AirLive IAS 2000 Скачать руководство пользователя страница 19

Страница: 19 / 128

Chapter 2. Overview

Air Live IAS-2000 User’s Manual V1.0

functions. The user account information is stored in the IAS-2000 database, or other specified external

authentication databases.

The process of authenticating the user’s identity is executed via the SSL encrypted webpage. Using the web

interface, it can be ensured that the system is compatible to most desktop systems and palm computers. When a

user authentication is requested, the IAS-2000 server software will check the authentication database at the rear

end to confirm the user’s access right. The authentication database can be the local database of IAS-2000 or any

external database that IAS-2000 supports. If the user is not an authorized user, IAS-2000 will refuse the user’s

request for the access. In the meantime, IAS-2000 will also continue blocking the user from accessing the network.

If the user is an authorized user, then IAS-2000 will authorize the user with an appropriate access right, so that the

user can use the network. If the online user remains idle without using the network for a time exceeding a

predetermined idle time on IAS-2000 or the online user logs out of the system, IAS-2000 will exit the working stage

of such user and terminate the user’s access right of the network.

The following figure provides a simple example of setting up a small enterprise network. IAS-2000 is set to control a

part of the company’s intranet. The whole managed network includes cable network users and wireless network

users. In the beginning, any user located at the managed network is unable to access the network resource without

permission. If the access right to the network beyond the managed area is required, an Internet browser such as the

Internet Explorer must be opened and a connection to any website must be performed. When the browser attempts

to connect to a website, IAS-2000 will force the browser to redirect to the user login webpage. The user must enter

the username and password for authentication. After the identity is authenticated successfully, the user will gain

proper access right defined on IAS-2000.

Содержание IAS 2000

Страница 1: ...Table of Contents IAS 2000 User s Manual Internet Access Gateway ...

Страница 2: ...on on PC 76H22 14H4 1 Internet Connection Setup 77H22 15H4 1 1 Windows 9x 2000 78H22 16H4 1 2 Windows XP 79H24 17H4 2 TCP IP Network Setup 80H27 18H4 2 1 Check the TCP IP Setup of Window 9x ME 81H27 19H4 2 2 Check the TCP IP Setup of Window 2000 82H30 20H4 2 3 Check the TCP IP Setup of Window XP 83H33 21HChapter 5 Web Interface Configuration 84H36 22H5 1 System Configuration 85H38 23H5 1 1 Configu...

Страница 3: ...04H95 42H5 4 Utilities 105H101 43H5 4 1 Change Password 106H101 44H5 4 2 Backup Restore Setting 107H102 45H5 4 3 Firmware Upgrade 108H103 46H5 4 4 Restart 109H104 47H5 5 Status 110H105 48H5 5 1 System Status 111H106 49H5 5 2 Interface Status 112H108 50H5 5 3 Current Users 113H110 51H5 5 4 Traffic History 114H111 52H5 5 5 Notification Configuration 115H115 53H5 5 6 Online Report 116H116 54H5 6 Help...

Страница 4: ...return to the previous page indicates that clicking this button will apply all of your settings indicates that clicking this button will clear what you set before these settings are applied 1 3 Glossary 802 11 standard A family of wireless Local Area Network specifications The 802 11b standard in particular is seeing widespread acceptance and deployment in corporate campuses as well as commercial ...

Страница 5: ...e PPP Point to Point Protocol environment thus reducing some network overhead It also puts the bulk of the processing burden upon the client called a supplicant in 802 1x parlance and the authentication server such as a RADIUS letting the authenticator middleman simply pass the packets back and forth Because the authenticator does so little its role can be filled by a device with minimal processin...

Страница 6: ...connects a local area network LAN to another local area network that uses the same protocol for example wireless Ethernet or token ring Wireless bridges are commonly used to link buildings in campuses Broadband A comparatively fast Internet connection Services such as ISDN cable modem DSL and satellite are all considered broadband as compared to dial up Internet access There is no official speed d...

Страница 7: ...ic IP addressing are assigned a new IP address by a DHCP server The PC or network device obtaining an IP address is called the DHCP client DHCP frees you from having to assign IP addresses manually every time a new user is added to your network A DHCP server can either be a designated PC on the network or another network device such as the Router By default the Router s DHCP server function is ena...

Страница 8: ... attacks there are software fixes that system administrators can install to limit the damage caused by the attacks But like viruses new DoS attacks are constantly being dreamed up by hackers Download To receive a file transmitted over a network DTIM Delivery Traffic Indication Message A message included in data packets that can increase wireless efficiency Dynamic IP Address A temporary IP address...

Страница 9: ...the packet FTP File Transfer Protocol A standard protocol for sending files between computers over a TCP IP network and the Internet Full Duplex The ability of a networking device to receive and transmit data simultaneously Gateway In the wireless world a gateway is an access point with additional software capabilities such as providing NAT and DHCP Gateways may also provide VPN support roaming fi...

Страница 10: ...l A set of rules used to send and receive messages at the Internet address level IP address A 32 bit number that identifies each sender or receiver of information that is sent across the Internet An IP address has two parts an identifier of a particular network on the Internet and an identifier of the particular device which can be a server or a workstation within that network IPsec IP Security A ...

Страница 11: ...any computer platform to obtain directory information such as email addresses and public keys Because LDAP is an open protocol applications need not worry about the type of server hosting the directory Local User A user that has signed up for an account from a specific ezboard community enabling the user to participate only in that ezboard as a registered user Global user registration from the ezb...

Страница 12: ...col used to retrieve e mail stored on a mail server Port 1 The connection point on a computer or networking device used for plugging in a cable or an adapter 2 The virtual connection point through which a computer uses a specific application on a server PPPoE Point to Point Protocol over Ethernet PPPoE relies on two widely accepted standards PPP and Ethernet PPPoE is a specification for connecting...

Страница 13: ...ich checks that the information is correct and then authorizes access to the ISP system Though not an official standard the RADIUS specification is maintained by a working group of the IETF Range Most Wi Fi systems will provide a range of a hundred feet or more Depending on the environment and the type of antenna used Wi Fi signals can have a range of up to mile RJ 45 Standard connectors used in E...

Страница 14: ...ifferentiates one WLAN from another so all access points and all devices attempting to connect to a specific WLAN must use the same SSID A device will not be permitted to join the BSS unless it can provide the unique SSID Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network An SSID is also referred to as a Network Name because essentially it is ...

Страница 15: ... along with the Internet Protocol IP to send data in the form of individual units called packets between computers over the Internet While IP takes care of handling the actual delivery of the data TCP takes care of keeping track of the packets that a message is divided into for efficient routing through the Internet For example when a web page is downloaded from a web server the TCP program layer ...

Страница 16: ...th dial up connections over POTS VPN creates a private encrypted tunnel from the end user s computer through the local wireless network through the Internet all the way to the corporate servers and database Walled Garden On the Internet a walled garden refers to a browsing environment that controls the information and Web sites the user is able to access This is a popular method used by ISPs in or...

Страница 17: ...t can provide better security than basic 40 bit 64 bit encryption Wi Fi Wireless Fidelity An interoperability certification for wireless local area network LAN products based on the Institute of Electrical and Electronics Engineers IEEE 802 11 standards WLAN Wireless Local Area Network Also referred to as LAN A type of local area network that uses high frequency radio waves rather than wires to co...

Страница 18: ...h operation logic that is easy to use All of the functions of the system can be performed with a simple few clicks The full web based management interface allows users to operate and manage the system online via a browser Users can easily log on to the authenticated LAN ports via the browser without any additional software installation Integrating the Existing User Password Database In general mos...

Страница 19: ...e access right so that the user can use the network If the online user remains idle without using the network for a time exceeding a predetermined idle time on IAS 2000 or the online user logs out of the system IAS 2000 will exit the working stage of such user and terminate the user s access right of the network The following figure provides a simple example of setting up a small enterprise networ...

Страница 20: ...ork And Private LAN is referred to as the LAN port with the authentication function disabled Another setup example is shown in the following figure The WAN1 and WAN2 of IAS 2000 simultaneously supports the Switch of 802 3ad Support Port Trunk and the bandwidth of the Switch will be the sum of the WAN1 and WAN2 bandwidths which aims at eliminating the bottleneck caused by the narrow bandwidth betwe...

Страница 21: ...ternet before authentication Thus administrators can choose to force the authentication for users connected to these ports WAN1 WAN2 The two WAN ports are connected to a network which is not managed by the IAS 2000 system and this port can be used to connect the ATU Router of ADSL the port of Cable Modem or the Switch or Hub on the LAN of a company Power LED Should light stands for the power is on...

Страница 22: ...3 2 Package Contents The standard package of IAS 2000 includes y IAS 2000 x 1 y CD ROM x 1 y Quick Installation Guide x 1 y Power Cord x 1 y Ethernet Cable Crossover x 1 y Ethernet Cable Straight x3 y Console Cable x 1 y Accessory Packing x 1 Warning Using a power supply with different voltage rating will damage this product Power Switch Power Socket The power cord attaches here System Fan System ...

Страница 23: ... including five network cables with RJ 45 connectors y All PCs need to install the TCP IP network protocol 3 4 Installation Steps Please follow the following steps to install IAS 2000 1 Connect the power cord to the power socket on the rear panel 2 Turn on the power switch on the rear panel The Power LED will light up ...

Страница 24: ... administrative user interface to perform configurations via Private LAN Connect the other end of the Ethernet cable to a client s PC The LED of this LAN should be on to indicate a proper connection 5 Connect an Ethernet cable to the WAN Port on the front panel Connect the other end of the Ethernet cable to ADSL modem cable modem or a switch hub of the internal network The LED of this WAN should b...

Страница 25: ...nfiguration on PC After IAS 2000 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup 4 1 Internet Connection Setup 4 1 1 Windows 9x 2000 1 Choose Start Control Panel Internet Options 2 Choose the Connections label and then click Setup ...

Страница 26: ... want to set up my Internet connection manually or I want to connect through a local area network LAN and then click Next 4 Choose I connect through a local area network LAN and click Next 5 Do NOT check any option in the following LAN window for Internet configuration and just click Next ...

Страница 27: ...n on PC Air Live IAS 2000 User s Manual V1 0 24 6 Choose No and click Next 7 Finally click Finish to exit the Internet Connection Wizard Now the setup has been completed 4 1 2 Windows XP 1 Choose Start Control Panel Internet Options ...

Страница 28: ...ration on PC Air Live IAS 2000 User s Manual V1 0 25 2 Choose the Connections label and then click Setup 3 Click Next when Welcome to the New Connection Wizard screen appears 4 Choose Connect to the Internet and then click Next ...

Страница 29: ...000 User s Manual V1 0 26 5 Choose Set up my connection manually and then click Next 6 Choose Connect using a broadband connection that is always on and then click Next 7 Finally click Finish to exit the Connection Wizard Now you have completed the setup ...

Страница 30: ...dress and related information for each PC If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If you want to check the TCP IP setup or use the static IP in the LAN1 LAN2 or LAN3 LAN4 section please follow the steps below 4 2 1 Check the TCP IP Setup of Window 9x...

Страница 31: ... 2000 3 2 Using Specific IP Address If you want to use specific IP address you have to ask the network administrator for the information of IAS 2000 IP address Subnet Mask Gateway and DNS server address Caution If your PC has been set up completed please inform the network administrator before modifying the following setup y Please choose Specify an IP address and enter the information given to yo...

Страница 32: ...bel and enter the gateway address of IAS 2000 in the New gateway and then click Add and OK y Choose DNS Configuration label If no DNS Server is defined in the DNS Server column please click Enable DNS and then enter a known DNS address or the DNS address provided by ISP Then click Add and click OK ...

Страница 33: ...CP IP Setup of Window 2000 1 Select Start Control Panel Network and Dial up Connections 2 Click the right button of the mouse on Local Area Connection icon and then select Properties 3 Select Internet Protocol TCP IP and then click Properties Now you can choose to use DHCP or specific IP address ...

Страница 34: ...he network administrator for the information of IAS 2000 IP address Subnet Mask Gateway and DNS server address Caution If your PC has been set up completed please inform the network administrator before modifying the following setup y Please choose Use the following IP address and enter the information given from the network administrator in IP address and Subnet mask as well as Default gateway If...

Страница 35: ...et Protocol TCP IP Properties y Choose the IP Settings label and click Add below the Default gateways column and the TCP IP Gateway Address window will appear Enter the gateway address of IAS 2000 in the Gateway of TCP IP Gateway Address window and then click Add After returning to the IP Settings section click OK to finish ...

Страница 36: ... Setup of Window XP 1 Select Start Control Panel Network Connections 2 Click the right button of the mouse on the Local Area Connection icon and select Properties 3 Select General label and choose Internet Protocol TCP IP and then click Properties Now you can choose to use DHCP or specific IP address ...

Страница 37: ...he network administrator for the information of IAS 2000 IP address Subnet Mask Gateway and DNS server address Caution If your PC has been set up completed please inform the network administrator before modifying the following setup y Please choose Use the following IP address and enter the information given from the network administrator in IP address and Subnet mask as well as Default gateway If...

Страница 38: ...net Protocol TCP IP Properties y Choose the IP Settings label and click Add below the Default gateways column and the TCP IP Gateway Address window will appear Enter the gateway address of IAS 2000 in the Gateway of TCP IP Gateway Address window and then click Add After returning to the IP Settings label click OK to finish ...

Страница 39: ...ine users will be disconnected during restart OPTION System Configuration Network Configuration User Authentication Utilities Status Configuration Wizard Network Address Translation Authentication Configuration Change Password System Status System Information Privilege List Policy Configuration Backup Restore Strategy Interface Status WAN1 Configuration Monitor IP List Black List Configuration Fir...

Страница 40: ...login screen Enter the default username admin and the default password sohoware in the User Name and Password column Click Enter to log in Caution If you can t get the login screen you may have incorrectly set your PC to obtain an IP address automatically from authentication LAN port or the IP address used does not have the same subnet as the URL Please use default IP address such as 192 168 2 xx ...

Страница 41: ...n Wizard or change the setting by demands manually The Configuration Wizard has 7 steps providing a simple and easy way to guide you through the setup of IAS 2000 You just need to follow the procedures and instructions given by the Wizard to enter the required information step by step After saving and restarting IAS 2000 it is ready to use There will be 7 steps as listed below 1 Change Admin s Pas...

Страница 42: ...anual V1 0 39 Now click System Configuration to go to the System Configuration page Click the System Configuration from the top menu and the System Configuration page will appear Then click on Configuration Wizard and click the Run Wizard button to start the wizard ...

Страница 43: ... the 7 steps After a brief overview of the whole process click Next to begin y Step 1 Change Admin s Password Enter a new password for the admin account and retype it in the verify password field twenty character maximum and no spaces Click Next to continue y Step 2 Choose System s Time Zone Select a proper time zone via the pull down menu Click Next to continue ...

Страница 44: ... Contact your ISP if you are not sure of the DNS IP Address Click Next to continue y Step 4 Select the Connection Type for WAN1 Port Three are three types of WAN port to select Static IP Address Dynamic IP Address and PPPoE Client Select a proper Internet connection type and click Next to continue Dynamic IP Address If this option is selected an appropriate IP address and related information will ...

Страница 45: ...ddress manually Enable DHCP Server When the option is selected IAS 2000 will automatically provide the necessary IP address to all Public LAN clients Click Next to continue y Step 5 Set LAN1 DHCP Server If the Enable DHCP Server option is selected fields marked with red asterisk must be filled in DHCP Scope These fields define the IP address range that will be assigned to the Public LAN clients No...

Страница 46: ...ult Authentication Server Set the user s information in advance Enter an easily identified name as the postfix name in the Postfix Name field e g Local select a policy to assign to you can use the default and choose an authentication method Click Next to continue Local User Add User A new user can be added to the local user data base To want to add a user here enter the Username e g test Password ...

Страница 47: ...uthentication port accounting port and secret key Then choose to enable accounting service or not and choose the desired authentication method Click Next to continue LDAP User Authentication Method LDAP You can add a new user to the LDAP user data base Enter the LDAP Server Server Port and Base DN And then you have to select one kind of Binding Type and Account Attribute to access the LDAP server ...

Страница 48: ...cess the LDAP servers without requiring authentication If you select Specific DN binding type you have to enter the username and password in the Bind RDN and Bind Password fields to access the LDAP server If you select Windows AD binding type please enter the domain name of Windows AD to access the LDAP server Click Next to continue ...

Страница 49: ...nsparent Login After this setup is completed click Next to continue y Step 7 Restart Click Restart to save the current settings and restart IAS 2000 The Setup Wizard is now completed y During IAS 2000 restart a Restarting now Wait for a minute message will appear on the screen Please do not interrupt IAS 2000 until the message has disappeared This indicates that a complete and successful restart p...

Страница 50: ... Caution During every step of the wizard if you wish to go back to modify the settings please click the Back button to go back to the previous step 5 1 2 System Information These are some main information about IAS 2000 Please refer to the following description for these blanks ...

Страница 51: ...P block with a system which is able to connect to the web management interface via the authenticated port For example 10 2 3 0 24 means that as long as you are within the IP address range of 10 2 3 0 24 you can reach the administration page of IAS 2000 Another example is 10 0 0 3 if you are using the IP address 10 0 0 3 you can reach the administration page of IAS 2000 y SNMP IAS 2000 supports SNM...

Страница 52: ...e WAN1 port Default Gateway The gateway of the WAN1 port Preferred DNS Server The primary DNS Server of the WAN1 port Alternate DNS Server The substitute DNS Server of the WAN1 port This is not required Enable Bridge Mode When you set WAN1 with a static IP address and check Enable Bridge Mode WAN2 and all LAN ports will share the WAN1 IP address and go into bridge mode as well See the following fi...

Страница 53: ...aining IP address for the WAN2 Port None Static IP Address Dynamic IP Address and 802 3ad y None The WAN2 Port is not functional y Static IP Address Specify the IP address of WAN2 Port which is applicable for the network environment that IP address cannot be obtained automatically See the following figure y Dynamic IP Address It is applicable for the network environment that the WAN2 Port can obta...

Страница 54: ...N1 LAN2 Configuration All of the following four LAN ports can enable or disable user authentication function In this part you can set the related configurations about LAN1 port and DHCP server The configurations of other three LANs are the same with that of LAN1 y LAN1 Enable VLAN If you want to split LAN1 into several interfaces please select the Enable VLAN option on the LAN interface After Enab...

Страница 55: ...segment Click Enable to continue See the following figure After enabling this VLAN segment the following screen will appear See the following description and figure for details Enable User Authentication on VLAN y Enable Enable this VLAN segment y Enable User Authentication Control the User Authentication according to individual VLAN segment ...

Страница 56: ...dresses externally connected through the VLAN port use its original IP address for external connections Thus IAS 2000 acts like a Router y IP Address Enter the desired IP address for setup y Subnet Mask Enter the desired Subnet Mask for setup VLAN DHCP Configuration y Disable DHCP Server Disable the function of the DHCP Server y Enable DHCP Server If you want to use the DHCP Server function you mu...

Страница 57: ...the Reserved IP Address List as shown in the following figure will appear Enter the related Reserved IP Address MAC and some description not compulsory When finished click Apply to complete the setup y Enable DHCP Relay If you want to enable this function you must specify other DHCP Server IP address See the following figure y DHCP Server Configuration 1 Disable DHCP Server Disable the function of...

Страница 58: ...ools End IP Address Preferred DNS Server Alternate DNS Server Domain Name WINS Server Lease Time and Reserved IP Address List See the following figure If you want to use the reserved IP address function click on the Reserved IP Address List on the management interface Then the setup of the Reserved IP Address List as shown in the following figure will appear Enter the related Reserved IP Address M...

Страница 59: ...P Server IP address See the following figure 5 2 Network Configuration This section includes the following functions Network Address Translation Privilege List Monitor IP List Walled Garden List Proxy Server Properties Dynamic DNS and IP Mobility 5 2 1 Network Address Translation There are three parts DMZ Virtual Servers and Port and IP Redirect need to be set ...

Страница 60: ...nal IP Address available These settings will become effective immediately after clicking the Apply button y Virtual Servers This function allows the administrator to set 40 virtual servers at most so that the computers not belonging to the managed network can access the servers in the managed network Please enter the External Service Port Local Server IP Address and Local Server Port According to ...

Страница 61: ...ser attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination According to the different services provided choose the TCP protocol or the UDP protocol These settings will become effective immediately a...

Страница 62: ... y Privilege IP Address List If there are some workstations belonging to the managed server that need to access the network without authentication and enter the IP addresses of these workstations in this list The Remark blank is not necessary but is useful to keep track IAS 2000 allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply ...

Страница 63: ...eed to access the network without authentication in this list IAS 2000 allows 100 privilege MAC addresses at most The list can be created by entering data in the table or by import from a file The list can be exported as well If you want to manually create the list be sure to enter the MAC address the format is xx xx xx xx xx xx as well as the remark not necessary and select a policy for the indiv...

Страница 64: ...ter the Upload Privilege MAC Address List interface Click the Browse button to select the text file for the user account upload Then click Submit to complete the upload The uploading file should be a text file and the format of each line is MAC Group Remark without the quotes There must be no spaces between the fields and commas The MAC field could be omitted but the trailing comma must be retaine...

Страница 65: ...nitor the connection status of the IP addresses on the list If the monitored IP address does not respond the system will send an e mail to notify the administrator that such destination is not reachable After entering the related information click Apply and these settings will become effective immediately You can click Monitor to check the current status of all the monitored IP The system provides...

Страница 66: ... the monitoring result is for This will be the receiver s e mail y Interval The time interval to send the e mail report y SMTP Server The IP address of the SMTP server y Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method you select you have to enter the Account Name Password and Domai...

Страница 67: ... of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Please enter the website IP Address or Domain Name in the list and these settings will become effective immediately after clicking Apply 5 2 5 Proxy Server Properties IAS 2000 supports Internal Proxy Server and External Proxy Server fun...

Страница 68: ...page and thus unable to access the network If there is a matching then the end users will be directed to the system first for authentication After a successful authentication the end users will be redirected back to the desired proxy servers depending on various situations Please click Apply and these settings will become effective immediately 5 2 6 Dynamic DNS IAS 2000 provides a convenient DNS f...

Страница 69: ...er end you can use any IP address to connect to the system Regardless of what the IP address at the user end is you can still authenticate through IAS 2000 and access the network y Enable Mobile IP If you construct a network environment using several sets of IAS 2000 a user can use the same group of IP configurations When you roam into different locations the connection will be kept alive therefor...

Страница 70: ...es 5 servers Local POP3 RADIUS LDAP and NT Domain one On demand User and one PMS User that the administrator can apply with different policy Click on the server name to set the related configurations for that particular server After completing and clicking Apply to save the settings you can go back to the previous screen to choose a server to be the default server and enable or disable any server ...

Страница 71: ...Set a postfix that is easy to distinguish e g Local for the server using numbers 0 to 9 alphabets a to z or A to Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Warning The Policy Name cannot contain these words MAC and IP y Black List There are five sets of the black lists You can select one of them or choose None Please refer to 5 3 3 Black List Confi...

Страница 72: ... List screen and click the individual Username to edit that account Add User Click this button to enter the Add User interface Fill in the necessary information such as Username Password MAC and Remark optional Then select a desired Maximum Bandwidth Request Bandwidth and Group and then click Apply to complete adding the user or users ...

Страница 73: ...ext file for the user account upload Then click Submit to complete the upload process The uploading file should be a text file and the format of each line is ID Password MAC Group Remark or ID Password MAC Max bandwidth Request bandwidth Policy Remark without the quotes There must be no spaces between the fields and commas The MAC field could be omitted but the trailing comma ...

Страница 74: ...e IAS 2000 User s Manual V1 0 71 must be retained When adding user accounts by uploading a file the existing accounts in the embedded database will not be replaced by new ones y Export User Click this to create a txt file and then save it on disk ...

Страница 75: ...to renew the list Refresh button y Search Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search All usernames matching the keyword will be listed Del All This will delete all the users at once Delete This will delete the users individually ...

Страница 76: ...ck Apply to complete the modification y Radius Roaming Out 802 1x Authentication These two functions can be enabled or disabled separately Click Radius Client List to enter the Radius Client Configuration interface Choose the desired type Disable Roaming Out or 802 1x and key in the related information and then click Apply to complete the settings Roaming Out When you have selected Roaming Out the...

Страница 77: ...nd dot with a maximum of 40 characters all other letters are not allowed Warning The Policy Name cannot contain these words MAC and IP y Black List There are five sets of the black lists You can select one of them or choose None Please refer to 5 3 3 Black List Configuration y Authentication Method There are four authentication methods POP3 RADUUS LDAP and NT Domain to configure from Select the de...

Страница 78: ...3 1 3 Radius Server Choose Radius in the Authentication Method field the hyperlink beside the pull down menu will become Radius Setting Click the hyperlink for further configuration The Radius server sets the external authentication for user accounts Enter the related information for the primary server and or the secondary server the secondary server is not required The blanks with red star are ne...

Страница 79: ... disabled only the ID will be transferred to RADIUS server for authentication y Server IP Enter the IP address domain name of the RADIUS server y Authentication Port Enter the authentication port of the RADIUS server and the default value is 1812 y Accounting Port Enter the accounting port of the RADIUS server and the default value is 1813 y Secret Key Enter the key for encryption and decryption y...

Страница 80: ...s with red star are necessary information These settings will become effective immediately after clicking the Apply button y Server IP Enter the IP address domain name of the LDAP server y Port Enter the Port of the LDAP server and the default value is 389 y Base DN Enter the distinguished name of the LDAP server y Binding Type There are four binding types User Account Anonymous Specific DN and Wi...

Страница 81: ... LDAP servers without requiring authentication but only select one Account Attribute UID CN or sAMAccountName Specified DN Entering the specific DN username and password in the Bind RDN and Bind Password fields and then select one Account Attribute UID CN or sAMAccountName to access the LDAP server ...

Страница 82: ... pull down menu will become NT Domain Setting Click the hyperlink for further configuration Enter the server IP address and enable disable the transparent login function These settings will become effective immediately after clicking the Apply button y Server IP address Enter the server IP address of the domain controller y Transparent Login If this function is enabled when users log into the Wind...

Страница 83: ...allowed Receipt Header There are two fields Receipt Header 1 and Receipt Header 2 for the receipt s header Enter your own receipt header message or use the default Receipt Footer Enter your own receipt footer message here or use the default Monetary Unit Select the desired monetary unit for your region Policy Name Select a policy for the on demand user WLAN ESSID Enter the ESSID of the AP WEP Key ...

Страница 84: ...he account Normal indicates that the account is not in use and not overdue Online indicates that the account is in use and not overdue Expire indicates that the account is overdue and cannot be used y Expire Time The expiration time of the account y Del All This will delete all the users at once y Delete This will delete the users individually y Billing Configuration Click this to enter the Billin...

Страница 85: ...9 hours Valid Duration This is the duration of time that the user needs to activate the account after the generation of the account If the account is not activated during this duration the account will self expires Price The price charged for this billing rule y Create On demand User Click this to enter the On demand User Generate screen Pressing the Create button for the desired rule an On demand...

Страница 86: ...x that is easy to distinguish e g Local for the server using numbers 0 to 9 alphabets a to z or A to Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Policy Name There are five policies to select from Receipt Header There are two fields Receipt Header 1 and Receipt Header 2 for the receipt s header Enter your own receipt header message or use the default...

Страница 87: ... Valid Time The Valid Time indicates the duration of time that the user needs to activate the account after the generation of the account If the account is not activated during this duration the account will self expires The Expire Time indicates the duration of time that the user can use the account after the activation of the account After this duration the account will self expires Delete All T...

Страница 88: ...to Policy Assign a policy for this billing rule Price The price charged for this billing rule Note There is an Auto Expired mechanism is for preventing that an account is created but never logged in If the account is created but never been logged in the account will be invalid after a period The auto expired time the exact created time of the account Valid Period y Created PMS User Click this to e...

Страница 89: ...etting for that policy But Global policy only has Firewall Profile and Specific Route Profile settings y Global Policy Select Policy Select Global to set the Firewall Profile and Specific Route Profile Firewall Profile Click the hyperlink of Setting for Firewall Profile the Firewall Profiles list will appear Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the...

Страница 90: ... ICMP or choose ALL to use all three protocols Source MAC Address The MAC address of the source IP address This is for specific MAC address filter Source Destination Interface There are four interfaces to choose WAN Wireless Public LAN LAN1 LAN2 and Private LAN LAN3 LAN4 Source Destination IP Enter the source and destination IP addresses Source Destination Subnet Mask Enter the source and destinat...

Страница 91: ... a destination subnet netmask of the host or the network IP Address Gateway The IP address of the next router to the destination y Policy 1 Policy 5 Select Policy Policy Name Select a desired policy and you can rename it in the Policy Name field Firewall Profile Click the hyperlink of Setting for Firewall Profile the Firewall Profiles list will appear Click the numbers of Filter Rule Item to edit ...

Страница 92: ...are three protocols to select TCP UDP and ICMP or choose ALL to use all three protocols Source MAC Address The MAC address of the source IP address This is for specific MAC address filter Source Destination Interface There are four interfaces to choose WAN Wireless Public LAN LAN1 LAN2 and Private LAN LAN3 LAN4 Source Destination IP Enter the source and destination IP addresses Source Destination ...

Страница 93: ... of the next router to the destination Default Check this option to apply the default values Schedule Profile Click the hyperlink of Setting for Schedule Profile to enter the Schedule Profile list Select Enable to show the list This function is used to restrict the time the users can log in Please enable disable the desired time slot and click Apply to save the settings These settings will become ...

Страница 94: ...00 users at most If a user in the black list wants to log into the system the user s access will be denied The administrator can use the pull down menu to select the desired black list y Select Black List There are 5 lists to select from for the desired black list y Name Set the black list name and it will show on the pull down menu above y Add User to List Click the hyperlink to add users to the ...

Страница 95: ... users If the administrator wants to remove a user from the black list just select the user s Delete check box and then click the Delete button to remove that user from the black list Import Black List Click this to enter the Upload black List Account Blacklist1 interface Click the Browse button to select the text file for the user account upload to the black list Then click Submit to complete the...

Страница 96: ...ine should be ID Remark without the quotes There must be no spaces between the fields and commas When adding user accounts by uploading a file existing accounts in the embedded database that are also defined in the data file will not be replaced by the new ones y Export Black List Click Export List to create a txt file and then save it on disk ...

Страница 97: ...settings y Guest User List IAS 2000 offers ten guest users for log in To activate a guest user just enter the password in the corresponding Password text field for that guest account Guest accounts with blank password will not be activated y Session Length This restricts the connection time of the guest users The default session length is 6 hours and the available session time ranges from 1 to 12 ...

Страница 98: ...nd RADIUS accounting Friendly Logout When a user logs into the network with wireless connection a small window will appear to show the user s information and there is a logout button for the logout If enabled When the users try to close the small window there will be a new popup window to confirm the logout in case the users click the logout button by accident y Roaming Out Timer Session Timeout T...

Страница 99: ...n failed message showing on the users login screen Fail Action Set to pass or block all the network connections when the WAN interface fails y Upload File 1 Certification The administrator can upload new private key and customer certification Click the Browse button to select the file for the certificate upload Then click Submit to complete the upload process Click Set To Default and then click re...

Страница 100: ...ecessary fileds for username and password If the user defined login page includes an image file the image file path in the HTML code must be the image file you will upload Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the...

Страница 101: ...nistrator can upload new logout page The process is similar to that of Login Page Click Use Default Page to use the default login succeed page After the upload process is completed the new login succeed page can be previewed by clicking Preview button at the bottom 4 Login Succeed Page The administrator can upload new login succeed page The process is similar to that of Login Page Click Use Defaul...

Страница 102: ...new logout succeed page The process is similar to that of Login Page Click Use Default Page to use the default logout succeed page After the upload process is completed the new logout succeed page can be previewed by clicking Preview button at the bottom y POP3 Message Before the users log into the network with their usernames and passwords the users will receive a welcome mail from IAS 2000 The a...

Страница 103: ...ir MAC addresses in this list can log into IAS 2000 There will only be 40 users allowed in this MAC address list User authentication is still required for these users Please select Enable enter the Permit MAC Address List to fill in these MAC addresses and then click Apply Caution The format of the MAC address is xx xx xx xx xx xx or xx xx xx xx xx xx ...

Страница 104: ...etting Firmware Upgrade and Restart 5 4 1 Change Password The administrator can change the passwords here Please enter the current password and then enter the new password twice to verify Click Apply to activate this new password Caution If the administrator s password is lost the administrator s password still can be changed through the text mode management interface on the serial port console pr...

Страница 105: ...atabase backup file and save it on disk y Restore Setting Click Browse to search for a db database backup file created by IAS 2000 and click Restore Setting to restore to the same settings at the time the backup file was created y Reset to the Factory Default Setting Click Reset to load the factory default settings of IAS 2000 Caution Resetting to factory default settings will clear restore all se...

Страница 106: ...rade process It might be a few minutes before the upgrade process completes and the system needs to be restarted afterwards to make the new firmware effective Warning 1 Firmware upgrade may cause the loss of some of the data Please refer to the release notes for the limitation before upgrading the firmware 2 Please restart the system after upgrading the firmware Do not power on off the system duri...

Страница 107: ...ess should take about three minutes Click YES to restart IAS 2000 click NO to go back to the previous screen If you need to turn off the power we recommend you to restart IAS 2000 first and then turn off the power after completing the restart process Caution The connection of all online users of the system will be disconnected when system is in the process of restarting ...

Страница 108: ...Air Live IAS 2000 User s Manual V1 0 105 5 5 Status This section includes System Status Interface Status Current Users Traffic History Notification Configuration and Online Report to provide system status information and online user status ...

Страница 109: ...Chapter 5 Web Interface Configuration Air Live IAS 2000 User s Manual V1 0 106 5 5 1 System Status This section provides an overview of the system for the administrator ...

Страница 110: ...ement IP The IP or IPs that is allowed for accessing the management interface Management SNMP Enabled disabled stands for the current status of the SNMP management function Retainable Days The maximum number of days for the system to retain the users information History Traffic log Email To The email address that the traffic history information will be sent to NTP Server The network time server th...

Страница 111: ...Chapter 5 Web Interface Configuration Air Live IAS 2000 User s Manual V1 0 108 5 5 2 Interface Status Provides an overview of the interface for the administrator including WAN1 WAN2 LAN1 and LAN2 ...

Страница 112: ... status of the DHCP server on the LAN1 WINS IP Address The WINS server IP on DHCP server N A means that it is not configured Start IP Address The start IP address of the DHCP IP range End IP Address The end IP address of the DHCP IP range LAN1 DHCP Server Lease Time Minutes of the lease time of the IP address Mode The mode of the LAN2 MAC Address The MAC address of the LAN2 IP Address The IP addre...

Страница 113: ...on including Username IP Address MAC Address Packets In Bytes In Packets Out Bytes Out Idle Time and Logout can be obtained Administrator can use this function to force a specific online user to log out Just click the hyperlink of Logout next to the online user s name to logout that particular user Click Refresh to renew the current users list ...

Страница 114: ... function is used to check the history of IAS 2000 The history of each day will be saved separately in the DRAM for at least3 days Caution Since the history is saved in the DRAM if you need to restart the system and also keep the history then please manually copy and save the information before restarting ...

Страница 115: ...matically send out the history information to that email address y Traffic History As shown in the following figure each line is a traffic history record consisting of 9 fields Date Type Name IP MAC Pkts In Bytes In Pkts Out and Bytes Out of user activities y Interface Performance As shown in the following figure the history record consists of 5 fields Interface Speed IN bps Speed OUT bps Packet I...

Страница 116: ...ists of 6 fields DHCP Server Syslog Server SNMP Server HTTP Server Agent SSH Server EMS Server RADIUS Server Proxy Server and Redirector Server for network service status y System Performance As shown in the following figure the history record consists of 5 fields CPU Usage Memory Usage Total Memory KB Memory Used KB and Memory Free KB of IAS 2000 status ...

Страница 117: ...pe Name Room ID IP MAC Packets In Packets Out Bytes In Bytes Out Expiretime Validation and Remark of user activities y Roaming Out Traffic History As shown in the following figure each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities y Roaming In Tr...

Страница 118: ...send the e mail report y SMTP Server The IP address of the SMTP server y Authentication Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method you select you have to enter the Account Name Password and Domain NTLMv1 is not currently available for general use Plain and CRAM MD5 are standardized...

Страница 119: ...us and Network Session Status y System Status As shown in the following figure the online report consists of 5 fields CPU Usage Memory Usage Total Memory Memory Used and Memory Free of IAS 2000 status y Service Status As shown in the following figure the online report consists of 6 fields DHCP Server Syslog Server SNMP Server HTTP Server Agent SSH Server RADIUS Server Proxy Server and Redirector S...

Страница 120: ...re the online report consists of 5 fields Interface Speed IN bps Speed OUT bps Packet IN pps and Packet OUT pps for WAN and LAN status y Network Session Status As shown in the following figure the online report consists of 3 fields IP TCP session count and UDP session count This report tells how many connections each IP address uses now ...

Страница 121: ... Configuration Air Live IAS 2000 User s Manual V1 0 118 5 6 Help On the screen the Help button is on the upper right corner Click Help to the Online Help window and then click the hyperlink of the items to get the information ...

Страница 122: ...network After the user end obtains the network address please open an Internet browser and the default login webpage will appear on the Internet browser Key in the username and password created in the local user account or the on demand user account in the interface and then click Submit button Here we key in the local user account e g test Local for the username and test for the password to conne...

Страница 123: ...e Show the rest of use time that the on demand user can surf Internet y Redeem When the remaining time or data size is insufficient the user has to pay for adding credit at the counter and then the user will get a new username and password After clicking the Redeem button you will see the following screen Please enter the new username and password you got and click Redeem button to merge the two a...

Страница 124: ...s a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of IAS 2000 is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so t...

Страница 125: ...time for system being turn on is displayed Check service status Check and display the status of the system Set device into safe mode If administrator is unable to use Web Management Interface via the browser for the system failed inexplicitly Administrator can choose this utility and set IAS 2000 into safe mode then administrator can management this device with browser again Synchronize clock with...

Страница 126: ...SSH you can still use the null modem to connect the console management interface and set the administrator s password again Caution Although it does not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the IAS 2000 Admin username and password after logging into the system fo...

Страница 127: ... Standards This system supports IEEE 802 1x 802 11b and 802 11g y Networking WAN interface supports Static IP DHCP client and PPPoE client Interface supports static IP Supports NAT mode and router mode Built in DHCP server Built in NTP client Supports Redirect of network data Supports IPSec ESP PPTP and H 323 pass through under NAT Customizable static routing table Supports Virtual Server Supports...

Страница 128: ... setting to pass or block all the connections when the WAN interface failed Supports web based login Supports several friendly logout methods Supports RADIUS accounting protocol to generate the billing record on RADIUS server y Administration Provides online status monitoring and history traffic Supports SSL encrypted web administration interface and user login interface Customizable user login lo...

Результаты поиска

Содержание IAS 2000

Отзывы:

AirLive IAS 2000, Руководство пользователя, Страница: 19 / 128

Результаты поиска

Содержание IAS 2000

Отзывы: