 45: ...s the defined csv format are consistent for all models 2 Duplicated accounts will result in upload failure and a warning message will be displayed Modifications to Account Credentials For existing use...

Page 46: ...selecting the Select All checkbox There will be a popup window asking if you are sure to carry out the action 4 2 2 On Demand User Database The On Demand user database is designed for guest user accou...

Page 47: ...Controllers Configuration Path Main Menu Users Internal Authentication On Demand On Demand Account Settings 1 General Settings for the On Demand Account database can be configured on this page General...

Page 48: ...er HSG Gateway ENGLISH 48 The WHG Controller can work in hand with Clickatell SMS server for On Demand accounts credentials to be sent to users via SMS message With a set of Clickatell account Usernam...

Page 49: ...es for account generation an Account Registration Control option is available In addition the administrator has an option of allowing or disallowing users to register for new accounts prior to account...

Page 50: ...nts generation can be done on On Demand Account Creation On Demand accounts can be created individually or in batches The On Demand Accounts List houses all the existing On Demand accounts Each accoun...

Page 51: ...access and surf the network without any user account or password This feature allows the user to associate with a particular Service Zone enter a specified string of text which may be a social securit...

Page 52: ...uest users are then mapped to a selected User Group for policies application Email verification ensures that the entered email is a valid email address When this option is enabled an activation time i...

Page 53: ...System Service Zone Configure Scroll down the page to Authentication Options Check to enable the option for FREE Subsequently after apply of STEP 1 and STEP 2 configurations the end user will see tha...

Page 54: ...avoid malicious use of free access 4 3 External Authentication Options Most organizations have already established a centralized user account servers Consequently 4ipnet WHG controllers are equipped...

Page 55: ...built in or external databases they will need to be enabled in each enabled Service Zones individually 4 3 1 RADIUS Remote Authentication Dial In User Service RADIUS is a networking protocol that pro...

Page 56: ...entication 4ipnet WHG controllers support RADIUS authentication RADIUS class mapping and RADIUS transparent login with 802 1X Below is the detailed configuration page of RADIUS settings Attributes of...

Page 57: ...User s Manual WHG Controller HSG Gateway ENGLISH 57...

Page 58: ...protocol where e mail is kept by a certain Internet server 4ipnet WHG controllers offer administrator a way of authentication in which users are granted the Internet service by typing in their email...

Page 59: ...a complete setup Configuration Path Main Menu Users External Authentication Server 4 by default is selected to use LDAP database for user credential check Click on the Server Name to enter the detaile...

Page 60: ...Additionally if Windows Active Directory is deployed as identity check for device access Transparent Login feature may be enabled to grant access to device and network with a single login action 4 3 5...

Page 61: ...on Path Main Menu Users External Authentication By default SIP is not selected as database for any Auth option Enable SIP from Authentication Settings in the respective Service Zones The administrator...

Page 62: ...User s Manual WHG Controller HSG Gateway ENGLISH 62 Please also make sure that the corresponding Service Zone also has Enable checked in the SIP Interface Configuration in order to function properly...

Page 63: ...ed by practical setup processes on these three attributes 5 1 Overview of the Concept Group A Group is a set of users that admin considers they share some extent of similar characteristics i e role ba...

Page 64: ...unts in Controller s default template login success page Password change privilege to allow users to change their own passwords subsequent to a successful login in Controller s default template login...

Page 65: ...1 in service zone 1 but policy 3 when he goes to service zone 3 Relationship Between Group Policy and Service Zones The first figure displays the relationship between group and policy and the attribu...

Page 66: ...cally set up the groups and policies on the WMI of the 4ipnet WHG Controller Group Overview Configuration Path Main Menu Users Groups Overview The Group Overview table gives a summary of which Authent...

Page 67: ...figuration The Group Configuration Group x table is for Policy settings to be defined for the Group Multiple Device Login except for On Demand can be enabled here The Zone Permission Configuration Pol...

Page 68: ...eway ENGLISH 68 Check the Status checkboxes to allow users of this Group to access the corresponding Service Zones To configure from a Service Zone s perspective please go to Access Permission and Aut...

Page 69: ...cy Configuration 1 Select Policy allows administrator to choose which Policy Profile to configure 2 Firewall Profile is for defining service protocols user firewall rules and IPv6 firewall rules 3 Pri...

Page 70: ...cies in the drop down list and start configuring each attribute by clicking Configure After the setting remember to always click Apply to save the changes made Note again that the Global Policy is the...

Page 71: ...or from the following path for existing accounts Users Authentication Local Configure Local User List username There is an Applied Group row for admin to determine the attribute On Demand accounts may...

Page 72: ...sion mapping and Service Zone profile The Policy enforcement priority is as follows Group Service Zone Mapping Service Zone default Policy Global Policy Therefore if the administrator does not specify...

Page 73: ...HCP servers authentication options policies and security settings and so on By associating a unique VLAN Tag when it is tag based and an SSID with its Service Zone administrator can flexibly separate...

Page 74: ...below As the figure depicts a staff of a firm is associated with a certain SSID broadcast by an access point This SSID belongs to let s say VAP with VLAN ID 15 Therefore the AP s traffic when forward...

Page 75: ...Tag based the correspondence of service zones and ports will be grayed out Each Service Zone will need to be assigned a unique VLAN ID ranging from 1 to 4096 Note that the Default Service Zone is des...

Page 76: ...d public IP s Router mode as the name suggests is a network operating without address translation in and out of the Controller Router mode is selected when using public IP or under circumstances where...

Page 77: ...applied to clients in this Service Zone Note that when None is selected a switch port connecting to the LAN port of the WHG may be shut down if the switch has loop protection enabled and there are mor...

Page 78: ...is an optional checking mechanism on the Controller when Enabled will check to see if the lease expired IP is currently online If yes the Controller will halt the issuing of this IP address until the...

Page 79: ...for service 2 MAC address authentication RADIUS MAC authentication feature once enabled if the connected device has its MAC address entered in the configured RADIUS Server the Controller will automat...

Page 80: ...ser would have been authenticated successfully without further UAM login The IP Address Range Assignment field configures the starting IP range which PPP can assign IP addresses to dial up virtual int...

Page 81: ...s to choose from apart from the 4ipnet Default Page Customize with Template Upload Your Own and Use External Page 4ipnet Default The gateway has a standard 4ipnet Default Login Page with the 4ipnet lo...

Page 82: ...You may edit the HTML code with any text editor as long as the file is saved in html format Use External Page The Login Page can be a defined external URL This option requires extensive knowledge of U...

Page 83: ...N side and the LAN side We call the WAN side AP management Wide Area AP Management due to its scalability across the Internet or intranet and the LAN side AP management Local Area AP Management Below...

Page 84: ...ble 4ipnet Access Points for Local AP Management may be checked at Main Menu Access Points Local Area AP Management Overview Manageable 4ipnet Access Points for Wide Area AP Management may be checked...

Page 85: ...e AP configuration Under Wide Area AP Management there is a template under CAPWAP tab page which allows the administrator to configure VAP to Service Zone mappings when the AP is tunneled back for cen...

Page 86: ...ts on the LAN side of your 4ipnet WHG controller It starts with a methodology of adding access points to the AP management list of a controller all the way to the utilities that can be applied on the...

Page 87: ...an AP applying Templates and Service Zones can be done by checking the checkboxes on the left of the AP List and clicking the respective buttons Details on AP Templates configuration are elaborated i...

Page 88: ...ck Apply at the bottom of the page to add the AP to add an AP it doesn t necessarily have to be online Check the AP List to confirm the adding Subsequent modifications to AP configurations are possibl...

Page 89: ...addresses you would like to scan through and click Scan Now The Discovery Results Table will then display all the AP s found currently alive After finding the AP admin can further set up the template...

Page 90: ...nfiguration tasks one by one Click Configure for more detailed settings such as the subnet mask and the default gateway Up to eight templates can be saved for each AP model Click the Add Template butt...

Page 91: ...ons available are Open System Share Key WPA WPA2 or WPA WPA2 Mixed WEP When Authentication is Open System or Share Key WEP will be enabled WPA When Authentication is WPA WPA PSK or WPA RADIUS will be...

Page 92: ...Allowed Disabled AP does not allow devices with these addresses to associate with the APs of this Service Zone Denied Disabled It allows devices with these addresses to associate with the APs of this...

Page 93: ...cal Area AP Management Upgrade select the AP s you would like to import the version to When done with the selection click Upgrade at the bottom of the page NOTE 1 Please read through the release note...

Page 94: ...nual WHG Controller HSG Gateway ENGLISH 94 A simple concept diagram illustrating WDS connection The WDS management function helps administrators plan and setup a Tree structure of WDS network with man...

Page 95: ...sh automatically at fixed intervals 10s 20s 30s 40s 50s 60s WDS Update To add a new WDS connection select New Parent AP and New Child AP from the respective drop down list and click Add Note that a ne...

Page 96: ...nterference Go to Main Menu Access Points Enter Local Area AP Management Rogue AP Detection to set up the function Admin should determine the scanning interval select an AP for the scanning job as sen...

Page 97: ...s have more chance to be associated The system can divide the managed APs into groups define the group threshold and a time interval which will trigger the AP load balancing Local Area AP Management f...

Page 98: ...the Internet Main Benefits of Wide Area AP Management Cross Layer 3 IP network management Centralized traffic forwarding for distributed remote AP sites Graphical Map utility for easy reference and d...

Page 99: ...Multiple Access Points Configuration path Main Menu Access Points Wide Area AP Management AP List Add With the AP Discovery feature administrator can scan for APs regardless of their physical locatio...

Page 100: ...HSG Gateway ENGLISH 100 7 3 3 AP Configuration with Templates Configuration with templates is supported on selected models for Wide Area AP Management Configuration path Main Menu Access Points Wide...

Page 101: ...D and assign VLAN ID if needed Configure Security Settings such as WEP 802 1X WPA Personal WPA Enterprise if needed Advanced Wireless Settings allows the administrator to fine tune performance and eff...

Page 102: ...Certificate management on the controller please refer to the subsequent chapter in this guide 3 Upload the necessary security certificate into the AP in order for the Controller to validate CAPWAP di...

Page 103: ...tion from System CAPWAP where admin will see several discovery methods to be activated namely 1 DNS SRV Discovery This type of discovery utilizes a DNS server to complete the discovery method Through...

Page 104: ...ast discovery works by sending a multicast discover packet to the network in hopes of the correct controller responding to it This function should go with a proper setup on the routing paths of the AP...

Page 105: ...E 1 AP tunnels will be established automatically when the CAPWAP template has selected VAP to be enabled and tunneled back to a SZ 2 If the CAPWAP discovery process fails please check the certificate...

Page 106: ...e tunneled back to the controller from remote APs Administrator may wish to allocate a NAS Identifier as well as designate an IP pool for service In the managed AP list in Wide Area AP Management admi...

Page 107: ...6 Access Points on Map Configuration path Main Menu Access Points Wide Area AP Management Map 4ipnet controller supports adding AP s on Google Map The process is shown below 1 Create your own map by c...

Page 108: ...d map After the settings admin should be able to see an icon of the AP on the selected map NOTE 1 The button Show Coverage on the main page of Map indicates whether admin would like his her AP s to sh...

Page 109: ...ction to set up the function Admin should then determine the scanning interval select an AP for the scanning job as sensors and add AP s shown in the suspected rogue AP list to the trusted list for fu...

Page 110: ...ted The system can divide the managed APs into groups define the group threshold and a time interval which will trigger the AP load balancing Wide Area AP Management feature also supports the grouping...

Page 111: ...IPv6 address to either WAN1 or WAN2 of the network interface There are three ways to configure an IPv6 address for the chosen WAN interface namely Static 6to4 and go6 Please select the option applica...

Page 112: ...ication The Username Password and Server Address are the only mandatory fields for go6 transition The list of Tunnel Brokers is growing and administrators can choose to define a specific Tunnel Broker...

Page 113: ...ion protocol ARP IPv6 Ping It allows administrator to detect a device using IPv6 address or Host domain name to see if it is responding Trace Route 6 It allows administrator to recover the real path o...

Page 114: ...ontrol Network operators may want to limit the accessibility of certain accounts or devices from authentication or association from time to time This section describes the ways in which user or device...

Page 115: ...ated information in the Remark blank fields not required click Apply to add the users To remove a user from the black list select the user s Delete hyperlink to remove that user from the black list Af...

Page 116: ...a MAC address Access Control List where specific MAC addresses may be listed for access filtering either allow or deny User authentication is still required for MAC ACL Allowed users Click Configure...

Page 117: ...issue certificates to APs that it manages in its private network Administrator can sign certificates issues by the system s root CA and load these certificates to managed APs These security certifica...

Page 118: ...ed for applications such as HTTPS login CAPWAP and etc The Controller has a built in Factory Default Certificate gateway example com that cannot be removed but allows certificates to be uploaded To vi...

Page 119: ...e administrator can upload an Internal Root CA or generate a root CA for private use The created root CA certificate can be downloaded and used to sign certificates generated by the system Note that t...

Page 120: ...the View button 8 3 3 Internally Issued Certificate Internally Issued Certificates can be generated on this page Note that an Internal Root CA needs to be created first before Internally Issued Certif...

Page 121: ...certificates signed by other CA entities or Trusted CAs into the system These trusted root CA certificates are intended for the Controller to recognize and trust certificates of External Payment Gatew...

Page 122: ...ific IP addresses or ranges of IP addresses both from WAN or from LAN For example entering 192 168 3 1 and 192 168 1 0 24 means that only the device at 192 168 3 1 and devices in the range of 192 168...

Page 123: ...for management personnel to access their designated assigned areas of authority a necessary feature for large scale deployment requiring multiple management personnel This configuration path will lead...

Page 124: ...rized personnel Note that these settings are disabled by default Step 2 Configure Group Access property The Controller supports customizable administration account types namely Super Group Manager On...

Page 125: ...en inputting the desired account name password and the assigned authority group Subsequent to clicking Apply the newly generated account will be displayed in the table below NOTE 1 The Password Safety...

Page 126: ...l lead to a pop up window prompting to save a db file 2 Restoring previous db configurations may be performed with options such as keep WAN settings to prevent the loss of WMI connection if this actio...

Page 127: ...process completes and the system needs to be restarted afterwards to activate the new firmware FTP firmware upgrade is also an option enter the FTP server IP address FTP server port and the FTP accoun...

Page 128: ...eral minutes to complete Click Apply to restart WHG Controller If the power needs to be turned off it is highly recommended to restart WHG Controller first and then turn off the power after completing...

Page 129: ...ministrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc A drop down menu is available for selecting the information refresh rate...

Page 130: ...tatus System Summary The system status page displays a table of contents including system firmware version report servers configured WAN optional settings User log profile system time and session cont...

Page 131: ...User s Manual WHG Controller HSG Gateway ENGLISH 131 corresponding configuration pages...

Page 132: ...provides the details of each of the network interfaces for the administrator to inspect including WAN1 WAN2 SZ Default SZ1 SZ8 Select the network interface that you are interested to see If the selec...

Page 133: ...al WHG Controller HSG Gateway ENGLISH 133 NOTE 1 If statistics are required to be saved for long term keeping See Report Notification section for instructions to send and save network traffic on exter...

Page 134: ...System interface settings for IPv6 traffic 10 1 5 DHCP Server Configuration path Main Menu Status DHCP Leases The DHCP IP lease statistics can be viewed after clicking on Show Statistics List on this...

Page 135: ...nutes hours days the number under column 3 indicated the expired count in the last 30 minutes hours days and so on DHCP Lease List Valid IP addresses issued from the DHCP Server and related informatio...

Page 136: ...y clicking Kick Out and check the user access AP status by clicking the hyperlink of the AP name for Access From Click Refresh to update the current users list or you can select the time interval for...

Page 137: ...s Configuration path Main Menu Status Monitor Users Roaming In Users This page displays the users that are physically under this controller but are authenticated by a roaming peer controller The users...

Page 138: ...d database as RADIUS database 10 2 5 Session List Configuration path Main Menu Status Sessions This page allows the administrator to inspect sessions currently established between a client and the sys...

Page 139: ...Change Log This page shows the account and IP of the person that has made changes to Controllers WMI configurations Local Monthly Usage This page shows the aggregated statistics for Local users showin...

Page 140: ...mber of rows 20 40 60 80 100 to display per page Select the Begin and End date from the calendar to filter unwanted User Events After the Begin and End dates are selected click Display to display all...

Page 141: ...ft blank if inapplicable to the User Type 10 4 Reports Notification Configuration path Main Menu Status Reporting WHG Controller can automatically send various kinds of user and or system related repo...

Page 142: ...il addresses and necessary mail server settings where various user related logs will be sent to SYSLOG Settings Allows the configuration of two external SYSLOG servers where selected users logs as wel...

Page 143: ...43 users logs as well as system logs will be sent to Notification Settings Provides an overview of all the available users and system logs for selection Selected logs can be sent to the chosen locatio...

Page 144: ...ply to activate Plan The number of the selected Billing Plan profile Plan Type The account type chosen for this plan Different account types have different properties A suitable account type should be...

Page 145: ...n Valid Period has been used up or quota depleted Quota is the total period of time xx days yy hrs zz mins during which On Demand users are allowed to access the network The total maximum quota is 364...

Page 146: ...User s Manual WHG Controller HSG Gateway ENGLISH 146...

Page 147: ...unt expires only when quota is depleted Quota is the total period of time xx days yy hrs zz mins during which On Demand users are allowed to access the network The total maximum quota is 364Days 23hrs...

Page 148: ...User s Manual WHG Controller HSG Gateway ENGLISH 148...

Page 149: ...ff Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to use the On Demand account...

Page 150: ...ay ENGLISH 150 11 2 4 Volume Users can access internet as long as account is valid with remaining quota traffic volume Account expires when Valid Period is used up or quota is depleted This is ideal f...

Page 151: ...rk Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation will result in account expiration Valid Period is t...

Page 152: ...t down begins immediately after account is created and is continuous regardless of logging in or out Account expires once the Elapsed Time is reached This is ideal for providing internet service immed...

Page 153: ...h the account is valid for internet access xx hrs yy mins Number of Devices is to define the number of allowed simultaneous logged in devices per account Price is the unit price of this plan Group wil...

Page 154: ...ut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for use It is set to accoun...

Page 155: ...roller HSG Gateway ENGLISH 155 11 2 7 Duration time with Begin and End Time The Begin Time and End Time of the account are defined explicitly Count down begins immediately after account activation and...

Page 156: ...0 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account wil...

Page 157: ...and does not need to go through authentication Overview of Network Ticket Generator SDS200W is an innovative product 4ipnet offers to facilitate the communication between 4ipnet hotspot gateway and s...

Page 158: ...an account Number 1 asterisk Number 2 ENTER Print a ticket of billing Number 1 with Number 2 units For example 8 asterisk 3 ENTER is equal to create an On Demand account of billing plan 8 with 3 unit...

Page 159: ...SDS200W Status 1 Short illuminated intervals means SDS200W successfully booted up It flashes slowly 2 Long illuminated intervals means SDS200W and uplink device connected 3 Special flashing means the...

Page 160: ...e Fast Flashing t Amplitude Constantly on Amplitude Constantly off t Amplitude Special flashing t t Amplitude Short illuminated intervals t Ride Side Panel 1 Kensington Lock Be used to lock the device...

Page 161: ...rt of SDS200W by a RS 232 cable provided within the POS printer package 5 Connect SDS200W to your 4ipnet Gateway Controller via Ethernet port Note You need to connect to the correct LAN port if your G...

Page 162: ...teway 192 168 1 254 Remember to set the TCP IP settings of the computer you use with a static IP address that is under the same subnet as SDS200W For example 192 168 1 20 The settings of SDS200W are s...

Page 163: ...the keys can only print out tickets one at a time To Batch create tickets turn to Main Menu Users Authentication On Demand User Server Configuration On Demand Account Batch Creation on 4ipnet control...

Page 164: ...t after 1 clicking Save and 2 rebooting the system After SDS200W and the uplink device has built a successful connection the Status indicator will blink with long illuminated intervals The recommended...

Page 165: ...fails the SDS200W will always have the printer print out if the connection is successful or it failed Please make sure beforehand that the Ethernet cable is plugged in Note The SDS100 can be set up th...

Page 166: ...the desired language for the configured ticket template WHG supports English French German Japanese Spanish Simplified Chinese and Traditional Chinese For accounts generated with the SDS200W password...

Page 167: ...ay start customizing your POS ticket from the window below manually typing or by inserting parameters from the drop down list as shown in the above example Once this is done you may start assigning Bi...

Page 168: ...especially for mobile devices which require typing on small keyboards and are not easy on the eyes Log in credentials including your Username Password Usage quota Price and etc are all embedded in the...

Page 169: ...illing Plan the corresponding ticket template needs to be customized to support QR Code 1 The width needs to be changed to 3 default value 2 2 The parameter needs to be added by typing in qr on the te...

Page 170: ...ate functionality which allows the administrator or operator with access authority to On Demand page to create multiple accounts for an enabled billing plan in batch and send them to POS printer for g...

Page 171: ...eating batch On Demand accounts For random generated passwords they can be short 4 characters or long 8 characters When creating custom Usernames the Prefix and Postfix will be kept constant while the...

Page 172: ...yPal is used as an illustration example below Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account After opening a PayPal Business Account the hotspot o...

Page 173: ...ct the enabled billing plans that are allowed for end users to self purchase through the payment gateway The service disclaimer can be customized by configuring Web Page Customization Subsequently aft...

Page 174: ...count with a valid credit card In order for users to get account info via SMS after buying a new account online and eliminate the risk of forgetting his her username and password at the next time of l...

Page 175: ...bottom of the page Just like all customizable web pages in the system this page also supports customization with templates uploading html or using an external page An example of what will be displayed...

Page 176: ...w the Login page with a list of available plans and service agreement The Service Agreement body can be configured at the applied Service Zone s Custom Pages settings User may choose a billing plan cl...

Page 177: ...can operate in conjunction with third party hospitality applications and has been tested with the Net Retriever middleware which provides seamless integration between the gateway and the popular High...

Page 178: ...e Port Mapping feature must be enabled first Administrator could use Port Location Mapping feature to map a location such as a hotel room to a VLAN port of VLAN switch or a DSLAM device Each Room is m...

Page 179: ...e an account The account cost will be sent to the PMS and added to the hotel bill via the configured middleware NOTE 1 VLAN Ports may be created one by one or batch at once Subsequent changes are poss...

Page 180: ...et Retriever Configuration path Main Menu Users Middleware Net Retriever In the Middleware tab page of Users category administrator may choose to select the interfacing protocol that is compatible wit...

Page 181: ...ink Link test frequency is customizable Furthermore the room guest s status may be optionally altered upon receipt of a check out message from the middleware system either making the account expire de...

Page 182: ...tem end Administrators may define User Account credentials using a combination of RN Room number GN Guest Name or G Guest Number to designate the Micros protocol parameter for carrying the username an...

Page 183: ...User s Manual WHG Controller HSG Gateway ENGLISH 183...

Page 184: ...pport regarding compatibility and technical evaluation on your telecom operator please contact 4ipnet support team 13 2 WISPr for ISP Roaming Configuration path Main Menu System Service Zones Service...

Page 185: ...to block users from that particular WISPr roaming agent to access your internet For example if you fill in ipassconnect the iPass clients will be denied roaming access in your network WISPr Location I...

Page 186: ...roaming enabled the end user would not experience network interruption The traffic would be tunneled back to the original Controller for forwarding into the internet Cross Gateway roaming architectur...

Page 187: ...may be used for other Controllers as their external RADIUS authentication database This application offers the ability to refer to a single central Controller for account credential lookup during the...

Page 188: ...User s Manual WHG Controller HSG Gateway ENGLISH 188 To use On Demand user database as the RADIUS database of another Controller Configuration path Main Menu Users Internal Authentication On Demand...

Page 189: ...ice Settings hyperlink The redirected page allows the administrator to specify the Controller IP which is allowed to behave as a RADIUS client and authenticate against this Controller s enabled user d...

Page 190: ...Controller supports Site to Site VPN for more than 2 WHG Controllers to create VPN tunnel to each other over the WAN network For example if there are 2 WHG Controllers you can create a VPN tunnel to l...

Page 191: ...settings in both sites must be same Then create a Local Site with subnet for mapping to the remote site Such as 192 168 11 0 24 of WHG Controller_A 192 168 111 0 24 of WHG Controller_B after the tunn...

Page 192: ...14 2 Remote Client Configuration path Main Menu Network VPN Remote VPN WHG Controller supports Remote VPN for user login to system from a remote area After the user is logged in to system from the ou...

Page 193: ...n page Input the enabled authentication options username and password and the user will login successfully to the system NOTE 1 After Remote VPN is enabled the default home page will be the Remove VPN...

Page 194: ...goal of this design is to eliminate the configuration difficulty from IPSec VPN users On the client side the IPSec VPN implementation of the system is based on ActiveX and the built in IPSec VPN clie...

Page 195: ...ncluding the 4ipnet SW1024 15 1 Switch List Configuration path Main Menu Switches Switch List A 4ipnet SW1024 switch connected either to a WAN port or LAN port of the WHG Controller can be added manua...

Page 196: ...Schedule Template The PoE Schedule Template allows administrators to set a schedule for delivering power on the assigned ports of the managed switch This function can be used to control AP schedules...

Page 197: ...15 3 Backup Configuration Configuration path Main Menu Switches Backup Configuration Backup Configuration displays a list of backed up configuration from a managed switch Configuration can be saved to...

Page 198: ...with minimum impact during service transition The 4ipnet HA approach implements a dedicated message link between ACs Access Controller to create an N 1 redundancy system where N is 3 Once the HA link...

Page 199: ...net role When enabled LAN1 port will become the dedicated HA port When disabled LAN1 remain its normal function as LAN port 2 The Web UI has a configuration item to designate this AC as either Active...

Page 200: ...interruption as they are L2 devices Clients associated to locally managed AP will experience the same scenario little or no network interruption as wired clients during service switchover 7 Wide Area...

Page 201: ...ck Restore button When the Quick Restore button is pressed while the system power is on the boot up option will be switched Press this button while system is powering up and release when the Quick Res...

Page 202: ...e button will switch the operation to FW1 Config1 Successive reboots without pressing the Quick Restore will trigger the system to run with FW1 Config1 2 Reset to Default When the administrator resets...

Page 203: ...HSG Gateway ENGLISH 203 3 Firmware Upgrade When the administrator performs firmware upgrade on WMI the system will overwrite the FW and Default of the FW not in operation The current in operation FW C...

Page 204: ...are and the system will reboot with the new firmware 4 Modifying Backup Restoring Configuration When the administrator performs backup restore or configuration changes the targeted Config is the in op...

Page 205: ...205 16 2 2 Quick VPN 1 Allow admin to establish site to site VPN with a push button action between two Access Controller for example between HQ site AC and Remote site AC Paragraphs below will design...

Page 206: ...Quick VPN LED lights up AC2 will be in VPN negotiating mode AC2 will automatically attempt to negotiate and establish site to site VPN with AC1 AC1 requires no pre configuration and will automatically...

Page 207: ...n WMI of sender AC The sender AC will be in ready mode for sending FW image and config The admin should power off the Receiver AC press and hold the Quick Maintenance button and then power will be bac...

Page 208: ...into 2 features namely Simulation Tool Utilities and Managed AP Simulation Status Models currently supporting the AP Simulation Utility are WHG405 WHG425 WHG515 WHG525 WHG711 and WHG801 16 3 1 Simula...

Page 209: ...mulation APs would depend on factors such as the AP model transmit power AP Height and etc Once these Simulation APs are created simply drag and drop these APs onto the floor plan 2 4GHz is indicated...

Page 210: ...User s Manual WHG Controller HSG Gateway ENGLISH 210 Click Simulate 2 4G or Simulate 5G to see if the deployed APs are adequate for your requirement...

Page 211: ...r HSG Gateway ENGLISH 211 When simulation is done successfully the recommended channel allocation will be shown next to the Simulation AP Configurations can then be saved conveniently to a template to...

Page 212: ...y the APs on the Managed AP Simulation floor plan are real managed Access Points on the Controller either by Local AP Management or Wide AP Management Access Points here are linked to APs managed by t...

Page 213: ...19 1U WAN 2 x GbE 2 x GbE LAN 8 x GbE 8 x GbE Local Accounts 3000 4000 On Demand Accounts 3000 4000 Managed AP Capacity Local Wide Combined 30 50 4ipnet AP Model EAP110 EAP210 EAP220 EAP320 EAP701 EAP...

Page 214: ...s 10000 10000 Managed AP Capacity Local Wide Combined 40 80 4ipnet AP Model EAP110 EAP210 EAP220 EAP260 EAP320 EAP700 EAP701 EAP717 EAP727 EAP747 EAP750 EAP757 EAP760 EAP767 OWL400 OWL410 OWL500 OWL53...

Page 215: ...pnet AP Model EAP110 EAP200 EAP210 EAP220 EAP260 EAP300 EAP320 EAP700 EAP701 EAP717 EAP747 EAP750 EAP757 OWL400 OWL410 OWL500 OWL530 OWL610 OWL620 EAP110 EAP210 EAP220 EAP260 EAP320 EAP700 EAP701 EAP7...

Page 216: ...pnet AP Model EAP110 EAP200 EAP210 EAP220 EAP260 EAP300 EAP320 EAP700 EAP701 EAP717 EAP747 EAP750 EAP757 OWL400 OWL410 OWL500 OWL530 OWL610 OWL620 EAP110 EAP210 EAP220 EAP260 EAP320 EAP700 EAP701 EAP7...

Page 217: ...00 1200 4ipnet AP Model EAP110 EAP200 EAP210 EAP220 EAP260 EAP300 EAP320 EAP700 EAP701 EAP717 EAP747 EAP750 EAP757 EAP760 EAP767 OWL400 OWL410 OWL500 OWL530 OWL610 OWL620 OWL630 EAP110 EAP210 EAP220 E...

Page 218: ...Please refer to Appendix Hardware Button for detailed operation instructions 2 LED Displays Power Power LED lights up as constant green when power supply is on Status Status LED is Blue Blinking indi...

Page 219: ...and boot up with that firmware Quick VPN This button is for establishing a site to site VPN tunnel with minimal pre configurations at a push of a button Please refer to Appendix F for detailed operat...

Page 220: ...o default configuration 2 Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal to login to the confi...

Page 221: ...dicators Power Status and Hard disk to indicate different status of the system 2 LCD Display Allows network administrator to check important system settings such as network interface SZ configurations...

Page 222: ...ch as Microsoft s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc 4 USB Reserved for future use 5 WAN1 WAN2 Two Gigabit WAN ports 1...

Page 223: ...rtant system settings such as network interface SZ configurations etc The navigation buttons from left to right respectively are Esc Up Down and Enter 3 Console The system can be configured via a seri...

Page 224: ...The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc 5 USB Re...

Page 225: ...such as the ADSL Router from your ISP Internet Service Provider 2 LAN5 LAN6 SFP Client machines connect to WHG Controller via these LAN ports SFP 3 LED Indicators There are four LED indicators WAN1 WA...

Page 226: ...o WHG Controller via these LAN ports 10 100 1000 Base T RJ 45 7 USB Reserved for future use 8 Console The system can be configured via a serial console port The administrator can use a terminal emulat...

Page 227: ...AN 10GbE SFP 1 x 10Gb SFP for client machines to connect to WHG Controller 5 WAN1 WAN2 SFP Two combo WAN ports SFP are connected to the external network such as the ADSL Router from your ISP Internet...

Page 228: ...ur ISP Installation 1 Connect the power adaptor or power cord to the power socket on the rear panel The Power LED should be on to indicate a proper connection 2 Connect an Ethernet cable to the WAN1 P...

Page 229: ...GbE 2 x GbE 2 x GbE 2 x GbE 2 x Combo SFP LAN 4 x GbE 8 x GbE 2 x GbE 2 x GbE 4 x GbE 2 x SFP Local Accounts 2000 3000 5000 6000 15000 On Demand Accounts 2000 3000 5000 6000 15000 Monitored AP n a 10...

Page 230: ...icate that the WAN Uplink is connected LAN1 LAN4 The LED is to indicate the connection status of each LAN USB This indicates the status of USB connection The USB port is reserved for future use 4 WAN...

Page 231: ...g indicates that system OS is booting up when lit up constantly it indicates that the system is ready for operation Quick Restore This is used to indicate that the system will now switch to the other...

Page 232: ...onfiguration 5 USB Reserved for future use 6 Mgmt For management use only it will always open WMI Web Management Interface homepage 7 WAN1 WAN2 Two Gigabit WAN ports 10 100 1000 Base T RJ 45 for uplin...

Page 233: ...our LED indicators WAN1 WAN2 LAN4 and LAN5 to indicate the traffic status of the SFP ports 4 WAN1 WAN2 Two WAN ports 10 100 1000 Base T RJ 45 are connected to the external network such as the ADSL Rou...

Page 234: ...your ISP Installation 1 Connect the power adaptor or power cord to the power socket on the rear panel The Power LED should be on to indicate a proper connection 2 Connect an Ethernet cable to the WAN1...

Page 235: ...tempts to access the internet the system will address the user to the external login page configured Gateway while addressing users to the external web page will also send URL parameters required for...

Page 236: ...User s Manual WHG Controller HSG Gateway ENGLISH 236 The diagram below explains how External Page operates using user login logout flow as illustration Login...

Page 237: ...lows Field Value Description loginurl String URL encoded The URL to be submitted when a user logs in remainingurl String URL encoded The URL to be submitted when a user wants to get remaining quota vl...

Page 238: ...loginurl parameter with a self defined javascript function FORM action method post name form script language Javascript form action getVarFromURL window location href loginurl script INPUT type text...

Page 239: ...your self designed user page to function properly 1 External Login Page Variables Field Value Description loginurl String URL encoded The URL to be submitted when a user logs in remainingurl String UR...

Page 240: ...ondemand_creation_url String URL encoded The URL to be submitted when a user wants to create an On Demand user Only available for LOCAL users vlanid Integer 1 4094 VLAN ID gwip IP format Gateway acti...

Page 241: ...ed information BR Please enable the Cookie in the browser setting or open a website to get a Cookie Invalid IP address Please check the IP address and try again Invalid MAC address Please check the MA...

Page 242: ...N ID client_ip IP format Client IP address gwip IP format Gateway activated IP address original_uid String Original User ID 4 External Logout Successful Page Variables Field Value Description uid Stri...

Page 243: ...Integer b s Minimum down link rate session String Encrypted session information 6 External Logout Fail Page Variables Field Value Description uid String User ID gwip IP format Gateway activated WAN I...

Page 244: ...en from cookie Output No output return user to logout successful page 3 Remaining quota Credit balance Path LAN IP address or Internal Domain Name loginpages reminder shtml Input Field Required Value...

Page 245: ...ired Sorry this username XXX is redeemed Error messages Value Integer Sec Or Byte or error no 1 Account not found 2 Out of quota 3 Expired 4 Redeemed Remaining quota if user is time type the value is...

Page 246: ...ent user password If not presented password stored in cookie is the default value myusername alternative variables username user account Required String Redeem user ID mypassword alternative variables...

Page 247: ...nt Creation Path LAN IP address or Internal Domain Name loginpages UserAuthentication OnDemandRecept shtml Input Field Required Value Description buttonNo Required Integer 1 10 Billing Plan No random...

Page 248: ...GLISH 248 username password expiretime usage price duration serial number result valuable expiretime is account expiration time which is a Linux time stamp and duration is account duration time and th...

Page 249: ...alized management and monitoring of your enterprise network including Linux Unix and Windows servers apps databases and network boxes HYPERIC HQ ENTERPRISE Aimed at the datacenter Hyperic s software i...

Page 250: ...ion of a project that started in 1998 http www wireshark org inSSIDer for wireless scanning frequency analyzer inSSIDer is a useful tool for scanning the air for nearby AP signals and in depth frequen...

Page 251: ...tion time Buy the time interval for a valid account Define the time interval for usage Count down begins when account activated and expires when the expiration time date reached Usage time Users can a...

Page 252: ...nual WHG Controller HSG Gateway ENGLISH 252 Volume Users can access internet as long as account is valid with remaining quota and need to activate the purchased account within a given time period by l...

Page 253: ...pire Account automatically activates when it is created Unit is the number of days to execute Cut off For example Unit 2 days Cut off Time 10 00 then account will expire at 10 00AM two days after crea...

Page 254: ...thin valid time interval Count down begins once account activates and expires when Expiration Time is reached Duration time accounts can be further classified into Elapsed Time Relative to Activation...

Page 255: ...ller HSG Gateway ENGLISH 255 Define explicitly the Begin Time and End Time of the account Account expires when the End Time has been reached Cut off Time Define explicitly the clock time to Cut off wi...

Page 256: ...unts of the same type but with various quotas this may be achieved via the Unit field Network operator is able to multiply the quota by an integer ranging from 1 to 9 in the Unit field Please note tha...

Page 257: ...User s Manual WHG Controller HSG Gateway ENGLISH 257...

Page 258: ...p row will redirect to configuration pages relating to its category II Setup Wizard This wizard is to provide express setup procedures Follow the instructions given at each step to change the system a...

Page 259: ...ge displays important system related information that the administrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc A drop down...

Page 260: ...r s Manual WHG Controller HSG Gateway ENGLISH 260 A System System This section relates to system configuration It includes General Information WAN Configurations LAN Ports Service Zones and etc 1 Gene...

Page 261: ...ator may be entered here Once configured user logs can only be accessed via the entered IP Pre Login Page A HTML customizable pre portal page before landing the Login Page UAM Filter The Universal Acc...

Page 262: ...his section enables the selection of actual Port to be deployed as WAN1 servicing port either copper SFP both or bonded Available on WHG707 WHG801 Physical Mode Select the mode Auto 1000Mbps Full 100M...

Page 263: ...ed for Load Balancing or WAN Failover Address for Detecting Internet Connection This section of the configuration page enables the administrator to specify external targets to check for uplink status...

Page 264: ...the selected WAN interface was set with a static IPv4 address go6 go6 is a platform that connects the world to the new Internet with IPv6 products community and services You may choose this connectio...

Page 265: ...ary controller switching service to the secondary controller manually available on 1 1 HA only Dedicated Port Currently LAN1 for all Controller models Status Reflects the current status of the HA link...

Page 266: ...ed service zone only default service zone will designate an IP segment for IP address assignment to the managed AP when the newly discovered AP is added into the selected service zones SIP Interface C...

Page 267: ...ice Zone Name The name of service zone could be input here Network Interface o VLAN Tag Tag Base Only The VLAN tag number that is mapped to the Service Zone o Tag Based LAN Port Isolation Administrato...

Page 268: ...f this service zone o Subnet Mask The subnet Mask of this service zone o IPv6 Settings The IPv6 Address and configuration of this service zone When IPv6 enabled o Network Alias List Administrator may...

Page 269: ...vice s name when issuing IP addresses The devices name Host Name can be seen under DHCP Lease tab DHCP Server Scope 2 Enable Disable When Enabled an additional DHCP server can be configured to assign...

Page 270: ...age pages include Login Success Pages Login Success Page for On Demand Users Login Fail Page Logout Page Logout Succeeded Page and Logout Fail Page Managed AP s APs operating under the Service Zone wi...

Page 271: ...ternet in this room without any charge If you do not want to provide any internet access right in the rooms you may change the Port type of the rooms to Block If the user opens a browser and tries to...

Page 272: ...tion DHCP Scope Select which DHCP Scope to use from corresponding Service Zone Assign VLAN ID From The starting VLAN ID Number of VLAN The total number of VLAN Location ID A numeric identification num...

Page 273: ...P Scope to use from corresponding Service Zone Assign VLAN ID The starting VLAN ID Location ID A numeric identification number or typically the room number Location Description Optional description fo...

Page 274: ...By setting up the connection to Middleware the system can listen to specific messages from PMS behind Middleware When hotel guest is buying an in room billing plan for Internet access the system will...

Page 275: ...status bundled with a room may be forcefully expired from use should the administrator desires upon room check out Micros Opera Setup Enter the PMS IP and PMS Port for Middleware connection PMS IP Ent...

Page 276: ...h Authentication Servers are used for the corresponding Group 16 sets of Group options and Zone Permission Configuration Policy Assignment can be defined respectively to enforce the access management...

Page 277: ...ler HSG Gateway ENGLISH 277 2 Internal Authentication The system supports multiple authentication options which include both internal and external databases Internal Authentication databases include L...

Page 278: ...specific user account when multiple options are concurrently in use To manipulate Local accounts go to Configure for Local User List The On Demand Authentication option is typically used for short ter...

Page 279: ...il etc defined by the administrator and use the network without actual authentication The accounts can have limited or limited access time and trial users can be bound to a User Group to apply Policie...

Page 280: ...up to 8 characters Usernames and Passwords can also be created manually for batch creation eg Prefix ABC Postfix DEF Serial Number 0001 Account List All created On Demand accounts and related informat...

Page 281: ...Zone A group of users within different Service Zones can be applied with different policies For example sales can be applied with different network access right while accessing from sales department...

Page 282: ...to specific group of users in different Service Zones Policy 1 has the highest priority and Policies with the higher priority shall be the first applied Policy A Preferred DHCP Pool defined in Service...

Page 283: ...f authentication This may be achieved either via IP address IPv6 Address or MAC address 5 Additional Control Additional configurations are in this section They are User Session Control Built in RADIUS...

Page 284: ...Idle Traffic Detection Designate the threshold where traffic flow smaller than the value configured will be considered as being idle Charge Traffic to from Host in Walled Garden List For usage or vol...

Page 285: ...that their time based account quota is about to run out Volume Reminder This is the option for the system to display a warning message to On Demand users that their volume based account quota is abou...

Page 286: ...enable disable delete apply a new template and other configuration All of the supported APs under management of the system will be shown in the list In the beginning the list is empty The administrato...

Page 287: ...tion The administrator can add supported APs into the List table manually by clicking Add and selecting Add AP The system will attempt to configure the AP with the value specified After processing the...

Page 288: ...an also set the channel the AP would use AP Type Select the AP model name which you like for the system to find Service Zone Select the Service Zone for which the device connected AP is to be managed...

Page 289: ...the AP type and then click Edit icon to enter the Template Editing page Template Editing The administrator can set the template configuration manually or copy the configurations from a specific exist...

Page 290: ...290 General In this section revise the Subnet Mask and Default Gateway here if desired Configure the NTP Servers and Time Zone In addition administrator can enable SYSLOG server to receive the log fro...

Page 291: ...time interval for waiting for the acknowledgement ACK frame If the ACK is not received within the interval then the packet will be re transmitted Higher ACK Timeout interval will decrease the packet...

Page 292: ...User s Manual WHG Controller HSG Gateway ENGLISH 292 VAP Configuration Enable Disable VAP under the Status column Configuration of VAPs can be done by clicking the edit icon under Action...

Page 293: ...User s Manual WHG Controller HSG Gateway ENGLISH 293...

Page 294: ...unction will stop the system from broadcasting its SSID If broadcast of the SSID is disabled only devices that have the correct SSID can connect to the system Wireless Client Isolation By enabling thi...

Page 295: ...WPA Enterprise Access Control The administrator can restrict the wireless access of client devices based on their MAC addresses Disable Access Control When Disable is selected there is no restriction...

Page 296: ...lable types of traffics subject to this rule Interface This indicates inbound outbound direction with desired interfaces DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for t...

Page 297: ...re version must be one that has been integrated Firmware Upload displays the current version of the AP s firmware New firmware can be uploaded here to update the current firmware To upload first click...

Page 298: ...he version before upgrade and the next version must be ones that have been integrated with the system h WDS Management WDS Wireless Distribution System is a function used to connect APs access points...

Page 299: ...onnection will become unreachable i Rogue AP Detection It is designed to detect the non managed or possibly malicious AP in the deployed environment It takes the managed APs as sensors to find the non...

Page 300: ...D Administrator can statically assign the BSSID of a known trusted AP in this list If an AP is entered into this list but not managed yet is present in the environment it will not show up in the Rogue...

Page 301: ...ay all the current AP groups and their status info Device List The scrollable window displays all the managed APs sorted by model name with relative information such as Group Name MAC IP Power Lv Load...

Page 302: ...ng this button will open a new page on your browser redirecting to the List tab page for displaying a list of APs in the Map List WDS in this Map Clicking this button will open a new page on your brow...

Page 303: ...equired to configure your map with AP information are described in the subsequent sections Before starting to add a new map in wide area AP management it s necessary to sign up for a Google account or...

Page 304: ...Now return to the Map tab page in WHG Controller s WMI and Scroll down to the bottom of the page click on the Add a New Map button An editing page will open for configuration please fill in a Map Name...

Page 305: ...Type If you have several APs deployed and listed in List under Wide Area AP Management their geographical location can be marked on a particular map Firstly go to the List tab page and click on the Ed...

Page 306: ...ed to this AP or the URL of the Venue Website where this AP is deployed Administrator can upload customized thumbnail images shown on the map After configuring all the necessary settings and uploading...

Page 307: ...teway ENGLISH 307 You can click on the AP icon to see the dialogue box for additional information or links that you have configured Click the more info link for information on AP status Client List WD...

Page 308: ...kup Config Restore Config and Upgrade All of the supported APs under management of the system will be shown on the list In the beginning the list is empty The administrator can add supported APs from...

Page 309: ...and the listed EAP200 Once the tunnel has been established the AP can be seen as logically connected under the WHG Controllers managed network and can be applied as a Service Zone Delete Remove the ch...

Page 310: ...Wide Area AP Management administrator can allocate NAS Identifier and designate an IP pool for service for each VAP of a Managed AP This can be configured while establishing tunnels between AP and Con...

Page 311: ...d automatically assigned the SNMP read community string which will be used for periodical status collection To Discover APs click Add from the AP List and select Discovery from the Add Method dropdown...

Page 312: ...ividual AP s Device Name and SNMP Community string Click the Add button and the discovered APs will be added into List d Adding The Adding function is used to manually set up an AP via filling in the...

Page 313: ...The SNMP Read Community string used for status access e Template Configuration with templates is supported on selectable AP Models Currently WAPM Template is only available on EAP210 EAP220 EAP320 EAP...

Page 314: ...1g 802 11n and 802 11ac Short Preamble The short preamble with a 56 bit synchronization field can improve WLAN transmission efficiency Select Enable to use Short Preamble or Disable to use Long Preamb...

Page 315: ...be decreased worsened Airtime Fairness When set to Fair Access this feature ensures all devices with different band compatibilities have the same air time When set to Preferred Access N clients are pr...

Page 316: ...et Access Point supports tagged VLANs virtual LANs To enable VLAN function each VAP shall be given a unique VLAN ID with valid values ranging from 1 to 4094 Once VLAN is Enabled QoS is supported on th...

Page 317: ...number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference DTIM Period Input the DTIM...

Page 318: ...wireless stations roam smoothly among IAPP enabled access points in the same wireless LAN Multicast to Unicast Conversion When Multicast to Unicast Conversion is enabled the Access Point intelligentl...

Page 319: ...are listed on the Backup Config tab page and can be downloaded to a local storage device or deleted from WHG Controller s memory h Firmware The WHG Controller can store AP s firmware in its built in...

Page 320: ...icate Authority CA This configuration item allows the administrator to select a Trust CA to validate the certificate used for CAPWAP Access Controller IP List The AC can statically designate other CAP...

Page 321: ...Ps and perform transmit power management to spread the network load as evenly as possible among APs of the same group WAPM Load Balancing This configuration item enables the administrator to specify t...

Page 322: ...g feature to be enforced l Third Party AP Management Add a third party AP by selecting THIRDAP from Device Type Add to AP List manually by specifying third party AP s IP address Name and VLAN ID Click...

Page 323: ...d to the List the switch s status will display online or offline Delete Select the switches you wish to remove from the list by clicking the corresponding checkboxes followed by the Delete button Rest...

Page 324: ...enter settings for the Template The following can be set on the PoE Schedule Template Power Supply Schedule Apply to The band channel width transmit power and etc If there is an existing managed switc...

Page 325: ...guration files E Network Network This section is used to configure all the network settings 1 NAT The NAT function supports 3 types of network address translation DMZ Demilitarized Zone Public Accessi...

Page 326: ...mapped to access the Internal IP Address These settings will become effective immediately after clicking the Apply button Public Accessible Servers Public Accessible Servers allow the administrator t...

Page 327: ...e IP Address and Port of Translated to Destination Select TCP or UDP for the service s type These settings will become effective immediately after clicking Apply 2 Monitor IP Multiple IP addresses can...

Page 328: ...nd click Apply to save the settings The Walled Garden List can be backed up or restored Walled Garden Advertisements are advertisement links for clients to access before they are authenticated by the...

Page 329: ...em Local VPN Remote VPN and Site to Site VPN For Local VPN the system allows the VPN tunnel between a local client s device and the system to encrypt the data transmission For Remote VPN the system al...

Page 330: ...User s Manual WHG Controller HSG Gateway ENGLISH 330...

Page 331: ...examples for configuring the proxy server settings of the WHG CONTROLLER Using Internet Proxy Server A built in proxy server in the controller can be Enabled even with a Proxy Server placed outside th...

Page 332: ...To specify an External Proxy Server choose the option External and fill in the appropriate IP address of the Proxy Server and the utilized port Follow the following steps to complete the proxy configu...

Page 333: ...ssign a Domain Name to IP mappings for all clients connected to the WHG Controller s LAN network This feature can be used to dispatch clients to preferred IP address for certain Domain Names NOTE By E...

Page 334: ...nd IS IS ISIS Configuration It is a routing protocol designed to move information efficiently within a computer network a group of physically connected computers or similar devices You can configure e...

Page 335: ...stratively grouped together Area 0 known as the backbone area resides at the top level of the hierarchy and provides connectivity to the non backbone areas numbered 1 2 Stub Are areas through which or...

Page 336: ...LISH 336 OSPF v3 Configuration IPv6 dynamic routing configuration RIP Configuration It is a dynamic routing protocol used in local and wide area networks You can configure each interface to be a Passi...

Page 337: ...cation Advertise as Default Gateway Inform neighboring nodes that this controller is the default gateway Advertise Global Policy Route Inform neighboring nodes the Global Policy route on this controll...

Page 338: ...the DNS server periodically These settings will become effective immediately after clicking Apply DDNS Enable or disable this function Provider Select the DNS provider Host name The IP address domain...

Page 339: ...Certificate 1 Administrator Account This can be used to create to edit to remove and to check administrator account The login account for the administrator is admin The admin password of the system ca...

Page 340: ...fferent permission Admin has authority to change his her own password or add more accounts to the admin list to take some of the management responsibility Password Complexity enables the admin to limi...

Page 341: ...r admins to decide the number of days the password will expire in A valid period can be defined for each password counting from the first login When a password expires the operator will need to setup...

Page 342: ...ure at the right of the drop down list to see and modify the differences Be aware that the authority limits of Super Group are unchangeable Create an account to the list by pressing the Apply button a...

Page 343: ...ettings 2 Backup Restore This is used to backup and restore system settings System factory default can also be restored Click the Backup button under General Backup to save the current system configur...

Page 344: ...Address List can be selected to retain WAN1 setting for remote access Reset to Factory Default Click Reset to load the factory default settings of the controller Remote Sync Status WHG311 WHG315 When...

Page 345: ...for applications such as HTTPS login CAPWAP and etc The Controller has a built in Factory Default Certificate gateway example com that cannot be removed but allows certificates to be uploaded To view...

Page 346: ...A certificate can be downloaded and used to sign certificates generated by the system Note that the system only allows one Internal Root CA to be created A root CA certificate may also be uploaded wit...

Page 347: ...also upload other certificates signed by other CA entities or Trusted CAs into the system These trusted root CA certificates are intended for the Controller to recognize and trust certificates of Ext...

Page 348: ...o Physical address translation tables used by address resolution protocol ARP IPv6 Ping It allows administrator to detect a device using IPv6 address or Host domain name to see if it is alive or not T...

Page 349: ...on Tool To run the Simulation Tool first a 2 D floor plan needs to be uploaded to the WHG Controller Click the Add Floor Plan button to add a floor plan Floor Plan Name Self defined name for Administr...

Page 350: ...mulation can be done by clicking the Simulate 2 4G or the Simulate 5G button If the results are satisfactory the settings on each AP may be saved as a template to be used to apply to APs in AP Managem...

Page 351: ...ecify the complete firmware filename stored on the FTP server that will be used to upgrade the system To upgrade the system firmware click Browse button to choose the new firmware file and then click...

Page 352: ...User s Manual WHG Controller HSG Gateway ENGLISH 352 1 System Summary A display of current settings on the system An overview of the system is provided here for the administrator s reference...

Page 353: ...nabled Disabled Idle Timeout The minutes allowed for the users to be inactive before their account expires automatically Multiple Login Enabled Disabled Report Syslog server 1 The IP address and port...

Page 354: ...one represents a virtual system therefore the information of the system s network interface is grouped by service zone Item Description Interface WAN1 Mode Operating mode of this interface MAC Address...

Page 355: ...IPv6 address of the SZ Service Zone DHCP Scope Default SZ1 SZ8 Status Enable disable stands for status of the DHCP server in Default Service Zone WINS IP Address The WINS server IP on DHCP server N A...

Page 356: ...plan will be used for Local Area Managed APs or Wide Area Managed APs Floor Plan Name Self defined name for Administrator s reference Floor Plan Select file for floor plan jpg format Wall Select file...

Page 357: ...n 5 Process Monitor The Process Monitor is a network utility that shows the active status of process daemons on the gateway Administrators can choose to Enable or Disable the Process Monitor by clicki...

Page 358: ...age The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months Each line in a monthly network usage of local user record consists of 6 fields...

Page 359: ...Roaming In Users Date Type Name NSID NASIP NASPort UserMAC UserIP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message 7 Reporting WHG CONTROLLER can automatically send various kinds...

Page 360: ...to the selected E mail address Sending Logs to SYSLOG The following log types can be sent to external SYSLOG servers configured in SYSLOG Settings Local Users Log On Demand Users Log Trial Users Log R...

Page 361: ...ngs in order to send the selected logs to the configured SYSLOG Servers Sending Logs to FTP The following log types can be sent to external FTP servers configured in FTP Settings Local Users Log On De...

Page 362: ...User s Manual WHG Controller HSG Gateway ENGLISH 362...

Page 363: ...xt FTP Settings Allows the configuration of an external FTP Server where selected users logs as well as system logs will be sent to FTP Settings Page FTP Destination This specifies the IP address and...

Page 364: ...Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM MD5 or Login but which method to be used can not be configured Sender E mail Address...

Page 365: ...the Last 10 Minutes Hours and Days are shown here The header 1 10 are the unit multipliers For instance the number under column 2 indicates the lease count in the last 20 minutes hours days the numbe...

Page 366: ...ease Log The DHCP Lease Log is displayed here and a search can be performed by IP Address MAC Address or Service Zone DHCP Lease List Valid IP addresses issued from the DHCP Server and related informa...

Page 367: ...route rule and the System Route rule has the lowest priority Clicking either IPv4 or IPv6 will show the routing rules for each policy or interface Policy 1 n Shows the information of the individual Po...

Page 368: ...ler HSG Gateway ENGLISH 368 Gateway The Gateway IP address of the port Interface The choice of interface network including WAN1 WAN2 Default or the named Service Zones to be applied for the traffic in...

Reviews:

No comments

Related manuals for WHG315

Net2Phone Max 410 Quick Start Manual preview
Max 410
Brand: Net2Phone Pages: 23
nedis WIFIZBT10CWT Manual preview
WIFIZBT10CWT
Brand: nedis Pages: 44
Multitech MultiConnect Conduit Getting Started Manual preview
MultiConnect Conduit
Brand: Multitech Pages: 37
3onedata GW110X Series User Manual preview
GW110X Series
Brand: 3onedata Pages: 44
AudioCodes MediaPack MP-262 Quick Manual preview
MediaPack MP-262
Brand: AudioCodes Pages: 2
AudioCodes TP-6310 Hardware Installation Manual preview
TP-6310
Brand: AudioCodes Pages: 70
ZyXEL Communications P-870MH-C1 Quick Start Manual preview
P-870MH-C1
Brand: ZyXEL Communications Pages: 5
ZyXEL Communications ZyWALL USG 2000 Quick Start Manual preview
ZyWALL USG 2000
Brand: ZyXEL Communications Pages: 120
Honeywell GW-1000-NWE Installation Instructions Manual preview
GW-1000-NWE
Brand: Honeywell Pages: 24
Honeywell Notifier NFN-GW-EM-3 Installation And Operation Manual preview
Notifier NFN-GW-EM-3
Brand: Honeywell Pages: 34
Honeywell NOTIFIER ONYXWorks NFN Gateway Installation & Operation Manual preview
NOTIFIER ONYXWorks NFN Gateway
Brand: Honeywell Pages: 48
Honeywell Notifier MODBUS-GW Installation And Operation Manual preview
Notifier MODBUS-GW
Brand: Honeywell Pages: 61
Honeywell GENT VIG-BNG Installation And Configuration preview
GENT VIG-BNG
Brand: Honeywell Pages: 4
Honeywell Notifier 002-467 Manual preview
Notifier 002-467
Brand: Honeywell Pages: 9
Honeywell CIU 888 Installation Manual preview
CIU 888
Brand: Honeywell Pages: 37
Honeywell NOTIFIER BACNET-GW-3 Installation And Operation Manual preview
NOTIFIER BACNET-GW-3
Brand: Honeywell Pages: 42
Honeywell HON-CGW-MBB Installation And User Manual preview
HON-CGW-MBB
Brand: Honeywell Pages: 154
Honeywell ESSER IQ8Wireless Gateway Installation Instruction preview
ESSER IQ8Wireless Gateway
Brand: Honeywell Pages: 2

Brands by name

Popular brands

Load more brands