User Manual 4ipnet HSG260/327
Contents
1. eee ee eere 23 4 1 System Wireless General Settings c cccsscccsssccsscscssssccsssscesssccsseccsssscesseccssaseesscessseccesscessseeesnases 23 AP TOME Wr Cle ss BOPHIIES ocaecat enini EENE E E ENESA AEE EEAO 25 Ao 200e WRC NCS SSO Cy occas scia steve ects epee E E E e E NE ETE ENEE EEE ESEN E EA EEUE 28 AeA Wireless Layer 2 CI ersero m 30 AAi Genar er uea Rules a AEE M E MM ILI ee AEE 31 4 4 2 Predefined and Custom Service Protocols eese eene eeeennennnre esee ennt 35 An A OE a E E E A E 36 5 Who Can Access the Network ccccccccccsssssscsscsssssssccccsscssssccsscssssssccessscees 37 oa DEO U a A A E A OEE E E EEE 37 D OC hea e e E EE E E E A E E E 38 NR RDU e A aie anesatnanenanteacnics 41 BAS On Demand USET RE T T 45 CS MEE IU O e E TEE AE ATE E oan a see ae 54 O e ol 0 20 T E EE ee A eee E E E A E eee 55 10 4ipnet cts HSG Wireless Hotspot Gateway ENGLISH 521i Delak AwbhentcallON Emm 55 S Lo mwih POSTINI ERROR 55 52 3 An Example ol User Logi nereis aE R E Osa heh pa EEA EA EUN E OUS 55 Rostron the US OPS araon E EEEE 58 MEE PACKU e E EE E E E E E E E E 58 51 208 TO a A E AE A AE AAA A een eee 60 o Po 9 A E E E A AANA A A A A EE E E A ee 60 OR MEME 0 RON a a A a E ET AE EE EEE E aE a 62 OS N a E E E A E 63 on P DSTO E a E E E S 66 OA lt 0 0101 1 a E E E E T A E 67 6 3 5 User Privilege2. 13 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 3 2 3 PPTP PPTP Although not a popular method PPTP protocol for dialup connections is adapted by some ISPs in European Countries Your PPTP ISP will issue you an account with a password as well as the PPTP server address o Ss T P System Users Network Utilities Status General Y WAN WAN Traffic IPv6 N LAN Port Mapping Service Zones M Layer 2 Firewall N Main Menu gt System gt WAN WAN Interface Setting Static Use the following IP settings Dynamic IP settings assigned automatically 2 PPPoE PPTP Type Static DHCP PPTP Server IP Address Username Password PPTP Connection ID Name Dial on Demand Enable Disable C Learn DNS Server Address During Negotiation Preferred DNS Server ii Alternate DNS Server 14 User s Manual e 4upnet sce Hotspot Gateway ENGHISH 3 3 Internet Connection Detection To configure Internet Connection Detection go to System WAN Traffic 35 e A e Vstom Users Network Utilities Status General N WAN WAN Traffic IPv6 LAN Port Mapping Service Zones N Layer 2 Firewall Main Menu gt System gt WAN Traffic WAN Traffic Settings Enable Bandwidth limits on WAN Available Bandwidth whine f 10 1 i ee seg Kbps Range 10 1000000 Kbps Range 10 1000000 WAN Connection Detection E Warning of Internet Disconnection e I
3. B 4 Sam a Qo T Y g K 1 T x i P Ed ue j P 4 j PD fi 2 E b g s tor your IP network User s Manual V1 10 HSG Series Wireless Hotspot Gateway y 4 net User s Manual Dp HSG Wireless Hotspot Gateway ENGLISH Copyright amp Disclaimer Copyright The contents of this publication may not be reproduced in any part or as a whole stored transcribed in an information retrieval system translated into any language or transmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission of 4IPNET INC Disclaimer AIPNET INC does not assume any liability arising out the application or use of any products or software described herein Neither does it convey any license under its parent rights not the parent rights of others 4IPNET further reserves the right to make changes in any products described herein without notice The publication is subject to change without notice Trademarks AIPNET 4ipnet is a registered trademark of 4IPNET INC Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective OWNETS 4ipnet vctus HSG Wireless Hotspot Gateway ENGLISH Table of Contents 1 TROOPS FOIE SUI Uo unen orien od E TE E EEEE 1 C CEEME GIC gt gn En 1 L2 Doomen enn nier mmm l o Pale ch Ee e rn E EN EAN 2 2 System Overview and G
4. Amplitude Amplitude Amplitude long illuminated intervals t Amplitude Amplitude Amplitude Constantly on t Fast Flashing t Constantly off t Short illuminated Special flashing t intervals t 177 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Right Side Panel Overview 1 2 3 Right Side Panel 1 Kensington Lock Be used to lock the device to a pole 2 Restart Reset Press once to reboot the system Hold for five seconds to make SDS200W set back to factory default settings 3 TAS Terminal Auto Setup TAS Press three seconds to initiate the auto uplink connection process This will be introduced later Left Side Panel Overview Left Side Panel 1 Console Serial port for connecting to a POS printer 2 Ethernet RJ 45 Ethernet port Serial port for connecting to the uplink gateway via wire 3 5V 1 5A The DC power socket for connecting to an external power source through a DC power supply 4 Antenna Assemble the dipole antenna within the package here connector Caution The SDS200W requires a lower voltage for operation even though it has the same power adaptor socket as PRT100 Make sure that the correct power adaptor is used 5V 1 5A for SDS200W 178 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Including SDS200W into Your Network The following diagram illustrates some deployment examples that show how the SDS200W can be connected to the POS printer and 4i
5. Select Interface WAN Select Interface Service Zone Private Service Zone Private DHCP Server VAP 1 Network Interface Mode MAC Address IP Address Subnet Mask IPv6 Address IPv6 Prefix Network Interface Mode MAC Address IP Address Subnet Mask IPv6 Address Status WINS IP Address Start IP Address End IP Address Lease Time BSSID ESSID SecurityType Online 107 STATIC 00 1F D4 01 DC 39 10 30 40 8 255 255 0 0 N A N A NAT 00 1F D4 01 DC 3A 192 168 1 254 255 255 0 0 N A Enabled N A 192 168 1 1 192 168 1 100 1440 Min s 00 1F D4 01 DC 3B HSG260 D NONE 0 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Network Interface Select Interface Public Y Mode NAT MAC Address 06 1F D4 01 DC 3A Service Zone Public IP Address 172 21 0 254 Subnet Mask 255 255 0 0 IPv6 Address N A Status Enabled WINS IP Address N A Service Zone Public Start IP Address 172 21 0 1 DHCP Server Lease Time 1440 Min s BSSID 06 1F D4 01 DC 3B ESSID HSG260 VAP 2 p n M SecurityType NONE Online 0 End IP Address 172 21 0 100 108 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual The description of the above mentioned table is as follows Lo 0 m 4 1 metn SS ae MAC Address IPv6 Address The IPv6 address of WAN port if applicable E Prefix The IPv6 prefix if applicable IPv6
6. Value String includes 166 User s Manual HSG Wireless Hotspot Gateway ENGLISH password Only available for LOCAL user The URL which shall be submitted when user want to create on demand user Only available for LOCAL user VLAN ID Gateway activated WAN IP address Client IP address Service Zone ID Group index Policy index Maximum up link rate Maximum down link rate Minimum up link rate Minimum down link rate Leads client to URL RADUIS CLASS attribute Only available for RADIUS user WISPr Session Terminate Time attribute Only available for RADIUS user WISPr Session Terminate End Of Day attribute O or 1 to indicate termination rule Only available for RADIUS user WISPr Billing Class Of Service attribute Only available for RADIUS user WISPr Location ID attribute Only available for RADIUS user WISPr Location Name attribute Only available for RADIUS user WISPr Billing Time attribute Only available for RADIUS user Encrypted session information Description Error message 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH The system is busy Please try again later Cannot find session related information lt BR gt Please enable the Cookie in the browser setting or open a website to get a Cookie Invalid IP address Please check the IP address and try again Invalid MAC address Please check the MAC address and try again Sorry yo
7. gt Interface Including WAN Private and Public 110 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 11 1 4 Current Users To view Current Users go to Status gt gt Current Users On this page each online user s information including Username IP Address MAC Address IPv6 Address Pkts In Bytes In Pkts Out Bytes Out Service Zone VLAN Group Policy Authentication Method Authentication Database Online Idle and Kick Out will be shown Administrators can force out a specific online user by clicking the hyperlink of Kick Out Click Refresh to update the current users list Online Users List Auth Online Username MAC Address Pkts In Out SZ VLAN Method Sec No x Idle Kick Out IP Address IPv6 Address Bytes In Out Group Policy Database Sec Total 0 First Prev Next Last GotoPage Page 1 1 Row per Page 50 v Non Login Devices shows users that have acquired an IP address from the system s DHCP server but have not yet been authenticated either under the LAN or remotely tunneled site This feature is designed for administrators to keep track of systems resources from being exhausted The list shows the clients MAC Address IP Address and associated VLAN ID as well as the Service Zone Non Login Device List MAC Address IP Address VLAN ID Service Zone Total 0 First Prev Next Last Go to Page Y Page 1 1 Row per Page 50 v The On demand Roaming Out User List shows the users that are
8. 0 59 they cannot all be zero _ Fisttime login must be done within 5 day s le Account Activation peuris Range of haur z 0 23 they cannot both be zero ne gt Price Range 0 100000 induding two digits after decimal paint e g 1 59 Group Group 1 Reference TIR If the Account Type is Usage Time Customer can access internet as long as the account is valid with remaining quota connection time and within the valid period Customer alse needs to activate the issued account within a given time period by logging in for the First time GENES Ge Usage time No Expiration account lifespan lt gt Activation Time Quota up QU Deletion Time Creation Time DT CT my Invalid Valid 143 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Hotel Cut off time Hotel Cut off time is the clock time normally check out time at which the on demand account is cut off made expired by the system on the following day or many days later On the account creation UI of this plan operator can enter a Unit value which is the number of days to Cut off time according to customers stay time For example Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account Is cut off that allows user to continue to use the on demand account to acc
9. 32 v 5 255 255 255 255 32 v 6 255 255 255 255 32 v 7 255 255 255 255 32 v 8 255 255 255 255 32 v o Destination IP Address The destination network address or IP address of the destination host Please note that if applicable the system will calculate and display the appropriate value based on the 67 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual combination of Network IP Address and Subnet Mask that have just been entered and applied o Destination Subnet Netmask The subnet mask of the destination network Select 255 255 255 255 32 if the destination is a single host o Gateway IP Address The IP address of the gateway or next router to the destination 68 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 2 Default Gateway gt Default Gateway The default gateway of a desired IP address can be defined in each Policy except Global Policy When Specific Default Route is enabled all clients applied with this Policy will access the Internet through this default gateway Specific Routes Profile 1 Select Profile Profile 1 v Enable v Default Gateway IP Address E o Enable Check Enable box to activate this function or uncheck to deactivate it o Default Gateway IP Address You may need to fill in the IP address of the default gateway 69 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 6 3 5 User Privilege Administrator can choose to allow use
10. Except for System Log each supported log may be assigned Tag information as well as SYSLOG standard attributes Severity to meet the filtering requirements on the SYSLOG Server HTTP Web Log can further select which Service Zone Web interface information to log For each type of log information whenever an incident occurs and data is updated the updated log will be immediately sent to the configured SYSLOG server SYSLOG Settings SYSLOG Enabled Disabled SYSLOG Server 1 IP Address Port SYSLOG Destinations SYSLOG Server 2 IP Address Port SYSLOG Level emergency v Note When the number of a user s session TCP and UDP reaches the session limit specified in the policy a record will be logged to this SYSLOG server 120 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 11 2 3 FTP This configuration page allows the setting of FTP Server to send including the types of Roaming Out Users Log Roaming In Users Log On demand User Billing Report Session Log Local HTTP Web Log HTTP Web Log WMI Configuration Log DHCP Lease Log Traffic Report User Log or On demand User Log based on Server Folder and Interval FTP Settings IP Address Port FTP Destination Anonymous Yes No FTP Setting Test SendTestLog FTP Server Settings FTP Destination Configures the common settings of the FTP server that the logs will be sent to Further settings can be configured under Notification Settings which incl
11. LUSR amp T RTHP Input Filter U S Robotics Inc Description not yet defined USA AT ATMP Output Filter U S Robotics Inc Description nat yet defined u s USR AT zip Input Filter 4 Robotics Inc Description not yet defined gj k 134 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Step 4 Add a new attribute under Vendor specific Set Vendor Code 21920 Check Yes to conform to the RADIUS RFC Click Configure Attribute to proceed Set Vendor assigned attribute number 10 Select Attribute format Hexadecimal Set Attribute Value 1000000 Step 5 Confirm whether the Vendor specific Attribute has been added successfully 135 HSG Wireless Hotspot Gateway H 4ipnet User s Mane Multivalued Attribute Information Pix eer Rui Step 6 Follow the same steps to create other Vendor specific Attributes if needed 136 User s Manual HSG Wireless Hotspot Gateway ENGLISH 4ipnet 3 VSA configuration in RADIUS server FreeRADIUS This section will guide you through VSA configuration with FreeRADIUS v1 0 5 running on Fedora Before getting started open the shell of RADIUS server for example use Putty to access the Linux host is PuTTY Configuration Category 2 Session Logging S Terminal Keyboard Ball Features wW indew Appearance Behaviour Translation Selection Colours B Connection Data Proxy Telnet Alogin
12. 85H Serial Step 1 Basic options for your PuTTY session Specify the destination you want to connect to Host Name or IP address Fort 10 2 3 217 2 Connection type O Ras Telnet C2Rlogin 9 SSH C2 Serial Load save ar delete a stored session Saved Sessions Default Settings Close window on exit O Always Never 9 Only on clean exit Confirm the following key elements in the RADIUS server users groups Verify whether there are already users in the RADIUS Server Verify whether there are already Groups and assigned users belonging to these Groups in the RADIUS Server Step 2 Log in to the Linux host of the RADIUS server r 4 0 g 2 wvivianglinux login as vivian Wiviand10O 2 3 217 s p Last login Thu Oct 3I vivian linus 2 Saword 13 53 37 2008 from 10 29 2 97 Step 3 Create a file dictionary HSG under the freeradius folder 137 E mM 4ipnet User s Manual 7 vivian linux 5 vi usr share freeradius dictionary Step 4 Edit and save the contents of the file dictionary HSG as follows Byte imount interger Administrator can also add other attributes as the table stated in Section 2 with the same format VENDOR H H Standard attribute H ATTEIBUTE Byte imount intercder ATTEIBUTE HaxByteIn interger ATTRIBUTE MaxByterIn D interger ATTRIBUTE Byte mount 4ZGcB a interger ATT
13. Firewall Profile 1 Service Protocols List No Name Description Select All 0 ALL ALL 1 ALL TCP TCP Source Port 0 65535 Destination Port 0 65535 2 ALL UDP UDP Source Port 0 65535 Destination Port 0 65535 3 ALL ICMP ICMP Type Any Code Any 4 FTP TCP UDP Destination Port 20 21 5 HTTP TCP UDP Destination Port 80 6 HTTPS TCP UDP Destination Port 443 7 POP3 TCP Destination Port 110 8 SMTP TCP Destination Port 25 E DHCP UDP Destination Port 67 68 10 DNS TCP UDP Destination Port 53 The administrator is able to add new custom service protocols by clicking Add and delete the added protocols individually or with Select All followed by Delete operation Caution The Predefined Service Protocols can not be deleted Click Add to add a custom service protocol The Protocol Type can be defined from a list of service by protocols TCP UDP ICMP IP and then define the Source Port range and Destination Port range click Apply to save this protocol 63 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Add Service Protocol Name Protocol Type TCP Source Port Ton 65535 Destination Port LES 65535 LAMB GCE If the Protocol Type is ICMP the Type and Code needs to be defined Add Service Protocol Name Protocol Type ICMP Type Code If the Protocol Type is IP the Protocol Number needs to be defined Add Service Protocol Name Protocol Type IP gt Protocol Number Apply 2 Us
14. Insert Before denotes to insert a rule before the current rule and Delete denotes to delete the rule gt gt To edit a specific rule Edit in Operation column of firewall rules will lead to the following page for detailed configuration On this page the rule can be edited from an existing rule for revision General WAN WAN Traffic IPv6 LAN Port Mapping Service Zones Layer 2 Firewall Main Menu gt System gt Layer 2 Firewall v vv NN o MERE Link Layer Confiquration EL ON Rule Number The numbering of this specific rule will decide its priority among available firewall rules on the list Rule name The rule name can be denominated here Action for Matched Packets The rule can be chosen to be Block or Pass packets that match the rule criteria Rule Remark The additional reference note of this rule can be specified here EtherType The drop down list will provide the available types of traffics subject to this rule Interface For specifying the traffic direction To or From VAP2 subjected to this rule IPv4 Service when EtherType is IPv4 Select the available upper layer protocols services from the 32 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH drop down list gt DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for the fields in 802 2 LLC frame header gt SNAP Type when EtherType is IEEE802 3 The field can be used to indicate the ty
15. S TCP UDP Destination Port 53 Total 27 First Prev Mext Last 2 HTTI e HTTP TCP UDP Destination Port 443 s 35 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 4 4 3 Advanced Advanced Firewall Settings can be enabled to supplement the firewall rules providing extra security enhancement against DHCP and ARP traffics traversing the available interfaces of the system General WAN Y WAN Traffic IPvG LAN Port Mapping Service Zones Layer 2 Firewall Main Menu gt System gt Layer 2 Firewall Advanced Firewall Settings amp Enable C Disable DHCP Snoopin Sy s Trust DHCP Server List Configure Enable Disable Force DHCP Enable Disable ARP Inspection p Broadcast Enable Disable Static List Configure DHCP Snooping When enabled DHCP packets will be validated against possible threats like DHCP starvation attack In addition the Trusted DHCP List IP MAC can be used to specify legitimate DHCP servers to prevent rouge DHCP server ARP Inspection When enabled ARP packets will be validated against ARP spoofing o Force DHCP option when enabled the AP only learns MAC IP pair information through DHCP packets Since devices configured with static IP address does not send DHOP traffic any client with static IP address will be blocked from internet access unless its MAC IP pair is listed and enabled on the Static List o Broadcast can be enabled to let o
16. This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Authorize Net Test Mode In this mode merchants can post test transactions for free to check if the payment function works properly MD5 Hash If transaction responses need to be encrypted by the Payment Gateway enter and confirm a MD5 Hash Value and select a reactive mode The MD5 Hash security feature enables merchants to verify that the results of a transaction or transaction response received by their server are actually sent from the Authorize Net 150 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH gt Service Disclaimer Content Choose Billing Plan for Authorize Net Payment Page Client s Purchasing Record Plan oO wm amp W N N 10 Starting Invoice Number m Description Item Name E mail Header Service Disclaimer Content We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us E Choose Billing Plan for Authorize Net Payment Page Enable Disable Quota Price Enable Disable 5 hr s 5 min s 0 Enable Disable Enable 9 Disable 10 hr s 6 min s 9000 Enable Disable Enable Disable Until 18 30 88 Enable Disable Enable 9 Disable 20 73 Mbyte s 0 59 Enable Dis
17. a Administrator Account N Backup amp Restore System Upgrade y Restart i Network Utilities Certificate Main Menu gt Utilities gt Certificate Certificate Utility Upload Certificate v Upload Certificate Private Key Certificate Certification Path Verification Enable Disable Without a valid certificate users may encounter the following warning when trying to open the login page Certificate Error Navigation Blocked Windows Internet Explorer e ie e http www google com File Edit View Favorites Tools Help w abe Certificate Error Navigation Blocked 9 There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Q Continue to this website not recommended 9 More information Click Continue to this website to access the user login page 80 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 8 1 3 Walled Garden To configure Walled Garden go to Network gt gt Walled Garden Thi
18. and the desired plan s can be enabled gt SecurePay Payment Page Remark Content The message content will be displayed as a special notice to end customers 157 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 4 Payments via World Pay To configure Payments via WorldPay go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt WorldPay WorldPayPaymentConfiguration Payment Gateway URL https select wp3 rbsworldpay com wcc purchase GBP Pound Sterling Physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us WorldPayBilling Configuration Enable Disable O Enable Disable 15 min s connection time quota with expiration 10 91 Enable Disable 11 min s connection time quota Enable Disable Valid until 12 00 the following day Ss Enable Disable Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 Enable Disable Enable ODisable Enable Disable Enable Disable 0 Enable ODisable Enable ODisable WorldPayNoteContent You must 111 in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card gt WorldPay Payment Configuration WorldPaylinstallation ID The ID of the associated Merchant Account Payment
19. ccc ccceccccssssccsssccesssscesscscessescsssescsssescssseccsseeccsseecesseecesseecessescesseecesseecessescessescssseeessaeeess 70 Access Network without Authentication e eee eee eee eee ee eene esee eese eee en eee eneeeenoee 71 7 1 DYA E a eGeaavoneese deere es 71 FE ME NR Rue ce se ese see AE eects 73 JONES MMV CACERES 74 pom uui ERR 75 pe o Ml PIAVVICRC MAC E 76 ee ee ad ial 212 eu NR E 76 7 4 Disable Authentication in Public ZOMG scsesccsiccctscctiesecsctacahsaseseasivodesobsnediacucsciassbanseceanivoisachseetbaseesdanon 77 User Login and e OU NT 78 Sd PEG LO 0 aerea E EA AA AAN 78 Caa EONA o Ea A A AE E AE I dosnt mae nee naneeoue 78 8 1 2 Internal Domain Name with Certificate sese eene nennen nnne 79 M ES MB VCI i Rm 81 GAA Walled Garden AD ei csctste epe ecest eae saa Eo Un cse ce DOS eDH coss Ao OECD aa ideada aaeei adai aaide daaar DOR I SPUR 82 MEE cEN uU Uc 83 8 2 31 Start Page URL after Successful Login sese nenne eterne ener een 83 oS Te T TTE OESTE 84 S29 WVU LOr iM M T 85 Networking Features of a Gateway eee eee eee eee ee esee esee esten esten e etae etae eee en seen sena 86 9 1 Dynamic Domain Name Service DDNS ccccccesscccesssscccesssececessseecessseeecessseeecessseeecesssseecessaeeees 86 oa M eyuscse eR NIIT m 87 Syst
20. sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference Broadcast SSID The administrator has the option of enabling or disabling the SSID for VAP 1 which is the Private Zone Default value is set at Disable where users will not be able to scan for the SSID Station Isolation By enabling this function all stations wirelessly associated to this zone are isolated from one another and can only communicate with the system WMM The default is Enable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access categories voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only IGMP Snooping IGMP is a multicast constraining mechanism which may flood the broadcast domain This is effective for dense internet usage such as conventions or campuses Normally we use VAP2 the VAP under Public Zone to provide wireless service to public clients in
21. 125 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 12 3 Roaming Out To configure local user Roaming Out go to Users gt gt Authentication click configure for Local Under certain configurations the HSG can act as a RADIUS server for Roaming Out local users logged from another system The Local User database will act as the RADIUS user database e Account Roaming Out amp 802 1X Authentication When Account Roaming Out is enabled the link of Roaming Out amp 802 1X Client Device Settings will be available to define the client device authorized to roam by entering the IP address Subnet Mask and Secret Key Local User Database Settings Local User List 9 Enable Disable Account Roaming Out 7 Local user database will be used as authentication database for roaming out users Enable Disable 802 1X Authentication Local user database will be used as internal RADIUS database for 802 1X enabled LAN devices such as AP and switch RADIUS Client Device Settings 802 1X Auth Setting Default Auth Server Server 1 Postfix local The Auth server is for username only with ID e g useri RADIUS Client Device Settings No Type IP Address Subnet Mask Secret Key SNMP Community 1 Roaming Out v 127 0 0 0 255 0 0 0 8 a ITIIIITI 2 Disable 255 255 255 255 32 v 3 Disable bi 255 255 255 255 32 v 4 Disable 255 255 255 255 32 v 4 5 Disable x 255 255 255 255 32 Click the hype
22. Address The IPv6 address of the zone if applicable a Enable disable stands for the status of the DHCP server in this zone Zone DHCP ee p o ome p Zone VAP 109 User s Manual HSG Wireless Hotspot Gateway ENGLISH 4ipnet 11 1 3 Routing Table To view System Status go to Status gt gt Routing Table All the Policy Routing rules and Global Policy Routing rules for both IPv4 and IPv6 will be listed here It will also show the System Routing rules specified by each interface The following depicts an image for the IPv4 Routing Table Policy 1 Destination Subnet Mask Gateway Interface Policy 2 Destination Subnet Mask Gateway Interface Policy 3 Destination Subnet Mask Gateway Interface Policy 4 Destination Subnet Mask Gateway Interface Policy 5 Destination Subnet Mask Gateway Interface Interface Destination Subnet Mask Gateway Interface 192 168 1 0 255 255 255 0 0 0 0 0 Private 192 168 11 0 255 255 255 0 0 0 0 0 Public 169 254 0 0 255 255 0 0 0 0 0 0 Private 10 29 0 0 255 255 0 0 0 0 0 0 WAN System Destination Subnet Mask Gateway Interface 0 0 0 0 0 0 0 0 10 29 0 1 WAN Policy 1 5 Shows the information of the individual Policy from 1 to 5 Global Policy Shows the information on the Global Policy System Shows the information on the system administration Destination The Destination IP address Subnet Mask The Subnet Mask of the IP address range gt Gateway The Gateway IP address of the interface
23. Disclaimer Content Choose Billing Plan for PayPal Payment Page Service Disclaimer Content We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us If the information you provide cannot be verified we may m Choose Billing Plan for PayPal Payment Page Plan Enable Disable Quota Price 1 Enable Disable 5 hr s 5 min s 0 2 Enable Disable 3 Enable 9 Disable 10 hr s 6 min s 9000 4 Enable Disable 5 Enable Disable Until 18 30 88 6 Enable Disable 7 Enable 9 Disable 20 73 Mbyte s 0 59 8 Enable Disable 9 Enable Disable 10 O Enable 9 Disable 600 Mbyte s 6 99 o Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here o Choose Billing Plan for PayPal Payment Page These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled gt Clients Purchasing Record PayPal Payment Page Remark Content Client s Purchasing Record Starting Invoice Number Change the Number Description Item Name Internet Access Title for Message to Seller Special Note to Seller 2 PayPal Payment Page Remark Content A Payment is accepted via PayPal PayPal enables you to send payments securely online using PayPal account a
24. Enable Disable Acct Interim is sent when users IP are chagned if Enable Enable 9 Disable Attributes Priority Redirection URL Billing Class Of Service Session Terminate on Billing Time Enable Disable Session Terminate Time Never Bandwidth Setting Group 1 ERES Number of Retries 3 Default 3 Retransmission Settings pee Timeout 6 Default 6 Primary RADIUS Server Authentication Server Domain Name IP Address Authentication Port Authentication Secret Key Default 1812 Authentication Protocol Accounting Service Accounting Server Enable Disable Domain Name IP Address Accounting Port Accounting Secret Key Default 1813 t Secondary RADIUS Server Authentication Server Authentication Port Domain Name IP Address Authentication Secret Key Authentication Protocol Accounting Service CHAP v Enable Disable Accounting Server Accounting Port Domain Name IP Address Accounting Secret Key 42 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH gt External RADIUS Related Settings 802 1X Authentication Enable Disable 802 1X authentication for users authenticated through this Server Username Format Select the format of the user login
25. Gateway URL The default website of posting all transaction data Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here gt WorldPay Billing Configuration These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled gt WorldPay Note Content 158 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH The message content will be displayed as a special notice to end customers Before setting up WorldPay it is required that the hotspot owners have a valid WorldPay Merchant Account from its official website RBS WorldPay Merchant Services amp Payment Processing going to rbsworldpay com support center account login STEPO Log in to the Merchant Interface gt gt gt gt gt Login url www rbsworldpay com support index php page login amp c WW Select Business Gateway Formerly WorldPay Click Merchant Interface Username user2009 Password user2009 STEP O Select Installations from the left hand navigation STEP Choose an installation and select the Integration Setup button for the specific environment STEP STEPO STEP gt Installation ID 239xxx r ae 8 8 5 JM Loc NENNEN O Beim ie 1 1 3 le Locscor TTG a ae a
26. Identity Token of this PayPal account to continue with PayPal Payment Page Configuration gt External Payment Gateway PayPal Payment Page Configuration Business Account Payment Gateway URL Identity Token Instant Payment Notification IPN Verify SSL Certificate Currency PayPal Payment Page Configuration https www paypal com cgi bin webscr Enable Disable 4 Behind NAT External Gateway IP n External Gateway Port Enable Disable Default v USD U S Dollar Yos o Business Account The Login ID an email address associated with the PayPal Business Account o Payment Gateway URL The default website address to post all transaction data o Identity Token This is the key used by PayPal to validate all the transactions o IPN behind NAT IPN is the acronym of Instant Payment Notification which is a mechanism adopted by PayPal for identifying the outcome of a transaction When this option is enabled an upstream NAT server may be designated for accepting the IPN message from PayPal This is a mandatory configuration item if the WAN IP of your gateway in not a public IP address corresponding NAT translation configurations are necessary o Verify SSL Certificate This is to help protect the system from accessing a website other than PayPal o Currency The currency to be used for payment transaction 154 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH gt Service
27. Key to be renewed the time unit is in Seconds gt WPA Enterprise o Cipher Suite Select an encryption method from WPA2 WPA2 WPA Mixed o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds NOTE When 802 1X or WPA Enterprise is selected the RADIUS Server points to the HSG Hotspot s own Local Authentication Database 29 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 4 4 Wireless Layer 2 firewall Go to System gt gt Layer 2 Firewall The system provides an additional security feature Layer2 Firewall in addition to the standard wireless security Layer Firewall offers a firewall function that is tailored specifically for Layer2 traffic providing another choice of shield against possible security threats coming from going to WLAN AP interfaces hence besides firewall policies configured in Policies this extra security feature will assist to mitigate possible security breach This section provides information in the following functions Generic Firewall Rules Predefined and Custom Service Protocols and Advanced Fe ss T e 6 Users Network Utilities Status General Y WAN WAN Traffic IPv6 LAN Fort Mapping Service Zones Layer 2 Firewall Main Menu gt System gt Layer 2 Firewall Layer 2 Firewall Generic Firewall Rules Predefined and Custom Service Protocols 30 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGL
28. Maximum Downlink gt Group Total Uplink Defines the maximum uplink bandwidth allowed to be shared by clients gt Individual Maximum Uplink Defines the maximum uplink bandwidth allowed for an individual client The Individual Maximum Uplink cannot exceed the value of Group Total Uplink gt Individual Request Uplink Defines the guaranteed minimum bandwidth allowed for an individual client The Individual Request Uplink cannot exceed the value of Group Total Uplink and Individual Maximum Uplink 66 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 6 3 4 Routing Specific Route Profile Click User gt gt Specific Route for the Specific Route Profile the Specific Route Profile list will appear 1 Specific Route gt Specific Route Profile The Specific Default Route is used to control clients to access some specific IP segment by the specified gateway Specific Routing can be set up for the Global Policy and up to 5 profiles can be configured Global Policy Specific Routes Destination Gateway Route No IP Address Subnet Netmask IP Address 1 255 255 255 255 32 2 255 255 255 255 32 3 255 255 255 255 32 4 255 255 255 255 32 Specific Routes Profile 1 Select Profile Profile 1 v Enable Default Gateway IP Address M Destination Gateway Route No IP Address Subnet Netmask IP Address 1 255 255 255 255 32 v 2 255 255 255 255 32 v 3 255 255 255 255 32 v 4 255 255 255 255
29. Ss i 7 M eae 11 7 M meebbkumcmE 5 58 5 L B Check Enable Payment Response checkbox Enter the Payment Response URL gt URL lt wpdisplay item MC_callback gt Check Enable the Shopper Response 159 am im uw am au aul am ami iam um iam imi umi augu lum iu Cw JAB Je 40k 40k Jk Jk Jk Jk a X 9x4 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH dt ERES WodiPay Lite Admastnton B g amp o9o Installatot Dats current up to 12 001 82 14 09 Merchant MERCHANTISTAMI Svaitch to Production Copyright RBS pic 2009 STEP D Select the Save Changes button STEP amp Input Installation ID and Payment Gateway URL in gateway UI gt Installation ID 2009test URL https select wp3 rosworldpay com wcc purchase External Payment Gateway Q Authorize Net PayPal SecurePay 9 WorldPay Disable WorldPay Payment Page Configuration Installation ID Payment Gateway URL https select wp3 rbsworldpay com wcc purchass Currency GBP Pound Sterling Note The WAN IP of gateway must be a real IP 160 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Appendix F Portal Page Customization Since every Service Zone have their own configuration profiles and acts like a virtual gateway administrators can customize or define their own portal pages utilized by users of that Service Zone The customizable pages of a Service Z
30. Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the frame to prevent the hidden node problem The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with the HSG or in areas where the clients are far apart and can detect only the HSG but not each other The default value is set at 2346 Fragment Threshold Enter a value between 256 and 2346 The default value is 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference Broadcast SSID Enable to broadcast VAP2 s SSID in the air Disable to hide VAP s SSID so that it cannot be scanned Station Isolation By enabling this function all stations wirelessly associated to this zone are isolated from one another and can only communicate with the system WMM The default is Enable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access categories voice video best effort and background Applicatio
31. a hotspot environment Service Zones 2 and 3 may be enabled to support VAP3 and VAP4 To configure the Public Zones Wireless Settings go to System Service Zones click Configure for each respective zone Wireless Settings VAP 2 VAP Status Enable Disable Basic ESSID HSG260 2 Security Security Type None v Beacon Interval 100 25 500ms RTS Threshold 2346 1 2346 Fragment Threshold 2346 256 2346 Advanced Broadcast SSID Enable Disable Station Isolation Enable Disable WMM Enable O Disable IGMP Snooping 9 Enable Disable gt Wireless Settings VAP2 Wireless Settings for Public Zone O Basic Enable the VAP Status if you wish to provide wireless service under this zone Assign an ESSID for VAP2 under Public Zone or use default the ESSID of Public Zone will be broadcasted in default settings to allow it to be scanned in the air Security Configure the wireless network under Public Zone with security encryption to prevent 26 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH unauthorized wireless association if necessary The encryption standards supported are WEP and WPA PSK o Advanced The parameters in Advanced are wireless settings that allow customization of data transmission enhanced security and wireless roaming Beacon Interval The entered amount of time indicates how often the beacon signal will be sent from the VAP The default value is set at 100ms RTS
32. agree and clicks Next then he or she will proceed to the User Login Page for client to login with username and password The Disclaimer Page can be Enabled at System General e Template Page To utilize the template user pages stored locally in the system choose Template Page and configure the necessary settings as follows Click Select hyperlinked to pick up a color for each item and fill in your copyright message You can also upload a Logo image file for your template with the Preview and Edit the Image File button Click Configure the setup page will appear for the corresponding page where you can change the text displayed as you wish After setting is finished click Preview to see the result If you are happy with the customized pages click Apply to activate the changes made e Uploaded Page Choose the Uploaded Page option if you wish to upload your own html coded page Click Configure for each custom page and upload the HTML file and corresponding image files and click Apply After applying the setting the new login page can be previewed by clicking Preview button 127 User s Manual e 4ipneU asc tess Hsp Cateay ENGLISH e External Page Choose the External Page option if you wish to use user pages located on a designated website Click Configure for each custom page and enter the URL of its corresponding external login page and click Apply After applying the setting the new login page can be previewed by clic
33. be defined by administrator for different user groups HSG MaxByteln 4GB 21 To be defined by administrator for different user groups HSG MaxByteOut 4GB 22 To be defined by administrator for different user groups 132 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual If the amount of traffic is larger than 4 GB the attributes of XXXX 4GB will be used For example if the amount is 5 GB the following settings should be set HSG Byte Amount 1048576 and HSG Byte Amount AGB 1 On the other hand when the administrator fills in all attributes the user will be kicked out from the system if any condition is reached For example if the administrator sets HSG Byte Amount 1048576 HSG MaxByteln 1048576 and HSG MaxByteOut 1048576 the user will be kicked out of the system when the downlink uplink or total traffic exceeds the limit 2 VSA configuration in RADIUS server IAS Server This section will guide you through a VSA configuration in your external RADIUS server Before getting started please directly or remotely access your external RADIUS server s desktop from other PC Step 1 Confirm the following key elements in the RADIUS server users groups and policies X Verify whether there are already users in the RADIUS Server Verify whether there are already Groups and assigned users belonging to these Groups in the RADIUS Server Verify whether there are already Poli
34. between the HSG gateway and your switch router hub Please check the LED status indication of these network devices 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 2 6 Access Web Management Interface The HSG gateway supports Web Management Interface WMI configuration Upon the completion of hardware installation the HSG gateway can be configured via web browsers with JavaScript enabled such as Internet Explorer version 6 0 and above or Firefox Default LAN interface IP address Private Zone with IP 192 168 1 254 no authentication is required for users Public Zone with IP 192 168 11 254 by default authentication is required for users Note The instructions below are illustrated with the administrator PC connected to LANI To access the web management interface connect a PC to LAN1 Port and then launch a browser Make sure you have set DHCP in TCP IP of your PC to Obtain an IP address automatically The default gateway IP address is the default gateway IP address of Private Zone 192 168 1 254 Next enter the gateway IP address of the HSG gateway at the address field The default gateway IP address of LAN1 Port is https 192 168 1 254 https is used for a secured connection 4ipnet Windows Internet Explorer Ge Ru E https 192 168 1 254 File Edit View Favorites Tools Help The administrator login page will appear Enter admin the default username and admin the de
35. credit card or bank account Clicking on Buy Now button v Client s Purchasing Record o Starting Invoice Number An invoice number may be provided as additional information for the transaction This is a reference field that may contain any sort of information o Description Enter the product service description e g wireless access service o Title for Message to Seller Enter the information that will appear in the header of the PayPal payment page PayPal Payment Page Remark Content The message content will be displayed as a special notice to end customers in the page of Rate Plan For example it can describe caution for making a payment via PayPal 155 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 3 Payments via SecurePay To configure Payments via SecurePay go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt SecurePay Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website 2 Authorize Net Merchant ID Merchant Password External Payment Gateway PayPal 9 SecurePay WorldPay SecurePay Payment Page Configuration Payment Gateway URL https www securepay com au xmlapi payment x 9 Enable Disable Verify SSL Certificate Currency Plan 1 D O N c OO amp LU M ji a Default v AUD Australian Dollar va Service Di
36. in Router mode o IP Address The IP Address of this zone o Subnet Mask The subnet Mask of this zone gt DHCP Server Related information needed for setting up the DHCP Server is listed here To further 21 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH configure the DHCP Server click the button Configure Please note that when Enable DHCP Relay is enabled the IP address of clients will be assigned by an external DHCP server The system will only relay DHCP information from the external DHCP server to downstream clients of this zone O Start IP Address End IP Address A range of IP addresses that the built in DHCP server will assign to clients Note please change the Management IP Address List accordingly at System gt gt General gt gt Management IP Address List to permit the administrator to access the HSG admin page after the default IP address of the network interface is changed Preferred DNS Server The primary DNS server that is used by this Zone Alternate DNS Server The substitute DNS server that is used by this Zone Domain Name Enter the domain name for this zone WINS Server The IP address of the WINS Windows Internet Naming Service server if WINS server is applicable to this zone Lease Time This is the time period when the IP addresses issued from the DHCP server will be valid and available Reserved IP Address List Each zone can reserve up to 100 IP addresses from predef
37. kick the user out The logout timer can be set between 1 1440 minutes and the default idle time is 10 minutes Additional Control Idle Timeout minutes 10 1 1440 Interval for Idle Traffic Detection 60 seconds Threshold for Idle Traffic 1 600 Detection bytes 0 0 1048576 0 is Disabled User Session Control Idle Timeout Check Direction O Uplink 9 Uplink amp Downlink Multiple Login rl Enable This function is not applicable to on demand accounts Charge Traffic to from Hosts in Walled Garden List Enable 3 Disable Kick out users when their IPs are changed Enable 4 Disable 84 User s Manual e 4UneU usg wireless Hotspot Gateway ENGISH 8 2 3 Multiple Login To configure Multiple Login go to Users gt gt Additional Control When enabled a user can log in from different computers with the same account This function doesn t support On demand users Additional Control Idle Timeout minutes 10 1 1440 Interval for Idle Traffic Detection c x seconds 1 909 Threshold for Idle Traffic 0 TR r 0 1048576 0 is Disabled Detection bytes User Session Control Idle Timeout Check Direction O Uplink Uplink amp Downlink Multiple Login Enable This function is not applicable to on demand accounts Charge Traffic to from Hosts in Walled Garden List Enable 3 Disable Kick out users when their IPs are changed Enable Disable 85 HSG Wireless H
38. perfect choice for beginners to run hotspot businesses It does not cost much compared to buying a pile of equipment nor does it take the skills of an expert to glue multiple applications out of multiple freeware Feature packed for hotspot operation the HSG gateway comes with built in 802 11 n b g a b g n for dual RF models MIMO access point web server and web pages for clients to login easy logo loading for branding a hotspot store simple user visitor account management tool payment plans multiple credit card gateways traffic logs IP sharing and etc The HSG gateway also brings in an extra advantage the wall mountable IP50 dust proof HSG260 HSG320 or ceiling mountable HSG327 housing 2 2 System Concept The HSG gateway is capable of managing user authentication authorization and accounting The user account information is stored in the local database or a specified external RADIUS database server Featured with user authentication and integrated with external payment gateway the HSG gateway allows users to easily pay the fee and enjoy the Internet service using credit cards through a variety of payment gateways including Authorize Net PayPal SecurePay and WorldPay Furthermore the HSG gateway introduces the concept of Service Zones Private Zone and Public Zone each with its own definable access control profiles Private Zone means clients are not required to be authenticated before using the network service However clients
39. proper 4 See the Status indicator on the device panel If it is short illuminated intervals the device is then not connected to the controller Try to establish the connection again 5 Read through the section SDS200W with 4ipnet controller to ensure the settings Q2 The TAS triggered connection is not working 1 Check if the capability is disabled by someone Go to System gt gt TAS button on SDS200W s WMI to enable the function 2 Make sure the cable is plugged and SDS200W is placed in the coverage of the hotspot gateway you want to associate to wirelessly 3 Check if the Terminal Server Configuration table on the gateway has at least one empty field for the controller for the system to automatically add SDS200W to the list If not clear one space for TAS 185 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Connection Status With Indicators Display State Long illuminated intervals SDS200W and the uplink device is connected TAS SDS 200W is trying to connect to the uplink controller The keypad is locked Unlock it by pressing ENTER It is 10 second state TAS SDS 200W succeeds in connecting to the controller It is a ten second state TAS SDS 200W fails to connect to the controller 186 ES 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Shortcut Keys Combination Function Number ENTER Print a ticket of billing plan Number
40. server System Log means that it is not configured The IP address and port number of the external SYSLOG Server N A SYSLOG server On demand Users Log means that it is not configured Shows whether the status for the connection at WAN is normal or abnormal Warning of Internet Disconnection Internet Connection Detection and all online users are allowed disallowed to log in the network Shows status of option to enable or disabled system info retrieval via SNMP protocol Usrlog The maximum number of days for the system to retain the users information sNMP The email address to which the user log information will be sent NTP Server The network time server that the system is set to align System Time o Tme e system time is shown as the local time The minutes allowed for the users to be inactive before their account expires Idle Time Out automatically Enabled disabled stands for the current setting to allow disallow multiple Multiple Login login from the same local account User Session Control Preferred DNS IP address of the preferred DNS Server Server Alternate DNS IP address of the alternate DNS Server Server 106 4ipnet 11 1 2 Interface Status To view Interface Status go to Status gt gt Interface User s Manual HSG Wireless Hotspot Gateway ENGLISH This section provides an overview of the interface for the administrator including WAN Zone Private and Zone Public
41. shown as follows Basic Settings e Terminal Server Configuration Service Zone Status Enable Status Item Server IP Port Location Remark Service Zone Name Default Ir 1 Add SDS200W onto the Terminal Server List Operation Mode NAT Router E 2 IP Address 192 168 1 254 3 Network Interface Subnet Mask 255 255 0 0 Main Menu gt Users gt Authentication gt On demand User Server Configuration gt General Settings gt Terminal Server Configuration Network Alias List _ Configure Billing Plans Enable DHCP Server v Pri eR i Account rice Enable Quick Account DHCP Server Configuration SDS200W must be in Range Plan Type Quota Croation Group Function DHCP Server gt Q4 Confi Duration Valid from 2012 10 04 04 04 00 till i Group P Reserved IP Address List onfigure 1 tin 2013 10 04 04 07 00 5 v y 7 Edit DHCP Lease Protection Enable Disable 2 Valid for 1 day s elapsed time 10 V v P Edit 3 N A Group Edit Main Menu gt System gt Service Zones gt Zone Configuration Main Menu gt Authentication gt On demand User Server Configuration gt Billing Configuration When the settings are done completely on the 4ipnet Gateway Controller side go to SDS200W s WMI and check if every uplink setting matches that on the controller Terminal Auto Setup TAS Only available on SDS200W TAS refers to an automatic connection mechanism that requires NO previous network settings Just pre
42. the most common external authentication databases FREE is an access option that allows users to access networks with any specified identity token on the login page Click on the Authentication Options to configure e Auth Option Set a name for the authentication databases by using numbers 0 9 alphabets a z or A Z dash underline _ space and dot only This name is used for the administrator to easily identify the authentication options such as HQ RADIUS e Postfix A postfix represents the authentication server in a complete username For example user1 local means that this user user1 will be authenticated by the LOCAL authentication database e Black List There are 5 sets of black lists provided by the system A user account listed on the black list is not allowed to log into the system the client s access will be denied The administrator may select one or None black list from the drop down menu and it will be applied to this specific authentication option e Configure Click the Configure button to edit a specific authentication database for the server For example if you want to edit the Local authentication database please click the Configure button for Local 37 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 5 1 1 Local Click the button Configure for Local for further configuration Local User Database Settings Local User List Enable 9 Disable Account Roaming Out Local user da
43. the operation for instance user authentication Therefore each self defined external pages Login Logout Login Success Logout Success etc requires codes to handle URL parameters to and from the Gateway A simple example is illustrated below for Login Page please refer to External Login Page Parameters for URL parameter relating to other pages such as Login Success Page and etc Therefore it is important that your external pages are designed by someone with good knowledge of URL parameter utilization Diagram below explains how External Page operates using user login flow as illustration 162 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Client tropes omer Opens Brower Gateway redirects user and sends necessary URL parameters URL Parameters to external login page External Web Server Gateway External login Page is sent to the client Account credentials submitted to host defined in URL parameter Gateway authenticates the user credentials against its authentication servers Redirectclient to login success page URL Parameters or login fail page according to result Sends Login success page or Login fail page to client as instructed by the Gateway Sees Login Success Page if Authentication pass Sees Login Fail Page if Authentication fails The URL parameters sent by the Gateway to the external login page are as follows Description String URL encoded The URL wh
44. the redemption process Note Duration time and Hotel Cut off type do not support redemption function 53 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 5 1 4 Free Authentication c 5 e e System Usens Network Utilities Status i Authentication Black List N Group Policy Schedule V Firewall Qos Specific Route Y Privilege Additional Control N Operator 1 1 Main Menu gt Users gt Authentication gt FREE Authentication Authentication Server FREE Group 1 Guest Access Time Limited Unlimited Apply When the Free Authentication option is Enabled users will have an option of logging in with an email address without authentication This can be activated under Service Zone Settings configurations The constraints can be set specifically with the mapped Group profile MAC addresses will be checked to avoid malicious use of free o ss e e amp System Users Network Utilities Status access Authentication Black List N Group M Policy Y Schedule Firewall Y QoS N Specific Route Y Privilege Additional Control N Operator h Main Menu gt Users gt Authentication gt FREE Authentication Authentication Server FREE Guest Access Time Limited Unlimited hourts 0 minute s Reactivation hour s Trial Account List When Guest Access Time is set to Limited Administrator can choose to set the Quota and Reactivation Time The server reme
45. well as the pages that are returned by the Web server The HTTPS Protected Login function makes the client s login more secure Enable it to activate https encryption or disable it to activate http non encryption login page General Settings for the Entire System System Name Wireless Hotspot Gateway Administrator Contact Information Suspend Warning Message Sorry The service is suspended n W Use the name on the security certificate Internal Domain Name FQDN of this device for internal use e g controller office name com Disclaimer Page 2 Enable Disable 9 Specific Original None http www google com e g http www example com Portal URL Browser ID User Agent IEMobile 7 0 XBLWP7 e g IEMobile 7 0 XBLWP7 separate by comma UAM Filter Configure User Log Access IP Address e g 192 168 2 1 Management IP Address List Configure Q9 Enable Disable SNMP MESS en Configure HTTPS Certificate Default CERT HTTPS Protected Login O Enable Disable 78 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 8 1 2 Internal Domain Name with Certificate To configure Internal Domain Name go to System gt gt General Internal Domain Name is the domain name of the HSG seen on client machines connected under zone It must conform to FQDN Fully Qualified Domain Name standard A user on client machine can use this domain name to access the HSG instead of its IP address In additio
46. 08 00 Taipei NTP Server 1 tock usno navy mil e g tock usno navy mil NTP Server 2 tock stdtime gov tw 5 Manually set up NTP Server Mode When Enabled Access Points and devices in the Local Area Network of the gateway would be able to use the gateway as a NTP Server for time reference Note When system can not sync the time with NTP server all clients will not be allowed to log in to system Also on demand accounts cannot be created 88 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 10 2 Management IP Address List To configure the Management IP Address List go to System gt gt General General Settings for the Entire System System Name Wireless Hotspot Gateway Administrator Contact Information Suspend Warning Message Sorry The service is suspended V Use the name on the security certificate Internal Domain Name FQDN of this device for internal use e g controller office name com Disclaimer Page Enable Disable Specific Original None http www google com e g http vwav example com Portal URL Browser ID User Agent IEMobile 7 0 XBLWP7 e g IEMobile 7 0 XBLWP7 separate by comma UAM Filter Configure User Log Access IP Address e g 192 168 2 1 Management IP Address List Configure Only PCs within the Management IP range on the list are allowed to access the system s web management interface For example 10 2 3 0 24 means that as long
47. 1 row affected U 00 sec mysql gt exit Bye 139 4ipnet User s Manual SG Wireless Hotspot Gateway ENGLISH Step 9 Restart RADIUS daemon to get your settings activated Thu Oct 30 14 26 41 2008 Info Starting reading cont 140 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Appendix D On demand Account types amp Billing Plan This section explains the parameters as well as the different account types provided when editing billing plans in On demand authentication o Usage time with Expiration Time Users can access internet as long as account is valid with remaining quota usable time Users need to activate the purchased account within a given time period by logging in It is Ideal for short term usage namely in coffee shops at airport terminals etc This billing type only deducts quota when internet is being used However the count down to Expiration Time is continuous regardless of logging in or out Account would expire when the Valid Period is used up or the quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is carried out when the user logs in for the first time Failing to do so in the period set in Account Activation will result in account expiration Vali
48. 3 5 3 Configure Zone Network To configure Zone network go to System gt gt Service Zone Click the button Configure for Private zone for further configuration The parameter descriptions of Basic Settings for all four Zones are the same The wireless settings under each zone will be covered in the next section General Y WAN WAN Traffic N IPv6 LAN Port Mapping Service Zones Layer 2 Firewall k Main Menu gt System gt Service Zone gt Service Zone Configuration Basic Settings Operation Mode NAT Router IP Address 192 168 1 254 Network Interface Subnet Mask 299 200 200 0 Network Alias List Enable DHCP Server DHCP Server Configuration Reserved IP Address List DHCP Lease Protection Enable Disable DHCP Server General WAN N WAN Traffic N IPv6 N LAN Port Mapping Service Zones Layer 2 Firewall k Main Menu gt System gt Service Zone gt Service Zone Configuration gt DHCP Configuration DHCP Server Configuration for Service Zone Private Start IP Address 192 168 1 1 End IP Address 192 168 1 100 Preferred DNS Server 192 168 1 254 Alternate DNS Server DHCP Pool 1 Domain Name domain com 2 minutes 10080 minutes 7 days Ignore Client Name Enable Disable DHCP Pool 2 Enable Disable Network Interface o Operation Mode Contains NAT mode and Router mode When NAT mode is chosen service zone runs in NAT mode When Router mode is chosen this zone runs
49. 30 minutes hours days and so on Statistics of offered list 1 2 3 4 5 6 7 8 9 10 Last 10 Minutes 1 0 0 o a o Last 10 Hours 0 2 22 3 1 0 1 2 2 Last 10 Days 51 0 0 0 0 0 0 0 0 Statistics of expired list 2 3 4 5 6 Fi 8 9 10 Last 10 Minutes g g Last 10 Hours g 1 2 Last 10 Days 10 0 0 0 0 0 0 0 0 0 Refresh DHCP Lease List Valid IP addresses issued from the DHCP Server and related information of the client using this IP address is displayed here DHCP Logs Statistics List DHCP Lease Log DHCP Lease List No IP Address MAC Address Host Name Vian Lease Expires 192 168 1 4 00 40 96 ai af dd x30 ac4d2 g 2011 03 19 17 13 49 2 192 168 1 41 00 1d 73 3b 73 3e AC109 NB 0 2011 03 19 18 32 35 3 192 168 1 76 cc 08 e0 04 80 cf z 2011 03 19 19 01 04 117 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 11 2 Notification To configure Notification go to Status gt gt Report amp Notification The HSG can automatically send the notifications of Monitor IP Report Users Log On demand User Log Roaming Out Users Log Roaming In Users Log Firewall Log Session Log and On demand User Billing Report to up to 5 particular e mail addresses A trial email is provided by the system for validation Secondly the system supports recording of Users Log On demand Users Log Roaming Out Users Log Roaming In Users Log Session Log Firewall Log and Local HTTP Web Log
50. 5 DE MB P ssepe LR Nm 105 SEMESTER 105 111 5 Interface Status oorr to sepe Soo rb vae cS n up CUR v ARR bv by VES on Eu oma v uin odo cR eS vag Dos wa pU 107 SR ME umMELDL IA 110 ISP MESSEN 2I NER 111 BEES OMM CINE 112 DAT REN Ari 112 11 1 7 Local User Monthly Network Usage Report eese eene eene enne enne 115 11 1 8 System Related Logs 0 cee ccsscccesscccesscccssscccsssscesssecesseecesseecessescessescessescessescessescsssescssseecssseecssaesessaees 116 ILIO aa 81 LG cal 2c lt n eee eer er EUER MUN EMI MM IE MEM MENS reer 116 11 2 TNO GCA OI assesses se nerasoesinte A AT NORISR IUDA OS MARO EHI S UNES UN ER P SS tu UO 118 P X E a I C M ee eee 119 bp MEI CPP cc 120 ir x 0 121 12 Advanced ADDIUCULLOHS n nrdter inpia pepe er epoca pte ere erra ter ixi EE 123 12 1 Upload Download Local User Accounts eeseeeeeneeeen nennen nennen 123 jo RADIUS Advanced SelUN e S uscseti eR Rn NATU En RUNI M E ON EN NIME UN ONERE 125 D Romni OU MK 126 BA ustoHHZable Pag OS csset eina UID ROS EEII ERIS IE ERN NUS A US OLD SNR SUO MAS DUR EE ees 127 Appendix A Policy Priority a
51. 6 User s Manual e 4UpDnEU usg wireless Hotspot Gateway ENGISH o Duration time with Elapsed Time Account is activated upon the account creation time Count down begins immediately after account creation and is continuous regardless of logging in or out The account will expire once the Elapsed Time is reached This billing type is ideal for providing internet service immediately after account creation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time First time login is set to require users to log in within a specified period of time Elapsed Time is the time interval for which the account is valid for internet access xx hrs yy mins Max User is the defined number of concurrent users allowed to log in with this billing plan Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan EE 3 Duration time A Counting Method Elapsed Time Begin and end Time Cut off Time Upon Account Creation n First time login must be done within 2 day s Begin Time 0 hour s Range of hour s 0 23 they cannot both be zero dayis hrs mints Range of day s 0 364 Range of hour s 0 23 Range of mints 0 59 they cannot all be zero f Range 0 100000 including two digits afte
52. 6 Address Status Policy 1 192 168 1 254 piopi 192 168 1 1 ae N A 192 168 1 100 Configure Disabled 2001 CB46 5359 1 1 Enabled Policy 1 172 21 0 254 f 172 21 0 1 Public N A 172 21 0 100 Server 1 N A Enabled WDS Wireless Distribution System is a function used to connect APs Access Points wirelessly The WDS management function of the system can help administrators to setup two WDS links per RF Card WDS1 Settings Public WDS Status D Enable 9 Disable Basic MAC Address of Remote AP Security Type WEP y WEP Key Length 64 bits Security WEP Key Format ASCII v WEP Key 12345 WDS2 Settings Public WDS Status S Enable 9 Disable Basic MAC Address of Remote AP Security Type TKIP AES v Security Cipher Suite TKIP WPA v Pre shared Key Pass phrase 12345678 e WDS Status Select Enable to activate this WDS link e MAC Address of Remote AP Enter the MAC of the remote AP that generates a WDS link with the HSG 130 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual e Security Type WEP WEP Key Length may be 64 bits 128 bits or 152 bits and WEP Key Format can be ASCII or HEX Enter the applicable WEP Key WPA PSK Select the preferred ciphering method TKIP or AES and enter the PSK Pass phrase 131 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Appendix C RADIUS Accounting This section will briefly introduce the basic configuration of RADIUS server t
53. 8 13 100 Configure Server 1 N A Disabled e Service Zone Name Mnemonic name of the Zone e Applied Policy Current Policy that is applied to Zone e Default Authen Option Default authentication method server that is used within the Zone e P IPv6 address Shows the LAN IP address IPv6 is support and can be configured from the IPv6 tab e Network Alias Shows the IP address that bridges to different subnets configured in the Network Alias List e DHCP Pool Shows the range of LAN IP address which clients are assigned to get from DHCP e LAN Port Mapping Each physical LAN port can be set individually to map to a specific zone and can be 17 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH configured from the LAN Port Mapping tab refer to 3 5 1 e Status Shows the Private Public Zone mappings to the physical LAN ports e Details Configurable detailed settings for each Zone Click the Configure button to configure each Zone Basic Settings Authentication Settings Wireless Settings and WDS Settings Public Zone only 3 5 1 Port Role Assignment The HSG gateway supports four zones Private Public Service Zone 2 Public and Service Zone 3 Public In the Private Zone authentication is not required to access the network disabled by default whether it is via wired and wireless connection In the Public Zones the Authentication Required for Zone option is enabled by default so clients have to be auth
54. AN WAN Traffic IPv6 LAN Port Mapping Service Zones Layer 2 Firewall Main Menu gt System gt WAN WAN Interface Setting O Static Use the following IP settings 9 Dynamic IP settings assigned automatically Renew Preferred DNS Server Alternate DNS Server a PPPoE J PPTP The parameters related to each connection method are described in the following page 11 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 3 2 1 Static IP Static Manually specifying the IP address of the WAN Port The fields with red asterisks are mandatory IP Address The IP address of the WAN port Subnet Mask The subnet mask of the WAN port Default Gateway The gateway of the WAN port Preferred DNS Server The primary DNS Server of the system Alternate DNS Server The substitute DNS Server of the system This is an optional field Ge 35 i e stem Users Network Utilities Status General i WAN WAN Traffic N IPv6 M LAM Port Mapping Service Zones Y Layer 2 Firewall i Main Menu gt System gt WAN WAN Interface Setting amp Static Use the following IP settings IP Address Subnet Mask Default Gateway Preferred DNS Server Alternate DNS Server Dynamic IP settings assigned automatically J PPPoE PPTP 3 2 2 Dynamic Dynamic It is only applicable for the network environment where the DHCP server is available upstream of the system Click the Renew but
55. API There are three additional custom groups for administrators to customize permission settings Super Group Y Manager Operator OnDemand Manager Custom 1 Custom 2 Custom 3 System Users Note ne Select Group Setting Permission Private Public main WAN IPv6 Service Zones main Black List Policy Firewall Specific Route Additional Control General WAN Traffic LAN Port Mapping Authentication Group Schedule QoS Privilege Operator To logout simply click the Logout icon on the upper right corner of the interface to return to the login screen 94 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 10 6 Change Admin Passwords To configure Admin passwords go to Utilities gt gt Administrator Account There are four predetermined levels of authority Super Group Manager Operator and On Demand Manager The usernames and passwords can be configured at Utilities gt gt Administrator Account Clicking on the hyperlink of the Name allows the administrator to change passwords The administrator can change the passwords here Click Admin name on the Admin List Enter original and new password and click Apply to activate the new password Note Only admin has the authority to change password Admin Editing and Password Safety Setting Name admin Original Password New Password Verify Password x Apply Caution If the administrator s password is l
56. ENGLISH Date can be selected Click Apply to complete the modification Authentication Main Menu gt Users gt Authentication gt Option gt Local gt Local User List gt Editing User iting existing User Data Username userO0l sti Password Ho3 sid MAC Address Applied Group Group 1 Remark D o f Enable Expire Time Begin Date 40 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 5 1 2 RADIUS There are two RADIUS authentication databases for configuration Click Configure for any one of RADIUS servers for further configuration The RADIUS server sets the external authentication for user accounts Enter the information concerning the primary server and or the secondary server the secondary server is not mandatory The fields with red asterisks are necessary information These settings will become effective immediately after clicking Apply 41 4ipnet 802 1X Authentication User s Manual HSG Wireless Hotspot Gateway ENGLISH External RADIUS Server Related Settings Enable Disable Username Format Leave Unmodified Complete e g useri postfix Only ID e g user NAS Identifier NAS Port Type 19 Default 19 Range 035 Accounting Delay Time 0 Deafult 0 Service Type 1 Default 1 Range 111 Class Group Mapping Configure DM amp CoA Settings Configure Acct Interim for users IP changed Failover between RADIUS Servers
57. GMP Snooping Disable None 100 2346 2346 Enable Enable Enable Enable 25 500ms 1 2346 256 2346 Disable Disable D Disable Disable 25 500ms 1 2346 256 2346 Disable Disable Disable Disable For each zone administrators can set up the wireless security profile it includes WEP and WPA PSK gt WEP o 802 11 Authentication Select from Open System or Shared Key o WEP Key Length Select from 64 bit 128 bit 152 bit key length o WEP Key Format Select from ASCII or Hex format for the WEP key o WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies which WEP key will be used for the encryption of wireless frames during data transmission 28 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH o WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys gt 802 1X o Dynamic WEP Dynamic WEP is always enabled when the 802 1X option is selected to automatically generate WEP keys for encryption o WEP Key Length Select from 64 bit 128 bit key length o Rekeying Period The time interval for the dynamic WEP key to be updated the time unit is in seconds gt WPA Personal o Cipher Suite Select an encryption method from WPA2 WPA2 WPA Mixed o Pre shared Key Pass phrase Enter the key value for the pre shared key or pass phrase o Group Key Update Period The time interval for the Group
58. Global Policy is the system s universal policy and is applied to all clients unless the clients are bounded by another policy Individual Policy can be defined and applied to different authentication server A client logging in with this authentication server will be bound by the corresponding Policy If no policy is applied to the authentication server its users will be governed by the Global Policy Global Policy Global policy is the system s universal policy containing the Firewall Profile Specific Routes Profile IPv4 IPv6 and Privilege Profile which will be applied to all users unless the user has been regulated by another individual Policy 60 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Policy Configuration Global Policy Select Policy Global Firewall Profile Configure Specific Route Profile Configure Specific IPv6 Route Profile Configure Privilege Profile Configure e Select Policy Select a desired policy profile to configure Firewall Profile Global policy and policy 1 5 all have a firewall service list and a set of firewall profiles which is composed of firewall rules e Specific Route Profile When Specific Routes are configured here all clients applied with this policy will access the specific destination through these gateway settings e Specific IPv6 Route Profile The routing rules to be applied to users using IPv6 under this policy may be configured h
59. HTTP Web Log and DHCP Server Log via external SYSLOG servers Thirdly Users Log On demand Users Log Roaming Out Users Log Roaming In Users Log Session Log On demand User Billing Report Local HTTP Web Log HTTP Web Log WMI Configuration Log DHCP Lease Log and Traffic Report can also be configured to be sent to an external FTP server In addition the Event Log section on WMI displays clients associate and disassociate messages 118 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 11 2 1 E Mail SMTP Settings Receiver E mail Address 1 Receiver E mail Address 2 Receiver E mail Address 3 Receiver E mail Address 4 Receiver E mail Address 5 Sender E mail Address x SMTP Server SMTP Port 25 SMTP over SSL Enable 9 Disable SMTP Authentication None SMTP Settings gt Receiver Email Address es Up to 5 e mail addresses can be set up to receive the notification There are eight kinds of notification for selection Monitor IP Report Users Log On demand Users Log Roaming Out Users Log Roaming In Users Log Session Log Firewall Log and On demand Billing Report check the selection box to choose the type of notification to be sent gt Sender Email Address The e mail address of the administrator in charge of monitoring This will show up as the sender s e mail SMTP Server The IP address of the sender s SMTP server SMTP over SSL Enable or Disable SMTP over SSL for additional security gt SMTP A
60. IPv4 IPv6 Bandwidth Control Enable Disable Group Total Downlink 0 Mbps Y unlimit 0 Range 1 999 Individual Maximum Downlink 0 Mbps Y Unlimit 0 Range 1 999 Individual Request Downlink 0 Mbps Y unlimit 0 Range 1 999 Group Total Uplink 0 Mbps Y unlimit 0 Range 1 999 Individual Maximum Uplink 0 Mbps Unlimit 0 Range 1 999 Individual Request Uplink 0 Mbps Y Unlimit 0 Range 1 999 gt Traffic Class Traffic Class can be chosen for users on IPv4 or IPv6 Default DSCP Differentiated Services Code Point can be added and edited to determine traffic class Default DSCP includes Network Control 0x30 Telephony Ox2E Signaling 0x28 Multi media Conferencing 0x26 Real Time Interactive 0x20 Multi media Streaming 0x1A Broadcast Video 0x18 Low latency Data 0x12 OAM 0x10 High Throughput Data Ox0A Standard 0x00 Low Priority Data 0x08 gt Bandwidth Control Enable or Disable the capability to determine the following parameters gt Group Total Downlink Defines the maximum bandwidth allowed to be shared by clients gt J Individual Maximum Downlink Defines the maximum downlink bandwidth allowed for an individual client The Individual Maximum Downlink cannot exceed the value of Group Total Downlink gt Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual client The Individual Request Downlink cannot exceed the value of Group Total Downlink and Individual
61. ISH 4 4 1 Generic Firewall Rules You can choose to enable or disable the wireless Generic Firewall This section provides an overview of firewall rules for the system s wireless interface 6 default rules with up to a total 10 firewall rules are available for configuration Firewall Rules Edit Move ta Insert Before Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete Edit Move to Insert Before IEEE 802 3 Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete Edit Move ta Insert Before Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete Block Block rule 10 31 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH From the overview table each rule is designated with the following field No The numbering will decide the priority of which the system will carry out the available firewall rules in the tables Active Checking this field will mark the rule as active which means this rule will be enforced Action Block denotes a block rule PASS denotes a pass rule Rule Name This is the denominated name of the rule EtherType It denotes the type of traffic subjected to this rule Remark It shows the additional reference information of this rule Operation 4 actions are available Edit denotes to edit the rule details Move to denotes to move the rule to a specified rule number
62. L L General WAN WAN Traffic IPv N LAN Port Mapping N Service Zones N Layer 2 Firewall Y Main Menu gt System gt Layer 2 Firewall Enable Disable Firewall Rules CDP Edit Move to Block IEEE 802 3 Insert Before Delete Edit Move to Block ott IEEE 802 3 Insert Before Delete Edit Move ta Insert Before Delete Edit Move to Insert Before Delete Edit Move ta Insert Before Delete Edit Move ta Insert Before Delete CeHit Block IEEE 802 3 Block Block HSRP Block 34 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 4 4 2 Predefined and Custom Service Protocols The administrator can add or delete firewall service protocols here the services on this list will become available drop down options to choose from in firewall rule when EtherType is IPv4 The first 27 entries are default services and the administrator can add any extra desired services These 27 default firewall services cannot be deleted but can be disabled General WAN WAN Traffic 1 I a j IPv amp LAN Port Mapping Service Zones n En Layer 2 Firewall k Main Menu gt System gt Layer 2 Firewall No Name Description elect All FT ALL TCP TCP Source Port 065535 Destination Port 065535 ALL ICMP ALL ICMP TCP UDP Destination Port 20 21 TCP UDP Destination Port 80 POPS TCP Destination Port 110 SMTP TCP Destination Port 25 DHCP UDP Destination Port 67 68 LO
63. Login Retry Times Password Expire and Admin Login Reuse Times Safety Setting e Enable Disable Complexity Checking Min Password Length 2 2920 Min Password Category 2 294 Enable Disable Admin Login Retry Times Ta T Retry Times 5 Enable Disable Password Expire Expire Password Days 90 x Enable Disable Admin Login Reuse Times Reuse Times 6 x There are three other default Administrative Account groups with predetermined permission settings and these permission settings can be customized 93 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Manager The manager can only access the configuration pages under User Authentication to manage the user accounts Authentication Settings Auth Option Auth Database Postfix Server 1 LOCAL local Server 2 RADIUS radiusi Server 3 RADIUS radius2 On demand User ONDEMAND ondemand FREE FREE N A Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts On demand Account Creation 11 min s connection time quota Valid until 12 00 the following day LI 10 91 Enabled Create ET Enabled Enabled Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 EJ Enabled OnDemand Manager The OnDemand Manager can only access the application programming interface and generate on demand user accounts from the
64. Manual HSG Wireless Hotspot Gateway ENGLISH IP address 192 168 1 10 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 254 Remember to set the TCP IP settings of the computer you use with a static IP address that is under the same subnet as SDS200W For example 192 168 1 20 Internet Protocol TCP IP Properties General You can get IP settings assigned automatically if your network supports this capability Othermise you need to ask your network administrator Far the appropriate IP settings O Obtain an IP address automatically 5 Use the following IP address IP address 1952 168 1 20 Subnet mask 255 255 255 Default gateway 192 766 1 254 5 Use the following DNS server addresses Prefered DNS server Po Alternate ONS server ee el The settings of SDS200W are separated into seven categories which are 1 System to setup the system name and device control 2 Uplink to determine wired wireless relevant parameters Any change on this page will take effect after rebooting the system Console to change console related settings for POS printers Utility to upgrade the firmware version or backup restore SDS200W s configuration settings Password to change administrator s password Reboot to reboot restart the system oS qe du w Status to overview device system uplink and radio status if available Setting Up SDS200W with the POS Printer Serial Setting
65. Number 1 number 2 Printa ticket of billing Number 1 with Number 2 ENTER units FUNC 1 ENTER To print out SDS200W s status FUNC 4 ENTER To clear what is pressed FUNC o ENTER To activate Safe Mode disabling the FUNC 1 ENTER shortcut key in order to protect SDS200W s information leakage 4 digit ENTER To disable Safe Mode ENTER To lock the keypad P N V11020131224 187
66. Number of units of Quota per ticket Group On demand users can be allocated to a defined User Group when On demand accounts are created The generated accounts may be downloaded for safe keeping or sent to printer for batch printout On demand Account Creation by Quick Button Available on HSG260 51 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual The Quick Button located on the front panel of HSG260 is a quick On demand account generation button This button is designed to create On demand accounts without the need to enter WMI There should be a serial POS printer such as the PRT100 which is directly connected to the console port of HSG260 When the administrator has properly connected a PRT 100 POS printer to the console port pressing this button will generate an On demand account using billing plan no 1 and print out the account credentials via the POS printer Please note that the corresponding billing plan no for this Quick Print button is always billing plan 1 Should the network administrator wish to configure different account types for generation please modify billing plan no 1 Only supports normal font for ticket customization 9 On demand Account List All created On demand accounts are listed and related information is also provided Authentication Black List Group Policy Schedule Firewall QoS Specific Route Privilege Additional Control Operator Main Menu gt Users gt A
67. RIBUTE HaxByteln 4GcB a intercdmer ATTRIBUTE HaxBvteln 3i3cB L intercger LL Step 5 Edit the file dictionary under the folder freeradius vivian linux vi usr share freeradius dictionary 138 User s Manua Step 6 To include dictionary HSG in the dictionary of RADIUS server insert it in an incremental position as follows INCLUDE dictionary ascend INCLUDE dictionary bay S INCLUDE dictionary bintec S INCLUDE dictionary cabletron INCLUDE dictionary INCLUDE dictionary cisco zi This is the same as the altiga dictionary H SSINCLUDE dictionary cisco wvpn3 n INCLUDE dictionarwy cisco vpn5 u INCLUDE dictionary cisco bbasm INCLUDE dictionary colubris INCLUDE dictionary erx Step 7 Open the radius database vivian linux mysql u root p radius Enter password Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with Welcome to the MySQL monitor Commands end with Your My50L connection id is 96 to server version Type help or ih for help Type c mysql gt step 8 Insert VSA into RADIUS response In this example the maximum download and upload traffics in bytes for group03 users is 1MBytes mysql gt INSERT INTO radgroupreply GroupWame Attribute op value VALUES group us3 cipherium Byre mount 1048576 i Query OK
68. The three or four digit code assigned to a customer s credit card number at the end of the credit card number found either on the front or back of the card O E mail An email address may be provided along with the billing information for a transaction This is the customer s email address and should contain an symbol 152 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH o Customer ID This is an internal identifier for customers that may be associated with the billing information for a transaction This information field may contain any format o First Name The first name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter John in the First Name field indicating this customer s name o Last Name The last name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter Doe in the Last Name field indicating this customer s name o Company The name of the company associated with the billing or shipping information entered on a given transaction o Address The address entered either in the billing or shipping information of a given transaction o City The city associated with either the billing address or shipping address of a transaction o State Astate associated with both the billing and shipping address of a transaction This may be entered as either a two character ab
69. a Local user01 when logged in to Public Zone will get Policy3 This is another common case for users that are assigned Policy by the authentication server gt l faUseris not assigned a Policy individually and the authentication server is also not assigned a Policy then the Global Policy will be applied to all users For example a Local user user01 is assigned to None Policy and the Local Authentication is also assigned to None Policy on User list Then user01 logged in to Public Zone will be applied with the Global Policy In conclusion the Global Policy has the lowest policy priority the User Policy has the highest priority 129 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Appendix B WDS Management Each of the Public Zone Public Zone Service Zone 2 Service Zone 3 of the HSG supports up to 2 WDS links WDS Wireless Distribution System is a function used to connect APs Access Points wirelessly to extend wireless coverage The WDS management function of the system can help administrators to setup two WDS links To configure WDS go to System gt gt Service Zones click Configure in Public Zone Service Zone 2 Service Zone 3 General WAN WAN Traffic IPv6 LAN Port Mapping Service Zones M vi c Main Menu gt System gt Service Zone Service Zone Settings S LAN Port Applied Poli IP Address Service Zone oe Network DHCP Pool Mapping Detail Name Default Authen Alias E ae Option IPv
70. able Enable Disable O Enable 9 Disable 600 Mbyte s 6 99 Client s Purchasing Record oot change the Number Internet Access Enjoy Online re Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding a new or editing service disclaimer Choose Billing Plan for Authorize Net Payment Page These 10 plans are the plans configured in the Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed Client s Purchasing Record O Starting Invoice Number An invoice number may be provided as additional information for a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change it Description Item Name This is the item information to describe the product for example Internet Access Email Header Enter the information that should appear in the header of the invoice 151 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH gt Authorize Net Payment Page Fields Configuration Authorize Net Payment Page Remark Content Authorize Net Payment Page Fields Configuration Item Credit Card Number Credit Card Expiration Date First Name Last Name Card Type Card Code E mail Customer ID Company v Address City State Zip Country Phone Fax Displayed text fileds must be filled Displa
71. addresses for redirection purposes When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination Select TCP or UDP for the service s type These settings will become effective immediately after clicking Apply Port and IP Forwarding Destination Translated to Destination No Type Remark IP Address Port IP Address Port 1 TCP UDP 9 TCP gt UDP TCP 3 UDP o T 4 CP UDP eo T E CP UDP Qo 6 TCP UDP o T 7 CP UDP 9 g 23 TCP UDP TCP UDP Q 10 gt TCP UDP 87 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 10 System Management and Utilities 10 1 System Time To configure System Time go to System gt gt General NTP Network Time Protocol communication protocol can be used to synchronize the system time with remote time server Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically Universal Time is Greenwich Mean Time GMT Manual setup is another option to set up the system time if you choose to set up the system time manually please enter the Year Month Day the current time and click Apply to activate the changes System Time 2010 06 17 10 41 24 Time Zone GMT
72. alid Usage time Expiration Time account lifespan a Quota Up QU a Activation Time Elapsed Time AT Deletion Time Creation Time DT Ea invalid Valid o Usage time with No Expiration Time Users can access internet as long as the account has remaining quota usable time Users need to activate the purchased account within the given time by logging in It is ideal for short term usage For example in coffee shops at airport terminals etc This billing type only deducts quota while the user is using internet Account will expire only when the quota is depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is carried out when the user logs in for the first time Failing to do so in the period set in Account Activation will result in account expiration Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information 142 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Editing Billing Plan Plan 3 Account Type Usage time Expiration Time C With Expiration Time 9 No Expiration Time day s hr s 4 mints Quota Range of day s 0 364 Range of hour s 0 23 Range of minsi
73. ame IP MAC Pkts In Bytes In Pkts Out Bytes Out Activation Time 1st Login Expiration Time Remark and other information of On demand user activities are included e Roaming Out User Log Each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities e Roaming In User Log Each line is a roaming in traffic history record consisting of 22 fields Date Type Name NSID NASIP NASPort UserMAC UserlP SessionIlD SessionTime Bytes in Bytes Out Pkts In Pkts Out Message and other information of user activities are included 114 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 11 1 7 Local User Monthly Network Usage Report To view Local User Monthly Network Usage go to Status User Log Monthly Network Usage of Local User The system keeps a cumulated record of the traffic data generated by each Local user in the last 2 calendar months Each line in the Monthly Network Usage of Local User record hyperlinked consists of 6 fields Username Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities o Username Username of the local user account o Connection Time Usage The total time used by the user o Pkts In Pkts Out The total number of packets received and sent by the user o Bytes In Bytes Out The total nu
74. arized Zone MAT Privilege Y Monitor IP Walled Garden Walled Garden Ad Proxy Server Local DNS Record DONS Client Mobility Main Menu gt Network gt NAT Network Address Translation DMZ Demilitarized Zone Public Accessible Server Configure Port and IP Forwarding Configure There are 40 sets of static Internal IP Address and External IP Address available Enter Internal and External IP Address as a set After the setup accessing the External IP address listed in DMZ will be mapped to accessing the corresponding Internal IP Address These settings will become effective immediately after clicking the Apply button The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface WAN that will change dynamically if WAN Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN interface 71 4ipnet Enable External IP Address External Interface Internal IP Address 10 16 29 79 WAN 4 6 NENNEN WAN v EE 1 NENNEN LN 8 tl WAN v L Cos L7 7 A Total 40 First Prev Next Last Go to Page 1 Page 1 4 Row per Page 10 72 4ipnet 7 2 Virtual Server User s Manual HSG Wireless Hotspot Gateway ENGLISH To configure Virtual Server go to Network gt gt Network Address Translation gt gt Public Access
75. as 9600 8 None 1 None Caution The main console is a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of the HSG is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system and the welcome screen or main menu should appear If the welcome screen or main menu of the console still does not pop up please check the connection of the cables and the settings of the terminal simulation program Wireless Hotspot Gateway HSG260 Basic Configuration Please select functions Change admin pa Reload factory default Restart Wireless Hotspot Gateway HSG260 Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems The utilities are described as follows 102 4ipnet User s Manual Y YV Y V WV HSG Wireless Hotspot Gateway ENGLISH Wireless Hotspot Gateway HSG260 Configuration Utility Please select utility Trace routing path Display interface settings Display routing table Display ARP table sniff on interface Display system up time Check service status Set devi
76. as an administrator is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10 0 0 3 he or she can access the web management page Management IP Address List No Active IP Address Segment No Active IP Address Segment 1 iV 0 0 0 0 0 0 0 0 2 al 3 E E f 5 E 6 7 8 9 E 10 a 11 rl 12 al 13 E 14 E 15 M 16 E 17 E 18 al 19 20 89 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH The default value is 0 0 0 0 0 0 0 0 It means that the WMI can be accessed by any IP address for security consideration please change this value before the system provides service 10 3 IP Address for Accessing User Log To configure User Log Access IP History go to System General General Settings for the Entire System System Name Wireless Hotspot Gateway Administrator Contact Information Suspend Warning Message Sorry The service is suspended x M V Use the name on the security certificate Internal Domain Name FQDN of this device for internal use e g controller office name com Disclaimer Page 2 Enable Disable Specific O Original None http www google com e g http www example com Portal URL Browser ID User Agent IEMobile 7 0 XBLWP7 e g IEMobile 7 0 XBLWP7 separate by comma UAM Filter Configure Specify an IP address o
77. atch Creating On demand Account Plan Account Type 1 Usage time Quota 1 day s of connection time quota with expiration Numbers 1 Number of tickets to batch create Username Password PER AIE Manual created Prefix 4ip A 2 0 9 and max length is 5 as Serial Number 1 1 5 digits and max length is 5 Postfix net A z 0 9 and max length is 5 Total length is less than 10 Password Randomly Same as username Admin Assign 4ipnet Valid Period After activation the account will be expired in 7 day s Total Price 3 99 Unit 5 Number of units per ticket Group Group 1 v Please confirm the information and press Create button to create accounts Account Type Show account type of the plan in Usage time Duration time or Hotel Cut off Quota The total amount of time interval or traffic volume for On demand users to access the network Numbers The desired number of accounts to be created from the plan Username Password Creation Usernames and passwords can be created randomly by system or self created by administrator Username To manually create a username the Prefix and Postfix can be chosen The serial number increases at single increments when batch accounts are created Password Passwords are customizable and can be created randomly by system or self created by administrator Valid Period Shows when the account will expire Total Price For each plan this is the unit price charged for an account Unit
78. authenticated by other gateways using this HSG s On demand database as RADIUS database On demand Roaming Out User List Bytes In Out Login Time Name IP Address MAC Address NAS ID oe Pkts In Out Last Update Time Total 0 First Previous Next Last Go to Page Y Page 1 1 Row per Page 50 v Refresh Refresh Disable 111 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 11 1 5 Session List This page allows the administrator to inspect sessions currently established between a client and the system Each result displays the IP and Port values of the Source and Destination You may define the filter conditions and display only the results you desire System Users Access Points Network Utilities System Interface HW Routing Table Current Users Session List User Logs Logs DHCP Lease Y Report amp Notification Main Menu gt Status gt Session List Filter Address Family Protocol Source IP Port Destination IP Port IPv4 Al w Apply Filter Display Mode ALL v Total 133 First Prev Next Last Goto Page Y Page 1 7 Row perPage 20 Session List No Protocol Source IP Port Destination IP Port State Timeout 1 udp 192 168 1 254 36031 168 95 1 1 53 UNREPLIED 1 2 udp 192 168 1 254 49431 168 95 1 1 23 UNREPLIED 0 11 1 6 User Log To view User Log go to Status gt gt User Log This page is used to check the traffic histor
79. authorized to roam by entering the IP address Subnet Mask and Secret Key 2 Ticket Customization On demand account ticket can be customized here and previewed on the screen Ticket Customization None usD GBP EUR Input other desired monetary unit e g AU Currency WLAN ESSID HSG260 Wireless Key Receipt Header 1 Welcome Receipt Header 2 Receipt Header 3 Receipt Footer 1 Thank You Receipt Footer 2 Receipt Footer 3 Remark None Background Image Default Image Uploaded Image Edit Number of Tickets 9 1 2 Preview Currency Select the desired currency unit for charged internet access WLAN ESSID The entered name will be the ESSID of the Public Zone 46 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual e Wireless Key The wireless key configured in Public Zone Settings will be shown e Receipt Header Optional There are 3 receipt headers supported by the system The entered content will be printed on the receipt e Receipt Footer Optional There are 3 receipt footers supported by the system The entered content will be printed on the receipt e Remark Enter additional information that will appear at the bottom of the receipt e Background Image You can choose to customize the ticket by uploading your own background image for the ticket or choose none Click Edit to select the image file and then click Upload The background image file size limit is 100 Kbytes No limi
80. be 1 Opw Required String Old password Npw Required String New password Npwc Required String Confirmed new password ret url Required String URL encoded Return URL Output Client would return to ret_url and gateway would add result in ret_url which indicates the result of changing password Field Value Description Result String including Result and error messages Change password successfully User password is incorrect Invalid password format e Redeem On demand user Path LAN IP address or Internal Domain Name loginpages redeemuserlogin shtml Input Field Required Value Description Uid Optional String Current user ID If not presented user name stored in cookie is the default value upassword Optional String Current user password If not presented password stored in cookie is the default value myusername Required String Redeem user ID mypassword Required String Redeem user password ret url Optional String URL encoded Return URL login successful page is the default value Output If no ret url is presented client would be led to login successful page and in addition a JavaScript window would 172 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH pop up and show the result If ret_url is presented client would return to ret_url and gateway would add an additional variable rmsg to indicate redeem procedure result Field Value Description rmsg String including Result and error messages R
81. be displayed e Description Any additional message for administrator s reference e Display Choose Display to display advertisement hyperlinks on the login pages 82 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 8 2 After Login 8 2 1 Start Page URL after Successful Login To configure the Start Page URL after a successful user login go to System General When this function is enabled the administrator can choose to set the URL of an opened browser after users initial login System Name Administrator Contact Information Suspend Warning Message Internal Domain Name Disclaimer Page Start Page URL General Settings for the Entire System Wireless Hotspot Gateway Sorry The service is suspended V Use the name on the security certificate FQDN of this device for internal use e g controller office name com 2 Enable Disable 9 Specific Original None http www google com e g http www example com Browser ID User Agent IEMobile 7 0 XBLWP7 e g IEMobile 7 0 XBLWP7 separate by comma When this function is set to None after users logged in successfully users will simply use the original homepage set on the users browsers 83 User s Manual e 4UneU hsg wireless Hotspot Gateway ENGUSH 8 2 2 Idle Timer To configure Idle Timer go to Users gt gt Additional Control If a user has idled with no network activities the system will automatically
82. breviation or the full text name of the state o Zip The ZIP code represents a five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits o Country The country associated with both the billing and shipping address of a transaction This may be entered as either an abbreviation or full name o Phone A phone number associated with both a billing and shipping address of a transaction Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number o Fax Afax number may be associated with the billing information of a transaction This number may be entered as all number or contain parentheses and dashes to separate the area code and number Authorizie Net Payment Page Remark Content Enter additional details for the transaction such as Tax Freight and Duty Amounts Tax Exempt status and a Purchase Order Number if applicable 153 4ipnet 2 Payments via PayPal User s Manual HSG Wireless Hotspot Gateway ENGLISH To configure Payments via PayPal go to User gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt PayPal Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account After opening a PayPal Business Account the hotspot owners should find the
83. c or Private shall be checked to enable logging the HTTP Web Log of this interface 122 User s Manual e 4upneU sce Hotspot Gateway ENGHSH 12 Advanced Applications 12 1 Upload Download Local User Accounts To Upload Download Local Users Accounts go to Users Authentication click Configure for the Local Authentication Database Or click Quick Links Local User Management from system Home page Local User Database Settings Local User List Enable 9 Disable Local user database will be used as authentication database for roaming out users Enable 9 Disable 802 1X Authentication Local user database will be used as internal RADIUS database for 802 1X enabled LAN devices such as AP and switch Account Roaming Out e Upload User Click Upload User to enter the Upload User from File interface Click the Browse button to select the text file for uploading user accounts then click Upload to complete the upload process Authentication Black List Group Policy Schedule Firewall QoS Specific Route Privilege Additional Control Operator Main Menu gt Users gt Authentication gt Option gt Local gt Local User Lis Add User Upload User Ji Download User Search Local User List Applied Group MAC Address Username Password Account Status Begin Date End Date Remark Group 1 useri useri Valid Delete Total 1 3000 First Prev Next Last GotoPage Pa
84. ccessful Page Variables Field Value Description Uid otring User ID postfix is included Utype String LOCAL RADIUS Authentication server name ONDEMAND POPS LDAP SIP NT Domain Umac MAC format separated by Client MAC address sessionlength Integer Sec RADIUS user session length Only available for RADIUS user byteamount Integer Bytes RADIUS user volume limit Only available for RADIUS user idletimeout Integer Sec Idle timeout acct interim interval Integer Sec RADIUS accounting interim update interval Only available for RADIUS user Logouturl String URL encoded The URL which shall be submitted when user want to logout Change_passwd_url String URL encoded The URL which shall be submitted when user want to change 165 4ipnet ondemand creation url Vianid Gwip client_ip SZ Group Policy max_uplink max_ downlink req_uplink req_downlink next_page CLASS WISPR SESSION TERMINATE TI ME WISPR SESSION TERMINATE E ND OF DAY WISPR BILLING CLASS OF SER VICE WISPR LOCATION ID WISPR LOCATION NAME WISPR BILLING TIME Session e External Error Page Variables Field Msg String URL encoded Integer 1 4096 IP format IP format Integer Integer Integer Integer b s b s b s Integer b s Integer Integer b s b s b s b s String String String format YYYY MM DDThh mm ssTZD Integer 0 1 String String String String format HH MM String
85. ccount will expire even if there is remaining quota Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information 145 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Editing Billing Plan Plan 1 Account Type Volume TRES 500 Mbyte s Range 1 1000000 Aa cdnndd First time login must be done within 1 day s 1 Activation hour s Range of hour s 0 23 they cannot both be zero After activation account will be expired in 1 day s Valid Period Must be larger than 0 1 Price Range 0 100000 including two digits after decimal point e g 1 99 Group Group4 v Reference TIP If the Account Type is Volume Customer can access internet as long as the account is valid within the valid period with remaining quota traffic volume Customer also needs to activate the issued account within a given time period by logging in for the first time Volume account lifespan lt 51 Quota up QU lt lt Activation Time Expiration Time AT ET Creation Time Ralajinp Time CT E Invalid Valid Volume account lifespan Quota Up QU Activation Time Expiration Time AT ET Deletion Time Creation Time DT CT my Invalid Valid 14
86. ce into safe mode Synchronize clock with NIP server Print the kernel ring buffer Main menu Ping host IP By sending ICMP echo request to a specified host and waiting for the response to test the network status Trace routing path Trace and inquire the routing path to a specific target Display interface settings It displays the information of each network interface setting including the MAC address IP address and Netmask Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings Display ARP table The internal ARP table of the system is displayed oniff on interface This is used to confirm if data packets are passing through the interface Display system up time The system life time time for system being turned on is displayed Check service status Check and display the status of the system Set device into safe mode This is used if the administrator is unable to use Web Management Interface via browser when the system fails inexplicitly The administrator can choose this utility and set it into safe mode which enables him to manage this device with browser again Synchronize clock with NTP server Immediately synchronizes the clock through the NTP protocol and the specified network time server Since this interface does not support manual setup for its internal clock we must reset the internal clock through the NTP Print the kernel ring buffer It
87. cies and assigned Groups belonging to these Policies in the RADIUS Server Step 2 Run Internet Authentication Server and open Remote Access Policies Right click Policy and scroll down to the Properties page 133 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH ri Recycle Bin Getif 2 3 1 RADIUS Server Desktop y n H t File Action View Help Aon RADIUS Clients EF RADIUS MAC E J Remote Access Logging S stressuses il sl Authenticati Employee ish si2h Groupi Idle3m Session5m g it Group Sessionlzm B oupa Un limited H Move Up Move Down Internet bay Groups Idlebm MAS ID match cipher Groups MAS ID match other Connections to Microsoft Routing andF Delete Informatio Connections to other access servers Rename 1 records cs Director CEME aj je Certification Remote Authority Desktop F A Hu pg n Me Opens property sheet For Ehe current selection Command Services Click Edit Profile and select the Advanced Tag Click Add to add a new Vendor specific attribute Group3_Unlimited Properties Settings Specify the conditions that connection requests must match Policy conditions Edit Dial in Profile Ei Wirdowes Groups ae s le ue Dial in Constraints IF b utilin Authentication Encryption Advanced Specify addition FEET PER Access Server Attributes To add an attribute to the Profile select the attribute and
88. clicking Apply 76 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 7 4 Disable Authentication in Public Zone To disable Authentication in Public Zone go to System gt gt Service Zones click Configure in Public Zone Service Zone Settings g LAN Port Applied Poli IP Address Service Zone EN zii Network DHCP Pool Mapping Detail Name Default Authen Alias zx md Option IPv6 Address Status Policy 1 192 168 1 254 e Le L Jt 192 168 1 1 Private N A 192 168 1 100 Configure Disabled N A Enabled Policy 1 172 21 0 254 172 21 0 1 Public N A 172 21 0 100 Server 1 N A Enabled Authentication Settings WISPr Configuration Configure Auth Option Auth Database Postfix Default Enable Server 1 LOCAL local 3 Iv Server 2 RADIUS radiusi a Ivi Authentication Options Server 3 RADIUS radius2 l Iv On demand User ONDEMAND ondemand Iv FREE FREE N A E e Authentication Required For the Zone When it is disabled users will not need to authenticate before they get access to the network within Public Zone 77 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 8 User Login and Logout 8 1 Before Login 8 1 1 Login with SSL To configure HTTPS go to System gt gt General HTTPS HTTP over SSL or HTTP Secure is the use of Secure Socket Layer SSL or Transport Layer Security TLS as a sub layer under regular HTTP application layering HTTPS encrypts and decrypts user page requests as
89. create on demand user accounts This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment Major functions include accounts creation users monitoring list billing plan and external payment gateway support o e B System a Network Utilities Status m Aj Aj N oe ARN Al Authentication Black List Group Policy Schedule Firewall QoS Specific Route Privilege Additional Control Operator Main Menu gt Users gt Authentication gt On demand User Server Configuration Authentication Server On demand User General Settings Configure Ticket Customization Configure Ticket Template Customization Configure Billing Plans Configure External Payment Gateway Configure On demand Account Creation Create On demand Account Batch Creation Create On demand Account List View 1 General Settings This is the common setting for the On demand User authentication option c 55 e A e System So Network Utilities Status A Authentication Black List Group Policy Schedule Firewall QoS Specific Route Privilege Additional Control Operator Main Menu gt Users gt Authentication gt On demand User Server Configuration gt General Settings General Settings Postfix ondemand Remaining Volume Sync Interval 10min s i5min s 20min s Terminal Server Configure Ex
90. ction allows administrator to assign users to receive Disconnect Messages Change of Authorization from the server and sessions can be terminated instantly Click Configure to enter the IP addresses of the users Attributes Priority This section shows the Standard RADIUS attributes which include Session Timeout Idle Timeout and Acct Interim Interval and WISPr Vendor Specific Attributes These attributes are predetermined and if needed choose Overwrite Server s Setting to make changes 43 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Primary Secondary RADIUS Server Authentication Server Enter the domain name or IP address of your RADIUS Server Authentication Port Enter the Port number used for authentication Accounting Port Enter the Port number used for accounting Authentication Secret Key Secret Key used for authentication Accounting Service Enable Disable RADIUS accounting Accounting Server Enter the domain name or IP of your accounting server Authentication Protocol Select Challenge Handshake Authentication Protocol CHAP or Password Authentication Protocol PAP Accounting Secret Key The key between the RADIUS server and the gateway to test the authenticity of the link 44 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 5 1 3 On Demand User On demand User Server Configuration The administrator can configure this authentication method to
91. d Period is the valid period of usage time After this time period even if there is remaining quota the account will still expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 2 Account Type Usage time v Expiration Time ith Expiration Time Na Expiration Time F day s 2 hris 3 mints Quota Range of day s 0 364 Range of houris 0 23 Range of min z 0 59 they cannot all be zero First time login must be dane within 4 day s Is Account Activation hour s Range of hour 2 O 23 they cannot both be zero Valid Period After activation account will be expired i 6 day s i Must be larger than 9 P iis Price Range Q 100000 including two digits after decimal point e g 1 99 Group Group 1 Reference O TIP If the Account Type is Usage Timea Customer can access intemet as long as the account is valid with remaining quota connection time and within the valid period Customer alse needs to activate the issued account within a given time period by logging in for the first tira Apply 141 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Usage time Expiration Time account lifespan Quota up QU Activation Time Elapsed Time AT Creation Time beer um CT D Invalid V
92. ddress translation tables used by address resolution protocol ARP 100 4ipnet 10 11 Monitor IP Link To configure Monitor IP Link go to Network gt gt Monitor IP User s Manual HSG Wireless Hotspot Gateway ENGLISH The HSG will send out a packet periodically to monitor the connection status of the IP addresses on the list On each monitored item with a WEB server running administrators may add a link for easy access by entering the IP selecting the Protocol to http or https and then clicking Create After clicking Create the IP address will become a hyperlink and administrators can easily access the host remotely by clicking the hyperlink Click the Delete button to remove the hyperlink if needed No 10 Protocol http v http v http v http v http 7 http v http v http v http v http v IP Address Monitor IP List 101 Hyperlink Create Create Create Create Create Create Create Create Create Create Remark HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 12 Console Interface Via the console port administrators can enter the console interface to handle problems and situations occurred during operation 1 In order to connect to the console port of the HSG a console modem cable and a terminal simulation program such as the Hyper Terminal are needed 2 Ifa Hyper Terminal is used please set the parameters
93. e system e Downlink It specifies the maximum downlink bandwidth that can be shared by clients of the system 16 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 3 5 Whatis a Service Zone To configure a Zone go to System gt gt Service Zones A Zone is a logical network area that covers wired or wireless networks or both of them By associating it with a unique ESSID of a Zone wireless network is divided into different logical zones Clients attempting to access the resources within a Zone will be controlled based on the access control profile of that Zone such as authentication security features wireless encryption methods traffic control etc There are four Zones that can be utilized by the HSG gateway Private Zone Public Zone Service Zone 2 Public and Service Zone 3 Public as shown in the table below Private Zone means clients are not required to be authenticated before using the network service However clients in Public Zone are required to obtain authentication before using the service Service Zone Settings LAM Port r Applied Policy IP Address Se For Mappin E tm Sx DHCP Pool pp Details efau uthen m Option IPv6 Address Status 192 168 1 1 Private 192 1868 1 100 Configure Disabled N A Enabled Policy 1 192 168 11 254 UG Public singin ng ein Configure 197 168 11 100 Server 1 N A Enabled 1 2 22 0 1 172 22 0 100 Server 1 N A Disabled 192 168 13 1 A 192 16
94. e users managed by Default Authentication all the other ones with different servers should log into the system with usernames containing postfixes to identify which authentication option they belong to The postfix can be set for each Authentication database by clicking the Auth Option 5 2 3 An Example of User Login Normally users will be authenticated before they get network access through HSG gateway This section presents the basic authentication process of end users Please make sure that the HSG gateway is configured properly and the network related settings are done 55 User s Manual e FUIPTMCU cures Hotspot Gateway ENGISH 1 Connecta client PC to Public Zone of HSG gateway Open an Internet browser and try to connect to any website in this example we try to connect to www google com a The default user login page will appear in the browser 4ipnet User Login Page Free Login Page Username Password Lr Remember Me Copyright c 2 Enter the username and password for example we use a local user account test local here and then click Login f the Remember Me checkbox is checked the browser will store the username and the password on the current computer in order to automatically login to the system at the next login Then click the Login button The Remaining button on the User Login Page is for on demand users only this is where they can check their Remaining quota 3 Successf
95. ed information that corresponds to a topic Indicates that clicking this button will apply all of your settings Indicates that clicking this button will save the changes you made but you must reboot the system upon the completion of all configuration settings for the changes to take effect The red asterisk indicates that information in this field is compulsory en Indicates that clicking this button will clear what you have set before the settings are applied 4ipnet 1 3 Package Checklist The standard package of Hotspot Gateway Series HSG includes HSG260 HSG320 HSG327 x 1 CD ROM with User s Manual and QIG x 1 Quick Installation Guide QIG x 1 Ethernet Cable x 1 Console Cable x 1 Not included for HSG327 Power Adapter DC 5V x 1 HSG260 Power Adapter DC 12V x1 HSG320 Detachable antenna x 2 for HSG260 and x 4 for HSG320 Caution It is highly recommended to use all the supplies in the package instead of substituting any components with other suppliers to guarantee best performance User s Manual HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 2 System Overview and Getting Started 2 1 Introduction of the Hotspot Gateway HSG Series The HSG gateway series is the most economical and feature rich Wireless Hotspot Gateway targeting mini size stores that want to provide small single point wireless Internet access service The HSG gateway is a
96. edeem process completed Original user name can not be found from the database Redeem user name can not be found from the database Original user password is incorrect Redeem user password is incorrect Original user type and ondemand user type do not match Original user has not login Redeem user login already Had been redeemed before User run out of quota Maximum allowable time is exceeded Maximum allowable memory space is exceeded Wrong postfix please check it This account is expired 173 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH On demand account creation Local User Path LAN IP address or Internal Domain Name Aoginpages UserAuthentication OnDemandhRecept shtml Input Field Required Value Description buttonNo Required Integer 1 10 Billing Plan No random Optional Integer A random number this number is to prevent quick click issue in IE 6 0 ret url Optional String URL encoded Return URL Output If no ret url is presented the client would be led to a ticket page in our UI style If ret url is presented client would be returned to ret url and receive the result containing created on demand account information Field Value Description Result String the format is separated by If ret url is presented the client y would return to ret url page and carry the result valuable expiretime is account expiration username time which is a Linux ti
97. em Management and Utilities eee eee eee eene eene ee eee seen eee en esten eee en esten e etaae 88 On ME cM BI RN 88 10 2 Management IP Address list arriere iter certe one t qula Satu rete ck ed Dada o ru ttt So Pat udes ele sn veda Do aga 89 10 3 IP Address for Accessing User Log 0 ccccccccssssscesssscessscccssseccessececessescessececssscecessececsssescesseeecssaeecens 90 io ONMP J 9 POSE Adminis UA LO RNC RR 9 02 10 6 Change Admin Passwords un sesesbesestatiekute cuta teTbsd du etu sbosen bab istut acu su eT eo Pent eu based PeDla Nut ees aons iiaiai 95 iii 4ipnet cts HSG Wireless Hotspot Gateway ENGLISH 10 7 Backup Restore and Reset to the Factory Default sseseeeeennee 96 IS 0 Ua 00 CORR Upra NR Tm 97 IOO I NR en a en ee eee nee Eee Ee eR ee nT mee ne ee mene ee 98 WAON 0 1176 il lO fh le ARR uu 99 BOAO Vy Ace DM TR 100 BO M diocmK 100 OAS mM De Gol Noms 100 10 10 4 Show ARP Table ssssseseeeeeeeeeenn n eene nemen eeeennhen nere esee sette enne trete esseere eseese reese seee ena 100 O Monor db ooi Cx 101 1935 Console Intel I Buone here risa pU DURUM ee E PRU CAP ee 102 11 System Status and Reports ania edo WI VENCER P WEITERE 10
98. enticated successfully before surfing the Internet There are two types of deployment mode for networks attached to the LAN ports of the WHG Controller Port Based mode and Tag Based mode Configuration Path Main Menu gt gt System gt gt LAN Ports Port Based Service Zone Port Based mode operates with the principle that each physical LAN port can be mapped to an enabled Service Zone or disabled from providing service Operating under port based mode therefore means the maximum amount of Service Zones available to actually provide service is determined by the number of LAN ports on the Hotspot Gateway 18 User s Manual e i 4ApneU asc wees Hope Gateway ENGISH General WAN Y WAN Traffic IPv6 LAN Port Mapping Service Zones Layer 2 Firewall Main Menu gt System gt Service Zone Port Role LAN Ports and Service Zone Mapping Select the mode for Service Zone Port Based Tag Based Specify a desired Service Zone for each LAN Port Privat Tag Based Service Zone Tag Based operation mode operates under the principle that different Service Zones are identified by VLAN ID This means that Tag Based operation allows each physical LAN port to accept traffic for any enabled Service Zones Traffic handling will be processed internally according to the VLAN ID traffic packets carry General WAN WAN Traffic Y IPv amp LAN Port Mapping Service Zones Layer 2 Firewall Main Menu gt Syste
99. er Firewall Rules After the custom protocol is defined or just use the Predefined Service Protocols you will need to enable the Firewall Rule to apply these protocols Firewall Rules for IPv6 is also supported o Firewall Rules Click Rule No to edit individual rules and click Apply to save the settings The rule status will be shown on the list Check the Active checkbox and click Apply to enable the rule Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced It can be set to Always Recurring or One Time 64 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Firewall Profile 1 Firewall Rules CreateaNew Rule Source Destination No Active Action Rule Name Service Schedule Operation Source Interface Destination Interface 7 Page 1 1 Row perPage 20 v Selecting the Filter Rule Number 1 as an example Policy 1 Edit Filter Rule Rule Number 1 Rule Name Source Destination Interface 7Zone ALL Interface 7one ALL IP Address 0 0 0 0 IP Address hi 0 0 0 0 Subnet Mask 0 0 0 0 0 Subnet Mask 0 0 0 0 0 MAC Address Service Protocol ALL Y Schedule Always Recurring One Time Action for Matched Packets 9 Block Pass o Rule Number This is the rule selected 1 Rule No 1 has the
100. er a destination host is reachable and alive by entering the destination host s domain name or IP address and then press Ping button Trace Route displays the actual route taken to reach the destination host Entering the destination host s domain name or IP address and then press Start button to see the route ARP Table is for displaying ARP information stored on the system Network Utilities Wake on LAN MAC e g XX XXX HXX XX XX XX Wake Up Ping IP Domain Name Ping Trace Route IP Domain Name Start IPv4 ARPing IP Domain Name Interface WAN1 v ARPing ARP Table Show Ping6 IP Domain Name Ping6 Trace Route 6 IP Domain Name Start IPv6 Neighbor Discovery IP Domain Name Interface WAN1 v Discovery Neighbor Cache Show 99 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 10 1 Wake on LAN This allows the system to remotely boot up a power down computer connected to a LAN port with Wake On LAN feature enabled in its BIOS Enter the MAC Address of the desired device and click Wake Up to execute this function 10 10 2 Ping It allows administrator to detect a device using IP address or Host domain name to see if it is alive or not 10 10 3 Trace Route It allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name 10 10 4 Show ARP Table It allows administrator to view the IP to Physical a
101. er on off the system during the upgrade or restart process It may damage the system and cause malfunction 97 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 10 9 Restart To perform system restart go to Utilities gt gt Restart This function allows the administrator to safely restart the HSG and the process takes approximately three minutes Reason for restarting the system can be entered for record purposes Click YES to restart the HSG click NO to go back to the previous screen Do NOT power off during system restart as this might damage the system If the power needs to be turned off it is highly recommended to restart the HSG first and then turn off the power after completing the restart process Administrator Account Backup amp Restore System Upgrade Restart Network Utilities Certificate Do you want to RESTART the system Reason Caution The connection of all online users to the system will be disconnected when system is in the process of restarting 98 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 10 10 Network Utility To configure Network Utility go to Utilities gt gt Network Utilities System provides some network utilities for administrators Both IPv4 and IPv6 are supported Wake on LAN is for waking up remote devices that supports Wake on LAN feature by entering the MAC address of the target device and then press Wake Up button Ping is to see wheth
102. er over Ethernet m is supported for the WAN port The ports for connections with LAN side devices 6 LAN Ports 1 2 The ports for connections with LAN side devices Console Port To access HSG320 via the console interface 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Restart 5 6 Reset 39 Q e e ee eo WES WES 12V wench WLAN LAN LAN A B PoE 1 Power 2 Status 3 WLAN A 4 WE S A 5 WLAN B 6 WES B Rear Panel Ea 12V 2A Power Jack Socket for the power adaptor Restart Reset Press once to restart the system Press and hold for more than 5 seconds to reset to factory default WES Button WDS Easy Setup Press the button to build up a WDS link with another peer WDS Easy Setup Press the button to build up a WDS link with another peer LED Indicators 4 LED lights are available What the numbers stand for is listed at the bottom of pem deem etn WAN For attaching an Ethernet cable to an uplink service PoE Power over Ethernet LN is support for the WAN port LAN Ports 1 2 Attach Ethernet cables here to connect to the wired local network 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 2 4 System Requirement e Gigabit Ethernet network cables with RJ 45 connectors e All PCs need to install the TCP IP network protocol 2 5 Installation Steps Please follow the steps mentioned below to install the hardware of
103. ere e Privilege Profile Enable or Disable Users privilege to change password Administrator can set the maximum sessions per user here Policy 1 Policy 5 Beside Global Policy Policy 1 to Policy 5 each consists of access control profiles that can be respectively configured and applied to a certain authentication server or user Policy Configuration Policy 1 Select Policy Policy 1 v Firewall Profile Firewalli v Configure QoS Profile Trafficl v Configure Specific Route Profile Specific Route 1 v Configure Privilege Profile Privilege 1 v Configure e Select Policy Select a desired policy profile to configure e Firewall Profile Each Policy has a firewall service list and a set of firewall profiles consisting of firewall rules e QoS Profile QoS profile defines the traffic class for the users governed by this Policy e Specific Route Profile The default gateway of a desired IP address can be defined in a policy When Specific Routes are configured here all clients applied with this policy will access the specific destination through these gateway settings e Privilege Profile Enable or Disable Users privilege to change password Administrator can set the maximum sessions per user here 61 4ipnet 6 3 1 Schedule User s Manual HSG Wireless Hotspot Gateway ENGLISH gt Schedule Profile Click User gt gt Schedule to enter the configuration page and shows the Permitted L
104. ess the Internet without paying additional fee Max User is to define the maximum number of users allowed for accounts created with this billing plan Unit Price is the daily price of this billing plan It is mainly used in hostel hotel venues to provide internet service according to guests stay time Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 2 Account Type Hotel Cut off Time Hotel Cut off time 12 12 HH MM range 00 00 23 59 Grace Period Account remains usable for 0 5 hour s after cut off Max User 999 user s Unit Price Group 1 per day Range 0 100000 including two digits after decimal point e g 1 99 Reference TIP The Hotel Cut off time Account Type is designed for hotel applications and conforms to check in out scenario For cut off applications within one day for example the account expires upon bookstore s closing hour 11PM please select Duration Time One day stay in Hotel terms is counted from a customer s check in time to the check out time on the following day When a tenant checks in for one or multiple days the operator can generate an account ticket based on the number of the over night stay The account will be cut off on the specified cut off time normally the hotel s check out time after the n
105. etting Started 1 e eeeeeeeee sees eere eene tenues 3 2 1 Introduction of the Hotspot Gateway HSG Series nennen 3 De VCC Melo m EE 3 2 2 The HSG Series Hardware Overview eeeeeeseeeeeeee eee eene eee eene eenneehe teen neeeeess sess esee esee seen t nn 4 DL OERO eME Docente susp iiesn IA ICTU TRRIDI SMEs DIEN er 8 Dm BUNS CUM NOTA CS cane ee eei e emetic asec saves taeda eat ume tatvane E tu UE ERU uU 8 2 6 Access Web Management Interface cceccccccsssccesssccessecccssscscesseecessecscessescesseeccsssescesseecessaescesees 9 3 Incorporate HSG gateway to the Network eere eee eerte eere eene 11 cM Id MT NSP LN 11 oa COM ES Mw mum 11 Sar CUIU RT J vvvv 12 S MEPILUNCNCN Tm 12 DEOS MEM ud TORRE 13 XN db RE H 14 25 Internet Corinectiofi Deve COM seresa e E E E TEE 15 3 4 WAN Bandwidth Control oo eceeesssssssscsccccccccecccecessssssssssssssceceecesccseceeseseesssssssssssseeeeseeseceeees 16 25 What isa Serice ON Rm 17 Bd JPOPEROLIG NSSITDIHOGHD ea E E T TAE EA eee ATES 18 3 5 2 Planning Your Internet Network eese ener enne nennen erre e nnne enne e nnns 20 55 9 SonDIP ure Zone TNOEWOEI iatis tatiica tI d Rima UD qu SOU Edo REATUS a RII o ADU n a a PDC NI ISIN TDI CN FER PISO NS 21 4 Let Your Network Be a Wireless Network
106. f the administrator s computer or a billing system to get billing history information of the HSG with the predefined URLs The file name format is yyyy mm dd such as the following Traffic History https 10 2 3 213 status history 201 2 02 10 On demand History https 10 2 3 213 status odhistory 2012 07 10 90 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 4 SNMP To configure SNMP go to System gt gt General The HSG supports SNMP v1 v2c If this function is enabled the SNMP Management IP and the Community string can be assigned for SNMP management applications to access the system General Settings for the Entire System System Name Wireless Hotspot Gateway Administrator Contact Information Suspend Warning Message Sorry The service is suspended x V Use the name on the security certificate Internal Domain Name y FQDN of this device for internal use e g controller office name com Disclaimer Page Enable 9 Disable Specific Original None http www google com e g http vwvww example com Portal URL Browser ID User Agent IEMobile 7 0 XBLWP7 e g IEMobile 7 0 XBLWP7 separate by comma UAM Filter Configure User Log Access IP Address e g 192 168 2 1 Management IP Address List Configure Q9 Enable Disable SNMP Configure SNMP Configuration List Item Manager IP Address Read Community Write Community 10 91 HSG Wire
107. fault password in the User Name and Password fields Click LOGIN to log in A Username Password Change password User s Manual 4wpneU ssp Gateway ENGISH After a successful login a Home page with four main buttons will appear on the screen OLogout Help Setup Wizard Quick Links System Main Menu Overview Caution If you can t get to the login screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address and the default gateway are not under the same network segment Please set your PC with a static IP address such as 192 168 1 xx in your network and then try it again 10 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 3 Incorporate HSG gateway to the Network 3 1 Network Requirement In the general network environment the main role of the HSG gateway is to manage all the network access from internal network to Internet Thus the first step is to prepare an Internet connection from your ISP Internet Service Provider and connect it to the WAN port of the HSG gateway 3 2 Configure WAN Port There are 3 connection types for the WAN Port Static Dynamic and PPPoE These connection types are enough to support most ISPs Now let us discuss how to configure the WAN port Go to System WAN 0wC 35 T P 6 Users Network Utilities Status General YW
108. ference field allows administrator to input additional information Editing Billing Plan Plans Account Type Duration time E Counting Method Elapsed Time Begin and end Time Cut off Time Begin Time Upon Account Creation Cut off Time HH MM range 00 00 23 59 1 user s Range 0 100000 including two digits after decimal point e g 1 99 mA ee TIP When the Account Type is Duration time three Counting Methods may be used to decide when the account expires 1 Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Time specifies that the account is valid between the two time points Duration time Cut off Time account lifespan exapmle showing Cut off on 23 00 23 00 Cut off Time Creation Time CT Deletion Time DT L1 Invalid Valid 148 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual o Duration time with Begin and End Time This plan defines explicitly the Begin Time and End Time of the account Count down begins immediately after account activation and expires when the End Time is reached This plan is ideal for providing internet service throughout a specific period of time for example during exhibition events or large conventions such as Computex where each registered partic
109. ful page Variables Field Value 168 VLAN ID Gateway activated IP address Description User ID postfix is included VLAN ID Gateway activated IP address Description 4ipnet Uid Utype Umac sessionlength String String LOCAL RADIUS ONDEMAND POP3 LDAP SIP NT Domain MAC format separated by Integer Sec byteamount Integer byte idletimeout Integer Sec Logouturl String URL encoded redeemur String URL encoded Vlanid Integer 1 4096 Gwip IP format client ip IP format Sz Integer Group Integer Policy Integer next_page String max_uplink Integer b s max_downlink Integer b s req_uplink Integer b s req downlink Integer b s Session String External Logout Fail Page Variables Field Value Uid String Gwip IP format Vlanid Integer 1 4096 URL Variables to Gateway This section shows a list of URL variables of the external pages to be sent to the Gateway with its corresponding User s Manual HSG Wireless Hotspot Gateway ENGLISH User ID postfix is included Authentication server name Client MAC address On demand user s quota of time type On demand user s quota of volume type Idle timeout Logout URL Redeem URL VLAN ID Gateway activated WAN IP address Client IP address Service Zone ID Group index Policy index Leads client to URL Maximum up link rate Maximum down link rate Minimum up link rate Minimum down link rate Encrypted se
110. ge 1 1 Row per Page 10 Note 1 The format of each line is Username Password MAC Address Applied Policy Remark without the quotes There must be no space between the fields and commas The MAC field could be omitted but the trailing comma must be retained When adding user accounts by uploading a file existing accounts in the embedded database that are also defined in the data file will not be replaced by the new ones Note 2 Only 09 AZ avz and J are acceptable for password field Upload User from File File Name Browse 123 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH When the system uploads a file any format error or duplicated username will terminate the uploading process and no account will be uploaded Please correct the format in the uploading file or delete the duplicated user accounts in the database then try again e Download User Use this function to create a txt file with all Local user account information and save it on a disk Authentication Black List Group Policy Schedule Firewall QoS Specific Route Y Privilege Additional Control Operator Main Menu gt Users gt Authentication gt Option gt Local gt Local User List gt Dovnload Download User to File Applied Group MAC Address Username Password Expire Time Enabled Begin Date End Date Remark 1 userl userl Disable Download 124 4ipnet User s Manual HSG Wireless Hots
111. gs of the HSG 96 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 10 8 Firmware Upgrade To configure Firmware Upgrade go to Utilities gt gt System Upgrade The administrator can download the latest firmware from the website and upgrade the system here Select the latest firmware with Browse button then click Apply the system will upload the file and restart to perform the upgrade process The firmware upgrade process can also be done via FIP It might take a few minutes before the upgrade process completes and the new firmware s WMI interface appears System Firmware Upgrade Current Version 1 00 00 File Name Apply IP Address Port Upgrade by FTP Anonymous Q Yes O No File Name Apply ex file name or dir file name Note For maintenance purposes we strongly recommend you to backup the system settings before the upgrade Note After clicking Apply the system will begin uploading the chosen firmware into the system Once the upload process is complete the system will restart to activate the new firmware The entire process may take a few minutes until the new firmware WMI appears When restart is complete system will not lease IP So please use static IP PC to upgrade system firmware Caution 1 Firmware upgrade may cause the loss of some data You may need to manually backup user account information please refer to the release notes for the limitation before upgrading 2 Do not pow
112. h a unique account for example the customer s name or social security number etc e Reference Any other additional information for example venue where the account is generated etc e Delete All This will delete all the users at once e Delete This will delete the users individually 10 Redeem On demand Accounts Hello you are logged in via 3p6z ondemand TTTTTy To log out please click the Logout button seseeeees eeeeeeee Se sescesees oo Login time 2009 06 02 11 11 see see se se LI v a gt Remaining Time 4 Hour 59 min Sec For Usage time accounts when the remaining quota is insufficient or if they are running out of quota they can use the redeem function to extend their quota After the user has got or bought a new account they just need to click the Redeem button in the login success page to enter Redeem Page input the new account Username and Password and then click Enter This new account s quota will be extended to the original account However the Redeem function can only be used with the same billing type i e Volume accounts can only be redeemed with another Volume account and so on Redeem Welcome to Redeem Page Please enter the username and password to Redeem Username Password La Gis Note The maximum quota is 364dys 23hrs 59mins 59secs even after redemption If the redeemed amount exceeds this number the system will automatically reject
113. highest priority rule No 2 has the second priority and so on o Rule Name The rule name can be changed here o Source Destination Interface Zone There are choices of ALL WAN Public and Private to be applied for the traffic interface o Source Destination IP Address Domain Name Enter the source and destination IP addresses Domain Name filtering is supported but Domain Host filtering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filtering o Service Protocol These are defined protocols on the service protocols list to be selected o Schedule When schedule is selected clients assigned with this policy are applied the firewall rule only within the time checked There are three options Always Recurring and One Time Recurring is set with the hours within a week o Action for Matched Packets There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing 65 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 6 3 3 QoS Profile Up to 5 QoS profiles can be configured for certain applications or users that need stable bandwidth or traffic priority Bandwidth Control can only be Enabled when Bandwidth limits on WAN has been Enabled Traffic Configuration Profile 1 Select Profile Profile 1 v Traffic Class
114. ible Server NAT Privilege N Monitor IP Walled Garden Y Walled Garden Ad N Proxy Server Y Local DNS Record Y DDNS Y Client Mobility Main Menu gt Network gt NAT Network Address Translation Public Accessible Server umm Port and IP Forwarding Re This function allows the administrator to set 40 virtual servers at most so that client devices outside the managed DM Demilitarized Zone Configure network can access these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server IP Address and Local Server Port Select TCP or UDP for the service type In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply button No 10 External Service Port Public Accessible Server Local Server IP Address Local Server Port 73 Type TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP TCP UDP Remark HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 7 3 Privilege List To configure the Privilege List go to Network gt gt Privilege Setup the Privilege IP Address List Privilege MAC Address List and the Privilege IPv6 Address List The clients accessing the internet via IP addresses and or ne
115. ice Status Function 1 Usage time 15 min s connection time quota with expiration 10 91 Enabled Create 2 Usage time 11 min s connection time quota 1 Enabled 3 Hotel Cut off time Valid until 12 00 the following day 5 Enabled Create 4 Duration time Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 1 Enabled Create v Creating an On demand Account Plan Account Type 2 Usage time Quota 11 min s of connection time quota Account Creation Systemcreated v Account Activation First time login must be done within 1 hour s Total Price 1 Unit 1 Units per ticket Group Group 1 v Reference Add a reference related to this account for example the customers name External ID Enter an external ID such as Library ID No Please confirm the information and press Create button to create an account 7 On demand Account Batch Creation After at least one billing plan is enabled the administrator can generate multiple on demand user accounts at once with batch creation For potential hotspot operators who may wish to pre generate guest accounts for sale On demand feature has a batch create functionality which allows the administrator or operator with access authority to On demand page to create multiple accounts for an enabled billing plan in batch and send them to POS printer for generating physical ticket printout for sale 50 8 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual B
116. ich shall be submitted when user login remainingurl String URL encoded The URL which shall be submitted when user want to get remaining quota Integer 1 4096 VLAN ID IP format Gateway activated WAN IP address client_ip IP format Client IP address sumac MAC format separated by Client MAC address 1 1 1 MAC address rL otring EE E session information include client IP address MAC address date and return URL You will need to parse the required parameters in your html code The following HTML code segment is an example of parsing oginurl parameter with a self define javascrip function FORM action method post name form gt 163 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH script language Javascript form action getVarFromURL window location href loginurl lt script gt lt INPUT type text name myusername size 25 gt lt INPUT type password name mypassword size 25 gt lt INPUT name button_ submit type submit value Enter gt lt INPUT name button_clear type button value Clear gt lt FORM gt The following shows the corresponding self defined javascript function used to parse the oginur parameter function getVarFromURL url name if name url return name name replace replace var regObj new RegExp amp name amp var result regObj exec url
117. if result null return else return decodeURIComponeni result 1 An external page example that the user will see upon launching a browser highlighted in red you can see the URL parameters sent from the system Exteranl Login Page Wi xplore http 10 2 3 230 ExternalPage login htm Ploginurl https whg501 4ipnet com loginpages userlogin shtml gremainingurl https whg501 4ipnet com l v pr x Google Bss to 4e 025 B i ARRE v rCRE BES EEA J amp QR Xp RRS ds B Ace p ZERRBSY Exteranl Login Page A fa 7 E mh vy EP z v IR Ov 9 4 Username Password Login Reset Remain 164 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH URL Variables from Gateway This section shows a list of URL variables of the external pages to be sent from the Gateway with its corresponding HTML coding e External Login Page Variables Field Value Description loginurl String URL encoded The URL which shall be submitted when user login remainingurl String URL encoded The URL which shall be submitted when user want to get remaining quota vlanid Integer 1 4096 VLAN ID gwip IP format Gateway activated WAN IP address client ip IP format Client IP address umac MAC format separated by Client MAC address Session String Encrypted session information include client IP address MAC address date and return URL e External Login Su
118. in Public Zone are required to get authentication before using the network service This is very useful for hotspot owners seeking to deploy wireless network service for clients and manage the network as well The following diagram is an example of a HSG gateway set to manage the Internet and network access services at a hotspot venue xDSL Cable Modem EM fr kr eek ee Datos ened ij Y S LAN 2 LAN X ESSID 2 ESSID 1 _ Switch ff oy 4 0 N SQ Isolation Private Zone Network Public Zone Network Example A typical Hotspot network 3 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 2 3 The HSG Series Hardware Overview HSG260 Rear Panel 1 Antenna connector Reverse SMA connectors for attaching antenna as shown in above foure a WAN Forataching an Ethernet cabo toanupinkservce 3 LAN T A poris Atach Ethemet cales here for connecting othe wed cal network a USB 20pon _ Reservdiorktweuse 000000000 5 Console port Attach the serial cable here to access console interface 6 5V 2A Attach the power adapter here 7 Reset button Press once to restart the system Press and hold for more than 5 seconds to reset to factory default 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH TULIT S gor O 5 1 2 3456 7 8 9 Front Panel Press this button to quick print an account generated from billing plan 1 WES button Press and ho
119. ined DHCP range to prevent the system from issuing these IP addresses to downstream clients The administrator can reserve a specific IP address for a special device with a certain MAC address 22 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 4 Let Your Network Be a Wireless Network 4 1 System Wireless General Settings To configure System s Wireless General Settings go to System gt gt Service Zones Click the button Configure for Private zone for further configuration Wireless General Settings RF Card RF Cardi v Band 802 11a 802 11in v Pure 1in Short Preamble Enabled Disabled Short Guard Interval Enabled Disabled Channel Width 20 MHz Y Channel Auto Max Transmit Rate Auto Y Transmit Power Highest v DTIM Period 1 1 255ms ACK Timeout 0 0 255ms Wireless General Settings RF Card HSG320 HSG327 only Select the RF card for configuration Band There are 4 modes to select 802 11b 2 4G 1 11Mbps 802 11g 2 4G 54Mbps 802 11b g and 802 11g n for the HSG260 and additional 802 11a 5G 54Mbps and 802 11a n for the HSG320 HSG327 Otherwise the administrator could enable the Pure 11n to only utilize the 11n band Short Preamble The length of the CRC Cyclic Redundancy Check block for communication between the Access Point and roaming wireless adapters Select Enable for Short Preamble or Disable for Long Preamble Short Guard Interval 802 11g n and 802 11a n only The guard in
120. information required to be sent to the external RADIUS Server You may choose to send username in Complete userlD Postfix Only ID or Leave Unmodified Please note that if Leave Unmodified option is selected the system will send the input as is NAS Identifier This attribute is the string identifying the NAS originating the access request System will send this value to the external RADIUS server if the external RADIUS server needs this NAS Port Type Indicates the type of physical port the network access server is using to authenticate the user System will send this value to the external RADIUS server if the external RADIUS server needs this Account Delay Time This attribute adds flexibility for the HSG to process accounting requests in the time specified Default is set at O Service Type This attribute indicates the type of service the user has requested or the type of service to be provided required for some RADIUS servers that only accepts specified service types Class Group Mapping This function is to impose a Group on a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attributes log into the system via the RADIUS server each client will be mapped to an assigned Group RADIUS Group Mapping Server 2 Enable Disable No Class Attribute Value Group Remark 1 Group 1 v 2 Group 1 v 3 Group 1 v 4 Group 1 v 5 Group 1 v DM amp CoA Settings This fun
121. ipant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 Account can be created in batch similar to creating coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account will expire defined explicitly by the operator Max User is the defined number of concurrent users allowed to log in with this billing plan Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 1 Account Type Duration time Counting Method Elapsed Time Begin and end Time Cut off Time Begin Time x x Es x us iy ae x End Time i Es x 20 hee 7 zx i Max User 1 user s 2 Range 0 100000 including two digits after decimal point e g 1 99 Group Group 1 x Price Reference TIP When the Account Type is Duration time three Counting Methods may be used to decide when the account expires 1 Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Time specifies that the account is valid between the two time points NEL A Duration time Begin and end Time accoun
122. is a very common Username username Password password deployment for hotspot providers What makes it a hassle is to manually enter Quota usage Total Price price the Username and Password of the account especially for mobile devices Sextid which require typing on small keyboards and are not easy on the eyes ESSID wlan_ess_id Wireless Key wep key Log in credentials including your Username Password Usage quota Price Your first time login must be dus testers Sarti ne Pise and etc are all embedded in the QR code The account 1s valid within duration days Simply associate with the SSID scan QR Code and you are ready to surf the after your first login internet QR Code Login Scan the OR code your device to login automatically Configuring your web ticket to support QR Code The ticket needs to be customized in order to support the printing of QR Code Under Main Menu Users Authentications click On demand User and Configure for Ticket Template Customization 183 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Template Customization Image Upload T ype For Hotel Cut off time amp Duration Time with Elapsed Time upon account create Width a Type III F qr InsertParameters rz Parameters i Size Normal Tall remain header SN Sremain ks zy Sheader username password ii ia iD a i i ACER CE De a SCR E RC usage Username Susername price Pa
123. is used to examine or control the kernel ring buffer The program helps users to print out their boot up messages instead of copying the messages by hand Main menu Go back to the main menu Change admin password Besides supporting the use of console management interface through the connection of null modem the system also supports the SSH online connection for the setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface The username and password is needed instead when connecting the system by 103 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH SSH The username is admin and the default password is also admin which is the same as for the web management interface Password can also be changed here If administrators forget their password and are unable to log in to the management interface from the web or the remote end of the SSH they can still use the null modem to connect to the console management interface and set the administrator s password again Caution Although it does not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the HSG Admin username and password after your first login to the system Reload factory default Choosing this option will reset the system c
124. its For example 8 Cy asterisk 3 ENTER is equal to create an on demand account of billing Number 2 ENTER plan 8 with 3 units and have the POS printer print out the corresponding ticket That is the quota that billing plan 8 grants is multiplied by 3 FUNC 17 ENTER To print out the information of SDS200W including 1 its IP address 2 the firmware version and the build number 3 the current listening port 4 uplink connection status 5 the IP address of the uplink 4ipnet gateway HSG WHG FUNC ENTER To clear what is pressed This is used when the operator pressed a wrong button or combination The system will also clear it automatically after five seconds FUNC 0 ENTER To activate Safe Mode disabling the FUNC 1 ENTER shortcut key in order to protect SDS200W s information leakage 4 digit ENTER To unlock Safe Mode This 4 digit password can be changed on the WMI at EUREN S gt gt Safe Mode Password The default value is 0000 asterisk ENTER _ Tolock the keypad excluding the TAS and the Reset button In Lock Mode the Status indicator will enter into special flashing Press asterisk ENTER again to disable the function and the LED indicator Status will go back to 176 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH gen illuminated intervals or long illuminated intervals LED Panel LED indicators Power When the powe
125. king Preview button 128 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Appendix A Policy Priority Global Policy Authentication Policy and User Policy The HSG supports multiple Policies including one Global Policy and 5 individual Policies can be assigned to different Authentication Server Global Policy is the system s universal policy and is applied to all clients while other individual Policies can be selected and defined to be applied to any Authentication Server For some authentication such as Local and RADIUS users can be assigned to different Policies individually One user may be applied to a different policy at the same time Which policy is actually applied to this user The Policy Priority is enforced as follows User Policy gt gt Authentication Policy gt gt Global Policy Now let us discuss the different user policy types gt For Local and RADIUS users can be assigned to different policies individually For example a Local user userO1 is assigned to Policy1 and the Local Authentication Policy2 When user01 logs in to Public Zone userO1 will be governed under Policy1 This is a common case for users that can be assigned a Policy individually gt For Local and RADIUS if these users are not assigned under any User Policy individually they will be governed under the same policy as others within the same authentication server For example if the Local Authentication is assigned to Policy3
126. ld over 5 seconds to initiate Master Mode for the WES process Press and release to initiate Slave Mode for the WES process Power LED On indicates power on Status LED On indicates the system ready Wireless LED On indicates wireless network interface is ready for service WAN LED On indicates that WAN uplink connected ezacer LAN1 4 LED Indicates the connection status of each LAN USB LED Indicates the status of USB connection USB port reserved for future use WES LED For indicating WDS connection status Master Slave LED Green OFF and LED Red OFF and then then BLINKING SLOWLY BLINKING SLOWLY BLINKING NORMALLY BLINKING NORMALLY Green Red WES Timeout LED Green ON LED Red ON WES Success LED Red ON LED Green ON WES Fail LED Green ON LED Red ON WES Start WES Negotiate OS o 56 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH HSG320 4 12 3 4 5 6 7 5 est eset 1 WLAN A n WES A 1 ra A B PoE Rear Panel IN 12V 2A Power Jack Socket for the power adaptor Restart Reset Press once to restart the system Press and hold for more than 5 seconds to ees eraen ORES WES Button A B WDS Easy Setup Press the button to build up a WDS link with another peer 2 EAP amamen aaa n TE LED Indicators 6 indicators that ER the states of 6 various functions or progresses The H Brier eenen o For attaching an Ethernet cable to an uplink service PoE Pow
127. less Hotspot Gateway ENGLISH 4ipnet User s Manual 10 5 Administration The HSG supports customizable administration account types namely Super Group Manager On Demand Manager or Operator The default predetermined group of the Administrator is Super group and the username and password are as follows Admin The administrator can access all configuration pages of the HSG Username admin Password admin T Username Password Change password OLogout Help Quick Links System Overview Admin is classified under Super Group with all access and configuration authorities Super Group members can generate other administrative accounts Manager OnDemand Manager and Operator and configure Password Safety and Group Permission Settings 92 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH System Users Network Jtilities Status 4 E f Administrator Account Backup amp Restore J System Upgrade Restart Network Utilities Certificate 1 Main Menu gt Utilities gt Administrator Account Generate Admin Account Name Password Confirm Password Group Super Group Admin Account Configuration Password Safety Settings Configure Group Permission Settings Configure Password Safety Settings Password rules and requirements can be configured here to facilitate additional security The following parameters can be configured Password Complexity Admin
128. lling plan by clicking Edit and Apply the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer Plan Account Type 1 Usage time 2 Usage time 3 Hotel Cut off time 4 Duration time 5 N A 6 N A F N A 8 N A 9 N A 0 N A e Plan The number of a specific plan 15 min s connection time quota with expiration 11 min s connection time quota N A N A N A N A N A N A On demand Account Creation Quota Price 10 91 1 Valid until 12 00 the following day 5 Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 1 N A N A N A N A N A N A Status Enabled Enabled Enabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Function e Account Type Show account type of the plan in Usage time Duration time or Hotel Cut off e Quota The total amount of time interval or traffic volume for On demand users to access the network For Time users it is the total time For Volume users it is the total amount of traffic e Price For each plan this is the unit price charged for an account e Status Show the status in enabled or disabled e Function Press Create for the desired plan and Creating an On demand Account will appear for 49 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH creation On demand Account Creation Plan Account Type Quota Pr
129. m gt Service Zone Port Role LAN Ports and Service Zone Mapping Select the mode for Service Zone 2 Port Based Tag Based Notice Under Tag Based mode Service Zones will be distinguished by VLAN tags instead of physical LAM ports Note oystem s WMI can also be accesses via WAN port as long as the administrator uses an IP address listed on the Management IP Address List Go to System General Management IP Adaress List If both WAN and LAN ports are unable to reach the WMI please use console interface to resolve this issue 19 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 3 5 2 Planning Your Internet Network HSG gateway supports four zones Private Public Service Zone 2 and Service Zone 3 In the Private Zone authentication is not required to access the internet disabled by default via wired and wireless In the Public Zones by default the Authentication Required for Zone option is enabled so clients are required to be authenticated successfully before surfing the Internet Administrator can access the Web Management Interface WMI of the HSG through the wired LAN port Note that Public Zones SZ2 and SZ3 are disabled by default and can be enabled if required xDSL Cable Modem P u gt Yer B c kd Traffic D gt Isolation Public Zone Network Private Zone Network 20 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH
130. mber of bytes received and sent by the user gt Download Monthly Network Usage of Local User Click the Download button for outputting the report manually to a local database Monthly Network Usage of Local User Month No of Entries Usage Data 2009 04 1 Download A warning message will then appear Click Save to download the record into txt format File Download Some files can harm your computer If the file information below looks suspicious or you do not fully trust the source do not open or save this file File name 2007 08 txt Filetype Text Document From 192 168 2 254 Would you like to open the file or save itto your computer Cancel More Info 115 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 11 1 8 System Related Logs To configure System related logs go to Status gt gt Logs This page displays the system s local log information since system boot up Administrators can examine the log entries of various events However since all these information are stored on volatile memory they will be lost during a restart reboot operation Therefore if the log information needs to be documented the administrator will need to make back up manually Logs System Log Show Web Log Show UAMD Log Show RADIUS Server Log Show On demand User Billing Report Log Show Configuration Change Log Show e System Log This page displays system related logs for event
131. mbers the MAC address of the user Hence the user can only get a new Free authentication account after the refresh time has been reached 54 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 5 2 User Login 5 2 1 Default Authentication There are different types of authentication databases LOCAL RADIUS and ONDEMAND that are supported by the system But authentication can only be set in the Public Zone A postfix is used to inform the system which authentication option is to be used for authenticating an account e g Bob local or Tim radius1 etc when multiple options are concurrently in use One of the authentication options can be assigned as default For authentication assigned as default the postfix can be omitted For example if local is the postfix of the default option then user with username Bob can login as Bob without the need to type in Bob local Auth Option Auth Database Postfix Default Enable Server 1 LOCAL local E J Server 2 RADIUS radiusi J Authentication Options Server 3 RADIUS radius2 Fj On demand User ONDEMAND ondemand F FREE FREE N A 5 2 2 Login with Postfix For each authentication option set a postfix that is easy to distinguish e g Local users according to different authentication servers The acceptable characters are numbers 0 9 alphabet a z or A Z dash underline and dot within a maximum of 40 characters All other characters are not allowed Beside th
132. me stamp and duration is account duration possnnt time and the unit is day serial expiretime number is account s n usage price duration serial number 174 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Appendix G Terminal Server Setup Overview of Network Ticket Generator SDS200W is an innovative product 4ipnet offers to facilitate the communication between 4ipnet hotspot gateway and serial POS printer It is mainly used to have the connected printer fast print necessary account information extracted from a 4ipnet hotspot gateway for a user who would like to access the Internet or managed networks making provisioning of wired or wireless connection easier and more user friendly What is noteworthy is that SDS200W supports wireless connectivity to the uplink gateway That is operators now can deploy a network with lesser physical wires Here are some deployment examples SDS200W Hotel Help Desk Hotspot 2 175 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Keypad Panel Overview SDS200W 4ipnet Keypad Panel Power Status Ethernet WLAN LED Panel Useful Shortcut Keys Combination Function Number ENTER To create and print out an on demand account of an enabled billing plan of the mer Jes Hotspot gateway mainly for the user who purchased an account Number 1 asterisk Print a ticket of billing Number 1 with Number 2 un
133. n when Use the name on the security certificate option is checked the system will use the CN Common Name value of the uploaded SSL certificate as the domain name 7 General WAN WAN Traffic IPv6 LAN Port Mapping Service Zones Main Menu gt System genera General Settings for the Entire System System Name Wireless Hotspot Gateway Administrator Contact Information Suspend Warning Message Sorry The service is suspended gt V Use the name on the security certificate Internal Domain Name FQDN of this device for internal use e g controller office name com To Configure Certificate go to Utilities Certificate and choose Upload Certificate from the scroll down menu Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 information pieces about its owner called the subject and the signing Certificate Authority called the issuer plus the owner s public key and the signature made by the CA Network entities verify these signatures using CA certificates You can apply for a SSL certificate at CAs such as VeriSign If you already have a SSL Certificate please Click Browse to select the file and upload it Click Apply to complete the upload process If you do not have a valid SSL Certificate use the system default certificate 79 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual
134. ns without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only IGMP Snooping IGMP is a multicast constraining mechanism which may flood the broadcast domain This is effective for dense internet usage such as conventions or campuses 27 4ipnet 4 3 Zone Wireless Security User s Manual HSG Wireless Hotspot Gateway ENGLISH To configure Zone Wireless Security go to System gt gt Service Zones click Configure for the respective Service Zones After the above configurations are finished setting up the wireless security is very important to protect your wireless network Below shows an example of VAP Settings for VAP1 and VAP2 Basic Security Advanced Basic Security Advanced Security Wireless Settings VAP 1 VAP Status Enable ESSID HSG260 1 Security Type Beacon Interval RTS Threshold Fragment Threshold Broadcast SSID Station Isolation WMM IGMP Snooping Disable None 100 2346 2346 Enable J Enable Enable Enable Wireless Settings VAP 2 VAP Status 9 Enable ESSID HSG260 2 Security Type Beacon Interval RTS Threshold Fragment Threshold Broadcast SSID Station Isolation WMM I
135. nternet Connection Detection When this function is enabled system will try to access these IP Domain addresses if system can reach these IP Domain addresses it means that the outbound Internet connection is in normal state On the other hand there is a textbox available for the administrator to enter a message reminder This reminder will appear on clients screens when Internet connection is down 15 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 3 4 WAN Bandwidth Control To configure WAN Bandwidth Control go to System gt gt WAN Traffic 5 e o e Users Network Utilities Status A WAN Traffic IPvo N LAN Port Mapping Service Zones Layer 2 Firewall General N WAN Main Menu gt System gt WAN Traffic WAN Traffic Settings Enable Bandwidth limits on WAN Available Bandwidth innnan Khns Ranae 10 10 Di on WAN Interface uplink 1000000 Kbps Range 10 1000000 1000000 Kbps Range 10 1000000 Target for detecting Internet connection EC KHEN wense E Warning of Internet Disconnection The feature gives administrators control over the entire system s traffic on the WAN interface These parameters set here should not exceed the real bandwidth provided by your ISP For example if your xDSL is 8Mbs 640kbs you may input values equal to or less than the speed here Available Bandwidth on WAN Interface e Uplink It specifies the maximum uplink bandwidth that can be shared by clients of th
136. o work with VSA for controlling the maximum client volume usage upload download or upload download traffic This VSA will be sent from the RADIUS server to the gateway along with an Access Accept packet In other words when the external RADIUS server accepts the request it will reply not only an Access Accept but also a maximum value in bytes each user is allowed to transfer This value can be the maximum upload traffic the maximum download traffic or the sum of the download and upload traffics in bytes per user The gateway will check this value every minute if the user traffic reaches this value the gateway will stop the session of this user and send a Stop to RADIUS server 1 Description VSA is designed to allow vendors to support their own extended Attributes which are not covered in common attributes It MUST not affect the operation of the RADIUS protocol The Attribute Type of VSA is 26 and the Vendor ID should be determined before proceeding to RADIUS configuration in this example the Vendor ID is 21920 Attribute Number and Attribute Value can then be designed to provide additional control over RADIUS Attribute Name Attribute Number Attribute Value HSG Byte Amount 10 To be defined by administrator for different user groups HSG MaxByteln 11 To be defined by administrator for different user groups HSG MaxByteOut 12 To be defined by administrator for different user groups HSG Byte Amount 4GB 20 To
137. ogin Hours list This function is used to limit the time when clients can log in Check the desired time slot checkboxes and click Apply to save the settings These settings will become effective immediately after clicking Apply Administrator can also choose to Enable or Disable Auto logout when a user exceeds the permitted login hours Up to 5 profiles can be configured Auto logout station by system Select Profile HOUR 00 00 00 59 01 00 01 59 02 00 02 59 03 00 03 59 04 00 04 59 05 00 05 59 06 00 06 59 Schedule Configuration Enable 9 Disable Apply Permitted Login Hours Profile 1 Profile 1 v SUN MON TUE WED THU FRI SAT J v v iv v v J I v J v Vi J J iv iv iv Iv iv v Fi I v v Iv Fl Fl J J 7 J Iv 7 7 7 v v v v v v v M M I v v v 62 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 6 3 2 Firewall Firewall Profile Click User gt gt Firewall and the Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click Firewall Rules to edit the rules Up to 5 profiles can be configured Firewall Configuration Profile 1 Select Profile Profile 1 v Predefined and Custom Service Protocols Configure User Firewall Rules Configure User Firewall Rules IPv6 Configure 1 Predefined and Custom Service Protocols Predefined and Custom Service Protocols There are predefined service protocols available for firewall rule editing
138. one are Disclaimer Page Login Page Logout Page Login Success Page Login Fail Page Logout Success Page Logout Fail Page Login Success Page for On demand User Port Location Mapping Free Login Page Port Location Mapping Charge Login Page Disclaimer Page Configure Login Page Configure Logout Page Configure Login Success Page Configure Custom Pages Login Failed Page Configure Login Success Page for On demand User Configure Logout Success Page Configure Logout Failed Page Configure Main Menu gt gt System Service Zone gt gt Service Zone Configuration For each customizable page the available customization options are to use Default Page Template Page Uploaded Page or External Page Login Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page 9 External Page Main Menu System Service Zone Service Zone Configuration Login Page Default Page uses a web page stored within the system its format and content cannot be changed Template Page also uses a web page stored within the system but the contents such as text color background color displayed text and logo can be configured according to your preferences Uploaded Page is to upload your self defined web page into the system and use it as portal page displayed to the user External Page uses a web page stored in an external web server as the por
139. onfiguration to factory defaults Restart the HSG Choosing this option will restart the HSG 104 User s Manual HSG Wireless Hotspot Gateway ENGLISH 4ipnet 11 System Status and Reports 11 1 Viewing the Status This section includes System Interface Routing Table Current Users Session List User Logs Logs DHCP Lease and Report amp Notification to provide system status information and online user status 11 1 1 System Status To view System Status go to Status gt gt System This section provides an overview of the system for the administrator System Setting Overview Up Time Firmware Version S S Build System Name Start Page URL YSLOG server 1 YSLOG server 2 Proxy Server Warning of Internet Disconnection User Logs System Time User Session Control DNS SNMP Retained Days Receiver s E mail Address es NTP Server Time Idle Time Out Multiple Login Preferred DNS Server Alternate DNS Server 105 2 18 2 00 00 1 18 1 5489 2 90 Wireless Hotspot Gateway http www google com N A N A N A N A Disabled Disabled Disabled 3 days receiver 4ipnet com N A N A N A N A tock usno navy mil 2012 06 22 13 01 43 0800 10Min s Disabled 168 95 1 1 N A 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH The description of the above mentioned table is as follows ee pevna The IP address and port number of the external SYSLOG Server N A SYSLOG
140. ost the administrator s password still can be changed through the text mode management interface via the serial console port 95 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 7 Backup Restore and Reset to the Factory Default To configure Backup Restore and Reset to Factory Default go to Utilities gt gt Backup amp Restore This function is used to backup restore the HSG settings Also the HSG can be restored to the factory default settings here Backup System Settings Restore System Settings Browse V Keep WAN setting and Management IP Address List Keep LAN Alias and DHCP settings Keep Certificate Keep Account File Name Reset to the Factory Default e Backup System Settings Click Backup to create a db database backup file and save it on disk x Do you want to open or save this file 3 Name 20050303 db Type Data Base File From 10 2 3 70 com save Enea v Always ask before opening this type of file While files from the Internet can be useful some files can potentially harm your computer If you do not trust the source do not open or save this file What s the risk Restore System Settings Click Browse to search for a db database backup file created by the HSG and click Restore to restore to the same settings at the time when the backup file was saved e Reset to Factory Default Click Reset to load the factory default settin
141. otspot Gateway ENGLISH 4ipnet User s Manual 9 Networking Features of a Gateway 9 1 Dynamic Domain Name Service DDNS To configure Dynamic Domain Name Service go to Network gt gt DDNS Before activating this function you must have your Dynamic DNS hostname registered with a Dynamic DNS provider The HSG gateway supports DNS function to alias the dynamic IP address for the WAN port to a static domain name allowing the administrator to easily access the HSG gateway s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply Dynamic DNS DDNS Q Enable 9 Disable Provider DynDNS org Dynamic v Host Name Username E mail j Password Key r e DDNS Enable or disable this function e Provider Select the DNS provider Host name The IP address domain name of the WAN port e Username E mail The register ID username or e mail for the DNS provider e Password Key The register password for the DNS provider Note To apply for free Dynamic DNS service you may go to http www dyndns com services dns dyndns howto html 86 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 9 2 Port and IP Forwarding To configure Port and IP Forwarding go to Network gt gt NAT gt gt Port and IP Forwarding This function allows the administrator to set at most 40 sets of IP
142. page would only print out the 170 4ipnet Output User s Manual HSG Wireless Hotspot Gateway ENGLISH available quota If command is set to getValue the output is simply value secs or bytes according to user type If command is not set and there is no ret url is presented client would be given the pop reminder shtml page which shows remaining quota in our UI style If ret url is presented client would be return to ret url and gateway would add these four variables in URL Field Value Msg otring including Sorry this feature is available for on demand user only Sorry this username XXX is not found Sorry this username XXX is out of quota Sorry this username XXX is expired Sorry this username XXX is redeemed Value Integer Sec Or Byte or error no 1 Account not found 2 Out of quota 3 Expired 4 Redeemed Uname String Type String includes TIME Time type DATA Volume type CUTOFF Cut off type Change password Local User 171 Description Error messages Remaining quota if user is time type the value is remaining seconds if user is volume type the value remaining bytes User name On demand user billing type 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Path LAN IP address or Internal Domain Name loginpages user change password shtml Input Field Required Value Description Save Required 1 have to
143. pe of encapsulated traffics Opcode when EtherType is ARP This list can be used to specify the ARP Opcode in ARP header gt Source MAC Address Mask indicates the source MAC IP Address Mask indicates the source IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields when EtherType is ARP Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields when EtherType is ARP When the configurations are made please click Apply to let the firewall rule take effort gt gt To insert a specific rule Inserting Before in Operation column of firewall list will lead to the following page for detailed configuration with a rule ID for the rule currently being inserted General WAN Y WAN Traffic IPv amp LAN Port Mapping Service Zones Layer 2 Firewall Main Menu gt System gt Layer 2 Firewall eae Ether Type All Interface From To VAP2 me e NN NM To move a specific rule Move to in Operation column of firewall rules will lead to the following page for reordering confirmation Click OK to save the changes made 33 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Moveto No 5 Please make sure all the desired rules are checked as Active and click the Apply button below on the overview page antes L L
144. pired Account Keep Days 15 1 30 days Out of Quota Account Keep Days 15 1 30 days 2 Enable Disable Account Roaming Out On demand user database will be used as authentication database for roaming out users e Postfix The string of characters needed to be entered with the username during login e Remaining Volume Sync Interval Select a desired interval for on demand user quota update The quota information i e remaining time or remaining quota displayed on the on demand user login success page 45 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH will be refreshed according to the time interval configured here Terminal Server Terminal Server Configuration is a list of serial to Ethernet devices that communicate with the system only there is no need to go online or go through authentication process Enter the device IP and the port number into the respective fields c 55 e P amp System Network Utilities Status Authentication Black List Group Policy Schedule Firewall QoS Specific Route Privilege Additional Control Operator Main Menu gt Users gt Authentication gt On demand User Server Configuration gt General Settings gt Terminal Server Configuration Terminal Server Configuration Status Item Server IP Port Location Remark E 1 2 o9 3 Account Roaming Out When Account Roaming Out is enabled a link will be available to define the client device
145. pnet Gateways Controllers SDS200W Hotel Help Desk Hotspot 2 1 Put relevant devices in place 2 Attach a SDS200W to a power adaptor provided in the package 3 Attach a POS printer to a power adaptor provided in the package and turn on the power switch situated on the left side of the device 4 Connect a POS printer to the Console port of SDS200W by a RS 232 cable provided within the POS printer package 5 Connect SDS200W to your 4ipnet Gateway Controller via Ethernet port or wirelessly If you are to do it wirelessly conduct a site survey in the first place The wireless coverage is subject to change Mes You need to connect to the correct LAN port if your Gateway Controller is operating Note in Port based mode 6 To verify if the deployment works fine Press FUNC 1 ENTER to see if SDS200W is attached to a correct gateway and get an IP address from it Additionally press Number ENTER to see if an account with a certain billing plan can be printed out Managing SDS200W on the Web Management Interface SDS200W is designed specifically to operate in conjunction with all 4ipnet Gateways Controllers including both HSG and WHG series If you are not using default settings before connecting SDS200W to your 4ipnet Gateway Controller some configurations steps are required Go to the Web Management Interface WMI for SDS200W s relevant configurations The default values are 179 4ipnet User s
146. pot Gateway ENGLISH 12 2 RADIUS Advanced Settings To configure RADIUS Advanced Settings go to Users gt gt Authentication Click Configure for the RADIUS Authentication Database gt Complete vs Only ID vs Leave Unmodified For RADIUS authentication there is an option to send the complete username with postfix or username only Username Format When the Complete option is checked both the username and postfix will be transferred to the RADIUS server for authentication On the other hand when the Only ID option is checked only the username will be transferred to the external RADIUS server for authentication If the Leave Unmodified option is selected the system will send the username to Default Auth Server set in 802 1X configuration page for authentication gt NAS Identifier System will send this value to the external RADIUS server if needed by the external RADIUS server gt NAS Port Type System will send this value to the external RADIUS server if needed by the external RADIUS server gt Class Group Mapping This function is to assign a Policy to a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attributes log into the system via the RADIUS server each client will be mapped to its assigned Grouap and Policy RADIUS Group Mapping Server 2 Enable Disable No Class Attribute Value Group Remark 1 Group 1 v 2 Group 1 v 3 Group 1 v 4 Group 1 v 5 Group 1 v
147. r adapter is connected Power will become constantly on when disconnected the light turns into constantly off Always check if Power is on before using SDS200W Status 1 Short illuminated intervals means SDS200W successfully booted up It flashes slowly 2 Long illuminated intervals means SDS200W and uplink device connected 3 Special flashing means the keypad locked The indicator fast blinks twice periodically Note lt TAS Mode only gt 4 Fast flashing means SDS200W trying to connect to uplink device 5 Constantly off for ten seconds means SDS200W fails to connect to uplink device after step 4 Afterwards Status will go back to step 1 6 Constantly on for ten seconds means SDS200W succeeds in connecting to uplink device after step 4 Afterwards Status will go to step 2 Ethernet Ethernet turns into constantly on when an Ethernet cable is connected Ethernet blinks when the system detects wired traffic passing Ethernet It is constantly off when no cable is connected WLAN WLAN behaves similarly as Ethernet becoming constantly on when wireless connectivity is enabled not necessarily connected It just means that the RF card is ready to serve WLAN blinks when the system detects wireless traffic It is constantly off if the RF card is disabled Understanding the LED indicators There are four LED indicators on the panel Power Status LAN and WLAN from left to right Below summarizes all indication types in different states
148. r decimal point e g 1 99 Group 1 oe o TIP When the Account Type is Duration time three Counting Methods may be used to decide when the account expires 1 Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Time specifies that the account is valid between the two time points Duration time Elapsed Time account lifespan q Elapsed Time ET Creation Time CT Deletion Time DT L1 Invalid Valid 147 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Duration time with Cut off Time Cut off Time is the clock time at which the on demand account is cut off made expired by the system on that day For example if a shopping mall closes at 23 00 operators selling on demand tickets can use this plan to create a ticket set to be Cut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for use It is set to account creation time Cut off Time is the clock time when the account will expire Max User is the defined number of concurrent users allowed to log in with this billing plan Price is the unit price of this plan Group will be the applied Group to users created from this plan Re
149. r the user 38 4ipnet No Username Password User s Manual HSG Wireless Hotspot Gateway ENGLISH Adding User s to the List MAC Address QOGXXSOGXXOOGxx Group Remark Begin Date End Date ee Select Select is oi Select Select RE Select Select Group 1 v Select a Group 1 v Select em Group 1 v Uem umm ORE Select Select Group 1 v Select Select Enable Expire Time e Search Enter a keyword of a username or remark to be searched in the text file and click this button to perform the search All usernames matching the keyword will be listed Username userl Download User Upload User Search Local User List Applied Group MAC Address Password Account Status Begin Date End Date Remark Group 1 useri Valid Delete Total 1 500 First Prev Next Last GotoPage 1 Page 1 1 Row per Page 10 e Del All Click this button to delete all the users at once or click Delete hyperlinked to delete a specific user individually Edit User If in need of editing click the desired user account on Local User List to enter the User Profile Interface for that particular user and then modify or add information such as Username Password MAC Address optional Applied Group optional and Remark optional An expiration time can be Enabled and the Begin End 39 4ipnet User s Manual HSG Wireless Hotspot Gateway
150. r to go on to SDS200W s WMI to enter necessary columns that are supposed to fit what is set up on the controller end However the auto connection called Terminal Auto Setup TAS is particularly designed to establish a quick connection without previous setting Manual setup Connecting SDS200W to uplink 4ipnet Gateway Controller manually there are still two ways to achieve One is through wired connection and the other is via wireless connection Method 1 Wired Connection Plug in an Ethernet cable between SDS200W and 4ipnet Gateway Controller Enter Network Settings and make sure they match what is determined on the controller The change will take effect after 1 clicking Save and 2 rebooting the system After SDS200W and the uplink device has built a successful connection the Status indicator will blink with long illuminated intervals Method 2 Wireless Connection Fill in Network Settings and Wireless Settings click Save and reboot the system After SDS200W and the uplink device has successfully built up a connection the Status indicator will blink with long illuminated intervals 181 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH When wired connection is established the wireless connectivity will be turned off by the Note system automatically meaning wireless and wired connection will not co exist at any time Wired connection has a higher priority The recommended step by step setup process is
151. rd authentication process under Public zone may cause security problems 75 User s Manual e i 4ApneU acus torpor Gateway ENGISH 7 3 2 Privilege MAC Privilege MAC Address List In addition to the Privilege IP List MAC address List allows the MAC address of the workstations that need to access the network without authentication to be set in Granted Access by MAC Address The HSG allows 200 privilege MAC addresses at most When manually creating the list enter the MAC address the format is XX XX XX XX XX XX as well as the remark optional These settings will be effective immediately after clicking Apply Granted Access by MAC Address No MAC Address Remark 10 Total 100 First Prev Next Last Caution Permitting specific MAC addresses to have network access rights without going through standard authentication process under Public zone may cause security problems 7 3 3 Privilege IPv6 Privilege IPv6 Address List In addition to the Privilege IP List MAC address List the privilege IPv6 List allows the IPv6 address of the workstations that need to access the network without authentication to be set in Granted Access by IPv6 Address The HSG allows 100 privilege IPv6 addresses at most When manually creating the list enter the IPv6 address the format is XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX as well as the remark optional These settings will be effective immediately after
152. rlink Roaming Out amp 802 1x Client Device Settings to enter the Roaming Out amp 802 1X Client Device Settings interface Choose Roaming Out and enter the Roaming Out client s IP address and network mask and then click Apply to complete the settings In the other system such as another HSG gateway set up its RADIUS server to this HSG with the same postfix and the local user in this HSG would be able to log in successfully from another HSG by RADIUS authentication 126 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 12 4 Customizable Pages To configure Custom Pages go to System gt gt Service Zones click Configure in Public zone There are several user login and logout pages that can be customized by the administrator You can select Default Page Template Page Uploaded or External Page Disclaimer Page Configure Login Page Configure Logout Page Configure Login Success Page Configure Custom Pages Login Failed Page Configure Login Success Page for On demand User Configure Logout Success Page Configure Logout Failed Page Configure e Disclaimer Page The Disclaimer Page is for the hotspot owner or MIS staff who wants to display terms of use or announcement information before the user login page Click Configure the setup page will appear An unauthorized client will receive a disclaimer page once opening the web browser If a client selects I
153. rs to change their Password And to prevent ill behaved clients or malicious software from taking up the system s connection resources the administrator can restrict the number of concurrent sessions that a user can establish Privilege Configuration Profile 1 Select Profile Profile 1 v Change Password Privilege Enable Disable Maximum Concurrent Sessions Unlimited sessions per user gt The maximum number of concurrent sessions including TCP and UDP for each user can be specified in the Global policy which applies to authenticated users users on a non authenticated port privileged users and clients in DMZ zones Also this can be specified in the other policies to apply to the authenticated users gt When the number of a user s sessions reach the session limit a choice of Unlimited 10 25 50 100 200 350 500 750 and 1000 the user will be implicitly suspended upon receipt of any new connection request In this case a record will be logged to a SYSLOG server Since this basic protection mechanism may not be able to protect the system from all malicious DoS attacks it is strongly recommended to build some immune capabilities such as IDS or IPS solutions in network deployment to maintain network operation 70 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 7 Access Network without Authentication 7 1 DMZ To configure DMZ go to Network gt gt Network Address Translation gt gt DMZ Demilit
154. s To make a POS printer properly functions with SDS200W set up serial settings in advance in Console on SDS200W s WMI The default values are for PRT 100 devices Change the values if you use another POS printer 180 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Printing On demand Tickets for Your Customers Operators have two ways of printing on demand account tickets for their customers One is to go onto the WMI of 4ipnet Gateway Controller and create one or more See the manual of the 4ipnet Gateway Controller you use the other is to use SDS200W by the following two shortcut keys 1 Number ENTER or 2 Number 1 asterisk Number 2 ENTER For example 3 ENTER is to have POS printer print out a billing 3 ticket 4 asterisk 2 ENTER allows operator to print a single ticket of billing plan 4 with two units of the quota That is the given quota is multiplied by two Note that the keys can only print out tickets one at a time To Batch create tickets turn to Main Menu gt Users gt Authentication gt On demand User Server Configuration gt On demand Account Batch Creation on 4ipnet controller s WMI Use FUNC ENTER or wait 5 seconds to clear the wrong number just pressed Setting Up SDS200W with the 4ipnet Gateway Controller SDS200W offers manual and auto connection to uplink 4ipnet Gateway Controller The former requires the administrato
155. s function provides certain free services for users to access the websites listed here before login and authentication Up to 20 addresses or domain names of the websites can be defined on this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the IP Address or Domain Name of the website on the list and click Apply to save the settings Add Walled Garden List Service No Active Domain Name IP Address Z cmin Remark 1 a All nd 2 a All T 3 F All Y 4 a All Y 5 All 6 ry All v 7 a All Y 8 All Y F1 All Y 10 a All Y 81 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 8 1 4 Walled Garden AD To configure Walled Garden AD List go to Network gt gt Walled Garden AD This function provides advertisement links to web pages for users to access free of charge before login and authentication Advertisement hyperlinks are displayed on the user s login page Walled Garden Ad List URL Topic Item dios Edit Display 1 Edit 2 Edit 3 Edit 4 Edit 5 Edit ETT 7 Edit 8 Edit 9 Edit 1 ai e Enter all items or make changes by clicking the Edit button click Apply the items will be added and shown on the list URL Enter the URL of the advertisement website e Topic Enter the content of the hyperlink for instance if you enter Google in this field on the user login page a hyperlink of Google will
156. sclaimer Content We may collect and store the following personal information physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us Choose Billing Plan for SecurePay Payment Page Enable Disable Quota Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable SecurePay Payment Page Remark Content You must fill in the correct credit card number and expiration date Card code is the last 3 digits of the Security code located on the back of your credit card 156 Disable Price HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual gt SecurePay Page Configuration Merchant ID The ID that is associated with the Merchant Account Merchant Password This is the key used by Secure Pay to validate all the transactions Payment Gateway URL The default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Secure Pay Currency The currency to be used for the payment transactions gt Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here gt Choose Billing Plan for SecurePay Payment Page These 10 plans are the plans in Billing Configuration
157. set up an external payment gateway to accept payments in order to provide wireless access service for end customers who wish to pay for the service online The options are Authorize Net PayPal SecurePay WorldPay or Disable For detailed parameter descriptions please refer to Appendix F External Payment Gateways External Payment Gateway Authorize Net PayPal SecurePay WorldPay amp Disable 48 4ipnet 6 On demand Account Creation User s Manual HSG Wireless Hotspot Gateway ENGLISH After at least one billing plan is enabled the administrator can generate single on demand user accounts here Click this to enter the On demand Account Creation page Click Create from the desired plan to create an on demand account The username and password of to be created on demand account is configurable Select Manual created in Username Password Creation and administrator can enter a desired username and password for the on demand account In addition an External ID such as student s school ID can be entered together with account creation After the account is created you can click Printout to print a receipt which will contain the on demand user s information including the username and password Moreover you can click Send to POS to print a receipt by a POS device Note If no Billing plan is enabled accounts cannot be created by clicking Create Please go back to Billing Plans to activate at least one Bi
158. ss the TAS button on SDS200W for three seconds and it will automatically look for and associate to a suitable 4ipnet gateway that supports this function The connection building process is as follows D200W sees if wired connection to the uplink device is available Yes establishes wired connection No turns to wireless connection Send a status report massage failed or successful to the POS printer The TAS connection will rewrite previous manual settings You will see the Uplink page of the WMI grayed out and the Status page will show that the system is in TAS mode The TAS process takes about thirty seconds to 182 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH complete Whether the connection attempt succeeds or fails the SDS200W will always have the printer print out if the connection is successful or it failed Please make sure beforehand that the Ethernet cable is plugged in and the wireless environment is ok The SDS100 can be set up the same way but it does not support wireless connections iat Wired TAS uses port 5000 as the default value The controller has to set the port to the right Note number as well Additionally when trying to deploy TAS make sure that the table of Terminal Server Configuration on the controller side is not filled up Otherwise the connection will fail Applications for QR Code Log in On demand Account generation with a ticket generator
159. ssion information Description User ID Gateway activated WAN IP address VLAN ID HTML coding Path is the URL destination Input is the parameter required to be sent back Output is the feedback from the system e User Login Path 169 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH LAN IP address or Internal Domain Name loginpages userlogin shtml Input Field Required Value Description myusername Required String User ID mypassword Required String User password Session Optional String Encoded string which contains some information of this session default is taken from cookie Output No output prompt login successful page User Logout Path LAN IP address or Internal Domain Name loginpages logoff shtml Input Field Required Value Description Uid Optional String User ID default is taken from cookie Session Optional String Encoded string which contains some information of this session default is taken from cookie Output No output prompt logout successful page e Remaining quota Credit balance Path LAN IP address or Internal Domain Name loginpages reminder shtml Input Field Required Value Description myusername Required String User name mypassword Required String Password ret_url Optional String URL encoded Returned URL default is pop reminder shtml Command Optional String getValue If command is set to getValue the return URL would be ignored and the
160. ssword Spassword extid Quota Susage dei onis Total Price Sprice Sadivationtime External ID Sextid expiretime i a i a a Tia a i a i i ie a OMNE UR eee tai expire time ESSID Swlan ess id duration Wireless Key Swep key footer NRI NEIN oe RIAL ee eee 2footer Your account is expired at Sexpiretime ay M M image unit date quota Sremark ee For the utilized Billing Plan the corresponding ticket template needs to be customized to support QR Code 1 The width needs to be changed to 3 default value 2 2 The parameter needs to be added by typing in qr on the template or select qr from the drop down menu and click Insert Parameters Only 4ipnet PRT200 thermal printers support the printing of QR code Installation of a QR Code scanning App on your mobile device is required such as QuickMark Note QR Reader Barcode Scanner owitch off Auto Join and Auto Login to prevent the mobile device from jumping back to the remembered network 184 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Troubleshooting SDS200W Q1 SDS200W can not have the POS printer print out accounts 1 See if the printer is still connected to SDS200W 2 Check if the panel is locked by looking at the Status indicator If it belongs to special flashing unlock the keypad by pressing ENTER 3 Press FUNC 1 ENTER to see SDS200W s state Check if every value is
161. system to a specific FTP server 121 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Notification Settings Receiver E mail Address es 1 2 s 4 s betail test oe FP interval Monitor IP Report E IE E EF FT J N A N A 1Hour Users Log m m m Detail Send m Detail j Detail 1Hour v On demand Userstog E E Detail Sena m Detail Detail iHow Roaming Out Users Log AAAA A Detail Send F Detail F i Hour v Roaming In Users Log maap A r1 Detail Send Fi Detail j Detail 1Hour v Session Log ele m e e eta Send Detail Detail 1Hour Firewall Log E F m F m Detail F Detail N A 1Hour v E Daily Settle Time O Y On demand User Billing Report E Detail Send N A F Weekly Settle Time Sun v E Monthly Settle Time 1 v Local HTTP Web Log N A m Detail F 1Hour HTTP Web Log N A F Detail F 1Hor WMI Configuration Log N A N A F i1 Hour v DHCP Server Log N A FI N A N A DHCP Lease Log N A NA F 1Hour Traffic Report Text N A NA F 1Hour Service Zone Server Folder The folder in the configured FTP Server in which the sent Log will be placed Interval The time interval at which the Log will be sent Logged Interface The check box of Publi
162. t click the user s Delete button and or use click Del All button to remove all users from the black list Black List Settings Select Black List l Blacklisti v Name Blacklisti User Remark Del All blackuser Delete Total 1 20 First Prev Next Last GotoPage Page 1 1 Row per Page 10 v Add User s After the Black List editing is completed You can select the Black List in each Authentication Server to make the list effective 59 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 6 2 Group To configure Group go to Users gt gt Group Users on the HSG can be classified into different groups which can be assigned different Policies and Schedules The HSG supports up to 5 user Groups Group Configuration Group 1 Select Group Group 1 v Group Name Group 1 Remark Zone Permission Configuration amp Policy Assignment Group 1 Time Span 1 Time Span 2 Zone Name Enabled Schedule 1 v Schedule 1 v Service Zone Private 4 Policy 1 v Policy 1 v Service Zone Public v Policy 1 v Policy 1 v When the type of authentication database is RADIUS the Class Group Mapping function will be available to allow the administrator to assign a Group for a RADIUS class attribute therefore a Group will be mapped to a user of a RADIUS class attribute 6 3 Policy To configure Policy go to Users Policy The HSG supports multiple Policies including one Global Policy and 5 individual Policies
163. t received within the interval then the packet will be re transmitted Higher ACK Timeout interval will decrease the packet lost but the throughput will be decreased worsened 24 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 4 2 Zone Wireless Settings Each zone has its own VAP and corresponds to one SSID In Private zone it s VAP1 and the SSID is hidden by default so public users cannot scan this SSID in the air for privilege users who already know this SSID they can manually associate to the SSID of Private zone On the other hand the SSID of VAP2 under Public zone by default is enabled with SSID Broadcast feature allowing public users to scan this SSID in the air After wireless general settings are done use the parameters in Wireless Settings under zone configuration to fine tune the wireless network under Private and Public Zone To configure Private Zone s Wireless Settings go to System gt gt Service Zone click Configure for Private zone Wireless Settings VAP 1 VAP Status Enable Disable Basic ESSID HSG260 1 Security Security Type None v Beacon Interval 100 25 500ms RTS Threshold 2346 1 2346 Fragment Threshold 2346 256 2346 Advanced Broadcast SSID Enable Disable Station Isolation Enable Disable WMM Enable O Disable IGMP Snooping Enable O Disable gt Wireless Settings VAP1 Wireless Settings Private Zone o Basic Enable the VAP Status if you
164. t for the dimensions of the image is set but a 460x480 image is recommended e Number of Tickets Enable this function to print duplicate receipts Another Remark field will appear when the Number of Ticket is selected to 2 and the content will appear at the bottom of the 2 duplicate receipt e Preview Click Preview the ticket will be shown including the information of username and password with the selected background You can also print the ticket here 3 Ticket Template Customization Administrators can customize contents on the On demand tickets using this template Template Customization Image Upload TypeI v Restore For Usage Time with expiration time amp Volume Type I Font remain InserParameters Size 9 Normal Tall as Ticket Serial Number SN Sremain A Sheader S2header S3header Username Susername J T lat Password Spassword z Quota Susage Total Price Sprice External ID Sextid ESSID Swlan ess id Wireless Key Swep key Your first time login must be done before Sexpire time The account is valid within Sduration days after your first login Preview 47 4 5 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Billing Plans Administrators can configure several billing plans Click the Edit button to enter the page of Editing Billing Plan Configure billing plans with desired account type expiration date price etc Click Apply to save
165. t lifespan eS Begin Time End Time Creation Time Ralajiap Tima CT gt Invalid Valid 149 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Appendix E External Payment Gateways This section is to show independent Hotspot owners how to configure related settings in order to accept payments via Authorize net PayPal SecurePay or WorldPay making the Hotspot an e commerce environment for end users to pay for and obtain Internet access with credit cards 1 Payments via Authorize Net To configure Payments via Authorize Net go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt Authorize Net Before setting up Authorize Net it is required that the merchant owners have a valid Authorize Net account gt Authorize Net Payment Page Configuration External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable Authorize Net Payment Page Configuration Merchant Login ID Merchant Transaction Key Payment Gateway URL https secure authorize net gateway transact dll Enable Disable Verify SSL Certificate Default v Test Mode Enable Disable Try Test MD5 Hash Enable Disable Merchant ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payment Gateway URL
166. tabase will be used as authentication database for roaming out users O Enable Disable 802 1X Authentication Local user database will be used as internal RADIUS database for 802 1X enabled LAN devices such as AP and switch e Local User List It allows the administrator to view add or delete local user accounts The Upload User button is for importing a list of user accounts from a text file The Download User button is for exporting all local user accounts into a text file Clicking the hyperlink of a user account leads to a page for configuration Add User UploadUser DownloadUser Search Local User List Applied Group MAC Address Username Password Account Status Begin Date End Date Remark Group 1 userl userl Valid Delete Total 1 500 First Prev Next Last Goto Page 1 Page 1 1 Row per Page 10 v Add User Click this button to enter the Adding User s to the List interface Fill in the necessary information such as Username Password MAC Address Remark and login Schedule Select a desired Group to classify local users Click Apply to complete adding the user s MAC address of a networking device can be bound with a local user as well It means this user must log in to the system with a networking device namely PC that has the corresponding MAC address That is this user can not log in with other networking devices An expiration time can be enabled fo
167. tal page for your users Because the pages are located on a remote server therefore special efforts are required by these external pages to parse process and send necessary URL parameters to and from the system 161 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Since External Pages needs more attention and care to setup its html codes also need to include mechanisms for processing the necessary URL parameters in order to work properly with the Access Controller please refer to further details regarding on external pages in the following sections How External Pages Operate Choose External Page if you desire to use an external web page for your custom pages Simply enter the URL of your external webpage click Preview button to check if it is reachable take a look at how your external webpage will be displayed then click Apply button Login Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page External Page Setting External URL http 10 2 3 230 ExternalPage login html Preview GL MS NEL Main Menu System Service Zone Service Zone Configuration Login Page When a user connects to this Service Zone opens a web browser and attempts to access the internet the system will point the user to the external login page configured Gateway while forwarding users to the external web page will also send URL parameters required for
168. terval is the space between symbols characters being transmitted to eliminate inter symbol interference With 802 11n short guard interval is half of what it is used to be to increase throughput Select Enable to use Short Guard Interval or Disable to use normal Guard Interval Channel Width 802 11g n and 802 11a n only For 802 11n doubling channel bandwidth to 40 MHz is supported to enhance throughput Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North American and Channel 1 13 in Europe or choose the default Auto Max Transmit Rate The default is Auto Available range is from 1 to 300Mbps The rate of data transmission should be set depending on the speed of the wireless network Select from a range of 23 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH transmission speed or keep the default setting Auto to make the Access Point automatically use the fastest rate possible Transmit Power Keep the default setting or select from range to make the Access Point use different transmit power as you wish DTIM Period Input the DTIM Interval that is generated within the periodic beacon at a specified frequency Higher DTIM will let the wireless client save energy but the throughput will be decreased worsened ACK Timeout The time interval for waiting for the acknowledgement ACK frame If the ACK is no
169. the HSG gateway 1 Place the HSG gateway at the best location The best location is usually at the center of your wireless network 2 To supply power to the HSG gateway Connect the power adapter to the HSG gateway s power jack socket on the rear panel 3 Connect HSG gateway to your outbound network device Connect one end of the Ethernet cable to the WAN port of HSG the gateway on the rear panel Depending on the type of internet service provided by your ISP connect the other end of the cable to the ATU Router of an ADSL a cable modem a switch or a hub The WAN LED indicator should be ON to indicate a proper connection 4 Connect the HSG gateway to your PC Connect one end of the Ethernet cable to the LAN1 port of the HSG gateway on the rear panel Connect the other end of the cable to a PC for configuring the system The LAN1 LED indicator should be ON to indicate a proper connection Note The HSG gateway has two virtual Private and Public zones that are mapped to LAN1 LAN2 192 168 1 254 and LAN3 LAN4 192 168 11 254 respectively on the HSG260 The HSG gateway has two virtual Private and Public zones that are mapped to LAN1 192 168 1 254 and LAN2 192 168 11 254 respectively on the HSG320 HSG327 Now the hardware installation is complete Caution Please use only the power adapter supplied with the HSG package Using a different power adapter may cause damage to this system Caution To verify the wired connection
170. the plan Go back to the screen of Billing Plans check the Enable checkbox or click Select all and then click Apply the plan s will be activated Billing Plans Plan Account Type Quota Price Enable Group Function 1 Usage time 2 hr s of connection time quota with expiration 2 99 7 Group 1 Edit 2 Duration time Valid for 4 hour s elapsed time 4 99 Vv Group 2 Edit 3 Volume 100 Mbyte s of traffic volume quota 1 99 V Group 3 Edit 4 Hotel Cut off time Valid until 23 00 the following day 3 99 7 Group 4 Edit 5 N A Group 1 Edit E N A Group 1 Edit 7 N A Group 1 Edit E N A Group 1 Edit 9 N A Group 1 Edit 0 N A Group 1 Edit e Plan The number of the specific plan e Type This is the type of plan based on which it defines how the account can be used including Usage time Volume Hotel Cut off and Duration time e Quota The limit on how On demand users are allowed to access the network e Price The unit price charged for buying an account from this billing plan e Enable Check the checkbox to activate the plan e Group Users under this billing plan will be classified under this group The default value is Group 1 e Function Click the Edit button to add one billing plan For detailed information regarding on demand accounts and billing plan configuration please refer to Appendix E On demand Account types amp Billing Plan External Payment Gateway This section is for merchants to
171. then click Add Add Mame 4 rs t To add an attribute that is nat listed select the YVendor Specific attribute Generate Class IF connection req Claes associated profile Attribute Framed Pratacc Service Type Cr i al aril Li Pid LI alt nanelna nmtoa LI E I 5 Edit Profile Unless individual eae ge oe ee ee ee ee ee a aoa oc as ee ae a ce oe E Cc oy Par yon EDATE a policy controls ae Allowed Certificate O1D Microsoft Species the certificate purpose or usage object identifiers aenerate Class Attribute Microsoft Specifies whether 45 automatically generates the class al If a connection re Generate Session Timeout Microsoft Specifies whether 45 automatically generates the session Deny remote lt Ignore L ser Dialin Praperties Microsoft Specities that the user s dial in properties are ignored M TE 4 M5 Quarantine PFilter Microsoft Species the IP traffic filter that i used by the Routing anc M5 Quarantine Session T imeaut Microsoft Specities the time in seconds that the connection can rer Tunnal T ag Microsoft Description not yet defined USA ACCM Type U S Robotics Inc Description not yet defined USR AT Call Input Filter U S Robotics Inc Description not yet defined USA AT Call Output Filter U S Robotics Inc Description not yet defined L SR AT Input Filter U S Robotics Inc Description not yet defined USA A4T Output Filter U S Robotics Inc Description not yet defined
172. ther AP with L2 firewall feature learn the trusted MAC IP pairs to issue ARP requests o Static List can be used to add MAC or MAC IP pairs of devices that are trusted to issue ARP request Other network nodes can still send their ARP requests however if their IP appears on the static list with different MAC their ARP requests will be dropped to prevent eavesdropping If any settings are made please click Apply to save the configuration before leaving this page 36 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 5 Who Can Access the Network 5 1 Type of Users To configure Users go to Users Authentication This section is for administrators to pre configure authentication servers for the entire system Concurrently up to three servers can be selected and pre configured for static user authentication One server uses built in LOCAL database while the other two servers use external RADIUS database In addition ONDEMAND server can be configured for temporary user authentication Authentication Settings Auth Option Auth Database Postfix Server 1 LOCAL local Server 2 RADIUS radiusi Server 3 RADIUS radius2 On demand User ONDEMAND ondemand FREE FREE N A e Authentication Settings There are four different authentication options in HSG gateways that use databases LOCAL RADIUS1 RADIUS2 ONDEMAND and FREE Local and On demand are built in databases with user credentials stored locally and RADIUS is one of
173. ton to get an IP address automatically 35 e A 6 stem Users Network Utilities Status General V wan WAN Traffic IPv6 LAN Port Mapping Service Zones V Layer 2 Firewall N Main Menu gt System gt WAN WAN Interface Setting 0 Static Use the following IP settings Dynamic IP settings assigned automatically E Learn DNS Server Address During Negotiation Preferred DNS Server Alternate DNS Server PPPoE PPTP 12 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 3 2 3 PPPoE PPPoE When selecting PPPoE to connect to the network please set the Username Password MTU and Clamp MSS There is a Dial on demand function under PPPoE If this function is enabled a Maximum Idle Time slot will be available for inputting a value When the idle time is reached the system will automatically disconnect itself e lt s5 a 6 TEM Users Network Utilities Status General Y WAN WAN Traffic N IPvG Y LAN Port Mapping N Service Zones N Layer 2 Firewall h Main Menu gt System gt WAN WAN Interface Setting Static Use the following IP settings Dynamic IP settings assigned automatically PPPoE Username Password MTU 1492 bytes Range 1000 1497 Clamp MSS 1350 bytes Range 980 1400 Dial on Demand Enable Disable E Learn DNS Server Address During Negotiation Preferred DNS Server Alternate DNS Server PPTP
174. tracing e Web Log This page shows which of the web pages have been accessed on the HSG s built in web server e UAMD Log This page displays the UAM related information output from the UAM daemon e RADIUS Server Log This page displays the RADIUS messages that pass through the HSG gateway e On demand Billing Report Log This page displays a summary of On demand account transactions e Configuration Change Log This page shows the account and IP of the user that has made configuration changes to the HSG 11 1 9 DHCP Lease To configure DHCP Lease related logs go to Status gt gt DHCP Lease 116 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH The DHCP IP lease statistics can be viewed after clicking on Show Statistics List in this page Statistics of offered list Valid lease counts of the Last 10 Minutes Hours and Days are shown here The header 1 10 are the unit multipliers For instance the number under column 2 indicates the lease count in the last 20 minutes hours days the number under column 3 indicated the lease count in the last 30 minutes hours days and so on Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes Hours and Days are shown here The header 1 10 are the unit multipliers For instance the number under column 2 indicates the expired count in the last 20 minutes hours days the number under column 3 indicates the expired count in the last
175. tworking devices on the list can access the network without any authentication c s 6 E e System Users Network Utilities Status NAT Privilege Monitor IP N Walled Garden M Walled Garden Ad N Proxy Server Local DNS Record N DDNS Client Mobility k Main Menu gt Network gt Privilege List IPv6 Address List 74 HSG Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 7 3 1 Privilege IP Privilege IP Address List To configure Privilege IP Address List go to Network gt gt Privilege gt gt IP Address List If there are workstations inside the managed network that need to access the network without authentication enter the IP addresses of these workstations in Granted Access by IP Address The Remark field is not necessary but is convenient for keeping track The HSG allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply 1 i NAT Y Privilege Monitor IP N Walled Garden N Walled Garden Ad Y Proxy Server Local DNS Record N DDNS N Client Mobility 1 Main Menu gt Network gt Privilege List gt IP Address Backup IP Privilege List Restore IP Privilege List Search IP Granted Access by IP Address Create a New Item No IP Address Total 0 100 First Prey Next Last Go To Page Page 1 1 Row per Page 10 Caution Permitting specific IP addresses to have network access rights without going through standa
176. udes the following gt gt ww Ww y IP Address Port IP address and port number of FTP server Anonymous Check option Yes if the FTP server does not need ID credentials otherwise check option No and fill in the necessary Username and Password FTP Setting Test To test if the FTP settings are correct or not User Log Records the User Log of the system to a specific FTP server On demand User Log Records the On demand User Log of the system to a specific FTP server Roaming Out In Users Log Records the Roaming Out In Users Log to a specific FTP server Session Log Log each connection created by users and track the source IP Port and destination IP Port Session Log will be sent to the FTP server automatically in every defined interval in Session Log email notification Session Log allows uploading the log file to a FTP server periodically The maximum log file size is 256K The log file will also be sent to the FTP server once the file size reaches its maximum size On demand User Billing Report Records the On demand User Billing Report to a specific FTP server Local HTTP Web Log HTTP Web Log Records the URL of websites visited by users accessing the internet via the HSG to a specific FTP server WMI Configuration Log Records the WMI Configuration Log of the system to a specific FTP server DHCP Lease Log Records the DHCP Lease Log of the system to a specific FTP server Traffic Report Records the Traffic Report of the
177. uesnnaunndunn vien enia b e I EU E DE NTEEUE 129 Appendix B WDS Management eeeeeee eee ee ee eene eee e etae etae eee ee eee en seen eee en essen eee en seen e eeaae 130 Appendix C RADIUS Accounting eee eee esee ee eee eee e etae eee an eee en eee en eee en eee en eee en seen essa 132 Appendix D On demand Account types amp Billing Plan 141 Appendix E External Payment GatewayS eere e eese eene eere eee eee eene seen eee en setae etaae 150 Appendix F Portal Page Customization eee e eee eese eene eere eee ee seen seen eee en setae etnae 161 Appendix G Terminal Server Setup eee eee eee eere ee eere eee ee seen eee en estan eee en eee en seen e eeaae 175 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 1 Before You Start 1 1 Preface This manual is for WLAN service providers or network administrators to set up a network environment using the HSG Hotspot Gateway Series It contains step by step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation Corresponding Software Versions for each Model HSG260 Up to software version 2 30 HSG320 Up to software version 1 10 HSG327 Up to software version 1 10 1 2 Document Conventions Represents essential steps actions or messages that should not be ignored Contains relat
178. ul The Login Success Page indicates that you are connected to the network and the Internet now 56 User s Manual HSG Wireless Hotspot Gateway ENGLISH Hello you are logged in via test local To log out please click the Logout button Login time 2012 06 06 09 44 57 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 6 Restrain the Users 6 1 Black List To configure Black List go to Users gt gt Black List The administrator can add delete or edit the black list for user access control User accounts that appear on the black list will be denied of network access The administrator can use the pull down menu to select the desired black list Black List Settings Select Black List 1 Blacklisti v Name Blacklist1 User Remark Del All Total 0 20 First Prev Next Last Go to Page Y Page 1 1 Row per Page 10 Add User s e Select Black List There are 5 black list profiles available for utilization e Name Set the black list name and it will show on the pull down menu above e Add User s Click the Add User s button to add users to the selected black list Adding User s to Blacklist1 No Username Remark 10 58 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH After entering the usernames in the Username field and the related information in the Remark blank not required click Apply to add the users If a user needs to be removed from the black lis
179. umber of nights specified Since guests may hang around in the lobby for a short while after checking out the hotel may want to specify a Grace period for their tenants GEL NN ae Hotel Cut off time account lifespan 3 night stay example 24 00 PM 24 00 PM 24 00 PM Cut off Time Check out time Creation Time Deletion Ti D Check in time eletion Time DT L1 Invalid Valid 144 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Hotel Cut off time account lifespan 3 night stay example with Grace Period 24 00 PM 24 00 PM 24 00 PM e Grace Period Cut off Time Check out time Creation Time Deletion Time DT Check in time 1L Invalid Valid o Volume Users can access internet as long as his her account has remaining traffic volume quota The account will expire when Valid Period has been used up or the quota is depleted This type is ideal for small quantity of applications such as sending receiving email transferring a file etc Count down of Valid Period is continuous regardless of logging in or out Quota is the total Mbytes 1 2000 On demand users are allowed to use to access the network Account Activation is carried out when the user logs in for the first time Failing to do so in the period set in Account Activation will result in account expiration Valid Period is the valid period of usage time After this time period the a
180. ur account is not usable because the authentication option is currently disabled lt BR gt Please contact your network administrator Sorry your account is not usable because the authentication option associated with the postfix is not found lt BR gt Please contact your network administrator Sorry you are not allowed to log in because your account is currently on the Black List Sorry you are not allowed to log in because it is currently not the service hour for your account You have already logged in Sorry there is a system problem 167 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH checking the information of your account XXX lt BR gt Please contact your network administrator Invalid username or password lt BR gt Please check your username and password and try again Cannot identify the policy for your account lt BR gt Please contact your network administrator User of this device the MAC address is not allowed to use this account lt BR gt Please contact your network administrator Sorry the external authentication server is currently unreachable lt BR gt Please contact your network administrator Sorry you are not allowed to create a remote VPN connection Vlanid Integer 17 4096 Gwip IP format E External Logout Successful Page Variables Field Value Uid otring Vlanid Integer 1 4096 Gwip IP format e External On demand login success
181. uthentication The system provides four authentication methods Plain Login CRAM MD5 and NTLMY1 or None to use none of the above Depending on which authentication method is selected enter the Account Name Password and Domain o NTLMvV1 is not currently available for general use o Plain and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM MD5 or Login however the method to be used can not be configured Notification E mail Settings gt Receiver Email Address es Up to 5 e mail addresses can be set up to receive the notification There are eight kinds of notification for selection Monitor IP Report Users Log On demand Users Log and Session Log check the selection box to choose the type of notification to be sent gt Interval The time interval to send the e mail report 119 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH 11 2 2 SYSLOG SYSLOG Server Settings There are 9 types of SYSLOG supported Users Log On demand Users Log Roaming Out Users Log Roaming In Users Log Session Log Firewall Log Local HTTP Web Log HTTP Web Log and DHCP Server Log Enter the IP address and Port number to specify the SYSLOG server where the report should be sent to
182. uthentication On demand User Server Configuration gt On demand Account List Restore Accounts Backup Current Accounts Delete Expired Accounts Delete Out of Quota Accounts Search On demand Account List Username Password Remaining Quota Status Group Reference External ID l Delete All 9829 f6 sk7zsd 1000 M byte s Expired Group 2 Delete 383x n996nb5y 11 min s Normal Group 1 Delete Total 12 3000 First Prev Next Last GotoPage 2 Page 2 2 Row per Page 10 e Search Enter a keyword of a username External ID or reference to be searched in the text file and click this button to perform the search All usernames External ID or reference matching the keyword will be listed e Username The login name of the account e Password The login password of the account e Remaining Quota The remaining time or volume or the cut off time that the account can continue to use to access the network e Status The status of the account o Normal the account is not currently in use and has not exceeded the quota limit o Online the account is currently in use o Expired the account is not valid any more even if there is remaining quota left o Out of Quota the account has exceeded the quota limit o Redeemed the account has been applied for account renewal 52 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH e External ID This is an additional information field combined wit
183. wish to provide wireless service under this zone Assign an ESSID to VAP1 under Private Zone or use the default the ESSID of Private Zone will not be broadcast and internal staff will need to associate to Private Zone s VAP1 manually o Security Configure the wireless network under Private Zone with security encryption to prevent unauthorized wireless association if necessary The supported encryption standards are WEP and WPA PSK o Advanced The parameters in Advanced are wireless settings that allow customization of data transmission enhanced security and wireless roaming Beacon Interval The entered amount of time indicates how often the beacon signal will be sent from the VAP The default value is set at 100ms RTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the frame to prevent hidden node problems The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with the HSG or in areas where the clients are far apart and can detect only the HSG but not each other The default value is set at 2346 25 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH Fragment Threshold Enter a value between 256 and 2346 The default value is 2346 Packet size larger than this threshold will be fragmented
184. y of the HSG The history of each day will be saved separately in the RAM memory for at least 3 days 72 full hours The system also keeps a cumulated record of the traffic data generated by each user in the last 2 calendar months 112 User s Manual HSG Wireless Hotspot Gateway ENGL Date Size Byte 2012 07 10 131 2012 07 09 131 2012 07 08 131 Date Size Byte 2012 07 10 186 2012 07 09 186 2012 07 08 186 Size Byte Month NeofEnres UsweDa 12 07 0 Download 2012 08 0 Download Caution Since the history is saved in the RAM memory if you need to restart the system at the same time please keep the history manually by copying and saving the traffic history information before restarting 113 4ipnet User s Manual HSG Wireless Hotspot Gateway ENGLISH If the Receiver E mail Address es has been entered under the Notification Settings page the system will automatically send out these history information to that specified email address e Users Log All user activities on the system within 72 hours excluding other user logs such as On demand user log are recorded in date and time order Each line is a traffic history record consisting of 17 fields including Date Type Name IP IPv6 MAC Pkts In Bytes In Pkts Out Bytes Out and other information of the user activities e On demand User Log Each line is a on demand user log record consisting of 25 fields Date System Name Type N
185. yed Text Credit Card Number Cre dit Ca rd Expirati on Date First Name Last Name Card Type v Visa v American Express Master Card v Discover Card Code E mail Room Number Company Address City State Zip Country Phone Fax Required lt s S PE PS DDR 8 8 2 8 DS C9 Authorizie Net Payment Page Remark Content You must fill in the correct credit card number and e expiration date Card code is the last 3 digits of the security code located on the back of your credit card If v Authorize Net Payment Page Fields Configuration O Item Check the box to show this item on the customer s payment interface O Displayed Text Enter what needs to be shown for this field O Required Check the box to indicate this item as a required field O Credit Card Number Credit card number of the customer The Payment Gateway will only accept card numbers that correspond to the listed card types O Credit Card Expiration Date Expiration date of the credit card This should be entered in the format of MMYY For example the expiration date of July September 2009 should be entered as 0709 O Card Type This value indicates the level of match between the Card Code entered in a transaction and the value that is on the file with a customer s credit card company A code and narrative description are provided to indicate the results returned by the processor O Card Code
Download Pdf Manuals
Related Search