LevelOne WHG-505 Скачать руководство пользователя

Страница: 291 / 314

285

Appendix G. Policy Priority

Global Policy, Service Zone Policy, Authentication Policy and User
Policy

WHG-505 supports multiple Policies, including one Global Policy and 40 individual Policy can be assigned to

different Group. Global Policy is the system’s universal policy and applied to all clients, while other individual Policy

can be selected and defined to be applied to any Service Zone. On the other hand, Service Zone also has a Default

Policy. For some authentication, such as Local, RADIUS and LDP, user can assign to different Group individually.

The clients belonging to a Service Zone will be bound by an applied Policy. In addition, a Policy can be applied at a

Group basis; a Group of users can be bound by a Policy. So one user may be applied different policy at the same

time. Which policy is actually applied to this user?

The Policy Priority must be:

User Policy >> Authentication Policy >> Service Zone Policy >> Global Policy

Now, let us discus different user policy type:

16.9..1

For Local, RADIUS and LDAP, if these users are assigned to different Group individually, these users can

be assigned to their Group. For example, a Local user, user01, is assigned to Group1 and the Local

Authentication is assigned to Group2. If Group1 in Service Zone1 can be applied Policy1. Then user01 login to

Service Zone1 will get Policy1. This is a common case for users that can assign Group individually.

16.9..2

For Local, RADIUS and LDAP, if these users do not assigned any Group individually, so they are same as

other authentication server users that they can not assign to Group individually. For example, a POP3 user,

pop01, the POP3 Authentication is assigned to Group1. If Group1 in Service Zone1 can be applied Policy1.

Then pop01 login to Service Zone1 will get Policy1. This is another common case for users that can assign

Group by authentication server.

16.9..3

If Authentication server also do not assign to a Group, then the user will applied the Service Zone Default

Policy. For example, a Local user, user01, is assigned to Group None and the Local Authentication is also

assigned to Group None. If the Default Policy of Service Zone1 is applied Policy1. Then user01 login to

Service Zone1 will get Policy1.

16.9..4

If the Default Service Zone Policy is None. Authentication server does not assign to a Group and user

Group is None too. For example, a Local user, user01, is assigned to Group None and the Local Authentication

is also assigned to Group None. If the Default Policy of Service Zone1 is None. Then user01 login to Service

Zone1 will apply the Global Policy.

So, the Global Policy has the lowest policy priority; on the other hand, the User Policy will be the highest one.

Содержание WHG-505

Страница 1: ...LevelOne WHG 505 Secure WLAN Controller User Manual V1 00...

Страница 2: ...1 4 2 2 DHCP Dynamic IP 22 4 2 3 PPPoE 23 4 2 4 PPTP 24 4 3 Configuring WAN2 Ports optional 25 4 4 Other WAN Traffic Settings 28 4 4 1 WAN Failover 28 4 4 2 Load Balance 28 4 4 3 Internet Connection D...

Страница 3: ...pgrade 121 8 Policies and Access Control 122 8 1 Black List 122 8 2 MAC Address Control 124 8 3 Policy 125 8 3 1 Firewall 127 8 3 2 Routing 130 8 3 3 Schedule 132 8 3 4 Sessions Limit 133 8 4 QoS Traf...

Страница 4: ...Settings 197 12 2 5 System Report 201 13 Virtual Private Network VPN 202 13 1 Local VPN 202 13 2 Remote VPN 207 13 3 Site to Site VPN 208 14 Customization of Portal Pages 210 14 1 Customizable Pages...

Страница 5: ...simple deployment in wireless networking infrastructure solution 4ipnet is a leading provider of wireless networking solution for manageable reliable and secure wireless access In an effort to meet c...

Страница 6: ...hich is for starting up WHG 505 quickly It is recommended to start with the QIG and then refer to this manual for further details Some special topics are addressed separately in the Appendixes 1 3 Doc...

Страница 7: ...1 Quick Installation Guide QIG x 1 Console Cable x 1 Ethernet Cable x 1 Straight through Ethernet Cable x 1 Power Cord x 1 Rack Mounting Bracket with Screws x 1 It is highly recommended to use all the...

Страница 8: ...for enterprise or campus environment it is also deployed as a hotspot subscriber gateway often It is a pre integrated multi function network appliance providing the following key features Standard bas...

Страница 9: ...nd secure the internet network access for both wired and wireless clients With its billing plan and payment features WISPs and hospitalities such as hotels conventions will find WHG 505 is an instant...

Страница 10: ...loyments Gateway is a network node where a small network attaches to a bigger network WHG 505 is a kind of gateway in a network environment hence it has those features a typical gateway has such as NA...

Страница 11: ...al Service Zones for an academic campus The first Service Zone with SSID Student and VLAN tag 1 is for students The second with SSID Faculty and VLAN tag 2 for faculties The third SSID Guest and VLAN...

Страница 12: ...ones of WHG 505 one for staff one for students and one for the guests He also uses one zone for some shared servers in the diagram The access points at a physically location like the administration bu...

Страница 13: ...00 1000 Base T RJ 45 5 Reset Press and hold the Reset button for about 5 seconds and status of LED on front panel will start to blink before restarting the system Press and hold the Reset button for m...

Страница 14: ...ply Socket Connecting the power cord to the built in open frame power supply Input 100 240 VAC 50 60 Hz 2 Power Switch Power On Power Off O 3 Device Cooling Fan Don t block the cooling fans Leave enou...

Страница 15: ...art up the WHG 505 in a near default state with minimum configuration changes such as WAN settings and admin password then refer to this manual later when you want to configure the system for specific...

Страница 16: ...Mgmt Port on the front panel Connect the other end of the Ethernet cable to an administrator PC for configuring the WHG 505 system Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel...

Страница 17: ...address of Default Service Zone Next enter the gateway IP address of WHG 505 at the address field The default gateway IP address from Mgmt Port is https 172 30 0 1 https is used for a secured connecti...

Страница 18: ...ficate Error because the browser treats WHG 505 as an illegal website Please press Continue to this website to continue The default user login page will then appear in the browser 3 5 Home Page Home p...

Страница 19: ...13...

Страница 20: ...er Account Optional Confirm and Restart The Setup Wizard is aimed to provide express setup procedures for WHG305 Follow the instructions given at each step to change the system admin password select t...

Страница 21: ...o 4 7 1 System in Status section It provides a summary of system information to the administrator in a single page Please refer to the section on System for details Link 2 Online User List Online User...

Страница 22: ...in Users sections It lets the administrator configure a list of authentication options which can be enabled or disabled within each service zone s management Please refer to the section on Authentica...

Страница 23: ...system related information that the administrator might need to be aware of at a glance which includes General System settings Network Interface and Online Users etc A drop down menu is available for...

Страница 24: ...on the Web Management Interface allowing you to set various networking parameters enable and customize network services manage user accounts and monitor user status Administration functions are separa...

Страница 25: ...Online Help The Help button is at the upper right corner of the WHG305 display screen Click Help for the Online Help window and then click the hyperlink of the relevant information required Online Hel...

Страница 26: ...goal WHG 505 has two gigabit LAN ports There could be other network bridge devices such as Layer 2 switches or VLAN switches between WHG 505 s LAN ports and the client devices 4 3 Setting up WAN1 Port...

Страница 27: ...505 s WAN address Static Manually specifying the IP address of the WAN Port The fields with red asterisks are required to be filled in IP Address The IP address of the WAN1 port Subnet Mask The subnet...

Страница 28: ...mic IP addresses then you as the administrator of WHG 505 can configure WHG 505 to receive an IP address dynamically as WHG 505 s WAN1 address Dynamic It is only applicable for the network environment...

Страница 29: ...allows an Ethernet frame s size to be up to 1492 bytes but some ISP s network equipments may support a smaller frame size of than 1492 bytes In that case you have to enter a smaller number MTU number...

Страница 30: ...ddress PPTP When selecting PPTP to connect to the network please specify the given PPTP Server IP Address and enter the User Name Password Static or DHCP Select Static to specify the IP address of the...

Страница 31: ...change the Routing Profile of a Policy to use WAN2 as default gateway that way for the groups bounded by the Policy will use WAN2 as their Internet feed If dynamic WAN Load Balancing feature is not t...

Страница 32: ...U Short for Maximum Transmission Unit of a PPPoE frame The PPPoE protocol allows an Ethernet frame s size to be up to 1492 bytes but some ISP s network equipments may support a smaller frame size of t...

Страница 33: ...27...

Страница 34: ...amic Load Balancing feature When the feature is turned on the system can distribute the load of the up going traffics to the two WAN pipes according to the weight percentage assigned by the administra...

Страница 35: ...to designed algorithms based on the weight ratio WAN1 Weight The percentage of traffic through WAN1 Range 1 99 by default it is 50 Base The weight ratio between WAN1 and WAN2 can be based on Sessions...

Страница 36: ...rator can specify the three target sites Go to System WAN Traffic Administrator can further specification a warning text which will be displayed to the client Login Success Page Warning of Internet Di...

Страница 37: ...nfigure WAN Bandwidth Limit Go to System WAN Traffic These parameters in the raw of Available Bandwidth on WAN Interface are used for matching to the real bandwidth come from your ISP Uplink It specif...

Страница 38: ...Service Zone administrators can separate wired network and wireless network into different logical zones Users attempting to access the resources within the Service Zone will be controlled based on th...

Страница 39: ...tion method for wireless networks within the Service Zone Applied Policy The policy that is applied to the Service Zone Default Authen Option Default authentication method server that is used within t...

Страница 40: ...two subnets Using Port Based model is an easy and better way In Port Based mode each LAN port can only serve traffic from one Service Zone An example of network application diagram is shown as below o...

Страница 41: ...n Tag Based mode each LAN port will only serve traffic from Default Service Zone So you need a VLAN switch or VLAN AP to take care the VLAN tags carried within the message frames An example of network...

Страница 42: ...e zone runs in Router mode o IP Address The IP Address of this service zone o Subnet Mask The subnet Mask of this service zone o IPv6 Settings The IPv6 Address and configuration of this service zone W...

Страница 43: ...settings page Item Description DHCP Server 1 Start IP Address End IP Address A range of IP addresses that built in DHCP server will assign to clients Note please change the Management IP Address List...

Страница 44: ...can be configured to assign IP address to clients associated to the alias IP of this Service Zone The configurable fields are the same as DHCP Server 1 Reserved IP Address List Each service zone can...

Страница 45: ...Based mode each LAN port can serve traffic from any Service Zone as each Service Zone is identified by VLAN tags carried within message frames By default the system is in Port Based mode with Default...

Страница 46: ...to one mapping between ports and Service Zones o Specify a desired Service Zone for each LAN Port For each LAN port select a Service Zone to which the LAN port is to be mapped from the drop down list...

Страница 47: ...f by physical LAN ports Select Tag Based and then click Apply to activate the Tag Based VLAN function When a restart message screen appears do NOT restart the system until you have completed the confi...

Страница 48: ...d External Interface Select the external interface of the device that will be configured with an IPv6 address Type Choose the desired way of your IPv6 connection Static Manually enter all the related...

Страница 49: ...mask Default Router The default router that routes packets from IPv6 to IPv4 network Preferred DNS Server The primary DNS server used for this connection Alternate DNS Server The substitute DNS serve...

Страница 50: ...the hyperlink of the respective Server Name to configure the authentication server Auth Database There are different authentication databases in WHG 505 LOCAL POP3 RADIUS LDAP and NTDOMAIN ONDEMAND a...

Страница 51: ...ns are concurrently in use One of authentication option can be assigned as default For authentication assigned as default the postfix can be omitted For example if BostonLdap is the postfix of the def...

Страница 52: ...w add or delete local user account The Upload User button is for importing a list of user account from a text file The Download User button is for exporting all local user accounts into a text file Cl...

Страница 53: ...user s MAC address of a networking device can be bound with a local user as well It means this user must login to system with a networking device PC that has this MAC address so this user can not log...

Страница 54: ...of the desired user account to enter the User Profile Interface for that particular user and then modify or add any desired information such as Username Password MAC Address optional Applied Group opt...

Страница 55: ...e fields with red asterisk are necessary information These settings will become effective immediately after clicking the Apply button Username Format When Complete option is checked both the username...

Страница 56: ...tion The RADIUS server sets the external authentication for user accounts Enter the information for the primary server and or the secondary server the secondary server is not required The fields with...

Страница 57: ...51...

Страница 58: ...using to authenticate the user System will send this value to the external RADIUS server if the external RADIUS server needs this Accounting Delay Time This attribute indicates how many seconds the cl...

Страница 59: ...e set for this authentication server Primary Secondary RADIUS Server Authentication Server Enter the domain name or IP address of your RADIUS Server Authentication Port Enter the Port number used for...

Страница 60: ...icking the Apply button Server The IP address of the external LDAP server Port The authentication port of the external LDAP server Base DN The Base DN Distinguished Name is the LDAP search base tellin...

Страница 61: ...erver The IP address of the external NT Domain Server Transparent Login This function refers to Windows NT Domain single sign on When Transparent Login is enabled clients will log into the system auto...

Страница 62: ...thentication when multiple databases are concurrently in use Enter the postfix used for on demand users Currency Select the desired monetary unit or specified the unit by users Group Name Select the d...

Страница 63: ...ion is a list of serial to Ethernet devices that communicate with the system only never get online and no need to go through authentication 2 Ticket Customization On demand account ticket can be custo...

Страница 64: ...ticket or choose the default image or none Click Browse to select the image file and then click upload The background image file size limit is 100 Kbytes No limit for the dimensions of the image is s...

Страница 65: ...as account valid with remaining quota usable time Need to activate the purchased account within a given time period by logging in for the first time Ideal for short term usage For example in coffee sh...

Страница 66: ...60...

Страница 67: ...ota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after r...

Страница 68: ...ample Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to us...

Страница 69: ...Mbytes 1 1000000 during which On demand users are allowed to access the network Account Activation is the time period for which the user must execute a first login Failure to do so in the time period...

Страница 70: ...g internet service immediately after account creation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time Elapsed...

Страница 71: ...te ticket set to be Cut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for us...

Страница 72: ...h as Computex where each registered participant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be act...

Страница 73: ...n is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on line The three options are A...

Страница 74: ...d Apply the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer Plan The number of a specific plan Type Show one type of the pl...

Страница 75: ...69 6 On demand Account Batch Creation After at least one plan is enabled the administrator can generate more than one on demand user accounts...

Страница 76: ...be created After create success you can download the created accounts as a text file or click Send to POS and select a POS printer to print the receipts which will contain these on demand users inform...

Страница 77: ...ue to use to access the network Status The status of the account o Normal the account is not currently in use and also does not exceed the quota limit o Online the account is currently in use o Expire...

Страница 78: ...same type account Time account must redeem with Time account Volume account must redeem with Volume account only When the remaining quota is insufficient the user can add up the quota by purchasing a...

Страница 79: ...oups for divide users A Group which can be allowed to access a Service Zone or not and it also can be applied with a Policy within a Service Zone The same Group within different Service Zones can be a...

Страница 80: ...e users to a Group go to Users Authentication This section shows how to group users how to rule each grouped user with different policy as he moves to different service zone The following examples wil...

Страница 81: ...6 and 8 They are ruled by Policy 3 at Service Zone 1 and by Policy 8 at Service Zone 4 In each authentication option you can assign a Group with each authentication option All users login with same au...

Страница 82: ...76 In RADIUS Authentication the users can assign to different Group by Class Group Mapping In LDAP Authentication the users can assign to different Group by Attribute Group Mapping...

Страница 83: ...e the above figure shows that users in Group 1 can access network services via every Service Zone as well as Remote VPN under constraints of Policy 1 Policy Select a Policy that the Group will be appl...

Страница 84: ...78 At Service Zone 1 Group 1 user is ruled by Policy 3 Group 2 is by Policy 9 and Group 3 is by Policy 11 Other Groups are not enabled to access Service Zone 1...

Страница 85: ...For example the above figure shows clients in Group 1 16 can access Service Zone 1 where they are governed by Policy 1 16 respectively o Policy Select a Policy that the Group will be applied with whe...

Страница 86: ...a Certificate Error because the browser treats WHG 505 as an illegal website b Please press Continue to this website to continue c The default user login page will appear in the browser 2 Enter the us...

Страница 87: ...5 2 2 Default Authentication In each Service Zone there are different types of authentication database LOCAL POP3 RADIUS LDAP NTDOMAIN ONDEMAND and SIP that are supported by the entire system There a...

Страница 88: ...fix of the default option Bob can login as bob without having to type in bob BostonLdap 5 2 2 Login with postfix Set a postfix that is easy to distinguish e g Local user login with which authenticatio...

Страница 89: ...rvice Zone To configure Authentication in Service Zone go to System Service Zones Authentication Required For the Zone When it is disabled users will not need to authenticate before they get access to...

Страница 90: ...are on the client s device to work properly Smart Client Black List Fill in the WISPr agent names and enable to block users from that particular WISPr roaming agent to access your internet For example...

Страница 91: ...85 6 Local Area AP Management...

Страница 92: ...eeds more than one AP to service a lot of clients places like franchised hotspots multiple offices school campuses etc where in many of these environments it is required to cover both indoor and outdo...

Страница 93: ...on of an already configured AP to the template Select the desired AP from Copy Setting s From list and click apply to copy the selected AP s configuration to the template If copy is not desired please...

Страница 94: ...are editing there are different modes to select 802 11a 802 11b 802 11g 802 11a 802 11n 802 11b 802 11g and 802 11g 802 11n Data Rate The default is set to Auto Available range is from 1 to 54Mbps The...

Страница 95: ...essed with higher priority Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet Set the maximum packet si...

Страница 96: ...ou wish to discover Interface Select which interface to scan For example if Default is selected all of the APs connected under default service zone matching the selected AP type will be scanned and li...

Страница 97: ...ofile which will be applied to the added AP Channel The selected channel will be applied to the added AP Service Zone The item is only available for selecting service zone when Tag Based mode is selec...

Страница 98: ...overy When Background AP Discovery function is enabled the system will scan once every 10 minutes or according to the time set by the administrator If any AP is discovered and Auto Adding AP to The Li...

Страница 99: ...specific AP Admin Password Password required for this AP IP Address IP address of the specified AP MAC Address MAC address of the specific AP Remark Some extra information to be filled in for this AP...

Страница 100: ...e zone Under tag based service zone only default service zone will designate an IP segment for IP address assignment to the managed AP when the newly discovered AP is added into the selected service z...

Страница 101: ...llowed to connect to the AP on the other hand when the status is Denied the clients whose MAC addresses are listed in the list will be denied to connect to the AP When Disabled is selected any clients...

Страница 102: ...tion WEP When Authentication is Open System or Share Key WEP will be enabled WPA When Authentication is WPA WPA PSK or WPA RADIUS will be the options of WPA For WPA PSK it also can select Passphrase o...

Страница 103: ...own in the list The AP can be edited by clicking the hyperlink of AP Name and the AP status can be reviewed by clicking the hyperlink of Status AP Name Click AP Name and enter the interface about rela...

Страница 104: ...nk to enter the LAN Setting interface Administrator can revise the AP s LAN IP settings including IP address Subnet Mask and Default Gateway of AP Wireless LAN Click the link to enter the Wireless int...

Страница 105: ...me AP Type LAN Interface MAC address Wireless Interface MAC address Report Time SSID and Number of Associated Clients AP Status Details include System Status LAN Status Wireless LAN Status Associated...

Страница 106: ...Points Enter Local Area AP Management List 5 2 2 Reboot Enable Disable and Delete the AP Select any AP by checking the checkbox and then click the button below to Reboot Enable Disable Delete Apply Te...

Страница 107: ...101 5 2 2 Apply Template Select any AP by check the checkbox and then click Apply Template select one template to apply to the AP...

Страница 108: ...will have two VAPs with two SSIDs according to two Service Zones for clients to associate If a user connected to one SSID for example SSID3 of this AP and wishing to access the Internet then this use...

Страница 109: ...sion of the AP s firmware New firmware can be uploaded here to update the current firmware To upload click Browse to select the file and then click Upload Configure Firmware upgrade go to Access Point...

Страница 110: ...Area AP Management provides intuitive graphical tools for mapping APs at various physical locations and keeping track of these devices Under Wide Area AP management you can choose to simply monitor A...

Страница 111: ...pecified IP address can be external or internal network IP addresses This is useful when scanning for multiple devices connected to the managed network APs with an IP address that is not within the sp...

Страница 112: ...nt list Simply configure the devices IP address name and login credentials set a SNMP community string and click the Add button Device Type Currently Wide Area AP management only supports OWL800 APs D...

Страница 113: ...d via SNMP If you wish to create a tunnel between this AP and the controller click the Edit button to proceed with necessary configurations In the AP s tunnel configuration page check Enable set a num...

Страница 114: ...nistrator can click Edit and re enter the Tunnel Status page to assign a Service Zone to this tunnel managed AP VAP status will display all the enabled VAP on the remote EAP200 with their respective E...

Страница 115: ...109...

Страница 116: ...uts of all of the AP s under Wide Area AP Management This feature is helpful when it comes to network planning and management Once the administrator has added APs to the managed list then these APs ca...

Страница 117: ...d get a key from Google Go to http code google com intl en apis maps documentation javascript v2 or search for Google Map API to enter the Google code page Click on Sign up for a Google Maps API key C...

Страница 118: ...geographical location as defined by Longitude and Latitude remember to also fill in the Key issued by Google Finally choose the Zoom Level and Map Type and click the Save button The above screenshot i...

Страница 119: ...show up in the dialogue box on the map for referencing additional information related to this AP for instance the IP address of a IP surveillance camera connected to this AP or the URL of the Venue W...

Страница 120: ...e physical coordinates configured as shown below You can click on the AP icon to see the dialogue box for additional information or links that you have configured Click the more info link for informat...

Страница 121: ...115 AP status Client List and WDS List information listed are collected from the remote AP via SNMP...

Страница 122: ...e Modification This function is for saving the changes made to the map and overwriting the maps profile attributes For instance if you have altered or panned the original map clicking this button will...

Страница 123: ...ation coverage related links and customize marker or icon images that will be displayed on the map Edit Tunnel Status Only applicable to EAP200 APs Click this button to setup a secure tunnel between t...

Страница 124: ...n administrator PC or in the Controller s memory Upgrade Clicking this button will open a popup window where administrator can upgrade the chosen AP s firmware using a firmware file store locally in a...

Страница 125: ...rea AP Management go to Access Points Enter Wide Area AP Management WDS List The WDS link if established between APs listed in List will be listed here with related information such as the Band and Ch...

Страница 126: ...Area AP Management Backup Config Backed up Config files can be used to restore an AP s settings in List When administrator backups an AP s configuration settings all the backup files are listed at th...

Страница 127: ...ement Firmware The Controller can store OWL800 s firmware in its built in memory Under the Firmware tab page administrator can upload new OWL800 firmware to the Controller s memory allowing for easy r...

Страница 128: ...to select from for the desired black list Name Set the black list name and it will show on the pull down menu above Add User s Click the hyperlink to add users to the selected black list After enterin...

Страница 129: ...123...

Страница 130: ...r MAC addresses in this list can login to WHG 505 There are 200 users maximum allowed in this MAC address list User authentication is still required for these users Click Edit to enter the MAC Address...

Страница 131: ...ator to assign a Group for LDAP attribute therefore a Policy applied to this Group will be mapped to a user Group of a LDAP attribute When the type of database is Local the Group selection function wi...

Страница 132: ...ofile Specific Route Profile Schedule Profile and Maximum Concurrent Sessions Firewall Profile Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules Specif...

Страница 133: ...vailable for firewall rules editing The administrator is able to add new custom service protocols by clicking Add and delete the added protocols with Select All and Delete operations The Predefined Se...

Страница 134: ...click Apply to save the settings The rule status will show on the list Check Active checkbox and click Apply to enable that rule This link leads to the Firewall Rules page Rule No 1 has the highest pr...

Страница 135: ...tering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Se...

Страница 136: ...lculate and display the appropriate value based on the combination of Network IP Address and Subnet Mask that are just entered and applied o Destination Subnet Netmask The subnet mask of the destinati...

Страница 137: ...to activate this function or uncheck to inactivate it o Default Gateway It may be WAN1 Default Gateway WAN2 Default Gateway or to specific an IP Address if you select IP Address you may need to fill...

Страница 138: ...configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots checkbox and click Apply to save t...

Страница 139: ...rs and clients in DMZ zones Also this can be specified in the other policies to apply to the authenticated users When the number of a user s sessions reaches the session limit a choice of Unlimited 10...

Страница 140: ...o this Group The Individual Maximum Downlink cannot exceed the value of Group Total Downlink o Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual c...

Страница 141: ...ocket Layer SSL or Transport Layer Security TLS as a sublayer under regular HTTP application layering HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web s...

Страница 142: ...Configure Certificate go to Users Additional Configuration Certificate Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 info...

Страница 143: ...137 Click Continue to this website to access the user login page To Use Default Certificate Click Use Default Certificate to use the default certificate and key Click restart to validate the changes...

Страница 144: ...or Contact Information go to System General Administrator Contact Information will appear in the user Login Fail window When the user login fail with duplicate IP address or MAC address system will sh...

Страница 145: ...websites listed here before login and authentication Up to 40 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to e...

Страница 146: ...ent websites listed before login and authentication Advertisement hyperlinks are displayed on the user s login page Clients who click on it will be redirected to the listed advertisement websites Edit...

Страница 147: ...141...

Страница 148: ...ce Zones When enabled the system will automatically send an email to users if they attempt to send receive their emails using POP3 email program for example Microsoft Outlook before they are authentic...

Страница 149: ...le this function enter the URL of a Web server as the homepage Once logged in successfully users will be directed to this homepage such as http www google com regardless of the original homepage set i...

Страница 150: ...Idle Timer go to Users Additional Configuration If a user has idled with no network activities the system will automatically kick out the user The logout timer can be set between 1 1440 minutes and th...

Страница 151: ...demand users and RADIUS authentication 5 2 2 Local Users Change Password Privilege Configure Local Users Change Password Privilege go to Users Group Privilege Profile Change Password o Change Password...

Страница 152: ...ver is placed outside the LAN environment or in the Internet For example the following diagram shows that a proxy server of an ISP will be used Follow the following steps to complete the proxy configu...

Страница 153: ...147 Step 3 Make sure that the proxy server settings match with at least one of the proxy server setting of the system for example in this case 203 125 142 1 3128 matches with blank 3128...

Страница 154: ...rver setting of the system Otherwise users will not be able to get the Login page for authentication via browsers and it will show an error page in the browser 2 What the Built in Proxy Server is enab...

Страница 155: ...s using the same proxy setting in their browsers will be able to access the network without any authentication Therefore to stop the risk it is strongly recommended to put all proxy servers outside th...

Страница 156: ...that the proxy server setting of the clients match with the proxy server setting of the system Otherwise users will not be able to get the Login page for authentication via browsers and it will show a...

Страница 157: ...ly if WAN1 Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN1 interface Each Static Assignment cou...

Страница 158: ...ss these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port...

Страница 159: ...3 10 4 Privilege List Configure Privilege List go to Network Privilege Setup the Privilege IP Address List and Privilege MAC Address List The clients in the list can access the network without any log...

Страница 160: ...kstations in the Granted Access by IP Address The Remark field is not necessary but is useful to keep track WHG 505 allows 200 privilege IP addresses at most These settings will become effective immed...

Страница 161: ...Address WHG 505 allows 200 privilege MAC addresses at most When manually creating the list enter the MAC address the format is xx xx xx xx xx xx as well as the remark not necessary These settings wil...

Страница 162: ...WHG 505 supports IP PNP function User can login and access network with any IP address setting At the user end a static IP address can be used to connect to the system Regardless of what the IP addre...

Страница 163: ...WHG 505 s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply DDNS E...

Страница 164: ...tion purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Addre...

Страница 165: ...neral 5 2 2 NTP NTP Network Time Protocol communication protocol can be used to synchronize the system time with remote time server Please specify the local time zone and the IP address of at least on...

Страница 166: ...160 5 2 2 Manual Settings The time can also be manually configured by selecting Manually set up and then select the date and time in these fields...

Страница 167: ...is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10...

Страница 168: ...nistrator s computer or a billing system to get billing history information of WHG 505 with the predefined URLs The file name format is yyyy mm dd An example is provided as follows Traffic History htt...

Страница 169: ...163 11 5 SNMP Configure SNMP go to System General If this function is enabled the SNMP Management IP and the Community can be assigned to access the SNMP Configuration List of the system...

Страница 170: ...can access all configuration pages of WHG 505 User Name admin Password admin After a successful login to WHG 505 a web management interface will appear Manager The manager can only access the configur...

Страница 171: ...f Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator Note To logout simply click the Logout icon on the...

Страница 172: ...166...

Страница 173: ...iles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accou...

Страница 174: ...be restored to the factory default settings here Backup System Settings Click Backup to create a db database backup file and save it on disk Restore System Settings Click Browse to search for a db dat...

Страница 175: ...ware upgrade It might take a few minutes before the upgrade process completes and the system needs to be restarted afterwards to activate the new firmware 1 Firmware upgrade may cause the loss of some...

Страница 176: ...imately three minutes Click YES to restart WHG 505 click NO to go back to the previous screen If the power needs to be turned off it is highly recommended to restart WHG 505 first and then turn off th...

Страница 177: ...171 11 11 Network Utility To configure Network Utility go to Utilities Network Utilities The system provides some network utilities to help administrators manage the network easily...

Страница 178: ...ng It allows administrator to detect a device using IPv6 address or Host domain name to see if it is alive or not Trace Route 6 It allows administrator to find out the real path of packets from the ga...

Страница 179: ...e list On each monitored item with a WEB server running administrators may add a link for the easy access by entering the IP select the Protocol to http or https and then click Create After clicking C...

Страница 180: ...oxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of WHG 505 is connected properly the console m...

Страница 181: ...licitly The administrator can choose this utility and set it into safe mode which enables him to manage this device with browser again Synchronize clock with NTP server Immediately synchronize the clo...

Страница 182: ...s not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the WHG 505 Admin us...

Страница 183: ...12 2 View the status This section includes System Status Interface Status Hardware Routing Table Online Users Session List User Logs Logs DHCP Lease and Report Notification to provide system status in...

Страница 184: ...178 5 2 2 System Status To view System Status go to Status System This section provides an overview of the system for the administrator...

Страница 185: ...llowed disallowed to log in the network WAN Failover Enabled Disabled stands for the function currently being used or not Load Balancing Enabled Disabled stands for the function currently being used o...

Страница 186: ...180 5 2 2 Interface Status To view Interface Status go to Status Interface This section provides an overview of the interface for the administrator including WAN1 WAN2 SZ Default SZ1 SZ8...

Страница 187: ...e day Displays traffic information of the day in a table Traffic of the month Displays traffic information of the in a table Traffic of the top 10 Shows the top 10 traffic of the day records Service Z...

Страница 188: ...182 5 2 2 HW To view Hardware Status go to Status HW This tab page displays the system s hardware usage information...

Страница 189: ...Policy 1 40 Shows the information of the individual Policy from 1 to 24 Global Policy Shows the information of the Global Policy System Shows the information of the system administration Destination...

Страница 190: ...user account name IP Address The IP address of this user MAC Address The MAC address of this user Pkts In Out Number of packets received sent by this user Bytes In Out Number of Bytes received sent b...

Страница 191: ...address from the system s DHCP server but have not yet been authenticated This feature is designed for administrators to keep track of systems resources from being exhausted The list shows the client...

Страница 192: ...istrator to inspect sessions currently established between a client and the system Each result displays the IP and Port values of the Source and Destination You may define the filter conditions and di...

Страница 193: ...Notification Configuration page the system will automatically send out the history information to that specified email address Users Log All activities occur on the system within the nearest 72 hours...

Страница 194: ...of user activities Roaming In User Log As shown in the following figure each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserIP Sessio...

Страница 195: ...elds System Name Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities o Username Username of the local user account o Connection Time Usage The total time used by the...

Страница 196: ...ince system boot up Administrators can examine the log entries of various events However since all these information are stored on volatile memory they will be lost during a restart reboot operation T...

Страница 197: ...the number under column 3 indicated the lease count in the last 30 minutes hours days and so on Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes Hours and Days...

Страница 198: ...192...

Страница 199: ...SYSLOG Settings Allows the configuration of two external SYSLOG servers where selected users logs as well as system logs will be sent to FTP Settings Allows the configuration of an external FTP Serve...

Страница 200: ...Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMv1 is not currently available for ge...

Страница 201: ...dress and port number of the external SYSLOG server System Log This controls the enabling disabling of the SYSLOG logging feature When enabled the selected logs from Notification Settings will be sent...

Страница 202: ...n Specify the IP address and port number of your FTP server If your FTP needs authentication enter the Username and Password The Send Test Log radio button can be used to send a test log for testing y...

Страница 203: ...197 5 2 2 Notification Settings This configuration page allows the selection of log types to send either to preconfigured E mail SYSLOG Servers or FTP Server based on the chosen time Interval...

Страница 204: ...numbers 1 to 5 represents the corresponding E mail address configured in SMTP Settings click the desired E mail address profile 1 5 and select the time interval for sending report or log Detail Click...

Страница 205: ...ributes such as Tag Severity and Facility which will be assigned to the corresponding log to meet the filtering requirements on the SYSLOG Server Note The System Log option needs to be enabled under S...

Страница 206: ...tion of the FTP server folder where the logs sent will be stored on the FTP server Note The outputted log files to the FTP server will be named according to the format Topic_ ExtraDesc_ SystemName_ Da...

Страница 207: ...e type of report you wish to see Available report types are CPU Loading CPU Temperature Memory Usage Network Traffic Online User Successful Login Session DHCP Lease and DNS Query Time For selecting th...

Страница 208: ...ure will be enabled and ready to serve once it is launched for setup The goal of this design is to eliminate the configuration difficulty from IPSec VPN users At the client side the IPSec VPN implemen...

Страница 209: ...dows XP or Windows XP SP1 is not compatible with IPSec protocol It shall be turned off to allow IPSec packets to pass through Without patch ICMP Ping and PORT command of FTP can not work in Windows XP...

Страница 210: ...ing ActiveX If it happens please reboot the client computer Once Windows service is resumed go through the login process again 2 Termination of the Internet Explorer Task from Windows Task Manager Do...

Страница 211: ...205...

Страница 212: ...top 2 How to remove ActiveX component in client s computer ANS Uninstall and delete ActiveX component Close all Internet Explorer windows Open a command prompt window and type the commands as follows...

Страница 213: ...look like the settings in Service Zone It also can setup the SIP WAN Interface Authentication Options Group Permission Applied Policy and customizable Login Page After Remote VPN is enabled when you...

Страница 214: ...VPN tunnel to each other over the WAN network For example if there are 2 WHG 505 you can create a VPN tunnel to let a subnet of one WHG 505 to access the subnet of another WHG 505 First you need to ad...

Страница 215: ...0 111 0 24 of WHG 505_B after the tunnel is created the users within these two subnets can reach each other You can create more than one VPN tunnel but the IP segment mapping can not be overlap that s...

Страница 216: ...d logout pages for each service zone that can be customized by administrators Go to System Configuration Service Zone Configure Authentication Settings Custom Pages Click the button of Configure the s...

Страница 217: ...gnated website After finishing the setting click Preview to see the login page Custom Pages Login Page Default Page Choose Default Page to use the default login page Custom Pages Login Page Template P...

Страница 218: ...in Page Uploaded Page Choose Uploaded Page and upload a login page to the built in HTTP server The user defined login page must include the following HTML codes to provide the necessary fields for use...

Страница 219: ...ess Next enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size...

Страница 220: ...nated website In the External Page Setting enter the URL of the external login page and then click Apply After applying the setting the new login page can be previewed by clicking Preview button at th...

Страница 221: ...instructions for more details Note The different part is the HTML code of the user defined logout interface must include the following HTML code that the user can enter the username and password After...

Страница 222: ...l login page configured Gateway while redirecting users to the external web page will also send URL parameters required for the operation for instance user authentication Therefore each self defined e...

Страница 223: ...o get remaining quota vlanid Integer 1 4094 VLAN ID gwip IP format Gateway activated WAN IP address client_ip IP format Client IP address umac MAC format separated by Client MAC address session String...

Страница 224: ...clear type button value Clear FORM The following shows the corresponding self defined javascript function used to parse the loginurl parameter function getVarFromURL url name if name url return name n...

Страница 225: ...included Utype String LOCAL RADIUS ONDEMAND POP3 LDAP SIP NT Domain Authentication server name Umac MAC format separated by Client MAC address sessionlength Integer Sec RADIUS user session length Only...

Страница 226: ...tring WISPr Billing Class Of Service attribute Only available for RADIUS user WISPR LOCATION ID String WISPr Location ID attribute Only available for RADIUS user WISPR LOCATION NAME String WISPr Locat...

Страница 227: ...information of your account XXX BR Please contact your network administrator Invalid username or password BR Please check your username and password and try again Cannot identify the policy for your...

Страница 228: ...er s quota of time type byteamount Integer byte On demand user s quota of volume type idletimeout Integer Sec Idle timeout logouturl String URL encoded Logout URL redeemurl String URL encoded Redeem U...

Страница 229: ...escription Uid String User ID Gwip IP format Gateway activated WAN IP address Vlanid Integer 1 4094 VLAN ID External Port Location Mapping Free Login Page External Port Location Mapping Charge Login P...

Страница 230: ...rnal Domain Name loginpages logoff shtml Input Field Required Value Description Uid Optional String User ID default is taken from cookie session Optional String Encoded string which contains some info...

Страница 231: ...ota 3 Expired 4 Redeemed Remaining quota if user is time type the value is remaining seconds if user is volume type the value remaining bytes Uname String User name Type String includes TIME Time type...

Страница 232: ...eturn URL login successful page is the default value Output If no ret_url is presented client would be redirected to login successful page and in addition a JavaScript window would pop up and show the...

Страница 233: ...6 0 ret_url Optional String URL encoded Return URL Output If no ret_url is presented the client would be redirected to a ticket page in our UI style If ret_url is presented client would be redirected...

Страница 234: ...used by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from a...

Страница 235: ...igured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed o Client s Purchasing Record o Starting Invoice Number An invoice number may be provided...

Страница 236: ...of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results return...

Страница 237: ...e represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits o Country...

Страница 238: ...yPal account to continue PayPal Payment Page Configuration External Payment Gateway PayPal Payment Page Configuration Business Account The Login ID an email address that is associated with the PayPal...

Страница 239: ...voice number may be provided as additional information against a transaction This is a reference field that may contain any kind of information Description Enter the product service description e g wi...

Страница 240: ...234 Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website...

Страница 241: ...essing a website other than Secure Pay Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway ser...

Страница 242: ...transaction data Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add o...

Страница 243: ...w rbsworldpay com support index php page login c WW Select Business Gateway Formerly WorldPay Click Merchant Interface Username user2009 Password user2009 STEP Select Installations from the left hand...

Страница 244: ...lect the Save Changes button STEP Input Installation ID and Payment Gateway URL in gateway UI Installation ID 2009test URL https select wp3 rbsworldpay com wcc purchase Note The WAN IP of gateway must...

Страница 245: ...text file for uploading user accounts then click Upload to complete the upload process When uploading a file any format error or duplicated username will terminate the uploading process and no account...

Страница 246: ...her system Click Restore Accounts to enter the Restore On demand User Account interface Click the Browse button to select the text file for restore the user accounts and then click Submit to complete...

Страница 247: ...estore Accounts is Upload New Account is for new accounts creations So the format of the upload file does not need to add any hidden columns just need to input the required information in each column...

Страница 248: ...tication there have a option to send the complete username with postfix or username only Username Format When Complete option is checked both the username and postfix will be transferred to the POP3 s...

Страница 249: ...n Only ID option is checked only the username will be transferred to the external RADIUS server for authentication 5 2 2 NAS Identifier The system will send this value to the external RADIUS server if...

Страница 250: ...ibute is the string identifying the NAS originating the access request System will send this value to the external RADIUS server if the external RADIUS server needs this NAS Port Type Indicates the ty...

Страница 251: ...se the RADIUS attribute settings below if the configured remote RADIUS server presents no attributes RADIUS Standard Attributes Session Time Out Forced logout once timeout period reached Idle Time Out...

Страница 252: ...sion Terminate on Billing Time When enabled the session will terminate in the Billing Time set Bandwidth Setting It will follow the Bandwidth settings of the Group profile set for this authentication...

Страница 253: ...tion Protocol CHAP or Password Authentication Protocol PAP Accounting Service Enable Disable RADIUS accounting Accounting Server Enter the Accounting Server domain name or IP address Accounting Port E...

Страница 254: ...classified by LDAP attributes log into the system via the LDAP server each client will be mapped to its assigned Group To get and show the attribute name and value from the configured LDAP server ente...

Страница 255: ...his function is use to combine these by a single user login Users only need to login once and then they will be assigned the access right in this domain and network access right from WHG 505 When Tran...

Страница 256: ...to define the authorized device with IP address Subnet Mask and Secret Key Click the hyperlink Roaming Out 802 1x Client Device Settings to enter the Roaming Out 802 1x Client Device Settings interfac...

Страница 257: ...03 WHG 505 asks an external trusted SIP registrar to verify both identities After SIP registrar responds with a YES call is established through WHG 505 The system provides SIP proxy for SIP clients de...

Страница 258: ...onality which allows SIP clients to pass through NAT When enabled all SIP traffic can pass through NAT via a fixed WAN interface The policy route setting of SIP Authentication must be configured caref...

Страница 259: ...ario is that a proxy server is placed outside the LAN environment or in the Internet Follow the following steps to complete the proxy configuration Step 1 Log into the WHG 505 by using the admin accou...

Страница 260: ...clients match with at least one of the proxy server setting of the WHG 505 Otherwise users will not be able to get the Login page for authentication via browsers and it will show an error page in the...

Страница 261: ...be able to access the network without any authentication Therefore to stop the risk it is strongly recommended to put all proxy servers outside the Intranet Follow the following steps to complete the...

Страница 262: ...at the proxy server setting of the clients match with the proxy server setting of the WHG 505 Otherwise users will not be able to get the Login page for authentication via browsers and it will show an...

Страница 263: ...eploying the WHG 505 Secure Certificate setting for both IE6 and IE7 For the company with its own Certificate Authority CA the certificate of the company should be trusted by all his employees compute...

Страница 264: ...IE7 the following steps may be taken to provide a workaround or to bypass the issue 1 Open the IE7 browser and you will be redirected to the default login page If the certificate is not trusted the f...

Страница 265: ...he IE7 certificate issue please follow the instructions stated below 1 When the User Login page appears click Certificate Error at the top 2 Click View Certificate 3 Click Certification path 4 Select...

Страница 266: ...260 5 Click Install Certificate 6 Click Next...

Страница 267: ...261 7 Select Automatically select the certificate store based on the type of certificate and then click Next 8 Click Finish...

Страница 268: ...262 9 Click Yes 10 Click OK 11 Launch a new IE7 browser The certificate is now trusted via IE7 according to the key symbol shown at top next to the address field...

Страница 269: ...the following information provides the step to take when the certificate publisher is not trusted by IE6 1 Open an IE6 browser the Security Alert message will be appeared if the certificate is not tru...

Страница 270: ...on Scenario Employee vs Guest Typical service zone settings will separate users groups into Employee and Guest for the purpose of different authentication level Application Network As shown in the dia...

Страница 271: ...D to authenticated users when they start new sessions 3 Both groups Employee and Guest will be redirected to different login portal pages and will be authenticated against different authentication dat...

Страница 272: ...266 Step 3 Configure the service zone accordingly Configure the SSID Choose the authentication option and configure the login page Choose the appropriate policy for this service zone...

Страница 273: ...ice Zone Settings Once the settings of two service zones are completed the configured result will be displayed on screen in the Service Zone Settings The name of the service zone and the enabled statu...

Страница 274: ...ies and strip off the option before forwarding the reply to the client A graphic example of connecting 2 gateways with an external DHCP server Please note that the Router and Gateway 1 connected to th...

Страница 275: ...a Circuit ID 00 90 0B 07 60 91_172 30 1 254 to the external DHCP server When the DHCP server gets the Circuit ID it recognizes that the request is sent from g1_public_lan and thus assigns the client...

Страница 276: ...ion Log The system can record connection details of each user accessing the Internet In addition the log data can be sent out to a specified SYSLOG Server Email Box or FTP Server based on pre defined...

Страница 277: ...MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1628 DIP 203 125 164 142 DPort 80 Jul 20 12 35 06 2009 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1629 DIP 203 125 164 142 DPort 80 Jul 20...

Страница 278: ...on PC After WHG 505 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup Internet Connection Setup Windows 9x 2000 1 Choose Start Contr...

Страница 279: ...nually or I want to connect through a local Area network LAN and then click Next 4 Choose I connect through a local area network LAN and then click Next 5 DO NOT choose any option in the following LAN...

Страница 280: ...274 6 Choose No and then click Next 7 Finally click Finish to exit the Internet Connection Wizard Now the set up is completed Windows XP 1 Choose Start Control Panel Internet Option...

Страница 281: ...275 2 Choose the Connections tab and then click Setup 3 When the Welcome to the New Connection Wizard window appears click Next 4 Choose Connect to the Internet and then click Next...

Страница 282: ...Set up my connection manually and then click Next 6 Choose Connect using a broadband connection that is always on and then click Next 7 Finally click Finish to exit the Connection Wizard Now the setup...

Страница 283: ...If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If checkin...

Страница 284: ...fic IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the...

Страница 285: ...d click Add Then click OK 4 3 Click on DNS Configuration tab If the DNS Server field is empty select Enable DNS and enter DNS Server address Click Add and then click OK to complete the configuration C...

Страница 286: ...TCP IP and then click Properties Now you can choose to use DHCP or a specific IP address 4 Using DHCP If you want to use DHCP choose Obtain an IP address automatically and then click OK This is also t...

Страница 287: ...please inform the network administrator before proceeding to the following steps 5 1 Choose Use the following IP address and enter the IP address Subnet mask If the DNS Server field is empty select U...

Страница 288: ...he IP Settings tab click OK to complete the configuration Check the TCP IP Setup of Window XP 1 Select Start Control Panel Network Connection 2 Right click on the Local Area Connection icon and select...

Страница 289: ...following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG 505 If your PC has been set up completely pl...

Страница 290: ...ick Add below the Default gateways column and the TCP IP Gateway Address window will appear 5 4 Enter the gateway address of WHG 505 in the Gateway field and then click Add After back to the IP Settin...

Страница 291: ...Service Zone1 can be applied Policy1 Then user01 login to Service Zone1 will get Policy1 This is a common case for users that can assign Group individually 16 9 2 For Local RADIUS and LDAP if these u...

Страница 292: ...in this example the Vendor ID of LevelOne is 31932 There must have other attribute to define the amount of traffic with Attribute Number and Attribute Value Attribute Name Attribute Number Attribute V...

Страница 293: ...remotely from other PC 2 1 Step 1 Assume there are already have users in RADIUS Server Assume there are already have Groups and assigned users to belong these Groups in RADIUS Server Assume there are...

Страница 294: ...te Add a new Vendor specific attribute 2 4 Step 4 Add a new attribute under Vendor specific Set Vendor Code 31932 Set it conforms to the RADIUS RFC Configure Attribute Set Vendor assigned attribute nu...

Страница 295: ...289 2 5 Step 5 Confirm the Vendor specific Attribute has been added success 2 6 Step 6 Follow the same steps to create other Vendor specific Attribute as you need...

Страница 296: ...er for example use Putty to access the Linux Host 3 1 Step 1 Assume there are already have users in RADIUS Server Assume there are already have Groups and assigned users to belong these Groups in RADI...

Страница 297: ...ection 2 with same format 3 5 Step 5 Edit the file dictionary under the folder freeradius 3 6 Step 6 Include dictionary 4ipnet in the dictionary of RADIUS server Insert it in an incremental position t...

Страница 298: ...292 Insert VSA into RADIUS respond In this example the maximum download and upload in bytes for group03 users is 1MBytes 3 9 Step 9 Restart RADIUS to get your settings activated...

Страница 299: ...rovides seamless integration between the gateway and the popular High Speed Internet Access HSIA hardware and Front Office System FOS software Each Port Location Mapping entry can be configured to pro...

Страница 300: ...294 2 Port Location Mapping To configure Port Location Mapping go to System Port Location Mapping Configure...

Страница 301: ...room with this port type only allows one user at most to access the network within the room Multiple User is the port type used for rooms with many users for example dormitory applications If the user...

Страница 302: ...the Room Mapping with noncontiguous VLAN Tag and Room number then you can create them individually Port Location Mapping Setup Create One From Set the Physical LAN port on the gateway to provide Port...

Страница 303: ...ge and response MD5 Hash to test the authenticity of the link It should contain one or more lowercase letters uppercase letters numbers and symbols It also should be between 8 16 characters Interface...

Страница 304: ...istrator to search for mapping entries according to VLAN ID Room Num Location ID or Service Zone Click the VLAN ID link to enter the Port Mapping Profile page for that entry You can change the Port Ty...

Страница 305: ...User may chose a billing plan click the Confirm button and the system will display the generated account name and password If you already have a user account you can click the here link to login with...

Страница 306: ...ied Service Zone s Custom Pages settings When a user tries to access internet from a Block room the browser will show service unavailable page 6 View the Event Login After the user select a billing pl...

Страница 307: ...301...

Страница 308: ...Tree WDS Update Update the WDS connection with the following operations Add Add a new WDS connection with a Child AP not in the WDS and a Parent AP from the AP List A new WDS Tree will be added if the...

Страница 309: ...deployed environment It takes the managed AP as sensors to find out the non managed AP even if the AP uses the same SSID with the managed AP s You can setup the Detection Interval e g 5 minutes syste...

Страница 310: ...very the APs and apply template first Note For more detail of AP Management please refer to the section of Managing Wireless Network Basically all of the managed AP can become a Rogue AP sensor but so...

Страница 311: ...So you can add these APs to the Trust List and then system will ignore these APs and will not show in the Rogue AP List again Also you can check which AP had added to trust list by the Trusted AP Lis...

Страница 312: ...er APs in the same group are still below the threshold the balancing function will be activated to decrease the transmit power of the overloading APs and increase other available APs transmit power Th...

Страница 313: ...n 2 Configure the Loading of Threshold of each Group Configure Group Configuration go to Access Points AP Load Balancing Group Configuration You can choose the Loading Threshold of each group Also you...

Страница 314: ...List will list all of the managed AP Select the APs chose a Group and click Apply The APs will join into this group If the overloading is happened you can check the Power Level from this List It will...

Результаты поиска

Содержание WHG-505

Отзывы:

Похожие инструкции для WHG-505

Бренды по названию

Популярные бренды

LevelOne WHG-505, Руководство пользователя

Результаты поиска

Содержание WHG-505

Отзывы:

Похожие инструкции для WHG-505

Бренды по названию

Популярные бренды