(EN) 4ipnet HSG200 Wireless Hotspot Gateway v1.10
Contents
1. 119 12 4 CustomizabledPd6 S ui aa ea tutt eS al ne Su re mS oT me DU I DUE A LC me mae 120 Appendix A Network Configuration on PC amp User Login 122 Appendix B Policy Priority a ITE HE ERE Co EE a tva p vede Eae 135 Appendix C WDS Management eee e eese eere esee ee esten eee enn ee tene eee ene eee ene eee en esee en setas 136 Appendix D RADI US Accounting 4 eee eren esee eene eere esterne sten eee ene eee ene eee en sete ene esas 137 Appendix E On demand Account types amp Billing Plan 146 Appendix F External Payment Gateways eere eese eere ee eere eee ene eee eneeeetne etus 156 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 1 Before You Start 1 1 Preface This manual is for WLAN service providers or network administrators to set up a network environment using the HSG200 system It contains step by step procedures and graphic examples to guide MIS Staff or individuals with slight network system knowledge to complete the installation 1 2 Document Conventions Represents essential steps actions or messages that should not be ignored Notes Contains related information that corresponds to a topic Indicates that clicking this button will apply all of your settings Indicates that clicking this button will clear what you have set before the settings are2. X 95 Oc O27 ao ETT US MT 95 TO0 10 5 dae OLIO tectus tete i ttt Ne Renee aM itia Re een oae D rot 96 I0 10 4 SHOW ARP Tables e as nt states ieu iactis ene ee IDEO DU 96 WOTE JMORBICOFE TP ENK oe eR Re eI nh a ed Oren ci taedas tote ad toda oben dose La CE 97 ION MEE ao ERIT TT UEM 98 11 System Status and Reports eee creer eene e eere eee eee eee ene eee ene se eeneetnue 101 D BY A ca S ERU OU ON ee I nL OE TEMERE MEN 101 Eb PNE SE NM My lee UNS arate os arcs tit ye AEE E E OE EE E E A O A TE 101 IT ICA tenace US eea tates meiden dion n aneosaaednataanastosestona eaeto teammates 103 Li los ROUNO TaN cust dritten aM eat ce M A c te Ma E AT EE E 105 LI I peurnent USES DEUM mE uM eM E MA IU NM 106 LI Lo SENEO rem netten NEO RRND ne I e USE I e SE ET RO RC UAE Con tu EE 107 LELO Local User Mofnthly INGEW ORK errenneren na denisadiatiasaesaaneiedaedeasmenorseues 109 11 2 INOUE FSC NOY Pee TETTE TETTE 110 E12 uou E E uM LE M M I M ca tea 111 11 2 27 SISSE re cer teri est a EE E LEE ME ME LL I E E D E 112 11325 9l baccis Rd NUI MEE III C E DUI IE EE ae es 113 HB eh i EO Toa ENERO UTR RUTRUM 115 12 Advanced APPLICATIONG ccccccccsscscccsssscccsscsccesssscccsscsecessssccsssecccssssscesesescees 116 12 1 Upload Download Local Users Accounts eene 116 12 2 RADIUS Advanced S etting Ssu t ep eeu tu a duree otn cb LUE 118 12 3 PROGID OP OUE f
3. 6 3 Policy Configure Policy go to Users gt gt Policy HSG200 supports multiple Policies including one Global Policy and 5 individual Policy Global Policy is the system s universal policy and applied to all clients unless they are bounded by another policy Individual Policy can be defined and applied to different authentication server The client login with this authentication server will be bound by the corresponding Policy if for an authentication server no policy is applied its users will be governed by the Global Policy When the type of authentication database is RADIUS the Class Policy Mapping function will be available to allow the administrator to assign a Policy for a RADIUS class attribute therefore a Policy will be mapped to a user of a RADIUS class attribute Global Policy Global policy is the system s universal policy containing Firewall Rules Specific Routes Profile and Maximum Concurrent Sessions which will be applied to all users unless the user has been regulated and applied with another individual Policy Policy Configuration Global Policy Select Policy Global vi Firewall Profile Setting Specific Route Profile Setting Maximum Concurrent Sessions 500 sessions per user Select Policy Select the desired policy profile to configure e Firewall Profile Global policy and policy 1 5 all have a firewall service list and a set of firewall profile which is composed of firewall rules
4. Internal Domain Name is the domain name of the HSG200 as seen on client machines connected under zone It must conform to FQDN Fully Qualified Domain Name standard A user on client machine can use this domain name to access HSG200 instead of its IP address In addition when Use the name on the security certificate option is checked the system will use the CN Common Name value of the uploaded SSL certificate as the domain name General WAN Configuration WAN Traffic Y Zone Configuration General Settings for the Entire System System Name Wireless Hotspot Gateway L use the name on the security certificate Internal Domain Name k l FQDN of this device for internal use e g controller affice name corn To Configure Certificate go to Users gt gt Additional Control gt gt Upload File Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 information pieces about its owner called the subject and the signing Certificate Authority called the issuer plus the owner s public key and the signature made by the CA Network entities verify these signatures using CA certificates You can apply for a SSL certificate at CAs such as VeriSign If you already have a SSL Certificate please Click Browse to select the file and upload it Click Apply to complete the upload process If you do not have a valid SSL Certificate use the system default certifi
5. QEnahle 9 Disable No Class Attribute Value policyName Remark 2 4 EN m mE gt Primary Secondary RADI US Server Server Enter the domain name or IP address of your RADIUS Server Authentication Port Enter the Port number used for authentication Accounting Port Enter the Port number used for accounting Secret Key Secret Key used for authentication Accounting Service Enable Disable RADIUS accounting Authentication Protocol Select Challenge Handshake Authentication Protocol CHAP or Password Authentication Protocol PAP 42 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 5 1 3 On Demand Users On demand User Server Configuration The administrator can configure this authentication method to create on demand user accounts This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment Major functions include accounts creation users monitoring list billing plan and external payment gateway Support Authentication Server On demand User WLAN ESSID HSG200 2 Wireless Key None USD GBP EUR t Currency General Settings Input other desired currency e g AU time Enable 9 Disable Remaining Reminder Volume Enable 9 Disable Sync Interval 9 10min s 15min s 20min s Ticket Customization Configure Billing Plans Configure Termina
6. Server 3 radius Policy 3 None w ONDEMAND lO londemand l Policy 4 2 Blacklist2 3 Blacklist3 4 Blacklist4 Apply poem 55 6 x 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 6 2 MAC Address Control Configure MAC Address Control go to Users gt gt Additional Control Additional Control Idle Timeout minutes 10 1 1440 User Session Control m Multiple Login Authentication option using On demand database will not support this function Session Timeout minutes 120 5 1440 Built in RADIUS TM i E Server Seilin Idle Timeout minutes 10 1 120 Interim Update minutes 5 1 120 Upload File Certificate Upload SMTP Port Forwarding Enable Disable MAC ACL With this function only the users with their MAC addresses in this list can login to HSG200 There are 40 users maximum allowed in this MAC address list User authentication is still required for these users Click Edit to enter the MAC Address Control list Fill in these MAC addresses select Enable and then click Apply Access Control List Enable 9 Disable No MAC Address No MAC Address 1 i i 2 3 4 5 i 6 i 7 8 g 10 11 12 l 13 i 14 i 17 18 19 ji 20 i Total 40 First Prev Next Last Caution The format of the MAC address is Xx XX XX XX XX XX Or XX XX XX XX XX XX 56 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual
7. Enable 9 Disable Local user database will be used as authentication database for roaming out users Q Enable 9 Disable Local user database will be used as internal RADIUS database for 802 1X enabled LAN devices such as AP and switch Add User Upload User Download User ae Local User List Username Password MAC Address Applied Policy Remark Del All ul None Delete Total 1 100 First Prey Next Last Note 1 The format of each line is Username Password MAC Address Applied Policy Remark without the quotes There must be no space between the fields and commas The MAC field could be omitted but the trailing comma must be retained When adding user accounts by uploading a file existing accounts in the embedded database that are also defined in the data file will not be replaced by the new ones Note 2 Only Q9 AZ asz and are acceptable for password field File Name Upload User from File JBrowse Upload When uploading a file any format error or duplicated username will terminate the uploading process and no account will be uploaded Please correct the format in the uploading file or delete the duplicated user account in the database and then try again 116 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual e Download User Use this function to create a txt file with all Local user account information and then save it on disk Add User Upload User Down
8. First time login must be done within 4 day s E Account Activation haur s Quota t Range of haur 2 O 23 they cannot both be zere Valid Period After activation account will be expired in 6 dayis Must be larger than zZ dcs Price Range 0 100000 including two digits after decimal point ae a NN Group Group 1 j Reference TIP If the Account Type is Usage Time Customer can access intamat as long as the account is valid with remaining quota connection time and within the valid period Customer alse needs to activate the issued account within a given time period by logging in for the first time 146 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Usage time Expiration Time account lifespan l Quota up QU Activation Time Elapsed Time AT Creation Time Deletion Time CT DL Invalid gt Valid Usage time Expiration Time account lifespan Quota Up QU Activation Time Elapsed Time AT Creation Time Deletion Time DL Invalid Valid o Usage time with No Expiration Time Can access internet as long as account has remaining quota usable time Need to activate the purchased account within a given time period by logging in for the first time Ideal for short term usage For example in coffee shops airport terminals etc Only deducts quota while using
9. Master card Discover Card Cade Card Code E mail E mail E Customer ID Room Number i Company Company L Address Address Nm City City E State State oO Zip Zip O Country Country CI 4 Phone Phone L Fax Fax m Displayed text fileds must be filled Authorizie Net Payment Page Remark Content You must fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card If v Authorize Net Payment Page Fields Configuration o Item Check the box to show this item on the customer s payment interface o Displayed Text Enter what needs to be shown for this field o Required Check the box to indicate this item as a required field o Credit Card Number Credit card number of the customer The Payment Gateway will only accept card numbers that correspond to the listed card types o Credit Card Expiration Date Expiration date of the credit card This should be entered in the format of MMYY For example an expiration date of July September 2009 should be entered as 0709 o Card Type This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results returned by the processor o Card Code The three or four digit code assigned to a customer s credit card number at the end of the
10. No Class Attribute Value policyName Remark 1 Policy 1 2 Policy 1 v 3 Policy 1 4 Policy 1 v 5 Policy 1 iv 118 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 12 3 Roaming Out Configure local user Roaming Out go to Users gt gt Authentication click configure of Local Under certain configurations HSG200 can act as a RADIUS server for Roaming Out local user logged from other system The Local User database will act as the RADIUS user database e Account Roaming Out amp 802 1X Authentication When Account Roaming Out is enabled the link of Roaming Out amp 802 1X Client Device Settings will be available to define the client device authorized to roam by entering the IP address Subnet Mask and Secret Key Local User Database Settings Local User List 9 Enable Disable Account Roaming Out Local user database will be used as authentication database for roaming out users Q Enable 9 Disable 802 1X Authentication Local user database wil be used as internal RADIUS database for 802 1X enabled LAN devices such as AP and switch Roaming Qut amp 802 1X Client Device Settings Roaming Out amp 802 1x Client Device Settings No Type IP Address Subnet Mask Secret Key 1 Roaming Out 10 0 0 0 255 0 0 0 8 E n 2 Disable v 255 255 255 255 32 3 Disable v 255 255 255 255 32 4 Disable v 255 255 255 255 32 Cli
11. User s Manual HSG200 v1 10 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 1 1 1 2 1 3 2 1 2 2 2 3 2 4 2 5 2 6 3 1 3 2 3 3 3 4 3 5 4 1 4 2 4 3 4 4 5 1 5 2 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Table of Contents Before You STartosaos con Wn i e WW FEDERER SED OW eb Ovi CVV isa ouv 1 W ste HT UEM 1 DOCUMENT Convelltlolissdsuistti cdm erre UO e ene tUa e RE Cann Hac di vec iD A A 1 Package CheckllSEsssteanimaddeseu s dentis ione E edito uen dbieokat s des e Leo te heut s bd qao cd 2 System Overview and Getting Started 2 e eeeeeeeeee een 3 LM EFOCUCEION Momo eA 0E T T T TUE 3 5SyStem CONC COD use euet I b EE c MEN M MOM 3 HardWare DescEIDHIOTIS Gessasssiiecatsspe bles tue a NT 5 Sy SEC IMM RECN eme aseo trato etude LEE DE LED UC M Ue EE 8 Hstallation S tep c RR ERR E 8 Access Web Management Interface sssssssssesseeeeeeeeen eene enne nennen nnns n 10 Combine HSG200 to the Network e eeeee eerte eee eene eee enaeeo 12 Network REQUIFEMENL cee cccccscccsssccesssscessssccessssceesssecsssssceesssccsssecessssccesssecesssecesssseesaess 12 CORPOUES WAN POPE RN M UU 12 BZ sl SUAUIC IP nade 13 CPP Van MMC RE T Tr 13 S 2 940 p POE atu hti tee MM UCM M UEM Mc Te er 13 Internet Connection DetecLlon oe iol ico a hada boobs de DURS 15 WAN Ban
12. e Specific Route Profile When Specific Routes are configured here all clients applied with this policy will access the specific destination through these gateway settings Maximum Concurrent Sessions Set the maximum concurrent sessions for each client belonging to this group Policy 1 Policy 5 Beside Global Policy Policy1 to Policy5 each consists of access control profiles that can be configured respectively and applied to a certain authentication server or user 57 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Policy Configuration Policy 1 Select Policy Policy 1 Firewall Profile Setting Specific Route Profile Schedule Profile QoS Profile Setting Maximum Concurrent Sessions 500 sessions per user Select Policy Select the desired policy profile to configure e Firewall Profile Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules Specific Route Profile The default gateway of a desired IP address can be defined in a policy When Specific Routes are configured here all clients applied with this policy will access the specific destination through these gateway settings Schedule Profile The Schedule table in a 7X24 format is used to control the clients login time When Schedule is enabled clients applied with this policy are only allowed to login the system at the time which is checked in Schedule profile settings QoS
13. 44 4 5 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Billing Plans Plan Account Type Quota Price Enable Function 1 Usage time 15 min s connection time quota with expiration 10 91 W Edit 2 Usage time 11 min s connection time quota 1 v Edit 3 Hotel Cut off time Valid until 12 00 the following day 5 v Edit 4A Duration time Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 i v Edit 5 N A Edit WA Edi 7 N A Edit 8 N A Edit 9 N A Edit 0 N A Edit e Plan The number of the specific plan e Type This is the type of the plan based on which it defines how the account can be used including Usage time Volume Hotel Cut off and Duration time Quota The limit on how On demand users are allowed to access the network e Price The unit price charged for buying an account from this billing plan Enable Check the checkbox to activate the plan Function Click the button Edit to add one billing plan For detailed information regarding on demand accounts and billing plan configuration please refer to Appendix E On demand Account types amp Billing Plan External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on line The options are Authorize Net PayPal SecurePay WorldPay or Disable For detailed parameter de
14. Audio Devices User Accounts VMware Tools Scheduled Tasks 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 2 Choose the Connections tab and then Internet Properties click Setup General Security Privacy Content Connections Programs Advanced To set up an Internet connection click Setup Dial up and Virtual Private Network settings Remove Choose Settings iF you need to configure a proxy server For a connection Settings Never dial a connector Dial whenever a network connection iz not present Always dial my default connection Current Mone Local 4rea Network LAN settings LAM Settings do not apply Ea dial up connections LAN Settings Choose Settings above For dial up settings 3 When the Welcome to the New New Connection Wizard Connection Wizard window appears Welcome to the New Connection Wizard click Next This wizard helps you Connect to the Internet Connect to a private network such as your workplace network Set up a home or small office network To continue click Mert 4 Choose Connect to the I nternet and New Connection Wizard Network Connection Type then click Next What da vou want to do C Connect to the network at my workplace Connect to a business network using dial up or VPN so you can work fram home a field office or another location O Set up a home or small office ne
15. BENE T 51 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 5 2 3 An Example of User Login Normally users will be authenticated before they get network access through HSG200 This section presents the basic authentication flow for end users Please make sure that the HSG200 Is configured properly and network related settings are done 1 Connect a client PC to Public Zone of HSG200 Open an Internet browser and try to connect to any website in this example we try to connect to www google com a For the first time if the HSG200 is not using a trusted SSL certificate there will be a Certificate Error because the browser treats HSG200 as an illegal website Certificate Error Navigation Blocked Windows Internet Explorer IGI http www google com File Edit View Favorites Tools Help w od Certificate Error Navigation Blocked x There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Y Click here to close this webpage i Continue to this website not recommended 9 More information b Ple
16. This will delete the users individually 9 Redeem On demand Accounts Hello you are logged in via sp6z ondemand To log out please click the Logout button Login time 2009 06 02 11 11 Remaining Time Hour sg Min 51 Sec L cr For Usage time accounts when the remaining quota is insufficient or if they are almost out of quota they can use redeem function to extend their quota After the user has got or bought a new account they just need to click the Redeem button in the login success page to enter Redeem Page input the new account Username and Password and then click Submit This new account s quota will be extended to the original account However Redeem function can only be used to with same billing type accounts only i e Volume accounts can only be redeemed with another Volume account and so on 49 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Redeem Welcome to Redeem Page Please enter the username and password to Redeem Uemame Password O Note The maximum quota is 365dys 23hrs 59mins 59secs even after redeem If the redeem amount exceeds this number the system will automatically reject the redeem process Note Duration time and Hotel Cut off type do not support redeem function 50 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 5 2 User Login 5 2 1 Default Authentication There are different types of aut
17. aooo0 4 Enable Disable 2 Enable Disable Until 18 30 88 6 Enable Disable 7 Enable Disable 20 73 Mbyte s 0 59 a Enable Disable g Enable Disable 10 Q Enable 9 Disable 600 Mbyte s 6 99 o Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here o Choose Billing Plan for PayPal Payment Page These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled Client s Purchasing Record PayPal Payment Page Remark Content Client s Purchasing Record Starting Invoice Number Change the Number Description Item Name Internet Access Title for Message to Seller Special Note to Seller PayPal Payment Page Remark Content Payment is accepted via PayPal PayPal enables you to a send payments securely online using PayPal account a credit card or bank account Clicking on Buy How button I fi Client s Purchasing Record o Starting I nvoice Number An invoice number may be provided as additional information against a transaction This is a reference field that may contain any kind of information o Description Enter the product service description e g wireless access service o Title for Message to Seller Enter the information that will appear in the header of the PayPal payment page PayPal Payment Page Remark Content The message content will be displayed as a s
18. 0 mints Elapsed Time Range of day s 0 364 Range of haur s 0 23 Range of mins 0 59 they cannot all be zero 47 Price Range 0 100000 including two digits after decimal point Bg 1 99 Group TIP When the Account Type is Duration timie three Counting Methods may be used to decide when the account expires 1 Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Date Time specifies that the account is valid between the two time points ie NEL Duration time Elapsed Time account lifespan q Elapsed Time ET Creation Time CT Deletion Time DT L1 Invalid Valid 152 E 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH o Duration time with Cut off Time Cut off Time is the clock time at which the on demand account is cut off made expired by the system on that day For example a shopping mall closing hour is 23 00 operators selling on demand tickets can create use this plan to create ticket set to be Cut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for use It is set to account creation time Cut off Time is
19. 81 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 9 2 Dynamic Domain Name Service DDNS Configure Dynamic Domain Name Service go to Network gt gt DDNS Before activating this function you must have your Dynamic DNS hostname registered with a Dynamic DNS provider HSG200 supports DNS function to alias the dynamic IP address for the WAN port to a static domain name allowing the administrator to easily access HSG200 s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply Dynamic DNS DDNS Q Enable 9 Disable Provider DynDNS org Dynamic Host Name Username E mail Password Key e DDNS Enable or disable this function e Provider Select the DNS provider Host name The IP address domain name of the WAN port e Username E mail The register ID username or e mail for the DNS provider e Password Key The register password for the DNS provider Note To apply for free Dynamic DNS service you may go to http www dyndns com services dns dyndns howto html 82 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 9 3 Port and IP Redirect Configure Port and IP Redirect go to Network gt gt NAT gt gt Port and IP Redirect This function allows the administrator to set 40 sets of the IP addresses at most for redirection purpose
20. Control Panel gt gt Network and Dial up Connections 129 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH TCP IP Properties Ed x Advanced NetBIOS Gateway WINS Configuration IP Address Bindings ONS Configuration The first gateway in the Installed Gateway list will be the default The address order in the list will be the order in which these machines are used New gateway fT C ap Installed gateways Hienmuwve Cancel TCP IP Properties Fi Bindings Advanced NetBIOS DAS Configuration Gateway WINS Configuration IP Address Host DAIS Server Search Order Domain Henove Domain Suffix Search Order E3 Control Panel File Edit View Back Search GyFolders i History s LU x e zije Address 59 Control Panel e Go i Favorites Tools Help Date Time Display Folder Options Fonts a Ld d dm n S ES T Control Panel 2L eT ESS YQ Game Internet Keyboard Mouse Network and Dial up Controllers Options Connections Connects to other computers Ts E31 networks and the Internet ui E Windows Update Ce IPhone and Power Options Printers windows 2000 Support Dial up Modem Connections X ed m v dB q Regional Scanners and Scheduled Sounds and Options Cameras Tasks Multimedia 2a S Bp System Users and VMware Tools x Connects to other computers
21. Dynamic WEP For 802 1X security type Dynamic WEP is always enabled to automatically generate WEP keys for encryption B WEP Key Length Select from 64 bit or 128 bit key length B Re keying Period The time interval for the dynamic WEP key to be updated the time unit is in second e WPA PSK B Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed B Pre shared Key Passphrase Enter the key value for the pre shared key or passphrase B Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds WPA RADI US Same as 802 1X when it is selected it is combined with TKIP AES or Mixed mode 27 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed B Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds 28 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 4 4 Wireless Layer 2 firewall The system provides an additional security feature Layer2 Firewall in addition to standard wireless security Layer2 Firewall offers a firewall function that is tailored specifically for Layer2 traffics providing another choice of shield against possible security threats coming from going to WLAN AP interfaces hence besides firewall policies configured in Policies
22. HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 6 3 4 QoS Profile For certain applications or users that need stable bandwidth or traffic priority Policy 1 to 5 allows defining the QoS profile for the users governed by this Policy Policy 1 Traffic Configuration Traffic Class Best Effort Total Downlink Unlimited Individual Maximum Downlink Unlimited Individual Request Downlink None Total Uplink Unlimited Individual Maximum Uplink Unlimited Individual Request Uplink None gt Traffic Class A Traffic Class can be chosen for a Group of users There are four traffic classes Voice Video Best Effort and Background Voice and Video traffic will be placed in the high priority queue When Best Effort or Background is selected more bandwidth management options such as Downlink and Uplink Bandwidth will appear gt Total Downlink Defines the maximum bandwidth allowed to be shared by clients gt Individual Maximum Downlink Defines the maximum downlink bandwidth allowed for an individual client The Individual Maximum Downlink cannot exceed the value of Total Downlink gt Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual client The Individual Request Downlink cannot exceed the value of Total Downlink and Individual Maximum Downlink gt Total Uplink Defines the maximum uplink bandwidth allowed to be shared by clients gt Individual Maximum Upl
23. HSG200 to your outbound network device Connect one end of the Ethernet cable to the WAN port of HSG200 on the front panel Depending on the type of internet service provided by your ISP connect the other end of the cable to the ATU Router of an ADSL a cable modem a switch or a hub The WAN LED indicator should be ON to indicate a proper connection Connect HSG200 to your network device Connect one end of the Ethernet cable to the LAN1 port of HSG200 on the front panel Connect the other end of the cable to a PC for configuring the system The LAN1 LED indicator should be ON to indicate a proper connection Note HSG200 has two virtual zones Private and Public which are mapped to LAN1 192 168 1 254 and LAN2 192 168 11 254 respectively Now the hardware installation is completed Caution Please only use the power adapter supplied with the HSG200 package Using a different power adapter may damage this system e 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Caution To double verify the wired connection between HSG200 and your switch router hub please check the LED status indication of these network devices 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 2 6 Access Web Management I nterface HSG200 supports Web Management Interface WMI configuration Upon the completion of hardware installation HSG200 can be configured via web browsers with JavaScript enabled such as Internet Explor
24. IP Settings tab and click Add below the Default gateways column and the TCP IP Gateway Address window will appear 5 4 Enter the gateway address of HSG200 in the Gateway field and then click Add After back to the IP Settings tab click OK to finish the configuration 134 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Internet Protocol TCP IP Properties p General You can get IP settings assigned automatically if your network supporta this capability Otherwise you need to ask your network administrator for the appropriate IP settings Subnet mask Default gateway Preferred UNS server Alternate DONS server Advanced TCP IP Settings IP Settings DNS WINS Options IF addresses IF address DHCP Enabled Subnet mask Default gateways Gateway Metric Automatic metric TCP IP Gateway Address Gateway Automatic metric HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Appendix B Policy Priority Global Policy Authentication Policy and User Policy HSG200 supports multiple Policies including one Global Policy and 5 individual Policy can be assign to different Authentication Server Global Policy is the system s universal policy and applied to all clients while other individual Policy can be selected and defined to be applied to any Authentication Server For
25. M Beacon Interval 100 25 500ms RTS Threshold 2346 1 2346 Advanced Fragment Threshold 2346 256 2346 Station Isolation Enable Disable WMM Enable 9 Disable gt Wireless Settings VAP1 Wireless Settings Private Zone o Basic Enable the VAP Status if you wish to provide wireless service under this zone Assign an ESSID for VAP1 under Private Zone or use default HSG200 1 the ESSID of Private Zone will not be broadcasted and internal staff will need to associate to Private Zone s VAP1 manually o Security Configure the wireless network under Private Zone with security encryption to prevent unauthorized wireless association if necessary The encryption standards supported are WEP and WPA PSK o Advanced The parameters in advanced are wireless settings that allow customization of data transmission enhanced security and wireless roaming Beacon Interval The entered amount of time indicates how often the beacon signal will be sent from the VAP RTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the frame to prevent the hidden node problem The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with EAP200 or in areas where the clients are far apart and can detect only EAP200 but not e
26. Microsoft Internet Explorer Fie Edt View Favorites Tools Help Q Back 7 5 2 ri Al Als Search Favorites Media i amp Tz Address amp https 10 2 3 213 statusfondemand history 2005 02 17 Date System Name Type Name IP MAT Packets In Bytes In Packets Out Bytes OutExplret ime Valid 2005 02 17 16 44 19 0800 QA WI300 Casper 213 Create OD User N7EU 0 0 0 0 200 00 00 00 00 00 0 n 0 2005 02 17 16 44 57 0800 QA WI300 Caspar 213 OD User Login N7E3 192 168 30 189 00 0c F1 28 BF pa U 0 0 2005 02 17 16 45 22 0800 QA W1300 Casper 213 OD User Logout NTEY 192 168 30 189 00 0C F1 28 BF D8 32 14499 30 86 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 4 SNMP Configure SNMP go to System gt gt General HSG200 supports SNMP v1 v2c If this function is enabled the SNMP Management IP and the Community string can be assigned for SNMP access to the system General Settings for the Entire System Wireless Hotspot Gateway T E Use the name on the security certificate Internal Domain Name ji ns us 2 FQDN of this device for internal use e g controller office name com amp Enable Disable Portal URL http www google com e g http www google com User Log Access IP Address e g 192 168 2 1 Management IP Address List Setup Management IP Address List Enable Disable SNMP Manager IP Address Community 87 H
27. OK This iS also the defau It your network administrator Far an address and then type it in the space below setting of Windows Then reboot the PC to make sure an IP address is obtained from HSG200 IP address Subnet kask Cancel 4 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of HSG200 Caution If your PC has been set up completely please inform the network administrator before proceeding to the following steps 4 1 Click on the IP Address tab and choose i Bindings Advanced NetBIOS l Specify an I P address Enter the IP DNS Configuration Gateway WINS Configuration IP Address Address Subnet Mask and then click An IP address can be automatically assigned to this computer If pour network does not automaticaly assign IP addresses ask OK your network administrator for an address and then type it in the space below 128 4ipnet 4 2 Click on the Gateway tab Enter the gateway address of HSG200 in the New gateway field and click Add Then click OK 4 3 Click on DNS Configuration tab If the DNS Server field is empty select Enable DNS and enter DNS Server address Click Add and then click OK to complete the configuration Check the TCP IP Setup of Window 2000 1 Select Start gt gt
28. Profile QoS profile defines the traffic class for the users governed by this Policy Maximum Concurrent Sessions Set the maximum concurrent sessions for each client belonging to this group 58 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 6 3 1 Firewall Firewall Profile Click Setting for Firewall Profile The Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click Firewall Rules to edit the rules Policy 1 Firewall Configuration Predefined and Custom Service Protocols Firewall Rules 1 Predefined Protocols Predefined and Custom Service Protocols There are predefined service protocols available for firewall rules editing Policy 1 Service Protocols List No Name Description Select All 1 ALL ALL P ALL TCP TCP Source Port 0765535 Destination Port 07655535 3 ALL UDP UDP Source Port 0765535 Destination Port 0765535 4 ALL ICMP ICMP Type Any Code Any 5 FIP TCP UDP Destination Port 20 21 6 HTTP TCP UDP Destination Port 80 i HTTPS TCP UDP Destination Port 445 8 POP3 TCP Destination Port 110 9 SMTP TCP Destination Port 25 10 DHCP UDP Destination Port 67 68 Add Delete Total 27 First Prev Next Last The administrator is able to add new custom service protocols by clicking Add and delete the added protocols individually or with Select All followed by Delete operation Caution The Predefined
29. Security code located on the back of your credit card 162 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH gt SecurePay Page Configuration Merchant ID The ID that is associated with the Merchant Account Merchant Password This is the key used by Secure Pay to validate all the transactions Payment Gateway URL The default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Secure Pay Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here Choose Billing Plan for SecurePay Payment Page These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled SecurePay Payment Page Remark Content The message content will be displayed as a special notice to end customers 163 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet 4 Payments via World Pay Configure Payments via WorldPay go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt WorldPay WorldPayPaymentConfiguration Physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us Enable Disable 15 min s co
30. Service Protocols can not be deleted Click Add to add a custom service protocol The Protocol Type can be defined from a list of service by protocols TCP UDP ICMP IP and then define the Source Port range and Destination Port range click Apply to save this protocol 59 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Add Service Protocol Name Protocol Type TCP Source Port 1 65535 Destination Port 1 65535 Apply If the Protocol Type is I CMP it will need to define Type and Code Add Service Protocol Name Protocol Type ICMP Type Code If the Protocol Type is IP it will need to define Protocol Number Add Service Protocol Name Protocol Type IP Protocol Number GE 2 Firewall Rules After the custom protocol is defined or just use the Predefined Service Protocols you will need to enable the Firewall Rule to apply these protocols o Firewall Rules Click the number of filter Rule No to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active checkbox and click Apply to enable that rule Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced It can be set to Always Recurring or One Time 60 No s Active 4
31. U S Robotics Inc Description not yet defined USR AT Call Input Filter US Robotics Inc Description nat yet defined LUSR AT Call Output Filter U S Robotics Inc Description nat yet defined USR AT Input Filter U S Robotics Inc Description not yet defined USA AT Output Filter U S Robotics Inc Description not yet defined L SR A amp T RTMP Input Filter U S Robotics Inc Description nat yet defined USA 4T ATMP Output Filter U S Robotics Inc Description nat yet defined LISR AT zip Input Filter U S Robotics Inc Description not yet defined gl 4 k 139 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Step 4 Add a new attribute under Vendor specific Set Vendor Code 21920 Check Yes to conform to the RADIUS RFC Click Configure Attribute to proceed Set Vendor assigned attribute number 10 Select Attribute format Hexadecimal Set Attribute Value 1000000 Fhdtiv alima A rem te m I va Move Ln Host tae ue ron pacte ae cere TETTE Ba OP mayo Ha dari used Eg he ning anc ure m Step 5 Confirm whether the Vendor specific Attribute has been added successfully 140 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Tx edit Dial in Profile Attribute name Dian Constants IP Muitiink Fades Authentication Encypton Advanced Abate runber Specily additional connection aliibutes to be returned to the Remot
32. Undo Delete Properties Vivi Address 32 Control Panel 1 fal x Accessibilty AddNew Add Remove Date Time Options Hardware Programs 5 3 amp Display Fonts Game Internet Controllers Options Control Panel Network Configures network e c hardware and software m v Multimedia Keyboard Modems Mouse Microsoft Home Technical Support 5 A y ODBCData Passwords Power Sources 32bit Management Ca Gin et mal x Configures network hardware and sol o My Computer Hetwork Ei Ea Configuration Identification Access Control The following network components are installed Client For Microsoft Hetworks zl x ama PCHET Family Ethernet Adapter PCI ISA AMO PONET Family Ethernet Adapter PCI 15 4 B D Adapter Remove Properties Frima Hetwork Logon Client for Microsoft IH etevork x m Eile and Print Sharing Description TCP IP iz the protocol you use ta connect to the Internet and wide area networks OF Cancel 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 3 Using DHCP If you want to use DHCP l Bindings Advanced NetBIOS click on the l P Address tab and choose ONS Configuration Gateway WINS Configuration F Address Obtain an l P add ress automatically An IP address can be automatically assigned to this computer IF Your niebevork does not automatically assign IP addresses ask and th en cl ick
33. applied Indicates that clicking this button will save the changes you made but you must reboot the system upon the completion of all configuration settings for the changes to take effect The red asterisk indicates that information in this field is compulsory 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 1 3 Package Checklist The standard package of HSG200 includes HSG200 x 1 CD ROM with User s Manual and QIG x 1 Quick Installation Guide QIG x 1 Console Cable x 1 Ethernet Cable x 1 Power Adapter DC 12V x 1 Rubber Antenna x 2 Mounting Kit x 1 Ground Cable x 1 Caution It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 2 System Overview and Getting Started 2 1 Introduction of HSG200 The HSG200 is the most economical and feature rich Wireless Hotspot Gateway targeting mini size stores that want to provide small single point wireless Internet access service HSG200 is a perfect choice for beginners to run hotspot businesses It does not cost much compared to buying a pile of equipments nor does it take the skills of an expert to glue multiple applications out of multiple freeware Feature packed for hotspot operation HSG200 comes with built in 802 11 n b g MIMO access point web server and
34. are already Groups and assigned users belonging to these Groups in RADIUS Server Step 2 Log in the Linux host of the RADIUS server r L Li Li wivianalinux login as vivian vivianBhig0 2 3 217 s password Last login Thu Oct 30 13 53 37 2008 from 10 22 2 97 vivian linus Step 3 142 ual E m fi s Ma HSG200 Wireless Hotspot Gateway ENGLISH n Create a file dictionary HSG200 under the freeradius folder vivian linux vi usr sh freeradius dictionary Step 4 Edit and save the contents of the file dictionary HSG200 as follows Byte mount intercdgqer Administrator can also add other attributes as the table stated in Section 2 with the same format VENDOR H H Standard attribute H ATTEIBUTE Byte imount intercmer ATTEIBUTE HaxByteIn interger ATTRIBUTE HaxByteIn 2 interger ATTRIBUTE Byte A mount 4GB intercder ATTEIBUTE HaxByteln 4GcB 2 interyer ATTRIBUTE HaxByteln 4GcB EE interger Step 5 Edit the file dictionary under the folder freeradius vivianMlinux vi usr share freeradius dictionary 143 User s Manual Wireless Hotspot Gateway ENGLISH Step 6 To include dictionary HSG200 in the dictionary of RADIUS server insert it in an incremental position as follows INCLUDE dictionary ascend INCLUDE dictionary bay S INCLUDE dictionary binterc INCLUDE dictionary cable
35. be created by clicking Create button Please go back to Billing Plans to activate at least one Billing plan by clicking Edit button and Apply the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer On demand Account Creation Plan Account Type Quota 1 Usage time 15 min s connection time quota with expiration 2 Usage time 11 min s connection time quota 1 3 Hotel Cut off time Valid until 12 00 the following day 53 4 Duration time Valid from 2010 07 14 12 00 00 til 2010 07 14 23 59 00 1 5 N A N A N A 6 N A N A N A i N A N A N A 8 N A N A N A 9 N A N A N A N A N A 0 N A Plan The number of a specific plan Price Status 10 91 Enabled Enabled Enabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Function Create Create Create Create Account Type Show account type of the plan in Usage time Duration time or Hotel Cut off e Quota The total time amount or period on how On demand users are allowed to access the 46 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual network For Time users it is the total time For Volume users it is the total amount of traffic e Price For each plan this is the unit price charged for an account e Status Show the status in enabled or disabled e Function Press Create button for the des
36. enabled by default so clients are required to get authenticated successfully before surfing the Internet The Zone and Port mappings are shown below LAN1 and LAN2 maps to Private Zone and Public Zone respectively Public Zone Private Zone Note System s WMI can also be accesses via WAN port as long as the administrator uses an IP address listed in Management IP Address List setting If both WAN and LAN ports are unable to reach WMI please use console interface to resolve this issue 18 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 3 5 2 Planning Your I nternet Network HSG200 supports two zones Private and Public In the Private Zone authentication is not required to access the internet via wired and wireless In Public Zone by default Authentication Required is enabled so clients are required to get authenticated successfully before surfing the Internet Administrator can access the Web Management Interface WMI of HSG200 through the wired LAN port Waiters or waitresses can send orders back to the electrical menu system via wireless hand set devices 4 ADSL Cable Modem Internet Metwrk Printer 7 Owner s office e f 19 4ipnet 3 5 3 Configure Zone Network User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Configure Zone network go to System gt gt Zone Configuration Click the button Configure of Private zone for further configuration The parameter desc
37. not allow to login to system Also on demand accounts cannot be created 84 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 10 2 Management IP Configure Management IP go to System gt gt General General Settings for the Entire System System Name Wireless Hotspot Gateway T 7 Use the name on the security certificate Internal Domain Name ty i FQDN of this device for internal use e g controller office name com amp Enable Disable Portal URL http www google com e g http www google com User Log Access IP Address e g 192 168 2 1 Management IP Address List Setup Management IP Address List SNMP Enable Disable Only PCs within the Management IP range on the list are allowed to access the system s web management interface For example 10 2 3 0 24 means that as long as an administrator is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10 0 0 3 he or she can access the web management page Management IP Address List No IP Address Segment No IP Address Segment 1 0 0 0 0 0 0 0 0 2 3 We 4 7 8 9 o 10 11 he a aIo 12 13 _ lt _____ 14 A 15 cm 16 Loo 17 18 19 a 20 lo o d The default value is 0 0 0 0 0 0 0 0 It means that the WMI can be accesse
38. of the advertisement website e Topic Enter the content of the hyperlink for instance if you enter Google in this field on the user login page a hyperlink Google will be displayed e Description Any additional message for administrator s reference Display Choose Display to display advertisement hyperlinks on the login pages 77 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 8 2 After User Login 8 2 1 Portal URL after successful login Configure Portal URL after a successful user login go to System gt gt General When this function is enabled enter the URL of a Web server as the Portal page Once logged in successfully users will be directed to this URL such as http www google com regardless of the original homepage set in their browsers General Settings for the Entire System Wireless Hotspot Gateway 7 Use the name on the security certificate Internal Domain Name FQDN of this device for internal use e g controller office name com amp Enable Disable Portal URL http www google com e g http www google com User Log Access IP Address e g 192 168 2 1 When this function is disabled after users logged in successfully users will be directed to the original homepage set in their browsers 78 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 8 2 2 Idle Timer Configure Idle Timer go to Users gt gt Additional Control If a user has idle
39. some authentication such as Local and RADIUS user can be assigned to different Policy individually So one user may be applied different policy at the same time Which policy is actually applied to this user The Policy Priority are enforced as follows User Policy gt gt Authentication Policy gt gt Global Policy Now let us discus different user policy type gt For Local and RADIUS the users can be assigned to different Policy individually For example a Local user userO 1 is assigned to Policy1 and the Local Authentication is assigned to Policy2 Then userO1 login to Public Zone will get Policy1 This is a common case for users that can assign Policy individually gt For Local and RADIUS if these users are not assigned any User Policy individually they will be the same as other users within the same authentication server For example a Local user userO1 the Local Authentication is assigned to Policy3 Then userO1 login to Public Zone will get Policy3 This is another common case for users that is assigned Policy by the authentication server gt If User is not assigned a Policy individually and the authentication server is also not assigned a Policy then the users will be applied the Global Policy For example a Local user userQ1 is assigned to None Policy and the Local Authentication is also assigned to None Policy in User list Then userO1 logging to Public Zone will be applied with the Global Policy As a conclusion
40. the Global Policy has the lowest policy priority on the other hand the User Policy has the highest one 135 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Appendix C WDS Management The Public Zone of HSG200 supports up to 2 WDS links WDS Wireless Distribution System is a function used to connect APs Access Points wirelessly to extend wireless coverage The WDS management function of the system can help administrators to setup two WDS links Configure WDS go to System gt gt Zone Configuration click Configure in Public zone General X WAN Configuration X WAN Traffic Y Zone Configuration Zone Settings Name ESSID Wireless Security Default Authen Option Details Private HSG200 1 None N A Configure Public HSG200 2 None On demand User Configure WDS Wireless Distribution System is a function used to connect APs Access Points wirelessly The WDS management function of the system can help administrators to setup two WDS links WDS1 Settings Public WDS Status 2 Enable Disable MAC Address of Remote AP Security Type Mone m WDS Settings Public WDS Status 2 Enable 9 Disable MAC Address of Remote AP Security Type None m e WDS Status Select Enable to active this WDS link MAC Address of Remote AP Enter the MAC of the remote AP that create WDS link with HSG200 e Security Type m WEP WEP Key Length may be 64 bits 128 bits or 152 bits and WEP Key
41. the clock time when the account will expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 1 Account Type Counting Method Elapsed Time Begin and end Time 9 Cut off Time Begin Time Upon Account Creation Cut off Time HH MM range 00 00 23 59 4 i Price Range O 100000 including two digits after decimal point e g 1 33 TIP When the Account Type is Duration time three Counting Methods may be used to decide when the account expires 1 Elapsed Time specifies the time duration from account creation far which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Date Time specifies that the account is valid between the two time points i NEL 153 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Duration time Cut off Time account lifespan exapmle showing Cut off on 23 00 Cut off Time Creation Time CT Deletion Time DT L1 Invalid Valid o Duration time with Begin and End Time Define explicitly the Begin Time and End Time of the account Count down begins immediately after account activation and expires when the End Time has been reached Ideal for providing internet service through
42. the system to activate this Click to restart 75 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 8 1 3 Walled Garden Configure Walled Garden go to Network gt gt Walled Garden This function provides certain free services for users to access the websites listed here before login and authentication Up to 20 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the website I P Address or Domain Name in the list and click Apply to save the settings Walled Garden List No Domain Name IP Address No Domain Name IP Address 1 i 2 i 3 4 a 6 Fi 8 g 10 11 j 12 13 14 15 16 17 j 18 19 20 76 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 8 1 4 Walled Garden AD List Configure Walled Garden AD List go to Network gt gt Walled Garden AD List This function provides advertisement links to web pages for users to access free of charge before login and authentication Advertisement hyperlinks are displayed on the user s login page Clients who click on it will be redirected to the listed advertisement websites Walled Garden Ad List Item URL Topic Description Display t HL m AeA TAMA PIm rP 10 e Enter all items or make changes click Apply the items will be added and shown in the list URL Enter the URL
43. to return to the login screen 89 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 6 Change Password Configure Change Password go to Utilities gt gt Password Change There are three levels of authorities admin manager or operator The default usernames and passwords are as follows Admin The administrator can access all configuration pages of HSG200 User Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user accounts User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator The administrator can change the passwords here Click Apply to activate this new password Note Only login with admin can change password 90 User s Manua HSG200 Wireless Hotspot Gateway ENGLISH Caution If the administrator s password is lost the administrator s password still can be changed through the text mode management interface via the serial console port 91 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 10 7 Backup Restore and Reset to Factory Configure Backup Restore and Reset to Factory Default go to Utilities gt gt Backup amp Restore This function is used to backup restore the
44. web pages for clients to login easy logo loading for branding a hotspot store simple user visitor account management tool payment plans multiple credit card gateways traffic logs IP sharing and etc HSG200 also brings in an extra advantage the wall mountable dust proof IP50 metal housing 2 2 System Concept HSG200 is capable of managing user authentication authorization and accounting The user account information is stored in the local database or a specified external RADIUS database server Featured with user authentication and integrated with external payment gateway HSG200 allows users to easily pay the fee and enjoy the Internet service using credit cards through a variety of payment gateways including Authorize Net PayPal SecurePay and WorldPay Furthermore HSG200 introduces the concept of Zones Private Zone and Public Zone each with its own definable access control profiles Private Zone means clients are not required to be authenticated before using the network service On the other hand clients in Public Zone are required to get authentication before using the network service This is very useful for hotspot owners seeking to deploy wireless network service for clients and manage the network as well The following diagram is an example of HSG200 set to manage the Internet and network access services at a hotspot venue 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH ADSL Cable Modem Inte
45. will be a Certificate Error because the browser treats HSG200 as an illegal website Please press Continue to this website to continue Caution If you can t get the login screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address and the default gateway are not under the same network segment Please set your PC with a static IP address such as 192 168 1 xx in your network and then try it again For the configuration on PC please refer to Appendix A Network Configuration on PC 11 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 3 Combine HSG200 to the Network 3 1 Network Requirement In the general network environment the main role of HSG200 is a gateway that manages all the network access from internal network to Internet Thus the first step is to prepare an Internet connection from your ISP Internet Service Provider and connect it to the WAN port of HSG200 3 2 Configure WAN Port There are 3 connection types for the WAN Port Static Dynamic and PPPoE These connection types are enough to support most ISP Now let us discuss how to configure WAN port Go to System gt gt WAN Configuration General YWAN Configuration WAN Traffic Y Zone Configuration WAN Configuration static Use the following IP settings WAN 9 Dynamic IP settings assigned automatically PPPoE The parameters re
46. 00 gg 00 00 00 00 00 p ae I s21 2 2s 21 Zl ls 18 18 18 OT OT OT OT 05 OT dz d2 dz E 21 SEIS D21 cas 21 21 e Od Od Od Od Od Od Od Od IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE e Process name Indicate the event generated by the running instance Description Description of this event 115 802 802 802 802 802 802 802 802 802 802 802 802 802 802 802 802 802 11 11 11 11 11 11 11 11 11 LI 11 11 11 11 L1ls 11 11 associated associated associated associated associated associated associated associated associated associated associated associated associated associated associated gt Ilil 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 12 Advanced Applications 12 1 Upload Download Local Users Accounts To Upload Download Local Users Accounts go to Users gt gt Authentication click Configure button of Local Or click Quick Links gt gt Local User Management from system Home page Upload User Click Upload User to enter the Upload User from File interface Click the Browse button to select the text file for uploading user accounts then click Upload to complete the upload process Account Roaming Out 802 1X Authentication Local User Database Settings Lacal User List
47. 07 Aug 26 10 49 08 Aug 26 10 49 10 Aug 26 10 49 16 41 43 Aug Aug Aug In the log normally each line represents an event record which includes these fields NAM NAM NAM NAM NAM NAM HAM NAM NAM NAM NAM NAM NAM NAM NAM NAM NAM daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon info info info info info info info info info info info info info info info info info hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd Event Log athOapO STA OO athOapO STA 00 athOapO STA OO athOapO STA 00 athOapoO STA OO athOapo STA 00 ath ap1 STA QOO athOapl1 STA 00 athOapl STA O00 athOapoO STA 00 athOapO STA 00 athOapO STA 00 athOapoO STA 00 athOapO STA 00 athOapoO STA OO athOapoO STA 00 STA 00 athOapo lf lt LES lf lt lf 24 22 724 lf lf lf lf lt lt lt lf d4 d4 d4 d4 d4 d4 Jci 2202 Piet d4 d4 d4 d4 d4 d4 d4 d4 e Date Time The time amp date when the event happened Hostname Indicate which host records this event Note that all events in this page are local event so the hostname in this field are all the same gg 00 00 00 00 ga a7 a7 a7 00
48. Account expires only when quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeem Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information 147 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Editing Billing Plan Plan 3 Account Type Usage time Expiration Time with Expiration Time No Expiration Time day s hris l mints Quota Range of day s 0 364 Range of hour z 0 23 Range of mints 0 39 they cannot all be zero J First time login must be done within I5 day s le Account Activation pours Range of haur z O 23 they cannot both be zero b o Jn Price Range 0 100000 induding two digits after decimal point eg 1 99 7 Group Reference TIP If the Account Type is Usage Time Customer can access internet as long as the account is valid with remaining quota connection time and within the valid period Customer alse needs to activate the issued account within a given time period by logging in
49. Adding User s to the List interface Fill in the necessary information such as Username Password MAC Address and Remark Select a desired Policy to classify local users Click Apply to complete adding the user s MAC address of a networking device can be bound with a local user as well It means this user must login to system with a networking device PC that has the corresponding MAC address so this user can not login with other networking devices 38 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Adding User s to the List MAC Address No Username Password XX XX XX XX XX XX Policy Remark EL ae d None 2 None v 5 f 1 e L None EL LJ ccl None v i io ooo 11 Ea Se Search Enter a keyword of a username or remark to be searched in the text filed and click this button to perform the search All usernames matching the keyword will be listed _ Add User Upload User Download User Local User List Username Password MAC Address Applied Policy Remark userl useri Folicy4 Delete Total 1 500 First Prev Next Last Del All Click on this button to delete all the users at once or click on Delete hyperlink to delete a specific user individually 39 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH e Edit User If editing the content of individual user account is neede
50. Address List to permit the administrator to access the HSG200 admin page after the default IP address of the network interface is changed o Preferred DNS Server The primary DNS server that is used by this Zone o Alternate DNS Server The substitute DNS server that is used by this Zone 20 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual o Domain Name Enter the domain name for this zone o WINS Server The IP address of the WINS Windows Internet Naming Service server if WINS server is applicable to this zone o Lease Time This is the time period that the IP addresses issued from the DHCP server are valid and available o Reserved IP Address List Each zone can reserve up to 40 IP addresses from predefined DHCP range to prevent the system from issuing these IP addresses to downstream clients The administrator can reserve a specific IP address for a special device with certain MAC address 21 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 4 Let Your Network to Be a Wireless Network 4 1 System Wireless General Settings Configure System s Wireless General Settings go to System gt gt Zone Configuration Wireless General Settings 802 119 802 11n Short Preamble 9 Enable Disable Short Guard Interval Enable Disable Channel Width 20 MHz Channel Max Transmit Rate Transmit Power DTIM Period ACK Timeout Wireless General Settings Band
51. D5 or Login but which method to be used can not be configured Notification E mail Settings 2 Session Receiver E mail Address es Monitor IP Report User Log On demand User Log Log Interval 1 Hour M 1 Hour M 1 Hour M 1 Hour M SMTP Setting Test Send Send Send Send Sender E mail Address SMTP Server SMTP Auth Method None X 111 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 11 2 2 SYSLOG SYSLOG Server Settings There are 4 types of SYSLOG supported System Log On demand User Log Session Log and HTTP Web Log Enter the IP address and Port number to specify the SYSLOG server where the report should be sent to Except for System Log each supported log may be assigned Tag info as well as SYSLOG standard attributes Severity and Facility to meet the filtering requirements on the SYSLOG Server HTTP Web Log can further select which Service Zone Web interface information to log For each type of log information whenever an incident occurs and data is updated the updated log will be immediately sent to the configured SYSLOG server SYSLOG Server Settings SYSLOG Server 1 IP Address Port SYSLOG Destinations SYSLOG Server 2 IP Address Port System Log Enabled Disabled Enabled Disabled Tag Severity Emergency X On demand User Log Facility local0 Enabled 9 Disabled Tag Severity Emergency Session Log Facility localO gt Enabled Disabled Tag Severity Emerg
52. Format can be ASCII or HEX Lastly enter the WEP Key WPA PSK Select the preferred ciphering method TKIP or AES and enter the PSK Pass phrase 136 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Appendix D RADIUS Accounting This section will briefly introduce the basic configuration of RADIUS server to work with VSA for the purpose to control the maximum client volume usage upload download or upload download traffic This VSA will be sent from RADIUS server to gateway along with an Access Accept packet In other words when the external RADIUS server accepts the request it will reply not only an Access Accept but also a maximum value in bytes each user is allowed to transfer This value can be the maximum upload traffic the maximum download traffic or the sum of the download and upload traffics in bytes per user Gateway will check this value every minute if the user traffics reach this value gateway will stop the session of this user and send a Stop to RADIUS Server 1 Description VSA is designed to allow vendors to support their own extended Attributes not covered in common attributes It MUST not affect the operation of the RADIUS protocol The Attribute Type of VSA is 26 and the Vendor I D should be determined before proceeding to RADIUS configuration in this example the Vendor ID is 21920 Attribute Number and Attribute Value can then be designed to provide additional contr
53. General MAC Address 00 1F D4 00 51 55 Band ling Channel Transmit Power 1 General Mode NAT MAC Address 00 1F D4 00 51 54 IP Address Subnet Mask 192 168 1 254 255 255 255 0 DHCP Server Status Enabled WINS IP Address Start IP Address N A End IP Address 192 168 1 1 192 168 1 100 1440 Min s 00 1F D4 00 51 55 Security Type W1110 Private Associated Clients General Mode MAC Address NAT 00 1F D4 00 51 54 IP Address 192 168 11 254 Subnet Mask 255 255 255 0 DHCP Server Status Enabled WINS IP Address Start IP Address N A 192 168 11 1 End IP Address 192 168 11 100 Lease Time 1440 Min s BSSID 06 1F D4 00 51 55 ESSID Security Type W1110 2 None Associated Clients 103 0 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual The description of the above mentioned table is as follows Satna ask he Subnet mesk orne WAN perk The total accumulated packets in out through this WAN port since Packets Out In the gateway boots up The delta shows the difference between the numbers from last time this Interface Status page is visited The total accumulated bytes in out through this WAN port since the Bytes Out In gateway boots up The delta shows the difference between the numbers from last time this Interface Sta
54. HSG200 settings Also HSG200 can be restored to the factory default settings here Backup System Settings Restore System Settings File Name Po Bras Reset to the Factory Default Backup System Settings Click Backup to create a db database backup file and save it on disk File Download L E Do unu want to open or save this file 4 Mame 20050303 db Type Data Base File From 10 2 3 70 con swe ee vw Always ask before opening this type of file X harm your computer IF vau da nat trust the source da nat open or 9 While files fram the Internet can be useful some files can potentially save this file what s the risk Restore System Settings Click Browse to search for a db database backup file created by HSG200 and click Restore to restore to the same settings at the time when the backup file was saved Reset to Factory Default Click Reset to load the factory default settings of HSG200 92 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 10 8 Firmware Upgrade Configure Firmware Upgrade go to Utilities gt gt System Upgrade The administrator can download the latest firmware from website and upgrade the system here Select the latest firmware with Browse button then click Apply the system will upload the file and restart to perform the upgrade process It might take a few minutes before the upgrade process completes and the new firmware s WMI interfa
55. Host domain name to see if it is alive or not 95 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 10 10 3 Trace Route It allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name 10 10 4 Show ARP Table It allows administrator to view the IP to Physical address translation tables used by address resolution protocol ARP 96 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 11 Monitor IP Link Configure Monitor IP Link go to Network gt gt Monitor IP HSG200 will send out a packet periodically to monitor the connection status of the I P addresses on the list On each monitored item with a WEB server running administrators may add a link for the easy access by entering the IP select the Protocol to http or https and then click Create After clicking Create button the IP address will become a hyperlink and administrators can easily access the host by clicking the hyperlink remotely Click the Delete button to remove the hyperlink if desired Monitor IP List e ome EJ http D mE mE mE fe te 97 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 10 12 Console I nterface Via the console port administrators can enter the console interface for handling problems and situations occurred during operation l In order to connect to the console port of HSG200 a console modem ca
56. P code represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits o Country The country is associated with both the billing and shipping address of a transaction This may be entered as either an abbreviation or full name o Phone A phone number is associated with both a billing and shipping address of a transaction Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number o Fax A fax number may be associated with the billing information of a transaction This number may be entered as all number or contain parentheses and dashes to separate the area code and number Authorizie Net Payment Page Remark Content Enter additional details for the transaction such as Tax Freight and Duty Amounts Tax Exempt status and a Purchase Order Number if applicable 159 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 2 Payments via PayPal Configure Payments via PayPal go to User gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt PayPal Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account After opening a PayPal Business Account the hotspot owners should find the Identity Token of this PayPal account to continu
57. SG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 5 Three Level Administration HSG200 supports three kinds of account interface You can log in as admin manager or operator The default usernames and passwords show as follows Admin The administrator can access all configuration pages of HSG200 Username admin Password admin Username Password Login After a successful login to HSG200 a web management interface with a Home manual will appear OLogout Help Setup Wizard Quick Links System Overview 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Manager The manager can only access the configuration pages under User Authentication to manage the user accounts User Name manager Password manager Authentication Settings Auth Database Auhsenertame postie Pay Mati Conus locn vons TE Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator 1 Usage time 15 min s connection time quota with expiration 10 91 Create 11 min s connection time quota 1 enabled eate Valid until 12 00 the following day eate Duration time Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 ES Enabled Create Note To logout simply click the Logout icon on the upper right corner of the interface
58. Server e ieu 1812 etbefaut 1813 h 9 Enable Disable Secondary RADIUS Server as Marne IP Address 9 Enable Disable gt External RADIUS Related Settings 802 1X Authentication Enable Disable 802 1X authentications for users authenticating through this Server Username Format Select the format which the user login information is sent to the external RADIUS Server You may choose to send username in Complete userlD Postfix Only ID or Leave Unmodified Please note that if Leave Unmodified option is selected the system will send the username to Default Auth Server set in 802 1X configuration page for authentication NAS Identifier This attribute is the string identifying the NAS originating the access request System will send this value to the external RADIUS server if the external RADIUS server 41 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual needs this NAS Port Type Indicates the type of physical port the network access server is using to authenticate the user System will send this value to the external RADIUS server if the external RADIUS server needs this Class Policy Mapping This function is to assign a Policy to a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attributes logs into the system via the RADIUS server each client will be mapped to an assigned Policy RADIUS Policy Mapping Server 2
59. There are 4 modes to select 802 11b 2 4G 1 11Mbps 802 11g 2 4G 54Mbps 802 11b g and 802 11g n Short Preamble The length of the CRC Cyclic Redundancy Check block for communication between the Access Point and roaming wireless adapters Select Enable for Short Preamble or Disable for Long Preamble Short Guard Interval 802 11g n only The guard interval is the space between symbols characters being transmitted to eliminate inter symbol interference With 802 11n short guard interval is half of what it is used to be to increase throughput Select Enable to use Short Guard Interval or Disable to use normal Guard Interval Channel Width 802 11g n only For 802 11n double channel bandwidth to 40 MHZ is supported to enhance throughput Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North American and Channel 1 13 in Europe or choose the default Auto Max Transmit Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of the wireless network Select from a range of transmission speed or keep the default setting Auto to make the Access Point automatically use the fastest rate possible Transmit Power Select from the range or keep the default setting or to make the Access 22 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manu
60. User Log Each line is a on demand user log record consisting of 14 fields Date System Name Type 107 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Name IP MAC Pkts In Bytes In Pkts Out Bytes Out Activation Time 1st Login Expiration Time and Remark of on demand user activities Roaming Out User Log Each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASI P NASPort UserMAC Sessioni D SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities e Roaming In User Log Each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASI P NASPort UserMAC Userl P Sessionl D SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities 108 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 11 1 6 Local User Monthly Network View Local User Monthly Network Usage go to Status gt gt User Log e Monthly Network Usage of Local User The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months Each line in a monthly network usage of local user record consists of 6 fields Username Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of user activities o Username Username of the local user account o Connection Time Usage The total time used by the user o Pkts In Pkts Ou
61. When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the I P Address and Port of Translated to Destination Select TCP or UDP for the service s type These settings will become effective immediately after clicking Apply Port and IP Redirect Translated to Destination Type IP Address TCP UDP TCP UDP TCP UDP 83 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 10 System Management and Utilities 10 1 System Time Configure System Time go to System gt gt General NTP Network Time Protocol communication protocol can be used to synchronize the system time with remote time server Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically Universal Time is Greenwich Mean Time GMT Manually set up is another option to setup system time if you choose to setup system time manually please enter the Year Month Day the current time and click Apply to activate the changes System Time 2010 06 17 10 41 24 Time Zone GMT 08 00 Taipei i MTP Server 1 tock usno navy mil e g tock usno navy mil NTP Server 2 tock stdtime gov tw Manually set up Note When system can not sync the time with NTP server all clients will
62. ach other 24 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Fragment Threshold Enter a value between 256 and 2346 The default is 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference Station Isolation By enabling this function all stations wirelessly associated to this zone are isolated from each other and can only communicate with the system WMM The default is Disable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access categories voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only Normally we use VAP2 the VAP under Public Zone to provide wireless service to public clients in a hotspot environment To configure Public Zone s Wireless Settings go to System gt gt Zone Configuration click Configure of Public zone Wi
63. ack list will be denied of network access The administrator can use the pull down menu to select the desired black list Black List Settings Select Black List i Blacklist1 v Name Blacklist Username Remark Total 0 First Prev Next Last Select Black List There are 5 black list profiles available for utilization Name Set the black list name and it will show on the pull down menu above e Add User s Click the Add User s button to add users to the selected black list Adding User s to Blacklist1 No Username Remark 10 54 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH After entering the usernames in the Username field and the related information in the Remark blank not required click Apply to add the users If removing a user from the black list is desired select the user s Delete check box and then click the Delete button to remove that user from the black list Black List Settings Select Black List 1 Blacklist1 Name Blacklist Username Remark blackuser Total 1 First Prev Next Last Add User s After the Black List editing is completed You can select the Black List in each Authentication Server to let it to become effective Authentication Settings Auth Database Auth Server Name Posttix Policy Black List Configure LOCAL Se rver i local i Policy iv None E RADIUS Server 2 radiusi Policy 20 None RADIUS
64. acks it is strongly recommended to build some immune capabilities such as IDS or IPS solutions in network deployment to maintain network operation 66 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 7 Access Network without Authentication 7 1 DMZ Configure DMZ go to Network gt gt Network Address Translation gt gt DMZ Demilitarized Zone NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Client Mobility Network Address Translation DMZ Demilitarized Zone Public Accessible Server Port and IP Redirect There are 20 sets of static Internal IP Address and External IP Address available Enter Internal and External P Address as a set After the setup accessing the External IP address listed in DMZ will be mapped to accessing the corresponding Internal IP Address These settings will become effective immediately after clicking the Apply button The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface WAN that will change dynamically if WAN Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN interface Automatic WAN IP Assignment Enable External IP Address Internal IP Address E 10 2 3 700 DMZ Demilitarized Zone Item External IP Address Internal IP Address 67 4ipnet User s Manual HSG200 Wireless Hotspot Gat
65. al Point use different transmit power as you wish DTI M Period Input the DTIM Interval that is generated within the periodic beacon at a specified frequency Higher DTIM will let the wireless client save energy more but the throughput will be growing worse ACK Timeout The time interval for waiting the ACKnowledgement frame If the ACK is not received within that timeout period then the packet will be re transmitted Higher ACK Timeout will decrease the packet lost but the throughput will be growing worse 23 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 4 2 Zone Wireless Settings Each zone has its own VAP and corresponds to one SSID In Private zone it s VAP1 and the SSID is hidden so public users cannot scan this SSID in the air for privilege users who already know this SSID they can manually associate to the SSID of Private zone On the other hand the SSID of VAP2 under Public zone by default is enabled with SSID Broadcast feature allowing public users to scan this SSID in the air After wireless general settings are done use the parameters in Wireless Settings under zone configuration to fine tune the wireless network under Private and Public Zone To configure Private Zone s Wireless Settings go to System gt gt Zone Configuration click Configure of Private zone Wireless Settings VAP 1 f VAP Status 9 Enable Disable Basic ESSID HSG200 1 Security Security Type None
66. an use your phone line and a modem ta connect ta it IF your computer is connected te a local area network LAN vau can gain access to the Internet over the LAM How do you connect to the Intemet C connect through a phone line and a modem connect through a local area network LAN pu Cancel eT Internet Connection Wizard l p X Local area network Internet configuration Select the method you would like to use to configure your proxy settings If you are not sure which option to select select automatic discovery or contact your network administrator Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration Automatic Configuration Automatic discovery of proxy server recommended Use automatic configuration script Address Manual Proxy Server G rm D coe User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet Internet Connection Wizard 6 Choose No and then click Next Set Up Your Internet Mail Account An Internet mail program is installed on your computer Internet mail allows you to receive and send e mail messages To successfully set up your Internet mail account you must have already signed up for an e mail account with an Internet service provider and obtained important connection information If you are missing any information the wizard asks you to provide contact your Inter
67. ase press Continue to this website to continue C The default user login page will appear in the browser User Login Username Password n Remember Me 2 Enter the username and password for example we use a local user account test local here and then click Submit button If the Remember Me check box is checked the browser will store the username and password on the current computer in order to automatically login to the system at the next login Then click the Submit button The Credit Balance button on the User Login Page is for on demand users only where they can check their Remaining quota 52 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual User Login Username test local password Remember Me 3 Successful The Login Success Page means you are connected to the network and Internet now Hello you are logged in via test local a pe To log out please click the Logout button E one tee CEEE CEEE eee LE LE L gt Tee e656 LIII eee eee eo 6 LIBI LE L m T E LJ 2 Login time 2005 06 02 11 26 53 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 6 Restrain the Users 6 1 Black List Configure Black List go to Users gt gt Black List The administrator can add delete or edit the black list for user access control Users accounts that appear in the bl
68. ateway ENGLISH 11 1 5 User Log View User Log go to Status gt gt User Log This page is used to check the traffic history of HSG200 The history of each day will be saved separately in the DRAM for at least 3 days 72 full hours The system also keeps a cumulated record of the traffic data generated by each user in the last 2 calendar months User Log Date Size Byte 2009 04 22 65 2009 04 23 65 On demand User Log Date Size Byte 2009 04 22 105 2009 04 23 254 Roaming Out User Log Date Size Byte 2009 04 22 106 2009 04 23 106 Roaming In User Log Date Size Byte 2009 04 22 112 2009 04 23 112 Monthly Network Usage of Local User Month No of Entries Usage Data 2009 04 1 Download Caution Since the history is saved in the DRAM if you need to restart the system and at the same time keep the history please manually copy and save the traffic history information before restarting If the Receiver E mail Address es has been entered under the E mail amp SYSLOG page the system will automatically send out these history information to that specified email address Primary User Log All user activities occur on the system within the nearest 72 hours excluding other user logs such as on demand user log are recorded in date and time order Each line is a traffic history record consisting of 9 fields Date Type Name I P MAC Pkts In Bytes In Pkts Out and Bytes Out of the user activities e On demand
69. ateway ENGLISH 8 User Login and Logout 8 1 Before User Login 8 1 1 Login with SSL Configure HTTPS go to System gt gt General HTTPS HTTP over SSL or HTTP Secure is the use of Secure Socket Layer SSL or Transport Layer Security TLS as a sub layer under regular HTTP application layering HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server HTTP Protected Login function will let the client s login with https for more security Enable to activate https encryption or disable to activate http non encryption login page General Settings for the Entire System System Name Wireless Hotspot Gateway Use the name on the security certificate Internal Domain Name Ly FQDN of this device for internal use e g controller office name com amp Enable Disable Portal URL http www google com e g http www google com User Log Access IP Address e g 192 168 2 1 Management IP Address List etup Management If i SNMP Enable amp Disable j HTTPS Protected Login Enable Disable System Time 2010 06 17 09 34 54 Time Zone GMT 08 00 Taipei NTP NTP Server 1 tock usno navy mil e g tock usno navy mil NTP Server 2 tock stdtime gov tw Manually set up 73 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 8 1 2 Internal Domain Name with Certificate Configure Internal Domain Name go to System gt gt General
70. ault website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Authorize Net Test Mode In this mode merchants can post test transactions for free to check if the payment function works properly MD5 Hash If transaction responses need to be encrypted by the Payment Gateway enter and confirm a MD5 Hash Value and select a reactive mode The MD5 Hash security feature enables merchants to verify that the results of a transaction or transaction response received by their server were actually sent from the Authorize Net 156 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH gt Service Disclaimer Content Choose Billing Plan for Authorize Net Payment Page Client s Purchasing Record We may collect and store the following personal zw information Service Disclaimer Content email address physical contact information credit card numbers and transactional information based on your lactivities on the Internet service provided by us Choose Billing Plan for Authorize Net Payment Page Plan 1 Enable 2 Enable 3 Enable 4 Enable 5 Enable 6 Enable 7 Enable a Enable g Enable 10 Enable Starting Invoice Number Description Item Name E mail Header Enable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable 9 Disable Quota 5 hr s 5 minis 10 hris 6 mings Unti
71. ble and a terminal simulation program such as the Hyper Terminal are needed 2 f a Hyper Terminal is used please set the parameters as 9600 8 None 1 None Caution The main console is a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of HSG200 is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system and the welcome screen or main menu should appear If the welcome screen or main menu of the console still does not pop up please check the connection of the cables and the settings of the terminal simulation program Basic Configuration debugging Change admin dollari eload factory default Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems The utilities are described as follows Wireless Hotspot Gateway Configuration Utility Ping host IF Trace routing path Display interface Display routing tab Display ARF table Display system up time C D pn tn d Imp a Check servic Status am i Set device into safe mo
72. c volume Account expires when Valid Period has been used up or quota depleted Ideal for small quantity applications such as sending receiving mail transferring a file etc Count down of Valid Period is continuous regardless of logging in or out Quota is the total Mbytes 1 2000 during which On demand users are allowed to access the network Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Valid Period is the valid time period for using After this time period even with remaining quota the account will still expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information 150 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Editing Billing Plan Plan 4 Account Type Range 1 2000 First time login must be done within davis Account Activation hourts Range af haur s 0 23 they cannot both be zero J After activation account will be expired in l davis Valid Period Must be larger than D Price Range O 100000 including two digits after decimal point e g 1 393 TIP If the Account Type is volume Customer can access internet as lang as the account is valid within the valid period with remaining quota traffi
73. c volume Customer also needs to activate the issued account within a given time period by logging in for the first time ie NEL Volume account lifespan Quota up QU Activation Time Expiration Time ET Deletion Time bg Time DT L1 Invalid Valid Volume account lifespan mE Quota Up QU Expiration Time E Activation Time AT Deletion Time Creation Time CT qun gt Invalid Valid o Duration time with Elapsed Time Account activated upon the account creation time Count down begins immediately after account created and is continuous regardless of 151 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual logging in or out Account expires once the Elapsed Time has been reached Ideal for providing internet service immediately after account creation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time Elapsed Time is the time interval for which the account is valid for internet access xx hrs yy mins Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan F Account Type Counting Method 9 Elapsed Time Begin and end Time Cut off Time Begin Time Upon Account Creation B day s 9 hr s
74. cate Authentication Y Black List 4 Policy 4 Additional Control Upload Certificate Private Key tsCizC Customer Certificate Brose Certification Path Verification Enable 9 Disable Without a valid certificate users may encounter the following problem in I E7 when they try to open the login page 74 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Certificate Error Navigation Blocked Windows Internet Explorer Koy e T iG http jiw google com File Edit View Favorites Tools Help D 1 L1 Certificate Error Navigation Blocked x There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Q9 Click here to close this webpage Continue to this website not recommended 9 More information Click Continue to this website to access the user login page Use Default Certificate Click Use Default Certificate to use the default certificate and key Click restart to validate the changes You just overwrote the setting with default KEY amp default CA file You should restart
75. ce appears System Firmware Upgrade Current Version File Name Build 1 7 1 3224 Browse Note For better maintenance we strongly recommend you backup system settings before upgrading firmware Apply Note After clicking Apply the system will begin uploading the chosen firmware into the system Once the upload process is complete system will restart to activate the new firmware The entire process may take a few minutes until the new firmware WMI appears When restart is complete system will not lease IP So please use static IP PC to upgrade system firmware Caution 1 Firmware upgrade may cause the loss of some data You may need to manually backup user account information please refer to the release notes for the limitation before upgrading 2 Do not power on off the system during the upgrade or restart process It may damage the system and cause malfunction 93 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 9 Restart To perform system restart go to Utilities gt gt Restart This function allows the administrator to safely restart HSG200 and the process takes approximately three minutes Click YES to restart HSG200 click NO to go back to the previous screen Do NOT power off the power during system restart as this might damage the system If the power needs to be turned off it is highly recommended to restart HSG200 first and then turn off the power after completing the re
76. ck the hyperlink Roaming Out amp 802 1x Client Device Settings to enter the Roaming Out amp 802 1X Client Device Settings interface Choose Roaming Out and key in the Roaming Out client s IP address and network mask and then click Apply to complete the settings In the other system such as another HSG200 setup it s RADIUS server to this HSG200 with same postfix then the local user in this HSG200 can login success from another HSG200 by RADIUS authentication 119 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 12 4 Customizable Pages Configure Custom Pages go to System gt gt Zone Configuration click Configure in Public zone There are several user login and logout pages that can be customized by the administrator You can select Template Page or External Page Type Template Page External Page Color for Title Background 728899 Select RGB values in hex mode Color for Title Text F3F3F3 Select RGB values in hex made Color for Page Background FFFFFF Select RGB values in hex mode Color for Page Text 000000 Select RGB values in hex mode Copyright Copyright Logo Image File Preview and Edit the Image File Custom Pages Login Page Login Success Page Status Enable Disable Disclaimer Page l 9 Config ure Preview e Template Page To utilize the template user pages stored locally in the system choose Template Page and configure the necessary setti
77. credit card number found either on the front of the card or on the back of the 158 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH card o E mail An email address may be provided along with the billing information of a transaction This is the customer s email address and should contain an symbol o Customer ID This is an internal identifier for a customer that may be associated with the billing information of a transaction This field may contain any format of information o First Name The first name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter John in the First Name field indicating this customer s name o Last Name The last name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter Doe in the Last Name field indicating this customer s name o Company The name of the company associated with the billing or shipping information entered on a given transaction o Address The address entered either in the billing or shipping information of a given transaction o City The city is associated with either the billing address or shipping address of a transaction o State A state is associated with both the billing and shipping address of a transaction This may be entered as either a two character abbreviation or the full text name of the state o Zip The ZI
78. d click the username of the desired user account in Local User List to enter the User Profile nterface for that particular user and then modify or add any desired information such as Username Password MAC Address optional Applied Policy optional and Remark optional Click Apply to complete the modification Editing Existing User Data Username juser 1 Password useri MAC Address Applied Policy Policy 1 Remark 40 4ipnet 5 1 2 RADIUS User s Manual HSG200 Wireless Hotspot Gateway ENGLISH There are two RADIUS authentication database for configuration Click the button Configure of any one of RADIUS servers for further configuration The RADIUS server sets the external authentication for user accounts Enter the information for the primary server and or the secondary server the secondary server is not mandatory The fields with red asterisk are necessary information These settings will become effective immediately after clicking the Apply button 807 1 Authentication Username Format WAS Identifier WAS Port Type Class Policy Mapping Server Authentication Port Accounting Port Secret Key Accounting Service Authentication Protocol Server Authentication Port Accounting Port Secret Key Accounting Service External RADIUS Server Related Settings Enable Disable Complete e g userl companyname com 2 only ID e g useri Po Default 19 Range 035 Primary RADIUS
79. d by any IP address for security consideration please change this value before the system provides service 85 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 10 3 User Log Access I P Address Configure User Log Access IP History go to System gt gt General General Settings for the Entire System Internal Domain Name E Use the name on the security certificate FQDN of this device for internal use e g controller office name com amp Enable Disable http www google com e g http www google com User Log Access IP Address e g 192 168 2 1 Management IP Address List Setup Management IP Address List Specify an IP address of the administrator s computer or a billing system to get billing history Portal URL information of HSG200 with the predefined URLs The file name format is yyyy mm dd An example is provided as follows Traffic History https 10 2 3 213 status history 2005 02 17 By https 10 2 3 7213 status history 2005 02 17 Microsoft Internet Explorer Fle Edt View Favorites Tools Help av e Search vo Favorites wf Media e AE Date TYPE Name IF MAC Packets In Bytes In Packets Out Bytes Out 2005 02 17 18 09 03 0800 LOGIN aaathw1300 tw 192 168 30 189 0 0C F1 28 BF D8 0 0 0 0 On demand History https 10 2 3 213 status ondemand history 2005 02 17 S https 10 2 3 21 j stabus ondemand hisbory 2005 02 17
80. d disassociate messages 110 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 11 2 1 E Mail Configure Notification go to Status gt gt E mail amp SYSLOG Notification E mail Settings gt Receiver Email Address es Up to 3 e mail address can be set up to receive the notification These are the receiver s e mail addresses There are four kinds of notification to selection Monitor IP Report Users Log On demand Users Log and Session Log check the selection box to choose the type of notification to be sent Interval The time interval to send the e mail report SMTP Setting Test To test the settings immediately Sender Email Address The e mail address of the administrator in charge of the monitoring This will show up as the sender s e mail SMTP Server The IP address of the sender s SMTP server SMTP Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMVv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMvl1 is not currently available for general use o Plain and CRAM MD8 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNI X login password Netscape uses Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM M
81. d with no network activities the system will automatically kick out the user The logout timer can be set between 1 1440 minutes and the default idle time is 10 minutes Additional Control Idle Timeout minutes 10 1 1440 User Session Control Multiple Login Authentication option using On demand database will not support this function 79 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 8 2 3 Multiple Login Configure Multiple Login go to Users Additional Control When enabled a user can log in from different computers with the same account This function doesn t support On demand users and RADIUS authentication Additional Control E Idle Timeout minutes 10 1 1440 User Session Control Multiple Login Authentication option using On demand database will not support this function 80 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 9 Networking Features of a Gateway 9 1 IP Plug and Play Configure IP Plug and Play go to Network gt gt Client Mobility HSG200 supports IP PNP function User can login and access network with any IP address setting This function is disabled in default settings Client Mobility IP PNP Enable Disable When IP PNP is enabled at the user end a static IP address can be used to connect to the system Regardless of what the IP address at the user end is using authentication can still be performed through HSG200
82. dWidth GOMErOl s ooi ten se ect a t eo ER e e Rode Eie Ead eben e Rd UE aes 16 WTS Zon araea e ls dads arse eate dep dans petis Pose do brass ibas Ponts deep bu ende 17 8 5 IUPORE ROIG AS SIONE Nuit On Ney E MCN MM NTE Trier MEO EE REL 18 3 5 2 Pranning Your Internet NeOWOEK socius tape nc cnt etd secte Ds ume LLL eel ch ee D eee Use pep dece 19 255 5 Cobfhigure Zone NOeUWODPI earrann toe Iri taa buipaca Erat etae bbs EIS TC ED da L0 4 t18 Foe dtt aset rota sonde anta 20 Let Your Network to Be a Wireless Network 22 System Wireless General Settings ssseseeeen eee eene nennen nnne 22 Zone WIFEIESSS GELINGS M ERO E E 24 Zone WIREIESS SECUN Y eo otetetpa t e ated testet ate Abs eal ate AT eU Lee 27 Wireless Layer 2 firewall seen nnne nnne nnne enn nnne nnns 29 T qd Generne FIEeWallRUIGS cot te er UO MO EA DL M D LI E ADI EUNT 29 4 4 2 Predefined and Custom Service Protocols 1 1 eene nennen nnne 35 BAS POV ANCE Gi ss cosssorscstacsatestorerechesaontate cameo dba oh dL o Ie OMS L EA ERIS oe Red cb too EA 36 Who Can Access the Network eere eeee esee eese eere esee etn esee ene ee eoaue 37 IV DEI USES sce tuteaaute ate scia ede aue EA LED ue Mte En cee tetas 37 5 1 1 Kore Bearer aero tr aie a RC occ HR 38 9 1 2 IADIEIS o sddumich IMMO UU EM M UEM UI MUI UI I MM LM 41 5 103 OmnsDemanddjsel Societ incisis 6s e
83. de avynchronize clock with NTP Print the kernel ring buff Main menu enter your choice gt Ping host IP By sending ICMP echo request to a specified host and wait for the response to test the network status 98 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH gt Trace routing path Trace and inquire the routing path to a specific target gt Display interface settings It displays the information of each network interface setting including the MAC address IP address and Netmask gt Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings gt Display ARP table The internal ARP table of the system is displayed gt Display system up time The system live time time for system being turn on is displayed gt Check service status Check and display the status of the system gt Set device into safe mode If the administrator is unable to use Web Management Interface via browser for the system failed inexplicitly The administrator can choose this utility and set it into safe mode which enables him to manage this device with browser again gt Synchronize clock with NTP server Immediately synchronize the clock through the NTP protocol and the specified network time server Since this interface does not support manual setup for its internal clock therefore we must reset the internal clock through the NTP gt Print the
84. digits after decimal point eg 1 99 j TIP The Hotel Cut off time Account Type is designed for hotel applications and conforms to check in aut scenario For cut off applications within one day for example the account expires upon bookstore s closing hour L1LPM please select Duration Time One day stay in Hotel terms is counted fram a customer s check in time to the check out time on the following day When a tenant checks in for one ar multiple days the operator can generate an account ticket based on the number of the auer night stay The account will be cut off on the specified cut off time normally the hotel s check out time after the number of nights specified Since quests may hang around in the lobby for a short while after checking out the hotel may want to specify a Grace period for their tenants EE NS NEL Hotel Cut off time account lifespan 3 night stay example 24 00 PM 24 00 PM 24 00 PM Cut off Time Check out time Map A Deletion Time DT E Invalid EN Valid 149 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Hotel Cut off time account lifespan 3 night stay example with Grace Period 24 00 PM 24 00 PM 24 00 PM e Grace Period Cut off Time Check out time Creation Time Deletion Time DT Check in time gt Invalid Valid o Volume Can access internet as long as account valid with remaining quota traffi
85. directly or remotely from other PC Step 1 Confirm the following key elements in RADIUS server users groups and policies Verify whether there are already users in RADIUS Server Verify whether there are already Groups and assigned users belonging to these Groups in RADIUS Server Verify whether there are already Policies and assigned Groups belonging to these Policies in RADIUS Server Step 2 Run Internet Authentication Server and open Remote Access Policies Select a Policy with right click and scroll down to its Properties page 138 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Recycle Bin Geti 2 3 1 RADIUS Server Desktop gm Internet Authentication Service File Action wiew Help Internet Authentication Service Local E RADIUS Clients SY RADIUS MAC TE Remote Access Logging SS stressuses il sl amp uthenticati Employee ish sizh Groupi Idle3m Sessionbm g Groupe Sessionlem Hs E Groups Unlimited NN Internet mx Group4_IdleSm NAS ID match cipher paeme Group5 NAS ID match other Ef Connections to Microsoft Routing andF Delete E Connections to other access servers Rename Pi Properes Move Up Move Down Active records csv Director Je bh Certification Remote Authority Desktop A Hr Opens property sheet For the current selection Command Services Click Edit Profile and select the Advanced Tag Click Add to add a new Vendor specific attr
86. e PayPal Payment Page Configuration gt External Payment Gateway PayPal Payment Page Configuration External Payment Gateway Authorize Net 9 PayPal Q SecurePay Q WorldPay Disable PayPal Payment Page Configuration Business Account nf Payment Gateway URL https ww w paypal com cgi bin webscr Identity Token EP 9 Enable Disable Verify SSL Certificate Currency USD U S Dollar o Business Account The Login ID an email address that is associated with the PayPal Business Account o Payment Gateway URL The default website address to post all transaction data o Identity Token This is the key used by PayPal to validate all the transactions o Verify SSL Certificate This is to help protect the system from accessing a website other than PayPal o Currency The currency to be used for the payment transactions 160 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual gt Service Disclaimer Content Choose Billing Plan for PayPal Payment Page Service Disclaimer Content information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us If the information you provide cannot be verified we may Choose Billing Plan for PayPal Payment Page Plan Enable Disable Quota Price 1 Enable Disable 5 hr s 5 mints 0 2 Enable Disable 3 Enable 9 Disable 10 hr s 6 mints
87. e BR Access server RADIUS Standard Class3 RADIUS Standard PPP RADIUS Standard 100000 venda code 21520 100000 Max download upload traffic is 1 IM Bytes Remove Step 6 Follow the same steps to create other Vendor specific Attribute if needed 141 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 3 VSA configuration in RADIUS server FreeRADI US This section will guide you through VSA configuration with FreeRADIUS v1 0 5 running on Fedora Before getting started open the shell of RADIUS server for example use Putty to access the Linux host is PuTTY Configuration Category B Session Logging Terminal Keyboard Ball Features windo Appearance Behaviour Translation Selection Colours Connection Data Proxy Telnet Alogin SSH Serial Step 1 Basic options for your PuT TY session Specify the destination you want to connect to Host Mame or IP address Fort 10 2217 22 m Connection type CO hRaw Telnet C2Rlogin 9 SSH Serial Load save ar delete a stored session Saved Sessions as Default Settings Load l Save Delete Close window on exit Always Never C9 Only on clean exit Confirm the following key elements in RADIUS server users groups Verify whether there are already users in RADIUS Server Verify whether there
88. e data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with EAP200 or in areas where the clients are far apart and can detect only EAP200 but not each other Fragment Threshold Enter a value between 256 and 2346 The default is 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference Broadcast SSI D Enable to broadcast VAP2 s SSID in the air Disable to hide VAP s SSID so that it cannot be scanned Station Isolation By enabling this function all stations wirelessly associated to this zone are isolated from each other and can only communicate with the system WMM The default is Disable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access categories voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capab
89. e time checked There are three options Always Recurring and One Time Recurring is set with the hours within a week Action for Matched Packets There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing 61 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 6 3 2 Routing gt Specific Route Profile Click the button of Setting for Specific Route Profile the Specific Route Profile list will appear 1 Specific Route gt Specific Route Profile The Specific Default Route is use to control clients to access some specific IP segment by the specified gateway Global Policy Specific Routes Destination Gateway Route No IP Address Subnet Netmask IP Address 1 255 205 259 259 32 2 255 255 255 255 32 3 255 255 255 255 32 4 255 255 255 255 32 Policy 1 Specific Default Route Enable IP Address Policy 1 Specific Routes Destination Gateway Route No IP Address Subnet Netmask IP Address 1 255 255 255 255 32 2 255 255 255 255 32 3 255 255 255 255 32 4 255 255 255 255 32 o Destination IP Address The destination network address or IP address of the destination host Please note that if applicable the system will calculate and display the appropriate value based on the combination of Network IP Address and Subnet Mask that have just been entered and applied o Destination Subnet Netmask The subnet mask of
90. ena Sechings Weyer dial a connection Dial whenever a network connection is nat present Seb Defauilk Local Area Network LAN settings LAN Settings Always dial my default connection urrent Mone 4ipnet 3 Choose I want to set up my Internet connection manually or want to connect through a local Area network LAN and then click Next 4 Choose I connect through a local area network LAN and then click Next 5 DO NOT choose any option in the following LAN window for Internet configuration and just click Next 123 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Internet Connection Wizard i 5 Welcome to the Internet Connection Wizard The Internet Connection wizard helps you connect your computer to the Internet You can use this wizard to set up a new or existing Internet account want to sign up for a new Internet account My telephone line is connected to my modem C want to transfer my existing Internet account to this computer Mv telephone line is connected to my modem want to set up my Internet connection manually or want to connect through a local area network LAN To leave your Internet settings unchanged click Cancel To learn more about the Internet click Tutorial Tutorial Internet Connection Wizard x Setting up your Internet connection IF pou have an Interet service provider account you c
91. ency k Facility local0 HTTP Web Log Private Public Logged Interface _ Note When the number of a user s session TCP and UDP reaches the session limit specified in the policy a record will be logged to this SYSLOG server 112 4ipnet 11 2 3 FTP FTP Server Settings FTP Destination Session Log HTTP Web Log FTP Server Settings User s Manual HSG200 Wireless Hotspot Gateway ENGLISH FTP Server Settings IP Address Port Anonymous 9 Yes No FTP Setting Test SendTestlog Enabled Disabled Server Folder ex dir1 dir2 Interval 1 Hour Note same as Interval of Session Log in the Notification E mail Settings Enabled Disabled Server Folder ex dir1 dir2 Interval 1 Hour Private Public Logged Interface FTP Destination Configures the common settings of the FTP server that the logs will be sent to which includes the following gt IP Address Port IP address and port number of FTP server gt Anonymous Check option Yes if the FTP server does not need ID credentials otherwise check option No and fill in the necessary Username and Password gt FTP Setting Test To test the FTP settings correct or not Session Log Log each connection created by users and tracking the source IP Port and destination I P Port Session Log will be sent to the FTP server automatically during every defined interval in Session Log email notification Session Log allows upload
92. entication o Usage time with Expiration Time Can access internet as long as account valid with remaining quota usable time Need to activate the purchased account within a given time period by logging in for the first time Ideal for short term usage For example in coffee shops airport terminals etc Only deducts quota while using however the count down to Expiration Time is continuous regardless of logging in or out Account expires when Valid Period has been used up or quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Valid Period is the valid time period for using After this time period even with remaining quota the account will still expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 2 Account Type Usage time Expiration Time With Expiration Time O No Expiration Time fa day s 2 hris 3 mints tI Range of day s 0 364 Range of hour s 0 23 Range of mings 0 59 they cannot all ba zero
93. er over the available account limits in database Click Create button to start batch creation Next page will Show Success or Failed message to indicate the batch creation status Once creation is successful all created accounts can be exported to a text file for extended usage Moreover you can click Send to POS to print a receipt to a POS device via Serial or Ethernet network Please notice that it takes time if you create lots of on demand accounts by batch creation 47 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH On demand Account Batch Creation Account Type Quota Price Number of Accounts Usage time 15 min s connection time quota with expiration 10 91 Usage time 11 min s connection time quota 1 Hotel Cut off Valid until 12 00 the following day 5 Valid from 2010 07 14 12 00 00 til 2010 07 14 23 59 00 Duration time N A N A N A N A N A N A Plan The number of a specific plan Account Type Show account type of the plan in Usage time Duration time or Hotel Cut off Quota The total time amount interval or traffic volume on how On demand users are allowed to access the network Price For each plan this is the unit price charged for an account Number of Accounts The desired number of accounts to be created from the plan 8 On demand Account List All created On demand accounts are listed and related information on is also provided Search Upload User Download User On demand Accoun
94. er version 6 0 and above or Firefox Default LAN interface IP address LAN1 192 168 1 254 is mapped to Private Zone with no authentication required for users LAN2 192 168 11 254 is mapped to Public Zone by default authentication is required for users Note The instructions below are illustrated with the administrator PC connected to LANI To access the web management interface connect a PC to LAN1 Port and then launch a browse Make sure you have set DHCP in TCP IP of your PC to Obtain an I P address automatically The default gateway IP address is the default gateway IP address of Private Zone 192 168 1 254 Next enter the gateway IP address of HSG200 at the address field The default gateway IP address of LAN1 Port is https 192 168 1 254 https is used for a secured connection 4ipnet Windows Internet Explorer o yov UE httpej 192 168 1 254 File Edit View Favorites Tools Help The administrator login page will appear Enter admin the default username and admin the default password in the User Name and Password fields Click LOGIN to log in Username admin After a successful login a Home page with four main buttons will appear on the screen 10 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Logout 7 Help Setup Wizard Quick Links System aF Main Menu Overview For the first time if HSG200 is not using a trusted SSL certificate there
95. ers and Regional and Scanners and Scheduled Sounds and Faxes Language Cameras Tasks Audio Devices S kh 8 B Speech System Taskbar and User Accounts VMware Tools 2 Right click on the Local Area Connection gt Network Connections File Edit view Favorites Tools Advanced Help icon and select Properties QO P sent h Foder E 5 e Network Connections LAN or High Speed Internet Network Tasks ocal Area Connection 5 Create a new nabled connection mU AMD PCNET Family PCI Ethern f setup a home or small office network Disable this network device Disable Status Repair Repair this connection Bridge Connections mij Rename this connection Create Shortcut view status of this Delete connection pray Change settings of this connection Other Places G Control Panel My Network Places E My Documents 132 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 3 Click on the General tab and choose Local Area Connection Properties Internet Protocol TCP I P and General Authentication Advanced Connect using M choose to use DHCP or a specific IP This connection uses the following thems address El Client for Microsoft Networks m File and Printer Sharing For Microsoft Networks um aS Internet Protocol T CPP Description Transmission Control Protocolelnatemnet Protocol The default Wide area networ
96. eway ENGLISH 7 2 Virtual Server Configure Virtual Server go to Network gt gt Network Address Translation gt gt Public Accessible Server NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Client Mobility Network Address Translation DMZ Demilitarized Zone Public Accessible Server Port and IP Redirect This function allows the administrator to set 20 virtual servers at most so that client devices outside the managed network can access these servers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server I P Address and Local Server Port Select TCP or UDP for the service s type In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply button Public Accessible Server No External Service Port Local Server IP Address Local Server Port Type Enable l TCP 1 o i i UDP p i 1 TCP 2 CI C2 UDP Tep 3 UDP Q TCP d Ex E i UDP TCP 5 d LI OQ UDP TCP 5 F UDP Q TCP 7 UDP Q TCP 8 ps ET UDP TCP o x O UDP 1 TCP 10 ms F Q UDF Total 20 First Prev Next Last 68 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 7 3 Privile
97. f that Zone such as authentication security feature wireless encryption method traffic control and etc There are two Zones that can be utilized by HSG200 Private Zone and Public Zone as shown in the table below Private Zone means clients are not required to be authenticated before using the network service On the other hand clients in Public Zone are required to get authentication before using the network service General Y WAN Configuration X WAN Traffic Zone Configuration Zone Settings Name ESSID Wireless Security Default Authen Option Details Private HSG200 1 None N A Configure Public HSG200 2 None On demand User Configure Name Mnemonic name of the Zone e ESSID The SSID that is associated with the Zone e Wireless Security Data encryption method for wireless networks within the Zone e Default Authen Option Default authentication method server that is used within the Zone e Details Configurable detailed settings for each Zone Click Configure button to configure each Zone Basic Settings Authentication Settings Public Zone only Wireless Settings and WDS Settings Public Zone only 17 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 3 5 1 Port Role Assignment HSG200 supports two zones Private and Public In the Private Zone authentication is not required to access the network via wired and wireless In the Public Zone by default Authentication Required is
98. fault setting of Windows i Vana NNUS ae C Use the following IP address IP address address is obtained from HSG200 Sivibiisit mise Drefaull gateway Then reboot the PC to make sure an IP t Obtain DNS server address automatically Use the following DNS server addresses Prefered ONS server Advanced m o C ox T cues A amp lEermate WAS server 130 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 5 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of HSG200 Caution If your PC has been set up completely please inform the network administrator before proceeding to the following steps 5 1 5 2 5 3 Choose Use the following IP address and enter the IP address Subnet mask If the DNS Server field is empty select Using the following DNS server addresses and enter the DNS Server address Then click OK Click Advanced to enter the Advanced TCP IP Settings window Click on the IP Settings tab and click Add below the Default gateways column and the TCP IP Gateway Address window will appear 131 Internet Protocol TCP IP Properties E General xi Yoy can get IP settings assigned automatically if your network su
99. for the first time GENES Gas Usage time No Expiration account lifespan lt gt Activation Time Quota up QU 7 Deletion Time Creation Time DT CT my Invalid Valid 148 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Hotel Cut off time Hotel Cut off time is the clock time normally check out time at which the on demand account is cut off made expired by the system on the following day or many days later On the account creation UI of this plan operator can enter a Unit value which is the number of days to Cut off time according to customer stay time For example Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to use the on demand account to access the Internet without paying additional fee Unit Price is a daily price of this billing plan Mainly used in hostel venues to provide internet service according to guests stay time Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 5 Account Type Hotel Cut aff time Hotel Cut off Time HH MM range 00 00 23 59 J Grace Period Account remains usable far hour s after cut off 60 perday Unit Price l Range B 100000 including two
100. ge List Configure Privilege List go to Network gt gt Privilege Setup the Privilege I P Address List and Privilege MAC Address List The clients accessing the internet via IP addresses and or networking devices in the list can access the network without any authentication Privilege List IP Address List MAC Address List 69 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 7 3 1 Privilege IP Privilege I P Address List Configure Privilege IP Address List go to Network Configuration gt gt Privilege gt gt IP Address List If there are workstations inside the managed network that need to access the network without authentication enter the IP addresses of these workstations in the Granted Access by IP Address The Remark field is not necessary but is useful to keep track HSG200 allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply Granted Access by IP Address No IP Address Remark 10 Total 100 First Prev Next Last Caution Permitting specific IP addresses to have network access rights without going through standard authentication process under Public zone may cause security problems 70 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 7 3 2 Privilege MAC Privilege MAC Address List In addition to the Privilege IP List MAC address List allows the MAC address of the workstations that need to acces
101. hentication database LOCAL RADIUS and ONDEMAND that are Supported by the system Only Public Zone can set authentication A postfix is used to inform the system which authentication option to be used for authenticating an account e g Bob local or Tim radius1 etc when multiple options are concurrently in use One of the authentication options can be assigned as default For authentication assigned as default the postfix can be omitted For example if local is the postfix of the default option then user with username Bob can login as Bob without having to type in Bob local Authentication Settings Authentication Required For NA the it Enable Disable Aut Serer Auth Database Postfix Default Server 1 LOCAL Authentication Options Server 2 RADIUS Server 3 RADIUS radius2 On demand User ONDEMAND ondemand i 5 2 2 Login with Postfix For each authentication option set a postfix that is easy to distinguish e g Local user login with which authentication server The acceptable characters are numbers 0 9 alphabets a z or A Z dash underline and dot within a maximum of 40 characters All other characters are not allowed Beside the Default Authentication all other authentication server users logging into to system the username must contain the postfix to identify the authentication option this user belongs to hat Otaboe matn servername rese conto oo
102. ibute Group3 Unlimited Properties Settings Specify the conditions that connection requests must match Policy conditions Edit Dial in Profile x Sw indewis rauns TERR z z xxm Dialin Constraints IF b ultilin Authentication Encryption Advanced Specity addition PETETA Access SEET Attributes To add an attribute to the Profile select the attribute and then click Add Add Mame ne 4 To add an attribute that iz nat listed select the Vendor Specific attribute I Generate Class If connection req Class associated profile Attribute Framed Protacc Service T ype Lir l mi Hali zii Li BIS E alt evel nta LI u 5 Edit Profile Unless individual TAF policy controls acc Allowed Certificate C1D Microsoft Specifies the certificate purpose or usage object identifiers aenerate Class Attribute Microsoft Species whether AS automatically generates the class al If a connection re Generate Session T imeout Microsoft Specifies whether AS automatically generates the session C Deny remote Ignore Llser Dialin Properties Microsoft Specifies that the user s dial in properties are ignored fF ne oat renaiee 4 M5 Quarantine PFilter Microsoft Specifies the IP traffic filter that is used by the Routing anc ane MS Quarantine Session T imeout Microsoft Speches the time in seconds that the connection can rer Tunnel T ag Microsoft Description not yet defined USA amp CCM Type
103. ication one server uses built in LOCAL database while the other two servers uses external RADIUS database In addition another server called On demand can be configured for temporary user authentication Authentication Settings Auth Database Auth Server Name Postfix Policy Black List Configure LOCAL Server 1 local Policy i None wv Configure RADIUS Server 2 radiusi Policy 2 I None s Configure RADIUS Server 3 radius Policy 3 w None Configure ONDEMAND londemand Policy 4 Configure Auth Database There are four different authentication options in HSG200 that uses databases LOCAL RADI US1 RADI US2 and ONDEMAND Auth Server Name Set a name for the authentication databases by using numbers 0 9 alphabets a z or A Z dash underline space and dot only This name is used for the administrator to identify the authentication options easily such as HQ RADIUS e Postfix A postfix represents the authentication server in a complete username For example userl local means that this user user1 will be authenticated against the LOCAL authentication database e Policy Select one Policy from the drop down list box for this specific authentication option Black List There are 5 sets of black lists provided by the system A user account listed in the black list is not allowed to log into the system the client s access will be denied The administrator may select one or None black li
104. in 802 2 LLC frame header gt SNAP Type when EtherType is IEEE802 3 The field can be used to indicate the type of encapsulated traffics gt VLAN ID when EtherType is VLAN The VLAN ID is provided to associate with certain VLAN tagging traffics gt VLAN Priority when EtherType is VLAN It denotes the priority level with associated VLAN traffics gt VLAN Type when EtherType is VLAN It can be used to indicate the type of encapsulated traffics gt Opcode when EtherType is ARP RARP This list can be used to specify the ARP Opcode in ARP header Source MAC Address Mask indicates the source MAC IP Address Mask indicates the source IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields when EtherType is ARP Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields when EtherType is ARP When the configurations are made please click Apply to let the firewall rule take effort gt gt To insert a specific rule I nsert Before in Operation column of firewall list will lead to the following page for detail configuration with rule ID for the rule currently being inserted 32 4ipnet NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Edit Filter Rule Rule Number Rule Name Action for Matched Packets Rule Rema
105. ing the log file to a FTP server periodically The maximum log file size is 256K The log file also will be sent to the FTP server once the file size reaches its maximum size Enable Decide whether or not to send Session Log file to the FTP Server configured in FTP Destination Server Folder The folder in the configured FTP Server in which the sent Log will be placed HTTP Web Log Records the URL of websites visited by users accessing the internet via HSG200 gt Enable Decide whether or not to send HTTP Web Log file to the FTP Server configured in FTP Destination gt Server Folder The folder in the configured FTP Server in which the sent Log will be placed 113 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH gt Interval The time interval at which the Log will be sent gt Logged Interface The check box of Public or Private shall be checked to enable logging the HTTP Web Log of this interface 114 4ipnet 11 2 4 Event Log User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Event Log The Event Log provides the system activities records The administrator can monitor the system status by checking this log 25 25 25 19 19 19 04 04 04 47 Aug 25 19 04 50 Aug 25 19 09 28 disassociated Aug 25 19 14 43 disassociated Aug 26 10 38 56 Aug 26 10 45 24 Aug 26 10 48 07 Aug 26 10 48 33 Aug 26 10 49 00 Aug 26 10 49 03 Aug 26 10 49 05 Aug 26 10 49
106. inistrator can add any extra desired services The 27 default firewall services cannot be deleted but can be disabled NAT Y Privilege 10 Monitor IP Walled Garden Name ALL ALL TCP ALL ICMP FTP HTTP HTTPS POP3 SMTP DHCP DNS Walled Garden Ad List X DDNS Client Mobility Layer 2 Firewall Service Protocols List Description ALL TCP Source Port 065535 Destination Port 065535 ICMP TCP UDP Destination Port 2021 TCP UDP Destination Port 80 TCP UDP Destination Port 443 TCP Destination Port 110 TCP Destination Port 25 UDP Destination Port 67 68 TCP UDP Destination Port 53 Total 27 First Prev Next Last 35 Select All Add Delete HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 4 4 3 Advanced Advanced Firewall Settings can be enabled to supplement the firewall rules providing extra security enhancement against DHCP and ARP traffics traversing the available interfaces of system NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Client Mobility Layer 2 Firewall Advanced Enable Disable Advanced Firewall Settings Enable Disable DHCP Snooping Trust DHCP List Configure Enable Disable Force DHCP Enable Disable ARP Inspection Broadcast Enable Disable Static List Configure ae NEL DHCP Snooping When enabled DHCP packets will be validated aga
107. ink Defines the maximum uplink bandwidth allowed for an individual client The Individual Maximum Uplink cannot exceed the value of Total Uplink gt Individual Request Uplink Defines the guaranteed minimum bandwidth allowed for an individual client The Individual Request Uplink cannot exceed the value of Total Uplink and Individual Maximum Uplink 65 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 6 3 5 Session Limit To prevent ill behaved clients or malicious software from taking up the system s connection resources the administrator can restrict the number of concurrent sessions that a user can establish Policy Configuration Policy 1 Setting Setting Maximum Concurrent Sessions 500 m sessions per user gt The maximum number of concurrent sessions including TCP and UDP for each user can be specified in the Global policy which applies to authenticated users users on a non authenticated port privileged users and clients in DMZ zones Also this can be specified in the other policies to apply to the authenticated users gt When the number of a user s sessions reaches the session limit a choice of Unlimited 10 25 50 100 200 350 and 500 the user will be implicitly suspended upon receipt of any new connection request In this case a record will be logged to a SYSLOG server gt Since this basic protection mechanism may not be able to protect the system from all malicious DoS att
108. inst possible threats like DHCP starvation attack in addition the Trust DHCP List IP MAC can be used to specify legitimate DHCP servers to prevent rouge DHCP server ARP Inspection When enabled ARP packets will be validated against ARP spoofing o Force DHCP option when enabled the AP only learns MAC IP pair information through DHCP packets Since devices configured with static IP address does not send DHCP traffic therefore any clients with static IP address will be blocked from internet access unless its MAC IP pair is listed and enabled on the Static List o Broadcast can be enabled to let other AP with L2 firewall feature learn the trusted MAC IP pairs to issue ARP requests o Static List can be used to add MAC or MAC IP pairs of devices that are trusted to issue ARP request Other network nodes can still send their ARP requests however if their IP appears in the static list with different MAC their ARP requests will be dropped to prevent eavesdropping If any settings are made please click Apply to save the configuration before leaving this page 36 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 5 Who Can Access the Network 5 1 Type of Users Configure Users go to Users gt gt Authentication This section is for administrators to pre configure authentication servers for the entire system Concurrently up to three servers can be selected and pre configured for static user authent
109. ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Policy 1 Firewall Rules Source Action Rule Name Service Schedule Destination ANY Block ALL Always ANY ANY Block ALL Always ANY Selecting the Filter Rule Number 1 as an example Policy 1 Edit Filter Rule Rule Number 1 Rule Name Source Destination Interface Zone ALL Md Interface 7one ALL IP Address 7 0 0 0 0 IP Address Y 0 0 0 0 Subnet Mask 0 0 0 0 0 Subnet Mask 0 0 0 0 0 d MAC Address Service Protocol ALL Y Schedule 9 Always Recurring One Time Action for Matched Packets 9 Block Pass Rule Number This is the rule selected 1 Rule No 1 has the highest priority rule No 2 has the second priority and so on Rule Name The rule name can be changed here Source Destination Interface Zone There are choices of ALL WAN Public and Private to be applied for the traffic interface Source Destination IP Address Domain Name Enter the source and destination IP addresses Domain Name filtering is supported but Domain Host filtering is not Source Destination Subnet Mask Select the source and destination subnet masks Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter Service Protocol These are defined protocols in the service protocols list to be selected Schedule When schedule is selected clients assigned with this policy are applied the firewall rule only within th
110. ired plan and Creating an On demand Account will appear for creation On demand Account Creation Plan Account Type Quota Price Status Function 1 Usage time 15 min s connection time quota with expiration 10 91 Enabled Create 2 Usage time 11 min s connection time quota 1 Enabled 3 Hotel Cut off time Valid until 12 00 the following day 5 Enabled Create 4 Duration time Valid from 2010 07 14 12 00 00 til 2010 07 14 23 59 00 1 Enabled Create Creating an On demand Account Plan Account Type 2 Usage time Quota 11 min s connection time quota Username Password Creation System created Account Activation First time login must be done within 1 hour s Total Price 1 this is a ref Add a reference related to this account for example the customer s name Reference External ID Enter an external ID such as Library ID No Please confirm the information and press Create button to create an account 7 On demand Account Batch Creation After at least one billing plan is enabled the administrator can generate multiple on demand user accounts at once with batch creation Click Create button to enter the On demand Account Batch Creation Enter the desired number of accounts of enabled plans to create a batch of on demand accounts together The Number of Accounts field of disabled plans will not be able to enter any number The sum of all Number of Accounts will be constrained and will not accept a numb
111. k protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected 4 Using DHCP If you want to use DHCP choose Obtain an IP address Internet Protocol TCP IP Properties General Alternate Configuration automatically and click OK Th IS IS a Iso You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator Far the default setting of Windows Then fed eo Dd icit fe Obtai IP add t ticall reboot the PC to make sure an IP address se the followirig address is obtained from HSG200 Obtain ONS server address automatically 5 Using Specific I P Address If you want Use the following DNS server addresses to use a specific IP address acquire the Sa following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of HSG200 Caution If your PC has been set up completely please inform the network administrator before proceeding to the following steps 133 4ipnet 5 1 Choose Use the following IP address and enter the IP address Subnet mask If the DNS Server field is empty select Using the following DNS server addresses and enter the DNS Server address Then click OK 5 2 Click Advanced to enter the Advanced TCP IP Settings window 5 3 Click on the
112. kernel ring buffer It is used to examine or control the kernel ring buffer The program helps users to print out their boot up messages instead of copying the messages by hand gt Main menu Go back to the main menu Change admin password Besides supporting the use of console management interface through the connection of null modem the system also supports the SSH online connection for the setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface But connecting the system by SSH we have to enter the username and password The username is admin and the default password is also admin which is the same as for the web management interface Password can also be changed here If administrators forget the password and are unable to log in the management interface from the web or the remote end of the SSH they can still use the null modem to connect the console management interface and set the administrator s password again 99 E 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Caution Although it does not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the HSG200 Admin username and password after logging in the system for the first time Reload factory default Choosing this option
113. l 18 30 20 73 Mbyte s 600 Mbyters Client s Purchasing Record lI nte rn et Acce 55 Enjoy Online Service Disclaimer Content Change the Number Price 9000 88 View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer Choose Billing Plan for Authorize Net Payment Page These 10 plans are the plans configured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed Client s Purchasing Record O Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change it O Description Item Name This is the item information to describe the product for example Internet Access O Email Header Enter the information that should appear in the header of the invoice 157 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual gt Authorize Net Payment Page Fields Configuration Authorize Net Payment Page Remark Content Authorize Net Payment Page Fields Configuration Item Displayed Text Required Credit Card Number Credit Card Number i Credit Card Expiration Date Credit Card Expiration Date First Name First Name Last Name Last Name Card Type Card Type visa American Express
114. l Server Configure On demand Account Creation Create On demand Account Batch Creation Create On demand Account List View 1 General Settings This is the common setting for the On demand User authentication option e WLAN ESSI D It will show the ESSID of Public Zone e Wireless Key It will show the wireless key that was configured in Public Zone settings e Currency Select the desired currency unit for charged internet access Remaining Reminder Enable it and input the count down minute system will remind users that their quota will run out soon when their quota reaches this time The remaining message will not show up if the Remaining Reminder time is configured longer than the quota of billing plans Sync Interval Select the desired interval for on demand user quota update The quota information i e remaining time or remaining quota displayed on the on demand user login success page will be refreshed according to the time interval configured here 2 Ticket Customization On demand account ticket can be customized here and previewed on the screen 43 3 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Ticket Customization Receipt Header 1 Welcome Receipt Header 2 Receipt Header 3 Receipt Footer 1 Thank You Receipt Footer 2 Receipt Footer 3 Remark None Background Image Uploaded Image Edit Number of Tickets 1 2 Preview e Receipt Header There a
115. lated to each connection method are described in the following page 12 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 3 2 1 Static IP Static Manually specifying the IP address of the WAN Port The fields with red asterisks are mandatory e IP Address The IP address of the WAN port Subnet Mask The subnet mask of the WAN port Default Gateway The gateway of the WAN port Preferred DNS Server The primary DNS Server of the system Alternate DNS Server The substitute DNS Server of the system This is an optional field WAN Configuration 9 Static Use the following IP settings IP Address i li Subnet Mask Default Gateway le WAN j i Preferred DNS Server In Alternate DNS Server Dynamic IP settings assigned automatically PPPoE 3 2 2 Dynamic Dynamic It is only applicable for the network environment where the DHCP server is available upstream of the system Click the Renew button to get an IP address automatically WAN Configuration Q Static Use the following IP settings WAN 9 Dynamic IP settings assigned automatically Renew PPPoE 3 2 3 PPPoE PPPoE When selecting PPPoE to connect to the network please set the Username Password MTU and Clamp MSS There is a Dial on demand function under PPPoE If this function is enabled a Maximum I dle Time will be available for input a value When the idle time is reached the system will auto
116. le clients only 26 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 4 3 Zone Wireless Security Configure Zone Wireless Security go to System gt gt Zone Configuration click Configure of Private zone or click Configure of Public zone After the above configurations are finish setup the wireless security is very important to protect your wireless network Wireless Settings VAP 1 VAP Status Enable Disable Basic ESSID Security Security Type None Beacon Interval i00 WEP 500ms WPA PSK RTS Threshold 2346 1 2346 Wireless Settings VAP 2 VAP Status Enable Disable Basic ESSID Security Secunty Type Beacon Interval WEP 500ms BO 1 RTS Threshold WPA PSK 1346 WPA RADIUS Fragment Threshold 2346 256 2346 Security For each zones administrators can set up the wireless security profile it include WEP 802 1x for Public Zone only WPA PSK or WPA RADIUS for Public Zone only e WEP 802 11 Authentication Select from Open System or Shared Key B WEP Key Length Select from 64 bit 128 bit 152 bit key length WEP Key Format Select from ASCII or Hex format for the WEP key B WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies which WEP key will be used for the encryption of wireless frames during data transmission B WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys e 802 1X B
117. lifespan Begin Time End Time F Deletion Time bas Time DT my Invalid gt Valid 155 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Appendix F External Payment Gateways This section is to show independent Hotspot owners how to configure related settings in order to accept payments via Authorize net PayPal SecurePay or WorlPay making the Hotspot an e commerce environment for end users to pay for and obtain Internet access with credit cards 1 Payments via Authorize Net Configure Payments via Authorize Net go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt Authorize Net Before setting up Authorize Net it is required that the merchant owners have a valid Authorize Net account gt Authorize Net Payment Page Configuration External Payment Gateway 9 Authorize Net PayPal Q SecurePay WorldPay Disable Authorize Net Payment Page Configuration Merchant Transaction Key ee Payment Gateway URL https secure authorize net gateway transact dll Enable Disable Verify SSL Certificate Test Mode O Enable 9 Disable MD5 Hash O Enable 9 Disable Merchant ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payment Gateway URL This is the def
118. load User Local User List Username Password MAC Address Applied Policy Remark Del All ui ul None Delete Total 1 100 First Prev Next Last Download User to File MAC Addiess Applied Policy Remark Username Password user 1i user i 1 Download 117 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 12 2 RADIUS Advanced Settings Configure RADIUS Advanced Settings go to Users gt gt Authentication Click Configure of RADIUS gt Complete vs Only ID For RADIUS authentication there is an option to send the complete username with postfix or username only Username Format When Complete option is checked both the username and postfix will be transferred to the RADIUS server for authentication On the other hand when Only I D option is checked only the username will be transferred to the external RADIUS server for authentication NAS Identifier System will send this value to the external RADIUS server if the external RADIUS server needs this gt NAS Port Type System will send this value to the external RADIUS server if the external RADIUS server needs this gt Class Policy Mapping This function is to assign a Policy to a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attributes log into the system via the RADIUS server each client will be mapped to its assigned Policy RADIUS Policy Mapping Server 2 O Enable 9 Disable
119. matically disconnect itself 13 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH WAN Configuration Static Use the following IP settings Dynamic IP settings assigned automatically PPPoE Username le WAN Password MTU bytes Range 1000 1492 Clamp M55 bytes Renge 980 1400 Dial on Demand Enable 9 Disable 14 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 3 3 Internet Connection Detection Configure Internet Connection Detection go to System gt gt WAN Traffic WAN Traffic Available Bandwidth Uplink 100000 Kbps Range 10 100000 mtn Downlink 100000 Kbps Range 10 100000 9 Enable Disable Target for detecting Internet connection IP Domain Name www google com Internet Connection Detection IP Domain Name IP Domain Name When Internet connection is down the system will display the message as Sorry The network outbound service is temporari e Internet Connection Detection When enabled system will try to access these IP Domain addresses if system can reach these IP Domain address it means that the outbound Internet connection is in normal state On the other hand there is a text box available for the administrator to enter a reminding message This reminding message will appear on clients screens when Internet connection is down 15 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 3 4 WAN Band
120. ne 74 oM ME MWEC Eire ewe tne eer Ri ne Nn m Temm 76 8 41 4 Walled Garden ADOBISE ins ane ee ei abe sacs een eae 11 AFU EFEO ME sete ne et ores HEP eM O 78 8 2 Portal URL after successful l gIi itecto aa vo tege credite tete ee tno tasas 78 S 22 dle TII heat aed tette eiui eec CLIP icem cL EDI ome e ac ald LOL 79 oo SAIUIEIDIG EO 7 eee mr eT tr rT CEU DEM IR ECL I E II TY OORT BSR TT 80 Networking Features of a Gateway ua csccccsssccssssccsssccsssecesssesesscsesscees 81 IP PRIUO ipie zi ch RR 81 Dynamic Domain Name Service DDNS eene nnne 82 POr aNd LP CCUG CE nirna a dbit odd ais Saves des ebat onini iab Em ed 83 System Management and Utilities eere eere eere ee eere ee eneee 84 SY SUG IM TIEDIG e ste cecicaiactecssate tas e taste en IA D col dead ta ieu ee AES E ILE a 84 PT eG e RR E TESTER 85 User Log Access IPAOOFess ci ede belle ee elei a Dodo re ode Jesh te 86 SNMP eye 87 Three Level Administration essen nnne A 88 CG cm a SN O earan E T E 90 Backup Restore and Reset to Factory sese eene 02 iii User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 10 8 Fil rware DDOESOO s oe octo E Te mee D LC AMI DEDI 93 10 9 Bist RR TUN EE TURPE 94 IRoTNCMME Ires Seius ir T 95 TOTOE Wak cOn Br er e
121. net service provider Do you want to set up an Internet mail account now C Yes lt Back f Bp Cancel eS Internet Connection Wizard l Completing the Internet Connection Wizard You have successfully completed the Internet Connection wizard Your computer is now configured to connect to your Internet account To connect to the Internet immediately select this box and then click Finish X 7 Finally click Finish to exit the I nternet Connection Wizard Now the set up is completed After you close this wizard vou can connect to the Internet at any time by double clicking the Internet Explorer icon on your desktop r To close the wizard click Finish Cancel Windows XP 1 Choose Start gt gt Control Panel gt gt Seed ay amp Control Panel File Edit View Favorites Tools Help Q Back gt amp lt Search lig Folders ii Address Control Panel b US Accessibility Add Hardware Add or Administrative Date and Time Options Remoy Tools Internet Option gj co va Control Panel A Je Switch to Category View See Also Folder Options Fonts 5A p Mouse Connections e 3 Printers and Regional and Scanners and Faxes Language Cameras S wu System Taskbar and Display A windows Update 9 Help and Support Keyboard Network 124 Internet Options Game Controllers Phone and Power Options Modem 2 Sounds and
122. networks and the Internet Ia My Computer ZA 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH f 18 x File Edit View Favorites Tools Advanced Help Back Search Gyrolders CBuistory A Uz X A E Address eao L1 eo m s Make New Network and Dial Connection 2 Right click on the Local Area Connection icon and select Properties up Connections Disable Status Local Area Connection insta Shorter Type LAN Connection Status Enabled AMD PCNET Family PCI Ethernet Adapter g Displays the properties of the selected connection 3 EENET Protocol rer LRJS 21x and then click Properties Now you can General choose to use DHCP or a specific IP Connect using BER AMD PENET Family PCI Ethernet Adapter address Components checked are used by this connection Install Description Transmission Control Protacol Intermet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected OK Cancel 4 Using DHCP If you want to use DHCP 2 xi General 44 choose Obtain an IP address You can get F settings assigned automatically if your network supports this capability Othenwise you need to ask your network administrator for automatically and then click OK This ese en Ste SES is also the de
123. ngs as follows Click Select hyperlink to pick up a color for each item and then fill in your copyright message You can also upload a Logo image file for your template with the Preview and Edit the I mage File button Click the button of Configure the setup page will appear for the corresponding page where you can change the text displayed as you wish After finishing the setting click Preview to see the result If you are happy with the customized pages click Apply to activate the changes made Disclaimer Page e The Disclaimer Page is for the hotspot owner or MIS staff who want to display terms of use or announcement information before the user login page Click the button of Configure the setup page will appear An unauthorized client will receive a disclaimer page once opening the web browser If a client select I agree and clicks Next then he or she will proceed to the User Login 120 HSG200 Wireless Hotspot Gateway ENGLISH 9 4ipnet User s Manual Page for client to login with username and password e External Page Choose the External Page option if you wish to use user pages located on a designated website Click the button of Configure for each custom pages and enter the URL of its corresponding external login page and then click Apply After applying the setting the new login page can be previewed by clicking Preview button 121 4ipnet Appendix A Network Configuration on PC Login User s Ma
124. nnection BLI NKI NG indicates transmitting data a LED ON indicates wireless ready LED ON indicates outbound internet connection is alive LED OFF indicates that outbound internet connection is down The detection interval is 1 minute hence it reflects the connection status within the last minute For ea WES status during WES setup WES Start LED BLINKING SLOWLY LED BLINKING QUICKLY WES Negotiate LED BLINKING SLOWLY LED BLINKING QUICKLY WES Fail Negotiate LED OFF LED OFF Timeout LED ON for over 5 seconds WES Success LED ON for over 5 seconds after Master displays WES Success For future usage only 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 2 4 System Requirement Standard 10 100BaseT including network cables with RJ 45 connectors All PCs need to install the TCP IP network protocol 2 5 Installation Steps Please follow the steps below to install HSG200 Please follow the steps mentioned below to install the hardware of HSG200 1 Place the HSG200 at a best location The best location for HSG200 is usually at the center of your wireless network There are two ways to supply power over to HSG200 a Connect the DC power adapter to the HSG200 power socket on the front panel b HSG200 is capable of receiving DC current via its WAN PoE port Connect an IEEE 802 3af compliant PSE device e g a PoE switch to the WAN port of HSG200 with the Ethernet cable Connect
125. nnection time quota with expiration Enable amp Disable 11 min s connection time quota BENE 2 Enable Disable Enable Disable 1 Valid until 12 00 the following day Enable Enable Enable Enable Enable Enable 8 Disable Disable Disable Disable Disable 8 Disable WorldPayNoteContent You must 111 in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card E WorldPay Payment Configuration WorldPayIl nstallation I D The ID of the associated Merchant Account Payment Gateway URL The default website of posting all transaction data Currency The currency to be used for the payment transactions Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here WorldPay Billing Configuration These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled 164 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual gt WorldPay Note Content The message content will be displayed as a special notice to end customers Before setting up WorldPay it is required that the hotspot owners have a valid WorldPay Merchant Account from its official website RBS WorldPay Merchant Services amp Payment Processing going to rbsworldpay com gt gt support cente
126. nt rule and Delete denotes to delete the rule gt gt To edit a specific rule Edit in Operation column of firewall rules will lead to the following page for detail configuration From this page the rule can be edited from an existing rule for revision NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Client Mobility Layer 2 Firewall Edit Filter Rule Rule Number 8 Rule Name rule 8 Action for Matched Packets Pass Block Rule Remark Link Layer Configuration Ether Type All M Interface 9 From To VAP2 Source Destination MAC Address MAC Address MAC Mask MAC Mask Rule Number The numbering of this specific rule will decide its priority among available firewall rules in the list Rule name The rule name can be denominated here Action for Matched Packets The rule can be chosen to be Block or Pass packets that match the rule criteria Rule Remark The additional reference note of this rule can be specified here EtherType The drop down list will provide the available types of traffics subject to this rule gt Interface For specifying the traffic direction To or From VAP2 subjected to this rule 31 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH gt Pv4 Service when EtherType is IPv4 Select the available upper layer protocols services from the drop down list gt DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for the fields
127. nual HSG200 Wireless Hotspot Gateway ENGLISH Network Configuration on PC amp User After HSG200 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup e Internet Connection Setup Windows 9x 2000 Choose Start gt gt Control Panel gt gt 1 2 I nternet Options Choose the Connections tab and then click Setup 122 E Control Panel 8j x File Edit view Favorites Tools Help Back amp A Search L 4 Folders C History as D ox A Egy Address 3a Control Panel Go 4 f AN Rea Y Gd L Dis f Accessibility Add Remove Add Remove Control Panel Options Hardware Programs Internet Options m o Configures your Internet display s j and connections settings Display Folder Options Fonts eH A Pi s e Keyboard Mouse Network and Phone and Power Options Dial up Co Modem QE 3 09 Windows Update c Windows 2000 Support um p ag os Printers Regional Scanners and Scheduled Sounds and Options Cameras Tasks Multimedia a 9s bxc System Users and VMware Tools Pac inr ds z Configures your Internet display and connections settings I My Computer Internet Properties ajx General Security Content Connections Programs Advanced ba Use the Internet Connection Wizard to zy connect your computer to Ehe Internet Dial up settings Add R
128. ol over RADIUS Attribute Name Attribute Attribute Value Number HSG200 Byte Amount 10 To be defined by administrator for different user group HSG200 MaxByteln 11 To be defined by administrator for different user group HSG200 MaxByteOut 12 To be defined by administrator for different user group HSG200 Byte Amount AGB 20 To be defined by administrator for different user group HSG200 MaxBytel n AGB 21 To be defined by administrator for different user group HSG200 MaxByteOut 4GB 22 To be defined by administrator for different user group 137 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH If the amount of traffics is larger than 4 GB the attributes of XXXX 4GB will be used For example if the amount is 5 GB the following settings should be set HSG200 Byte Amount 1048576 and HSG200 Byte Amount 4GB 1 On the other hand when the administrator fills in all attributes the user will be kicked out from system if any condition is reached For example if the administrator sets HSG200 Byte Amount 1048576 HSG200 MaxByteln 1048576 and HSG200 MaxByteOut 1048576 the user will be kicked out from system when the downlink uplink or total traffic exceeds the limit 2 VSA configuration in RADI US server IAS Server This section will guide you through a VSA configuration in your external RADIUS server Before getting started please access your external RADIUS server s desktop
129. orldpay com wcc purchass Currency GBP Pound Sterling M Note The WAN IP of gateway must be real IP P N V11020100804 166
130. ormal Warning of I nternet Internet Connection Detection and all online users are Disconnection allowed disallowed to log in the network Retained The maximum number of days for the system to retain the users Days information User Log Receiver Email The email address to which the user log information will be set Address es NTP Server The network time server that the system is set to align System Time time me system time is shown as the local time The minutes allowed for the users to be inactive before their account Idle Time Out User Session expires automatically Control Multiple Enabled disabled stands for the current setting to allow disallow Login multiple login from the same local account Preferred DNS Server IP address of the preferred DNS Server Alternate DNS Server IP address of the alternate DNS Server 102 4ipnet 11 1 2 Interface Status View Interface Status go to Status gt gt Interface User s Manual HSG200 Wireless Hotspot Gateway ENGLISH This section provides an overview of the interface for the administrator including WAN Zone Wireless General Settings Zone Private and Zone Public MAC Address 00 1F D4 00 51 53 IP Address 10 26 1 151 Subnet Mask 255 255 0 0 Packets Out Bytes Out 5475 6304432 Packets In 382007 Bytes In 391014250 Number of Sessions 3 Zone Wireless General Settings
131. out a specific period of time For example during exhibition events or large conventions such as Computex where each registered participant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account will become expired and not able to use any more defined explicitly by the operator Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information 154 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Editing Billing Plan Plan 6 Account Type Counting Method Elapsed Time 9 Begin and end Time Cut off Time EndTime 03 v O3 v Jun 1D v 2014 v z000 l Range O 100000 including two digits after decimal point eg 1 959 TIP When the Account Type is Duration time three Counting Methods may be used to decide when the account expires 28 Price 1 Elapsed Time specifies the time duration from account creation for which the account iz valid 2 Cut off Time specifies the next cut off time point far which the account becomes invalid 3 Begin and End Date Time specifies that the account is valid between the two time points GENS Gi Duration time Begin and end Time account
132. pecial notice to end customers in the page of Rate Plan For example it can describe the cautions for making a payment via PayPal 161 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 3 Payments via SecurePay Configure Payments via SecurePay go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt SecurePay Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website Q Authorize Net Merchant ID Merchant Password Payment Gateway URL Verify SSL Certificate Currency Plan 1 D O N C Uu W W j a External Payment Gateway PayPal 9 SecurePay WorldPay Disable SecurePay Payment Page Configuration AUD Australian Dollar Service Disclaimer Content We may collect and store the following personal information Physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us Choose Billing Plan for SecurePay Payment Page Enable Disable Quota Price Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable SecurePay Payment Page Remark Content You must fill in the correct credit card number and expiration date Card code is the last 3 digits of the
133. pports this capability Othenwise uou need to ask your network administrator Far the appropriate IP settings DObtain an ddies automatically t Use the following IF address IP address Subnet mask Default gateway f Use the following ONS server addresses Preferred DNS server Alternate DNS server Advanced ES ER Cancel OF Advanced TCP IP Settings E IP Settings ONS WINS Options x IP addresses IF address DHCP Enabled Default gateways Interface metric Cancel 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 5 4 Enter the gateway address of HSG200 TCP IP Gateway Address ed ea in the Gateway field and then click Add After back to the IP Settings tab ateway Q click OK to complete the configuration v Automatic metric Metric _ AGO OII Aaaod Cancel Check the TCP IP Setup of Window XP 1 Select Start gt gt Control Panel gt gt f Control Panel File Edit View Favorites Tools Help Network Connection Q O d Osea By Foes Ei ss Je Control Panel v Go E Control Panel z EN 2 Accessibility Add Hardware Administrative Date and Time G Switch to Category View Options sie Tools Mm D w 9 Display Game Internet A Windows Update Controllers Options 9 Help and Support te j 5 f s Keyboard Network Phone and Power Options Connections Modem D Print
134. r gt gt account login STEPO Log in to the Merchant Interface gt Login url www rbsworldpay com support index php page login amp c WW gt Select Business Gateway Formerly WorldPay gt Click Merchant Interface gt Username user2009 gt Password user2009 STEPO Select Installations from the left hand navigation STEP Choose an installation and select the Integration Setup button for the specific environment gt Installation ID 239xxx a e 6 e STEP Check the Enable Payment Response checkbox STEPG Enter the Payment Response URL gt URL wpdisplay item MC callback STEP Check the Enable the Shopper Response 165 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH d 8 rf Installations LJ da 3 Command Batch installation 1D 239 TEST Risk Management Administration Cade TEST User Management TEST Lipar Profile i wer invest oom Pups Data current ee to 12s Det 67 14 08 Merchant MERTHANTITTAH I Copyright REE olc 2009 STEPO Select the Save Changes button STEP Input Installation ID and Payment Gateway URL in gateway Ul gt Installation ID 2009test gt URL https select wp3 rbsworldpay com wcc purchase External Payment Gateway Authorize Net PayPal SecurePay 9 WorldPay Disable WorldPay Payment Page Configuration Installation ID Payment Gateway URL https select wp3 rbsw
135. re 3 receipt headers supported by the system The entered content will be printed on the receipt These headers are optional Receipt Footer There are 3 receipt footers supported by the system The entered content will be printed on the receipt These footers are optional Remark Enter any additional information that will appear at the bottom of the receipt Background Image You can choose to customize the ticket by uploading your own background image for the ticket or choose none Click Edit to select the image file and then click Upload The background image file size limit is 100 Kbytes No limit for the dimensions of the image is set but a 460x480 image is recommended e Number of Tickets Enable this function to print duplicate receipts Another Remark field will appear when the Number of Ticket is selected to 2 and the content will appear at the bottom of the 2 duplicate receipt Preview Click Preview button the ticket will be shown including the information of username and password with the selected background You can also print the ticket here Billing Plans Administrators can configure several billing plans Click Edit button to enter the page of Editing Billing Plan Configure billing plans with desired account type expiration date price etc Click Apply to save the plan Go back to the screen of Billing Plans check the Enable checkbox or click Select all button and then click Apply the plan s will be activated
136. reless Settings VAP 2 VAP Status 9 Enable Disable Basic EXIB HSG200 2 Security Security Type None Beacon Interval 100 25 500ms RTS Threshold 2346 1 2346 Fragment Threshold 2346 256 2346 Advanced Broadcast SSID Enable Disable Station Isolation Enable Disable WMM Enable 9 Disable Wireless Settings VAP2 Wireless Settings for Public Zone O Basic Enable the VAP Status if you wish to provide wireless service under this zone Assign an ESSID for VAP2 under Private Zone or use default HSG200 2 the ESSID of Private Zone will be broadcasted in default settings to allow it to be scanned in the air Security Configure the wireless network under Public Zone with security encryption to prevent unauthorized wireless association if necessary The encryption standards supported are WEP 802 1X WPA PSK and WPA RADIUS Advanced The parameters in advanced are wireless settings that allow customization of data transmission enhanced security and wireless roaming 25 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual Beacon Interval The entered amount of time indicates how often the beacon signal will be sent from the VAP RTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the frame to prevent the hidden node problem The RTS mechanism will be activated if th
137. rface Policy 3 Destination Subnet Mask Gateway Interface Policy 4 Destination Subnet Mask Gateway Interface Policy 5 Destination Subnet Mask Gateway Interface Global Policy Destination Subnet Mask Gateway Interface System Destination Subnet Mask Gateway Interface 192 168 1 0 7255 225 255 0 0 0 0 0 Private 192 168 11 0 295 439 239 0 0 0 0 0 Public 10 22 0 0 299 233 0 0 0 0 0 0 WAN 0 0 0 0 0 0 0 0 10 22 0 1 WAN Policy 1 5 Shows the information of the individual Policy from 1 to 5 Global Policy Shows the information of the Global Policy System Shows the information of the system administration gt Destination The Destination IP address gt Subnet Mask The Subnet Mask of the IP address range gt Gateway The Gateway IP address of the interface gt Interface Including WAN Private and Public 105 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 11 1 4 Current Users View Current Users go to Status gt gt Online Users In this page each online user s information including Username IP Address MAC Address Pkts In Bytes In Pkts Out Bytes Out Idle and Kick Out will be shown Administrators can force out a specific online user by clicking the hyperlink of Kick Out Click Refresh to update the current users list Online Users List Username Pkts In Bytes In Idle No Sec IP Address MAC Address Pkts Out Bytes Out Kick Out 106 4ipnet User s Manual HSG200 Wireless Hotspot G
138. riptions of Basic Settings for Private Zone and Public Zone are the same The wireless settings under each zone will be covered in the next section Basic Settings Private Operation Mode Network Interface IP Address Subnet Mask Q Disable DHCP Server 9 Enable DHCP Server Start IP Address End IP Address Preferred DNS Server Alternate DNS Server DHCP Server Domain Name WINS Server Lease Time NAT Router 192 168 1 254_ 255 255 255 0 192 158 1 1 192 168 1 100 168 95 1 1 domain E iDay wj Reserved IP Address List Q Enable DHCP Relay Network Interface o Operation Mode Contains NAT mode and Router mode When NAT mode is chosen the service zone runs in NAT mode When Router mode is chosen this zone runs in Router mode o IP Address The IP Address of this zone o Subnet Mask The subnet Mask of this zone gt DHCP Server Related information needed on setting up the DHCP Server is listed here Please note that when Enable DHCP Relay is enabled the IP address of clients will be assigned by an external DHCP server The system will only relay DHCP information from the external DHCP server to downstream clients of this zone o Start IP Address End IP Address A range of IP addresses that the built in DHCP server will assign to clients Note please change the Management IP Address List accordingly at System gt gt General gt gt Management IP
139. rk Ether Type All M Interface 9 From O To VAP2 Source MAC Address MAC Mask gt gt To move a specific rule Client Mobility User s Manual HSG200 Wireless Hotspot Gateway ENGLISH I Layer 2 Firewall 9 default rule Pass Block Link Layer Configuration Destination MAC Address MAC Mask Move to in Operation column of firewall rules will lead to the following page for reordering confirmation Click OK to save the changes made Move to No 5 OK Cancel Please make sure all desired rules are checked as Active and applied in overview page 33 4ipne t User s Man HSG200 Wireless Hotspot Gateway El Layer 2 Firewall Enable Disable Rule Name Ether Type Remark Operation 1 Igi Block CDP and VTP IEEE 802 3 ong e 2 Block STP IEEE 802 3 Mee 3 Ig Block GARP IEEE 802 3 i enh 4 Block RIP IPv4 Ve 5 Igi Block HSRP IPv4 Move to 6 Block OSPF IPv4 Move to 8 Block rule 8 ARP Insert Befor 9 Block default rule ANY Move to 10 Block rule 9 ANY Move to Total 10 First Prev Next Last e a 34 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 4 4 2 Predefined and Custom Service Protocols The administrator can add or delete firewall service protocols here the services in this list will become available drop down options to choose from in firewall rule when EtherType is IPv4 The first 27 entries are default services and the adm
140. rnet Public Zone p Private Zone a Netwrk Printer Owner s office D Example A typical Hotspot network 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 2 3 Hardware Descriptions Front Panel a usm ror tuture sage on Press to start running WES WDS Easy Setup process Console Attach the RS 232 console cable here for management use only LAN1 LAN2 Attach Ethernet cables here for connecting to the wired local network LAN1 maps to Private Zone and requires no user authentication LAN2 maps to Public Zone and by default requires user authentication Attach the wired external network here This port supports Power over Ethernet PoE for flexible installation This is hardware reset button Press once to restart the system 12VDC 1A power adapter Power Socket For connecting to external power supply via the 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Rear Panel Antenna Connector Attach antennas here HSG200 supports 1 RF interface with 2 SMA connectors 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Top LED Panel lt gt amp WLAN LANI LAN WAN l T 6 5 4 3 2 1 JB LED ON indicates power on OFF indicates power off LED ON indicates WAN connection OFF indicates no connection BLI NKI NG indicates transmitting data LANI LAN2 FYJ LED ON indicates LAN1 LAN2 connection OFF indicates no E co
141. s the network without authentication to be set in the Granted Access by MAC Address HSG200 allows 100 privilege MAC addresses at most When manually creating the list enter the MAC address the format is xx XX XX XX XX xx as well as the remark not necessary These settings will become effective immediately after clicking Apply Granted Access by MAC Address No MAC Address Remark 10 Total 100 First Prev Next Last Caution Permitting specific MAC addresses to have network access rights without going through standard authentication process under Public zone may cause security problems 71 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 7 4 Disable Authentication in Public Zone Configure Disable Authentication in Public Zone go to System gt gt Zones Configuration click Configure in Public Zone General WAN Conhigurabon WAN Traffic cone Lonhaurabon fone Settings Name ESSID Wireless Security Default Authen Option Details Prvate None M A Configure Public None Server 1 Authentication Settings Authentication Required For UN auth server Postfix Authentication Options aS Server 3 RADIUS radiusz On demand User ONDEMAND ondemand Authentication Required For the Zone When it is disabled users will not need to authenticate before they get access to the network within Public Zone 72 4ipnet User s Manual HSG200 Wireless Hotspot G
142. scriptions please refer to Appendix F External Payment Gateways External Payment Gateway Authorize Net PayPal SecurePay WorldPay amp Disable Terminal Server Terminal Server Configuration is a list of serial to Ethernet devices that communicate with the system only never get online and no need to go through authentication process Enter the device IP into server IP field 45 4ipnet Item Server IP User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Terminal Server Configuration Port 6 On demand Account Creation Location Remark After at least one billing plan is enabled the administrator can generate single on demand user accounts here Click this to enter the On demand Account Creation page Click on the Create button of the desired plan to create an on demand account The username and password of to be created on demand account is configurable Select Manual created in Username Password Creation and then administrator can enter desired username and password for the on demand account In addition an External ID such as student s school ID can be entered together with account creation After the account is created you can click Printout to print a receipt which will contain the on demand user s information including the username and password to a network printer Moreover you can click Send to POS to print a receipt by a POS device Note If no Billing plan is enabled accounts cannot
143. st from the drop down menu and this black list will be applied to this specific authentication option e Configure Click Configure button to enter the specific authentication page For example if you want to edit the Local authentication database please click Configure button of Local 37 4ipnet 5 1 1 Local User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Click the button Configure of Local for further configuration Account Roaming Out 802 1X Authentication Local User Database Settings Local User List Q Enable 9 Disable Q Enable 9 Disable devices such as AP and switch Local user database will be used as authentication database for roaming out users Local user database wil be used as internal RADIUS database for 802 1X enabled LAN Local User List It let the administrator to view add or delete local user account The Upload User button is for importing a list of user account from a text file The Download User button is for exporting all local user accounts into a text file Clicking on each user account leads to a page for configuring the individual local account Username usera users userl Add User Upload User Download User Search Local User List Password MAC Address Applied Policy Remark user Policy 1 user3 None userl Policy4 Total 3 500 First Prev Next Last Del All Delete Delete Delete Add User Click this button to enter into the
144. start process Do you want to RESTART the system YES No Caution The connection of all online users to the system will be disconnected when system is in the process of restarting 94 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 10 10 Network Utility Configure Network Utility go to Utilities gt gt Network Utilities System provide some network utilities to allow administrators to use Wake on LAN is for waking up remote devices that supports Wake on LAN feature by entering the MAC address of the target device and then press Wake Up button Ping is to see whether a destination host is reachable and alive by entering the destination host s domain name or IP address and then press Ping button Trace Route display the actual route taken to reach the destination host by entering the destination host s domain name or IP address and then press Start button ARP Table for displaying ARP information stored on the system Metwork Utilities Wake on LAN MAC e g XXDOXX DOGXXGEXXC Ping 1P Domain Name Trace Route IP Domain Name ARP Table Show Status Result 10 10 1 Wake on LAN It allows the system to remotely boot up a power down computer with Wake On LAN feature enabled in its BIOS and it is connect to LAN port Enter the MAC Address of the desired device and click Wake Up button to execute this function 10 10 2 Ping It allows administrator to detect a device using IP address or
145. t The total number of packets received and sent by the user o Bytes n Bytes Out The total number of bytes received and sent by the user Download Monthly Network Usage of Local User Click on the Download button for outputting the report manually to a local database Monthly Network Usage of Local User Month No of Entries Usage Data 2009 04 1 Download A warning message will then appear Click Save to download the record into txt format File Download Some files can harm your computer If the file information below looks suspicious or you do not fully trust the source do not open or save this file Filename 2007 08 txt Filetype Text Document From 192 168 2 254 Would you like to open the file or save itto your computer Cancel More Info 109 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 11 2 Notification Configure Notification go to Status gt gt E mail amp SYSLOG HSG200 can automatically send the notification of Monitor I P Report Users Log On demand User Log and Session Log to up to 3 particular e mail addresses A trial email is provided by the system for validation Secondly the system supports recording of System Log On demand Users Log Session Log and HTTP Web Log via external SYSLOG servers Thirdly Session Log and HTTP Web Log can also be configured to be sent to an external FTP server In addition Event Log section on WMI displays of clients associate an
146. t List Username Password Remaining Quota Status External ID Reference Delete All 7k3t g3x5fum4 11 min s Normal New York branch Delete qcz9 6ey68m44 Until 2010 06 16 12 30 Normal Boston Branch Delete Total 2 First Prev Next Last Search Enter a keyword of a username External ID or reference to be searched in the text filed and click this button to perform the search All usernames External ID or reference matching the keyword will be listed Username The login name of the account Password The login password of the account Remaining Quota The remaining time or volume or the cut off time that the account can 48 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH continue to use to access the network e Status The status of the account O O O O O Normal the account is not currently in use and has not exceeded the quota limit Online the account is currently in use Expired the account is not valid any more even if there is remaining quota left Out of Quota the account has exceeded the quota limit Redeemed the account has been applied for account renewal e External ID This is an additional information field for combined with a unique account only for example the customer s name or social security number etc Reference Any other additional information for example venue where the account is generated etc e Delete All This will delete all the users at once Delete
147. tet fotu utt ete ae udis 43 US es Eee RR sae EET 51 5 2 1 Default Aubjehbicatloh imos t EOM Doo ieu a enact nr Ee 51 10 6 1 6 2 6 3 7 1 7 2 7 3 7 4 8 1 8 2 9 1 9 2 9 3 10 1 10 2 10 3 10 4 10 5 10 6 10 7 User s Manual HSG200 Wireless Hotspot Gateway ENGLISH D22 120 GUNA WIN POSUDE RD S 51 5 2 3 Ah Example or USerJEO llY o stud ere On a eate ndo tutae 52 ReEStrall tne USers ono nemis eai vin vi eise as 54 elis diii TT PITT rccKc mU 54 Vursvewivereig ca elige RR T T Us 56 wells t t H UO S 57 6 3 1 PON e I EM IM MEE S 59 6 3 2 ROCE osa uot n p LIMES La UNI ELEM M NEM LIEU M eT 62 6 3 3 DCNCOU IC 64 6 3 4 POKE RR m Tum 65 6 3 5 SEO BB NE o NITE 66 Access Network without Authentication eere 67 DN Zasuusotstem uos qi e M teu x A MER EA I e ionerd 67 Vireda OIVO ecsctadeedas tuse depths N Eod rosea pas IE ID Da een Sep 68 BAG AVA zio sai iz Eae A T TT 69 3 29 I PEIMIIGgO iPas ote SEE a LM MUI C LM P EUM Ae DE Tc get deu 70 3 2 RA sie ciJ i BNET eme 71 Disable Authentication in Public Zone esee nnne 12 User Login and Logout ie e vri eere ego ea vols v2 ed ee vivo uve USE EUER PEE NETTE 73 Before hoy can Keen RR T RU T Te 73 SELON WINO S NR ROS E T CENE 73 8 1 2 Internal Domain Name with Certificate ssssssssssseeenene ee
148. the destination network Select 255 255 255 255 32 if the destination is a single host o Gateway IP Address The IP address of the gateway or next router to the destination 62 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual 2 Default Gateway gt Default Gateway The default gateway of a desired IP address can be defined in each Policy except Global Policy When Specific Default Route is enabled all clients applied with this Policy will access the Internet through this default gateway Policy 1 Specific Default Route Enable IP Address o Enable Check Enable box to activate this function or uncheck to inactivate it o Default Gateway I P Address You may need to fill the IP address of the default gateway 63 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 6 3 3 Schedule gt Schedule Profile Click Setting of Schedule Profile to enter the configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots checkbox and click Apply to save the settings These settings will become effective immediately after clicking Apply 9 Enable Disable Policy 1 Permitted Login Hours HOUR SUN MON TUE WED THU FRI SAT 00 00 00 59 F Ei Ei v Fi Fi Ed 01 00 01 59 PJ Ei Ei w E w W 02 00 02 59 El Ed W Ei Ei yl v 03 00 03 59 z v I E EJ E v 04 00 04 59 E Ei v y E Ei W 64
149. the setup is Completing the New Connection Wizard completed Your broadband connection should already be configured and ready to use IF your connection I not working properly click the following link To close this wizard click Finish ETT ED 126 4ipnet TCP IP Network Setup User s Manual HSG200 Wireless Hotspot Gateway ENGLISH If the operating system of the PC in use is Windows 95 98 ME 2000 XP keep the default settings without any changes to directly start restart the system With the factory default settings during the process of starting the system HSG200 with DHCP function will automatically assign an appropriate IP address and related information for each PC If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If checking the TCP IP setup or using the static IP in the LAN1 LAN2 or LAN3 LAN4 section is desired please follow these steps Check the TCP IP Setup of Window 9x ME 1 Choose Start gt gt Control Panel gt gt Network 2 Click on the Configuration tab and select TCP IP gt gt AMD PCNET Family Ethernet Adapter PCI 1SA and then click Properties Now you can choose to use DHCP or a specific IP address 127 3 Control Panel x File Edit View Go Favorites Help e 0l 5m uv X Bact GIBT Up Cut Copy Paste
150. this extra security feature will assist to mitigate possible security breach This section provides information in the following functions Generic Firewall Rules Predefined and Custom Service Protocols and Advanced 4 4 1 Generic Firewall Rules You can choose to enable or disable the wireless Generic Firewall This section provides an overview of firewall rules for the system s wireless interface 6 default rules with up to a total 20 firewall rules are available for configuration 29 User s Ma ual Layer 2 Firewall Enable Disable IEEE 802 3 IEEE 802 3 IEEE 802 3 Total 10 First Prev Next Last 30 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH From the overview table each rule is designated with the following field No The numbering will decide the priority to let system carry out the available firewall rules in the tables Active Checking this field will mark the rule as active which means this rule will be enforced Action Block denotes a block rule PASS denotes a pass rule Name This is the denominated name of the rule EtherType It denotes the type of traffics subject to this rule Remark It shows the additional reference information of this rule Operation 4 actions are available Edit denotes to edit the rule details Move to denotes to move the rule to a specified rule number I nsert Before denotes to insert a rule before the curre
151. tron INCLUDE dictionary INCLUDE dictionary c dictionary Z SINCLUDE dictionary cisco vpns000 INCLUDE dictionary cisco vpns5000 INCLUDE dictionary cisco bbsrm SINCLUDE dictionary colubris SINCLUDE dictionary erx Step 7 Open the radius database vivian linux 5 mysql u root p radius Enter password Reading table information for completion of table and column names You can turn off this feature to get a quicFKer tup with Welcome to the MySQL monitor Commands end with Your My50L connection id is 96 to server version Type help or 4h for help Type T mysql gt Step 8 Insert VSA into RADIUS response In this example the maximum download and upload traffics in bytes for groupO3 users is 1MBytes mysql gt INSERT INTO radgroupreply GroupName Attribute op Value VALUES grouplis3 cipherium Byte mount 2 10385768 y Query OK 1 row affected 0 00 sec yagl 144 HSG200 Wireless Hotspot Gateway ENGLISH Jw 4ipnet User s Manual Step 9 Restart RADIUS daemon to get your settings activated Thu Oct 30 14 26 41 20068 Info Starting reading cont 145 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Appendix E On demand Account types amp Billing Plan This section explains the parameters as well as the different account types provided when editing billing plans in On demand auth
152. tus page is visited Number of Sessions The sessions of WAN port MAC Address The MAC address of the Wireless Zone Wireless Band The current Band setting of Wireless General Channel The current Channel setting of Wireless Settings Transmit Power The current Transmit Power setting of Wireless Mode me operation mode of the zone MAC Address The MAC address of the zone Zone General I P Address The IP address of the zone Subnet Mask he Subnet Mask of the zone Status Enable disable stands for status of the DHCP server in this zone The WINS server IP on DHCP server N A means that it is not WINS IP Address configured LONE BTG Start IP Address The start IP address of the DHCP IP range End IP address The end IP address of the DHCP IP range Lease Time Minutes of the lease time of the IP address ssip The BSSID of this zone essip The ESSID of this zone Zone VAP Security Type The current security type of this zone Associated Clients The number of associated clients in this zone 104 4ipnet 11 1 3 Routing Table View System Status go to Status gt gt Routing Table All the Policy Route rules and Global Policy Route rules will be listed here Also it will show the System Route rules specified by each interface User s Manual HSG200 Wireless Hotspot Gateway ENGLISH Policy 1 Destination Subnet Mask Gateway Interface Policy 2 Destination Subnet Mask Gateway Inte
153. twork Connect to an existing home ar small office network or set up a new one Set up an advanced connection Connect directly to another computer using Your serial parallel ar infrared port or set up this computer so that other computers can connect bo i Ee 125 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 5 Choose Set up my connection New Connection Wizard manually and then click Next cae ee A The wizard is preparing to set up your Internet connection How do you want to connect to the Internet 2 Choose from_a list of Internet service providers I5 Ps stro tl TE your account name password and a phone acing ot your ISP For a broadband account you won t need a phone number C Use the ED I got from an ISP cee new 6 Choose Connect using a broadband New Connection Wizard connection that is always on and then temer Conner tion A How do vau want ta connect to the Internet click Next O Connect using a dial up modem This type of connection uses a modem and a regular or ISON phone line Connect using a broadband connection that requires a user name and password This is a high speed connection using either a DSL ar cable modem our ISP may refer to this type of connection as PPPoE asma Ik iz poe active xw nam require you ite sign in dus nen 7 Finally click Finish to exit the New Connection Wizard Connection Wizard Now
154. width Control Configure WAN Bandwidth Control go to System gt gt WAN Traffic WAN Traffic Available Bandwidth Uplink 100000 Kbps Range 10 100000 tassi E CE Downlink 100000 Kbps Rsnge 10 100000 9 Enable Disable Target for detecting Internet connection IP Domain Name www google com Internet Connection Detection IP Domain Name IP Domain Name When Internet connection is down the system will display the message as Sorry The network outbound service is temporari re The feature gives administrators control over the entire system s traffic though the WAN interface These parameters set here should not exceed the real bandwidth coming from your ISP For example if your xDSL is 8Mbs 640kbs you may input these two values here Available Bandwidth on WAN Interface Uplink It specifies the maximum uplink bandwidth that can be shared by clients of the system Downlink It specifies the maximum downlink bandwidth that can be shared by clients of the system 16 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 3 5 What is Zone Configure Zone go to System gt gt Zone Configuration A Zone is a logical network area that covers wired or wireless networks or both of them By associating to a unique ESSID of a Zone wireless network is divided into different logical zones Clients attempting to access the resources within a Zone will be controlled based on the access control profile o
155. will reset the system configuration to the factory defaults Restart HSG200 Choosing this option will restart HSG200 100 4ipnet User s Manual HSG200 Wireless Hotspot Gateway ENGLISH 11 System Status and Reports 11 1 View the Status This section includes System Interface Routing Table Online Users User Log and E mail amp SYSLOG to provide system status information and online user status 11 1 1 System Status View System Status go to Status gt gt System This section provides an overview of the system for the administrator System Setting Overview System Name Wireless Hotspot Gateway Portal URL http www google com SYSLOG Server System Log N A N A SYSLOG Server On demand User Log N A N A Warning of Internet Disconnection NTP Server tock stdtime gov tw System Time 2010 06 17 16 17 19 0800 Idle Time Out 10 Min s User Session Control Multiple Login Disabled Preferred DNS Server 168 95 1 1 Alternate DNS Server 168 95 1 1 101 HSG200 Wireless Hotspot Gateway ENGLISH 4ipnet User s Manual The description of the above mentioned table is as follows The IP address and port number of the external SYSLOG Server SYSLOG server System Log N A means that it is not configured SYSLOG server On demand The IP address and port number of the external SYSLOG Server Users Log N A means that it is not configured Show the status for the connection at WAN is normal or abn
Download Pdf Manuals
Related Search