background image

 

User’s Manual 

 

WHG Controller / HSG Gateway 

ENGLISH

 

 

 236 

The diagram below explains how External Page operates using user login/logout 

flow as illustration: 

 

Login: 

 

 

 

 

 

 

 

 

 

Содержание WHG315

Страница 1: ...User s Manual V2 20 WHG HSG Series Secure WLAN Controller Wireless Hotspot Gateway...

Страница 2: ...NET INC Disclaimer 4IPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights n...

Страница 3: ...measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiv...

Страница 4: ...N side VLAN option 39 3 3 1 Port Based Service Zone 39 3 3 2 Tag Based Service Zone 40 Chapter 4 User Authentication Database 41 4 1 Authentication Database Configuration 41 4 2 Built in Authenticatio...

Страница 5: ...14 8 3 Certification 117 8 3 1 System Certificate 118 8 3 2 Internal Root CA 119 8 3 3 Internally Issued Certificate 120 8 3 4 Trusted Certificate Authorities 121 8 4 Management Access 122 Chapter 9 U...

Страница 6: ...t 187 Chapter 14 VPN 190 14 1 Site to Site 190 14 2 Remote Client 192 14 3 Local Client 193 Chapter 15 Switch Management 195 15 1 Switch List 195 15 2 PoE Schedule Template 196 15 3 Backup Configurati...

Страница 7: ...Area AP Management 285 a Overview 285 b List 286 c Adding 287 d Discovery 288 e Templates 289 f Firmware 297 g Upgrade 297 h WDS Management 298 i Rogue AP Detection 299 j AP Load Balancing 300 2 Wide...

Страница 8: ...39 1 Administrator Account 339 2 Backup Restore 343 3 Certificates 344 4 Network Utilities 347 5 Simulation Tool 349 6 Restart 350 7 System Upgrade 351 G Status 351 1 System Summary 352 2 Interface 35...

Страница 9: ...ing rules firewall rules usage terms and privileges which are collectively known as authorization Finally accounting are performed by 4ipnet WHG Controllers periodically while a client is using the ne...

Страница 10: ...ing features can be found well packed into the 4ipnet WHG Controllers Providing three varieties of NAT function Walled Garden for free website surfing Network device monitoring tool Static DNS transla...

Страница 11: ...Gateway Series 4ipnet HSG Gateways are feature rich network edge devices designed for network service provisioning authentication security and management Depending on the scale of deployment there are...

Страница 12: ...into the 4ipnet HSG Gateway Providing three varieties of NAT function Walled Garden for free website surfing Network device monitoring tool Static DNS translation Proxy Server VPN and more 4ipnet HSG...

Страница 13: ...e http www 4ipnet com for the latest product line status For more detailed listing of each model hardware and installation know how please refer to Appendix B 1 5 4ipnet Solution Overview 4ipnet WHG C...

Страница 14: ...work in Port Based Mode Layer 2 Network in Tag Based Mode Layer 3 networks not only span physically under the LAN ports of 4ipnet WHG Controller it is also capable of reaching over different IP networ...

Страница 15: ...e LAN side Local User is a type of user whose account credential is stored in the 4ipnet WHG Controller s built in database named Local The 4ipnet WHG Controller s Local database capacity varies with...

Страница 16: ...ncluding Active Directory and NTDomain Win2K s NTDS External Authentication Database is useful for both implementing account roaming and centralized account management Service Zone is a logic partitio...

Страница 17: ...eges login schedule routing rules and session limit which will be enforced to users of a particular Group A user may only belong to one Group but can be governed by different policies while accessing...

Страница 18: ...s Manual WHG Controller HSG Gateway ENGLISH 18 Relationship of Service Zone Group and Policy Service Zone 1 Service Zone 2 Service Zone 3 Policy B Group Student Group Faculty Group Guest Policy C Poli...

Страница 19: ...den Advertisement links if needed Set up Payment gateway to allow end user credit card self payment for On Demand accounts if needed Load SSL certificate for the Web Server before operation Monitor ge...

Страница 20: ...essary functionalities and are for operation usage once your network is up and running Customers with needs to fulfill specific applications integration with 3rd party devices customization etc please...

Страница 21: ...Chrome IE9 and higher recommended of any PC connected to the LAN interface with the default IP address of 192 168 1 254 The default administrator account and password is Username admin Password admin...

Страница 22: ...User s Manual WHG Controller HSG Gateway ENGLISH 22 You may refer to part E of Appendix F for details on admin accounts configuration...

Страница 23: ...corner of the interface to return to the login screen 2 2 Running the Wizard The Setup Wizard provides a collection of configuration steps which are essential in the setup and operation of your netwo...

Страница 24: ...Step 2 Select Connection Type for WAN1 Port There are three types of WAN connections to be selected from Static IP Address Dynamic IP Address and PPPoE Client Select a proper Internet connection type...

Страница 25: ...abase To add a user here enter the Username e g testuser Password e g testuser and assign an Applied Group to this particular user or use the default Group 1 Click Next to continue Step 4 Confirm and...

Страница 26: ...anual WHG Controller HSG Gateway ENGLISH 26 A Confirm and Restart message will appear on the screen during the restarting process Please do not interrupt the system until the Administrator Login Page...

Страница 27: ...Manual WHG Controller HSG Gateway ENGLISH 27 Please do NOT interrupt WHG restart process until the admin login page reappears which indicates the restart process has been completed Restart process co...

Страница 28: ...opology with resiliency capacity and survivability in mind Typically organization networks today are a combination of manageable wired and wireless LANs sometimes even remote LANs Designed to fulfill...

Страница 29: ...gation switch Locate the aggregation switch close to the network core e g mainframe housing Locate edge switches close to users e g one per floor Layer 3 Topology This network topology aims to build a...

Страница 30: ...LAN If there are multiple switches in a building use an aggregation switch Locate the aggregation switch close to the network core e g mainframe housing Locate edge switches close to users e g one pe...

Страница 31: ...d and duplex of the WAN connection When Auto Negotiation is On the System chooses the highest performance transmission mode speed duplex flow control that both the system and the device connected to t...

Страница 32: ...opular method PPTP protocol for dialup connections is adapted by some ISPs in European Countries Your PPTP ISP will issue you an account with a password as well as the PPTP server address NOTE 1 When...

Страница 33: ...k Click the Renew button to get an IP address automatically PPPoE If your ISP provides PPPoE Dialup connection then the ISP will issue you an account with a password You would need to enter the accoun...

Страница 34: ...707 and above are carrier grade models designed with a SFP and Ethernet port for both WAN1 and WAN2 respectively Administrator can further decide which physical port to be deployed as WAN1 or WAN2 Eth...

Страница 35: ...ice Fiber Port Deploy the SFP port for service Fiber Port and Ether Port Bridge Fiber port and Ethernet port physically only connect one uplink either via SFP port or Ether port Bonding Deploy both SF...

Страница 36: ...hput under such constraint will not be greater than 1Gbps even if you configure 2Gbps on the Controller 3 2 5 Uplink Detection Failover Uplink Detection When the WAN interface has been configured with...

Страница 37: ...s based on percentage load calculated using session bytes or packets WAN Failover Once enabled whenever WAN1 is down WAN2 will service the traffic originally handled by WAN1 If the nested option is se...

Страница 38: ...User s Manual WHG Controller HSG Gateway ENGLISH 38 NOTE 1 Please note that WAN Failover feature cannot be enabled concurrently with Load Balancing feature...

Страница 39: ...nd will not be able to service any Service Zone Configuration Path Main Menu System LAN Ports 3 3 1 Port Based Service Zone Port Based mode operates with the principle that each physical LAN port can...

Страница 40: ...ration mode operates under the principle that different Service Zones are identified by VLAN ID This means that Tag Based operation allows each physical LAN port to accept traffic for any enabled Serv...

Страница 41: ...ccess 4ipnet WHG controllers support built in and external authentication databases All the authentication options are listed below Built in Authentication options Local with user credentials stored i...

Страница 42: ...stration of authentication databases in relation to WHG Controller The configurations of authentication options for Internal and External authentication are done separately The 5 external authenticati...

Страница 43: ...authentication method checks the local database that stores user often the staff and credentials internally The Local user database is designed to store static accounts which will not be deleted unles...

Страница 44: ...count and the controller 6 Expiration are optional time constraints which may be enforced to this account if the Account Span option is checked This is a useful attribute if used in complement with Mu...

Страница 45: ...s the defined csv format are consistent for all models 2 Duplicated accounts will result in upload failure and a warning message will be displayed Modifications to Account Credentials For existing use...

Страница 46: ...selecting the Select All checkbox There will be a popup window asking if you are sure to carry out the action 4 2 2 On Demand User Database The On Demand user database is designed for guest user accou...

Страница 47: ...Controllers Configuration Path Main Menu Users Internal Authentication On Demand On Demand Account Settings 1 General Settings for the On Demand Account database can be configured on this page General...

Страница 48: ...er HSG Gateway ENGLISH 48 The WHG Controller can work in hand with Clickatell SMS server for On Demand accounts credentials to be sent to users via SMS message With a set of Clickatell account Usernam...

Страница 49: ...es for account generation an Account Registration Control option is available In addition the administrator has an option of allowing or disallowing users to register for new accounts prior to account...

Страница 50: ...nts generation can be done on On Demand Account Creation On Demand accounts can be created individually or in batches The On Demand Accounts List houses all the existing On Demand accounts Each accoun...

Страница 51: ...access and surf the network without any user account or password This feature allows the user to associate with a particular Service Zone enter a specified string of text which may be a social securit...

Страница 52: ...uest users are then mapped to a selected User Group for policies application Email verification ensures that the entered email is a valid email address When this option is enabled an activation time i...

Страница 53: ...System Service Zone Configure Scroll down the page to Authentication Options Check to enable the option for FREE Subsequently after apply of STEP 1 and STEP 2 configurations the end user will see tha...

Страница 54: ...avoid malicious use of free access 4 3 External Authentication Options Most organizations have already established a centralized user account servers Consequently 4ipnet WHG controllers are equipped...

Страница 55: ...built in or external databases they will need to be enabled in each enabled Service Zones individually 4 3 1 RADIUS Remote Authentication Dial In User Service RADIUS is a networking protocol that pro...

Страница 56: ...entication 4ipnet WHG controllers support RADIUS authentication RADIUS class mapping and RADIUS transparent login with 802 1X Below is the detailed configuration page of RADIUS settings Attributes of...

Страница 57: ...User s Manual WHG Controller HSG Gateway ENGLISH 57...

Страница 58: ...protocol where e mail is kept by a certain Internet server 4ipnet WHG controllers offer administrator a way of authentication in which users are granted the Internet service by typing in their email...

Страница 59: ...a complete setup Configuration Path Main Menu Users External Authentication Server 4 by default is selected to use LDAP database for user credential check Click on the Server Name to enter the detaile...

Страница 60: ...Additionally if Windows Active Directory is deployed as identity check for device access Transparent Login feature may be enabled to grant access to device and network with a single login action 4 3 5...

Страница 61: ...on Path Main Menu Users External Authentication By default SIP is not selected as database for any Auth option Enable SIP from Authentication Settings in the respective Service Zones The administrator...

Страница 62: ...User s Manual WHG Controller HSG Gateway ENGLISH 62 Please also make sure that the corresponding Service Zone also has Enable checked in the SIP Interface Configuration in order to function properly...

Страница 63: ...ed by practical setup processes on these three attributes 5 1 Overview of the Concept Group A Group is a set of users that admin considers they share some extent of similar characteristics i e role ba...

Страница 64: ...unts in Controller s default template login success page Password change privilege to allow users to change their own passwords subsequent to a successful login in Controller s default template login...

Страница 65: ...1 in service zone 1 but policy 3 when he goes to service zone 3 Relationship Between Group Policy and Service Zones The first figure displays the relationship between group and policy and the attribu...

Страница 66: ...cally set up the groups and policies on the WMI of the 4ipnet WHG Controller Group Overview Configuration Path Main Menu Users Groups Overview The Group Overview table gives a summary of which Authent...

Страница 67: ...figuration The Group Configuration Group x table is for Policy settings to be defined for the Group Multiple Device Login except for On Demand can be enabled here The Zone Permission Configuration Pol...

Страница 68: ...eway ENGLISH 68 Check the Status checkboxes to allow users of this Group to access the corresponding Service Zones To configure from a Service Zone s perspective please go to Access Permission and Aut...

Страница 69: ...cy Configuration 1 Select Policy allows administrator to choose which Policy Profile to configure 2 Firewall Profile is for defining service protocols user firewall rules and IPv6 firewall rules 3 Pri...

Страница 70: ...cies in the drop down list and start configuring each attribute by clicking Configure After the setting remember to always click Apply to save the changes made Note again that the Global Policy is the...

Страница 71: ...or from the following path for existing accounts Users Authentication Local Configure Local User List username There is an Applied Group row for admin to determine the attribute On Demand accounts may...

Страница 72: ...sion mapping and Service Zone profile The Policy enforcement priority is as follows Group Service Zone Mapping Service Zone default Policy Global Policy Therefore if the administrator does not specify...

Страница 73: ...HCP servers authentication options policies and security settings and so on By associating a unique VLAN Tag when it is tag based and an SSID with its Service Zone administrator can flexibly separate...

Страница 74: ...below As the figure depicts a staff of a firm is associated with a certain SSID broadcast by an access point This SSID belongs to let s say VAP with VLAN ID 15 Therefore the AP s traffic when forward...

Страница 75: ...Tag based the correspondence of service zones and ports will be grayed out Each Service Zone will need to be assigned a unique VLAN ID ranging from 1 to 4096 Note that the Default Service Zone is des...

Страница 76: ...d public IP s Router mode as the name suggests is a network operating without address translation in and out of the Controller Router mode is selected when using public IP or under circumstances where...

Страница 77: ...applied to clients in this Service Zone Note that when None is selected a switch port connecting to the LAN port of the WHG may be shut down if the switch has loop protection enabled and there are mor...

Страница 78: ...is an optional checking mechanism on the Controller when Enabled will check to see if the lease expired IP is currently online If yes the Controller will halt the issuing of this IP address until the...

Страница 79: ...for service 2 MAC address authentication RADIUS MAC authentication feature once enabled if the connected device has its MAC address entered in the configured RADIUS Server the Controller will automat...

Страница 80: ...ser would have been authenticated successfully without further UAM login The IP Address Range Assignment field configures the starting IP range which PPP can assign IP addresses to dial up virtual int...

Страница 81: ...s to choose from apart from the 4ipnet Default Page Customize with Template Upload Your Own and Use External Page 4ipnet Default The gateway has a standard 4ipnet Default Login Page with the 4ipnet lo...

Страница 82: ...You may edit the HTML code with any text editor as long as the file is saved in html format Use External Page The Login Page can be a defined external URL This option requires extensive knowledge of U...

Страница 83: ...N side and the LAN side We call the WAN side AP management Wide Area AP Management due to its scalability across the Internet or intranet and the LAN side AP management Local Area AP Management Below...

Страница 84: ...ble 4ipnet Access Points for Local AP Management may be checked at Main Menu Access Points Local Area AP Management Overview Manageable 4ipnet Access Points for Wide Area AP Management may be checked...

Страница 85: ...e AP configuration Under Wide Area AP Management there is a template under CAPWAP tab page which allows the administrator to configure VAP to Service Zone mappings when the AP is tunneled back for cen...

Страница 86: ...ts on the LAN side of your 4ipnet WHG controller It starts with a methodology of adding access points to the AP management list of a controller all the way to the utilities that can be applied on the...

Страница 87: ...an AP applying Templates and Service Zones can be done by checking the checkboxes on the left of the AP List and clicking the respective buttons Details on AP Templates configuration are elaborated i...

Страница 88: ...ck Apply at the bottom of the page to add the AP to add an AP it doesn t necessarily have to be online Check the AP List to confirm the adding Subsequent modifications to AP configurations are possibl...

Страница 89: ...addresses you would like to scan through and click Scan Now The Discovery Results Table will then display all the AP s found currently alive After finding the AP admin can further set up the template...

Страница 90: ...nfiguration tasks one by one Click Configure for more detailed settings such as the subnet mask and the default gateway Up to eight templates can be saved for each AP model Click the Add Template butt...

Страница 91: ...ons available are Open System Share Key WPA WPA2 or WPA WPA2 Mixed WEP When Authentication is Open System or Share Key WEP will be enabled WPA When Authentication is WPA WPA PSK or WPA RADIUS will be...

Страница 92: ...Allowed Disabled AP does not allow devices with these addresses to associate with the APs of this Service Zone Denied Disabled It allows devices with these addresses to associate with the APs of this...

Страница 93: ...cal Area AP Management Upgrade select the AP s you would like to import the version to When done with the selection click Upgrade at the bottom of the page NOTE 1 Please read through the release note...

Страница 94: ...nual WHG Controller HSG Gateway ENGLISH 94 A simple concept diagram illustrating WDS connection The WDS management function helps administrators plan and setup a Tree structure of WDS network with man...

Страница 95: ...sh automatically at fixed intervals 10s 20s 30s 40s 50s 60s WDS Update To add a new WDS connection select New Parent AP and New Child AP from the respective drop down list and click Add Note that a ne...

Страница 96: ...nterference Go to Main Menu Access Points Enter Local Area AP Management Rogue AP Detection to set up the function Admin should determine the scanning interval select an AP for the scanning job as sen...

Страница 97: ...s have more chance to be associated The system can divide the managed APs into groups define the group threshold and a time interval which will trigger the AP load balancing Local Area AP Management f...

Страница 98: ...the Internet Main Benefits of Wide Area AP Management Cross Layer 3 IP network management Centralized traffic forwarding for distributed remote AP sites Graphical Map utility for easy reference and d...

Страница 99: ...Multiple Access Points Configuration path Main Menu Access Points Wide Area AP Management AP List Add With the AP Discovery feature administrator can scan for APs regardless of their physical locatio...

Страница 100: ...HSG Gateway ENGLISH 100 7 3 3 AP Configuration with Templates Configuration with templates is supported on selected models for Wide Area AP Management Configuration path Main Menu Access Points Wide...

Страница 101: ...D and assign VLAN ID if needed Configure Security Settings such as WEP 802 1X WPA Personal WPA Enterprise if needed Advanced Wireless Settings allows the administrator to fine tune performance and eff...

Страница 102: ...Certificate management on the controller please refer to the subsequent chapter in this guide 3 Upload the necessary security certificate into the AP in order for the Controller to validate CAPWAP di...

Страница 103: ...tion from System CAPWAP where admin will see several discovery methods to be activated namely 1 DNS SRV Discovery This type of discovery utilizes a DNS server to complete the discovery method Through...

Страница 104: ...ast discovery works by sending a multicast discover packet to the network in hopes of the correct controller responding to it This function should go with a proper setup on the routing paths of the AP...

Страница 105: ...E 1 AP tunnels will be established automatically when the CAPWAP template has selected VAP to be enabled and tunneled back to a SZ 2 If the CAPWAP discovery process fails please check the certificate...

Страница 106: ...e tunneled back to the controller from remote APs Administrator may wish to allocate a NAS Identifier as well as designate an IP pool for service In the managed AP list in Wide Area AP Management admi...

Страница 107: ...6 Access Points on Map Configuration path Main Menu Access Points Wide Area AP Management Map 4ipnet controller supports adding AP s on Google Map The process is shown below 1 Create your own map by c...

Страница 108: ...d map After the settings admin should be able to see an icon of the AP on the selected map NOTE 1 The button Show Coverage on the main page of Map indicates whether admin would like his her AP s to sh...

Страница 109: ...ction to set up the function Admin should then determine the scanning interval select an AP for the scanning job as sensors and add AP s shown in the suspected rogue AP list to the trusted list for fu...

Страница 110: ...ted The system can divide the managed APs into groups define the group threshold and a time interval which will trigger the AP load balancing Wide Area AP Management feature also supports the grouping...

Страница 111: ...IPv6 address to either WAN1 or WAN2 of the network interface There are three ways to configure an IPv6 address for the chosen WAN interface namely Static 6to4 and go6 Please select the option applica...

Страница 112: ...ication The Username Password and Server Address are the only mandatory fields for go6 transition The list of Tunnel Brokers is growing and administrators can choose to define a specific Tunnel Broker...

Страница 113: ...ion protocol ARP IPv6 Ping It allows administrator to detect a device using IPv6 address or Host domain name to see if it is responding Trace Route 6 It allows administrator to recover the real path o...

Страница 114: ...ontrol Network operators may want to limit the accessibility of certain accounts or devices from authentication or association from time to time This section describes the ways in which user or device...

Страница 115: ...ated information in the Remark blank fields not required click Apply to add the users To remove a user from the black list select the user s Delete hyperlink to remove that user from the black list Af...

Страница 116: ...a MAC address Access Control List where specific MAC addresses may be listed for access filtering either allow or deny User authentication is still required for MAC ACL Allowed users Click Configure...

Страница 117: ...issue certificates to APs that it manages in its private network Administrator can sign certificates issues by the system s root CA and load these certificates to managed APs These security certifica...

Страница 118: ...ed for applications such as HTTPS login CAPWAP and etc The Controller has a built in Factory Default Certificate gateway example com that cannot be removed but allows certificates to be uploaded To vi...

Страница 119: ...e administrator can upload an Internal Root CA or generate a root CA for private use The created root CA certificate can be downloaded and used to sign certificates generated by the system Note that t...

Страница 120: ...the View button 8 3 3 Internally Issued Certificate Internally Issued Certificates can be generated on this page Note that an Internal Root CA needs to be created first before Internally Issued Certif...

Страница 121: ...certificates signed by other CA entities or Trusted CAs into the system These trusted root CA certificates are intended for the Controller to recognize and trust certificates of External Payment Gatew...

Страница 122: ...ific IP addresses or ranges of IP addresses both from WAN or from LAN For example entering 192 168 3 1 and 192 168 1 0 24 means that only the device at 192 168 3 1 and devices in the range of 192 168...

Страница 123: ...for management personnel to access their designated assigned areas of authority a necessary feature for large scale deployment requiring multiple management personnel This configuration path will lead...

Страница 124: ...rized personnel Note that these settings are disabled by default Step 2 Configure Group Access property The Controller supports customizable administration account types namely Super Group Manager On...

Страница 125: ...en inputting the desired account name password and the assigned authority group Subsequent to clicking Apply the newly generated account will be displayed in the table below NOTE 1 The Password Safety...

Страница 126: ...l lead to a pop up window prompting to save a db file 2 Restoring previous db configurations may be performed with options such as keep WAN settings to prevent the loss of WMI connection if this actio...

Страница 127: ...process completes and the system needs to be restarted afterwards to activate the new firmware FTP firmware upgrade is also an option enter the FTP server IP address FTP server port and the FTP accoun...

Страница 128: ...eral minutes to complete Click Apply to restart WHG Controller If the power needs to be turned off it is highly recommended to restart WHG Controller first and then turn off the power after completing...

Страница 129: ...ministrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc A drop down menu is available for selecting the information refresh rate...

Страница 130: ...tatus System Summary The system status page displays a table of contents including system firmware version report servers configured WAN optional settings User log profile system time and session cont...

Страница 131: ...User s Manual WHG Controller HSG Gateway ENGLISH 131 corresponding configuration pages...

Страница 132: ...provides the details of each of the network interfaces for the administrator to inspect including WAN1 WAN2 SZ Default SZ1 SZ8 Select the network interface that you are interested to see If the selec...

Страница 133: ...al WHG Controller HSG Gateway ENGLISH 133 NOTE 1 If statistics are required to be saved for long term keeping See Report Notification section for instructions to send and save network traffic on exter...

Страница 134: ...System interface settings for IPv6 traffic 10 1 5 DHCP Server Configuration path Main Menu Status DHCP Leases The DHCP IP lease statistics can be viewed after clicking on Show Statistics List on this...

Страница 135: ...nutes hours days the number under column 3 indicated the expired count in the last 30 minutes hours days and so on DHCP Lease List Valid IP addresses issued from the DHCP Server and related informatio...

Страница 136: ...y clicking Kick Out and check the user access AP status by clicking the hyperlink of the AP name for Access From Click Refresh to update the current users list or you can select the time interval for...

Страница 137: ...s Configuration path Main Menu Status Monitor Users Roaming In Users This page displays the users that are physically under this controller but are authenticated by a roaming peer controller The users...

Страница 138: ...d database as RADIUS database 10 2 5 Session List Configuration path Main Menu Status Sessions This page allows the administrator to inspect sessions currently established between a client and the sys...

Страница 139: ...Change Log This page shows the account and IP of the person that has made changes to Controllers WMI configurations Local Monthly Usage This page shows the aggregated statistics for Local users showin...

Страница 140: ...mber of rows 20 40 60 80 100 to display per page Select the Begin and End date from the calendar to filter unwanted User Events After the Begin and End dates are selected click Display to display all...

Страница 141: ...ft blank if inapplicable to the User Type 10 4 Reports Notification Configuration path Main Menu Status Reporting WHG Controller can automatically send various kinds of user and or system related repo...

Страница 142: ...il addresses and necessary mail server settings where various user related logs will be sent to SYSLOG Settings Allows the configuration of two external SYSLOG servers where selected users logs as wel...

Страница 143: ...43 users logs as well as system logs will be sent to Notification Settings Provides an overview of all the available users and system logs for selection Selected logs can be sent to the chosen locatio...

Страница 144: ...ply to activate Plan The number of the selected Billing Plan profile Plan Type The account type chosen for this plan Different account types have different properties A suitable account type should be...

Страница 145: ...n Valid Period has been used up or quota depleted Quota is the total period of time xx days yy hrs zz mins during which On Demand users are allowed to access the network The total maximum quota is 364...

Страница 146: ...User s Manual WHG Controller HSG Gateway ENGLISH 146...

Страница 147: ...unt expires only when quota is depleted Quota is the total period of time xx days yy hrs zz mins during which On Demand users are allowed to access the network The total maximum quota is 364Days 23hrs...

Страница 148: ...User s Manual WHG Controller HSG Gateway ENGLISH 148...

Страница 149: ...ff Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to use the On Demand account...

Страница 150: ...ay ENGLISH 150 11 2 4 Volume Users can access internet as long as account is valid with remaining quota traffic volume Account expires when Valid Period is used up or quota is depleted This is ideal f...

Страница 151: ...rk Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation will result in account expiration Valid Period is t...

Страница 152: ...t down begins immediately after account is created and is continuous regardless of logging in or out Account expires once the Elapsed Time is reached This is ideal for providing internet service immed...

Страница 153: ...h the account is valid for internet access xx hrs yy mins Number of Devices is to define the number of allowed simultaneous logged in devices per account Price is the unit price of this plan Group wil...

Страница 154: ...ut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for use It is set to accoun...

Страница 155: ...roller HSG Gateway ENGLISH 155 11 2 7 Duration time with Begin and End Time The Begin Time and End Time of the account are defined explicitly Count down begins immediately after account activation and...

Страница 156: ...0 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account wil...

Страница 157: ...and does not need to go through authentication Overview of Network Ticket Generator SDS200W is an innovative product 4ipnet offers to facilitate the communication between 4ipnet hotspot gateway and s...

Страница 158: ...an account Number 1 asterisk Number 2 ENTER Print a ticket of billing Number 1 with Number 2 units For example 8 asterisk 3 ENTER is equal to create an On Demand account of billing plan 8 with 3 unit...

Страница 159: ...SDS200W Status 1 Short illuminated intervals means SDS200W successfully booted up It flashes slowly 2 Long illuminated intervals means SDS200W and uplink device connected 3 Special flashing means the...

Страница 160: ...e Fast Flashing t Amplitude Constantly on Amplitude Constantly off t Amplitude Special flashing t t Amplitude Short illuminated intervals t Ride Side Panel 1 Kensington Lock Be used to lock the device...

Страница 161: ...rt of SDS200W by a RS 232 cable provided within the POS printer package 5 Connect SDS200W to your 4ipnet Gateway Controller via Ethernet port Note You need to connect to the correct LAN port if your G...

Страница 162: ...teway 192 168 1 254 Remember to set the TCP IP settings of the computer you use with a static IP address that is under the same subnet as SDS200W For example 192 168 1 20 The settings of SDS200W are s...

Страница 163: ...the keys can only print out tickets one at a time To Batch create tickets turn to Main Menu Users Authentication On Demand User Server Configuration On Demand Account Batch Creation on 4ipnet control...

Страница 164: ...t after 1 clicking Save and 2 rebooting the system After SDS200W and the uplink device has built a successful connection the Status indicator will blink with long illuminated intervals The recommended...

Страница 165: ...fails the SDS200W will always have the printer print out if the connection is successful or it failed Please make sure beforehand that the Ethernet cable is plugged in Note The SDS100 can be set up th...

Страница 166: ...the desired language for the configured ticket template WHG supports English French German Japanese Spanish Simplified Chinese and Traditional Chinese For accounts generated with the SDS200W password...

Страница 167: ...ay start customizing your POS ticket from the window below manually typing or by inserting parameters from the drop down list as shown in the above example Once this is done you may start assigning Bi...

Страница 168: ...especially for mobile devices which require typing on small keyboards and are not easy on the eyes Log in credentials including your Username Password Usage quota Price and etc are all embedded in the...

Страница 169: ...illing Plan the corresponding ticket template needs to be customized to support QR Code 1 The width needs to be changed to 3 default value 2 2 The parameter needs to be added by typing in qr on the te...

Страница 170: ...ate functionality which allows the administrator or operator with access authority to On Demand page to create multiple accounts for an enabled billing plan in batch and send them to POS printer for g...

Страница 171: ...eating batch On Demand accounts For random generated passwords they can be short 4 characters or long 8 characters When creating custom Usernames the Prefix and Postfix will be kept constant while the...

Страница 172: ...yPal is used as an illustration example below Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account After opening a PayPal Business Account the hotspot o...

Страница 173: ...ct the enabled billing plans that are allowed for end users to self purchase through the payment gateway The service disclaimer can be customized by configuring Web Page Customization Subsequently aft...

Страница 174: ...count with a valid credit card In order for users to get account info via SMS after buying a new account online and eliminate the risk of forgetting his her username and password at the next time of l...

Страница 175: ...bottom of the page Just like all customizable web pages in the system this page also supports customization with templates uploading html or using an external page An example of what will be displayed...

Страница 176: ...w the Login page with a list of available plans and service agreement The Service Agreement body can be configured at the applied Service Zone s Custom Pages settings User may choose a billing plan cl...

Страница 177: ...can operate in conjunction with third party hospitality applications and has been tested with the Net Retriever middleware which provides seamless integration between the gateway and the popular High...

Страница 178: ...e Port Mapping feature must be enabled first Administrator could use Port Location Mapping feature to map a location such as a hotel room to a VLAN port of VLAN switch or a DSLAM device Each Room is m...

Страница 179: ...e an account The account cost will be sent to the PMS and added to the hotel bill via the configured middleware NOTE 1 VLAN Ports may be created one by one or batch at once Subsequent changes are poss...

Страница 180: ...et Retriever Configuration path Main Menu Users Middleware Net Retriever In the Middleware tab page of Users category administrator may choose to select the interfacing protocol that is compatible wit...

Страница 181: ...ink Link test frequency is customizable Furthermore the room guest s status may be optionally altered upon receipt of a check out message from the middleware system either making the account expire de...

Страница 182: ...tem end Administrators may define User Account credentials using a combination of RN Room number GN Guest Name or G Guest Number to designate the Micros protocol parameter for carrying the username an...

Страница 183: ...User s Manual WHG Controller HSG Gateway ENGLISH 183...

Страница 184: ...pport regarding compatibility and technical evaluation on your telecom operator please contact 4ipnet support team 13 2 WISPr for ISP Roaming Configuration path Main Menu System Service Zones Service...

Страница 185: ...to block users from that particular WISPr roaming agent to access your internet For example if you fill in ipassconnect the iPass clients will be denied roaming access in your network WISPr Location I...

Страница 186: ...roaming enabled the end user would not experience network interruption The traffic would be tunneled back to the original Controller for forwarding into the internet Cross Gateway roaming architectur...

Страница 187: ...may be used for other Controllers as their external RADIUS authentication database This application offers the ability to refer to a single central Controller for account credential lookup during the...

Страница 188: ...User s Manual WHG Controller HSG Gateway ENGLISH 188 To use On Demand user database as the RADIUS database of another Controller Configuration path Main Menu Users Internal Authentication On Demand...

Страница 189: ...ice Settings hyperlink The redirected page allows the administrator to specify the Controller IP which is allowed to behave as a RADIUS client and authenticate against this Controller s enabled user d...

Страница 190: ...Controller supports Site to Site VPN for more than 2 WHG Controllers to create VPN tunnel to each other over the WAN network For example if there are 2 WHG Controllers you can create a VPN tunnel to l...

Страница 191: ...settings in both sites must be same Then create a Local Site with subnet for mapping to the remote site Such as 192 168 11 0 24 of WHG Controller_A 192 168 111 0 24 of WHG Controller_B after the tunn...

Страница 192: ...14 2 Remote Client Configuration path Main Menu Network VPN Remote VPN WHG Controller supports Remote VPN for user login to system from a remote area After the user is logged in to system from the ou...

Страница 193: ...n page Input the enabled authentication options username and password and the user will login successfully to the system NOTE 1 After Remote VPN is enabled the default home page will be the Remove VPN...

Страница 194: ...goal of this design is to eliminate the configuration difficulty from IPSec VPN users On the client side the IPSec VPN implementation of the system is based on ActiveX and the built in IPSec VPN clie...

Страница 195: ...ncluding the 4ipnet SW1024 15 1 Switch List Configuration path Main Menu Switches Switch List A 4ipnet SW1024 switch connected either to a WAN port or LAN port of the WHG Controller can be added manua...

Страница 196: ...Schedule Template The PoE Schedule Template allows administrators to set a schedule for delivering power on the assigned ports of the managed switch This function can be used to control AP schedules...

Страница 197: ...15 3 Backup Configuration Configuration path Main Menu Switches Backup Configuration Backup Configuration displays a list of backed up configuration from a managed switch Configuration can be saved to...

Страница 198: ...with minimum impact during service transition The 4ipnet HA approach implements a dedicated message link between ACs Access Controller to create an N 1 redundancy system where N is 3 Once the HA link...

Страница 199: ...net role When enabled LAN1 port will become the dedicated HA port When disabled LAN1 remain its normal function as LAN port 2 The Web UI has a configuration item to designate this AC as either Active...

Страница 200: ...interruption as they are L2 devices Clients associated to locally managed AP will experience the same scenario little or no network interruption as wired clients during service switchover 7 Wide Area...

Страница 201: ...ck Restore button When the Quick Restore button is pressed while the system power is on the boot up option will be switched Press this button while system is powering up and release when the Quick Res...

Страница 202: ...e button will switch the operation to FW1 Config1 Successive reboots without pressing the Quick Restore will trigger the system to run with FW1 Config1 2 Reset to Default When the administrator resets...

Страница 203: ...HSG Gateway ENGLISH 203 3 Firmware Upgrade When the administrator performs firmware upgrade on WMI the system will overwrite the FW and Default of the FW not in operation The current in operation FW C...

Страница 204: ...are and the system will reboot with the new firmware 4 Modifying Backup Restoring Configuration When the administrator performs backup restore or configuration changes the targeted Config is the in op...

Страница 205: ...205 16 2 2 Quick VPN 1 Allow admin to establish site to site VPN with a push button action between two Access Controller for example between HQ site AC and Remote site AC Paragraphs below will design...

Страница 206: ...Quick VPN LED lights up AC2 will be in VPN negotiating mode AC2 will automatically attempt to negotiate and establish site to site VPN with AC1 AC1 requires no pre configuration and will automatically...

Страница 207: ...n WMI of sender AC The sender AC will be in ready mode for sending FW image and config The admin should power off the Receiver AC press and hold the Quick Maintenance button and then power will be bac...

Страница 208: ...into 2 features namely Simulation Tool Utilities and Managed AP Simulation Status Models currently supporting the AP Simulation Utility are WHG405 WHG425 WHG515 WHG525 WHG711 and WHG801 16 3 1 Simula...

Страница 209: ...mulation APs would depend on factors such as the AP model transmit power AP Height and etc Once these Simulation APs are created simply drag and drop these APs onto the floor plan 2 4GHz is indicated...

Страница 210: ...User s Manual WHG Controller HSG Gateway ENGLISH 210 Click Simulate 2 4G or Simulate 5G to see if the deployed APs are adequate for your requirement...

Страница 211: ...r HSG Gateway ENGLISH 211 When simulation is done successfully the recommended channel allocation will be shown next to the Simulation AP Configurations can then be saved conveniently to a template to...

Страница 212: ...y the APs on the Managed AP Simulation floor plan are real managed Access Points on the Controller either by Local AP Management or Wide AP Management Access Points here are linked to APs managed by t...

Страница 213: ...19 1U WAN 2 x GbE 2 x GbE LAN 8 x GbE 8 x GbE Local Accounts 3000 4000 On Demand Accounts 3000 4000 Managed AP Capacity Local Wide Combined 30 50 4ipnet AP Model EAP110 EAP210 EAP220 EAP320 EAP701 EAP...

Страница 214: ...s 10000 10000 Managed AP Capacity Local Wide Combined 40 80 4ipnet AP Model EAP110 EAP210 EAP220 EAP260 EAP320 EAP700 EAP701 EAP717 EAP727 EAP747 EAP750 EAP757 EAP760 EAP767 OWL400 OWL410 OWL500 OWL53...

Страница 215: ...pnet AP Model EAP110 EAP200 EAP210 EAP220 EAP260 EAP300 EAP320 EAP700 EAP701 EAP717 EAP747 EAP750 EAP757 OWL400 OWL410 OWL500 OWL530 OWL610 OWL620 EAP110 EAP210 EAP220 EAP260 EAP320 EAP700 EAP701 EAP7...

Страница 216: ...pnet AP Model EAP110 EAP200 EAP210 EAP220 EAP260 EAP300 EAP320 EAP700 EAP701 EAP717 EAP747 EAP750 EAP757 OWL400 OWL410 OWL500 OWL530 OWL610 OWL620 EAP110 EAP210 EAP220 EAP260 EAP320 EAP700 EAP701 EAP7...

Страница 217: ...00 1200 4ipnet AP Model EAP110 EAP200 EAP210 EAP220 EAP260 EAP300 EAP320 EAP700 EAP701 EAP717 EAP747 EAP750 EAP757 EAP760 EAP767 OWL400 OWL410 OWL500 OWL530 OWL610 OWL620 OWL630 EAP110 EAP210 EAP220 E...

Страница 218: ...Please refer to Appendix Hardware Button for detailed operation instructions 2 LED Displays Power Power LED lights up as constant green when power supply is on Status Status LED is Blue Blinking indi...

Страница 219: ...and boot up with that firmware Quick VPN This button is for establishing a site to site VPN tunnel with minimal pre configurations at a push of a button Please refer to Appendix F for detailed operat...

Страница 220: ...o default configuration 2 Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal to login to the confi...

Страница 221: ...dicators Power Status and Hard disk to indicate different status of the system 2 LCD Display Allows network administrator to check important system settings such as network interface SZ configurations...

Страница 222: ...ch as Microsoft s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc 4 USB Reserved for future use 5 WAN1 WAN2 Two Gigabit WAN ports 1...

Страница 223: ...rtant system settings such as network interface SZ configurations etc The navigation buttons from left to right respectively are Esc Up Down and Enter 3 Console The system can be configured via a seri...

Страница 224: ...The administrator can use a terminal emulation program such as Microsoft s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status etc 5 USB Re...

Страница 225: ...such as the ADSL Router from your ISP Internet Service Provider 2 LAN5 LAN6 SFP Client machines connect to WHG Controller via these LAN ports SFP 3 LED Indicators There are four LED indicators WAN1 WA...

Страница 226: ...o WHG Controller via these LAN ports 10 100 1000 Base T RJ 45 7 USB Reserved for future use 8 Console The system can be configured via a serial console port The administrator can use a terminal emulat...

Страница 227: ...AN 10GbE SFP 1 x 10Gb SFP for client machines to connect to WHG Controller 5 WAN1 WAN2 SFP Two combo WAN ports SFP are connected to the external network such as the ADSL Router from your ISP Internet...

Страница 228: ...ur ISP Installation 1 Connect the power adaptor or power cord to the power socket on the rear panel The Power LED should be on to indicate a proper connection 2 Connect an Ethernet cable to the WAN1 P...

Страница 229: ...GbE 2 x GbE 2 x GbE 2 x GbE 2 x Combo SFP LAN 4 x GbE 8 x GbE 2 x GbE 2 x GbE 4 x GbE 2 x SFP Local Accounts 2000 3000 5000 6000 15000 On Demand Accounts 2000 3000 5000 6000 15000 Monitored AP n a 10...

Страница 230: ...icate that the WAN Uplink is connected LAN1 LAN4 The LED is to indicate the connection status of each LAN USB This indicates the status of USB connection The USB port is reserved for future use 4 WAN...

Страница 231: ...g indicates that system OS is booting up when lit up constantly it indicates that the system is ready for operation Quick Restore This is used to indicate that the system will now switch to the other...

Страница 232: ...onfiguration 5 USB Reserved for future use 6 Mgmt For management use only it will always open WMI Web Management Interface homepage 7 WAN1 WAN2 Two Gigabit WAN ports 10 100 1000 Base T RJ 45 for uplin...

Страница 233: ...our LED indicators WAN1 WAN2 LAN4 and LAN5 to indicate the traffic status of the SFP ports 4 WAN1 WAN2 Two WAN ports 10 100 1000 Base T RJ 45 are connected to the external network such as the ADSL Rou...

Страница 234: ...your ISP Installation 1 Connect the power adaptor or power cord to the power socket on the rear panel The Power LED should be on to indicate a proper connection 2 Connect an Ethernet cable to the WAN1...

Страница 235: ...tempts to access the internet the system will address the user to the external login page configured Gateway while addressing users to the external web page will also send URL parameters required for...

Страница 236: ...User s Manual WHG Controller HSG Gateway ENGLISH 236 The diagram below explains how External Page operates using user login logout flow as illustration Login...

Страница 237: ...lows Field Value Description loginurl String URL encoded The URL to be submitted when a user logs in remainingurl String URL encoded The URL to be submitted when a user wants to get remaining quota vl...

Страница 238: ...loginurl parameter with a self defined javascript function FORM action method post name form script language Javascript form action getVarFromURL window location href loginurl script INPUT type text...

Страница 239: ...your self designed user page to function properly 1 External Login Page Variables Field Value Description loginurl String URL encoded The URL to be submitted when a user logs in remainingurl String UR...

Страница 240: ...ondemand_creation_url String URL encoded The URL to be submitted when a user wants to create an On Demand user Only available for LOCAL users vlanid Integer 1 4094 VLAN ID gwip IP format Gateway acti...

Страница 241: ...ed information BR Please enable the Cookie in the browser setting or open a website to get a Cookie Invalid IP address Please check the IP address and try again Invalid MAC address Please check the MA...

Страница 242: ...N ID client_ip IP format Client IP address gwip IP format Gateway activated IP address original_uid String Original User ID 4 External Logout Successful Page Variables Field Value Description uid Stri...

Страница 243: ...Integer b s Minimum down link rate session String Encrypted session information 6 External Logout Fail Page Variables Field Value Description uid String User ID gwip IP format Gateway activated WAN I...

Страница 244: ...en from cookie Output No output return user to logout successful page 3 Remaining quota Credit balance Path LAN IP address or Internal Domain Name loginpages reminder shtml Input Field Required Value...

Страница 245: ...ired Sorry this username XXX is redeemed Error messages Value Integer Sec Or Byte or error no 1 Account not found 2 Out of quota 3 Expired 4 Redeemed Remaining quota if user is time type the value is...

Страница 246: ...ent user password If not presented password stored in cookie is the default value myusername alternative variables username user account Required String Redeem user ID mypassword alternative variables...

Страница 247: ...nt Creation Path LAN IP address or Internal Domain Name loginpages UserAuthentication OnDemandRecept shtml Input Field Required Value Description buttonNo Required Integer 1 10 Billing Plan No random...

Страница 248: ...GLISH 248 username password expiretime usage price duration serial number result valuable expiretime is account expiration time which is a Linux time stamp and duration is account duration time and th...

Страница 249: ...alized management and monitoring of your enterprise network including Linux Unix and Windows servers apps databases and network boxes HYPERIC HQ ENTERPRISE Aimed at the datacenter Hyperic s software i...

Страница 250: ...ion of a project that started in 1998 http www wireshark org inSSIDer for wireless scanning frequency analyzer inSSIDer is a useful tool for scanning the air for nearby AP signals and in depth frequen...

Страница 251: ...tion time Buy the time interval for a valid account Define the time interval for usage Count down begins when account activated and expires when the expiration time date reached Usage time Users can a...

Страница 252: ...nual WHG Controller HSG Gateway ENGLISH 252 Volume Users can access internet as long as account is valid with remaining quota and need to activate the purchased account within a given time period by l...

Страница 253: ...pire Account automatically activates when it is created Unit is the number of days to execute Cut off For example Unit 2 days Cut off Time 10 00 then account will expire at 10 00AM two days after crea...

Страница 254: ...thin valid time interval Count down begins once account activates and expires when Expiration Time is reached Duration time accounts can be further classified into Elapsed Time Relative to Activation...

Страница 255: ...ller HSG Gateway ENGLISH 255 Define explicitly the Begin Time and End Time of the account Account expires when the End Time has been reached Cut off Time Define explicitly the clock time to Cut off wi...

Страница 256: ...unts of the same type but with various quotas this may be achieved via the Unit field Network operator is able to multiply the quota by an integer ranging from 1 to 9 in the Unit field Please note tha...

Страница 257: ...User s Manual WHG Controller HSG Gateway ENGLISH 257...

Страница 258: ...p row will redirect to configuration pages relating to its category II Setup Wizard This wizard is to provide express setup procedures Follow the instructions given at each step to change the system a...

Страница 259: ...ge displays important system related information that the administrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc A drop down...

Страница 260: ...r s Manual WHG Controller HSG Gateway ENGLISH 260 A System System This section relates to system configuration It includes General Information WAN Configurations LAN Ports Service Zones and etc 1 Gene...

Страница 261: ...ator may be entered here Once configured user logs can only be accessed via the entered IP Pre Login Page A HTML customizable pre portal page before landing the Login Page UAM Filter The Universal Acc...

Страница 262: ...his section enables the selection of actual Port to be deployed as WAN1 servicing port either copper SFP both or bonded Available on WHG707 WHG801 Physical Mode Select the mode Auto 1000Mbps Full 100M...

Страница 263: ...ed for Load Balancing or WAN Failover Address for Detecting Internet Connection This section of the configuration page enables the administrator to specify external targets to check for uplink status...

Страница 264: ...the selected WAN interface was set with a static IPv4 address go6 go6 is a platform that connects the world to the new Internet with IPv6 products community and services You may choose this connectio...

Страница 265: ...ary controller switching service to the secondary controller manually available on 1 1 HA only Dedicated Port Currently LAN1 for all Controller models Status Reflects the current status of the HA link...

Страница 266: ...ed service zone only default service zone will designate an IP segment for IP address assignment to the managed AP when the newly discovered AP is added into the selected service zones SIP Interface C...

Страница 267: ...ice Zone Name The name of service zone could be input here Network Interface o VLAN Tag Tag Base Only The VLAN tag number that is mapped to the Service Zone o Tag Based LAN Port Isolation Administrato...

Страница 268: ...f this service zone o Subnet Mask The subnet Mask of this service zone o IPv6 Settings The IPv6 Address and configuration of this service zone When IPv6 enabled o Network Alias List Administrator may...

Страница 269: ...vice s name when issuing IP addresses The devices name Host Name can be seen under DHCP Lease tab DHCP Server Scope 2 Enable Disable When Enabled an additional DHCP server can be configured to assign...

Страница 270: ...age pages include Login Success Pages Login Success Page for On Demand Users Login Fail Page Logout Page Logout Succeeded Page and Logout Fail Page Managed AP s APs operating under the Service Zone wi...

Страница 271: ...ternet in this room without any charge If you do not want to provide any internet access right in the rooms you may change the Port type of the rooms to Block If the user opens a browser and tries to...

Страница 272: ...tion DHCP Scope Select which DHCP Scope to use from corresponding Service Zone Assign VLAN ID From The starting VLAN ID Number of VLAN The total number of VLAN Location ID A numeric identification num...

Страница 273: ...P Scope to use from corresponding Service Zone Assign VLAN ID The starting VLAN ID Location ID A numeric identification number or typically the room number Location Description Optional description fo...

Страница 274: ...By setting up the connection to Middleware the system can listen to specific messages from PMS behind Middleware When hotel guest is buying an in room billing plan for Internet access the system will...

Страница 275: ...status bundled with a room may be forcefully expired from use should the administrator desires upon room check out Micros Opera Setup Enter the PMS IP and PMS Port for Middleware connection PMS IP Ent...

Страница 276: ...h Authentication Servers are used for the corresponding Group 16 sets of Group options and Zone Permission Configuration Policy Assignment can be defined respectively to enforce the access management...

Страница 277: ...ler HSG Gateway ENGLISH 277 2 Internal Authentication The system supports multiple authentication options which include both internal and external databases Internal Authentication databases include L...

Страница 278: ...specific user account when multiple options are concurrently in use To manipulate Local accounts go to Configure for Local User List The On Demand Authentication option is typically used for short ter...

Страница 279: ...il etc defined by the administrator and use the network without actual authentication The accounts can have limited or limited access time and trial users can be bound to a User Group to apply Policie...

Страница 280: ...up to 8 characters Usernames and Passwords can also be created manually for batch creation eg Prefix ABC Postfix DEF Serial Number 0001 Account List All created On Demand accounts and related informat...

Страница 281: ...Zone A group of users within different Service Zones can be applied with different policies For example sales can be applied with different network access right while accessing from sales department...

Страница 282: ...to specific group of users in different Service Zones Policy 1 has the highest priority and Policies with the higher priority shall be the first applied Policy A Preferred DHCP Pool defined in Service...

Страница 283: ...f authentication This may be achieved either via IP address IPv6 Address or MAC address 5 Additional Control Additional configurations are in this section They are User Session Control Built in RADIUS...

Страница 284: ...Idle Traffic Detection Designate the threshold where traffic flow smaller than the value configured will be considered as being idle Charge Traffic to from Host in Walled Garden List For usage or vol...

Страница 285: ...that their time based account quota is about to run out Volume Reminder This is the option for the system to display a warning message to On Demand users that their volume based account quota is abou...

Страница 286: ...enable disable delete apply a new template and other configuration All of the supported APs under management of the system will be shown in the list In the beginning the list is empty The administrato...

Страница 287: ...tion The administrator can add supported APs into the List table manually by clicking Add and selecting Add AP The system will attempt to configure the AP with the value specified After processing the...

Страница 288: ...an also set the channel the AP would use AP Type Select the AP model name which you like for the system to find Service Zone Select the Service Zone for which the device connected AP is to be managed...

Страница 289: ...the AP type and then click Edit icon to enter the Template Editing page Template Editing The administrator can set the template configuration manually or copy the configurations from a specific exist...

Страница 290: ...290 General In this section revise the Subnet Mask and Default Gateway here if desired Configure the NTP Servers and Time Zone In addition administrator can enable SYSLOG server to receive the log fro...

Страница 291: ...time interval for waiting for the acknowledgement ACK frame If the ACK is not received within the interval then the packet will be re transmitted Higher ACK Timeout interval will decrease the packet...

Страница 292: ...User s Manual WHG Controller HSG Gateway ENGLISH 292 VAP Configuration Enable Disable VAP under the Status column Configuration of VAPs can be done by clicking the edit icon under Action...

Страница 293: ...User s Manual WHG Controller HSG Gateway ENGLISH 293...

Страница 294: ...unction will stop the system from broadcasting its SSID If broadcast of the SSID is disabled only devices that have the correct SSID can connect to the system Wireless Client Isolation By enabling thi...

Страница 295: ...WPA Enterprise Access Control The administrator can restrict the wireless access of client devices based on their MAC addresses Disable Access Control When Disable is selected there is no restriction...

Страница 296: ...lable types of traffics subject to this rule Interface This indicates inbound outbound direction with desired interfaces DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for t...

Страница 297: ...re version must be one that has been integrated Firmware Upload displays the current version of the AP s firmware New firmware can be uploaded here to update the current firmware To upload first click...

Страница 298: ...he version before upgrade and the next version must be ones that have been integrated with the system h WDS Management WDS Wireless Distribution System is a function used to connect APs access points...

Страница 299: ...onnection will become unreachable i Rogue AP Detection It is designed to detect the non managed or possibly malicious AP in the deployed environment It takes the managed APs as sensors to find the non...

Страница 300: ...D Administrator can statically assign the BSSID of a known trusted AP in this list If an AP is entered into this list but not managed yet is present in the environment it will not show up in the Rogue...

Страница 301: ...ay all the current AP groups and their status info Device List The scrollable window displays all the managed APs sorted by model name with relative information such as Group Name MAC IP Power Lv Load...

Страница 302: ...ng this button will open a new page on your browser redirecting to the List tab page for displaying a list of APs in the Map List WDS in this Map Clicking this button will open a new page on your brow...

Страница 303: ...equired to configure your map with AP information are described in the subsequent sections Before starting to add a new map in wide area AP management it s necessary to sign up for a Google account or...

Страница 304: ...Now return to the Map tab page in WHG Controller s WMI and Scroll down to the bottom of the page click on the Add a New Map button An editing page will open for configuration please fill in a Map Name...

Страница 305: ...Type If you have several APs deployed and listed in List under Wide Area AP Management their geographical location can be marked on a particular map Firstly go to the List tab page and click on the Ed...

Страница 306: ...ed to this AP or the URL of the Venue Website where this AP is deployed Administrator can upload customized thumbnail images shown on the map After configuring all the necessary settings and uploading...

Страница 307: ...teway ENGLISH 307 You can click on the AP icon to see the dialogue box for additional information or links that you have configured Click the more info link for information on AP status Client List WD...

Страница 308: ...kup Config Restore Config and Upgrade All of the supported APs under management of the system will be shown on the list In the beginning the list is empty The administrator can add supported APs from...

Страница 309: ...and the listed EAP200 Once the tunnel has been established the AP can be seen as logically connected under the WHG Controllers managed network and can be applied as a Service Zone Delete Remove the ch...

Страница 310: ...Wide Area AP Management administrator can allocate NAS Identifier and designate an IP pool for service for each VAP of a Managed AP This can be configured while establishing tunnels between AP and Con...

Страница 311: ...d automatically assigned the SNMP read community string which will be used for periodical status collection To Discover APs click Add from the AP List and select Discovery from the Add Method dropdown...

Страница 312: ...ividual AP s Device Name and SNMP Community string Click the Add button and the discovered APs will be added into List d Adding The Adding function is used to manually set up an AP via filling in the...

Страница 313: ...The SNMP Read Community string used for status access e Template Configuration with templates is supported on selectable AP Models Currently WAPM Template is only available on EAP210 EAP220 EAP320 EAP...

Страница 314: ...1g 802 11n and 802 11ac Short Preamble The short preamble with a 56 bit synchronization field can improve WLAN transmission efficiency Select Enable to use Short Preamble or Disable to use Long Preamb...

Страница 315: ...be decreased worsened Airtime Fairness When set to Fair Access this feature ensures all devices with different band compatibilities have the same air time When set to Preferred Access N clients are pr...

Страница 316: ...et Access Point supports tagged VLANs virtual LANs To enable VLAN function each VAP shall be given a unique VLAN ID with valid values ranging from 1 to 4094 Once VLAN is Enabled QoS is supported on th...

Страница 317: ...number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference DTIM Period Input the DTIM...

Страница 318: ...wireless stations roam smoothly among IAPP enabled access points in the same wireless LAN Multicast to Unicast Conversion When Multicast to Unicast Conversion is enabled the Access Point intelligentl...

Страница 319: ...are listed on the Backup Config tab page and can be downloaded to a local storage device or deleted from WHG Controller s memory h Firmware The WHG Controller can store AP s firmware in its built in...

Страница 320: ...icate Authority CA This configuration item allows the administrator to select a Trust CA to validate the certificate used for CAPWAP Access Controller IP List The AC can statically designate other CAP...

Страница 321: ...Ps and perform transmit power management to spread the network load as evenly as possible among APs of the same group WAPM Load Balancing This configuration item enables the administrator to specify t...

Страница 322: ...g feature to be enforced l Third Party AP Management Add a third party AP by selecting THIRDAP from Device Type Add to AP List manually by specifying third party AP s IP address Name and VLAN ID Click...

Страница 323: ...d to the List the switch s status will display online or offline Delete Select the switches you wish to remove from the list by clicking the corresponding checkboxes followed by the Delete button Rest...

Страница 324: ...enter settings for the Template The following can be set on the PoE Schedule Template Power Supply Schedule Apply to The band channel width transmit power and etc If there is an existing managed switc...

Страница 325: ...guration files E Network Network This section is used to configure all the network settings 1 NAT The NAT function supports 3 types of network address translation DMZ Demilitarized Zone Public Accessi...

Страница 326: ...mapped to access the Internal IP Address These settings will become effective immediately after clicking the Apply button Public Accessible Servers Public Accessible Servers allow the administrator t...

Страница 327: ...e IP Address and Port of Translated to Destination Select TCP or UDP for the service s type These settings will become effective immediately after clicking Apply 2 Monitor IP Multiple IP addresses can...

Страница 328: ...nd click Apply to save the settings The Walled Garden List can be backed up or restored Walled Garden Advertisements are advertisement links for clients to access before they are authenticated by the...

Страница 329: ...em Local VPN Remote VPN and Site to Site VPN For Local VPN the system allows the VPN tunnel between a local client s device and the system to encrypt the data transmission For Remote VPN the system al...

Страница 330: ...User s Manual WHG Controller HSG Gateway ENGLISH 330...

Страница 331: ...examples for configuring the proxy server settings of the WHG CONTROLLER Using Internet Proxy Server A built in proxy server in the controller can be Enabled even with a Proxy Server placed outside th...

Страница 332: ...To specify an External Proxy Server choose the option External and fill in the appropriate IP address of the Proxy Server and the utilized port Follow the following steps to complete the proxy configu...

Страница 333: ...ssign a Domain Name to IP mappings for all clients connected to the WHG Controller s LAN network This feature can be used to dispatch clients to preferred IP address for certain Domain Names NOTE By E...

Страница 334: ...nd IS IS ISIS Configuration It is a routing protocol designed to move information efficiently within a computer network a group of physically connected computers or similar devices You can configure e...

Страница 335: ...stratively grouped together Area 0 known as the backbone area resides at the top level of the hierarchy and provides connectivity to the non backbone areas numbered 1 2 Stub Are areas through which or...

Страница 336: ...LISH 336 OSPF v3 Configuration IPv6 dynamic routing configuration RIP Configuration It is a dynamic routing protocol used in local and wide area networks You can configure each interface to be a Passi...

Страница 337: ...cation Advertise as Default Gateway Inform neighboring nodes that this controller is the default gateway Advertise Global Policy Route Inform neighboring nodes the Global Policy route on this controll...

Страница 338: ...the DNS server periodically These settings will become effective immediately after clicking Apply DDNS Enable or disable this function Provider Select the DNS provider Host name The IP address domain...

Страница 339: ...Certificate 1 Administrator Account This can be used to create to edit to remove and to check administrator account The login account for the administrator is admin The admin password of the system ca...

Страница 340: ...fferent permission Admin has authority to change his her own password or add more accounts to the admin list to take some of the management responsibility Password Complexity enables the admin to limi...

Страница 341: ...r admins to decide the number of days the password will expire in A valid period can be defined for each password counting from the first login When a password expires the operator will need to setup...

Страница 342: ...ure at the right of the drop down list to see and modify the differences Be aware that the authority limits of Super Group are unchangeable Create an account to the list by pressing the Apply button a...

Страница 343: ...ettings 2 Backup Restore This is used to backup and restore system settings System factory default can also be restored Click the Backup button under General Backup to save the current system configur...

Страница 344: ...Address List can be selected to retain WAN1 setting for remote access Reset to Factory Default Click Reset to load the factory default settings of the controller Remote Sync Status WHG311 WHG315 When...

Страница 345: ...for applications such as HTTPS login CAPWAP and etc The Controller has a built in Factory Default Certificate gateway example com that cannot be removed but allows certificates to be uploaded To view...

Страница 346: ...A certificate can be downloaded and used to sign certificates generated by the system Note that the system only allows one Internal Root CA to be created A root CA certificate may also be uploaded wit...

Страница 347: ...also upload other certificates signed by other CA entities or Trusted CAs into the system These trusted root CA certificates are intended for the Controller to recognize and trust certificates of Ext...

Страница 348: ...o Physical address translation tables used by address resolution protocol ARP IPv6 Ping It allows administrator to detect a device using IPv6 address or Host domain name to see if it is alive or not T...

Страница 349: ...on Tool To run the Simulation Tool first a 2 D floor plan needs to be uploaded to the WHG Controller Click the Add Floor Plan button to add a floor plan Floor Plan Name Self defined name for Administr...

Страница 350: ...mulation can be done by clicking the Simulate 2 4G or the Simulate 5G button If the results are satisfactory the settings on each AP may be saved as a template to be used to apply to APs in AP Managem...

Страница 351: ...ecify the complete firmware filename stored on the FTP server that will be used to upgrade the system To upgrade the system firmware click Browse button to choose the new firmware file and then click...

Страница 352: ...User s Manual WHG Controller HSG Gateway ENGLISH 352 1 System Summary A display of current settings on the system An overview of the system is provided here for the administrator s reference...

Страница 353: ...nabled Disabled Idle Timeout The minutes allowed for the users to be inactive before their account expires automatically Multiple Login Enabled Disabled Report Syslog server 1 The IP address and port...

Страница 354: ...one represents a virtual system therefore the information of the system s network interface is grouped by service zone Item Description Interface WAN1 Mode Operating mode of this interface MAC Address...

Страница 355: ...IPv6 address of the SZ Service Zone DHCP Scope Default SZ1 SZ8 Status Enable disable stands for status of the DHCP server in Default Service Zone WINS IP Address The WINS server IP on DHCP server N A...

Страница 356: ...plan will be used for Local Area Managed APs or Wide Area Managed APs Floor Plan Name Self defined name for Administrator s reference Floor Plan Select file for floor plan jpg format Wall Select file...

Страница 357: ...n 5 Process Monitor The Process Monitor is a network utility that shows the active status of process daemons on the gateway Administrators can choose to Enable or Disable the Process Monitor by clicki...

Страница 358: ...age The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months Each line in a monthly network usage of local user record consists of 6 fields...

Страница 359: ...Roaming In Users Date Type Name NSID NASIP NASPort UserMAC UserIP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message 7 Reporting WHG CONTROLLER can automatically send various kinds...

Страница 360: ...to the selected E mail address Sending Logs to SYSLOG The following log types can be sent to external SYSLOG servers configured in SYSLOG Settings Local Users Log On Demand Users Log Trial Users Log R...

Страница 361: ...ngs in order to send the selected logs to the configured SYSLOG Servers Sending Logs to FTP The following log types can be sent to external FTP servers configured in FTP Settings Local Users Log On De...

Страница 362: ...User s Manual WHG Controller HSG Gateway ENGLISH 362...

Страница 363: ...xt FTP Settings Allows the configuration of an external FTP Server where selected users logs as well as system logs will be sent to FTP Settings Page FTP Destination This specifies the IP address and...

Страница 364: ...Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM MD5 or Login but which method to be used can not be configured Sender E mail Address...

Страница 365: ...the Last 10 Minutes Hours and Days are shown here The header 1 10 are the unit multipliers For instance the number under column 2 indicates the lease count in the last 20 minutes hours days the numbe...

Страница 366: ...ease Log The DHCP Lease Log is displayed here and a search can be performed by IP Address MAC Address or Service Zone DHCP Lease List Valid IP addresses issued from the DHCP Server and related informa...

Страница 367: ...route rule and the System Route rule has the lowest priority Clicking either IPv4 or IPv6 will show the routing rules for each policy or interface Policy 1 n Shows the information of the individual Po...

Страница 368: ...ler HSG Gateway ENGLISH 368 Gateway The Gateway IP address of the port Interface The choice of interface network including WAN1 WAN2 Default or the named Service Zones to be applied for the traffic in...

Отзывы: