2. System Overview 2.1 Introduction of PLANET WLS-1280
Contents
1. Base DN and Account Attribute Click Next to continue 20 gt NT Domain User NT Domain step 5 Cont NT Domain Configure NT Domain Server information Click Next to continue Server IP Address Ey Transparent Login CA AA When NT Domain User is selected enter the information for Server IP Address and choose to enable disable Transparent Login If Transparent Login is enabled users are logged in PLANET WLS 1280 s NT Domain active directory and authenticated automatically when they log into their Windows OS domain Click Nextto continue Step 6 Save and Restart PLANET WLS 1280 Step 6 Save and Restart PLANET WLS 1280 The Setup Wizard has completed Click on Back to review or modify settings Click Restart to save the settings and restart the system to have the current settings take effect GA ED A Click Restart to save the current settings and restart PLANET WLS 1280 The Setup Wizard is now completed Setup Wizard During PLANET WLS 1280 restart a Restarting now Please wait for a while message will appear on the screen Please do not interrupt PLANET WLS 1280 until the message has disappeared This indicates that a complete and successful restart process has finished 21 Caution During every step of the wizard if you wish to go back to modify the settings please click the Back button to go back to the previous step 3 2 2 User Login P2. Interface IF Subnet Mask Rule Item This is the rule selected Rule Name The rule name can be changed here The rule name can be set to easily identify for example from file server HTTP request or to web etc Enable this Rule After checking this function the rule will be enabled Action There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing Protocol There are three protocols to select TCP UDP and ICMP or choose ALL to use all three protocols Source MAC Address The MAC address of the source IP address This is for specific MAC address filter Source Destination Interface There are four interfaces to choose ALL WAN1 WAN2 Controlled Port and Uncontrolled Port 61 Source Destination IP Enter the source and destination IP addresses Source Destination Subnet Mask Enter the source and destination subnet masks Source Destination Start End Port Enter the range of source and destination ports Specific Route Profile Click the hyperlink of Setting tor Specific Route Profile the Specific Default Route and Specific Route Profile page will appear Profile Name Policy Route 1 specific Default Route Enable Default Gateway P Address A specific Route Profile Destination Gateway Route ttem IP Address Subnet Netmask IP Address 1 2552552852858 pe 2 l 255 285 255 255 32 3 asar asa aj 4 525525525
3. NTP Server tock usno navy mil 5 2 9 tock usno nawy mill DNS Server 10 2 3 203 z Home Page Enter the URL to where the users should be directed when they are successfully authenticated NTP Server Enter the IP address or domain name of external time server for PLANET WLS 1280 time synchronization or use the default DNS Server Enter a DNS Server provided by the ISP Internet Service Provider Contact the ISP if the DNS IP Address is unknown Click Next to continue 16 Step 4 Select the Connection Type for WAN Port Step 4 Select the Connection Type for WAN Port Select the connection type for WAN port Click Next to continue Static IP Address Select itto set static IP address Dynamic IP Address select itto obtain an IF address automatically For most cable modem Users PPPoE Client Enter the PPPoE Clients Username and Password For most DSL users CA AA A Three are three types of WAN1 port to select in wizard Static IP Address Dynamic IP Address and PPPoE Client Select a proper Internet connection type and click Next to continue gt Static IP Address Set WAN Port s Static IP Address Enter the IP Address Subnet Mask and Default Gateway provided by your ISP or network administrator Click Next to continue step 4 Cont Set WAN Port s Static IP Address Click Next to continue IP Address 10 30 1 252 A Subnet Mask 255 255 255 0 Default Gatewa
4. y gt IL pnl O IL IN ML lt a gt Submit Enter reminder_onclick Enter ANA MouseOver MM_swaplmage Image4 images remaining vidth 124 height 38 border 0 gt lt img src images remaining gif name Image4 v 8 lt a gt lt td gt lt table gt lt table gt lt tr gt Script gt if creditcardenable Enabled Click here to purchase by Credit Card Online lt a gt lt script gt lt font gt lt td gt lt tr gt lt table gt lt div gt lt form gt lt form action sh post name Reminder gt rname value gt lt input type hidden name myuse lt input y pe hidden name mypasswol d value gt lt form gt lt br gt lt div align center gt lt table gt lt tr gt 148 lt td width 100 gt lt font color 808080 size 2 gt lt script language JavaScript gt document write copyright lt script gt lt font gt lt td gt lt tr gt lt table gt lt div gt lt body gt lt html gt P N V10020061002 149
5. y Networking amp Communication Wireless LAN Switch WLS 1280 User s Manual Version 1 00 Copyright Copyright 2006 by PLANET Technology Corp All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechanical magnetic optical chemical manual or otherwise without the prior written permission of PLANET PLANET makes no representations or warranties either expressed or implied with respect to the contents hereof and specifically disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their purchase the buyer and not PLANET its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any defect in the software Further PLANET reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes All brand and product names mentioned in this manual are trademarks and or registered trademarks of their respective holders Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limi
6. The IP address and port number of the external Syslog Syslog server On demand User log gt Server N A means that it is not configured Enabled disabled stands for that the system is currently Proxy Server using the proxy server or not Enabled disabled stands for the setting of Friendly Logout hiding displaying an extra confirmation window when users try to close the login successful window Enabled Disabled stands for the connection at WAN is Warning of Internet Disconnection normal or abnormal and all online users are allowed disallowed to log in the network The IP or IPs that is allowed for accessing the Remote Management IP management interface Management Enabled disabled stands for the current status of the SNMP management function The maximum number of days for the system to retain the Retained Days l l users information History The email address that the traffic history information will Email To be sent to NTP Server The network time server that the system is set to align DateTime Time DateTime The system time is shown as the local time The system time is shown as the local time time is shown as the local time The number of minutes allowed for the users to be Idle Timer inactive Enabled disabled stands for the current setting to Multiple Login allow disallow multiple logins form the same account Preferred DNS Server IP address of the preferred DNS Server Alternate DNS Server IP addr
7. Internal Proxy Server Built in Proxy Server O Enabled Disabled 4 Add your proxy Server IP and Port into External Proxy Server Setting 137 External Proxy Server Item Server IP Port 1 iO era 1 6558 internal Proxy Server Built in Proxy Server Enabled Disabled 5 Disable Built in Proxy Server in Internal Proxy Server Setting External Proxy Server Item Server IP Port Ia 20s 6558 2 Internal Proxy Server Built in Proxy Server O Enabled Disabled 6 Click Apply to save the settings 138 Warning l your proxy server is disabled it will make the user authentication operation abnormal When users open the browser the login page won t appear because the proxy server is down Please make sure your proxy server is always available E Client setting It is necessary for clients to add default gateway IP address into proxy exception information so the user login successful page can show up normally 1 Use command ipconfig to get Default Gateway IP Address ci CAWINDO WS WwystemTFAcmd exe M i crosoFt indows XP ER Fii 5 a E 608 z KC Copyright 1785 2881 Microsoft Corp C Documents and Settings duke hung gt ipconf ig Windows IF Configuration Ethernet adapter ESE FL E Connection specific DNS Suffix E sohoware conm O PA A A AA Subnet Mask a a a a a a a 25 255 255 MB deaa dd Default Gatenvay z 1192 168 1 254 Et he Pnet
8. 15mins 20mins Monetary Unit Users List Billing Configuration Create On demand User Billing Report Server Status The status shows that the server is enabled or disabled Postfix Set a postfix that is easy to distinguish e g Local for the server using numbers 0 to 9 alphabets a to z or Ato Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Receipt Header There are two fields Receipt Header 1 and Receipt Header 2 for the receipt s header Enter receipt header message or use the default Receipt Footer Enter receipt footer message here or use the default Monetary Unit Select or enter the desired monetary unit Policy Name Select a policy for the on demand user WLAN ESSID Enter the ESSID of the AP Wireless Key Enter the Wireless key of the AP Remark Enter any additional information that will appear at the bottom of the receipt Billing Notice Interval While a volume type on demand user is still logged in the system will update the billing notice of the login successful page by the time interval defined here 42 User List Click to enter the On demand User List screen In the On demand User List detailed information will be documented here Y VV WV Search l On demand Users List Username Password Remit Status Expire Time Delete All Time Volume 2005 06 02 DH3P ER4S43FE 2 hour 2 hour 17 23 29 Delete 2005 06705 gri YTB23947
9. Account Attribute 56 Server IP Enter the IP address or domain name of the LDAP server e Port Enter the Port of the LDAP server and the default value is 389 e Base DN Enter the distinguished name of the LDAP server e Account Attribute Enter the account attribute of the LDAP server 4 2 1 5 Authentication Method NTDomain Choose NTDomain in the Authentication Method field the hyperlink beside the pull down menu will become NTDomain Setting Authentication Server Server 1 Server Name gemer Hs server mame Server Status Disabled Postfix Posti Its postfix namel Black List Hone Authentication Method NTDomain NT Domain Setting gLocal User Policy IPP Radius LOAF MT Domain Enable VPN Termination When POP3 Radius LDAP or NTDomain is selected from the drop down memu Enable VPN Termination will show up Check Enable VPN Termination to enable this function or not Click the hyperlink for further configuration Enter the server IP address and enable disable the transparent login function These settings will become effective immediately after clicking the Apply button Domain Controller Server P address a Transparent Login f Enable Disable e Server IP address Enter the server IP address of the domain controller Transparent Login If the function is enabled when users log into the Windows domain they will log into PLANET WLS 1280 automatically 4 2
10. Operation Mode NAT Uncontrolled IP Address 192 168 232 254 Subnet Mask 259 255 2 50 Disable DHCP Server Enable DHCP Server Enable DHCP Relay DHCP Server Configuration Uncontrolled Uncontrolled Configuration Operation Mode MAT Uncontrolled IF Address 192168 2 254 Subnet Mask Ela a Operation Mode Choose one of the two modes NAT mode and Router mode by the requirements IP Address Enter the desired IP address for the uncontrolled port Subnet Mask Enter the desired subnet mask for the uncontrolled port DHCP Server Configuration There are three methods to set the DHCP server Disable DHCP Server Enable DHCP Server and Enable DHCP Relay 1 Disable DHCP Server Disable DHCP Server function Disable DHCP Server C Enable DHCP Server CO Enable DHCP Relay DHCP Server Configuration 2 Enable DHCP Server Choose Enable DHCP Sever function and set the appropriate configuration for the DHCP server The fields with red mark are required Please fill in these fields 37 Uncontrolled Configuration Operation Mode NAT Uncontrolled IP Address 1921682 254 Subnet Mask 255 255 255 0 Disable DHCP Server Enable DHCP Server DHCP Scope Start IP Address 192 168 2 1 End IP Address 192 168 2 100 Preferred ONS Server Vee 20S 22010 DHCP Servel Configuration Alternate DNS Server Domain Mame domain WINS Server IP Po Lease Time Reserted IP Ad
11. 2 Black List Configuration The administrator can add delete or edit the black list for user access control Each black list can include 40 users at most If a user in the black list wants to log into the system the user s access will be denied The administrator 57 can use the pull down menu to select the desired black list Black List Configuration Select Black List 1 Blacklist Name Blacklist Liser Remark Total 0 First Prey Mex Last Add User to List e Select Black List There are 5 lists to select from for the desired black list e Name Set the black list name and it will show on the pull down menu above e Add User to List Click the hyperlink to add users to the selected black list Add Users to Blacklist Blacklist1 No Username Remark 10 Po After entering the usernames in the Username blanks and the related information in the Remark blank not required 58 Add Users to Blacklist Blacklist 1 ltem Username Remark V 7 3 4 A A 5 EEE ea 7 i VO a 10 CA A Click Apply to save the settings User James has been added User Junior has been added S Add Users to Blacklist Add Users to Blacklist Blacklist 1 ltem Username Remark 4 E Pl AAA If the administrator wants to remove a user from the black list just select the user s Delete check box and then click the Delete bu
12. A E A Cesenudiees 36 User AUREA CAU A A A A dei 40 42 1 A thentication CONTA A A db 40 422 AA a Oer E EE E a eE 57 Azot MP OUCY7C ONE siao a O 60 ADA Additional C on 1 OUT ALL Oeo a A a iniaveaetoanis 64 ARMNI 0 E Ue erer AT 82 E A NO 82 AS SN eena A ean e aa ease we oat aneocesseite 94 AS Mantal Cont trado Aaa 95 SY 4 4 4 5 4 6 4 7 ADA A ode aaagiuiewaded E inncasueecec EOR 95 Art A O E A A 96 BHO A pncddagncc 96 Network CONTO Aoi aia 96 Adsl NetWork Address Eran at 97 BA A A A eenasteatoan 100 A A O 101 Add Walled Garden dar AA OE a 102 AAS Proxy Server Proper UES q A AAA A A ar E 103 IA O 105 a SS O O O A II ia tend uaa een 105 AS YEN TODA Ml old 105 A SN 107 A Enano PASS WOUC nl id aso 107 4 5 2 BACKUP RESTOS ELISA A A AS 109 LS FMW Do ams 1d AAA I oO PO PEO OE ETE A O 109 DA RES T IN N A N E 110 A A 111 ii dean di odie eacaute dco a a acetal aetna dee shacwes a 112 Oe INLET ACS SUAUUS o to oca dao iosa 113 AO CUE US a 115 AO SUT O A r WAsaabinaataons N T T 116 AOS JINOMMCATON CON OUT AL OMe cae see ne dye EAA EELEE aye EE Er eucdatine wear ES 117 A A tnenseatucten ts 119 Appendix A Console TNC Ale AAA AAA AA AAA AA 120 Appendix B Network Configuration on PC sssccccccssssssssssssssssssssssssssssssssssssssssssssssssssssssees 123 Appendix C IP SCC VEN 0 ideada 128 Appendix D Proxy Setting for HotSpot iia eaan adn nina cantadas 133 Appendix E Proxy Se
13. Access Control List of client stations for each managed AP Locally maintained configuration profiles of managed APs Single UI for upgrading and restoring managed APs firmware System status monitoring of managed APs and associated client stations Automatic recovery of APs in case of system failure System alarms and status reports on managed APs Monitoring and Reporting Status monitoring of on line users IP based monitoring of network devices WAN connection failure alert Syslog support for diagnosing and troubleshooting User traffic history logging Accounting and Billing Support for RADIUS accounting RADIUS VSA Vendor Specific Attributes Built in billing profiles for on demand accounts Enables session expiration control for on demand accounts by time hour and data volume MB Provides billing report on screen for on demand accounts Detailed per user traffic history based on time and data volume for both local and on demand accounts Traffic history report in an automatic email to administrator e System Administration Multi lingual web based management UI SSH remote management Remote firmware upgrade NTP time synchronization Backup and restore of system configuration 3 Base Installation 3 1 Hardware Installation 3 1 1 System Requirements e Standard 10 100BaseT including five network cables with RJ 45 connectors e All PCs need to install the TCP IP network protocol 3 1 2 Package Contents The standard package of
14. Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 732c0n gif 1 d Choose the External Page selection and you can get the login success page e from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new login success page can be previewed by clicking Preview button at the bottom of this page Login Success Page Selection for Users Default Page O Template Page Uploaded Page External Page External Page Setting External URL http 5 Login Success Page for On Demand The administrator can use the default login success page for On Demand or get the customized login success page for On Demand by setting the template page uploading the page or using the external website After finishing the setting you can click Preview to see the login success page for On Demand a Choose Default Page to use the default login success page for On Demand Login Success Page Selection for on demand Users 6 Default Page Template Page Uploaded Page External Page Default Page Setting This is default login success page for on demand users You could click preview link to preview the default login success page Thanks Previews 74 b Choose Template Page to make a customized login success page for On Demand here Click Select to pick up a color and then fill in all of the blanks Y
15. User Click this to enter the Upload User interface Click the Browse button to select the text file for the user account upload Then click Submit to complete the upload process Note The format of each dineis ID Password MAC Policy Remark IPSec without the quotes There must be no space between the fields and commas The MAC field could be omitted but the trailing comma must be retained When adding user accounts by uploading a file existing accounts inthe embedded database that are also defined in the data file will not be replaced by the new ones Note you want user Enabled VPN Termination please set IPSec field to 1 or 0 would disable Upload User Account File Name Browse Submit 48 The uploading file should be a text file and the format of each line is ID Password MAC Policy Remark IPSec without the quotes There must be no spaces between the fields and commas The MAC field could be omitted but the trailing comma must be retained The Group field indicates policy number to use When adding user accounts by uploading a file the existing accounts in the embedded database will not be replaced by new ones If you want user Enable VPN Termination please set IPSec field to 1 to enable VPN or 0 to disable VPN password policy IPSec remark test test 2 testing account 0 policy IPSec password remark Download User Click this to enter the Users List page and the system will dire
16. User AP Network OPTION Configuration Authentication Management Configuration Network Configuration Authentication Change FUNCTION AP List Address System Status Wizard Configuration Password Translation Backup Restore AP Discovery Privilege List Interface Status Information Configuration Settings WAN1 Policy Manual Firmware Monitor IP List Current Users Configuration Configuration Configuration Upgrade WAN2 amp Additional Template Walled Garden Restart Traffic History Failover Configuration Settings List Firmware Proxy Server Notification LAN Port Roles Management Properties Configuration Controlled System Black List AP Upgrade Dynamic DNS Configuration Uncontrolled IP Mobility Configuration VPN Termination Caution After finishing the configuration of the settings please click Apply and pay attention to see if a IN restart message appears on the screen If such message appears system must be restarted to allow the settings to take effect All on line users will be disconnected during restart 29 4 1 System Configuration This section includes the following functions Configuration Wizard System Information WAN1 Configuration WAN2 amp Failover LAN Port Roles Controlled Configuration and Uncontrolled Configuration SS a E o _ m R S Sed User Y AP F Network L Authentication b Management Configuration O system Con
17. Wirimu iili dy RE et Speer St dia rd dl id Pais Leri n E asha ido ra vasa Tc tire Cad al La Stes PA Peo 3 Arora Conneccion Me DE e Prote foo kee Heb Os el lt a AE Geter conten 2 Click the right button of the mouse on the Local Area Connection icon and select Properties br Miara G rei rem i Sel el li iy forth t Local rea Connection Properties General Authentication Advanced Connect using 3 Select General label and choose Internet Protocol TCP IP and then click Properties This connection uses the Following tems Now you can choose to use DHCP or specific IP 8 Client for Microsoft Networks mi File and Printer Sharing for Microsoft Wetworks loc cli address please proceed to the following steps Internet Protocol TCP 1P gt Transmission Control Protocol lnternet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks Description Show icon in notification area when connected 126 1 2 Using DHCP If want to use DHCP please choose Obtain an IP address automatically and click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from PLANET WLS 1280 2 2 Using Specific IP Address If want to use specific IP address you have to ask the network administrator for the information of PLANET WLS 1280 IP add
18. activate https encryption or disable to activate http non encryption login page Time PLANET WLS 1280 supports NTP communication protocol to synchronize the system time with remote time server Please specify the local time zone and IP address of at least one server in the system configuration interface for adjusting the time automatically Universal Time is Greenwich Mean Time GMT Time can also be set manually when selecting Set Device Date and Time Please enter the date and time for these fields 28 Device Time 200671 0 02 14207 Time Zone GhMT 08 0MTaipel se NTP Enable NTP Server 1 fe g tock usno nawy mil Time MTP Server a MTP Server a MTP Server 4 MTP Server E Set Device Date and Time Device Time 0067 0 02 17 42 07 Time Zone GMT 08 00 Taipei e Time O NTP Enable Set Device Date and Time v Hou Minute Second 4 1 3 WAN1 Configuration There are 4 connection types for the WAN1 Port Static IP Address Dynamic IP Address PPPoE Client and PPTP Client WARN Configuration Static IP Address IF Address 10 30 1 252 Subnet Mask 255 255 255 0 Default Gateway 10 30 1 254 WAN Port Preferred ONS Server 10 2 3 203 Alternate DMS Serwer 168 95 1 1 Dynamic IP Address PPPoE Client PPTP Client 29 Static IP Address Manually specifying the IP address of the WAN1 Port is applicable for the network environment where the DHCP service is unavailable The fiel
19. adapter Fe tps LELE edia State a 2 gt gt Media disconnected 2 Open browser to add default gateway IP address e g 192 168 1 254 and logout page IP address 1 1 1 1 into proxy exception information o ForlE Proxy Settings Servers A Type Proxy address to use gt HTTP 10 2 5 35 Secure FTP Socks Use the same proxy server For all protocols Exceptions Do not use proxy server For addresses beginning with Use semicolons to separate entries Oo For firefox 139 Connection Settings Configure Proses to Access the Intemet Direct connection to the Internet Auto detect proxy settings for this network 2 Manual proxy configuration HTTP Proxy 102 3203 Port Use this proxy server for all protocols wel Proxy 102 3 203 FTP Proxy Gopher Proxy SOLE Hast i Fao TIA i Foe SOLES v SOLES v5 Mo Proxy for 192 168 1 254 1 1 1 1 Example mozilla org net nz 192 168 1024 O Automate proxy configuration URL 140 10 lt html gt lt head gt Appendix F Disclaimer for Users PLANET WLS 1280 supports in some situations that the hotspot owners or MIS staff may want to display terms of use or announcement information before the login page Hotspot owners or MIS staff can design a new disclaimer announcement page and save the page in their local server After the agreement shown on the page
20. bottom of this page If want to restore the factory default setting of the logout interface click the Use Default Page button lt form acton usenoqout shtm methocE post name E nter gt Input type text name nwusemame gt lt input type password name nwpassword gt lt input type submit na me submit v alue L oqpout gt lt input type reset name clear value Clear gt lt forme 71 4 Login Success Page The administrator can use the default login success page or get the customized login success page by setting the template page uploading the page or using the external website After finishing the setting you can click Preview to see the login success page a Choose Default Page to use the default login success page Login success Page Selection for Users 6 Default Page Template Page Uploaded Page External Page Default Page Setting This is default login success page for users You could click prewew link to prewew the default login success page Thanks Preview b Choose Template Page to make a customized login success page here Click Select to pick up a color and then fill in all of the blanks You can click Preview to see the result first Login Success Page Selection for Users Default Page Template Page Uploaded Page External Page Template Page Setting Color for Tithe Background Select RGB values in hex mode Color for Title
21. code must be the image file you will upload lt img src images xx jpg gt Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login page click the Use Default Page button to restore it to default Total Capacity 512 K Now Used 0k Upload Image Files Upload Images Browse Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 732en gif 1 In PLANET WLS 1280 the end user first gets a login page when she he opens its web browser right after associating with an access point However in some situations the hotspot owners or MIS staff may want to display terms of use or announcement information before the login page Hotspot owners or MIS staff can design a new disclaimer announcement page and save the page in their local server After the agreement shown on the page is read users are asked whether they agree or disagree with the disclaimer By clicking agree users are able to log in If users choose to decline they will get a popup window saying they are unable to log in The basic design is to have the disclaimer and login function i
22. contact information credit card numbers and transactional information based on your activities on the Internet service provided by uz If the information you provide cannot be dacrosoft interne Explorer 5 O agrees disagree d Choose the External Page selection and get the login page from the specific website Enter the website address in the External Page Setting field and then click Apply Login Page Selection for Users Default Page Template Page Uploaded Page External Page External Page Setting External URL hip After applying the setting the new login page can be previewed by clicking Preview button at the bottom of this page 70 User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In amp User Name Password Logout Page The users can apply their own logout page here The process is similar to that of Logout Page Upload Logout Page File Name Browse Submit Lise Default Page Existing Image Files Total Capacity 512 K Now Used 0 K Upload image Files Upload Images Browse Submit Preview The different part is the HTML code of the user defined logout interface must include the following HTML code that the user can enter the username and password After the upload is completed the user defined login user interface can be previewed by clicking Preview at the
23. enabled or disabled Controlled Configuration Operation Mode MAT Controlled IPF Address 192 166 1 254 Subnet Mask 259 7 55 2590 Disable DHCP Server O Enable DHCP Server O Enable DHCP Relay DHCP Server Configuration e Controlled Controlled Configuration Operation Mode MAT ow Controlled IF Address 192 166 1 254 Subnet Mask 250 255 205 Operation Mode Choose one of the two modes NAT mode and Router mode by the requirements IP Address Enter the desired IP address for the controlled port Subnet Mask Enter the desired subnet mask for the controlled port e DHCP Server Configuration There are three methods to set the DHCP server Disable DHCP Server Enable DHCP Server and Enable DHCP Relay 1 Disable DHCP Server Disable DHCP Server function Disable DHCP Server O Enable DHCP Server C Enable DHCP Relay DHCP Server Configuration 2 Enable DHCP Server Choose Enable DHCP Sever function and set the appropriate configuration for the DHCP server The fields with red mark are required Please fill in these fields 34 Disable DHCP Server Enable DHCP Server DHCP Scope Stan IF Address End IPF Address Preferred DNS Server 192 168 1 1 la 192 168 1 100 E 192 203 230 10 DHCP Servel Configuration Alternate DNS Server Domain Name domain le WINS Server IP Lease Time Dar Reserved IPF Address List Enable DHCP Relay DHCP Scope Enter the Start IP Ad
24. i lt d forms length i x d forms i n for i 0 x amp amp d layers amp amp i lt d layers length i x MM_findObj n d layers i document f x amp amp d getElementByld x d getElementByld n return x function MM_swaplmage v3 0 var 1 j 0 x a MM_swaplmage arguments document MM_sr new Array for i 0 i lt a length 2 i 3 if X MM_findObj a i null document MM_sr j x if lx oSrc x oSrc x src x src ali 2 function init form id getCookie username if id 84 id null form myusername value id disclaimer style display login style display none function Before_Submit form if form myusername value alert Please enter username form myusername focus form myusername select disableButton false return false if form mypassword value 143 alert Please enter password form mypassword focus form mypassword select disableButton false return false if disableButton true alert The system is now logging you in please wait a moment return false else disableButton true return true return true function reminder_onclick form Reminder myusername value form myusername value Reminder mypassword value form mypassword value Reminder submit function cancel_onclick form form reset function check_agree form if form selection 1
25. in hex mode Color for Tithe Text Select RGB values in hex mode Color for Page Background Select RGB values in hex mode JUL Color for Page Text select RGB values in hex mode Welcome Copyrigh c Choose Uploaded Page and upload a login page Click the Browse button to select the file to upload Then click Submit to complete the upload process 66 Login Page Selection for Users Default Page Template Page Uploaded Page External Page Uploaded Page Setting File Name Browse Submit Existing Image Files Total Capacity 512 K Now Used 0 Upload Image Files Upload Images Browse Preview After the upload process is completed the new login page can be previewed by clicking Preview bution at the bottom User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In a User Name 9 Password v Submit Y Remaining The user defined login page must include the following HTML codes to provide the necessary fields for username and password 67 lt form action userlogin shtml method post name E nter gt lt input type text name myus ername lt input type password name mypassword gt lt input type submit name submit value Enter gt lt input type reset name clear value Clear gt lt form gt lf the user defined login page includes an image file the image file path in the HTML
26. is read users are asked whether they agree or disagree with the disclaimer By clicking I agree users are able to log in If users choose to decline they will get a popup window saying they are unable to log in The basic design is to have the disclaimer and login function in the same page but with the login function hidden until users agree with the disclaimer Here the codes are supplied Please note that the blue part is for the login feature the red part is the disclaimer and the green part can be modified freely by administrators to suit the situation better Now the default is set to I disagree with the disclaimer Administrators can change the purple part to set agree as the default or set no default These codes should be saved in local storage with a name followed by html such as login_with_disclaimer html lt META HTTP EQUIV Pragma CONTENT no cache gt lt meta http equiv Content Type content text html charset utf 8 gt lt META HTTP EQUIV Cache Control CONTENT no cache gt lt link href include style css rel stylesheet type text css gt lt title gt Login lt title gt lt script language javascript1 2 gt var pham document cookie var disableButton false function getCookie name name append to name string var i 0 index of first name value pair while i lt pham length var offset name length end of section to compare name string if
27. pham substring i offset name if string matches var endstr pham indexOf offset end of name value pair if endstr 1 endstr pham length return unescape pham substring offset endstr 141 return cookie va funct var str lue section i pham indexOf i 1 move i to next name value pair if i 0 break no more values in cookie stri return null cookie not found ng ion CodeCookie str Rt n wee for var i str length 1 i gt 0 i strRtn str charCodeAt i trRin a return strRtn function DecodeCookie str var strArr var strRtn strArr str split a for var i st strRtn St rArr length 1 i gt 0 i ring fromCharCode eval strArr i rRtn function MM_swaplmgRestore v3 0 var i x a document MM_sr for i O a amp amp i lt a length amp amp x a i amp amp x oSrc3i x src x 0Src function MM_preloadimages v3 0 var d document if d images Array _preloadlmages arguments for i 0 i lt a length i var d MM_p length a MN 142 if a i indexOf 0 d MM_plj new Image d MM_p j src ali function MM_findObj n d v4 01 var p i x If d d document if p n indexOf gt 0 amp amp parent frames length d parent frames n substring p 1 document n n substring 0 p if x d n amp amp d all x d all n for i 0 x amp amp
28. port IP of PLANET WLS 1280 Please enter the External Service Port Local Server IP Address and Local Server Port According to the different services provided the network service can use the TCP protocol or the UDP protocol In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply button 98 Public Accessible Server External Local Server IP item tanica Port dress Local Server Port Type Enable B E e C ee o EA O e o E ee s A EE e C e jl om E o EA O e C A e une E E E O E e o Me ele Total4o First Prev Next Last Port and IP Redirect This function allows the administrator to set 40 sets of the IP addresses at most for redirection purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination According to the different services provided choose the TCP protocol or the UDP protocol These settings will become effective immediately after clicking Apply 99 Destination Translated to Destination e AE ee y ASEO be Ms ee ee e E y RASO e ss ee ee e E y AO Ms ee ee e E y AO be y EE ee e ASEO be Totali40 First Prev Mest Last 4 4 2 P
29. will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login success page for On Demand click the Use Default Page buiton to restore it to default Total Capacity 512 K Now Used 0K Upload Image Files Upload Images Browse Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file 76 and click Delete to delete the file Existing Image Files 1102474548 732c0n gif TO d Choose the External Page selection and you can get the login success page for On Demand from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new login success page for On Demand can be previewed by clicking Preview button at the bottom of this page Login Success Page Selection for Users Default Page O Template Page O Uploaded Page External Page External Page Setting External URL http 6 Logout Success Page The administrator can use the default logout success page or get the customized logout success page by setting the template page uploading the page or using the external website After finishing the setting you can click Preview to see the logout success page a Choose Default Page to use the default logout success page Logout Success Page Selection for Users Default Page Temp
30. 0 LOGIN userl local tw 192 168 1 1 00 D0 C9 60 01 01 0 Sew So amp e On demand User Log As shown in the following figure each line is a on demand user log record consisting of 13 fields Date System Name Type Name IP MAC Pkts In Bytes In Pkts Out Bytes Out Expiretime Validtime and Remark of user activities On demand User Log 2005 03 22 Date en Type Mame IF MAC os m o Expiretine Validtime Remark 17 55 58 rica Create OD_UserP4SP 0 0 0 000 00 00 00 00 000 0 0 oO so lone P 17 86 03 vico Create OD User 2H 0 0 0 000 00 00 00 00 000 0 0 oO o flo ace 17 56 07 vico Create OD User886D 0 0 0 000 00 00 00 00 000 0 0 oO e fone EE e Roaming Out Traffic History As shown in the following figure each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming Out Traffic History 2005 03 22 Date Type Name NASID NASIP NASPort Uservm cl sessionlb sessionTime Bytes In Bytes Out Pkts In Pkts Out Message Roaming In Traffic History As shown in the following figure each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserlP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming In Traffic History 2005 03 22 Date Type Mame NASID NASIP NASP
31. 0 Windows XP and Windows 2000 are the only two supported OS along with this release 132 8 Appendix D Proxy Setting for Hotspot HotSpot is a place such as a coffee shop hotel or a public area where provides Wi Fi service for mobile and temporary users HotSpot is usually implemented without complicated network architecture and using some proxy servers provided by Internet Service Providers In Hotspots users usually enable their proxy setting of the browsers such as IE and Firefox Therefore so we need to set some proxy configuration in the Gateway need to be set Please follow the steps to complete the proxy Access Port configuration 6 Te Login Gateway by using admin Click the Network Configuration from top menu and the homepage of the Network Configuration will appear a gt User System Configuration Authentication L Management IP Proxy DEIET O Metwork Configuration tetwork Address Translation Network Address Translation Privilege List 0 Monitor IP List Walled Garden List Privilege List Monitor IP List Proxy Server Properties Network Configuration PLANET WLS 1280 provides 3 types of network address translation DMZ Demilitarized zone Public Accessible Server and IFfPort Redirect System provides Privilege IP Address List and Privilege MAC Address List System will MOT authenticate those listed devices System can moni
32. 00 00 00 00 00 00 00 00 00 Access C Control Client Click AP Name and configure the settings of the AP 86 ontrol Enabled List 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 List General Settings Name MEWDODE W 00004 Settin Remark Mone Firmware 1 24 LAN Interface Setting IP 192 168 1 5 LAN Mode Static IF Wireless Interface Setting SSID default Wireless LAN Channel 11 security Type Disabled Access Control Setting Status Disabled Access Control Mode Allowed Number of MAC Addresses Please note that since there are 2 types of APs that can associate with PLANET WLS 1280 WAP 4033 and WAP 4060 the interfaces for these 2 types of APs are different due to their functionalities When the Setting hyperlink is clicked For WAP 4033 Administrators can input name of the AP password and remark General Settings Name NEWDEY 00004 Admin Password Remark Firmware 1 24 For WAP 4060 Administrator must specify a country or domain from the drop down menu Also the description field can be filled in 87 for later reference Syslog can be disabled or enabled and a minimum severity level can be selected to note on the Syslog report Check to enable Rogue AP Detection or leave it as a blank to disable it General Settings Name NEvvWOEV O0O003
33. 02 59 I m m m m z M 05 00 03 59 ri m m M r ri M 04 00 04 59 e m m e m m z 05 00 05 59 m z m M m m M 06 00 06 59 e m Iw Iw e e M 07 00 07 59 I m e Iw m m M 08 00 08 59 m M m M M m M 09 00 09 59 e m Iw e m m e 10 00 10 59 lw m m M m m M 11 00 11 359 et Iw Iw Iw e et Iw 1200 1259 e wf al e m m e 1380 1359 e I m e e e z 14 00 1459 e e et e m m e 15 00 15 59 lw m m m m m z 16 00 16 59 m M m M e e e 17 00 17 59 e e m Iw a Iw e 15 00 18 59 z z m z z z M 19 00 19 59 I a al e m m e 000 2059 I m al m m m M 22 59 m M m z e e e 2200 2259 e m et e e m z 2300 23 59 e M Iw Iw e fw M 63 Total Bandwidth Select the bandwidth from the drop down menu It s the total bandwidth the users under this particular policy need to share Individual Maximum Bandwidth Select the bandwidth from the drop down menu It s the most bandwidth an individual user can obtain under this particular policy which cannot exceed the value for Total Bandwidth Individual Request Bandwidth Select the bandwidth from the drop down menu It s the requested bandwidth for an user under this particular policy which cannot exceed the value for Individual Maximum Bandwidth 4 2 4 Additional Configuration Additional Configuration Idle Timer minutes Range 1 1440 User Contro Multiple Login LJ On demand and RADIUS authentication do NOT support multiple login Friendly Logout session Timeout Range 5 1440 Ro
34. 09 29 11 52 45 SSID default Number of Associated 0 Clients Remark AP Status Detail System Status LAN Status Wireless LAN Status Access Control Status Associated Client Status gt System Status The table shows the information about AP Name AP Status and Last Reporting Time System Information AP Name MNEWDE 00004 AP Status Online Last Reporting Time 0056 04 29 11 54 46 gt LAN Status The table shows the information about IP Address Subnet Mask and Gateway 84 LAN Interface IP Address 192 168 1 5 Subnet Mask Pa Mala al Gateway 1942168 1 254 gt Wireless LAN Status The table shows all of the related wireless information Wireless Interface Up Time Uday Oh 20m29s SSID default Beacon Interval ms 100 RTS Threshold 24 Channel 11 Transmission Rate Auto Preamble Type Long Preamble IAPP Enabled Security Disable gt Access Control Status The table shows the status of MAC under the control of the AP which may appear to be Disabled or Enabled according to the settings Access Control Status Disabled 85 gt Associated Client Status The table shows the clients connected to the AP and the related information of the client No MAC User ID TX Packet s RX Packet s Rate Power Saving Expiration countdown AP Name Status 00 30 4F 28 BFD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
35. 1 wireless default Mone a 2 default Mone O E default Mone O 4 default Mone O 5 default Mone O E default Mone O 7 default Mone O 8 default Mone O When Access Control hyperlink is clicked Access Control In this function when the status is Enabled only the APs which MAC addresses are listed in the list can be allowed to connect PLANET WLS 1280 When Disabled is selected all APs can connect PLANET WLS 1280 For WAP 4033 Access Control Status Disabled MAC Address List L L L O0 00 00 00 00 00 2 O0 00 00 00 00 00 E 00 00 00 00 00 00 4 00 00 00 00 00 00 5 00 00 00 00 00 00 E 00 00 00 00 00 00 T 00 00 00 00 00 00 g 00 00 00 00 00 00 g 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 la 00 00 00 00 00 00 14 00 00 00 00 00 00 15 00 00 00 00 00 00 16 00 00 00 00 00 00 sls 00 00 00 00 00 00 18 00 00 00 00 00 00 19 00 00 00 00 00 00 20 00 00 00 00 00 00 For WAP 4060 The interface for WAP 4060 is generally the same as for WAP 4033 but with total of 128 sets of MAC Address that can be filled in 93 4 3 2 AP Discovery Use this function to find out all the APs in the network segments AP Discovery Uncontrolled L Base p 182168 21 Pool Size 12 Interface Controlled C Base F 192 168 1 1 Pool Size 12 AP Type WAP 4033 IP Address StatIP 192 166 0 1 AP Access Range Enaip 19216801 ID admin Password admin Auto Discovery Status Di
36. 2 hour 2 hour 11 45 36 Delete Total First Previous Next Last Search Enter a keyword of a username to be searched in the text field and click this button to perform the search All usernames matching the keyword will be listed Username The login name of the on demand user Password The login password of the on demand user Remain Time Volume The total time Volume that the user can use currently Status The status of the account Normal indicates that the account is not in use and not overdue Online indicates that the account is in use and not overdue Expire indicates that the account is overdue and cannot be used Expire Time The expiration time of the account Delete All This will delete all the users at once Delete This will delete the users individually 43 Billing Configuration Click this to enter the Billing Configuration page In the Billing Configuration screen Administrator may configure up to 10 billing plans Billing Configuration Valid Duration ES Plan Status Type Expired info Enabled Pai Moys 3 days l Disabled Time 2 hours 5 days o mins o hours O volume Mbvt Enabled __ i days Disabled O Time hours days mins _ hours volume Mbvt r O Enabled __ j days Disabled O Time hours days _ mins _ hours volume Mbvt i O Enabled __ das Disabled O Time hours days _ mins hours volume Mbvt O Enabled __ i das Disabled O Tim
37. 280 supports three kinds of account interface You can log in as admin manager or operator The default usernames and passwords are as follow Admin The administrator can access all configuration pages of PLANET WLS 1280 User Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user accounts but has no permission to change the settings of the profiles for Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand Userto create and print out the new on demand user accounts User Name operator Password operator The administrator can change the passwords here Please enter all the required fields with red asterisks if changing the password is desired Click Apply to activate this new password 107 Change Admin Password Old Password New Password Verity Password v Apply Change Manager Password Change Operator Password Caution If the administrator s password is lost the administrator s password still can be changed through the text mode management interface on the serial port console printer port 108 4 5 2 Backup Restore Settings This function is used to backup restore PLANET WLS 1280 settings Also PLANET WLS 1280 can be reset to the factory default settings here Backup current system settings Restore system settings Reset to t
38. 532 pe 266 255 255 255 32 v 6 sd 525526526532 pe 7 2552552552553 255 265 265 265 ma a l 255 255 255 255 32 10 255 255 255 255 32 AI Specific Default Route Enable Click to enable the setting of specific default route Default Gateway There are 3 methods of the default gateway that Specific Default Route supports Select WAN1 Default Gateway to set WAN1 as the default gateway Select WAN2 Default Gateway to set WAN2 as the default gateway Select IP Address and enter the IP address of the specific router Specific Route Profile Profile Name The profile name can be changed here Destination IP Address The destination IP address of the host or the network 62 Destination Subnet Netmask Select a destination subnet netmask of the host or the network Gateway IP Address The IP address of the gateway or the router to the destination Schedule Profile Click the hyperlink of Setting tor Schedule Profile to enter the Schedule Profile list Select Enable to show the list This function is used to restrict the time the users can log in Please enable disable the desired time slot and click Apply to save the settings These settings will become effective immediately after clicking the Apply button Profile Name Schedule Enabled Disabled Login Schedule Profile HOUR SUN MON TUE WED THU FRI SAT 00 00 00 59 e I I e e e z 01 00 01 59 e m et e e m e 02 00
39. AC address iS XX XX XX XX XX XX Ol XX XX XX XX XX XX 81 4 3 AP Management This section includes the following functions AP List AP Discovery Manual Configuration Template Settings Firmware Management and AP Upgrade system ia Y MF Hetwork 5 Configuration 2 nticati IN b Configuration AP Management The list shows the current AP summary including type name IP AP List MAC and online status It also provide the operation for each AP on reboot enable disable delete apply a new template and to do further examination or detailed configuration This discovery function is to detect the unmanaged APS within LANs Template Settir i i i AP Discovery and assign the desired IFs for the future management With the AP access information administrator is able to manually or automatically discover AP on the selected LANs e Administrators who are familiar with the new AP can set it up PORO Manual Configuration manually by filling in the necessary information There are three templates from the drop down box that can be chosen Administrators can edit template settings here These templates Template Settings are saved and can be used in Manual Configuration and AF Discover sections This page lets administrators manage firmwares and shows each firrniware s functions Administrators can Upload new firmwares and have a choice of deleting or downloading already Uploaded firmwares Firmware Ma
40. BJA BJA F 4 4 Network Configuration This section includes the following functions Network Address Translation Privilege List Monitor IP List Walled Garden List Proxy Server Properties and Dynamic DNS IP Mobility and VPN Termination 96 system a User Configuration Authentication Network Address Translation Privilege List Monitor IP List Walled Garden List j Proxy Server Properties 4 4 1 Network Address Translation Network Address Translation Privilege List Monitor IP List Waled Garden List Proxy Server Properties Dynamic DNS IP Mobility VPN Termination E Management e O Metwork Configuration Network Configuration PLANET WLS 1280 provides 3 types of network address translation DMZ Demilitarized zone Public Accessible Server and IPIPort Redirect System provides Privilege IP Address List and Privilege MAC Address List System will MOT authenticate those listed devices System can monitor up to 40 network devices online status with an option to add them as public access servers via HTTP or HTTPS Even Under MAT mode after added the devices as public access servers the devices can be accessed by clicking the hypertext Lip to 0 hosts URL could be defined in Walled Garden List Clients may access these URL without authentication PLANET WWL6 1280 supports Up to 10 external proxy servers System can redirect traffic to external proxy server into builti
41. Configuration Policy Configuration and Additional Configuration System r Network Utilities Configuration b Management Configuration O User Authentication Black List Configuration System provides 3 authentication servers Each server allows only ern one type of authentication method and one Black List Profile An authentication policy may be assigned to any policy System Policy Configuration supports the following external authentication servers POP3 S Authentication RADIUS LOAP and NT Domain Additional Configuration Configuration system also has embedded user database storing 500 user accounts for local user group 500 and On demand user group 2000 System may print out On demand user accounts information using an external printer By default the On demand user database is empty System supports 5 Black List profiles for used within the Black List Configuration authentication server On demand users are WOT bounded bythe Black List System provides 8 policies each policy can apply independent Policy Configuration firewall profile specific route profile login schedule profile and bandwidth policy Users will be logged out automatically after being idle for a specified period of time Multiple login of the same user account could be enabled or disabled not available to On demand users Additional Configuration System provides Friendly Logout option
42. Country or Domain Disabled e syslog Minimum Severity Level Rogue AP Detection _ Enable Rogue AP Detection Firmware Version 2 3 Release 04 When the LAN hyperlink is clicked For WAP 4033 Enter the IP address subnet mask default gateway for LAN LAN Settings IP Address 192 165 1 5 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 254 For WAP 4060 Enter all the information including a DNS server IP address LAN Settings IP Address 192 166 1 13 Subnet Mask 255 255 255 0 Default Gateway 197 166 171 254 DNS 192 205 230 10 When the Wireless LAN hyperlink is clicked For WAP 4033 88 Properties SSID The SSID is the unique name shared among all devices in a wireless network The SSID must be the same for all devices in the wireless network It is case sensitive and has a maximum length of 32 bytes SSID Broadcast Select this option to enable the SSID to broadcast in your network When configuring the network it is suggested to enable this function but disable it when the configuration is complete With this enabled someone could easily obtain the SSID information with the site survey software and get unauthorized access to a private network With this disabled network security is enhanced and can prevent the SSID from being seen on networked Channel Select the appropriate channel from the list to correspond with the network settings for example 1 to 11 channels are suitable for the North Am
43. N Switch Subscriber Gateway ai ti caros YY 1 280 WAN Status WAN LAN 2 PWR 1 2 1 2 3 4 5 66 7 8 1 2 3 4 2 Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to ADSL modem cable modem or a switch hub of the internal network The LED of WAN1 port should be on to indicate a proper connection 3 Connect an Ethernet cable to one of the LAN5 LAN8 Port on the front panel Connect the other end of the Ethernet cable to a client s PC The LED of the connected port should be on to indicate a proper connection Note The default role of these four ports is Uncontrolled Port 4 Connect an Ethernet cable to one of the LAN1 LAN4 Port on the front panel Connect the other end of the Ethernet cable to a client PC AP or switch in managed network The LED of the connected port should be on to indicate a proper connection Note The default role of these four ports is Controlled Port Attention 1 PLANET WLS 1280 supports Auto Sensing MDI MDIX You may use either straight through or cross over cable to connect the Ethernet Port 2 Usually a straight cable could be applied when PLANET WLS 1280 connects to an Access Point which supports 10 automatic crossover If after the AP hardware resets PLANET WLS 1280 could not be able to connect to the AP while connecting with a straight cable the user have to pull out and plug in the straight cable again This scenari
44. Name Publisher status Tame File ES E mail Micrsoft Outlook E Dus o com Search Enabled Browser Helper Object Inte22 pe oam El Internet Explorer Service Enabled Browser Helper Object Helper ee ee I E New WebController Class Enabled Browser Helper Object Win8C Internet Call Nethfectng E Router Video 40 Not verified Router Video Enabled Browser Helper Object ryvd0d ae Shockwave Flash Object Macromedia Inc Enabled ActiveX Control Flashie Shes ces MU SSVHelper Class Not verified Sun Micwosy Enabled Browser Helper Object sev dll Contact List Micansoft Outlook wll Sun dara FHS Not verified Sum Microsy Enabled Browser Extension se dll Ea VEN Chentipsec Not verified cipherim Enabled ActyeX Control YPNCI E web browser Windows Messenger Enabled Browser Extension Internet Explorer is the default web Make deraull El EML DOM Document Microsoft Corporation Enabled ActiveX Control mamal Browser E Yahoo Messenger Not verified Yahoo Inc Enabled Browser Extension YA HO Tell me if Internet Explorer is mot the default web browser E PEA Enabled Browser Extension F il El Manage add ons A oI fis Enable or disable browser add ons Manage add ons Select an add on from the list above to perform the following actions y installed in your system Settings Delete To disable an add on click tand then click Disable To delete an Enable Click here to delete this Delete Actives Actes cont
45. PLANET WLS 1280 includes e PLANET WLS 1280 x 1 e CD ROM x1 e Quick Installation Guide x 1 e Power Adapter DC 12V x 1 e Cross Over Ethernet Cable x 1 e Console Cable x 1 Warning It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance 3 1 3 Panel Function Descriptions Front Panel Status LED LAN1 LANS gt Black indicates BIOS Each LAN port can be configured to be running controlled port or uncontrolled port gt Blink light indicates gt Clients connected to controlled port to OS running need authentication to access network gt Solid light indicates gt Clients connected to uncontrolled port the system ready can access the web management interface a i i l LAN 5 6 7 T Wireless LAN Switch Subscriber Gateway Metering de torrann YY LS 1280 WAN LAN 4 5 6 T 8 1 2 1 2 3 4 dl Power LED Eo E eee AAA Solid light stands for LAN1 LANS LED WANT WAN the power is on Lights up indicates a good connection to the LAN port Connects to the Intranet or Internet by Switch WAN WAN LED Lights up indicates a good connection to the WAN port LED There are four kinds of LED PWR Status WAN and LAN LED to indicate different status of the system WAN1 WANZ2 The two WAN ports are connected to a network which is not man
46. Text select RIGA values in hex mode Color for Page Background Select RGB values in hex mode LOL Color for Page Text Select RGB values in hex mode Welcome 12 c Choose Uploaded Page and you can get the login success page by uploading Click the Browse button to select the file for the login success page upload Then click Submitto complete the upload process Login Success Page Selection for Users Default Page Template Page Uploaded Page External Page Uploaded Page Setting Existing Image Files Total Capacity 512 K Now Used 0K Upload Image Files Preview After the upload process is completed the new login success page can be previewed by clicking Preview button at the bottom lf the user defined login success page includes an image file the image file path in the HTML code must be the image file you will upload lt img src images xx jpg Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login success page click the Use Default Page button to restore it to default Total Capacity 512 K Now Used 0K Upload Image Files Upload Images Browse Submit 73 After the image file is uploaded the file name will show on the Existing Image
47. WAN port that helps the administrator memorize and connect to WAN port If the DHCP is activated at WAN port this function will also update the newest IP address regularly to the DNS server These settings will become effective immediately after clicking Apply Dynamic DNS DONS Enable Disable Provider OynDNS org Dynamic Host name Username E mail Password Key e DDNS Enabling or disabling of this function e Provider Select the DNS provider e Host name The IP address domain name of the WAN port e Username E mail The register ID username or e mail for the DNS provider e Password Key The register password for the DNS provider 4 4 7 IP Mobility PLANET WLS 1280 supports IP PNP function IP Mobility IP PNP FT Enable If this function is enabled a client can use any reasonable IP address to connect to the system Regardless of what the IP address at the user end is the client can still be authenticated through PLANET WLS 1280 and access the network 4 4 8 VPN Termination Virtual Private Network or VPN a type of technology designed to increase the security of information transferred over the Internet VPN can work with either wired or wireless networks as well as with dial up connections over POPS VPN creates a private encrypted tunnel from the end user s computer through the local wireless network through the Internet all the way to the corporate servers and database 105 VPH Termination Setti
48. a qe Configure static IF DHCP on WAN por The Internet Connection VORNE renee Detection and WAN Failover are also configured here The roles define two types of LAN ports Controlled Authentication is required for wireless clients to access LAN Port Roles the network through these LAN ports Uncontrolled Mo authentication is required for wireless clients to access the network through these LAN ports Clients from Controlled partis must login before accessing Controlled network except those devices listed on the IPIMAC Privilege List Configuration The Controlled operates in WAT mode or Router mode Available options include DHCP Server and DHCP Relay Clients from Uncontrolled portis will not be authenticated The Uncontrolled operates in MAT mode or Router mode Available options include DHEP Server and DHCP Relay Uncontrolled Configuration 4 Click the System Configuration from the top menu and the homepage of System Configuration will appear Then click on Configuration Wizard and click the Run Wizard button to start the wizard User gi AP i Network Utilities i Status L t Configuration MENGE seria eile AA A AAA Configuration Wizard Configuration Wizard i PLANET WLS 1280 is a Network Access Controller with access control features ideal for i i hotspot small and medium business networking The wizard will guide you through the WAN Configuration process of cre
49. aged by PLANET WLS 1280 system and this port can be used to connect the ATU Router of ADSL the port of Cable Modem or the Switch or Hub on the LAN of a company WAN2 doesn t support load balance with WAN1 e LAN1 LANE8 Client machines connect to PLANET WLS 1280 via LAN ports Each LAN port can be configured to one of two roles controlled or uncontrolled The differences of these two roles for a client connected to are gt Clients connected to controlled port to need authentication to access network gt Clients connected to uncontrolled port can access the web management interface Rear Panel T2 DE ps Console dial l z ca HF r Reset Console DC 12V Presses this button Configures the system The power adaptor to restart the system via HyperTerminal attaches here A e Reset Press this button to restart the system e Console The system can be configured via serial console port An administrator can use terminal emulation program such as Microsoft s HyperTerminal to login to the configuration console interface to change admin password or monitor system status etc e DC 12V The power adapter attaches here 3 1 4 Installation Steps Please follow the following steps to install PLANET WLS 1280 Ta Dat Console 1 Connect the 12V DC power adapter to the power connector socket on the rear panel The Power LED should be on to indicate a proper connection 6 7 8 Q PLANET Wireless LA
50. ain Name in the list and these settings will become effective immediately after clicking Apply 102 Walled Garden List tem Addres item Addres 1 E 3 Po 7 4 E 11 A 7 12 19 e 14 O 15 A 16 OoOO 17 fT 18 19 7 20 4 4 5 Proxy Server Properties PLANET WLS 1280 supports Internal Proxy Server and External Proxy Server functions 103 External Proxy Server tem Server IP Port fe 2 fe Internal Proxy Server Built in Proxy Server O Enable Disable External Proxy Server Under PLANET WLS 1280 security management the system will match the External Proxy Server list to the end users proxy setting If there isn t a matching then the end users will no be able to reach the login page and thus unable to access the network If there is a matching then the end users will be directed to the system first for authentication After a successful authentication the end users will be redirected back to the desired proxy servers depending on various situations Internal Proxy Server PLANET WLS 1280 has a built in proxy server If this function is enabled the end users will be forced to treat PLANET WLS 1280 as the proxy server regardless of the end users original proxy settings For more details about how to set up the proxy servers please refer to Appendix D and Appendix E 104 4 4 6 Dynamic DNS PLANET WLS 1280 provides a convenient DNS function to translate a domain name to the IP address of
51. aming Out Time Idle Timeout 110 Firange 1 120 Interim Update 5 Range En Certificate Login Fage LogoutPage Login success Page Upload Fl eme Login success Page tor On Demand Logout success Page volume Enable Disable Credit Reminder Time Enable Disable POPS Message Edit Mail Message Enhance User Authentication FETHA Address List User Control Functions under this section applies for all general users Idle Timer If a user has been idled with no network activities the system will automatically kick out the user The logout timer can be set in the range of 1 1440 minutes and the default logout time is 10 minutes Multiple Login When enabled the same account can be logged in by different clients at the same time This function doesn t support On demand users and RADIUS server Friendly Logout When a user logs into the network a small window will appear to show the user s information and there is a logout button for the logout If enabled When the users try to close the small window there will be 64 a new popup window to confirm the logout in case the users click the logout button by accident Roaming Out Timer Session Timeout The time that the user can access the network while roaming When the time is up the user will be kicked out automatically Idle Timeout If a user has been idled with no network activities the system will automatically kick out the user Interim Update The system wi
52. arden free surfing zone Supports MAC Address Pass Through Supports HTTP Proxy e Security Supports data encryption WEP 64 128 bit WPA WPA2 Supports authentication WPA PSK WPA2 PSK IEEE 802 1x EAP MD5 EAP TLS CHAP PEAP Supports VPN Pass through IPSec and PPTP Supports DoS attack protection Supports user Black List Allows user identity plus MAC address authentication for local accounts User Management Supports up to 120 concurrent users Provides 500 local accounts Provides 2000 on demand accounts Simultaneous support for multiple authentication methods Local and On demand accounts POP3 S LDAP RADIUS NT Domain Role based and policy based access control per role assignments based on Firewall policies Routing Login Schedule Bandwidth Customizable login and logout portal page User Session Management 1 SSL protected login portal page Supports multiple logins with one single account Session idle timer Session account expiration control Friendly notification email to provide a hyperlink to login portal page Windows domain transparent login oe Oe a oe IN Configurable login time frame AP Management Supports up to 12 manageable IEEE 802 11 compliant APs Centralized remote management via HIT TP SNMP interface Automatic discovery of managed APs and list of managed APs Allows administrators to add and delete APs from the device list Allows administrators to enable or disable managed APs Provides MAC
53. ating a baseline strategy Please follow the wizard step by step to configure PLANET WLS 1280 WAN amp Failover LAN Port Roles Controlled Configuration Uncontrolled Configuration D t 14 5 Configuration Wizard Configuration Wizard Welcome to the Setup Wizard The wizard will quide you through these 6 quick steps Begin by clicking on Next Step 1 Change Admin s Password Step 2 Choose System s Time Zone Step 3 Set System Information Step 4 Select the Connection Type for WAN Port Step 5 Set Authentication Methods Step 6 Save and Restart PLANET WLS 1280 A welcome screen that briefly introduces the 6 steps will appear Click Next to begin Step 1 Change Admin s Password Step 1 Change Admin s Password You may change the Admin s account password by entering a new password Click Next to continue Enter a new password for the admin account and retype it in the verify password field twenty character maximum and no spaces Click Next to continue 15 e Step 2 Choose System s Time Zone Step 2 Choose System s Time Zone Select the appropriate time zone for the system Click Next to continue GMT 0S 00 Taipei Select a proper time zone via the drop down menu Click Next to continue e Step 3 Set System Information Step 3 Set System Information Enter System Information Click Next to continue Home Page http waa planet cora tu z e g https planet com tw
54. ation between the Access Point and roaming wireless adapters Select either Short Preamble or Long Preamble e Tx Power Level Choose which Tx power level desired from the drop down menu 802 11b e Protection Type Select a protection type from the drop down menu e Short Slot Time Choose to enable or disable e Protection Mode Select a protection mode from the drop down menu e Protection Rate Choose a suitable protection rate Options e Wireless Separation Choose to enable or disable e Worldwide Mode 802 11d Choose to enable or disable e XR eXtended Range Choose to enable or disable e WMM Support Wi Fi Multimedia Choose to enable or disable Profile Configuration Click Configure to set each individual profile 91 Wireless SSID Broadcast Enable SSID Isolation None Properties Channel Auto Wireless Mode 002 110 and 802 114 lt Transmission Rate 502 116 1 25 5117 Mbps Timeout Default 5 Range from 1 to 99 2346 Default 2346 Range from 256 to 2346 Fragment Threshold CTS ATS Threshold een Parameters Default 2346 Range from 256 to 2345 100 Default 100 Range from 20 to 1000 msec Beacon Interval ms Preamble Type Tx Power Level Protection Type Short Slot Time 3802 11b Protection Mode Protection Rate Wireless Separation Options MO y XR eXtended Range ee Lins No Acknowledgement Profile Configuration No Profile Name SSID Security Type Mode Primary bea
55. ccessHistoryiP eg 192 108 21 Remote Manage IP O 0 0 0 0 0 0 0 e g 192 168 3 1 of 192 468 3024 SNMP O Enabled Disabled User Logon SSL Enabled Disabled Device Time 2006 09 27 14 35 12 Time Zone GhMT 08 00 Taipei e NTP Enable MTP Server 1 tock usno nayvy mil e g tock usno navy mil Time MTP Serer nth fau de MTP Server q clock cuhk edu hk MTP Serer 4 intps1 pads ufri br MTP Server 5 ntpd cs mu 02 Au Set Device Date and Time System Name Set the system s name or use the default e Device Name Enter an identifiable name for this device Home Page Enter the website of a Web Server to be the homepage When users log in successfully they will be directed to the homepage set Usually the homepage is the company s website such as http www yahoo com Regardless of the original webpage set in the users computers they will be redirect to this page after login e Access History IP Specify an IP address of the administrator s computer or a billing system to get billing history information of PLANET WLS 1280 with fix format URLs Traffic History https 10 2 3 213 status history 2005 02 17 2 3 https 10 2 3 213 status history 2005 02 1 T Microsolt Intemet Explorer Fle Edt View Favorites Tools Help iF Back a e gt Search Favorites E Media e ES G di 10 2 3 213 stabusihistory fDate TYPE Name IP MAC Packets In Bytes In Pa
56. cept those devices listed on the IP MAC Privilege List Configuration The Controlled operates in MAT mode or Router mode Available options include DHCP Server and DHCP Relay Clients from Uncontrolled ports will not be authenticated The Uncontrolled operates in WAT mode or Router mode Available options include DHCP Serer and DHCP Relay Uncontrolled Configuration 4 1 1 Configuration Wizard There are two ways to configure the system using Configuration Wizard or change the setting by demands manually The Configuration Wizard has 6 steps providing a simple and easy way to go through the basic setups of PLANET WLS 1280 and is served as Quick Configuration Please refer to 3 2 2 Quick Configuration for the introduction and description of Configuration Wizard Configuration Wizard PLANET WLS 1280 is a Network Access Controller with access control features ideal for hotspot small and medium business networking The wizard will guide you through the process of creating a baseline strategy Please follow the wizard step by step to configure PLANET WLS 1280 Run Wizard 26 4 1 2 System Information Most of the major system information about PLANET WLS 1280 can be set here Please refer to the following description for each field System Information System Name PLANET vVWLS 1 260 Device Name FOCH for this device Enabled Disabled Home Page bith hwy planet corn tw z fe g http iiwanan planet cam tw A
57. checked true alert You disagree with the disclaimer therefore you will NOT be able to log in return false 144 disclaimer style display none login style display return true lt script gt lt head gt lt body style font family Arial bgcolor FFFFFF onload init Enter MM_preloadimages images submit0 gif images clear0 gif images remainingO gif gt lt ilayer width amp marquee_width height amp marquee_height name cmarquee01 gt lt layer name cmarquee02 width amp marquee_width height amp marquee_height gt lt layer gt lt ilayer gt lt form action userlogin shtml method post name Enter gt lt table name disclaimer id disclaimer width 460 height 430 border 0 align center background images agreement gif gt lt tr gt lt td height 50 align center valign middle gt lt div align center class style5 gt Service Disclaimer lt div gt lt td gt lt tr gt lt tr gt lt td height 260 align center valign middle gt lt table width 370 height 260 border 0 align center gt lt tr gt lt td gt lt textarea name textarea cols 50 rows 15 align center readonly gt We may collect and store the following personal information e mail address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us If the information
58. ckets Out Bytes Out 2005 02 17 18 00 03 0800 LOGIN aaagwl300 tw 1927 168 30 189 D0 0C F1 28 BF D8 0 0 0 0 On demand History https 10 2 3 213 status ondemand_history 2005 02 17 3 https 10 2 3 21 3 status ondemanrd_history 2005 02 17 Microsoft Internet Explorer File Edt view Favorites Tools Help ir Q Back gt in 2 i Search Favorites Wf Media Je Se E Address https 10 2 3 213 statusfondemand_history 2005 02 17 Date Sy tem Name Type Name IP MAT Packets In Bytes In Packets Out Bytes OutExplret ime Valid 2005 02 17 16 44 19 0800 GA WI300 Casper 213 Create_OD_User NTEU 0 0 0 0 00 00 00 00 00 00 0 0 0 2005 02 17 16 44 57 0800 QA W1300 Casper 213 OD User Login NTE 192 168 30 189 00 0C F1 28 BF D8 O T 2005 02 17 16 45 22 0800 QA WIS00 Casper 213 OD_User_Logout NTEY 192 168 30 189 00 0C F1 28 BF D8 32 14499 30 Remote Manage IP Set the IP range which is able to connect to the web management interface via WAN and or controlled port For example 10 2 3 0 24 means that as long as you are within the IP address range of 10 2 3 0 24 you can reach the administration page of PLANET WLS 1280 If the IP range bit number is omitted 32 is used to specify a single IP address SNMP PLANET WLS 1280 supports SNMPv2 _ If the function is enabled it is able to assign the Manager IP address and the SNMP community name used to access the management information base MIB of the sysiem User Logon SSL Enable to
59. ctly show a list of all created user accounts Click Download to create a txt file and then save it on disk Policy Username Password MAC Remark VPH Termination Enabled 1 Alice alice in land 1 6 Bob 123 04 03 11 1b 2d 33 0 4 Cathy di 0 Download Refresh Click this to renew the User List page 49 Add User Lipload User Download User ee Policy Username Password Remark Del All VPN Termination Enabled Policy 1 in land Delete Yes Policy 6 04 03 11 01b 2d 3a Delete Mo Policy 4 ds ai Delete Mo Policy 2 Delete Search Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search All usernames matching the keyword will be listed Add User Upload User Download User Policy Username Password Remark Del All VPH Termination Enabled Policy E 04 0311 1b 2d 3a8 Delete Total d First Previous Ne Del All This will delete all the users at once 50 Delete This will delete the users individually Edit User If you want to edit the content of individual user account click the username of the desired user account to enter the User Profile Interface for that particular user and then modify or add any desired information such as Username Password MAC optional and Remark optional Then check VPN Termination to enable this function or not Click Apply to complete the modification User P
60. dress and the End IP Address of this DHCP block These fields define the IP address range that will be assigned to the Control Port clients Preferred DNS Server The primary DNS server for the DHCP Alternate DNS Server The substitute DNS server for the DHCP Domain Name Enter the domain name WINS Server IP Enter the IP address of WINS Lease Time Choose the time to change the DHCP Reserved IP Address List For reserved IP address settings in detail please click the hyperlink of Reserved IP Address Click on the Reserved IP Address List on the management interface to use the Reserved IP Address List function Reserved IP Address List as shown in the following figure will appear Enter the related Reserved IP Address MAC and some description not compulsory When finished click Apply to complete the setup 35 Reserved IP Address List Controlled Item Reserved IP Address MAC Description E S iTotal 40 First Prev Next Last 3 Enable DHCP Relay Another DHCP Server IP address must be specified to enable this function See the following figure C Disable DHCP Server DHCP Server Enable DHCP Server Configuration f Enable DHCP Relay DHCP Server IP 4 1 7 Uncontrolled Configuration The uncontrolled port doesn t have to authenticate clients before they can access the network In this section you can set the related configuration for uncontrolled port and DHCP server Uncontrolled Configuration
61. dress List Enable DHCP Relay DHCP Scope Enter the Start IP Address and the End IP Address of this DHCP block These fields define the IP address range that will be assigned to the Private LAN clients Preferred DNS Server The primary DNS server for the DHCP Alternate DNS Server The substitute DNS server for the DHCP Domain Name Enter the domain name WINS Server IP Enter the IP address of WINS Lease Time Choose the time to change the DHCP Reserved IP Address List For reserved IP address settings in detail please click the hyperlink of Reserved IP Address If using the Reserved IP Address List function is desired click on the Reserved IP Address List on the management interface Then the setup of the Reserved IP Address List as shown in the following figure will appear Enter the related Reserved IP Address MAC and some description not compulsory When finished click Apply to complete the setup 38 Reserved IP Address List Uncontrolled Item Reserved IP Address MAC Description 1 Cc tit iif 4 2 cle A Total 40 First Prev Next Last 3 Enable DHCP Relay If you want to enable this function you must specify other DHCP Server IP address See the following figure Disable DHCP Server DHCP Server CO Enable DHCP Server Configuration E Enable DHCP Relay DHCP Server IP 39 4 2 User Authentication This section includes the following functions Authentication Configuration Black List
62. ds with red asterisks are required to be filled in IP Address the IP address of the WAN1 port Subnet Mask the subnet mask of the WAN1 port Default Gateway the gateway of the WAN1 port Preferred DNS Server The primary DNS Server of the WAN1 port Alternate DNS Server The substitute DNS Server of the WAN1 port This is not required Dynamic IP address It is only applicable for the network environment where the DHCP Server is available in the network Click the Renew button to get an IP address WANI Configuration Static IP Address iy Renew WANA Port Dynamic IP Address C PPPoE Client O PPTP Client PPPoE Client Common ADSL connection type When selecting PPPoE to connect to the network please set the Username Password MTU and CLAMPMSS There is a Dial on Demand function under PPPoE If this function is enabled a Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself WAN1 Configuration Static IP Address O Dynamic IP Address f PPPoE Client Username z Password z WAN1 Port MTL fi 492 bytes Range 1000 1492 CLAMPNSS fison bytes Range 980 1 400 Maximum Idle Time lo minutes ime Dial on Demand Enabled Disabled C PPTP Client PPTP Client Point to Point Tunneling Protocol is a service that applies to broadband connections used mainly in Europe and Israel Select STATIC to specify the IP address of the PPTP C
63. e authenticator middleman simply pass the packets back and forth 4 2 1 2 Authentication Method POP3 Choose POP3 in the Authentication Method field the hyperlink beside the pull down menu will become POP3 Setting Authentication Server Server 1 server Name Server 1 ls sener name server Status Disabled Black List Mone Authentication Method POPS POPS Setting Policy POP3 Radius LDAP MTDormain Enable VPN Termination When POP3 Radius LDAP or NTDomain is selected from the drop down memu Enable VPN Termination will show up Check Enable VPN Termination to enable this function Click the hyperlink for further configuration Enter the related information for the primary server and or the secondary server the secondary server is not required The blanks with red star are necessary information These settings will become effective immediately after clicking the Apply button Primary POPS Server server F OoOO mai Hame lF Port Do at 110 SSL Setting T Enable SSL Connection Secondary POPS Server server IP Fort SSL Setting T Enable SSL Connection Server IP Enter the IP address domain name given by the ISP Port Enter the Port given by the ISP The default value is 100 Enable SSL Connection lf this option is enabled the POP3s protocol will be used to encrypt the 52 authentication 4 2 1 3 Authentication Method Radius Choose Radius in the Authentication Me
64. e hours days mins hours gt Status Select to enable or disable this billing plan F a HUUL gt Type Set the billing plan by Volume the maximum volume allowed is 9999999 Mbyte or Time the maximum time allowed is 999 hours and 59 minutes gt Expired info This is the duration of time that the user needs to activate the account after the generation of the account If the account is not activated during this duration the account will self expire gt Valid Duration This is the duration of time that the user can use the account after the activation of the account After this duration the account will self expires gt Price The price charged for this billing plan 44 Create On demand User Click this to enter the On demand User Generate page Create On demand User Plan Type Price Status Function 1 2 hrs 0 mins 20 Enabled Create F MA MA Disabled Create 4 MA MA Disabled Create 4 MA MA Disabled Create 5 MA MA Disabled Create E MA MA Disabled Create A MA MA Disabled Create 8 MA MA Disabled Create z MA MA Disabled Create O MA MA Disabled Create Pressing the Create button for the desired rule an On demand user will be created then click Printout to print a receipt which will contain this on demand user s information There are 2000 On demand user accounts available O Welcome Username foro d ondemand Password AFOSMBC Price 20 Usage 2 hrs 0 mins ESSID de
65. e Settings AP Type VWAP 4033 Template Settings TEMPLATE1 Before configuring the template copy the configuration mode of a device to the template by selecting a Template Source and a template does not need to be designed from scratch If this option is not desired please select NONE Input the Template Name and Template Remark and click the hyperlink of Template ID to proceed to configuration Template Edit Template ID 1 Template Name TEMPLATE Template Source Template Remark Template 1 After entering the interface revise the configuration and change administrator s password is desired About other function settings please refer to 4 3 1 AP List 95 4 3 5 Firmware Management Upload the AP s firmware and download the present firmware from here Firmware Upload Firmware List File Name i Download AP Type Version Size Checksum Delete File Download 7 x Do you want to gave this file Name 4600 Firmware rom Type Unknown File Type 670 KB From 10 2 3 112 Save E While files from the Internet can be useful some files can potentially harm pour computer IF you do not trust the source do not sawe this file What s the risk 4 3 6 AP Upgrade Check the AP which needs to be upgraded and select the upgrade version of firmware Click Apply to upgrade firmware AP List Current seme i AP Name AP Type Wersi Upgrading Upgrade Version Upgrade ersion A Time MEWDEY 00004 WAP 4033 1 24
66. e factory defaults Restart Cipherium PLANET WLS 1280 Choosing this option will restart PLANET WLS 1280 122 6 Appendix B Network Configuration on PC After PLANET WLS 1280 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup e Internet Connection Setup If the Internet Connection of this client PC has been configured as use local area network already you can skip this setup Windows XP 1 Choose Start gt Control Panel gt Internet Option Ms DE Yee Feria lo a Do F m D re i iur DF conima Prei al EJ Ea a gt E dd ias Beit or AA ates Core ave Cree Toda Bo ps Pokies Operas Ports Boe Filen LL lpits O Fe ad por i i Beem Fil re mb re ae Pee Cot reser Frim e 3 O 9 Pata ad ad bere hia kari are irei i Tala Ps Dacia TEEN in aed ba Agee Vr Tie 2 Choose the Connections label and then click Internet Properties Setup Security Privacy Content Connections To set up an Internet connection click Setup Dial up and Virtual Private Network settings Add Remove Choose Settings iF you need to configure a proxy Settings server For a connection Never dial a connector Dial whenever a network connection i not present Always dial my default connection st E re rrenk Mone Local Area Network LAN settings LAM Settings do not apply to dial up connections LAN Settings Choose S
67. e for general use Plain and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express uses Login as default although they can be set to use NTLMv1 Pegasus uses CRAM MD5 or Login but can not be configured which method to use Syslog Configuration There are 2 parts Traffic History and On demand User Log Enter the IP address and Port to specify which and from where the report should be sent 118 4 7 Help On the screen the Help button is on the upper right corner Click Help to the Online Help window and then click the hyperlink of the items to get the information Online Help WAN Configuration LAN1 amp LAN Configuration LANS amp LANA Configuration Advance Advanced Wireless Configuration User Authentication Authentication Server configuration Local User Setting POPS Configuration RADIUS Configuration LDAP Foantfiamiation 119 5 Appendix A Console Interface Via this port to enter the console interface for the administrator to handle the problems and situations occurred during operation 1 To connect the console port of PLANET WLS 1280 COMI Properties 21x you need a console modem cable and a terminal Port Settings simulation program such as the Hyper Terminal If you use Hyper Terminal please set the paramete
68. e this VPN task of Internet Explorer Windows Task Manager IB 163 File Options View Windows Help Applications Processes Performance Networking Task Status Y untitled Paint Running J htkpsi gw private floginpages pn_omain she Funning EN WIN Dow S Systems2icmd exe Running End Task Swikch To Processes 47 CPU Usage De Commit Charge 295466K f 64151 c There are some cases of Windows messages by which PLANET WLS 1280 will hint current user to 1 Close the Windows Internet Explorer 131 2 Click logout button on login success page 3 Click back or refresh of the same Internet Explorer 4 Enter new URL in the same Internet Explorer 5 Open a URL from the other application e g email of Outlook that occupies this existing Internet Explorer Microsoft internet Explorer if x A Are you sure you want to navigate away From this page l Are you sure you want to log out Press OK to continue or Cancel to stay an the current page ae That shall all cause the termination of IPSec VPN tunneling if user chooses to click Yes The user has to log in again to regain the network access Suggestion Click Cancel if you do not intend to stop the IPSec VPN connection yet 6 Non supported OS and Browser In current version Windows Internet Explorer is the only browser supported by PLANET WLS 128
69. ection Wizard connection that is always on and then click Internet Connection How do you want to connect to the Internet Next O Connect using a dial up modem This type of connection uses a modem and a regular or ISON phone line O Connect using a broadband connection that requires a user name and password This i a hobh peed connection using ether a DSL or cable modem Your SP may refer to this type of connection as PPPoE connectia tak ren 7 7 Finally click Finish to exit the Connection New Connection Wizard Wizard Now you have completed the setup Completing the New Connection Wizard Your broadband connection should already be configured and ready to use IF your connection is not working properly click the following link To close this wizard click Finish Taek Frit 125 TCP IP Network Setup In the default configuration PLANET WLS 1280 will assign an appropriate IP address to a client PC which uses DHCP to obtain IP address automatically Windows 95 98 2000 XP configures IP setup to Obtain an IP address automatically in default settings If you want to check the TCP IP setup or use a static IP to connect to PLANET WLS 1280 LAN port please follow the following steps Check the TCP IP Setup of Window XP E p Fada he J 7 pr Cohen TG 1 Select Start gt Control Panel gt Network ES er ree Connection Hao a are kij dama ram Empiar Poker poeb
70. erica area Transmission Mode There are 3 modes to select 802 11b 2 4G 1 11Mbps 802 11g 2 4G 54Mbps and Mix mode b and 9 Transmission Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of the wireless network Select from a range of transmission speed or keep the default setting Auto to make the Access Point automatically use the fastest rate possible CTS Protection The default value is Disable When select Enable a protection mechanism will decrease collision probability when many 802 11g devices exist simultaneously However performance of your 802 11g devices may decrease Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet RTS Threshold Request To Send A packet sent when a computer has data to transmit The computer will wait for a CTS Clear To Send message before sending data Beacon Interval ms Enter a value between 20 and 1000 msec The default value is 100 milliseconds The entered time means how often the beacon signal transmission between the access point and the wireless network Preamble Type The length of the CRC Cyclic Redundancy Check block for communication between the Access Point and roaming wireless adapters Select either Short Preamble or Long Preamble IAPP Inter Access Point Protocol is designed for the enforcement of
71. ess of the alternate DNS Server 4 6 2 Interface Status This section provides an overview of the interface for the administrator including WAN1 WAN2 Controlled Port and Uncontrolled Port 113 interface Status MAC Address WAN IP Address Subnet Mask MAC Address WAN IP Address Subnet Mask Mode MAC Address Controlled IP Address Subnet Mask Status WINS IP Address Controlled DHCP Servel Start IP Address End IP Address Lease Time Mode MAC Address Uncontrolled IP Address Subnet Mask Status WINS IP Address Uncontrolled DHCP Server Start IP Address Enil IP Address Lease Time The description of the table is as follows 00 06 78 AABE CE TEFAF 507552550 00 06 72 AABB CO 10 0 2 2 255 255 0 0 MAT 00 06 7E AABB CE 192 168 110 254 P55 7657550 Enabled PA 192 168 10 1 192 168 10 100 1440 Minis MAT 00 06 AA BB GE 192 168 2 254 250 2556 255 0 Enabled PEA 192 168 2 1 192 168 2 100 1440 Minis MAC Address The MAC address of the WAN1 port WAN1 IP Address The IP address of the WAN1 port Subnet Mask The Subnet Mask of the WAN1 port 114 IP Address The IP address of the WAN2 port Subnet Mask The Subnet Mask of the WAN2 port Mode The mode of the controlled port MAC Address The MAC address of the controlled port Controlled IP Address The IP address of the controlled port Subnet Mask The Subnet Mask of the controlled port Enable disable stands for s
72. ettings above For dial up settings 123 3 Click Nextwhen Welcome to the New New Connection Wizard Connection Wizard screen appears Welcome to the New Connection Wizard This wizard helps you Connect to the Internet Connect to a private network such as your workplace network Set up a home or small office network To continue click Mert 4 Choose Connect to the Internet and then New Connection Wizard Hetwork Connection Type cl ick Next What do you want to do Connect to the network at my workplace Connect to a business network using dial up or VPN 20 you can work from home a held office or another location Set up a home or small office network Connect to an existing home or small office network or set up a new one Set up an advanced connection Connect directly to another computer using your senal parallel or infrared port or set up this computer so that other computers can connect bo tt Celeo 5 Choose Set up my connection manually and LERMA then click Next Getting Ready The wizard i preparing to set up pour Internet connection How do you want to connect to the Internet of Internet service providers 15Px stro tl ct pour account name password and a phone bar jen your ISP For a broadband account you won t need a phone number 0 Use the CD got from an ISP lt a J _ nen 124 6 Choose Connect using a broadband New Conn
73. etwork foe b Configuration A ME Me h sues Welcome to System Administration This Administrative Web Interface allows you to set various networking parameters to customize network services to manage user accounts and to monitor user status Functions are separated into 6 main categories System Configuration User Authentication AP Management Network Configuration Utilities and Status 3 Then run the configuration wizard to complete the configuration Click System Configuration to the System Configuration homepage 13 T v AP W Hetwork ger miai Utilities Status Authentication s Management Configuration k i _ O System Configuration Configuration Wizard This wizard will guide you through basic system setup ar Confiqure system and network related parameters system name administrator information SNMP and time zone Clients will be directed to URL entered in the Home Page field after WAN amp Failover successful login Administrator may limit remote administration access to a specific e not raion IP address or network segments When enabled only devices with such IP address or from this network segment may enter system s administration web interface remotely Qe y Metwork Time Protocol NTP Server setting allows the system to synchronize its timeldate with external time server WAN1 Configuration Configure static IF DHCP PPTP or PPPoE client on WAN port OO o
74. fault Valid to use until 2006 70 05 18 18 27 Thank You 45 Billing Report Click this to enter the On demand users Summary report page In On demand users Summary report page Administrator can get a complete report or a report of a particular period Report All From year T month day To year monn f daf search gt Report All Click this to get a complete Report All Accounts sold in total Plani Plan2 expenses and individual accounting of Plan report including all the on demand records This report shows the total each plan for all plans available Plana Plans Plan Plan Plang Plang Plan10 Total income CO po co oy oye DO Oi fs Jen zE Income from tickets sold for time users E Income from tickets sold fol volume users gt Search Select a time period to get a Report from 2005 06 25 2005 06 28 Accounts sold in total Plant Plan accounting of each plan for all plans Plan3 periodical report The report tells the total expenses and individual available for that period of time Plana Plan5 Plang Plan Plang Plang Plan10 Total income DJO OI ataoa oy oy Oj a E E Income from tickets sold for time users Jen ER Income from tickets sold fo volume users 46 4 2 1 1 Authentication Method Local User Setting Choose Local User in the Authentication Method field the hyperlink besides the pull down men
75. fer to the release notes for the limitation before upgrading the firmware 2 Please restart the system after upgrading the firmware Do not power on off the system during the upgrade or the restart process lt may damage the system and cause it to malfunction 4 5 4 Restart This function allows the administrator to safely restart PLANET WLS 1280 and the process should take about 100 seconds Click YES to restart PLANET WLS 1280 click NO to go back to the previous screen If you need to turn off the power we recommend you to restart PLANET WLS 1280 first and then turn off the power after completing the restart process Do you want to Restart PLANET WLS 12807 Caution The connection of all online users of the system will be disconnected when system is in the process of restarting 110 4 6 Status This section includes System Status Interface Status Current Users Traffic History and Notification Configuration to provide system status information and online user status AP bh Management O Status System Status Display current system settings Interface Status ee WAN 1 AMAN 2 Controlled Uncontrolled configurations and Display online user information including Username IP MAC Curent Users packet count byte count and idle time Administrator may also kick out any on line user trom here i System Configuration 12 6 is ii Network Configuration Configurati p 7 3 e pi
76. figuration J Configuration Wizard System Configuration Configuration Wizard This wizard will guide you through basic system setup Configure system and network related parameters system name administrator information SNMP and time zone Clients will be directed to URL entered in the Home Page field after successful login Administrator may limit remote administration access to a specific IF address or network segments When enabled only devices with such IP address or fram this network segment may enter system s administration web interface remotely Controlled Configuration Network Time Protocol NTP Server setting allows the system to synchronize its timesfdate with external time server WAN1 Configuration WAN amp Failover System Information Uncontrolled Configuration WAN1 Configuration Configure static IP DHCP PPTP or PPPOE client on WANI port Configure static IP CHEF on WAN port The Internet Connection Detection and WAN Failover are also configured here The roles define two types of LAM ports Controlled Authentication is required for wireless clients to access LAN Port Roles the network through these LAM ports Uncontrolled Mo authentication is required for wireless clients to access the network through these LAN ports WAN amp Failover Clients from Controlled portis must login before accessing Controlled network ex
77. file the image file path in the HTML code must be the image file you will upload lt img src images xx jpg gt Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login success page click the Use Default Page button to restore it to default 79 Total Capacity 512 K Now Used 0 K Upload image Files Upload Images Browse Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 732en gif 1 d Choose the External Page selection and you can get the logout success page from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new logout success page can be previewed by clicking Preview button at the bottom of this page Logout success Page Selection for Users Default Page Template Page Uploaded Page External Page External Page Setting External URL http Credit Reminder The administrator can enable this function to remind the on demand users before their credit run out There are two kinds of reminder Volume and Time The default remindin
78. g trigger level for Volume is 1Mbyte and the level for Time is 5 minutes Volume Enabled Disable Whyte Range 1 10 Default 1 Time Enabled Disable minutes Range 1 30 Default 5 Credit Reminder 80 e POP3 Message If a user tries to retrieve mail from POP3 mail server before login the users will receive a welcome mail from PLANET WLS 1280 The administrator can edit the content of this welcome mail Edit Mail Message lt DOCTYPE HTML PUBLIC W3sc DTD HTML al 4 0 Transitional EN gt lt HTML gt lt HE 4 D gt META HTTP EQUIV Content Type CONTENT text html charset us ascii gt lt HEAD gt lt BODY gt lt DIV gt lt DIV gt lt FONT face Times New Roman size b gt lt STRONG gt We Lleome lt STRONG gt lt FONT gt lt DIV gt lt DIV gt lt FONT size 42 lt STRONG lt STRONG gt lt FONT gt hd Text e Enhance User Authentication With this function enabled only the users with their MAC addresses in this list can log into PLANET WLS 1280 There will only be 40 users allowed in this MAC address list User authentication is still required for these users Please click the Permit MAC Address List to fill in these MAC addresses select Enable and then click Apply MAC Address Control C Enabled Disabled tem MAC Address tem MAC Address i A C 11 12 7 13 IIS 14 15 fF 16 7 17 fo 18 19 pO 20 Caution The format of the M
79. he factory default settings e Backup current system settings Click Backup to create a db database backup file and save it on disk File Download E Do you want to open or save this file a Name 20050305 db Type Data Base File x From 10 2 3 70 con soe _ ead IY Always ask before opening this type of file While files from the Internet can be useful some files can potentially harm your computer IF you do not trust the source do not open or save this file Whats the risk e Restore system settings Click Browse to search for a db database backup file created by PLANET WLS 1280 and click Restore to restore to the same settings at the time the backup file was created e Reset to the factory default settings Click Reset to load the factory default settings of PLANET WLS 1280 4 5 3 Firmware Upgrade The administrator can download the latest firmware from website and upgrade the system here Click Browse to 109 search for the firmware file and click Apply to go on with the firmware upgrade process lt might take a few minutes before the upgrade process completes and the system needs to be restarted afterwards to make the new firmware effective Note For maintenance issues we strongly recommend you backup system settings before up aiding firmware Firmware Upgrade Current Version 1 00 51 File Name Browse Warning 1 Firmware upgrade may cause the loss of some of the data Please re
80. icials in response to a verified request relating to a criminal investigation or alleged illegal activity In such events we will disclose name city state telephone number email address User ID history and fraud complaints xxxxx participants under confidentiality agreement as we in our sole discretion believe necessary or appropriate in connection with an investigation of fraud intellectual property infringement piracy or other unlawful activity In such events we will disclose name street address city state zip code country phone number email and company name and other business entities should we plan to merge with or be acquired by that business entity Should such a combination occur we will require that the new combined entity follow this privacy policy with respect to your personal information If your personal information will be used contrary to this policy you will receive prior notice Without limiting the above in an effort to respect your privacy and our ability to keep the community free from bad actors we will not otherwise disclose your personal information to law enforcement other government officials or other third parties without a subpoena court order or substantially similar legal procedure except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss or to report suspected illegal activity Your password is the key to you
81. ill appear Click the hyperlink to get into the Radius Client Configuration list for further configuration In the Radius Client Configuration page the clients which are using 802 1X as the authentication method shall be put into this table PLANET WLS 1280 will forward the authentication request from these clients to the configured Radius Servers Radius Client Configuration Ho Type IP Address Segment secret me ad leal 2 ae Al Tema 71 Beas Al Bmammeral orante 255 255 255 255 a2 ems Ar O aS ese Al S 7 Beas H e lose al messssssmaal 7 ems J asezsezszemarl o fora Praia eae She me la lie a a Trans Full Name When enabled the ID and postfix will be transferred to the RADIUS server for authentication When disabled only the ID will be transferred to RADIUS server for authentication NASID Enter the NASID of PLANET WLS 1280 for the RADIUS server Server IP Enter the IP address domain name of the RADIUS server Authentication Port Enter the authentication port of the RADIUS server and the default value is 1812 Accounting Port Enter the accounting port of the RADIUS server and the default value is 1813 Secret Key Enter the key for encryption and decryption Accounting Service Select this to enable or disable the Accounting Service for accounting capabilities Authentication Protocol There are two methods CHAP and PAP for selection Policy Mapping Enable or disab
82. l database or a specified external databases server User authentication is processed via the SSL encrypted web interface This interface is compatible to most desktop devices and palm computers The following figure is an example of PLANET WLS 1280 set to control a part of the company s intranet The whole managed network includes the cable network users and the wireless network users Internet P ISP 1 Failover Imernet ISP 2 POPS E ob b A k mm B ee ee ee ar A A E E E E a IPSec VPN Encrypted Network 2 3 Specification 2 3 1 Hardware Specification e General Form Factor Mini desktop Dimensions W x D x H 243 mm x 150 mm x 45 5 mm Weight 1 4 Kg Operating Temperature 0 45 oC Storage Temperature 0 65 oC Power 110 220 VAC 50 60 Hz Ethernet Interfaces 10 x Fast Ethernet 10 100 Mbps e Connectors amp Display WAN Ports 2 x 10BASE T 100BASE TX RJ 45 LAN Ports 8 x 10BASE T 100BASE TX RJ 45 Console Port 1 x RJ 11 LED Indicators 1 x Power 1 x Status 2 x WAN 8 x LAN 2 3 2 Technical Specification e Networking Supports Router NAT mode Supports Static IP DHCP PPPoE on WAN interface Configurable LAN ports authentication Supports IP Plug and Play IP PnP Built in DHCP server and supports DHCP relay Supports NAT 1 IP Port Destination Redirection 2 DMZ Server Mapping 3 Virtual Server Mapping Supports static route Supports SMTP redirection Supports Walled G
83. late Page O Uploaded Page O External Page Default Page Setting This is default logout success page for users You could click preview link to preview the default logout success page Thanks Preview b Choose Template Page to make a customized logout success page here Click Select to pick up a color and then fill in all of the blanks You can click Preview to see the result first T1 Logout Success Page Selection for Users Default Page Template Page Uploaded Page O External Page Template Page Setting Color for Tithe Background select RGB values in hex mode Color for Tithe Text Select RGB values in hex mode Color for Page Background Select RGB values in hex mode Color for Page Text Select RGB values in hex mode Title Logout Succeed Page Information Logout successfully c Choose Uploaded Page and you can get the logout success page by uploading Click the Browse button to select the file for the logout success page upload Then click Submit to complete the upload process 78 Logout Success Page Selection for Users Default Page O Template Page Uploaded Page O External Page Upload Logout Success Page Existing Image Files Total Capacity 512K Now Used 0 K Upload Image Files Preview After the upload process is completed the new logout success page can be previewed by clicking Preview button at the bottom lf the user defined logout success page includes an image
84. le policy mapping by RADIUS class attributes Policy Mapping Server 3 Enable Disable Ho Class Attribute Policy Remark 55 CO dd o DD ME Do e Class Attribute Class attribute sent from the RADIUS server e Policy Select the mapping policy of this class attribute e Remark Add some description if needed 4 2 1 4 Authentication Method LDAP Choose LDAP in the Authentication Method field the hyperlink beside the pull down menu will become LDAP Setting Authentication Server Server 1 Server Name Server ts server name Server Status Disabled Posttix Posttx1 its posttix name Black List Mone Authentication Method LDAP LDAP Setting Local User Policy POP3 E Radius Enable VPN Termination LDAP When POP3 Radius LDAP or NTDomain is selected from the drop down memu Enable VPN Termination will show up Check Enable VPN Termination to enable this function or not Click the hyperlink for further configuration Enter the related information for the primary server and or the secondary server the secondary server is not required The blanks with red star are necessary information These settings will become effective immediately after clicking the Apply button Primary LDAP Server Server F Domain Hame IP Port g efault 389 Base DN 0 N de de Account Attribute Default uid Secondary LDAP Server Server IP Port Base ON
85. lectronic equipment should understand the meaning of the crossed out wheeled bin symbol Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately Revision User s Manual for PLANET Wireless LAN Switch Model WLS 1280 Rev 1 0 Oct 2006 Part No EM WLS1280 1 1 1 2 2 1 22 2 3 3 1 32 4 1 4 2 4 3 Table of Contents Before VOU Start AAA T 3 E A 3 Document Eon Eno A dcoS 3 SVSTCTN OV CIVIOW is 3 Introduction o PLANET ES 23000 A AA 3 SV Stell CONCE an 4 A E 5 Zo LL Hardware SpecilicalOM all ico iaa 5 Zo JecMnical SPECHICIAON a on 5 Base TOS TAIANA acera 8 Hardware Estalla aa an Suen ater creer ee tenet rer rr een 8 JAk System Requirements la idea 8 3AL2 Package COMAS A A A A aca 8 los Panel Funcion Descriptions iicisiciscclonsssisdataspiotoaanbsalancanialanavsiahetdupbedesanbeotandisiadannssiebeddebtomasaesotoutapladanaibeedss 9 SA ST A A dt acciaatueutadecddetandats 10 SOM Ware Gli SUOMI aa 12 2l QUICK COMM OUP A OM A damhaeune mouadied belpec ea ance aca a ue eae 12 io User MOC Rortalika Ciao cri 22 WebInterface Confi CUT OM sissien esnan Ea E EAE A EEE RES 24 SV SUSI COM Or Oe cin 26 All CONMUTACI N Wizards a AA A A A A AAA Ri 26 Bild SVENO iaa 21 AS WANLI Conio urai Oerein a a a r ER 29 ANA WANS POVO ol N EEIE E E 31 Alea EAN POROS E a E E E E 33 ALO Controlled Cont ura a A T ebnonauaii 34 Ade Uncontrolled Omi AUTO A A A A
86. lient manually or select DHCP to get the IP address automatically The fields with red asterisks are required to be filled in There is a Dial on Demand function under PPPTP If this function is enabled a Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself 30 WAN Configuration Static IP Address O Dinamic IP Address PPPoE Client PPTP Client Type Static DHCP IPF Address Subnet hask P P Default Gateway WAN1 Pon PPTP Server IP Username Password PPTP Connection IDMame Maximum idle Time Dial on Demand WANI Configuration Static IP Address O Dinamic IP Address PPPoE Client PPTP Client Type Static DHCP PPTP Server IP WANT Port Username Password PPTP Connection lbJMame Maximum Idle Time Dial on Demand 4 1 4 WAN2 amp Failover amp rt Ps AZ A minutes t Enabled Disabled o minutes Enabled Disabled Except selecting None to disable this function there are 2 connection types for the WAN2 port Static IP Address and Dynamic IP Address Up to three URLs can be entered Check Warning of Internet Disconnection to work with the WAN Failover function When Warning of Internet Disconnection is enabled the system will check the three URLs to detect the WAN ports connection status 31 e None The WANZ2 Port is disabled Up to three URLs can sti
87. ll be entered Check Warning of Internet Disconnection to detect the WAN1 port connection status WAN amp Failover O None WAN Port O Static IP Address Dynamic IP Address Probe Target URL1 hit URLZ hips o URLS hte o Warming of Internet Disconnection When Internet Connection is down the system will display ihe waring messages as Failover sory The service is temporarily unavailable e Static IP Address Specify the IP Address Subnet Mask and Default Gateway of WAN2 Port which should be applicable for the network environment Up to three URLs can be entered Check Warning of Internet Disconnection to work with the WAN Failover function WAH amp Failover None Static IP Address IP Address rs Subnet Mask With Port Default Gateway fs Preferred ONS Server O Alternate DNS Server fs Dynamic IP Address Probe Target URLA http URLZ htp o URLS https WAN Failover L Fallback to WANT when possible Warning of Internet Disconnection When Internet Connection is down the system will display the warning Messages as Sorry The service is temporarily unavailable Failover If WAN Failover function is enabled when WAN1 connection fails the traffic will be routed to WAN2 32 automatically If Fallback to WAN1 when possible function is enabled when WAN1 connection is recovered the routed traffic will be back to WAN1 e Dynamic IP Address Select thi
88. ll update the users current status and usage according to this time periodically Upload File 1 Certificate The administrator can upload new private key and customer certification Click the Browse button to select the file for the certificate upload Then click Submit to complete the upload process Upload Private Hey File Name Upload Customer Certificate File Name Use Default Certificate Click Use Default Certificate to use the default certificate and key You just overwrote the setting with default KEY 4 default CA file 2 Login Page The administrator can use the default login page or get the customized login page by setting the template page uploading the page or downloading from the specific website After finishing the setting you can click Preview to see the login page a Choose Default Page to use the default login page Login Page Selection for Users E Default Page Template Page Uploaded Page C External Page Default Page Setting This is default login page for users You could click preview link to preview the default login page Thanks Preview 65 b Choose Template Page to make a customized login page here Click Select to pick up a color and then fill in all of the blanks Click Preview to see the result first Login Page Selection for Users Default Page Template Page Uploaded Page O External Page Template Page Setting Color for Tithe Background select RGB values
89. micauon LOmigUraucn Traffic History Display detail usage Information py day A minimum of 3 days of history can be logged in the system volatile memory There are three email accounts available to be set for receiving Notification Monitor IP report Traffic History On demand User Log and AP Configuration status change External SYSLOG server car he configured here DO 111 4 6 1 System Status This section provides an overview of the system for the administrator System Status Current Firmware Wersi n 1 00 81 System Name PLANET WLes 1250 Adinin into Sony The service is temporarily unavailak Home Page http iew w planet com br Syslog server Traffic History BATIA syslog server On demand User log MARA Proxy Server Disabled Friendiy Logout Enabled internet Connection Detection Disabled Remote Management IP 0 0 0 0 0 0 0 0 Management SNMP Disabled Retained Days 3 Gays History Traffic log Email To BLA PLA On demand log Email To HTP Servet tock usna naw mil Time Date Time 2007 01 05 15 22 58 0800 kile Timer 10 Mints Use Multiple Login Disabled Disabled Guest Aecount Preferred DNS Server 192 203 230 10 DNS Atemate DNS Server MA The description of the table is as follows The page to which the users are directed after initial login Home Page SUCCESS 112 The IP address and port number of the external Syslog Syslog server Traffic History Server N A means that it is not configured
90. n proxy Server PLANET WWLS 1280 supports dynamic ONS DONS feature System supports IF PNF Configuration YPN tunnels using IPSec can be terminated locally on PLANET WILS 1 260 There are three parts DMZ Public Accessible Server and Port and Redirect need to be set e DMZ Network Address Translation DM Demilitarized Zone Public Accessible Server Port and IP Redirect DMZ allows administrators to define mandatory external to internal IP mapping hence a user on WAN side network can access the private machine via the external IP Choose to enable Automatic WAN IP Assignment by checkint the Enable box and enter the Intternal IP address For Static Assignment enter Internal and External IP Addresses as a set and choose to use WAN1 or WAN2 for External Interface from the drop down menu These settings will become effective immediately after clicking the Apply button 97 Automatic WAN IP Assignment Enable Internal IP Address External IP Address External Interface al 10 30 1 252 WANA Static Assignments tem internal IP Address External IP Address External Interface Y a m gt Eo a E s o a m WAMI r o GE CTE Edd re CTE Totali40h First Prev Mest Last ABEL EE Public Accessible Server This function allows the administrator to set 40 virtual servers at most so that the computers not belonging to the managed network can access the servers in the managed network via WAN
91. n the same page but with the login function hidden until users agree with the disclaimer For more details about the codes of the disclaimer please refer to Appendix F If the page is successfully loaded an upload success page will show up 68 Successtul You just uploaded page default_login with disclaimer html Preview Preview can be clicked to see the uploaded page de may collect and store the following personal he information e mail address physical contact information credit card numbers and transactional information ased on your activities on the Internet service provided by uz 11 the information you provide cannot be jecified we may ask you to send us additional information such as your driver license credit card statement and or a recent utility bill or other information confirming your address or to answer additional questions to help verify your information i O lagres disagree nen If user checks I agree and clicks Next then he she is prompted to fill in the login name and password User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In Ah user Name 4 Password v Remaining If user checks I disagree and clicks Next a window will pop up to tell user that he she cannot log in 69 e T v We may collect and store the following personal ES information e mail address physical
92. nagement Shows names and versions of the original firmwares and the time they were Upgraded Administrators can choose a firmware version from the drop down box to upgrade APs Several AP Upgrades car be processed simultaneously by checking the Upgrade boxes AP Upgrade 4 3 1 AP List All of the APs under the management of PLANET WLS 1280 will be shown in the list At first the list is empty administrators can add APs from AP Discovery page see 4 3 2 AP Discovery for details or Manual Configuration page see 4 3 3 Manual Configuration for details AP List IP F AP Type AP Name Status MAC Total 0 First Prey Mest Last After adding 2 APs AP List IP F AP Type AP Name Status MAC 192 168 11 13 l F WAP 4060PE MEWOE 00003 Offline 00 30 4F 42B0 0 192 168 1 5 ne WAP 4033 HNEWDE 00004 L OS 00 30 4F 40 DA FF Enabled Total First Prev Mest Last e Status After clicking the hyperlink of Status the basic information of the AP including AP Name AP Type LAN MAC Wireless LAN MAC Up Time Report Time SSID Number of Associated Clients and Remark In the bottom of this page there are other hyperlinks for further related information System Status LAN Status Wireless LAN Status Access Control Status and Associated Client Status 83 AP Status Summary AP Name NEWDE 00004 AP Type WAP 4033 LAN MAC OO S04 4c daf Wireless LAN MAC OO S048 4e dactt Up Time Uday 0h 12m 228 Report Time 2006
93. ng Enable VPN Termination we VPN Parameters Encryption C DES f apes Integrity o nos C SHA Diffie Hellman Groupi Group2 VPN has serveral kinds of protocols and PLANET WLS 1280 supports IPSec IPSec is a technology provided by Windows 2000 that allows you to create encrypted channels between two servers IPSec can be used to filter IP traffic and to authenticate servers If you need to use this function check Enable VPN Termination and choose the desired parameters Then click Apply to enable VPN Termination In PLANET WLS 1280 there are several functions with VPN or IPSec selection When you enable them they will apply the VPN settings you configured here For the details of IPSec VPN please see Appendix C IPSec VPN 106 4 5 Utilities This section provides four utilities to customize and maintain the system including Change Password Backup Restore Setting Firmware Upgrade and Restart i g Hetwork i Configuration Authentication Management b Configuration E Utilities System Y User Md AP Change Password Utilities BackupRestore Settings Change Password Change the administration password h Backup Restore Backup and restore system setings Administrator may also reset Firmware Upgrade Settings system settings to factory default Firmware Upgrade Update PLAMETWLS 128580 firmware Restart Restart the system YO 4 5 1 Change Password PLANET WLS 1
94. ng buffer It is used to examine or control the kernel ring buffer The program helps users to print out their bootup messages instead of copying the messages by hand Main menu Go back to the main menu Change admin password Besides supporting the use of console management interface through the connection of null modem the 121 system also supports the SSH online connection for the setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface But connecting the system by SSH we have to enter the username and password The username is admin and the default password is also admin which is the same as for the web management interface You can use this option to change the administrator s password Even if you forgot the password and are unable to log in the management interface from the web or the remote end of the SSH you can still use the null modem to connect the console management interface and set the administrator s password again Caution Although it does not require a username and password for the connection via the serial port the DN same management interface can be accessed via SSH Therefore we recommend you to immediately change PLANET WLS 1280 Admin username and password after logging in the system for the first time Reload factory default Choosing this option will reset the system configuration to th
95. nnection Sharing a Close Suggestion Please TURN OFF Internet Connection Firewall feature or upgrade the Windows OS into Windows XP SP2 4 ICMP and Active Mode FTP On Windows XP SP2 without patching by KB889527 it will drop ICMP packets from IPSec tunnel This problem can be fixed by upgrading patch KB889527 Before enabling IPSec VPN function on client device please access the patch from Microsofts web at http support microsoft com default aspx scid kb en us 889527 This patch also fixes the problem of supporting active mode FTP inside IPSec VPN tunnel of Windows XP SP2 Suggestion Please UPDATE client s Windows XP SP2 with this patch 5 The Termination of ActiveX The ActiveX component for IPSec VPN is running paralleled with the web page of Login Success Unless user decides to close the session and to disconnect with PLANET WLS 1280 the following conditions or behaviors of using browser shall be avoided in order to maintain the built IPSec VPN tunnel always alive 130 Click this button to Do not close this window or the connection will be pe terminated Reasons may cause the Internet Explorer to stop the ActiveX unexpectedly as followings a The crash of Internet Explorer on running ActiveX Suggestion Please reboot client s computer once Windows service is resumed go through the login process again b Terminate the Internet Explorer Task from Windows Task Manager Suggestion Don t terminat
96. o does NOT occur while using a crossover cable After the hardware of PLANET WLS 1280 is installed completely the system is ready to be configured in the following sections 11 3 2 Software Configuration 3 2 1 Quick Configuration There are two ways to configure the system using Configuration Wizard or change the setting by demands manually The Configuration Wizard has 6 steps providing a simple and easy way to guide you through the setup of PLANET WLS 1280 Follow the procedures and instructions given by the Wizard to enter the required information step by step After saving and restarting PLANET WLS 1280 it is ready to use There will be 6 steps as listed below 1 Change Admin s Password Choose System s Time Zone Set System Information Select the Connection Type for WAN Port Set Authentication Methods Save and Restart PLANET WLS 1280 o PL W O Please follow the following steps to complete the quick configuration 1 Use the network cable of the 10 100BaseT to connect a PC to the uncontrolled port and then start a browser such as Microsoft IE or Firefox Next enter the gateway IP address as the web management interface s URL the default is https 192 168 2 254 In the opened webpage you will see the login screen Enter admin the default username and password in the User Name and Password column Click Enter to log in Kimmatli A Pomagali PLANET Welcome To Administrator Login Page Please Enter Y
97. oing through standard authentication process at the controlled port may cause security problems 4 4 3 Monitor IP List PLANET WLS 1280 will send out a packet periodically to monitor the connection status of the IP addresses on the list If the monitored IP address does not respond the system will send an e mail to notify the administrator that such destination is not reachable After entering the related information click Apply and these settings will become effective immediately 101 When the monitored devices have built in Web servers and connect to NAT enabled LAN interfaces they can be easily added into public accessible servers by clicking the Add buttons tem Protocol IP Address Link tem Protocol IP Address Link wa aa ma g wA aa mo ag When Monitor button is clicked Monitor IP Result page will show up If the entered IP address is unreachable a red dot under Result field will appear A green dot indicates that the IP address is reachable and alive Monitor IP result No IP Address Result 1 192168 1 200 i 2 192 168 1 100 a 4 4 4 Walled Garden List This function provides some free services to the users to access before login and authentication Up to 20 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Please enter the website IP Address or Dom
98. or UserMAC UserlP sessionID SessionTime Bytes In Bytes Out Pkts In Pets Out Message 4 6 5 Notification Configuration PLANET WLS 1280 will save the traffic history into the internal DRAM If the administrator wants the system to automatically send out the history to a particular email address please enter the related information in these fields 117 E mail Notification Configuration Monitor IP Traffic On demand AP Report History User Log Status A alo 010 A In E Send Test Email Send From Auth Method send To Syslog Configuration Traffic History Ports On demandUserLog ips Ports Send To The e mail address of the person whom the history email is for This will be the receiver s e mail Check which type of report to be sent Monitor IP Report Traffic History On demand User Log and AP Status Interval The time interval to send the e mail report Choose a proper number from the drop down box Send Test Email To test the settings correct or not Send From The e mail address of the administrator in charge of the monitoring This will show up as the sender s e mail SMTP Server The IP address of the SMTP server Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method you select you have to enter the Account Name Password and Domain NTLMv1 is not currently availabl
99. ortal Page To login from the login portal page via the controlled port the user have to be identified the user name and password The administrator also can verify the correctness of the configuration steps of PLANET WLS 1280 1 First connect a user end device for example a PC to the controlled port of PLANET WLS 1280 and set the device to obtain IP address automatically After the client obtains the network address please open up an Internet browser and the default login webpage will appear on the Internet browser Enter a valid user name and password Assumeing local user database is chosen in the configuration wizard enter the username and password created and then click Submit button e g test Local for the username and test for the password Welcome To User Login Page Please Enter Your User Name and Password To Sign In 3 User Name jennifergblocal e Password peseeees 2 Login succeed page will appear if PLANET WLS 1280 has been installed and configured successfully Now clients can browse the network or surf the Internet Please close this window or clickthis button to Thank you Login time 2006 10 2 21 37 47 22 3 Ifthe screen shows Sorry this feature is available for on demand user only it means that the Remaining button has been clicked This button is only for on demand users only For clients other than on demand users please click the Submit button 4 An on demand u
100. ot close this window or the connection will be lterminated j 2 Limitations The limitation of the client side due to ActiveX and Windows OS includes a Internet Connection Firewall of Windows XP or Windows XP SP1 is not compatible with IPSec protocol It shall be turned off to allow IPSec packets to pass through b Without patch ICMP Ping and PORT command of FTP can not work in Windows XP SP2 c The Forced termination through CTRL ALT DEL Task Manager of the Internet Explorer will stop the running of ActiveX It causes IPSec tunnel can t be cleared properly at client s device A reboot of client s device is needed to clear the IPSec tunnel d The crash of Windows Internet Explorer may cause the same result 3 Internet Connection Firewall In Windows XP and Windows XP SP1 the Internet Connection Firewall is not compatible with IPSec Internet Connection Firewall will drop packets from tunneling of IPSec VPN 129 Ethernet Properties General Support General Authentication Advanced Pancras Internet Connection Firewall Status Connected Protect my computer and network by limiting or preventing rai 5 days 04 59 39 access to this computer trom the Internet Speed 100 0 Mbps Learn more about Internet Connection Firewall Internet Connection Sharing Allow other network users to connect through this Activity computer s Internet connection Recelved Packets 176 576 Learn more about Internet Co
101. ou can click Preview to see the result first Login Success Page Selection for on demand Users Default Page Template Page Uploaded Page External Page Template Page Setting Color tor Title Background select FGB values in hex mode Color for Title Text select RGB values in hex mode Color for Page Background Select FGB values in hex mode DL Color for Page Text Select RGB values in hex mode Welcome Day Sec Sec Login Time Login Time Redeem Redeem Previews c Choose Uploaded Page and you can get the Login Success Page Section for On Demand Users Click the Browse button to select the file for the login success page for On Demand Then click Submit to complete the upload process Login Success Page Selection for on demand Users Default Page Template Page Uploaded Page External Page Upload Login Success Page for on demand Existing Image Files Total Capacity 512 K Now Used 0K Upload Image Files Preview After the upload process is completed the new login success page for On Demand can be previewed by clicking Preview button at the bottom lf the user defined login success page for On Demand includes an image file the image file path in the HTML code must be the image file you will upload lt img src images xx jpg Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system
102. our User Name and Password To Sign In A User Name admin Caution f you can t get the login screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address and the default gateway are not under the same network segment Please use default IP address such as 192 168 2 xx in your network and then try it again For the PC configuration on PC please refer to 6 Appendix B Network Configuration on PC 12 PLANET WLS 1280 supports three kinds of account interface You can log in as admin manager or operator The default username and password as follows Admin The administrator can access all area of PLANET WLS 1280 User Name admin Password admin Manager The manager can access the area under User Authentication to manage the user account but no permission to change the settings of the profiles of Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the area of Create On demand Userto create and print out the new on demand user accounts User Name operator Password operator 2 After successfully logging into PLANET WLS 1280 enter the web management interface and see the welcome screen There is a Logout button on the upper right corner to log out the system when finished ea Ar wr Logout f Lam E e PLANET diky gt LAY u T Help A User A T H
103. r and assign it a policy or use the default Click the ADD button to add the user Attention The policy selected in this step is applied to this user only Per user policy setting take over the group policy setting at precious step unless you select None here Click Nextto continue gt POPS User POP3 Step 5 Cont POP3 Configure POP3 Server information Click Next to continue POP3 Server caminar Server Port Default 110 Enable SSL_ Enter IP Domain Name and server port of the POPS server provided by the ISP and then choose enable SSL or not Click Next to continue 19 gt RADIUS User RADIUS Step 5 Cont RADIUS Configure RADIUS Server information Click Next to continue RADIUS Server Domain namene Authentication Port Default 1812 Accounting Port Default 1813 Secret Key Accounting Service Disabled Authentication Method PAP Enter RADIUS server IP Domain Name authentication port accounting port and secret key Then choose to enable accounting service or not and choose the desired authentication method Click Next to continue gt LDAP User LDAP Step 5 Cont LDAP Configure LDAP Server information Click Next to continue LDAP Server SS Domain Hame 1P Server Port A Default 389 Account Attribute Default uid ax gt B Configure external LDAP user data base here Enter the LDAP Server Server Port
104. r account Do not disclose your password to anyone Your information is stored on our servers We treat data as an asset that must be protected and use lots of tools encryption passwords physical security etc to protect your personal information against unauthorized access and disclosure However as you probably know third parties may unlawfully intercept or access transmissions or private communications and other users may abuse or misuse your personal information that they collect from the site Therefore although we work very hard to protect your privacy we do not promise and you should not expect that your personal information or private communications will always remain private By agreeing above hereby authorize xxxxx to process my service charge s by way of my credit card lt textarea gt lt td gt lt tr gt lt table gt lt td gt lt tr gt 146 lt tr gt lt td height 40 gt lt table width 170 height 20 border 0 align center cellpadding 2 gt lt tr gt lt td align left gt lt input name selection value 1 type radio gt lt td gt lt td gt lt span class style4 gt I agree lt span gt lt td gt lt tr gt lt tr gt lt td align left gt lt input name selection value 2 checked type radio gt lt td gt lt td gt lt span class style4 gt I disagree lt span gt lt td gt lt tr gt lt table gt lt td gt lt tr gt lt tr gt lt td height 30 gt lt table
105. ress Subnet Mask New gateway and DNS server address e Please choose Use the following IP address and enter the information given from the network administrator in IP address Subnet mask and the DNS address es and then click OK 127 Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise You need to ask your network administrator for the appropriate IP settings fe Obtain an IP address automatically Obtain ONS server address automatically 0 Use the following DNS server addresses Saas a ales Internet Protocol TCP IP Properties po General You can get IP settings assigned automatically if your network support this capability Othenwise you need to ask your network administrator for the appropriate IP settings IP address Subnet mask Default gateway 6 Use the following DMS server addresses Preferred DNS server Alternate DNS server 7 Appendix C IPSec VPN PLANET WLS 1280 has equipped with IPSec VPN feature starts from release version v1 00 To fully utilize the nature supported IPSec VPN by Microsoft Windows XP SP2 with patch and Windows 2000 operating systems PLANET WLS 1280 implement IPSec VPN tunneling technology between client s windows devices and PLANET WLS 1280 itself no matter of through wired or wireless net
106. rivilege List There are two parts Privilege IP Address List and Privilege MAC Address List need to be set Privilege List Privilege IP Address List Privilege MAC Address List e Privilege IP Address List If there are some workstations belonging to the managed server that need to access the network without authentication enter the IP addresses of these workstations in this list The Remark blank is not necessary but is useful to keep track PLANET WLS 1280 allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply 100 Prilege IP Address List tem Privilege IP Address Remark 1 FT 2 Po 7 C A Warning Permitting specific IP addresses to have network access rights without going through standard authentication process at the controlled port may cause security problems e Privilege MAC Address List In addition to the IP address you can also set the MAC address of the workstations that need to access the network without authentication in this list PLANET WLS 1280 allows 100 privilege MAC addresses at most If you want to manually create the list enter the MAC address the format is xX xx xx xx xx xx as well as the remark not necessary These settings will become effective immediately after clicking Apply Privilege MAC Address List tem MAC Address Remark EE IS 2 3 Warning Permitting specific MAC addresses to have network access rights without g
107. rofile Username Bob Password MAC 0403 11 1b2 34 Policy Policyb Enable VPN Termination Remark Radius Roaming Out 802 1x Authentication Radius Roaming Out 802 1x Authentication These 2 functions can be enabled or disabled by checking the correct button Checking either of them makes the hyperlink called Radius Client List show up Local User Setting Edit Local User List Radius Roaming Cut Enable Disable 802 1x Authentication Enable Disable Radius Client List Click the hyperlink of Radius Client List to enter the Radius Client Configuration page Choose the desired type Disable Roaming Out or 802 1x and key in the related data and then click Apply to complete the settings Radius Client Configuration No Type IP Address segmen Secret 1 Roaming Out fi 0 0 0 0 255 0 0 0 8 fi 2345670 Radius Roaming Out When Radius Roaming Out is selected local users can login from other domains by using their original accounts 802 1x Authentication 802 1x is a security standard for wired and wireless LANs It encapsulates EAP Extensible Authentication Protocol processes into Ethernet packets instead of using the protocol s native PPP Point to Point Protocol environment thus reducing some network overhead It also puts the bulk of the processing burden upon the client called a supplicant in 802 1x parlance and the authentication server such as a RADIUS letting th
108. rol click it and then Disable add on A click Delete Actives Sau aH Download new add ons for Internet Explorer Learn more about add ons From Windows Internet Explorer click Manage add ons button inside Programs page under Tools to show the add ons programs list You can see VPNClient ipsec was enabled 128 During the first time login to PLANET WLS 1280 Internet Explorer will ask user to download the ActiveX component of IPSec VPN This ActiveX component once downloaded will be running paralleled with the Login Success Page after the page being brought up successfully The ActiveX component helps to setup the IPSec VPN tunnel between client s device and PLANET WLS 1280 controller and to check the validity of the IPSec VPN tunnel between them If the connection is down the ActiveX component will detect the broken link and decompose the IPSec tunnel Once the IPSec VPN tunnel was built any packet sent will be encrypted Without connecting to the original IPSec VPN tunnel user or client device has no alternative to gain network connection beyond this The design of PLANET WLS 1280 s IPSec VPN feature directly solves possible data security leak problem between client and the controller via either wireless or wired connection without extra hardware or client software installed Hi jennifer You have Successfaully logged in You will be secured by IPSec VPN Click this button to Logout Do n
109. rs Bits per second a600 as 9600 8 n 1 Data bits le Parity None Stop bits Flow control None bl Restore Defaults caca dom Caution the main console is a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter Once the console port of PLANET WLS 1280 is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system and the welcome screen or the main menu should appear If you are still unable to see the welcome screen or the main menu of the console please check the connection of the cables and the settings of the terminal simulation program PLANET WLS5 12 50 Basic Configuration Please select functions Utilities for network debugging Change admin password Reload factory default Restart PLANET WLS3 1 lt 00 120 Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems The utilities are described as follow Y vV V Y gt PLANET WLS 1280 Configuration Utility Piar SEN SmE wie a dla Ping host IF Trace routing path Display interface settings Di
110. s Login Page and Logout Page customization and login notification email to client When MAC Access Control is enabled system will only provide login page to those devices listed 4 2 1 Authentication Configuration This function is used to configure the settings for authentication server and on demand user authentication Click on the server name to set the related configurations for that particular server Users can log into the default server without the postfix to allow faster login process Authentication Server Configuration server Name Auth Method Postfix Policy Default Enabled Server 1 LOCAL Postfix Policy 1 F Server POP3 Postfix Policy 2 O F Server 3 LDAP Postfix3 Policy 3 O E On demand User ONDEMAND ondermand Policy 1 O 40 e Server 1 3 There are 5 kinds of authentication methods Local User POP3 RADIUS LDAP and NTDomain to setup from Authentication Server Server 1 Server Name Server 1 Flts server name Server Status Disabled Postfix Postfix ipene Black Lisi None al Authentication Method Local User v Local User Setting Policy Policy 1 Server Name Set a name for the server using numbers 0 to 9 alphabets a to z or Ato Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Sever Status The status shows that the server is enabled or disabled Postfix Set a postfix that is easy to dis
111. s when WAN2 Port can obtain IP address automatically such as a DHCP Server available from WAN2 Port Up to three URLs can be entered Check Warning of Internet Disconnection to work with the WAN Failover function WAH amp Failover None WAN Port Static IP Address Dynamic IP Address Probe Target URLA http URL2 ntet o URLS O WAN Failover L Fallback to WANT when possible Warning of Internet Disconnection When internet Connection is down the system will display The warning messages as Sorry The service is temporarily unavailable Failower For Dynamic IP Address WAN Failover and Fallback to WAN1 when possible also can be enabled like as the function for Static IP Address If Warning of Internet Disconnection is enabled a warning message can be entered to indicate what the system should display when Internet connection is down 4 1 5 LAN Port Roles Client machines connect to PLANET WLS 1280 via LAN ports Each LAN port can be configured to one of two roles controlled or uncontrolled The differences of these two roles for a client connected to are Clients connected to controlled port to need authentication to access network Clients connected to uncontrolled port can access the web management interface LAN Port Role Setting Check the box ifthe LAN ports need to be controlled a E E E 4 1 6 Controlled Configuration The controlled port has the user authentication function which can be
112. sabled Configure Discovered AP List IP Address AP Type Name Password Template MAC Address Total 0 First Prey Mext Last Last discovery was done at 006 September 29 11 39 48 e Interface Check the Controlled LAN or and the Uncontrolled LAN and the IP address and Pool Size the discovered APs will be configured to use IP address in this IP pool e AP Access Input the IP Address ID and Password of the AP Then click the Discover button and the devices match the given settings will show in the list below For the desired device input the desired Name and IP address select one template check it and then click Add to add it under the managed list About the template please see 4 3 4 Template If the any IP address within the assigned Base IP and the Pool Size has been used the used IP address will be listed and a warning message will show up Please change the settings of Base IP or Pool Size 4 3 3 Manual Configuration The device also can be added manually Choose which type of AP to configure input the related data of the AP and select a Template Then click ADD the AP will be added to the AP List Manual Configuration AP Type AP Name Admin Password Remark Po O Template 4 3 4 Template Settings Template is a model that can be applied to every device and is not required to configure the device individually There are three templates provided for each AP model Click Edit to configure each Template Templat
113. ser can enter the username and password in the User Login Page and click the Remaining button to view the remaining time the account User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In a User Name KYGF ondemand 5 When an on demand user logs in successfully the following Login Successfully screen will appear There is an extra line showing Remaining usage and a Redeem buiton y Please close this window or click this button to Thank you Remaining Usage Hour 59 Min Sec Login time 2006 10 2 18 47 8 23 e Remaining usage Show the remaining time or data volume that the on demand user can use to surf Internet Redeem Page Welcome To Redeem Page Please Enter Your User Name and Password To Sign In a User Name 4 Password W Clear _ r Fi e Redeem When the remaining time or data size is insufficient the client has to pay for adding credit at the counter and then the client will get a new username and password After clicking the Redeem bution a login screen will appear Please enter the new username and password obtained and click Redeem button The total available use time and data size after adding credit will show up 4 Web Interface Configuration This chapter will guide you through further detailed settings The following table is the UI and functions of PLANET WLS 1280 System
114. splay routing table Display AREF table Display system up time Check service status Set device into safe mode aynehronize clock with NTP server Print the kernel ring butter Main menu Ping host IP By sending ICMP echo request to a specified host and wait for the response to test the network status Trace routing path Trace and inquire the routing path to a specific target Display interface settings lt displays the information of each network interface setting including the MAC address IP address and netmask Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings Display ARP table The internal ARP table of the system is displayed Display system up time The system live time time for system being turn on is displayed Check service status Check and display the status of the system Set device into safe mode If administrator is unable to use Web Management Interface via the browser for the system failed inexplicitly Administrator can choose this utility and set PLANET WLS 1280 into safe mode then administrator can management this device with browser again Synchronize clock with NTP server Immediately synchronize the clock through the NTP protocol and the specified network time server Since this interface does not support manual setup for its internal clock therefore we must reset the internal clock through the NTP Print the kernel ri
115. tatus of the DHCP server on the controlled port WINS IP Address The WINS server IP N A means that it is not configured Controlled DHCP Server Start IP Address The start IP address of the DHCP IP range End IP address The end IP address of the DHCP IP range Lease Time Minutes of the lease time of the IP address Mode Me mode of the uncontrolled port MAC Address The MAC address of the uncontrolled port Uncontrolled IP Address The IP address of the uncontrolled port Subnet Mask The Subnet Mask of the uncontrolled port Enable disable stands for status of the DHCP server on the uncontrolled port Uncontrolled WINS IP Address The WINS server IP N A means that it is not configured DHCP Server Start IP Address The start IP address of the DHCP IP range End IP address The end IP Address of the DHCP IP range Lease Time Minutes of the lease time of the IP address MAC Address The MAC address of the WAN2 port WAN2 4 6 3 Current Users In this function each online user s information including Username IP MAC Pkts In Bytes In Pkts Out Bytes Out Idle Source AP and Kick Out can be obtained Administrator can use this function to force a specific online user to log out Just click the hyperlink of Kick Out next to the online user s name to logout that particular user Click Refresh to renew the current users list 115 Current Users List Username Pkts In Bytes In Source AP tem ldle IP MAC Pkts Out By
116. te network With this disabled network security is enhanced and can prevent the SSID from being seen on networked SSID Isolation Choose to isolate SSID or not Channel Select the appropriate channel from the list to correspond with your network settings for example 1 to 11 channels are suitable for the North America area Wireless Mode Choose a suitable wireless mode from the drop down menu Transmission Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of your wireless network You can select from a range of transmission speed or you can keep the default setting Auto to make the Access Point 90 automatically use the fastest rate possible Parameters e Disassociated Timeout The AP will be disassociated after idling for the minutes specified e Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet e CTS RTS Threshold Request To Send A packet sent when a computer has data to transmit The computer will wait for a CTS Clear To Send message before sending data e Beacon Interval ms Enter a value between 20 and 1000 msec The default value is 100 milliseconds The entered time means how often the beacon signal transmission between the access point and the wireless network Preamble Type The length of the CRC Cyclic Redundancy Check block for communic
117. tes Out Kick Out Refresh 4 6 4 Traffic History This function is used to check the history of PLANET WLS 1280 The history of each day will be saved separately in the DRAM for 3 days Traffic History Date Size Byte 2007 01 05 BA On demand User Log Date Size Byte 2007 01 05 239 Roaming Out Traffic History Date Size Byte 2007 01 05 106 Roaming in Traffic History Date Size Byte 2007 01 05 112 Caution Since the history is saved in the DRAM if you need to restart the system and also keep the history then please manually copy and save the information before restarting If the History Email has been entered under the Notify Configuration page then the system will automatically send out the history information to that email address Traffic History As shown in the following figure each line is a traffic history record consisting of 9 fields Date Type Name IP 116 MAC Pkts In Bytes In Pkts Out and Bytes Out of user activities Traffic History 2005 03 22 Date Type Mame IP MAC Pkts In Bytes In Pkts Out Bytes Gut 0005 03 22 19 12 21 0800 LOGIN useriflocal tv 192 165 1 145 00 D00 C09 42 37 20 0 o 0005 03 22 19 12 24 0800 LOGOUT useri local tv 192 165 1 145 00 D00 C09 42 37 20 3 eue 252 2005 03 22 19 12 29 0800 LOGIN user2flocal tv 192 168 1 143 00 D0 C9 42 37 20 O o 0 2005 03 22 19 12 32 0800 LOGOUT user local tw 192 168 1 143 00 D0 C9 42 37 20 3 252 252 2005 03 22 19 13 51 080
118. thod field the hyperlink beside the pull down menu will become Radius Setting Authentication Server Server 3 Server Name Servers patesemernamo Server Status Enabled Postfix Postfix ts postfix name Black List Mone Authentication Method Radios 4 Radius Setting Policy Policy 1 Edit Policy Mapping j Enable YPH Termination When POP3 Radius LDAP or NTDomain is selected from the drop down memu Enable VPN Termination will show up Check Enable VPN Termination to enable this function or not Click the hyperlink for further configuration The Radius server sets the external authentication for user accounts Enter the related information for the primary server and or the secondary server the secondary server is not required The blanks with red star are necessary information These settings will become effective immediately after clicking the Apply button Radius Setting 602 1 Authentication Enabled Disabled Trans Full Name Enabled Disabled NASID ee Primary RADIUS Server Authentication Part Default 1842 Accounting Port Default 1243 IL secret Key Accounting Service Enabled Disabled Authentication Protocol PAP Secondary RADIUS Server server IP Authentication Port Accounting Port ny secret Key Accounting Service Enabled Disabled Authentication Protocol CHAP e 802 1X Authentication Enable this function and the hyperlink of Radius Client List w
119. tinguish e g Local for the server using numbers 0 to 9 alphabets a to z or Ato Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Black List There are 5 sets of black lists Select one of them or choose None Please refer to 4 2 2 Black List Configuration for more information Authentication Method There are 5 authentication methods Local POP3 RADIUS LDAP and NT Domain to configure from Select the desired method and then click the link besides the pull down menu for more advanced configuration For more details please refer to 4 2 1 1 5 Authentication Method Notice Enabling two or more servers of the same authentication method is not allowed Policy There are 3 policies to choose from to apply to this particular server 41 On demand User When the customers need to use wireless Internet in the store they have to get a printed receipt with username and password from the store to log in the system for wireless access There are 2000 On demand User accounts available On demand User Server Configuration server Status Enabled Postfix ondemand e g ondemand Max 40 chan Receipt Header 1 Welcome e g Welcome Receipt Footer Thank oul e g Thank You O none O usp O Lor O eur D Lampa other desired monetary unit e g AD Policy Name WLAN ESSID Ce e g ondemand Wireless Key Remark fs for custamer Billing Notice Interval 10mins
120. tor up to 40 network devices online status with an option to add them as public access servers via HTTP or HTTPS Even under WAT mode a er added the devices as public access servers the devices can be accessed by clicking the hypertext mmes O Walled Garden List oto 20 hosts URL could be defined in Walled Garden List Clients may access these URL without authentication Proxy Server PLANET vWLS 1 250 supports up to 10 external proxy servers s Properties System can redirect traffic to external proxy server into built in proxy VPH Termination Dynamic DNS IP Mobility VPN Termination Serer PLANET WWLS 1280 supports dynamic ONS DONS feature System supports IP PMP Configuration YPN tunnels using IPSec tan be terminated locally on PLANET WLS 1280 133 8 Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will External Proxy Server item Server IP Port ip o a LO appear Internal Proxy Server Built in Proxy Server O Enabled Disabled 9 Add the ISP s proxy Server IP and Port into External Proxy Server Setting External Proxy Server Item Server IP Port a 2 6588 2 Ld Internal Proxy Server Built in Proxy Server O Enabled Disabled 134 10 Enable Built in Proxy Server in Internal Proxy Server Setting External Proxy Server Item Server IP Port TA a 1 6558 aj Coo wj Internal Prox
121. ts for a Class B digital device pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio technician for help FCC Caution To assure continued compliance example use only shielded interface cables when connecting to computer or peripheral devices Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device complies with Part 15 of the FCC Rules Operation is subject to the Following two conditions 1 This device may not cause harmful interference and 2 this De
122. tting for Enterprise mmooooommmmmmmmm 136 Appendix F Disclaimer Jor USCIS AAA AAA et 141 11 1 Before You Start 1 1 Preface This manual is for Hotspot owners or administrators in enterprises to set up network environment using PLANET WLS 1280 It contains step by step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation 1 2 Document Convention For any caution or warning that requires special attention of readers a highlight box with the eye catching italic font is used as below Warning For security purposes you should immediately change the Administrator s password D Indicates that clicking this button will return to the homepage of this section Q Indicates that clicking this button will return to the previous page Indicates that clicking this button will apply all of your settings Indicates that clicking this button will clear what you set before these settings are applied 2 System Overview 2 1 Introduction of PLANET WLS 1280 PLANET WLS 1280 is an all in one product specially designed for Hotspot wireless network environment lt integrates Access Control and Wireless Network Access into one system to fulfill the needs in Hotspot environment 2 2 System Concept PLANET WLS 1280 is specially designed for user authentication authorization and management The user account information is stored in the loca
123. tton to remove that user from the black list 59 Black List Configuration Select Black List 1 Blacklist Name Blacklist User Remark James fraud F Junior Total First Prev Mex Last Add User to List 4 2 3 Policy Configuration Each policy has three profiles Firewall Profile Specific Route Profile and Schedule Profile as well as Bandwidth settings for that policy Policy Configuration select Policy Firewall Profile Setting specific Route Profile Setting Schedule Profile gettin Total Bandwidth Unlimited Indradual Maximum Bandwidth Unlimited Ae Individual Request Bandwidth Mone w e Firewall Profile Click the hyperlink of Setting for Firewall Profile the Firewall Profile page will appear Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active to enable that rule 60 Profile Name Firewall Profile 1 Firewall Profiles Source Filter Rule kem Active Action Name Protocol MAC Destination AMY l Tr Block ALL AMY AMY Zz E Block ALL AMY AMY d E Block ALL AMY AMY 4 Tr Block ALL AMY AMY E Block ALL AMY Edit Filter Rule Rule Item 1 Rule Name Enable this Rule Action Black Protocol ALL Source MAC Address For Specific MAC Address Filter Start End Fort Fort Source ALL 255 255 255 255 132 Destination ALL x 255 255 255 255 a2
124. u will become Local User Setting Authentication Server Server 1 Server Hame Severt fet sewer name Server Status Disabled Postfix Postet Pts postie name Black List Authentication Method Local User Setting Local User Policy SA TD omain AAA Click the hyperlink to get in for further configuration Local User Setting Edit Local User List Radius Roaming Out O Enable Disable 802 1 Authentication O Enable Disable e Edit Local User List Click this to enter the Local User List page Upload User Download User a Policy Username Password MAC Remark Del All VPH Termination Enabled Total First Previous Me asi Add User Click this to enter the Add User interface Fill in the necessary information such as Username Password MAC optional and Remark optional Select a desired Policy check whether to enable VPN Termination 4 Add User tem Username Password e Tees Policy Remark IA e Ja en 2 poh focos Jr e OA ato LL Jime Bl O Bl JJ Jime Al O sl o JJ Jime Bl O pro JE JJ Jime Al O glo JJ Jime Ml O gL LL Jime Al O LLL Jime ma 0 Click Apply to save all the settings after finishing to add users User Alice has been added Lser Bob has been added User Cathy has been added Add User MAC E VPH a HEH Jes Termination tt jimecal E 2 O n 3 JJ Jime mW d E al o Eoo Ho ie IS a tem Username Password Upload
125. unique association throughout a ESS Extended Service Set and for secure exchange of station s security context between current access point AP and new AP during handoff period Block Relay Select whether to enable this function Tx Power Level Choose which Tx power level desired from the drop down menu Security Security Type Choose one security type from the drop down menu WEP Choose WEP authentication type here 89 Wireless SSID default SSID Broadcast Enable Channel Transmission Mode Mixed wt DA Auto Transmission Rate m na it mp Cu a mj a a Cu a it a L a Ch Ja cr TA 2 CTS Protection Disable Default Disable Fragment Threshold 2346 Properties Default 2346 Range from 256 to 2346 RTS Threshold 224 Default 2347 Range from O to 23477 100 Default 100 Range from 20 to 1024 msec Beacon Interval ms Preamble Type Default Longi APP Default Enable Block Relay Tx Power Level 100 w security Type Ll 802 1 Authentication Security WEP Authentication Type For WAP 4060 Properties SSID Broadcast Select this option to enable the SSID to broadcast in your network When configuring the network it is suggested to enable this function but disable it when the configuration is complete With this enabled someone could easily obtain the SSID information with the site survey software and get unauthorized access to a priva
126. uration Hetwork Address Translation Network Configuration PLANET WLS 1280 provides 3 types of network address translation DMZ Dermilitarized zonei Public Accessible Server and IPiPort Redirect System provides Privilege IP Address List and Privilege MAC Address List System will MOT authenticate those listed devices Privilege List Network Address Translation Monitor IP List Privilege List Ses eee System can monitor up to 40 network devices online status with an Monitor IP List option to add them as public access servers via HTTP or HTTPS Proxy Server Properties Even under MAT mode after added the devices as public access servers the devices can be accessed by clicking the hypertext Upto 20 hosts URL could be defined in Walled Garden List Clients May access these URL without authentic ation PLANET WWLS 1280 supports up to 10 external proxy servers Dynamic DNS Walled Garden List Proxy Server sired Properties System can redirect traffic to external proxy server into built in proxy Server VPH Termination Dynamic DNS PLANET WWLS 1280 supports dynamic ONS DONS feature IP Mobility System supports IP PNF Configuration PHN tunnels using IPSec tan be terminated locally on PLANET VPN Termination WiLS 1 220 3 Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will appear External Proxy Server item Server IP Port wy Coo i
127. vice must accept any interference received including interference that may cause undesired operation Federal Communication Commission FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environment In order to avoid the possibility of exceeding the FCC radio frequency exposure limits human proximity to the antenna shall not be less than 20 cm 2 8 inches during normal operation Safety This equipment is designed with the utmost care for the safety of those who install and use it However special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment EU Countries Not Intended for Use The ETSI version of this device is intended for home and office use in Austria Belgium Denmark Finland France with Frequency channel restrictions Germany Greece Ireland Italy Luxembourg The Netherlands Portugal Spain Sweden and United Kingdom The ETSI version of this device is also authorized for use in EFTA member states Iceland Liechtenstein Norway and Switzerland WEEE regulation X To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment end users of electrical and e
128. width 110 height 20 border 0 align center cellpadding 2 gt lt tr gt lt td width 45 align center valign middle gt lt input name next_button type button value Next onclick javascript check_agree Enter gt lt td gt lt tr gt lt table gt lt td gt lt tr gt lt tr gt lt td height 20 gt amp nbsp lt td gt lt tr gt lt table gt lt div align center gt lt table name login id login width 497 height 328 border 0 align center cellpadding 2 cellspacing 0 background images userlogin gif gt lt tr gt lt td height 146 colspan 2 gt amp nbsp lt td gt lt tr gt lt tr gt lt td width 43 height 53 gt amp nbsp lt td gt lt td gt lt input type text name myusername size 20 gt lt td gt lt tr gt lt tr gt lt td height 42 gt amp nbsp lt td gt lt td gt lt input type password name mypassword size 20 gt lt td gt lt tr gt 147 lt tr gt lt div align center gt o lt a onclick javascript if Before_Submit Enter Enter submit onMouseOut MM_swaplmgRestore r MM_swaplmage Image3 images submit0 gif 1 gt it fidth 1 img src images submit gif name Image3 w 8 border 0 gt lt a gt IM_swaplmgRestore lt a onclick cancel_onclick Enter onMouseQut M onMous swaplmage Images images c ear0 gif 1 gt 38 b or d er 0
129. work By pushing down ActiveX to the clients Windows device from PLANET WLS 1280 no extra client software to be installed except ActiveX in which a so called clientless IPSec VPN setting is configured automatically At the end of this setup a build in IPSec VPN feature was enabled to be ready to serve once it is called to be setup The design goal is to eliminate the configuration difficulty from IPSec VPN users At the client side the IPSec VPN implementation of PLANET WLS 1280 is based on ActiveX and the built in IPSec VPN client of Windows OS 1 ActiveX component The ActiveX is a software component running inside Internet Explorer The ActiveX component can be checked by the following windows Internet Explorer cannot display the webpage Windows Internet Explorer AAA AAA Manaze Add ons General Security Privacy i Content Connections Programs Advanced CR i E E E Pi me Ws cS ary Internet programs Add ons are programs that extend the capabilities of your web browser Some add ons can interfere with the operation of your browser You can disable enable or delete add ons Disabling or deleting an add on might prevent some webpages from working E ou can specify which program Windows automatically uses For Lif each Internet SERP ey eee O A Bae Show Add ons curently loaded in Intemet Explorer HTML editor Ult Bdit32 SSeS e EA v eS ee
130. y 10 30 1 254 a a ED CE Gn gt Dynamic IP Address If this option is selected PLANET WLS 1280 will obtain IP settings from external DHCP server on network connected by WAN1 automatically Click Next to continue 17 gt PPPoE Client Set PPPoE Client s Information Step 4 Cont Set PPPoE Client s Information Enter the PPPoE Client s Username and Password For most DSL users a gt ANA GED Enter the Username and Password provided by the ISP Click Next to continue Step 5 Set Authentication Methods Step 5 Set Authentication Methods Select a default User Authentication Method Click Next to continue lts postfix name Policy Folicy 1 LocalUser LDAP POP3 NT Domain RADIUS a gt AA GED Set the user s information in advance Enter an easily identified name as the postfix name in the Postfix field e g Local select a policy to assign to and choose an authentication method Click Next to continue Different information has to be provided for each kind of authentication method 18 gt Local User Add User Step 5 Cont Add User Click ADD button to add Local User Click Next to continue Password MAC O A policy None Add CA A A A new user can be added to the local user data base To add a user here enter the Username e g test Password e g test MAC optional to specify the valid MAC address of this use
131. y Server Built in Proxy Server O Enabled Disabled 11 Click Apply to save the settings 135 9 Appendix E Proxy Setting for Enterprise Enterprises usually isolate their intranet and internet by using more elaborated network architecture Many enterprises have their own proxy server which is usually at intranet or DMZ under the firewall protection Desktop SA Router X Gateway Core Switch Firewall 9 9 D gt L2 Switch f Access Point Access Point Notebook Notebook 3 Proxy Server Web Server Mail Server DMZ In enterprises network managers or MIS staff may often ask their users to enable their proxy setting of the browsers such as IE and Firefox to reduce the internet access loading Therefore some proxy configurations in the Gateway need to be set Caution Some enterprises will automatically redirect packets to proxy server by using core switch or Layer 7 IN devices By the way the clients dont need to enable their browsers proxy settings and administrators don t need to set any proxy configuration in the Gateway Please follow the steps to complete the proxy configuration E Gateway setting 1 Login Gateway by using admin 2 Click the Network Configuration from top menu and the homepage of the Network Configuration will 136 appear System L Configuration Utilities a User g AP j r Authentication a G aL h O Metwork Config
132. you provide cannot be verified we may ask you to send us additional information such as your driver license credit card statement and or a recent utility bill or other information confirming your address or to answer additional questions to help verify your information Our primary purpose in collecting personal information is to provide you with a safe smooth efficient and customized experience You agree that we may use your personal information to provide the services and customer support you request resolve disputes collect fees and troubleshoot problems prevent potentially prohibited or illegal activities customize measure and improve our services and the site s content and layout compare 145 information for accuracy and verify it with third parties We may disclose personal information to respond to legal requirements enforce our policies respond to claims that an activity violates the rights of others or protect anyone s rights property or safety We may also share your personal information with members of our corporate family to help detect and prevent potentially illegal acts service providers under contract who help with our business operations such as fraud investigations and bill collection other third parties to whom you explicitly ask us to send your information or about whom you are otherwise explicitly notified and consent to when using a specific service law enforcement or other governmental off
Download Pdf Manuals
Related Search