Nomadix AG 2300 Скачать руководство пользователя страница 87 | Manualshive

Страница: 87 / 294

Nomadix AG 2300 Скачать руководство пользователя страница 87

A

CCESS

G

ATEWAY

System Administration

75

The feature is configured by selecting a signing method, the parameters to be signed, and assigning a secret
key.

Two signature methods are supported:



HASH-CRC32



HMAC-MD5

Not all parameters that are part of the URL redirection string need to be included in the signature calculation.
The following parameters are considered sensitive and can be selected:



UI (the ID of the NSE)



MA (the subscriber’s MAC address)



RN (the Room Number)



PORT (the port number the subscriber is connected to)

The desired secret key simply needs to be entered in the field. Once entered, it is not visible to the user.

Information that indicates which parameters were signed, along with the resultant hash value, are then
included in some additional parameters that are appended to the redirection string.

In order to utilize the parameter signing feature, the EWS or Portal Page Server used must be configured to
correctly parse and verify the signing information. Documentation that includes guidelines for configuring a
server to support signing can be obtained by contacting Nomadix Technical Support.

Establishing Secure Administration {Access Control}

The Access Gateway allows you to block administrator access to interfaces (Telnet, WMI and FTP, SSH and
SFTP) and incorporates a master access control list that checks the source (IP address) of administrator logins.
A login is permitted only to the interfaces that have not been blocked, and only if a match is made with the
master “Source IP” list contained on the Access Gateway. If a match is not made with the “Source IP list,” the
login is denied, even if a correct login name and password are supplied. The access control list for source IPs
supports up to 50 (fifty) entries in the form of a specific IP address or range of IP addresses.

This procedure allows you to enable the “Access Control” feature and block administrator access to specific
interfaces, and add or remove administrator “Source IP” addresses.

«
...
85
86
87
88
89
...
»

Содержание AG 2300

Страница 1: ......

Страница 2: ...s Reserved Livingston Enterprises Inc Copyright 1992 Livingston Enterprises Inc All Rights Reserved The Regents of the University of Michigan and Merit Network Inc Copyright 1992 1995 All Rights Reser...

Страница 3: ...serial number in this box Patent Information Please see the Nomadix website for a list of US and foreign patents covering this product release Disclaimer Nomadix Inc makes no warranty either express o...

Страница 4: ...tenter de demontre l appareil ATTENTION Lire le mode d emploi avant utilisation WARNUNG Nicht ffnen elektrische Bauteile ACHTUNG Lesen Sie das Handbuch bevor Sie das Ger t in Betrieb nehmen AVISO Ries...

Страница 5: ...nding 5 NSE Core Functionality 7 Access Control 8 Bandwidth Management 8 Billing Records Mirroring 9 Bridge Mode 9 Class Based Queueing 9 Command Line Interface 12 Daylight Savings Time and IANA Time...

Страница 6: ...ermination Redirect 21 Smart Client Support 21 SNMP Nomadix Private MIB 21 Static Port Mapping 21 Tri Mode Authentication 21 URL Filtering 21 Walled Garden 22 Web Management Interface 22 Weighted Fair...

Страница 7: ...Your Location Information 44 Step 3 Retrieving Your License Key 44 Step 4 Configuring the System 45 Step 5 Configuring AG DHCP Server Settings 45 The Management Interfaces CLI and Web 47 Making Menu S...

Страница 8: ...licy Operation 81 Group Bandwidth Limit Policy Current Table 82 Establishing Billing Records Mirroring Bill Record Mirroring 82 Class Based Queueing 84 Clustering Clustering 86 Configuring Destination...

Страница 9: ...ation 142 Network Info Menu 144 Displaying ARP Table Entries ARP 144 Displaying DAT Sessions DAT 144 Displaying the Host Table Hosts 144 Displaying ICMP Statistics ICMP 145 Displaying the Network Inte...

Страница 10: ...ions 170 Setting Up the Information and Control Console ICC Setup 175 Defining Languages Language Support 179 Enable Serving of Local Web Pages Local Web Server 181 Defining the Subscriber s Login UI...

Страница 11: ...Configuring the Subscriber Management Models 213 Information and Control Console ICC 215 ICC Pop Up Window 215 Logout Console 215 Quick Reference Guide 216 Web Management Interface WMI Menus 217 Conf...

Страница 12: ...ey Generation 254 Create a Certificate Signing Request CSR File 256 Create a Public Key File server pem 257 Setting Up Access Gateway for SSL Secure Login 259 Changing Settings in the WMI 259 Mirrorin...

Страница 13: ...Access Gateway s functionality and features Refer to Product Specifications on page 228 for a list of Access Gateway Products that this document supports The Nomadix Access Gateway hardware is configu...

Страница 14: ...bscriber interface It also includes an outline of the authorization and billing processes utilized by the system and the Nomadix Information and Control Console Chapter 5 Quick Reference Guide Contain...

Страница 15: ...ete solution to a set of complex issues in the Enterprise Public LAN and Residential segments Product Configuration and Licensing All Nomadix Access Gateway products are powered by our patented and pa...

Страница 16: ...scalable large public access deployments Provides capabilities for load balancing and fail over management across multiple ISPs Platform Reliability The Access Gateway is designed as a network applian...

Страница 17: ...cess Method UAM IEEE 802 1x and Smart Clients for companies such as Adjungo Networks Boingo Wireless GRIC and iPass MAC based authentication is also available Security The patented iNAT Intelligent Ne...

Страница 18: ...itself at freely configurable intervals 4 The Information and Control Console ICC contains multiple opportunities for an operator to display its branding or the branding of partners during the user s...

Страница 19: ...ing Bridge Mode Class Based Queueing Command Line Interface Dynamic Address Translation Dynamic Transparent Proxy End User Licensee Count External Web Server Mode Facebook Authentication Home Page Red...

Страница 20: ...allows administrators to block access from Telnet Web Management and FTP sources Administration can now be performed after unblocking the interfaces for the Subscriber side of the NSE The Administrati...

Страница 21: ...SE forwards any and all packets except those addressed to the NSE network interface The packets are unmodified and can be forwarded in both directions The Bridge Mode function is a very useful feature...

Страница 22: ...80Mbps because it has a higher priority with 20Mbps taken by the Public class its minimum guarantee If however there were no users in the Public class then the Guest Room class could take 100 of the b...

Страница 23: ...200 with upper bandwidth of 6M Two classes Class1 Priority 1 Minimum 400M Maximum 900M Class2 Priority 2 Minimum 200M Maximum 900M 100 subscribers with each limit are assigned to Class1 and 100 to Cla...

Страница 24: ...ueueing concurrently with Weighted Fair Queueing the NSE will maintain the weighting when multiple WAN interfaces with Load Balancing are configured The upper bandwidth limit is constrained by the max...

Страница 25: ...support calls than competitive products End User Licensee Count The NSE supports a range of simultaneous user counts depending on the Nomadix Access Gateway you choose In addition depending on your pl...

Страница 26: ...define multiple instances to intercept the browser s request and replace it with freely configurable URLs Portal page redirect enables redirection to a portal page before the authentication process T...

Страница 27: ...of VPN connectivity by misconfigured users thus reducing customer support costs and boosting customersatisfaction Maintains the security benefits of traditional address translation technologies while...

Страница 28: ...ML or ASP knowledge The language you select determines the language encoding that the IWS instructs the browser to use The available language options are English Chinese Big 5 French German Japanese S...

Страница 29: ...to make a single logical interface The network must be configured and support active LACP Link Aggregation will not allow throughput beyond the device supported throughput Logout Pop Up Window As an...

Страница 30: ...driven Auto Configuration functionality utilizes the existing infrastructure of a mobile operator to provide an effortless and rapid method for configuring devices for fast network roll outs Once conf...

Страница 31: ...DIUS Re Authentication The NSE s Internal Web Server IWS stores encrypted login cookies in the browser to remember logins using usernames and passwords This Remember Me functionality creates a more ef...

Страница 32: ...ss clients by enabling the Internal Web Server IWS to display pages under a secure link important when transmitting AAA information in a wireless network when using RADIUS SSL requires service provide...

Страница 33: ...The advantage for the network administrator is that free private IP addresses can be used to manage devices such as Access Points on the subscriber side of the NSE without setting them up with Public...

Страница 34: ...cates bandwidth to individual users or groups in proportion to their individual or group bandwidth limits Weighted Fair Queueing provides a fall back in an over subscribed scenario Example Scenario Yo...

Страница 35: ...range of Property Management System PMS interfaces to enable in room guest billing for High Speed Internet Access HSIA service This module also includes 2 Way PMS interface capability for in room bill...

Страница 36: ...le The Access Gateway can be deployed effectively in a variety of wireless and wired broadband environments where there are many users usually mobile who need high speed access to the Internet The fol...

Страница 37: ...uations should be avoided The cluster will distribute the subscribers MAC addresses according to a modulus calculation based on the last three bytes of the MAC address of the subscriber The result wil...

Страница 38: ...ACCESS GATEWAY Introduction 26 The following graphic illustrates a clustering scenario with 12 000 users and three gateways...

Страница 39: ...hird or more ISP link as a back up to the primary ISP link In the event that the primary link fails all traffic is re routed to the backup link until such time as the primary link becomes available Co...

Страница 40: ...Load Balancing and Failure Considerations 1 Is load balancing or just ISP failover required 2 Is aggregation of multiple low speed links required 3 How reliable are different local ISP services 4 What...

Страница 41: ...y link with free users connected to a lower quality link with link failover still available if the preferred link fails Some examples of typical common deployment scenarios are outlined below These ar...

Страница 42: ...uest HSIA ISP and Hotel Admin users will connect to the Admin ISP If either link fails then failover to the other link will occur If the Guest HSIA link fails the guests will be connected to the Admin...

Страница 43: ...een the WAN port and port ETH2 which is connected to the hotel Admin network router Sharing Guest HSIA Network and Hotel Admin Network Among Multiple ISP Links In this scenario multiple ISP links are...

Страница 44: ...e domestic service provided by the local cable TV operator The hotel has a number of bill plan options including free to use and pay to use premium plans Under normal circumstances the hotel wants gue...

Страница 45: ...lished following a successful installation WebHelp is HTML based and can be viewed in a browser WebHelp is useful when you have an Internet connection to the Access Gateway and you want to access info...

Страница 46: ...used throughout this User Guide General notes and additional information that may be useful are indicated with a Note Cautions and warnings are indicated with a Caution Cautions and warnings provide i...

Страница 47: ...ction provides installation instructions for the hardware and software components of the Access Gateway It also includes an overview of the management interface some helpful hints for system administr...

Страница 48: ...nstallation Workflow The following flowchart illustrates the steps that are required to install and configure your Access Gateway successfully Review the installation workflow before attempting to ins...

Страница 49: ...r and to power up the system 1 Place the Access Gateway on a flat and stable worksurface 2 Connect the power cord 3 Connect the RJ45 console cable between theAccess Gateway s Console port and the fema...

Страница 50: ...le dictionary files are located at the following URL http www nomadix com support If you have any problems please contact our technical support team at 1 818 575 2590 or email support nomadix com This...

Страница 51: ...s Flow Control 9600 8 None 1 None Subscriber side EthernetConnection Connect an Ethernet cable between the product s Eth1 port and your computer s Ethernet port 5 Setup a SSH client to establish a SSH...

Страница 52: ...BE ABLE TO CONNECT TO THE INTERNET DO YOU WANT TO CONFIGURE THE NSE S IP AND DNS SETTINGS yes no y Configuring minimal WAN interface connectivity parameters Configuration Mode static static dhcp pppoe...

Страница 53: ...AN Interface configuration Type b to go back esc to abort for help Ethernet port WAN interface configuration Figure 3 WAN port static IP configuration summary page If everything is correct in the summ...

Страница 54: ...t configuration summary page If everything is correct in the summary type b ack to return to the previous menu and proceed to step 2 to enter location information Otherwise select an option from the E...

Страница 55: ...CP Echo Request Interval 30 Maximum LCP Non responses 6 PPP Authentication User Name Your user name PPP Authentication Password Your password PPP IP Configuration Mode dynamic PPP Static IP Address 0...

Страница 56: ...ings When finished with settings type b ack to return to the previous menu and go to step 2 Step 2 Entering Your Location Information You will be required to enter location information in order to obt...

Страница 57: ...the AG and use the graphical Web Management Interface WMI you must disable subscriber side HTTP 1 Log in to the AG 2 Navigate to Configuration Access Control Interface 3 Press Enter until you reach Su...

Страница 58: ...eway DHCP Parameter Your Settings Default Values DHCP Server Subnet Mask 255 255 255 0 DHCP Pool Start IP Address 10 0 0 12 DHCP Pool End IP Address 10 0 0 72 DHCP Lease Minutes 1440 An example of a b...

Страница 59: ...criber Interface See also Menu Organization Web Management Interface on page 57 Making Menu Selections and Inputting Data with the CLI The CLI is character based It recognizes the fewest unique charac...

Страница 60: ...essages subscriber other messages 72 Description of Service billing options Plan 140 Home Page URL 237 Host Name and Domain Name DNS settings 64 IP DNS Name passthrough addresses 237 Label billing opt...

Страница 61: ...orates an online help system that is accessible from the main window Other online documentation resources available from our corporate Web site www nomadix com support include a full PDF version of th...

Страница 62: ...the Access Gateway Assigning the Location Information and IPAddresses Connecting the Access Gateway to the Customer s Network Assigning the Network Interface IP Address This is the public IP address t...

Страница 63: ...anagement over the Internet To do this you must set up the SNMP communities and identifiers For more information about SNMP see Using an SNMP Manager on page 65 If you want to use SNMP you must manual...

Страница 64: ...t 3 After you have entered yes to the initial prompt enter mod int WAN or m i WAN modify interface WAN Note that modes and interface names are case sensitive The configuration then steps through the s...

Страница 65: ...eway to the specified server 1 Enter log logging at the Configuration menu The system displays the current logging status enabled or disabled 2 Enable or disable the system and or AAA logging options...

Страница 66: ...n option from above 6 7 Enter RADIUS History Log Server IP 255 255 255 255 10 10 10 10 Enable disable RADIUS History Log Save to file disabled enable Enable disable System Report Log disabled enable E...

Страница 67: ...th local laws Consider routing communication through an IPSec tunnel Configuration Logging Out and Powering Down the System Use this procedure to log out and power down the Access Gateway 1 Enter l lo...

Страница 68: ...y s adaptive configuration technology provides Dynamic Address Translation DAT functionality DAT is automatically configured to facilitate plug and play access to subscribers who are misconfigured wit...

Страница 69: ...eration as a DHCP client The options are configurable on a per pool basis Different sets of options can be configured for different pools A given DHCP option consists of an option code and a value RFC...

Страница 70: ...quested IP address 55 parameter request list 56 error message 57 maximum message size 60 vendor class identifier 61 client identifier Items generated automatically by the mechanism of DHCP message con...

Страница 71: ...nagement Interface WMI See Ethernet Ports WAN on page 93 for WAN specific DNS configuration To set the DNS global configuration options 1 Enter c configuration at the Access Gateway Menu The Configura...

Страница 72: ...Access Gateway Enter UDP DNS Redirection Port 1029 Enter Proxy UDP DNS Port 1028 Enable Disable DNSSEC enabled Host Name usg DNS Redirection Port Mode fixed UDP DNS Redirection Port 1029 Proxy UDP DNS...

Страница 73: ...configuration settings you should write the settings to an archive file If you ever experience problems with the system your archived settings can be restored at any time Refer to the following proced...

Страница 74: ...nagement Information Base 1 Import the nomadix mib file into your SNMP client manager 2 Connect to the Access Gateway froma node on the network that is accessible via the Access Gateway s network port...

Страница 75: ...organized as they are listed under their respective Web Management Interface WMI menus Configuration Menu on page 68 Network Info Menu on page 144 Port Location Menu on page151 Subscriber Administrat...

Страница 76: ...s functional command sets You can access the WMI from any Web browser Your browser preferences or Internet options should be set to compare loaded pages with cached pages To connect to the Web Managem...

Страница 77: ...e These objects include hardware configuration parameters and performance statistics Managed objects are arranged into a virtual information database called a Management Information Base MIB SNMP enab...

Страница 78: ...To access the Access Gateway s Web Management Interface use the Manager or Operator login user name and password you defined during the installation process refer to Assigning Login User Names and Pas...

Страница 79: ...ble to you unless you have purchased the appropriate product license from Nomadix In this case the following statement will appear either immediately below the section heading or when the feature is m...

Страница 80: ...rts several AAA models that are discussed in Subscriber Management on page 213 1 From the Web Management Interface click on Configuration then AAA The Authentication Authorization and Accounting Setti...

Страница 81: ...er xmlcommand password xmlcommand post file addUser xml header Content Type text xml If you select Enable Authentication via IP Address enter the valid XML server address es Up to four addresses are s...

Страница 82: ...ication if Portal Page External Web Server is not reachable by placing a check in that box 11 Enable or disable Port Based Billing Policies With Port Based Billing Policies enabled you can individuall...

Страница 83: ...y maintains an internal database of authorized subscribers based on their MAC hardware address and user name if enabled By referring to its database record also known as an authorization table the Acc...

Страница 84: ...HTTPS pages Instructions for obtaining certificates are provided by Nomadix To enable SSL Support your Access Gateway s flash must include the server pem cakey pem and cacert pem certificate files th...

Страница 85: ...Server on page 71 New Subscribers must be enabled before enabling the PayPal and PMS options 7 If you enabled New Subscribers enable or disable the Relogin After Timeout option 8 You can now enable o...

Страница 86: ...formation about parameter signing 5 Click on the Save button to save your changes click on Save then Reboot to reboot the Access Gateway and make the changes take effect immediately or click on the Re...

Страница 87: ...e Server used must be configured to correctly parse and verify the signing information Documentation that includes guidelines for configuring a server to support signing can be obtained by contacting...

Страница 88: ...Support In addition corresponding options to block https connections independent of http are included in the NSE s Access Control functionality for both the network and subscriber sides If the requir...

Страница 89: ...this feature then clickon the Save button to save yourchanges If you enabled Access Control administrator access is restricted only to the IP addresses shown under the Currently Access is Permitted fo...

Страница 90: ...4 Click on the Save button to save your changes click on Save then Reboot to reboot the Access Gateway and make the changes take effect immediately or click or the Restore button to reset all data to...

Страница 91: ...ULA 2 Setup RADIUS Server parameters go to Defining the Realm Based Routing Settings Realm Based Routing on page 130 3 Set up Username and Password for RADIUS Authentication Administrative Steps to En...

Страница 92: ...d in Kbps Kilobits per seconds for both upstream and downstream data transmissions With the ICC feature enabled subscribers can increase or decrease their own bandwidth dynamically and also adjust the...

Страница 93: ...nteger between 1 and 16777215 inclusive 20 GROUP_BW_MAX_UP Defines the total upstream bandwidth allowed for the group in Kilobits per second Integer value 0 is interpreted as unlimited 21 GROUP_BW_MAX...

Страница 94: ...ual limits at the same time Group Bandwidth Limit Policy Current Table When the feature is enabled a group bandwidth policy ID column is displayed in the Current Subscribers table Subscriber Administr...

Страница 95: ...e Access Gateway and the mirror servers must use the same secret key 5 Repeat Step 4 for the secondary server if any and all carbon copyservers 6 Define the fail safe provisions including Retransmit M...

Страница 96: ...Based Queueing 1 Click Configuration Class Based Queueing The Class Based Queueing screen appears 2 Click Enable and then Save to enable Class BasedQueueing 3 Click Add Class to add a class Class nam...

Страница 97: ...ng structure and priority settings Assigning Users to a Class There are four ways to assign users to a particular class Radius XML Subscriber Administration menu Subscriber Interface menu Assigning a...

Страница 98: ...25 To enable NSE Clustering 1 Click Configuration Clustering and click Enable 2 Enter integers for the Total number of gateways and the Gateway number must be from 2 to 256 with no gaps For example i...

Страница 99: ...com The NSE will process the HTTP request and will analyze the Host header to find the redirection URL that corresponds to www example com which is portal1 myhotel com in this example The NSE will the...

Страница 100: ...click on the Set Shared Secret check box If you enable this feature enter the shared secret text string in the Set Shared Secretfield 8 Click on the Save button to save the redirection settings or cli...

Страница 101: ...Step 8 3 To route DHCP through an external server enable the DHCP Relay 4 If you enabled the DHCP Relay feature you must assign a valid DHCP Server IP address the default is 0 0 0 0 and a valid DHCP R...

Страница 102: ...a public pool address the Access Gateway associates their MAC address with their public IP address for the duration of the service level agreement The opposite is true if they select a plan with a pr...

Страница 103: ...ots The Access Gateway can issue IP addresses to any DHCP enabled subscriber who enters the network Managing the DNS Options DNS DNS allows subscribers to enter meaningful URLs into their browsers ins...

Страница 104: ...the Restore button if you want to reset all the values to their previous state Managing the Dynamic DNS Options Dynamic DNS Use the following procedure to set the Dynamic DNS options 1 From the Web Ma...

Страница 105: ...ils The NSE can now support up to five AG5800 AG5900 WAN interfaces at once using completely independent network settings for each The AG5900 with optional Fiber Module could have 7 Each WANport has i...

Страница 106: ...s and even Link Aggregation Groups Basic functionality is equivalent to IPv4 static port mapping except as follows The feature is provided by routing not NAT External computers will access the device...

Страница 107: ...efix and interface address for the subscriber port you will use Network Info Interfaces 4 Based on that information configure the device s IPv6 settings Delegated prefixes are assigned in sequence sta...

Страница 108: ...he ROUTE only needs to tell the network router that all traffic for 2001 428 4C05 80 60 should be sent to our WAN port IPv6 address Depending on the network you might need to add a similar IPv6 route...

Страница 109: ...vidual ports The LAGs look and behave and are configured exactly like individual WAN and Sub ports Use the following steps to set up a LAG 1 Set the desired port to AGG mode 2 Assign the aggregated po...

Страница 110: ...vable bandwidth To enable Fast Forwarding mode choose Configuration Fast Forwarding Check Enabled If you enable Fast Forwarding some counting statistics e g bytes sent received are updated somewhat le...

Страница 111: ...into any of the Access Gateway s configuration screens 1 From the Web Management Interface click on Configuration then Home Page Redirect The Home Page Redirection Settings screen appears 2 Click on t...

Страница 112: ...mode are notshown Each of the displayed ports has individual iNAT Subscriber tunnelsettings accessible by clicking on that port slink The interface allows easy deletion of any iNAT address range iNAT...

Страница 113: ...igured WAN interface Three failures must occur before the system sets the port status to Unavailable and re assigns subscribers Monitoring may be configured for both the Monitoring Interval default is...

Страница 114: ...ty 3 Check Enable NAT Traversal to allow packets to traverse NAT IPsec boundaries 4 Click Save to save the setting To add or modify IPsec tunnel peers see Managing IPSec Tunnel Peers on page 102 To ad...

Страница 115: ...ilenamefield Enter the filename of the public certificate in the Certificate Filenamefield Note that the files must exist on flashfirst 6 In the IKE Channel Security Parameters section select the foll...

Страница 116: ...table Restore to undo any changes you made to the peer settings and return the peer to its original settings 4 Click the Back to Main IPSec Tunneling Settings page link to return to the IPSec Tunnel S...

Страница 117: ...interface for this policy The Local IP Subnet is the IP address of the local network secured by the IPSec tunnel The address can specify ahost The Subnet Mask is the subnet mask of the local network s...

Страница 118: ...nnel Settings screen 7 Click the Back to Main IPSec Tunneling Settings page link to return to the IPSec Tunnel Settings screen Modifying an Existing IPSec Security Policy 1 Click on the IPSec security...

Страница 119: ...d to that interface in accordance with the load balancing algorithm An NSE reboot will rebalance all subscribers Subscribers will use the IP address of their WANport or assigned additional NAT address...

Страница 120: ...4 Enter a Network SSID Zone 5 Click Save to save your changes or click Restore if you want to reset all the values to their previous state Managing the Log Options Logging System logging creates log f...

Страница 121: ...ng When system logging is enabled the standard SYSLOG protocol UDP is used to send all message logs generated by the Access Gateway to the specified SYSLOGserver 3 Enter a unique number between 0 and...

Страница 122: ...ion SYSRPT ID 012345 IP 11 222 333 444 unresolved Subscribers 010 Additional Configuration System Report Log Interval This is the time interval in minutes between the system report syslogs Subscriber...

Страница 123: ...ing for the syslogs from your NSE in the Subscriber Tracking Log Server IP field 4 Check the Subscriber Tracking Log save to file option to save the syslogs locally to the NSE flash Note Notrecommende...

Страница 124: ...ptions are aa bb cc dd ee ff aa bb cc dd ee ff or aabbccddeeff The default setting isaa bb cc dd ee ff 6 Select the Case of Hex Alpha Characters This setting specifies in the MAC addresses in RADIUS u...

Страница 125: ...e Access Gateway outputs a call accounting record to the PMS system whenever a subscriber purchases Internet service and decides to post the charges to their room The Access Gateway offers post paid P...

Страница 126: ...ied interoperability with a variety of Property Management Systems Encore FCS Galaxy GEAC GuestView Holodex AutoClerk Hilton 1 Hilton 2 Hotel Info Sys HIS Igets net Innquest LanMark LIBICA Logistics M...

Страница 127: ...n 3 PMS Port Test Mode provides a utility to confirm that the PMS port is working To run the utility you must have the Nomadix supplied db9 rj45 adapter plugged into same device that you used to check...

Страница 128: ...ck Disable Registration Number to suppress prompt for a registration number on guest login If you choose Micros Fidelio TCP IP you must provide the Target IP Address and the Target Port Number If you...

Страница 129: ...e an Idle Timeout in minutes and an Idle Data Threshold in bytes These selections determine the thresholds when a post paid hotel guest will be automatically disconnected fromthe service 11 Property M...

Страница 130: ...eset all the values to their previous state Based on the HOBIC interface standards Nomadix Inc has also certified interoperability with a number of other PMS and call accounting solutions such as Rame...

Страница 131: ...ateway Go to In Room Port Mapping on page 120 to map rooms from the subscriber side of the Access Gateway For security reasons this feature should be disabled when in room port mapping from the subscr...

Страница 132: ...lowing you to enter the IP address and SNMP community for the primary and all cascading devices connected to the site For RFC1493 compliant systems you have the additional option of defining the Uplin...

Страница 133: ...2 Enter the following URL target format http Access Gateway IP address 1111 usg roommapping For example http 219 57 108 103 1111 usg roommapping The Enter Network Password prompt appears 3 Enter your...

Страница 134: ...l mode classification and resultant bit marking is performed via QoS policies that are defined within the NSE The two modes can also be used in combination NSE provides support for DSCP Differentiated...

Страница 135: ...GATEWAY System Administration 123 4 Select Add Policy to define a new QoS policy or select a link to a policy that is already defined in order to modify it The Add QoS Policy for Subscribers screen a...

Страница 136: ...on page 139 Defining the RADIUS Client Settings RADIUS Client The Access Gateway supports Remote Authentication Dial In User Service RADIUS RADIUS is an authentication and accounting system used by ma...

Страница 137: ...ess to the network are validated by RADIUS For additional RADIUS information see also Defining the RADIUS Proxy Settings RADIUS Proxy on page 128 Defining the Realm Based Routing Settings Realm Based...

Страница 138: ...box for Enable URL Redirection 5 For a Network Access Server NAS if you want to send a NAS identifier with your account access request click on the check box for Send NAS identifier then definethe NAS...

Страница 139: ...If required check the box for Enable RADIUS Subnet Attribute if you want to allocate a specific subnet to a user 13 If required check the box for Enable Goodbye URL if you want the system to display a...

Страница 140: ...b Management Interface click on Configuration then RADIUS Proxy The RADIUS Proxy Settings screen appears 2 Enable or disable RADIUS Proxy Services as required by clicking on theappropriate check box 3...

Страница 141: ...ck in the box of the Nomadix VSAs to be enforced by the Proxy for this entry Enforce Bandwidth Up VSA The Radius VSA for Bandwidth Up will be passed on to the Upstream NAS when enabled Enforce Bandwid...

Страница 142: ...to see configured RADIUS service profiles and Realm Routing Policies this will take you to the Realm Based Routing Settings screen Defining the Realm Based Routing Settings Realm Based Routing Use thi...

Страница 143: ...rs that will login with a username in the format type of ISP username In this case the delimiter is and what appears before it ISP is the realm name Create a RADIUS service profile for a RADIUS server...

Страница 144: ...the authorization port in the Port field for the primary RADIUS authentication server This is the port the system uses when authorizing subscribers 4 Enter a secret key in the Secret Key field for th...

Страница 145: ...licy for each realm that will be handled The realm routing policy will reference either a RADIUS service profile or a tunnel profile Many different realm routing policies can reference the same RADIUS...

Страница 146: ...n the Add button to add this Realm Routing Policy 7 When you have completed the definition of your Realm Routing Policy you can return to the previous screen Realm Based Routing Settings by clicking o...

Страница 147: ...rver including SMTP servers which support login authentication To the subscriber sending and receiving E mail is as easy as it s always been This function is transparent to subscribers 1 From the Web...

Страница 148: ...an SNMP client manager for example HP OpenView SNMP is the standard protocol that regulates network management over the Internet To do this you must set up the SNMP communities and identifiers For mo...

Страница 149: ...ess networks For example you can define the user s subnet via the management interfaces 1 From the Web Management Interface click on Configuration then Subnets The Public Subnets Settings screen appea...

Страница 150: ...m Date and Time Time You can set the system time from local hardware or your choice of NTP server s The NSE supports automatic daylight Savings Time adjustment and official IANA iana org time zones Yo...

Страница 151: ...its BIOS then displays the new date and time If you select External Time In the Server Timeout field enter the number of seconds before the NSE gives up on receiving a time response from the NTPserve...

Страница 152: ...hat have been defined for this descriptor Select a condition type from the Add Condition menu and define the matching parameters Once added conditions will be displayed in the condition list 6 Select...

Страница 153: ...g 4 If URL Filtering is enabled you can add or remove up to 300 addresses in theIP DNS Name field After entering the address you want to add simply click on the Add button the address will be added to...

Страница 154: ...r login types 1 From the Web Management Interface click on Configuration then Zone Migration The Zone Migration Settings screen appears 2 Select Relogin after migration to enable the Zone Migration fe...

Страница 155: ...ovides the option to require relogin after migration between ports that are within a given zone The default is Disabled Existing Zones Zones that have already been defined are listed here and can be e...

Страница 156: ...slation DAT allows all users to obtain network access regardless of their computer s network settings To view the DAT Session Table go to the Web Management Interface click on Network Info then click...

Страница 157: ...These statistics are presented as a listing that details the current status of each ICMP transmission element To view the ICMP Statistics go to the Web Management Interface click on Network Info then...

Страница 158: ...With IP transmissions data is broken up into packets which are then sent over the network By using IP addressing Internet Protocol ensures that the data reaches its destination even though different...

Страница 159: ...IP Usage To view the current NAT IP Address Usage go to the Web Management Interface click on Network Info then click on NAT IP Usage The NAT IP Usage summary screen appears Displaying the Routing Tab...

Страница 160: ...anagement Interface click on Network Info then click on Sockets The Socket Table screen appears Displaying the Static Port Mapping Table Static Port Mapping You can display a table which provides a de...

Страница 161: ...rotocol statistics which are presented as a detailed listing of all TCP elements and their current status TCP is a standard protocol that manages data transmissions across networks To view the TCP Sta...

Страница 162: ...ailed listing of all UDP elements and their current status UDP is an Internet standard transport layer protocol It is a connectionless protocol that adds a level of reliability and multiplexing to the...

Страница 163: ...n of 14 99 an hour with PayPal billing This feature is called Port based Policies Port based Policies must be enabled from the Configuration AAA page Adding and Updating Port Location Assignments Add...

Страница 164: ...at the Location field consists only of numbers no alpha characters or symbols All alpha characters used for locations and descriptions are case sensitive 3 In the Port field enter the port the VLAN ID...

Страница 165: ...arameter is set PayPal billing for a port is enabled only if PayPal Services is globally enabled AND the per port enable PayPal billing parameter is set PMS billing for a port is enabled only if PMS S...

Страница 166: ...t Location Assignment by Description screen appears 2 In the Enter Description field enter the description of the assignment you want tofind The system ignores the case upper or lower of the character...

Страница 167: ...ort location assignment based on its port This procedure is useful if you want to review the details of a specific port location You can also find port locations based on their description or location...

Страница 168: ...n location txt file FTP to the Access Gateway s flash directory for example IP address flash location txt and upload the file See also Creating a location txt File on page 156 1 From the Web Managemen...

Страница 169: ...ocation 1 charge for use and 2 blocked If you do not assign a conditional state the state is registered as No Charge by default Description Use a meaningful description for the assignment Displaying t...

Страница 170: ...a conference room can communicate with each other without NSE intervention Subscribers can communicate with each other when on the same VLAN and the same IP subnet The NSE will not respond to any ARP...

Страница 171: ...tration 159 Use the following steps to enable intra port communication 1 Click Port Location List Click on the Port number The Process Port Location Assignment screen appears 2 Click Allow Intra port...

Страница 172: ...iber Type Profile on page 160 Adding a Device Type Profile on page 161 Adding a Group Type Profile on page 163 For more information about subscriber access and billing options see the following sectio...

Страница 173: ...nutes for the subscriber s authorized access time When the assigned time expires the subscriber must re subscribe to the service 11 Enter an amount in the Paid field 12 The next two fields User Defina...

Страница 174: ...able 1 and User Definable 2 are optional Usethese fields for simple notations about thedevice 11 Define the Min Upstream Bandwidth and Max Upstream Bandwidth range forthis device in Kbps 12 Define the...

Страница 175: ...xpiration date for the group account 4 Define the DHCP Address Type Public or Private only used when the IP Upsell feature is enabled otherwise leave this set to private 5 Enter a valid Subnet address...

Страница 176: ...a listing of all the subscribers currently connected to the system The list includes the MAC addresses of the subscribers their active state the individual expiration times port numbers if assigned b...

Страница 177: ...y User This procedure shows you how to delete a subscriber profile from the Access Gateway s database of authorized subscribers based on the profile s user name To see a current listing of the subscri...

Страница 178: ...iles from the Access Gateway s database of authorized subscribers Use this procedure when you want to clean up the subscriber database 1 From the Web Management Interface click on Subscriber Administr...

Страница 179: ...subscriber s MAC address and the access time remaining for thissubscriber 1 From the Web Management Interface click on Subscriber Administration then Find by User The Find a Subscriber Profile screen...

Страница 180: ...flash directory This log contains accounting messages exchanged with downstream servers and upstream NASs The size of the log file is limited to 2000 records accounting messages or 320000 bytes when...

Страница 181: ...authorized subscribers The displayed list includes the number of subscribers currently in the database Current Table and a numerical breakdown of how the subscribers can utilize the system for example...

Страница 182: ...s online on a time X over period Y basis Standard billing plans where time X period Y can be used concurrently with X over Y plans For example multiple plans with flexible billing event options can be...

Страница 183: ...d X over Y plans that are currently active To view or edit a billing plan click the View Edit Delete button opposite the corresponding plan The Internal Billing Options Plan Setup or Internal Billing...

Страница 184: ...ACCESS GATEWAY 172 System Administration...

Страница 185: ...tion for this billing plan in the Description of Service field 4 If desired enable Facebook Login and specify a plan duration 5 Define the Pricing schemes for this billing plan rate per minute per hou...

Страница 186: ...troduction Message Offer Message Policy Message 14 Define the Units of Access Minute Hour Day Week or Month you want tomake available to subscribers 15 If you want to allow free access to subscribers...

Страница 187: ...op up window that is presented to subscribers allowing them to select their bandwidth and billing plan options quickly and efficiently and displays a dynamic time field to inform them of the time rema...

Страница 188: ...ogout Console Enable one of thefollowing a ICC Information and ControlConsole b Nomadix Logout Console 4 If you enabled either ofthe ICC pop up options you can choose a unique name for the console Sim...

Страница 189: ...e button and the mouse over text The mouse over text is the text that appears in the ICC s Message Bar when your mouse pointer rolls over a button image Target URL Where subscribers are sent when they...

Страница 190: ...e parameters for your banner s Name Text Target URL Image Name see following note Duration secs Start Time Optional Stop Time Optional If you assign or change button images or banner images the Access...

Страница 191: ...text displayed to your users by the Internal Web Server IWS without any HTML or ASP knowledge The language you select here will determine the language encoding that the Access Gateway s Internal Web S...

Страница 192: ...into Japanese and enter and display Japanese characters on the Web Management Interface and the subscriber s portal page choose the Japanese Shift_JIS option If you want to have the ICC displayed in E...

Страница 193: ...all pages and images cannot exceed 200 KB File names should be labeled using the 8 3 format The pages can now be served by referencing the URL http nseip 1111 web filename or at https nseip 1112 web f...

Страница 194: ...erve to the end users Note The name of the web page has to be added in order for it to be served to the end users Uploading the web page to the web directory is not sufficient Image File Name This tex...

Страница 195: ...ubscriber Interface then Login UI The Subscriber Login User Interface Settings screen appears 2 Define the messages you want subscribers to see when they log in Keep messages brief and to the point Av...

Страница 196: ...must be defined using an IS0 4217 currency code for example USD for US Dollars GBP for Great British Pounds 9 Enter a numeric value for the Number of decimals for amount This field defines the number...

Страница 197: ...o reboot the Access Gateway and make the changes take effect immediately or click on the Restore button if you want to reset all the values to their previous state If you made changes to the Image Fil...

Страница 198: ...billing mechanisms for example post paid PMS if your product license supports PMS The IWS page displays the details of the user s connection such as IP address of the user Type of AAA Start Stop time...

Страница 199: ...rred display options by checking the corresponding boxes Display IPAddress Display AuthenType Display StartTime Display StopTime Display Byte Sent Display Byte Received Display Hypertext Link URL 4 If...

Страница 200: ...ubscriber Interface then Subscriber Buttons The Subscriber Page Control Button Definitions screen appears 2 Enter the definitions you want for each control button in the corresponding fields Only the...

Страница 201: ...f you want to reset all field values to their default state click Restore Defaults Defining Subscriber Error Messages Subscriber Errors This procedure allows you to define how error messages are displ...

Страница 202: ...ant to reset all field values to their default state click on the Restore Defaults button 4 Repeat Steps 1 3 for page 2 of 2 Defining Subscriber Messages Subscriber Messages This procedure allows you...

Страница 203: ...ngfields 3 Click on the Save button to save your changes or click on the Clear Changes button if you want to reset all the values to their previousstate If you want to reset all field values to their...

Страница 204: ...creen appears You can view delete or add new ARP table entries from this screen Configurable Gateway ARP Refresh Interval The NSE will periodically refresh its ARP cache entry for the gateway IP When...

Страница 205: ...idge Mode allows complete and unconditional access to devices on the subscriber side of the Access Gateway When the Bridge Mode option is enabled the Access Gateway iseffectively transparent to the ne...

Страница 206: ...Mode Passthrough Settings screen appears 2 Click on the check box for Bridge Mode to enable this feature The Access Gateway should be rebooted if this setting is changed 3 If you want the changes to...

Страница 207: ...to replace the current system configuration settings with the factory default settings and reboot the Access Gateway Defining the Fail Over Options Fail Over Your product license may not support this...

Страница 208: ...cess Reboot and Uptime activities The history log contains up to 500 entries Over 500 entries and each new log item removes the oldest entry in the list The latest entry is always at the top of thelis...

Страница 209: ...by entering either an IP address or DNSname of host This is the site that you want the ping to be sent to from theNSE 4 Click on the Save button to save your changes or click on the Restore button to...

Страница 210: ...e logins have been assigned managers have the ability to perform all write commands Submit Reset Reboot Add Delete etc but operators cannot change any system settings Administrative Concurrency may be...

Страница 211: ...forget your password you will need to contact technical support See also Technical Support on page 347 6 If you enabled Administration Concurrency repeat steps 3 to 5 for an operator login and if des...

Страница 212: ...gers Only If RADIUS is enabled you can enter a login name in theRADIUS Remote Test Login field For RADIUS logins the maximum number of characters for usernames is 96 The maximum number of characters f...

Страница 213: ...ing on a remote host in the form of a PCAP formatted file Note that a utility that is capable of reading and displaying PCAP formatted files such as Wireshark is required in order to view theresults 1...

Страница 214: ...pleting all your changes 1 From the Web Management Interface click on System then Reboot The RebootDevice screen appears 2 Click OK to reboot the operating system Routing Tables Routing This command a...

Страница 215: ...address of the route you want to add to the routing table This is the Destination IP or Subnet that the Route is trying to reach with the prefix length to determine how large the subnet mightbe 3 Ente...

Страница 216: ...e this feature as required 3 Enter values for the following session limiting parameters Mean Rate Burst Size Time Interval inseconds 4 Click on the Save button to save yourchanges For advanced securit...

Страница 217: ...he Remote IP Address Leave this field set to zero if you want to connect to the internal device from any network sideworkstation 8 Optional Enable the Protect with Source IP based Access Control optio...

Страница 218: ...Click on the Delete button to delete the static port or click on the Restore button to reset your changes to their previous state For more information about Static Port Mapping see also Displaying th...

Страница 219: ...egrates this address with a PMS interface for secure billing Like a router the Access Gateway continuously tracks subscriber IP and MAC settings eliminating the need for further sign ins and ensuring...

Страница 220: ...ateway offers powerful billing support functionality called Authentication Authorization and Accounting This feature also known as AAA employs a combination of command routines designed to create a fl...

Страница 221: ...scribers on a local flash database By looking up subscribers on a remote database The Authentication module can support user name and MAC address authentication simultaneously The initial login page c...

Страница 222: ...ized to access the system Once authorized the subscriber s activity is logged and billed through the Access Gateway s Accounting module The Accounting module fully supports the following functions Pay...

Страница 223: ...a login interface between subscribers and the solution provider s network including the Internet The internal Web server is flashed into the system s memory and the login page is served directly from...

Страница 224: ...e French German Japanese and Spanish Home Page Redirection The Access Gateway can be configured to redirect all valid subscribers to a Web portal or home page determined by the solution provider After...

Страница 225: ...izes access to the Internet A possible scenario for using this model is to allow Internet access to administrative personnel in alllocations User Name and Password Each subscriber can choose a unique...

Страница 226: ...ernal Authorization Enabled Enter PayPal s App Name Client ID Webhook ID set the proper secret code and select if you are using a Live Environment information obtained from your PayPal account If you...

Страница 227: ...s a HTML based applet in the form of a pop up window from which subscribers can dynamically control their billing options and bandwidth and which allows service providers to display advertising banner...

Страница 228: ...GATEWAY 216 The Subscriber Interface Quick Reference Guide This chapter contains product reference information organized by topic Use this chapter to locate the information you need quickly and effic...

Страница 229: ...in this menu allow you to define how the subscriber interface is displayed to users and what information it contains System Menu Displays the System menu Items in this menu let you manage login names...

Страница 230: ...ctionality exists IPSec IPsec is an end to end security scheme operating in the Internet Layer of the Internet Protocol Suite It can be used in protecting data flows between a pair of hosts host to ho...

Страница 231: ...s or removes up to 300 specific IP addresses and domain names to be filtered for each property User Agent Filtering User agent Filtering is a capability that can filter software that is acting on beha...

Страница 232: ...the displayed ports has individual iNAT Subscriber tunnel settings accessible by clicking on that port s link A new improved interface allows easy deletion of any iNAT address range Packet Capture Su...

Страница 233: ...ole ICC for subscribers Language Support Defines the language to be displayed on the Web Management Interface and the subscriber s portal page Local Web Server Upload the required pages and images to...

Страница 234: ...ts previously exported system configuration settings from an archive file Login Sets up the login name and password Mac Filtering Blocks malicious users based on their MAC address Up to 50 MAC address...

Страница 235: ...tion System Current Display currently connected subscribers Subscriber Admin Clustering Set Clustering options Configuration DAT Display the DAT session table Network Info Delete All Delete all port l...

Страница 236: ...performance statistics Network Info Language Support Define different languages Subscriber Interface List Display the room file Port Location List by MAC List the subscriber database sorted by MAC add...

Страница 237: ...scriber profile statistics Subscriber Admin Subnets Enable dynamic multiple subnet support Configuration Subscriber Buttons Define how control buttons are displayed to subscribers Subscriber Interface...

Страница 238: ...ubscriber IP Subnet Mask Default Gateway IP DHCP Client Admin IP 10 0 0 10 10 0 0 11 255 255 255 0 10 0 0 1 Enabled 172 30 30 172 Domain Host Name Primary DNS Secondary DNS Tertiary DNS nomadix AG3100...

Страница 239: ...Usernames XML Disabled Enabled Disabled DNS Redirection SMTP Redirection SMTP Server IP Enabled Disabled 0 0 0 0 SNMP SNMP Get Community SNMP Set Community SNMP Trap IP Disabled public private 0 0 0...

Страница 240: ...FORM Intel based System INTERFACE 1 RJ 45 WAN 3 RJ 45 ETH 1 12VDC Power Connector 1 RJ 45 Console 1 DB 9 Serial Connector 2 USB Connectors 1 Reset 1 Power Button POWER REQUIREMENTS Type Watts 12VDC 5A...

Страница 241: ...IPSec Support PPTP Support Session Rate Limiting SRL User Agent Filtering Mac Address Filtering URL Filtering ICMP Blocking Proxy ARP for device to device communication BILLING PLAN ENABLEMENT RADIUS...

Страница 242: ...EE 802 3 3u 3eb IEEE 802 1d DHCP Server DHCP Relay Multiple Subnet Support IP UPsell DHCP Client PPPoe Client INTELLIGENT ROAMING Realm Based Routing Zone Migration SERVICE PROVISIONING Home Page Redi...

Страница 243: ...ce in a 19 rack 17 24 L x 11 53 W x 1 73 H 438mm L x 292 0mm W x 44mm H Weight 8 8 lbs Weight 4 00 Kg OPERATING VOLTAGE 100 240 VAC 50 60Hz Auto Sensing POWER CONSUMPTION 65 watts ENVIRONMENTAL Operat...

Страница 244: ...J 45 LAN 1 x 10 100 1000 Mbps GigE RJ 45 WAN 1 x DB9 serial PMS Interface 1 x Front Access RJ 45 serial system console LED INDICATORS ACT LINK and 10 100 1000 for each Ethernet port Power NETWORK MANA...

Страница 245: ...rnational Language Support External Web Server Mode Internal Web Server Mode Secure XML API over SSL Login Page Failover BILLING PLAN ENABLEMENT RADIUS Client RADIUS AAA Proxy Port Based Policies Port...

Страница 246: ...ent QoS Tagging Group Bandwidth Management IP ADDRESS MANAGEMENT IEEE 802 3 3u 3ab IEEE 802 1d DHCP Server DHCP Relay Multiple Subnet Support IP UPsell DHCP Client PPPoE Client INTELLIGENT ROAMING Rea...

Страница 247: ...15 000ft REGULATORY FCC Class A UL UL US and Canada CE EN 55022 2010 Class A EN 61000 3 2 2006 A1 2009 A2 2009 EN 61000 3 3 2008 EN55024 2010 IEC 61000 4 2 2008 IEC 61000 4 3 2006 A1 2007 A2 2010 IEC...

Страница 248: ...irect HTTPS Redirect Portal Page Redirect Session Termination Redirect Information and Control Console Pop Up Explicit Logout Button International Language Support External Web Server Mode Internal We...

Страница 249: ...ADVANCED SECURITY iNAT IPSec Support PPTP Support Session Rate Limiting SRL User Agent Filtering Mac Address Filtering URL Filtering ICMP Blocking Proxy ARP for device to device communication POLICY...

Страница 250: ...sole DB9 serial port Property Management Interface POWER 100 240 VAC 50 60Hz 220 watts ENVIRONMENT Operating temperature 0 C to 40 C Storage temperature 20 C to 70 C Operating humidity 5 90 RH Storage...

Страница 251: ...em MUST be powered down before inserting or removing the module Also it is highly recommended that the power cord be removed from the unit as a precaution Severe damage to the module and or the NSE co...

Страница 252: ...ar 31 21 35 15 nomad237 nomadix com INFO AAA 4009 AAA Interface Updated_by_administrator 00 00 0 12 34 56 2 hrs 34 min Mar 31 21 36 05 nomad237 nomadix com INFO AAA 4006 AAA Interface Removed_by_admin...

Страница 253: ...Info 1 2 3 4 INFO Access Gateway v51 4 126 DHCP ndxDHCPInit 0021 DHCP initialized 2003 02 10 11 25 53 Local2 Info 1 2 3 4 INFO Access Gateway v51 4 126 CLISRD 0206 Setting COM1 to 9600 baud 2003 02 1...

Страница 254: ...ACCESS GATEWAY 242 Quick Reference Guide Sample History Log A history log is generated by the Access Gateway which includes the system s activity Access Reboot and Uptime More Listings...

Страница 255: ...a and place it on the clipboard Ctrl X Copy selected data to the clipboard Ctrl C Paste data from the clipboard into a document at the insertion point Ctrl V Copy the active window to the clipboard Al...

Страница 256: ...EWAY 244 Quick Reference Guide HyperTerminal Settings Use the following settings when establishing a HyperTerminal session Item Setting Bits per second 9600 Data bits 8 Parity None Stop bits 1 Flow co...

Страница 257: ...s a Web page to the subscriber asking for a login name and password This information password is encrypted and sent across the network to the ISP s RADIUS server The RADIUS server decrypts the informa...

Страница 258: ...ed for 802 1x Class Session Timeout Idle Timeout EAP Packet used for802 1x Message Authenticator used for802 1x Acct Interim Interval Nomadix VSAs Nomadix Bw Up Nomadix Bw Down Nomadix URL Redirection...

Страница 259: ...t in the Access Gateway Web Management Interface WMI If the Radius server does not send a Session Timeout the Access Gateway will set the subscriber expiration time to 0 which means access forever Log...

Страница 260: ...pt If this attribute is present the Access Gateway tries every Acct Interim Interval seconds to send a Radius Accounting Interim message for the specific subscriber If this attribute is not present or...

Страница 261: ...e NSE will log the user out at midnight Nomadix Logoff Url 10 Passed in the Access Request to the Radius server This is a required attribute for WISPr Implementation is determined by the property owne...

Страница 262: ...or Eth5 to identify what interface the user will try to send traffic on Nomadix Bw Class Name 27 Class name in dotted notation Nomadix MaxBytesTotal 28 Total amount of traffic up and down for a user...

Страница 263: ...o use a different Certificate Authority For Nomadix technical support go to Contact Information on page 268 Obtain a Private Key File cakey pem To create a Private Key File you must install OpenSSL on...

Страница 264: ...EWAY 252 Quick Reference Guide 2 Click Next The following screen appears 3 Click Next to display the next setup screen 4 Click Next to display the next setup screen 5 Click Next to display the next se...

Страница 265: ...or the purposes of this document Nomadix used ftp planetmirror com 8 In the following screens skip all packages except cygwin and openssl then click Next when you are done At the time of this writing...

Страница 266: ...ess is completed At the pop up dialog click OK Private Key Generation 1 Create a directory from Root and put 5 random files a dat b dat c dat d dat and e dat see note into the C cygwin bin directory o...

Страница 267: ...mmended by VeriSign These files are entered in the key generation command as file1 file2 file3 file4 file5 Output to cakey pem The file that contains the private key You must have the file name cakey...

Страница 268: ...a request new Defining a new request key from private key Output to server csr the output file 2 Fill in your company information If States or Province names do not exist in your country please repea...

Страница 269: ...or Netscape go to www verisign com products site index html 2 Select Buy for Secure Site Service 3 Select Buy Now for 40 bit SSL Secure Server ID or 128 bit SSL Global Server ID Some older versions o...

Страница 270: ...l data into the edit box 5 Select the purchase method and submit the required contact information For Expedited Service you will typically be able to get the Public Key by email within two days For Re...

Страница 271: ...e settings in the Web Management Interface WMI go to Configuration Menu on page 68 Setting Up the Portal Page System administrators can create login button s on the Portal Page and can setup http link...

Страница 272: ...ere is a message billing record in the message queue the system wakes up and performs the following tasks 1 Stores the billing record in the flash 2 Create an XML packet based on the new billing recor...

Страница 273: ...regular string AMOUNT 234 34 TRANS_TYPE CC RESULT_VALUE OK or ERROR IP Standard IP address format 123 123 123 123 The packet after the HTTP headers added looks like this XML to Access Gateway The Acce...

Страница 274: ...RMTLOG_ACK ACK_VALUE ERROR ACK_VALUE IP_ADDR 11 22 33 44 IP_ADDR ERROR_CODE 5 ERROR_CODE USG Format for each Field RESULT_VALUE OK or ERROR IP Standard IP format 123 123 123 123 ERROR_CODE1 for OK or...

Страница 275: ...his chapter provides information to help you resolve common hardware and software problems It also contains a list of known error messages associated with the Management Interface General Hints and Ti...

Страница 276: ...k the unit s ventilation holes and do not stack with other equipment unless correctly mounted in a rack If you suspect the unit is overheating check that the internal cooling fan is operating correctl...

Страница 277: ...for these fields NFS client support not included This message is displayed when the system reboots and NFS clients are not supported No matching MAC address found in profile database The system could...

Страница 278: ...h IP address specified If you specified a subnet is it correct If you suspect the subnet try using 255 255 255 0 The DHCP relay is disabled and the DHCP service settings in the Access Gateway are misc...

Страница 279: ...you to diagnose and solve your problem if the problem is related to the Access Gateway Additionally you should check with your network documentation to verify that the network components are function...

Страница 280: ...act Information You can contact us by Email fax telephone or regular mail Telephone 1 818 575 2590 E mail support nomadix com Fax 1 818 597 1502 Address Nomadix Inc 30851 Agoura Rd Suite 102 Agoura Hi...

Страница 281: ...ithin a campus network 802 1Q establishes a standard format for frame tagging Layer 2 VLAN markings enabling the creation of VLANs that use equipment from multiple vendors 10 100 Ethernet See Ethernet...

Страница 282: ...offer multi gigabit bandwidth See also Bandwidth and Packet Bandwidth The maximum speed at which data can be transmitted between computers across a network usually measured in bits per second bps If...

Страница 283: ...ame on the World Wide Web See also DNS Internet and IP Address Driverless Print Servers Servers that can bill subscribers rooms for printing their documents without them having to install printers See...

Страница 284: ...ach data stream and then combines many modulated carrier frequencies for transmission For example television transmitters use FDM to broadcast several channels at once FHSS Frequency Hopping Spread Sp...

Страница 285: ...te See also Portal and URL Host Any computer that provides services to other computers that are linked to it by a network Generally the host is the more remote of the computers For example if a user i...

Страница 286: ...me location See also Internet and IP Address Internet Service Provider The agency that provides you with access to the Internet Your Internet Service Provider ISP may be a large commercial organizatio...

Страница 287: ...nt station can query or establish in the SNMP agent of a network device for example a router Standard minimal MIBs have been defined and vendors often have their own private enterprise MIBs In theory...

Страница 288: ...8 bytes In IP networks packets are often called datagrams See also Forwarding Rate Packet Switching Network pps and Throughput Packet Switching Network Refers to protocols in which messages are divide...

Страница 289: ...QoS can be characterized by several basic performance criteria including availability low downtime error performance response time and throughput lost calls or transmissions due to network congestion...

Страница 290: ...lution provider is offering a solution that isn t readily available on the open market For example NOMADIX is a solution provider to its customers broadband network service providers and those custome...

Страница 291: ...and a client command line utility You can log to files terminal devices logged on users or even forward to other syslog systems See also Daemon TCP Transmission Control Protocol Manages data into sma...

Страница 292: ...based solely on the Earth s inconsistent rotation rate with highly accurate atomic time When atomic time and Earth time approach a one second difference a leap second is calculated into UTC UTC was de...

Страница 293: ...adix Gateways WPA Wi Fi Protected Access A Wi Fi standard that was designed to improve upon the security features of WEP The technology is designed to work with existing Wi Fi products that have been...

Страница 294: ...ACCESS GATEWAY 282 Glossary of Terms...

Отзывы:

Нет отзывов