Gemtek Systems P-560 Скачать руководство пользователя страница 100 | Manualshive

Страница: 100 / 100

background image

User’s Guide

Chapter 7 – Reference Manual

IP address and netmask should be combined and used as pool for users on this interface. Note that
count of available IP addresses will become maximum user count on this interface - if there will be no
free IP addresses, access will be rejected because of lack of IP addresses.

System | Access | Isolation

Isolation

mechanism under the

system | access | isolation

menu increases the security of the AC

users.

Figure 144 – Isolation

Bindmac

– with

bindmac

function enabled, the AC binds the user’s MAC and IP addresses together

after a successful logon by the wireless client and thereby preventing Internet access to a new user
who uses the same client IP address, although be it with a different MAC address [enabled/disabled].

Isolation

– enable this function to prevent users on the same LAN to communicate with each other.

Users can communicate only through the AC [enabled/disabled].

System | Access | NAV

To change

visitor

access

on different LANs or VLANs,

authentication

or

NAT

attributes for AC

users, go to the

system | access | NAV

menu:

Figure 145 – NAT, Authentication and Visitor Access

Interface

– interface on which the changes will be done [ixp0, non editable].

IP

Address

– IP address of interface [non editable].

NAT

– network address translation service status [enabled/disabled]. If enabled, users can access the

Internet under its network gateway address.

Authentication

– with disabled authentication, the user from his LAN gets access to the Internet

without any authentication. If enabled, authentication for Internet access is required for all users
[enabled/disabled].

This setting is important when configuring the

UAT

System | Access

for more details.

Visitor

Access

– client with specific WISPr attribute can reach the LAN with enabled visitor access

[enabled/disabled] (

see more details about visitor access below

).

Only

one

selected

interface

can have the

visitor

access

enabled

. Attempting to

enable an additional interface for visitor access will

disable

the previous interface.

Visitor Access

Users can be grouped in two logical groups:

employees

and

visitors

. By default, all users belong to

the

visitors

group without access to servers in the LAN.

Employees

have access to the Intranet

(servers that are running in the LAN), meanwhile

visitors

have access only to the Internet with no

way to connect and use services from servers running in the LAN. By default, clients connected on
the WLAN and LAN cannot communicate among them-selves. This is prevented by default firewall
rules. See the picture below to view the difference between employee and visitor traffic:

Gemtek Systems

Page 100

«
...
98
99
100

Содержание P-560

Страница 1: ...54Mb Hotspot in a Box P 560 User s Guide Revision 1 2 March 3 2004 Copyright 2002 2004 Gemtek Systems Holding BV www gemtek systems com...

Страница 2: ...eiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution To assure c...

Страница 3: ...y to the degree specified in the terms of sale and delivery The reproduction and distribution of the documentation and software supplied with this product and the use of its contents is subject to wri...

Страница 4: ...Back Panel 13 LEDs 13 Connectors 14 Connecting the Access Controller 15 Initialization 16 Software Introduction KickStart 16 Access Your P 560 16 Step by Step Setup 19 CHAPTER 3 UNIVERSAL ADDRESS TRA...

Страница 5: ...S WISP 67 Network Interface RADIUS Proxy 67 Network Interface RADIUS Accounting Backup 69 Network Interface Tunnels 70 Network Interface Tunnels PPPoE PPTP GRE 70 Network Interface Tunnels PPTP Client...

Страница 6: ...on 110 Connection Users 110 Connection E mail Redirection 112 Connection Station Supervision 112 APPENDIX 113 A Access Controller Specification 113 Technical Data 113 B Factory Defaults for the Access...

Страница 7: ...hooting knowledge Conventions Used in this Document The following typographic conventions and symbols are used throughout this document Very important information Failure to observe this may result in...

Страница 8: ...d on standard RADIUS EAP and supports various billing plans from prepaid pay per time per volume per use or flat rate Integration into existing OSS BSS systems can be done with ease Service Differenti...

Страница 9: ...High receiver sensivity up to 90 dBm 1Mbps 8 PER AAA Multiple authentication methods UAM 802 1x EAP RADIUS MAC Smart Client e g iPass WISPr compliant Internal and external accounting backups Internal...

Страница 10: ...10 100Mb auto sensing 802 1q p tagged VLAN support in preparation Management Secure management via https SSH SNMP SNMP proxy SNMPv3 incl authentication and encryption Management subnet for remote AP...

Страница 11: ...e following 54Mb High Performance Hotspot in a Box model P 560 Detachable Antennas SMA type 2 units Power Cord for EU 1 unit Power Adapter 5V 2 5A 1 unit Ethernet Patch Cable STP 1 8 m length 2 units...

Страница 12: ...ng and connection operations The reverse panel of the Access Controller contains Connectors which enable you to make different network connections for the controller Reset button enables you to reboot...

Страница 13: ...spot in a Box model P 560 MAC address of the device The label item 2 in figure above shows the WLAN interface MAC address of the device You can determine the WAN and LAN interfaces MAC addresses by a...

Страница 14: ...LAN 1 2 3 4 Orange On 10 Mbps network connection exists Connectors The Access Controller has several connectors on the rear panel Power Reset Internet LAN 4 3 2 1 1 2 3 4 Figure 4 Connectors Descript...

Страница 15: ...cable to the LAN port of the Access Controller and to a free hub port on your local network Step 3 Connect one Ethernet patch cable to the WAN port of the Access Controller and to an Ethernet port of...

Страница 16: ...feature list for the KickStart utility is listed below Scanning your subnet for all connected APs ACs Quick access to your AC via HTTPS telnet SSH Setting new IP address of your AC Reset to factory d...

Страница 17: ...ator log on you will see the main page of the access controller s Web interface If second method is prefered follow the instuctions Step 1 Install the KickStart utility from the Installation CD Click...

Страница 18: ...dmin Password admin01 Step 4 After successful administrator log on you will see the controller web interface The controller system statistics page is displayed by default If you cannot connect to the...

Страница 19: ...matically if provided by the ISP dynamically via DHCP PPPoE or PPTP Step 3 IP Address Management For automatic IP assignments to client stations set the DHCP settings in the network interface DHCP men...

Страница 20: ...ular authentication method for public users is the UAM Universal Access Method UAM can be enabled using the system access AAA menu With UAM users can log on to the Access Controller using their web br...

Страница 21: ...n t forget to change the administrator password in the user interface administrator menu Step 7 E mail Redirection If you have a SMTP mail server available for your subscribers enter its IP address an...

Страница 22: ...potentially losing any fixed IP address settings they previously entered When using UAT operators have to be aware of some principal limitations IP 192 168 2 100 IP 10 1 1 1 16 IP 192 168 2 66 24 IP...

Страница 23: ...nected to one Access Controller cannot use the same IP address For instance this situation can happen when DHCP and UAT are used in parallel Work around Enable the DHCP service IP 10 11 11 11 Subnet 2...

Страница 24: ...the user Login page subscriber authentication page allows the user to login to the network Logout page small pop up window for logged on user statistics and log out function Help page get help with t...

Страница 25: ...e page The login page is loaded from the Access Controller To get access to the network the user should enter his authentication settings login name and password and click the login button Figure 11 S...

Страница 26: ...cs in bytes Input Output bytes left session input and output bytes left for subscriber limited from RADIUS in B KB MB GB and unlimited Total bytes left session total input and output bytes left for su...

Страница 27: ...ge according to its needs See more details in section Changing User Pages Unauthorized Page If web log on method UAM or EAP based authentication methods are disabled on the AC and the subscriber attem...

Страница 28: ...ory Supported user pages template formats XSL Extensible Style sheet Language for welcome login logout one click pages HTML Hypertext Markup Language for help unauthorized pages The following image fo...

Страница 29: ...ry to upload other than supported formats Such uploaded pages will not be displayed properly Step 5 Save entered changes with the apply changes button Step 6 Check for new uploaded user page e g login...

Страница 30: ...nder the user interface configuration upload menu click the upload button to upload new prepared user pages The memory space in the AC for internal user pages is limited to 1 MB Step 3 Specify the loc...

Страница 31: ...a number of times until all necessary images are uploaded Step 5 Check for the newly uploaded user pages and images to ensure that everything is uploaded and displayed correctly Go to the link https...

Страница 32: ...User s Guide Chapter 4 User Pages If at anytime you wish to restore the factory default user pages click the reset button under the system reset menu Gemtek Systems Page 32...

Страница 33: ...er to render the custom login screen HTML page the AC must be configured to 2 fetch XSL script from a remote server which in this case is a Web Application Server WAS or have custom XSL uploaded on th...

Страница 34: ...t 3 Direct client communication with WAS 4 Client sends his her login and password 8 WAS reports client status authenticated or not 5 WAS tries to authenticate client 6 AC sends request to RADIUS 7 RA...

Страница 35: ...est to the following URLs 1 Remote user logon Script name pplogon user Parameters all parameters are required secret shared secret to protect page from accidental use ip IP address of user to be logge...

Страница 36: ...IP and MAC At least one of IP and MAC addresses should be supplied If supplied only IP user is checked and logged off by username and IP If IP and MAC addresses are supplied then user is checked and l...

Страница 37: ...122 error description User with supplied IP address not found description ppstatus Response statuses and error codes status error description OK 0 User status is ok Not checked 100 Status information...

Страница 38: ...entry entry id 14 32 Mbps entry entry id 15 04 59 55 entry entry id 16 EAP entry ppstatus Status detailed information by ID id description 1 User name 2 User IP address 3 User MAC address 4 Session ti...

Страница 39: ...N Scroll through the history of commands Figure 17 Key Combinations in the CLI Get Connection to CLI There are three different ways to get a connection to the CLI of the Access Controller via the Teln...

Страница 40: ...gin settings in the displayed CLI command prompt The default administrator login settings Login admin Password admin01 Figure 18 CLI Login After a successful login command prompt is displayed the CLI...

Страница 41: ...the subcommands again contain several parameters In general network command usage is as follows network command subcommand1 subcommand2 parameter value To get a list of all available commands in the...

Страница 42: ...counting 1 a 127 0 0 2 p 1814 s testing111 where parameters are as follows a RADIUS server IP address used for RADIUS accounting p RADIUS server port number used for RADIUS accounting s Shared secret...

Страница 43: ...commands again contain several parameters In general wireless command usage is as follows wireless command subcommand1 parameter value To get a list of all available commands in the configure category...

Страница 44: ...ser commands type user Figure 29 User Commands List To get a list of all available subcommands for a specific command type user command e g user walled_garden All available subcommands for walled gard...

Страница 45: ...ds type status Figure 32 System Status Commands List To get the general device status information type status device Figure 33 Device Status Here you can find the current firmware version of your AC T...

Страница 46: ...r and reboot the device type the reboot command in the command line No configuration changes are done The last saved configuration is applied to the rebooted controller Reset To reset the controller t...

Страница 47: ...are manuals on how to do that SNMP Versions Access Controller supports the following versions of SNMP SNMPv1 The Simple Network Management Protocol A Full Internet Standard defined in RFC 1157 RFC 115...

Страница 48: ...variable and responds to the manager with that value Set a MIB variable The SNMP agent begins this function in response to a message from the SNMP manager The SNMP agent changes the value of the MIB...

Страница 49: ...set request format MIB SNMP Agent P 560 SNMP Manager get response traps get request get next reguest get bulk set request Figure 37 SNMP Network Gemtek Private MIB In addition to standard SNMP MIBs Ge...

Страница 50: ...erface configuration network interfaces configuration VLAN define VLAN on your controller Route define new static route on the controller interface Port forwarding port forwarding rules Management sub...

Страница 51: ...local controller memory Save and restore save current device configuration for backup Pronto Pronto compatibility agent configuration Access configure access to your controller Access Control set defa...

Страница 52: ...etwork interface configuration properties click the edit button in the action column The status can be changed now Figure 40 Edit Interface Configuration Settings part 1 Interface standard interface n...

Страница 53: ...is usually the gateway router of the ISP or other WAN network Default gateway is marked with Update update old values with entered ones The DHCP server settings will be automatically adjusted to match...

Страница 54: ...ign ID for your VLAN network 1 to 4094 Client devices that associate using the ID are grouped into this VLAN Other VLAN settings cannot be changed Click on the disabled link to continue specifying set...

Страница 55: ...to the target network is routed to the specified AC interface or to another gateway router To add a new static route for the system click the new button under the action column and specify the follow...

Страница 56: ...rding Rules Click the new button to add a port forwarding rule Figure 53 Add Port Forwarding Rule Status select status enabled disabled Type select type of forwarding traffic TCP UDP Local IP Address...

Страница 57: ...he management subnet IP address will be set on the network interface as an alias so you can connect to the P560 using this address This IP address should be used on access points as the gateway addres...

Страница 58: ...the administrator can use PPTP client for VPN or GRE tunnel see Network Interface Tunnels to setup a tunnel between the administrator s computer and the P560 The only addresses visible on the Interne...

Страница 59: ...Dynamic Host Configuration Protocol service is supported on the LAN interfaces eth0 ixp0 vlan n This service enables clients on the LAN to request configuration information such as an IP address from...

Страница 60: ...parameters Figure 63 Edit DHCP Server Settings IP Address from IP Address to specify the IP address range supported for the DHCP service mandatory fields WINS Address Windows Internet Naming Service s...

Страница 61: ...address of the device WAN interface is used If DHCP relay service is selected the default WAN gateway is used automatically Update to update entered values the following screen appears Figure 65 Apply...

Страница 62: ...Authentication Dial In User Service menu to set up the following RADIUS settings RADIUS Settings general RADIUS settings configuration e g NAS server ID servers timeouts RADIUS Servers up to 32 differ...

Страница 63: ...unt of user inactivity time before automatically disconnecting user from the network sec Location ISO Country code location ID attribute country code according ISO standards string Location E 164 Coun...

Страница 64: ...lue Figure 67 Edit RADIUS Settings Use the update button to update to an entered value Now select another RADIUS setting to edit or apply changes and restart the server if the server configuration is...

Страница 65: ...system Figure 69 RADIUS Servers Settings New add new RADIUS server Details click on details to get more information about RADIUS server settings Edit edit selected RADIUS server settings Delete remov...

Страница 66: ...es packets sent from AC port to the client If we move this point to the client we will get the reversing of Acct Input and Acct Output attributes values The Acct Input then should contain bytes packet...

Страница 67: ...ain username New click to define WISP for RADIUS server Figure 73 Define New WISP Name new WISP domain name string up to 256 symbols no space dot or dash allowed RADIUS Name select RADIUS for new WISP...

Страница 68: ...oxy accounting detection timeout in seconds The AC will wait the specified period for accounting packet after the authentication request was got 0 3600 The authentication RADIUS proxy port should diff...

Страница 69: ...u Figure 75 Accounting Backup Backup via syslog enable this type to send the RADIUS accounting information via syslog protocol to the specified host enable disable and note that the Host IP specificat...

Страница 70: ...ived via the specified PPTP PPPoE or GRE server tunnel By default no services are available on the controller Figure 76 PPPoE PPTP GRE for DSL To specify PPTP tunnel for your controller click the edit...

Страница 71: ...ach access points behind the P560 from his workstation Should be used with Management Subnet feature otherwise the firewall will not be enabled to reach anything behind the P560 Only specific traffic...

Страница 72: ...d take care that no unencrypted private information is going through the GRE tunnel By default the GRE tunnel is disabled on the AC Figure 82 GRE Tunnel See the following example to understand GRE set...

Страница 73: ...IP 211 139 210 168 GRE Device Netmask 255 255 255 0 Settings in Management Subnet page on eth0 interface network interface configuration management subnet menu of AC IP Address 192 168 3 1 Netmask 25...

Страница 74: ...e subnet format IP address N The N stands for the number of bits that are in the network address There are 32 bits so we have 32 N bits left that are part of our network The first N bits of x x x x co...

Страница 75: ...must use the same SSID Wireless Network Mode select wireless network mode for optimal performance from the drop down list Each wireless network mode includes basic and supported rates Wireless Networ...

Страница 76: ...e Short Slot capability bit in the Beacons Probes and Association Responses Clients should therefore not use it Regulatory Domain select the domain according to your country The full frequency range o...

Страница 77: ...is disabled RTS Threshold when set this setting specifies the maximum packet size beyond which the Wireless LAN Card invokes its RTS CTS mechanism Packets that exceed the specified RTS threshold trigg...

Страница 78: ...curity menu and select the WPA with RADIUS server security method Figure 89 WPA with RADIUS Server Security Settings To configure the WEP encryption select the WEP key algorithm and enter the pre shar...

Страница 79: ...to define special access rules for specific network devices The access control list is based on the network device s MAC address In the MAC addresses and policies table you need only specify the netw...

Страница 80: ...the wired connection between them WDS Link Wired LAN P 560 Wired LAN P 560 Figure 93 WDS Link The WDS mode is configured by entering the WDS link peer access points AP e g P 560 MAC address in each o...

Страница 81: ...ireless interface eth0 MAC address of the peer AP for the WDS link 6 HEX pairs separated by colon 1 9 A F a f You can discover the wireless interface eth0 MAC address of your P 560 in the system statu...

Страница 82: ...is displayed by default Figure 96 Available User Pages for Configuration Login Logout Help Unauthorized pages settings detailed description is given in the Chapter 4 Only Welcome page settings refere...

Страница 83: ...lick the button to clear cached user pages Controller cache is also cleared after device reboot reset User Interface Configuration Upload Look for the user pages template samples in the Installation C...

Страница 84: ...ure 101 Set HTTP Headers The system administrator can set his own header encoding and language settings Use the HTML 4 01 specification to define the header encoding and language User Interface Config...

Страница 85: ...ver text string can not be empty Password enter password by which user should be authenticated text string can not be empty Portal URL enter T mobile portal URL to redirect user when One Click roaming...

Страница 86: ...access controller Then client selects T mobile AC internally authenticates client with a provided username and password AC opens a new browser window and which in turns open popup window Latter popup...

Страница 87: ...age is the default web page where users will be redirected after log on This value will be overwritten by the WISP RADIUS attribute no 4 Redirection URL if provided in the authentication response mess...

Страница 88: ...e 113 Walled Garden link in the Welcome Page New Host If you need to define hosts web servers for walled garden specify hosts by clicking the new host button and click the update button Figure 114 Wal...

Страница 89: ...e access to the Internet The system administrator should list only ports the AC is listening on for proxy requests Figure 115 Web Proxy Web proxy is enabled by default and the port numbers are 3128 an...

Страница 90: ...esses and get the system log messages remotely using the system configuration syslog menu by default the syslog utility is disabled Figure 118 Syslog Settings To enable the syslog remote sending funct...

Страница 91: ...story size to display 102400 512000 bytes Level select the messages level you need to trace The level determines the importance of the message The levels are in order of increasing importance Debug de...

Страница 92: ...The NTP Network Time Protocol is used to synchronize the clock of the AC to a selected time reference You can synchronize the system clock settings using the system configuration NTP menu Figure 124...

Страница 93: ...upload your own SSL certificates and private key files Figure 128 Upload New Certificate Certificate File the PEM encoded certificate file for the server Corresponding RSA or DSA private keys SHOULD...

Страница 94: ...mplates System configuration settings including syslog NTP configuration access settings Connection settings including e mail redirection and station supervision Click the download button to start sav...

Страница 95: ...me Walled garden entries Default RADIUS authentication accounting and accounting backup servers IP Default RADIUS authentication accounting and accounting backup shared secrets SNMP Read Only and Read...

Страница 96: ...ement to your AC and to specific services Access control to your device includes access to these services Telnet SSH SNMP Thus the administrator can control the access of a single or every user to the...

Страница 97: ...0 when N 8 bits netmask 32 255 255 255 255 31 255 255 255 252 30 255 255 255 248 26 255 255 255 192 25 255 255 255 128 24 255 255 255 0 16 255 255 0 0 8 255 0 0 0 0 0 0 0 0 Access select the access p...

Страница 98: ...icator with TLS authentication method EAPTTLS 802 1x authenticator with TTLS authentication method MAC user is authenticated from RADIUS server by its MAC address and password Use the user interface c...

Страница 99: ...tem Access NAV The Universal Address Translation UAT function can be enabled using the system access UAT menu UAT can be configured separately for each interface All available interfaces are listed Fi...

Страница 100: ...interface non editable NAT network address translation service status enabled disabled If enabled users can access the Internet under its network gateway address Authentication with disabled authentic...

Отзывы:

Нет отзывов

Похожие инструкции для P-560

Бренд: ICP DAS USA Страницы: 8

Бренд: H3C Страницы: 43

Бренд: Rawafed Libya Страницы: 22

Бренд: Deliberant Страницы: 69

WI DRIVE WID11GEN

Бренд: Dension Страницы: 26

802.11g Wireless Access Point WAP253

Бренд: Abocom Страницы: 1

Бренд: ZyXEL Communications Страницы: 2

Бренд: Loopcomm Страницы: 66

Бренд: Loopcomm Страницы: 83

easyHOTSPOT WRT54GL

Бренд: Linksys Страницы: 17

AIR-CAP3501E-A-K9

Бренд: Cisco Страницы: 34

AIR-AP1210 - Aironet 1200 - Wireless Access Point External

Бренд: Cisco Страницы: 35

Aironet 1520 Series

Бренд: Cisco Страницы: 66

Бренд: Cisco Страницы: 44

AIR-CAP1552H-x-K9

Бренд: Cisco Страницы: 24

AIR-AP1542D-*-K9

Бренд: Cisco Страницы: 72

AIR-AP1010 - 1000 Series Lightweight Access Point

Бренд: Cisco Страницы: 36

AIR-BR1310G-A-K9 - Aironet 1310 Outdoor Access Point/Bridge

Бренд: Cisco Страницы: 14

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды