LANPRO LP-NC1 User`s Manual
Contents
1. C Auto detect proxy settings for this network Manual proxy configuration HTTP Proxy 10 2 3 203 Mo Proxy for 192 168 1 254 1 1 1 1 Example mozilla org netaz 192 168 1024 Automatic proxy configuration URL b 163 LANPRO LP NC1 User s Manual Appendix G DHCP Relay LANPRO LP NC1 supports DHCP Relay defined according to RFC 3046 For scaling reasons it is advantageous to set up an external DHCP server other than having the internal DHCP server implemented in LANPRO LP NC1 to assign an IP When forwarding client originated DHCP packets to a DHCP server a new option called the Relay Agent Information option is inserted by the DHCP relay agent External DHCP servers that recognize the Relay Agent Information option may use the information to implement IP address or other parameter assignment policies The external DHCP server then echoes the option back to the relay agent in server to client replies and the relay agent strips the option before forwarding the reply to the client A graphic example of connecting 2 gateways with an external DHCP server 10 1 1 100 10 1 1 200 10 1 1 254 Gateway 192 168 1 254 192 168 2 254 DHCP Server Gateway 2 10 10 10 254 123 100 1 254 Please note that the Router and Gateway 1 connected to the DHCP Server have to be under the same network segment as DHCP Server When a client requests IP address from Gateway 12. Ada MAC Adiress Password Total 0 First Prey Met Last Last Discover 14 13 37 May 17 2007 e AP Discovery By pre defining the settings of those APs in this AP Discovery interface administrator will be able to discover by clicking on the Scan Now button all manageable APs at once After these APs are discovered administrator can apply the template of AP setting and add to the AP List for later maintenance gt AP Type The type of manageable APs to be discovered gt Interface The LAN interface Controlled or Uncontrolled to which the APs are connected gt Admin Settings Used to Discover This is the setting of web based Administration UI of the specific AP If the APs are not reset to Factory Default values administrator can select Manual to manually enter the current IP address range Login ID and Password of the APs gt IP Addresses of APs after Discovery The start IP address of IP address range to be assigned to the discovered APs If nay APs are discovered the APs will be assigned the IP addresses starting from the Start IP Address gt Scan Now Click this button to start the discovery All discovered APs will be shown in the Discovered AP List If any IP address to be assigned to a specific AP is used there will be a warning message showing up If so please change the IP Addresses of APs after Discovery and then click Scan Now again 97 LANPRO LP NC1 User s Manual e Back
3. Sometimes a transaction may need to be canceled as well as the related user account on LANPRO LP NC1 before it has been settled with the bank a To void an unsettled transaction please log in Authorize Net Click Unsettled Transactions Try to locate the specific transaction record on the List of Unsettled Transactions gt Click the Trans ID number gt Confirm and click Void Note To find the on demand account name click Show Itemized Order Information in the Order Information section gt Username can be found in the Item Description b To remove the specific account from LANPRO LP NC1 please log in LANPRO LP NC1 User Authentication Authentication Configuration gt Click the server On demand User On demand User Server Configuration Users List Click Delete on the record with the account name 2 2 Refund A Settled Transaction and Remove The On demand Account Generated on LANPRO LP NC1 a To refund a credit card please log in Authorize Net Click Virtual Terminal Select Payment Method gt Click Refund a Credit Card Payment Authorization Information gt Type information in at least three fields Card Number Expiration Date and Amount gt Confirm and click Submit b To remove the specific account from LANPRO LP NC1 please log in LANPRO LP NC1 User Authentication gt Authentication Configuration gt Click the server On demand User On demand User Ser
4. Welcome To User Login Page Please Enter Your User Name and Password To Sign In User Name test Local Password esse 2 Login success page will appear if LANPRO LP NC1 has been installed and configured successfully Now clients can access the network or surf on the Internet Hello test local mo o me o l jb Please close this window or click this button to Thank you Logintime 2006 12 17 10 41 11 21 LANPRO LP NC1 User s Manual 3 When an on demand user login successfully the following Login Success page will appear There is extra information showing Remaining usage and a Redeem buiton on the bottom Remaining usage Show the remaining quota that the on demand user can use to surf Internet Please close this window or click this button to Thank yout Remaining Usage 3 Hour 36 Min 29 Sec Login time 2005 8 24 14 18 7 Redeem When the remaining credit is going to use up the client has to pay for adding credit to the counter and then the client will get a new username and password After clicking the Redeem button a Redeem Page will appear Please enter the new username and password obtained and click Enter button The total available time or data size will be shown up after adding credit Redeem Page Welcome To Redeem Page Please Enter Your User Name and Password To Sign In d User Name Password 22 LANPRO LP NC1 User s
5. gt Local User Add User A new user can be added to the local user data base To add a user here enter the Username e g test Password e g test MAC optional to specify a valid MAC address for this user and assign a policy or use the default Click the ADD button to add this user Attention The policy selected in this step is applied to this user only Per user policy setting takes over the group policy setting at precious step unless you select None here Click Next to continue step 5 Cont Add User Click ADD bitten to add Local User Click Next to continue Username Password Ba MAC Policy None B Add 17 LANPRO LP NC1 User s Manual gt POP3 User POP3 Enter Domain Name IP Server Port of the POPS server provided by the ISP and then choose to enable SSL or not Click Next to continue Step 5 Cont POP3 Configure POPS Server information Click Next to continue POP3 Server Domain NamesiP Server Port es Default 110 Enable SSL gt RADIUS User RADIUS Enter the Domain Name IP of the RADIUS server Authentication Port Accounting Port and Secret Key Then choose to enable the Accounting Service or not and choose the desired Authentication Method Click Next to continue Step 5 Cont RADIUS Configure RADIUS Server information Click Next to continue RADIUS Server Domain Hae Authentication Port Default 18424 Accounting Port Accounting Service
6. Add 19 rte ELO a o e O a Total 40 First Prev Mext Last 111 LANPRO LP NC1 User s Manual When Monitor button is clicked Monitor IP Result page will appear If the entered IP address is unreachable a red dot under Result field will appear A green dot indicates that the IP address is reachable and alive Result Na 2 IP Address 192 1768 1 200 192 168 1 100 On each monitored device with a WEB server running you may add a link for the easy access by selecting a protocol http or https and click the Add button After clicking Add button the IP address will become a hyperlink and then you can easily access the host by clicking the hyperlink Click the Del button to remove the setting Monitor IP List item Protocol 3 hip nih http htt iid ol oli ol IP Address Link item Protocol 104711129 Del 2 he z fiza4 Ads a http k J al e http kE j E htp k ta Raal o http il e A E kta E http kej Real 18 http fd 20 http Total4O First Prev Next Last IP Address n HAL Ad ZEE Te fas ae 112 LANPRO LP NC1 User s Manual 4 4 4 Walled Garden List This system provides the free services to the users to access websites listed here before authentication IP address or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience
7. CTS Protection Fragment 2346 Threshold Default 2346 Range from 256 to 2346 Properties 2347 RTS Threshold Default 2347 Range from O to 2347 Beacon Interval 100 ms Default 100 Range from 20 to 1024 msec Long Default Long Preamble Type Default Enable Block Relay Default Disable do not supported in wersians before W425 100 Default 100 do not supported in versions before W125 Tx Power Level Security Type C 802 1 Authentication Security WEP Authentication Type Access Control Status Disabled MAC Address List OO 00 00 00 00 00 z 00 00 00 00 00 00 d 00 00 00 00 00 00 4 O0 00 00 00 00 00 Subnet Mask The default is 255 255 255 0 All devices in the network must share the same subnet mask Default Gateway The default is 192 168 1 254 Enter the gateway IP address for the network typically a router Properties gt SSID The SSID is the unique name shared among all devices in a wireless network gt SSID Broadcast Select this option to enable the SSID to broadcast in your network When configuring the network it is Suggested to enable this function but disable it when the configuration is complete With this enabled someone could easily obtain the SSID information with the site survey software and get unauthorized access to a private network With this disabled network security is enhanced and can 101 gt gt LANPRO LP NCI I User s Manual prevent the SSID from being se
8. Color for Title Text oOo Select RGB values in hex mode Color for Page Background Select ROB values in hex mode Color for Page Text __ Select RGB values in hex mode Preview Preview 75 LANPRO LP NC1 User s Manual c Choose Uploaded Page and upload a login page Click the Browse button to select the file to upload Then click Submit to complete the upload process Login Page Selection tor Users Default Page C Template Page Uploaded Pade C External Page Uploaded Page Setting File Name Browse Submit Existing Image Files Total Capacity 512 Now Used 0 Upload linage Files Upload linages Browse Suhrmit Previews After the upload process is completed the new login page can be previewed by clicking Preview button at User Login Page Welcome To User Login Page the bottom Please Enter Your User Name and Password To Sign In hi UserName Password The user defined login page must include the following HTML codes to provide the necessary fields for username and password lt form action userlogin shtml method post name Enter lt input type text name myusername lt input type password name mypassword lt input type submit name submit value Enter lt input type reset names clear values Clear gt lt form gt lf the user defined login page includes an image file the image file pat
9. Disabled Authentication Method T Default 1813 AL gt LDAP User LDAP Enter the LDAP Server Server Port Base DN and Account Attribute of the LDAP server Click Next to continue 18 LANPRO LP NC1 User s Manual Step 5 Cont LDAP Configure LDAP Server information Click Next to continue LDAP Server is h Domain NamevlFy Server Port e Default 389 Account Attribute E Default uid D D a gt NT Domain User NT Domain When NT Domain authentication method is selected enter the Server IP Address and choose to enable disable Transparent Login If Transparent Login is selected users will be logged in the system NT Domain active directory and authenticated automatically when they log into their Windows OS domain Click Next to continue step 5 Cont NT Domain Configure NT Domain Server information Click Next to continue ServerPAddess Transparent Login SS Step 6 Save and Restart LANPRO LP NC1 Click Restart to save the current setting and restart LANPRO LP NC1 The Setup Wizard is completed now Step 6 Save and Restart LP NC1 The Setup Wizard has completed Click on Back to review or modify settings Click Restart to save the settings and restart the system to have the current settings take effect 19 LANPRO LP NC1 User s Manual e Setup Wizard During LANPRO LP NC1 restart a Restarting now Please wait for a moment message will
10. Enable Disable oO co 4 mo om ee oy ee hl Enable Disable 10 Enable Disable Client s Purchasing Record Invoice Number Reset Description Internet access z E mail Header Enjoy Online z Credit Card Payment Page Billing Configuration These 10 plans are the plans in Billing Configuration and desired plan can be enabled Client s Purchasing Record Invoice Number An invoice number may be provided as additional information against a transaction This is a reference field that may contain any format of information Description Some remarks can be made here for the transaction Email Header What appears as the header of the email sent to customers 62 Credit Card Payment Page Fields Configuration tem Credit Card Number Credit Card Expiration Date Card Type M Card Code E mail Cl Customer ID First Name Last Name Company Address M city State W Zip M Country Phone M Fax Displayed Text Credit Card Number Credit Card Expiration Date Card Type Visa American Express Waster Card F Discover Room Number First Mame Last Hame Company Address E ity C pin yn H is a g A a oO o Cc a faa 7 a Displayed text fileds must be filled mi o gt pai a o co co imo H H H H H H H H H H H H Required Ek OO
11. GMT Time can also be set manually when selecting Set Device Date and Time Please enter the date and time into these fields Device Time 2007 09 12 23 34 11 Time one SMT O5 00Eastern TimeflS amp canada w NTP Enable MTP Server 14 tock usno nayy mil fe g tock usno navy mil Time MTP Server 2 ntpd faude MTP Server 3 jclock cuhk edu hk MTP Sewer 4 ntpsd pads utrbr MTP Sewer 4 mtpi ics mu 07 4U O Set Device Date and Time 2 7 LANPRO LP NC1 User s Manual Device Time 20079094 2 23 34 11 Time one SMT O5 00Eastern TimeflS amp canada w Time O NTP Enable Set Device Date and Time v ear _ Month Day v Hou Minute Second 28 LANPRO LP NC1 User s Manual 4 1 3 WAN1 Configuration System supports four different WAN connection types Static IP Address Dynamic IP Address PPPoE Client and PPTP Client WAN1 Configuration Static IP Address j Renew WANI Port Dynamic IP Address PPPoE Client PPTP Client Static IP Address Manually specifying the IP address of the WAN1 Port is applicable for the network environment where the DHCP service is unavailable The fields with red asterisks are required to be filled in IP Address The IP address of the WAN1 port Subnet Mask The subnet mask of the WAN1 port Default Gateway The gateway of the WAN1 port Preferred DNS Server The primary DNS Server of the WAN1 port Alternate DNS Server Th
12. LDAP or NTDomain is selected from the drop down menu the function of Enable VPN Termination will show up Check Enable VPN Termination to enable this function Click the button of LDAP Setting for further configuration Enter the related information of the primary server and or the secondary server the secondary server is not required The blanks with red asterisks are necessary information These settings will become effective immediately after clicking the Apply button Primary LDAP Server IP Address ee ear NamevlP Port ke 389 BaseDN fit den den Account Attribute uid Secondary LDAP Server IP Address fF Account Attribute ts e IP Address Server IP Address Enter the IP address domain name of the LDAP server e Port Enter the Port of the LDAP server and the default value is 389 e Base DN Enter the Distinguished Name for the navigation path of LDAP account e Account Attribute Enter the account attribute of the LDAP server e Edit Policy Mapping Click the hyperlink of Edit Policy Mapping to enter the Policy Mapping page Choose to enable or disable policy mapping by LDAP class attributes a2 LANPRO LP NC1 User s Manual LDAP Policy Mapping Server 1 Enable Disable No LDAP Attribute Name LDAP Attribute Value Policy Remark ee 2 ee 53 LANPRO LP NC1 User s Manual 4 2 1 5 Authentication Method NT Domain The system may authenticate users using external NT Domain Server Choose NTD
13. To close this wizard click Finish Back C Finish Cancel e TCP IP Network Setup In the default configuration LANPRO LP NC1 will assign an appropriate IP address to a client PC which uses DHCP to obtain IP address automatically Windows 95 98 2000 XP configures IP setup to Obtain an IP address automatically in default settings If you want to check the TCP IP setup or use a static IP to connect to LANPRO LP NC1 LAN port please follow the following steps 147 LANPRO LP NC1 User s Manual Check the TCP IP Setup of Window XP E Control Panel AeA 1 Select Start gt Control Panel gt Network Pie E Ven Fors Tob ii gt P Search j gt Folders EE Address P Control Panel v va Control Panel N z 5 i amp Accessibility Add Hardware Add or Administrative Date and Time B gt Switch to Category view Options Remov Tools Ra vw Be 9 See Also Display Folder Options Fonts Game Internet A Windows Update Controllers Options Help and Support Fia p af A gt Keyboard Mouse Network Phone and Power Options mcs A Modem gt 9 Printers and Regionaland Scannersand Scheduled Sounds and Faxes Language Cameras Tasks Audio Devices vy U E e Speech System Taskbar and User Accounts YMware Tools Connection Network Connections 2 Click the right button of the mouse on the Local Fle Edt View Favortes Tools Advanced Heb Q Back kp D J Se
14. When DHCP server gets the Circuit ID it recognizes that the request is sent from g1_public_lan and thus assigns the client a DNS server of 169 95 1 1 an IP that can be in the range of 192 168 1 30 and 192 168 1 50 a default gateway of 192 168 1 254 and a subnet mask of 255 255 255 0 165 LANPRO LP NC1 User s Manual Appendix H Session Limit and Session Log Session Limit To prevent ill behaved clients or malicious software from using up system s connection resources administrators will have to restrict the number of concurrent sessions that a user can establish gt The maximum number of concurrent sessions TCP and UDP for each user can be specified in the Global policy which applies to authenticated users users on a non authenticated port privileged users and clients in DMZ zones gt When the number of a user s sessions reaches the session limit a choice of Unlimited 10 25 50 100 200 350 and 500 the user will be implicitly suspended upon receipt of any new connection request In this case a record will be logged to the Syslog server specified in the Notification Configuration gt Since this basic protection mechanism may not be able to protect the system from all malicious DoS attacks it is strongly recommended to build some immune capabilities such as IDS or IPS solutions in the network deployment to protect the network in daily operation Session Log The system can record connection details o
15. s Manual 4 2 3 Policy Configuration There is one Global policy and eight other policies Every Policy has three different network related access profiles and bandwidth control for that policy Each policy has three profiles Firewall Profile Specific Route Profile and Schedule Profile as well as Bandwidth settings such as Total Bandwidth Individual Maximum Bandwidth and Individual Request Bandwidth for that policy Global policy is the system s universal policy where the Firewall Profile and Specific Route Profile are set and applied to all users The other eight policies are configured by the users in the section of Authentication Configuration in the screen of Authentication Server Once a policy is configured Policy 1 Policy 2 Policy 8 with the combinations of Firewall Specific Route Schedule Total Bandwidth Individual Maximum Bandwidth and Individual Request Bandwidth profiles administrator may assign one policy to one user group according to selected Authentication method Different user groups may share the same policy 4 2 3 1 Global Policy Policy Configuration Select Policy Global Firewall Profile Specific Route Profile Maxinum Concurrent AEU v Session for User gt Select Policy Select Global to set the Firewall Profile Specific Route Profile and Maximum Concurrent Session for User gt Firewall Profile Click the button of Setting for Firewall Profile the Firewall Profiles list will appear Cl
16. 3 Manual Configuration for details AP List IF C AP Type AP Name Status MAC t Total 0 First Prev Mest Las After adding an AP Check any AP and click the button below to Reboot Enable Disable and Delete the checked AP AP List IP C AP Type AP Name Status MAC 2 192 168 1 1 Online A200 Ao00 5 tl O00 2E 7D C32F Enabled Reboot Enable Disable Delete 4oply Template Total 1 First Prey Next Last e AP Type This is the supported type of APs for centralized management e AP Name The AP name will be shown as hyperlink Click the hyperlink of each managed AP can have for configurations about the specific AP Click the hyperlink of the AP Name to have more configurations There are four kinds of settings available General LAN Wireless LAN and Access Control Click the hyperlink of each individual setting to have further configurations e Status Each AP s status will be shown in this column Click the hyperlink of shown status of each managed AP will have detail status information about the specific AP such as System Status LAN Status Wireless Status Access Control Status and Associated Client Status Current status of the AP is including Configuring Online Offline Upgrading and Lost Unknown 1 Online The hyperlink of Online Enabled indicates that the AP is currently online and in service Online Disabled indicates that the AP is currently online but not ready in service 2 Offline The A
17. 34 LANPRO LP NC1 User s Manual DHCP Server Configuration There are three types of DHCP server methods Disable DHCP Server Enable DHCP Server and Enable DHCP Relay When enabled the system acts as DHCP Server issuing network configuration information to clients connecting to Controlled Port When DHCP Relay is checked system will relay DHCP information from external DHCP Server to downstream clients 1 Disable DHCP Server Disable DHCP Server function of LANPRO LP NC1 Disable DHCP Serer Enable DHCP Server Enable DHCP Relay DHCP Server Configuration 2 Enable DHCP Server When enabled the system acts as Choose Enable DHCP Sever function and set the appropriate configuration for the built in DHCP server of LANPRO LP NC1 The fields with red asterisks are required Please fill in these fields Disable DHCP Server Enable DHCP Server Start IP Address End IP Address 192 168 1 100 Preferred DNS Server DHCP Server Alternate DNS Server Configuration WINS Server IP Address oOo Lease Time Resened IP Address List Enable DHCP Relay DHCP Scope Enter the Start IP Address and the End IP Address Start IP Address means the fist IP address of the DHCP scope End IP Address means the last IP address of the DHCP scope These two settings define the IP address range that will be assigned to the clients of Controlled Port Preferred DNS Server This means the primary DNS server for the D
18. 5 4 Restart This function allows the administrator to safely restart LANPRO LP NC1 and the process should take about 100 seconds Click YES to restart LANPRO LP NC1 click NO to go back to the previous screen Please don t power off the system until this restart process has finished Please wait for countdown timer to finish before accessing the system management webpage again Do you want to Restart LP NC1 Caution The connection of all online users of the system will be disconnected when system is in the process of restarting IZ 4 6 Status LANPRO LP NC1 User s Manual This section includes System Status Interface Status Current Users Traffic History and Notification Configuration to provide system status information and online user status System ah User L Configuration Authentication een aa Interface Status Current Users Notification Configuration E System Status Interface Status Current Users Trattic History Notification Configuration Network _ Management Configuration Status Display current system setings Display WWAN 1 WAM 2 Controlled Uncontrolled configurations and Status Display online user information including Username IP MAC packet count byte count and idle time Administrator may also kick out any on line userfrom here Display detail usage information by day A minimum of 3 days of his
19. A Disabled Create 5 NIA Disabled Create 6 NIA Disabled Create 7 NIA Disabled Create 8 NIA Disabled Create g NA Disabled Create i 0 NIA Disabled Create ACUC UCO0ot lI 2 LANPRO LP NC I User s Manual After successfully logging into LANPRO LP NC1 enter the web management interface and see the welcome page There is a Logout button on the upper right corner to log out the system when finished LANPHO LP NC1 a i 7 ST tise F e F Network cont guration _ Authentication TAAA Configuration Welcome to System Administration This Administrative Web Interface allows you to set various networking parameters to customize network services to manage user accounts and to monitor user status Functions are separated into 6 main categories System Configuration User Authentication AP Management Network Configuration Utilities anil Status Then run the configuration wizard to complete the configuration Click System Configuration the System Configuration page will appear SLANPRO ie EA SS CE Network a Authentication _ We Management _ _ Configuration System Configuration 4 Configuration Wizard System Configuration System Information Configuration Wizard This wizard will guide you through basic system setup C WAIN Configuration Configure system and network related parameters system name administrator information SN
20. AOO EPO er ah seanenatal ata auetata sh oususemcausuaunsnunuenuaensauesesee 68 ER POLV Rech RE TU SN nee ee Rn EEE TE E E 69 AJA Additional C Oni OUT ANON sees cca ncsceks catenins seks cats esha ee Nh Des Dads Needed anni alata eaday eat ata 73 4 3 PIA ANG CMe sats sits cetcans etc oeatenetete nae soso E E 88 SN ARDD oh pa ace so sige a su sada dace sndane date aunatata S 89 42 AP DIELCOV STEE E E RRO OE Te ne Te Tee a ne eer ever 97 Aa Mama ECON UNE AN IN 5 tas a ee 99 AO MPN AV Cs OC ULI 1a on teas acne ds aeoeaassnsoansosas sans oan sosormsasonnsosonsadsdaneseddabadanese E E 100 ASD Firmware Manageme Ni see A A eae N 103 A Wie AAP OEE ET R 104 4 4 INGiW Ok CON OUa Oeean E E A EE 105 sA NetWork Address Tanki Osse actasasncsasaccoces sat aesieeneesi seth siieb ad 106 AAD Privile e List s2 c5e stot sie sleep sees etne tases et nat eases tent eia ease eee anaes 109 e NVM Mei Oley RE AS eet cet ee ec te rea ee rade Senora Aue 111 AA Walled Garden Listesscssesa a a a a Mm omnes 113 Ade PrO SEEVE PODET E Sea E A 114 AO Wa Vaainic L IN Saan eset reese eee 115 dk IP MODI sh esate cchccncchca se daachern EEEE tanta tates 116 MAS NEN COnIMGUPALION 2 2 a5s fe ait alec clad leet ala oad land alae odd land alael odes aed adel ales alent ale olen aed cla als suka aaa 117 4 5 B ih bic Peeebeeee epee ey Seen ere eee E OTS Per ee tr Per Ser Per eer fer a nee meen E 120 ASM Chine PassWord i sesh stn iin aah ats msiinestinaiet e
21. Authentication Configuration Notice Enabling two or more servers of the same authentication method is not allowed Policy There are 8 policies that can be chosen to apply to this particular server LANPRO LP NC1 User s Manual 4 2 1 1 Authentication Method Local User Setting Choose Local User in the Authentication Method field the button besides the drop down menu will become to Local User Setting Authentication Server Server 1 Server Name Server 1 Pits server name T a 2 T Server Status Black List Authentication Method Policy Click the button of Local User Setting for further configuration Local User Setting Edit Local User List Enabled Disabled RADIUS Roaming Out Local user database will be used as authentication database for roaming outusers Enabled Disabled 802 1 Authentication Local user database will be used as internal RADIUS database for 802 1 enabled LAN devices such as AP and switch e Edit Local User List To view add delete upload a list of users from a file and backup user accounts from this device Press Refresh button to refresh the information status of users list VPN connection for individual local user must be checked to enable for each user account Click the button of Edit User Setting to enter the Local User List page Users List Policy Username Password MAC VPN Termination Enabled Remark T YES Delete 42 LANPRO LP NC1 User
22. Black List System provides amp policies each policy can apply independent firewall profile specific route profile login schedule profile bandwidth policy and maximum concurrent session for User Users will be logged out automatically after being idle fora specified period of time Multiple login of the same user account could be enabled of disabled not available to On demand usersi System provides Friendly Logout options Login Page and Logout Page customization and login notification email to client When WAC Access Control is enabled system will only provide login page to those devices listed 40 LANPRO LP NC1 User s Manual 4 2 1 Authentication Configuration This function is used to configure the settings of authentication servers The system supports up to three internal or external user database plus On Demand User User database can be one of the followings RADIUS LDAP POP3 NT Domain Server or Local database The system supports 802 1x authentication for downstream clients Click the server name to set the related configurations for that particular authentication server Without typing the postfix is allowed to fasten the login process when clients log into the default authentication server Authentication Server Configuration Server Name Auth Method Postfix Policy Default Enabled Server LOCAL Postfix Policy 1 O d Server 2 LOCAL Postfix Policy 1 D Fj Server 3 LOCAL Postfix3 Policy 1 O On demand User ON
23. Bursin 5 days 04 59 39 access to this computer from the Internet Speed 100 0 Mbps Learn more about Internet Connection Firewall Internet Connection Sharing _ Allow other network users to connect through this Activity computer s Internet connection J Received gt L ck Packets 45 176 576 Sen maer i i it Learn more about Internet Connection Sharing wi nae a Cancel Suggestion Please TURN OFF Internet Connection Firewall feature or upgrade the Windows OS into Windows XP SP2 4 ICMP and Active Mode FTP On Windows XP SP2 without patching by KB889527 it will drop ICMP packets from IPSec tunnel This problem can be fixed by upgrading patch KB889527 Before enabling IPSec VPN function on client device please access the patch from Microsofts web at http support microsoft com default aspx scid kb en us 889527 This patch also fixes the problem of supporting active mode FTP inside IPSec VPN tunnel of Windows XP SP2 Suggestion Please UPDATE client s Windows XP SP2 with this patch 153 LANPRO LP NC1 User s Manual 5 The Termination of ActiveX The ActiveX component for IPSec VPN is running paralleled with the web page of Login Success Unless user decides to close the session and to disconnect with LANPRO LP NC1 the following conditions or behaviors of using browser shall be avoided in order to maintain the built IPSec VPN tunnel always alive Hi jim hsiao You have successf
24. Click Submit Required Card Code If the Card Code is set up as a required field please log in Authorize Net Click Settings and Profile Go to the Security section click Card Code Verification gt Check the Does NOT Match N box Click Submit Required Address Fields After setting up the required address fields on the Credit Card Payment Page Fields Configuration section of LANPRO LP NC1 the same requirements must be set on Authorize Net To do so please log in Authorize Net Click Settings and Profile gt Go to the Security section gt click Address Verification System AVS gt Check the boxes accordingly gt Click Submit 142 LANPRO LP NC1 User s Manual 1 4 Test The Credit Card Payment via Authorize Net To test the connection between LANPRO LP NC1 and Authorize Net please log in LANPRO LP NC1 User Authentication gt Authentication Configuration Click the server On demand User On demand User Server Configuration Credit Card Credit Card Configuration Go to Credit Card Payment Page Configuration section gt Enable the Test Mode gt Click Try Test and follow the instructions 2 Basic Maintenance In order to maintain the operation merchant owners will have to manage the accounts and transactions via Authorize Net as well as LANPRO LP NC1 2 1 Void A Transaction and Remove the On demand Account Generate on LANPRO LP NC1
25. Control Status The table shows the status of MAC of clients under the control of the AP Access Control Status Disabled Access Conmril Status Enabled Loi ol List 10 00 00 00 00 04 OO 00 00 00 00 02 HO 00 00 bn On o3 OO D0 On Do On h4 OO 00 00 00 00 05 Utoro mou 00 00 000000 04 00 00 00 00 00 14 00 00 00 00 00 7124 NO 00 00 00 00 715 NO 00 00 00 0077 VO 00 00 00 0019 0000 00 00 00 06 OO OOd 00 00 Os 0000 00 00 00 U OO 00 00 00 001 2 OG 00 00 00 00 1 4 00 00 00 00 00 1 6 00 00 00 00 00 18 00 40 96 A1 AF dd Associated Client Status The table shows the clients connecting to the AP and the related information of the client including Client List Number MAC Mode Rate RSSI and Power Saving Client List No MAC User TM Packet RX Packet Rate Power Expiration ID is is Saving countdown 1 000z Bafaaaat NA 2 Bi 11 Mo 300 96 4 3 2 AP Discovery LANPRO LP NC1 User s Manual With the newly connected APs administrators are able to discover them by clicking Scan Now button with the following information AP Type Interface Admin Settings Used to Discover IP Addresses of APs after Discovery AP Discovery A200 Controlled at Factory Default IF Address 192 168 2 1 Login ID admin Password 1234 tlanual Start IF Address 192 168 1 1 Scan Now Background AP Discovery Status Disabled Configure Discovered AP List IP Address AP Name AP Type Template Channel
26. LANPRO LP NC1 User s Manual Reserved IP Address List Uncontrolled tem Reserved IP Address MAC Description a E oe OOOO l a LT LP LO Enable DHCP Relay The DHCP Server IP address must be entered when this function is enabled For more details about DHCP Relay please see Appendix G DHCP Relay Disable DHCP Server DHCP Server Enable DHCP Server Soniequraion Enable DHCP Relay 39 4 2 User Authentication LANPRO LP NC1 User s Manual This section includes the following functions Authentication Configuration Black List Configuration Policy Configuration and Additional Configuration This section relates to user authentication authorization and accounting Oo system a EL a m boo ooo uthentication Configuration ji Black List Configuration i SSO Authentication Policy Configuration y Configuration Additional Configuration A Black List Configuration Policy Configuration Configuration User Authentication Additional User Authentication System provides 3 authentication servers Each server allows only one type of authentication method and one Black List Profile An authentication policy may be assigned to any policy System supports the following external authentication servers POPS S RADIUS LOAP and NWT Domain system suppots 5 Black List profiles for used within the authentication server On demand users are NWOT bounded by the
27. Password a Backup Restore Settings y Firmware Upgrade Restart a_i Change Password Backup Restore Settings Firmware Upgrade Restart Network Configuration Utilities Change the administration password Backup and restore system setings Administrator may also reset system settings to factory default Update LP ME1 tirtriware Restart the system 120 LANPRO LP NC1 User s Manual 4 5 1 Change Password The system provides three different types of management accounts each assigned with different access privileges You can log in as admin manager or operator The default usernames and passwords are as follow Change Admin Password Verify Password X Clear Change Manager Password a Change Operator Password a Administrator The administrator can access all web management interfaces User Name admin Password admin o ib User Name admin Manager The manager account may modify all user authentication options including user group management User Name manager Password manager bs User Name manager EH mI Operator The operator account may only create On demand User Account from the administrative webpage 121 LANPRO LP NC1 User s Manual When login with Operator account user will Be direct to On demand User Account page immediately with no access to other management webpage This account is intended for store clerk when the
28. Report All Accounts sold in total 3 Plan1 3 Plan2 0 Plan3 0 Plan4 0 Plan5 0 Plan6 0 Plan 0 Plang 0 Plan9 0 Plan10 0 Total income 60 Income from tickets sold for time users 60 Income from tickets sold for volume users 0 gt Search Select a time period to get a periodical report The report tells the total expenses and individual accounting of each plan for all plans available for that period of time 59 LANPRO LP NC1 User s Manual From Year Month Day Report from 2006 01 01 2007 04 15 Accounts sold in total 2 Plan1 2 Plan2 0 Plan3 D Plan4 0 Plan5 0 Plan6 0 Plan7 0 Plang 0 Plan9 0 Plan10 0 Total income 40 Income from tickets sold for time users 40 Income from tickets sold for volume users 0 60 4 2 1 6 5 LANPRO LP NC1 User s Manual Credit Card Click this to enter the Credit Card Configuration page This section is about how independent HotSpot owners can enable the credit card payment function making the HotSpot an e commerce environment for end users to pay for and get Internet access using their credit cards Before the Credit Card and related functions can be managed appropriately LANPRO LP NC1 requires the merchant owners to have a valid Authorize Net www authorize net account since Authorize Net is the on line payment gateway that LANPRO LP NC1 supports now Please see Appendix B The Configuration on Authorize Net to setup an Aurthourize Net account and other nece
29. Therefore some proxy configurations in the Gateway need to be set Caution Some enterprises will automatically redirect packets to proxy server by using core switch or Layer 7 devices By the way the clients don t need to enable their browsers proxy settings and administrators don t need to set any proxy configuration in the Gateway Please follow the steps to complete the proxy configuration E Gateway setting 1 Login Gateway by using admin 2 Click the Network Configuration from top menu and the homepage of the Network Configuration will appear 159 3 4 EEE ET Ll ll ae Network Configuration fiwon Address Translation Privilege List Monitor IP List Walled Garden List Proxy Server Properties i Dynamic DNS i IP Mobility l VPI Configuration l Dynamic DNS IP Mobility VPN Configuration Network Address Translation Privilege List Monitor IP List Walled Garden List Proxy Server Properties Network Configuration LP NC1 provides 3 types of network address translation DMZ Demilitarized Zone Public Accessible Server and IP Port Redirect System provides Privilege IP Address List and Privilege MAC Address List System will NOT authenticate thase listed devices System can monitor up to 40 network devices online status with an option to add thern as public access servers via HTTP or HTTPS Even under NAT mode after added the devices a
30. This is the customer s email address and should contain an symbol Customer ID This is an internal identifier for a customer that may be associated with the billing information of a transaction This field may contain any format of information First Name The first name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter John in the First Name field indicating this customer s name Last Name The last name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter Doe in the Last Name field indicating this customer s name Company The name of the company associated with the billing or shipping information entered on a given transaction Address The address entered either in the billing or shipping information of a given transaction City The city is associated with either the billing address or shipping address of a transaction State A state is associated with both the billing and shipping address of a transaction This may be entered as either a two character abbreviation or the full text name of the state Zip The ZIP code represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits Country The country is associated with both the billing and shipping address of a t
31. User s Manual 3 Logout Page The administrator can apply customized logout page here The process is similar to that of Login Page Upload Logout Page Use Default Page Existing Image Files Total Capacity 512 E Now Used 0 K Upload Image Files Upload Images Previews The different part is the HTML code of the user defined logout interface must include the following HTML code that the user can enter the username and password After the upload is completed the user defined login user interface can be previewed by clicking Preview at the bottom of this page If want to restore the factory default setting of the logout interface click the Use Default Page button lt form acton usenlogout shtn methot post name E nter gt Input type text name nwusemame Input ty pe passwonrd name niypasswor gt Input type submit na mes submit value Logout Inputtype reset name clear value Clear lt form 4 Login Success Page The administrator can use the default login success page or get the customized login success page by setting the template page uploading the page or using the external website After finishing the setting you can click Preview to see the login success page a Choose Default Page to use the default login success page Login Success Page Selection for Users Default Page Template Page Uploaded Page External Page Default Page Setting Th
32. _Manage add ons E AML DOM Document Microsoft Corporation Enabled ActweX Control mean ML HTTP 3 0 Microsoft Comoration Enabled Activex Control mami ee aaae Setng Delete Actes Ck Cancel Click an add on name above and Chek the name of an and then cick Enable or Disable Actives control above and then chick Delete From Windows Internet Explorer click Manage add ons button inside Programs page under Tools to show the add ons programs list You can see VPNClient ipsec was enabled During the first time login to LANPRO LP NC1 Internet Explorer will ask user to download the ActiveX component of IPSec VPN This ActiveX component once downloaded will be running paralleled with the Login Success Page after the page being brought up successfully The ActiveX component helps to setup the IPSec VPN tunnel between client s device and the LANPRO LP NC1 controller and to check the validity of the IPSec VPN tunnel between them If the connection is down the ActiveX component will detect the broken link and decompose the IPSec tunnel Once the IPSec VPN tunnel was built any packet sent will be encrypted Without connecting to the original IPSec VPN tunnel user or client device has no alternative to gain network connection beyond this The design of LANPRO LP NC1 s IPSec VPN feature directly solves possible data security leak problem between client and the controller via either wireless or wi
33. access control Select 802 1x or WPA PSK security type and enter the related information below WPA2 only can use AES encryption type SecurityType WPa WEAPSK gt Security lt WER Pon PassphraseiPsk AES Passphrase Security Type WPA e 0z Radius Server Security IP BUES Port IBE Secret WPA Mixed If using TKIP and AES encryption type at the same time is desired choose this security type Select 802 1x or WPA PSK security type and enter the related information below Secuinty Type WPAZ hil ied WPA PSK Security _ O HU WPA PSK Fassphrase PSK Passphrase 93 LANPRO LP NC1 User s Manual Security Type WPA hiked 802 1 Radius Serer Security IP al Port 18132 Secret gt Access Control In this function when the status is Enabled only these clients which MAC addresses are listed in the list can be allowed to connect LANPRO LP NC1 When Disabled is selected all clients can connect LANPRO LP NC1 The default is Disabled Access Control Status Enabled 3 00 00 00 00 00 00 4 00 00 00 00 00 00 5 pa 00 00 00 00 00 00 00 00 00 00 00 i 00 00 00 00 00 00 A TEANTA TTAN TANNE G 00 00 0 Q 00 00 00 10 00 00 00 00 00 00 1 DOOD OD 0000 00 2 000000 000000 13 00 0000 00 0000 14 00 00 00 00 00 00 E 00 00 00 00 00 00 16 00 00 00 00 00 00 V7 00 00 00 00 00 00 18 00 00 00 00 00 00 14 IO Oooo Ooo Oo Ii Ono oo on Do p Status After clicking the
34. are required Please fill in these fields Disable DHCP Server Enable DHCP Server Start IP Address 192 168 2 1 gt End IP Address 192 168 272 100 Preferred DNS Server 197 168 2754 DHCP Server Alternate DNS Server S Configuration Domain Mame domain WINS Server IFP Address Lease Time 1 Day v Reserved IP Address List Enable DHCP Relay DHCP Scope Enter the Start IP Address and the End IP Address Start IP Address means the fist IP address of the DHCP scope End IP Address means the last IP address of the DHCP scope These two settings define the IP address range that will be assigned to the clients of Uncontrolled Port Preferred DNS Server This means the primary DNS server for the DHCP of Uncontrolled Port Alternate DNS Server This means the substitute DNS server for the DHCP of Uncontrolled Port Domain Name This means the domain name of Uncontrolled Port WINS Server IP This means the IP address of the WINS server if used Lease Time This means the time period that IP addresses got from the DHCP server are valid and available Reserved IP Address List For the detail setting of Reserved IP Address List please click the hyperlink of Reserved IP Address After clicking the Reserved IP Address List as shown in the following figure will appear Enter the related Reserved IP Address MAC and Description not compulsory When finished click Apply to complete the setting 38
35. before W1 25 Disable ka C 302 1 Authentication Authentication Type e SSID The SSID is the unique name shared among all devices in a wireless network The SSID must be the same for all devices in the wireless network It is case sensitive and has a maximum length of 32 bytes e SSID Broadcast Select this option to enable the SSID to broadcast in your network When configuring the network it is suggested to enable this function but disable it when the configuration is complete With this enabled someone could easily obtain the SSID information with the site survey software and get unauthorized access to a private network With this disabled network security is enhanced and can prevent the SSID from being seen on networked e Channel Select the appropriate channel from the list to correspond with the network settings for example 1 to 11 channels are suitable for the North America area e Transmission Mode There are 3 modes to select 802 11b 2 4G 1 11Mbps 802 11g 2 4G 54Mbps 91 LANPRO LP NC1 User s Manual and Mix mode b and g Transmission Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of the wireless network Select from a range of transmission speed or keep the default setting Auto to make the Access Point automatically use the fastest rate possible CTS Protection The default value is Disable When select En
36. box Click Search If transaction records can be found the number of accounts sold is the number of search results gt Or click Download To File to download records and then use MS Excel to generate more detailed reports 3 3 Search for The Transaction Details for A Specific Customer Please log in Authorize Net Click Search and Download gt Enter the information for a specific customer as criteria gt Click Search Click the Trans ID number to view the transaction details For more information about Authorize Net please see www authorize net 144 LANPRO LP NC1 User s Manual Appendix C Network Configuration on PC After LANPRO LP NC1 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup e Internet Connection Setup If the Internet Connection of this client PC has been configured as use local area network already you can skip this setup Windows XP 1 Choose Start gt Control Panel gt Internet Option fiaiaiaus File Edit View Favorites Tools Help E jac ap pe Search Ke Folders Ez Address ae Control Panel ve Control Panel a Accessibility Add Hardware 3 Switch to Category view Options See Also A Display Folder Options Windows Update Help and Support Keyboard Network Phone and Power Options Connections Modem Ss Printers and Regionaland Scannersand Scheduled Sounds and Faxes Lan
37. desired server to enable These settings will become effective immediately after clicking the Apply button Public Accessible Server tem External Service Port Local Server IP Address Local Server Pot Type Enable fa oo 7 7 0 e a D a a E a E 4 E s 9 I C O ee 4 Ge 7 2 2 ey em am 228 a 4 Do oe eo o _7 Oo 7 er a Total 40 First Prev Mest Last Port and IP Redirect In this function the administrator can set up to 40 sets of the IP address ports for redirection purpose When users attempt to connect to the port of a Destination IP Address listed here the connection packet will be converted and redirected to the port of the Translated to Destination IP Address Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination According to the different services provided choose TCP or UDP protocol These settings will become effective immediately after clicking Apply 107 tem Destinatio IP Address Port and IP Redirect Port JU UU ULL Total 40 First Translated to Destination IP Address a Prey Next Last Port JU UU UU ELL Type TCP UDF TCP UDF Ter UDF TCP UDF TCP UDF TCP UDF TCP UDF TCP UDF TCP UDF TCP UDF LANPRO LP NCI User s Manual 108 LANPRO LP NC1 User s Manual 4 4
38. f K m eS es ee o LANPRO LP NC1 User s Manual 63 LANPRO LP NC1 User s Manual gt Credit Card Payment Page Fields Configuration These are features from which administrator can choose to appear for customers to fill in credit card information page when customers want to purchase on demand accounts Administrator can also make certain fields mandatory to be filled in Display Check the box to show this item on the customer s payment interface Item Enter what needs to be shown for this field Required Check the box to indicate this item as a required field Credit Card Number Credit card number of the customer The Payment Gateway will only accept card numbers that correspond to the listed card types Credit Card Expiration Date Month and year expiration date of the credit card This should be entered in the format of MMYY For example an expiration date of July 2005 should be entered as 0705 Card Type This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results returned by the processor Card Code The three or four digit code assigned to a customer s credit card number found either on the front of the card at the end of the credit card number or on the back of the card Email An email address may be provided along with the billing information of a transaction
39. gt Individual Request Bandwidth Define the guaranteed minimum bandwidth for individual user the minimum bandwidth can not exceed the setting value of Total Bandwidth and Individual Maximum Bandwidth gt Maximum Concurrent Session for User Concurrent sessions for each user it can be restricted by administrator e Firewall Profile Click the button of Setting for Firewall Profile the Firewall Profile page will appear Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active to enable that rule Attention Filter Rule Item 1 is the highest priority Filter Rule Item 2 is the second priority and so on 69 gt gt gt LANPRO LP NC1 User s Manual Policy 1 Firewall Profile Source eee i Traffic Fiter Rule tem Actve Action Name DE Protocol MAC A ec Destination Traffic AMY L Fi Block ALL AMY AMY Fi Block ALL AMY AMY a Block ALL AMY Policy 1 Edit Filter Rule Rule tem 1 Rule Name C Enable this Rule Action Protocol Source MAC Address ay For Specific MAC Address Filter Interface Pset IP Subnet Mask Traffic Source Ol 552552585255 032 v Destination ALL y o _sCd 285 258 255 286 032 Y Rule Item This is the rule selected Rule Name The rule name can be changed here The rule name can be set to easily identify for example from file server HTTP request or to
40. make the user authentication operation abnormal When users open the browser the login page wont appear because the proxy server is down Please make sure your proxy server Is always available 161 Client setting LANPRO LP NC1 User s Manual It is necessary for clients to add default gateway IP address into proxy exception information so the user login successful page can show up normally 1 Use command ipconfig to get Default Gateway IP Address ce CONWINDO RSen iem exe Aicrosoft Windows AP c s Copuriqht 1985 2601 Aicrosaoft Corp 1 Lhaciment t and Bett Lire Ss W Lua chess P Laii LiPPA E ion i Fim ir ala pil F i Lonec t ian jii i iF ii IP Ahija bubne t Magh hee j Ault PET F piaty Et hernet adapter Media St duke hiing i TELT iy nha COn ee ee 755 9755 255 0 LY 168 1 254 edis dise pnei ted 1 1 1 1 into proxy exception information E For le Proxy settings Type Proxy address to use HTTP Secure ETP Socks Use the same proxy server For all protocols Exceptions y Do not use proxy server For addresses beginning with ks E MBER 241111 Cancel Open browser to add default gateway IP address e g 192 168 1 254 and logout page IP address 162 LANPRO LP NCI User s Manual For Firefox Connechon Sethngs Configure Proxies to Access the Intemet C Direct connection to the Intemet
41. tell user that he she cannot log in We may collect and store the following personal information email address PAyYS1cel COntace information leredit card numbers and transactional Lois information based Of fOUE activities on the Internet service provided by us IT the information you provide cannot be Microsall lntinnwi Earp lores CJ agree D disagree 78 LANPRO LP NC1 User s Manual d Choose the External Page selection and get the login page from the specific website Enter the website address in the External Page Setting field and then click Apply Login Page Selection for Users Detault Page Template Fage Uploaded Page External Page External Page Setting External URL http After applying the setting the new login page can be previewed by clicking Preview button at the bottom User Login Page of this page Welcome To User Login Page Please Enter Your User Name and Password To Sign In i amp User Name Password an tas Cx Please note that lt form action userlogin shtml method post name Enter lt input type text name myusername lt input type password name mypassword lt input type submit name submit value E nter lt input type reset names clear values Clear gt lt form gt The above is needed in your HTML code to make sure the page works correctly 79 LANPRO LP NC1
42. the actual network service free of charge This function provides some free surfing areas that users can access before login and authenticated Users without the network access right can still have a chance to experience the actual network service free of charge Please enter the IP Address or Domain Name of the website in the list and these settings will become effective immediately after clicking Apply Walled Garden List tem Address tem Address Caution To use the domain name the LANPRO LP NC1 has to connect to DNS server first or this function will not work 113 LANPRO LP NC1 User s Manual 4 4 5 Proxy Server Properties System supports Internal Proxy Server and External Proxy Server functions System has a built in proxy server If this function is enabled the end users will be forced to treat this system as the proxy server regardless of the end users original proxy settings The system will match the External Proxy Server list to the end users proxy setting If there is no matched setting then the end users will not be able to reach the login page and thus unable to access the network If there is a matched setting then the end users will be directed to the system first for authentication External Proxy Server SS i i i i i i i i 10 Internal Proxy Server Built in Proxy Server OQ Enabled Disabled e External Proxy Server Under the LANPRO LP NC1 sec
43. the company s intranet The whole managed network includes the users in LAN and WLAN Internet POP3 S Network 1 RADIUS aa hal INT Domain Router Switch Managed Managed Access Points gt Acoass Point fa P DESE 2 3 Specification 2 3 1 Hardware Specification General Form Factor Mini desktop Dimensions W x D x H 243 mm x 150 mm x 45 5 mm Weight 1 4 Kg Operating Temperature 0 45 C Storage Temperature 0 65 C Power 110 220 VAC 50 60 Hz Ethernet Interfaces 10 x Fast Ethernet 10 100 Mbps Connectors amp Display WAN Ports 2 x 1OBASE T 100BASE TX RuJ 45 LAN Ports 8 x 10BASE T 100BASE TX RuJ 45 Console Port 1 x Ru 11 LED Indicators 1 x Power 1 x Status 2 x WAN 8 x LAN 2 3 2 Technical Specification Networking Supports Router NAT mode Supports Static IP DHCP PPPoE on WAN interface Configurable LAN ports authentication Supports IP Plug and Play IP PnP Built in DHCP server and supports DHCP relay Supports NAT 1 IP Port Destination Redirection 2 DMZ Server Mapping 3 Virtual Server Mapping Supports static route Supports Walled Garden free surfing zone Supports MAC Address Pass Through Supports HTTP Proxy LANPRO LP NC1 User s Manual LANPRO LP NC1 User s Manual Security Supports data encryption WEP 64 128 bit WPA WPA2 Supports authentication WPA PSK WPA2 PSK IEEE 802 1x EAP MD5 EAP TLS CHAP PEAP Supports VPN Pass through IPSe
44. the file Existing Image Files 1102474548 _732en gif C 84 LANPRO LP NC1 User s Manual d Choose the External Page selection and you can get the login success page for On Demand from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new login success page for On Demand can be previewed by clicking Preview button at the bottom of this page Login Success Page Selection for on demand Users Default Page Template Page Uploaded Page External Page External Page Setting Logout Success Page The administrator can use the default logout success page or get the customized logout success page by setting the template page uploading the page or using the external website After finishing the setting you can click Preview to see the logout success page a Choose Default Page to use the default logout success page Logout Success Page Selection for Users Default Page Template Page Uploaded Page External Fage Default Page Setting This ts default logout success page for users You could click preview link to preview the default logout success page Thanks Preview b Choose Template Page to make a customized logout success page here Click Select to pick up a color and then fill in all of the blanks You can click Preview to see the result first Logout Success Page Selection for Users Default Page Templat
45. trigger level for Volume is 1Mbyte and the level for Time is 5 minutes volume Enable Disable Mbyte Range 1 10 Default 13 Time Enable Disable minutes Range 1 30 Default 5 Credit Reminder 73 LANPRO LP NC1 User s Manual POP3 Message If a user tries to retrieve mail from POP3 mail server before login the users will receive a welcome mail from LANPRO LP NC1 The administrator can edit the content of this welcome mail Edit Mail Message IDOCTYPE HTML PUBLIC Aa COTE HTML 4 0 Transitionalven gt HTML HEAD META HTTP EQUIVS C ontent Type COMNTENT texthtml charsetus ascil HEAD Text lt FONT face Times Mew Roman size 6 STRONG Welcomels STRONG FOMT sD Dify lt FONT size 4 lt STRONGs STRONG FONMT Enhance User Authentication With this function enabled only the users with their MAC addresses in this list can log into LANPRO LP NC1 There will only be 40 users allowed in this MAC address list User authentication is still required for these users Please click the Permit MAC Address List to fill in these MAC addresses select Enable and then click Apply MAC Address Control Enabled Disabled tem MAC Address tem MAC Address Caution The format of the MAC address iS XX XX XX XX XX XX OI XX XX XX XX XX XX e Upload File The system allows great customization on end user interface Administrators may upload device certificate cust
46. 0 2007 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1626 DIP 203 125 164 132 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1627 DIP 203 125 164 132 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1628 DIP 203 125 164 142 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1629 DIP 203 125 164 142 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1630 DIP 67 18 163 154 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1631 DIP 202 43 195 52 DPort 80 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1632 DIP 203 84 196 242 DPort 80 P N V20020070921 167
47. 2 Privilege List LANPRO LP NC1 provides two privilege lists Privilege IP Address List and Privilege MAC Address List In the Privilege List function the administrator can add desired IP addresses and MAC addresses in these lists The IP addresses and MAC addresses in these lists are allowed to access the network without authentication Privilege List Privilege IF Address List Privilege MAC Address List e Privilege IP Address List The IP address listed here can access internet directly without going through the login page If there are some clients belonging to the managed server that need to access the network without authentication enter the IP addresses of these clients in this list The Remark is optional but useful to keep track LANPRO LP NC1 provides up to 100 privilege IP addresses These settings will become effective immediately after clicking Apply Privilege IP Address List tem Privilege IP Address Remark Warning Permitting specific IP addresses to have network access rights without going through standard authentication process at the controlled port may cause security problems 109 LANPRO LP NC1 User s Manual e Privilege MAC Address List The MAC address listed here can access internet directly without going through the login page In addition to the IP addresses you can also set the clients MAC addresses in this list so authentication is not required when they use the network LANPRO LP NC1 allows 100 p
48. 300 Casper 213 OD_User_Login N7E9 192 168 30 189 00 0c F1 28 BF Da 0 0 0 2005 02 17 16 45 22 0800 QA W1300 Casper 213 OD_User_ Logout N7E9 192 166 30 189 00 00 F1 28 BF D8 32 14499 30 Remote Management IP The IP address or subnet of remote management PC Only PC with this IP range may access system s web management interface Set the IP addresses or IP ranges which have permission to access the web management interface via WAN and or controlled port For example 10 2 3 0 24 means that as long as you are within the IP address range of 10 2 3 0 24 you can reach the administration page of LANPRO LP NC1 If the IP range bit number is omitted 32 is used to specify a single IP address SNMP Configure IP address and community ID of external SNMP management device If the function is enabled it is able to assign the Manager IP address and the SNMP community name used to access the management information base MIB of the system User Logon SSL Enable Secured Socket Layer SSL Web Login HTTPS or disable it HTTP Enable this function to activate https encryption or disable this function to activate http non encryption user login page Time Configure system time manually or use up to 5 external NT P Network Time Protocol serves for time synchronization Please specify the time zone and IP address of at least one NTP server in the system configuration interface for adjusting the system time automatically Universal Time is Greenwich Mean Time
49. DEMAND ondemand Policy 1 e There are 5 kinds of authentication methods that LANPRO LP NC1 supports Local User POP3 RADIUS LDAP and NTDomain Click the server name to enter the Authentication Server page Authentication Server Server 1 Server Name server 1 helt server name Server Status Disabled Posttix Posts berts postfix name Black List Mone wt Authentication Method Local w Local User Setting Policy Policy 1 Server Name Set a name for the server using numbers 0 9 alphabets a z or A Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Sever Status The status shows that the server is enabled or disabled Postfix Set a postfix that is easy to identify e g Local for the server by using numbers 0 9 alphabets a z or A Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Note The Policy Name cannot contain these words MAC and IP Black List There are 5 sets of black lists Select one of them or choose None Please refer to 4 2 2 Black List Configuration for more information Authentication Method There are 5 authentication methods that LANPRO LP NC1 supports Local POP3 Radius LDAP and NTDomain Select the desired authentication method and then click the link next to the drop down menu for more advanced configuration For more details please refer to 4 2 1 1 5
50. Enable disable stands for status of the DHCP server on the controlled port WINS IP Address The WINS server IP N A means that it is not configured Controlled DHCP Server Start IP Address The start IP address of the DHCP IP range End IP address The end IP address of the DHCP IP range Lease Time Minutes of the lease time of the IP address Mode fe NAT or Router mode of the uncontrolled port MAC Address The MAC address of the uncontrolled port Uncontrolled IP Address The IP address of the uncontrolled port Subnet Mask The Subnet Mask of the uncontrolled port Enable disable stands for status of the DHCP server on the uncontrolled port Uncontrolled WINS IP Address The WINS server IP N A means that it is not configured DHCP Server Start IP Address The start IP address of the DHCP IP range End IP address The end IP Address of the DHCP IP range LeaseTime Minutes of the lease time of the IP address 130 LANPRO LP NC1 User s Manual 4 6 3 Current Users A list of all online users currently login on the system including Username IP MAC Pkts In Bytes In Pkts Out Bytes Out Idle Location and Kick Out can be obtained Administrator may terminate any user session by pressing Logout button next to individual user account Administrator can use this function to force a specific online user to log out Just click the hyperlink of Kick Out next to the online user s name to logout that particular user Click Refresh to
51. HCP of Controlled Port Alternate DNS Server This means the substitute DNS server for the DHCP of Controlled Port Domain Name This means the domain name of Controlled Port WINS Server IP This means the IP address of the WINS server if used Lease Time This means the time period that IP addresses got from the DHCP server are valid and available Reserved IP Address List Reserves up to 40 IP addresses from predefined DHCP Scope and prevents systems from issuing these IP address to downstream users For the detail setting of Reserved IP Address List please click the hyperlink of Reserved IP Address After clicking the Reserved IP Address List as shown in the following figure will appear Enter the related Reserved IP Address MAC and Description not compulsory When finished click Apply to complete the setting 35 tem Reserved IP Address List Controlled Reserved IP Address a MAC eel Description ee LANPRO LP NC1 User s Manual Enable DHCP Relay The DHCP Server IP address must be entered when this function is enabled For more details about DHCP Relay please see Appendix G DHCP Relay DHCP Server Configuration Disable DHCP Server Enable DHCP Server Enable DHCP Relay DHCP Server IP 36 LANPRO LP NC1 User s Manual 4 1 7 Uncontrolled Configuration The clients of Uncontrolled Port can access the network without authentication first I
52. LANPRO LP NC1 User s Manual Version 1 00 Chapter 1 1 1 1 2 Chapter 2 pi 2 2 23 Chapter 3 3 1 3 2 Chapter 4 4 1 4 2 Table of Contents PEF YOU SAN U sxtestenstenstanstes a eat eaten NSR jPaiell clopureeere seneerrenre teeter errr e ere ate re eters tere eter etr tere eteterer eter erent rere ere et nm me Document Convenio sasaaa name Rens mnes eine Rees ines eis Sees ines tain Veer enes ween oun enes een SYSLEDE OVESEN oe ee ee eee ee ee ee ee Introduction of LANPRO EPANC Vscccec oad cco cas crac E E os dats oe asda oad SYE O b eRe ere eee ee REST EET E PEE TOP RIES SERTSESETTSSETOPSTE STINT SORTETeRE TELS EE TE Ie TE SEETS SE Te ISET SPec Mica ON oso 555 525 5 5 h5t ocbsts Giant NEE Diels Hardware spect cat Oenes clone lec A EEE EE 2X2 Jechiel Speci RCA esse S a a Base 62110 Ee aE S rere ere Hardware Instala none r R RPO L OOOO OY Sled Oren Regue meni aa E bea ico l ia elie lik ieaktcs het obih tes beet bbe ls Silt Packie Cone 33 0 4 ii Nice hen oa dee deed dea ae ee eels kS Panel PUMcC HOM DescripliOms soea aah eso ss SAA Tnstallavon Steps s si s 23000 0003 cht eieieie abe aationtieitcitientieitiaiticitieieisitieitienaceas NOU Ware C ONT CULAIO Iie ieee sa ciecinacise tatu E ETE NRR a OCE Gio iW kU Vince s Reems reer eee ee ee er ere need ern ene rent eee error 322 Wser Loom Portal Pave ocararacakakacakecacecekacacanecesacs Web Interface Configuration ananin an a a Sea CON Ur O a
53. Logout Remaining Usage Day Hour Min on a a T 5 T 3 S f l z Le Login Time Redeem Preview 83 LANPRO LP NC1 User s Manual c Choose Uploaded Page and you can get the Login Success Page Section for On Demand Users Click the Browse button to select the file for the login success page for On Demand Then click Submit to complete the upload process Login Success Page Selection for on demand Users Default Page O Template Page Uploaded Page External Page Upload Login Success Page for on demand Existing Image Files Total Capacity 512 K Now Used U E Upload Image Files Upload Images aaa Preview After the upload process is completed the new login success page for On Demand can be previewed by clicking Preview button at the bottom lf the user defined login success page for On Demand includes an image file the image file path in the HTML code must be the image file you will upload lt img src images xx jpg Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K Total Capacity 512 K Now Used 0K Upload Image Files Upload linages Broise Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete
54. Logout Success Page voume Enable Disable Whyte Range 1 10 Default 13 Tire Enable Disable minutes Range 1 30 Default 5 Edit Mail Message Email message sent to the users if they don t log in via bromser first Credit Reminder POPS Message Enhance User Permit MAC Address List Control listto manage which client devices are allowed Authentication to access the login page e User Control Functions under this section applies for all general users Idle Timer Define user s idle time out value If a user has been idled with no network activities the system will automatically kick out the user The logout timer can be set in the range of 1 1440 minutes and the default logout time is 10 minutes Multiple Login Enable or disable multiple logins on a single user account This function is not valid for On demand Account and RADIUS Account Logout upon closing the Login Success window When enabled there will be a new popup window to confirm if users are sure to logout the system when users try to close the login Success page in case users close it by accident e Roaming Out Timer Session Timeout Maximum session timeout Idle Timeout Maximum idle timeout Interim Update Constant records update time interval Credit Reminder The administrator can enable this function to remind the on demand users before their credit run out There are two kinds of reminder Volume and Time The default reminding
55. MP and time zone Wali a Failover J Clients will be directed to URL entered in the Home Page field after successful login RRS System information Administrator may limit remote administration access ig a speg IF address or network segments When enabled only devices with such Peere IP address or from this network segment may enter system s C i hate a ae administration web interface remotely Network Time Protocol NTP Server setting allows the system to synchronize its time date with external time server Uncontrolled Configuration 12 LANPRO LP NC1 User s Manual 4 Then click on Configuration Wizard and click the Run Wizard to start the wizard y gt User gt h AP on Metiwark i Authentication Management Configuration Configuration Wizard System Information j LP NG1 is a Network Access Controller with access control features ideal for hotspot small and medium business networking The wizard will guide you through the process of creating a d WAIH Configuration 1 baseline strategy Please follow the wizard step by step to configure LP NC1 WAND amp Failover LAN Port Roles Controlled Configuration _ Q Uncontrolled Configuration 5 Configuration Wizard A welcome page that briefly introduces the 6 steps will appear Click Next to begin Configuration Wizard Welcome to the Setup Wizard The wizard will guide you through these 6 quick steps Begin by clickin
56. Manual 4 2 1 2 Authentication Method POP3 This system may authenticate users using their POP3 email accounts You may configure both primary and secondary POPS server for fault tolerance Choose POP3 in the Authentication Method field the button next to the drop down menu will become POP3 Setting Authentication Server Server 1 Server Name sewer bts sewer name Server Status Disabled Postfix Postit Its postfix name Black List Authentication Method Policy Enable VPN Termination Enable VPN Termination Check to enable the VPN tunneling between client s device and the controller automatically to secure the transmissions for user under Windows XP SP1 SP2 and Windows 2000 Once the box is checked it will be activated and applied to all users been authenticated by the selected authentication server When POP3 RADIUS LDAP or NTDomain is selected from the drop down menu the function of Enable VPN Termination will show up Check Enable VPN Termination to enable this function Click the hyperlink of POP3 Setting for further configuration Enter the related information of the primary server and or the secondary server the secondary server is not required The blanks with red asterisks are necessary information These settings will become effective immediately after clicking the Apply button Primary POP3 Server IP Address mail lanprolp nel cam Demain NameviP Port 110 PrDefault 110 SSL Setting Enable SSL Conn
57. Manual Chapter 4 Web Interface Configuration This chapter will guide you through further detailed settings The following table is the UI and functions of LANPRO LP NC1 The administration system allows you to set various networking parameters enable and customize network services manage user accounts and monitor user status Administration functions are separated into 6 categories System Configuration User Authentication AP Management Network Configuration Utilities and Status System User AP Network OPTION Configuration Authentication Management Configuration Network Configuration Authentication Change AP List Address System Status Wizard Configuration Password Translation System Black List Backup Restore AP Discovery Privilege List Interface Status Information Configuration Settings WAN1 Policy Manual Firmware Monitor IP List Current Users Configuration Configuration Configuration Upgrade WAN2 amp Additional Template Walled Garden Restart Traffic History FUNCTION Failover Configuration Settings List Firmware Proxy Server Notification LAN Port Roles Configuration Management Properties AP Upgrade Dynamic DNS Controlled Configuration VPN Uncontrolled IP Mobility Configuration Configuration Caution After finishing the configuration of the settings please click Apply and pay attention to see if a restart message appears on the screen If such message appears system must be restarted to allow the settin
58. Out of user activities Traffic History 2007 08 22 Fkts Bytes Fkts Bytes Date Type Name IF MAC i p Out Out 2007 08 22 eats eer ety aie LOGINS 1 192 168 1 14900 06 1B DD 90 3c0 0 0 0 gt Date The date and time of record gt Type Record type Authentication Accept Reject Account Expire Redeem etc gt Name On demand Account Name gt IP MAC IP and MAC address of login device gt Pkts In Bytes In Pkts Out Bytes Out In bound and outbound Packet Byte count On demand User Log As shown in the following figure each line is a on demand user log record consisting of 13 fields Date System Name Type Name IP MAC Pkts In Bytes In Pkts Out Bytes Out Expiretime Validtime and Remark of user activities On demand User Log 2005 03 22 System Pkts Bytes Pkts Bytes Date oer Type Name IP MAC la m Oul Out Expiretime Validtime Remark 17 85 58 MY vice Create_OD_UserP4SP 0 0 0 000 00 00 00 00 000 0 0 0 oore plone Enz 17 86 03 Y sice Create_OD_User62H6 0 0 0 000 00 00 00 00 000 0 o 0 eee qa fone Eae 17 86 07 Y vice Create_OD_User886D 0 0 0 000 00 00 00 00 000 0 0 0 ene fone jee 2 0800 gt Date The date and time of record System Name The system name defined at System Information page Type Record type Authentication Accept Reject Account Expire Redeem etc Name On demand Account Name IP MAC IP and MAC address of login device Pkts In Bytes In Pkts Out Bytes Out In bound and outbound Pack
59. P is currently offline for example it is displayed as Offline when the power of the AP is off for any reason 3 Configuring It is displayed as Configuring when the newly discovered AP is being added to the list and being configured or new setting is being applied to the AP 4 Upgrading The AP is undergoing firmware upgrade 5 Lost Unknown After the system reboots and before it tries to probe the AP and determine the exact status the status will be displayed as Lost or Unknown temporary 89 LANPRO LP NC1 User s Manual Click Apply Template to select one template to apply to the AP TEMPLATE TEMPLATE TEMPLATES Template TEMPLATE1 SSID default Channel 11 Transmisstion Rate Auto Security Disabled e AP Name Click the hyperlink of AP Name and enter the interface about related settings There four kinds of settings General Settings LAN Interface Settings Wireless Interface Settings and Access Control Settings Click the hyperlink of each individual setting to have further configurations AP Configuration General Settings Name 1 General Remark Mone Firmware Wnknown LAN Interface Settings IP 182 168 1 1 LAN Mode Static IP Wireless Interface Settings SSID default Wireless LAN Channel Auto Security Type Disabled Access Control Settings Status Disabled Access Control Mode Allowed Number of MAC 0 Addresses gt General Settings Click the hyperlink of General to enter the General Settings i
60. Public LAN through the build in DHCP relay agent of LANPRO LP NC1 the DHCP server will receive a DHCP REQUEST packet with Option 82 a code defined in RFC 3046 Also a Circuit ID will be sent by LANPRO LP NC1 when DHCP relay is enabled to define where the packet is sent from and this Circuit ID should have a format of MAC_IP such as 00 E0 22 DF AC DF_192 168 1 254 Therefore when the external DHCP server gets the request packet it knows where to reply to and which IP to assign 164 Here is an example of configuration file of the DHCP server FF cf 1 p uh li Cc lan match if option gi private lan 4 mateh if option i oe pubic an A mateh if option i g2 private lan mat go H 1 m p t i on subnet O 0 0 0 netmask O 0 0 0 16 C 1rCcuit id 16 C 1rCuit id 16 C 1rCcuit id 10 CLECUuULtC 1id Option domain name servers pool allow members range 192 option rout option subn pool i allow members range 192 option routers of gi public ba l Ss 192 Nas 320 192 168 E fe 6 5 oft a PnH ta aa ey eee te Me oe option subnet mask 255 lar e LANPRO LP NC1 User s Manual bos Le Sek eee A eta eee er ae fa2Fe10 10 10 254 gt FE tees OO eos From the file client that connects to LANPRO LP NC1 sends out a DHCP request DHCP relay function in LANPRO LP NC1 is enabled and sending a Circuit ID 00 90 0B 07 60 91_192 168 1 254 to the external DHCP server
61. RO LP NC1 User s Manual 4 3 3 Manual Configuration Administrators who choose to manually configure an AP can utilize the function with the following information Enter the related information of the AP and select a Template Click ADD and then the AP will be added to the AP List Manual Configuration AP Type AZO AP Name Admin Password IP Address r MAC Address OoOo Remark hi Template Channel AP Type This is the supported type of APs for centralized management AP Name Mnemonic name of the specific AP Admin Password Password required for this AP IP Address IP address of the specified AP MAC Address MAC address of the specific AP Remark Some extra information to be filled in for this AP if desired Template The template which will be applied to the added AP V VV VV V V WV Channel The selected channel will be applied to the added AP 99 LANPRO LP NC1 User s Manual 4 3 4 Template Settings Template is a model that can be copied to every AP without having to configure the each AP individually There are three templates provided Click Edit to go to configuration Template Settings AP Type A200 Template Name TEMPLATE1 Enter the Template Name and Template Remark optional and click the hyperlink of Configure to have further configuration Template Edit Template Name TEMFLATE1 Template Source Mone Template Remark Template 1 gt Template Edit Here is the section that administr
62. Security gt gt Security Type Choose one security type from the drop down menu WEP Choose WEP authentication type here Access Control by MAC Address This function provides to control the clients devices that are allowed to associate with the APs applied with the desired template setting Choose Disabled or Enabled in the Status column and enter the desired clients MAC addresses in the MAC Address List When this function is enabled please make sure the MAC Address List is not empty 102 LANPRO LP NC1 User s Manual 4 3 5 Firmware Management In this function AP s firmware can be uploaded The page includes the Preloaded Firmware a function to upload desired firmware and shows the already uploaded firmware s name checksum AP type version and size Administrators are also given the option to download or delete the firmware Firmware Upload Firmware List File Name AP Type Version Size Actions Checksum File Name Name of the file to be uploaded Upload Can be clicked to upload the file Firmware List Shows the already uploaded firmware Checksum The automatically detected security identification of the firmware AP Type The AP type of the firmware Version The version of the AP firmware Size File size of the firmware V VV VV VV WV Download Can be clicked to save the current firmware xi Do you want to save this file fa Name Jitmware rom Type Unknown File Type 670 KB Fr
63. T Domain Black List System supports Black List profiles for used within the Catia alin authentication server On demand users are NOT bounded by the Black List System provides 8 policies each policy can apply independent Policy Configuration firewall profile specific route profile login schedule profile bandwidth policy and maximum concurrent session for User Users will be logged out automatically after being idle for a specified period of time Multiple login of the same user account could be enabled or disabled not available to On demand users System provides Friendly Logout options Login Page and Logout Page customization and login notification email to client When MAC Access Control is enabled system will only provide login page to those devices listed Additional Configuration Operator The operator can only access the area of Create On demand User to create and print out the new on demand user accounts User Name operator Password operator Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In beer Name ENTER U J LANPRO LP NC1 System AP Network Configuration Management Configuration Ey Create On demand User Authentication Configuration S Z Black List Configuration Plan Type Status Function Policy Configuration 1 2 hrs 0 mins Enabled Create Additional C m i uration 2 MIA Disabled Create 3 NIA Disabled Create 4 N
64. a EERE ER EERE AM Conncuration Wiza dessos E E dale oye O O a a 4 1 3 WANI Configuration ccccceccccseccccseecceeeeeceeeeeeseeeeeeeeeesaeeeesseeeeesensesaes kbA WAN amp te C8 cs Ga eeann i E E E Be BAN PON ROG SESon aE aaa 416 ContoledConfiouraiois ses 4 1 7 Uncontrolled Configuration ccccccceccccsseecceseeceeeeeeeeeeeeeeeseeeeeseeeaeseesaes USEPA a O E 4 2 1 Authentication Configuration esae aa aa 4 2 1 1 Authentication Method Local User Setting cece ceeeeeeeeeeeees 4 2 1 2 Authentication Method POP3 uu ccc ccceccccsseeceeeeeeeceeeeeeaseeeaseeeaes 4 2 1 3 Authentication Method RADIUS ec cccccccseeeceeeeeeeeeseeeseeeenaes 4 2 1 4 Authentication Method LDAP i eecccseeeccceeeeeeeeeeeneeeeeseesenees 4 2 1 5 Authentication Method NT Domain cece cceeccceeeeeceeeeeeeaeseeeaes 4 2 1 6 Authentication Method On demand UsSef c ccc cceececeseeeeeeeeeeenes BN MSA MOS 0 TG Ueland coheed cell cel clea coh ch A W Or2 Billing Oni CuraiOt ssis ced nape cens sete nasacek sak canes ot fs es ed deo 4 2 1 6 3 Create On demand Uset cccecscscscscecccscccscscscecscecscsccscscscscscscscececececscscscsccacscscscececes 58 AZ NO BAITS TR CO ORE 5 ssi 55 shes Shee daca TE 59 zp eel WN G5 RR CO 0 dd E NON nT nnn ERT nT ne nO nT nT RE en ne nT E E E ee ne eT ee rere 61 Ag Black List Conii emri senei ene 66 wr PONY Ge 01 OE aaa 68 Mieco
65. able a protection mechanism will decrease collision probability when many 802 119 devices exist simultaneously However performance of the 802 11g devices may decrease Fragment Threshold Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet RTS Threshold Request To Send A packet sent when a computer has data to transmit The computer will wait fora CTS Clear To Send message before sending data Beacon Interval ms Enter a value between 20 and 1000 msec The default value is 100 milliseconds The entered time means how often the beacon signal transmission between the access point and the wireless network Preamble Type The length of the CRC Cyclic Redundancy Check block for communication between the Access Point and roaming wireless adapters Select either Short Preamble or Long Preamble IAPP Inter Access Point Protocol is designed for the enforcement of unique association throughout a ESS Extended Service Set and for secure exchange of station s security context between current access point AP and new AP during handoff period Block Relay Select whether to enable this function Tx Power Level Choose which Tx power level desired from the drop down menu Security Security Type Choose one security type from the drop down menu WEP Choose WEP authentication type here Security Type Disable C 8021y Authentication Security WEP Authen
66. ace and inquire the routing path to a specific target Display interface settings It displays the information of each network interface setting including the MAC address IP address and netmask Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings Display ARP table The internal ARP table of the system is displayed Display system up time The system live time time for system being turn on is displayed Check service status Check and display the status of the system Set device into safe mode If administrator is unable to use Web Management Interface via the browser for the system failed inexplicitly Administrator can choose this utility and set LANPRO LP NC1 into safe mode then administrator can management this device with browser again Synchronize clock with NTP server Immediately synchronize the clock through the NTP protocol and the specified network time server Since this interface does not support manual setup for its internal clock therefore we must reset the internal clock through the NTP Print the kernel ring buffer It is used to examine or control the kernel ring buffer The program helps users to print out their boot up messages instead of copying the messages by hand Main menu Go back to the main menu 139 LANPRO LP NC1 User s Manual z Change admin password Besides supporting the use of console management interface through t
67. al 3 1 4 Installation Steps Please follow the following steps to install LANPRO LP NC1 el De al Hesel Contae Connect the 12V power adapter to the power socket on the rear panel The Power LED should be on to indicate a proper connection SLANPRO LP Nc1 Ll 2 1 2 3 4 amp B amp B F 8 oO oO 060 9 0G OO 68 O D O POWER o I WAN LAN O STATUS Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an ADSL modem a cable modem or a switch hub of the network The LED of WAN1 port should be on to indicate a proper connection Connect an Ethernet cable to one of the LAN5 LAN8 Ports on the front panel Connect the other end of the Ethernet cable to an administrator s PC or a notebook The LED of the connected port should be on to indicate a proper connection Note The default role of these four ports is Uncontrolled Port Connect an Ethernet cable to one of the LAN1 LAN4 Ports on the front panel Connect the other end of the Ethernet cable to a client PC AP or switch in managed network The LED of the connected port should be on to indicate a proper connection Note The default role of these four ports is Controlled Port Attention 1 LANPRO LP NC1 supports Auto Sensing MDI MDIX You may use either straight through or cross over cable to connect the Ethernet Port Usually a straight cable could be applied when LANPRO LP NC1 connects to an Access Poin
68. al RADIUS server Authentication Port Radius server authentication port Accounting Port RADIUS server accounting port Secret Key Secret Key for authentication Accounting Service Enable or Disable Accounting Service Authentication Protocol Define authentication transmission protocol Configurations must match remote RADIUS configurations PAP Password Authentication Protocol transmit password in plain text without encryption CHAP Challenge Handshake Authentication Protocol is a more secured authentication protocol using hash encryption 50 LANPRO LP NC1 User s Manual e 802 1X Authentication When enabling this function the hyperlink of Radius Client List will appear Click the hyperlink to get into the RADIUS Client Configuration page for further configuration In the RADIUS Client Configuration page the clients which are using 802 1X as the authentication method shall be put into this table LANPRO LP NC1 will forward the authentication request from these clients to the configured Radius Server Radius Client Configuration No IP Address segment Secret i 3 e Trans Full Name When enabled both the ID and postfix will be transferred to the RADIUS server for authentication When disabled only the ID will be transferred to RADIUS server for authentication e NAS Identifier Enter the NASID of the LANPRO LP NC1 for the RADIUS server e Server IP Enter the IP address domain name of the RADIUS server e Auth
69. amic IP Address PPPoE Client Selectitto set static IP address Selectitto obtain an IF address automatically For most cable modem users Enter the FPPoE Client s Username and Password For most DSL users gt PPPoE Client Set PPPoE Client s Information Enter the Username and Password provided by the ISP Click Next to continue Step 4 Select the Connection Type for WAN Port Select the connection type for WAN port Click Next to continue Static IP Address O Dynamic IP Address PPPoE Client Select itto set static IP address Select itto obtain an IF address automatically For most cable modem users Enter the PPPoE Client s Username and Password For most DSL users Step 4 Cont Set PPPoE Client s Information Enter the PPPoE Client s Username and Password For most DSL users Username testi 2a isp net 16 LANPRO LP NC1 User s Manual e Step 5 Set Authentication Methods Enter an identified name as the postfix name in the Postfix field e g Local select a policy to assign to and choose an authentication method The selected authentication method will be the default authentication method Click Next to continue step 5 Set Authentication Methods Select a default User Authentication Method Click Next to continue posix Leal O O f ilts postfis name Policy Policy LocalUser LDAP POPS NT Domain RADIUS
70. an products coms NTP Server tock usno navy mil e g tock usno navy mil DNS Server 169 95 1 1 14 LANPRO LP NC1 User s Manual e Step 4 Select the Connection Type for WAN Port There are three connection types of WAN1 port supported in the wizard Static IP Address Dynamic IP Address and PPPoE Client Select a proper Internet connection type and click Next to continue gt Static IP Address Set WAN Port s Static IP Address Enter the IP Address Subnet Mask and Default Gateway provided by your ISP or network administrator Click Next to continue Step 4 Select the Connection Type for WAN Port Select the connection type for WAN port Click Next to continue Static IP Address Select itto set static IP address Dynamic IP Address Select itto obtain an IP address automatically For most cable modem Users PPPoE Client Enter the PPPoE Client s Username and Password For most DSL users step 4 Cont Set WAN Port s Static IP Address Click Next to continue IP Address O f subnet Mask E 15 gt Dynamic IP Address LANPRO LP NC1 User s Manual If this option is selected LANPRO LP NC1 will get an IP address for WAN1 from an external DHCP server automatically Click Next to continue to Step 5 directly Step 4 Select the Connection Type for WAN Port Select the connection type for WAN port Click Next to continue Static IP Address O Dyn
71. appear on the screen Please do not interrupt LANPRO LP NC1 until the message has disappeared The Configuration Wizard is shown on the screen This indicates that a completed and successful restart process Is finished Setup Wizard Restarting now Please wait for a moment Configuration Wizard LP NC1 is a Network Access Controller with access control features ideal for hotspot small and medium business networking The wizard will guide you through the process of creating a baseline strategy Please follow the wizard step by step to configure LP NC1 Caution During each step of the wizard if you want to go back to modify the setting please click the Back button to go back to the previous step 20 LANPRO LP NC1 User s Manual 3 2 2 User Login Portal Page To login from the login portal page via the controlled port the user has to be authenticated by the system with username and password The administrator also can verify if the configuration of LANPRO LP NC1 has been done properly 1 First connect a client s device for example a PC to the controlled port of LANPRO LP NC1 and set the device to obtain an IP address automatically After the client obtains the IP address open an Internet browser Try to launch any website and then the default User Login Page will appear Enter a valid User Name and Password e g test local for the username and test for the password Click Submit button User Login Page
72. arch es Folders fz Address e Network Connections Area Connection icon and select Properties LAN or High Speed Internet Network Tasks ocal Area Connection T Create a new nabled connection MD PCNET Family PCI Ethern __ Set up a home or small Disable office network Status w peaa this network Repar Repair this connection Bridge Connections mj Rename this connection View status of this connection a Change settings of this connection Create Shortcut Re Other Places gt Control Panel gy My Network Places EJ My Documents Local Area Connection Properties 3 Select General label and choose Internet Resesen ETERS Advanead Protocol TCP IP and then click Properties Now Gorinsciasing Ea AMDO PCNET Family PCI Ethernet Adapter you can choose to use DHCP or specific IP address please proceed to the following steps This connection uses the Following items Client for Microsoft Networks m File and Printer Sharing for Microsott Networks Descriptiarr Transmission Control Protocalslnterniet Protocol The default Wide area hetwork protocol that provides communication across diverse interconnected networks Show icon in notification area when connected 148 1 2 Using DHCP If want to use DHCP please choose Obtain an IP address automatically and click OK This is also the default s
73. ation Welcome to System Administration This Administrative Web Interface allows you to set various networking parameters to customize network services to manage user accounts and to monitor user status Functions are separated into 6 main categories System Configuration User Authentication AP Management Network Configuration Utilities and Status Manager The manager can access the area under User Authentication to manage the user account but no permission to change the settings of the profiles of Firewall Specific Route and Schedule User Name manager Password manager Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In G User Name manager Password eeceece i feststsssiessisessestecssissortestitsiissisesisstsstsistisiem tessstsistssietstiecsesistestsmitstesstsessististstessstessitac tes setestesereesersistsisttsite tissstsst tte sess ssh 10 LANPRO LP NC1 User s Manual SLANPRO LP NC1 3 s Network Configuration jentsu Management Configuration 7 LS 5 a System AP User Authentication System provides 3 authentication servers Each server allows only one type of authentication method and one Black List Profile An Authentication pares gt Configuration authentication policy may be assigned to any policy System supports the following external authentication servers POP3 S RADIUS Additional Configuration LDAP and N
74. ators can configure template name template source and template remark gt Template Name The name shown for this particular template will change according to what given by administrators gt Template Source Select an existing AP and click Apply to save its settings as the template settings After click the button of Configure to enter the Template Edit page revise the configuration for demand such as SSID or Channel About other functions of Wireless section please refer to 4 3 1 AP List Access Control function provides to control the clients devices that are allowed to associate with the APs applied with the desired template setting Choose Disabled or Enabled this function and enter the desired clients MAC addresses in the MAC Address List There are up to 20 MAC addresses available When this function is enabled please make sure the MAC Address List is not empty 100 LANPRO LP NC1 User s Manual AP A200 The AP includes standards 802 11b and g The connection could be select to enable 802 11b g or disable The The AP is fully compatible with the IEEE 802 11b and 802 119 standards General 255 255 255 0 z Subnet Mask Default Gateway SSID SSID Broadcast Transmission Mode 192 168 1254 Wireless default Enable Transmission Rate a tm Tu Cc a T a 71 u o tm k o o ch i or T A Disable Default Disable i i Co tm ce aly
75. ay IP address is https 192 168 2 254 In the opened webpage you will see the login page Enter admin the default username and admin the default password in the User Name and Password field Click Enter to log in 3 LP NC1 Microsoft Internet Explo File Edit view Favorites Tools Hel CD sack T ie x a Fi Sddress bttps 192 168 2 254 Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In admin be Ab User Name ENTER Caution If you can t get the login screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address and the default gateway are not under the same network segment Please use default IP address such as 192 168 2 xx in your network and then try it again For the PC configuration on PC please refer to Appendix C Network Configuration on PC LANPRO LP NC1 User s Manual LANPRO LP NC1 supports three kinds of account interface You can log in as admin manager or operator The default username and password as follows Admin The administrator can access all area of the LANPRO LP NC1 User Name admin Password admin Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In SLANPRO is ton Help System User 7 AP y Network y i Configuration Authentication Management _ Configur
76. c and PPTP Supports DoS attack protection Supports user Black List Allows user identity plus MAC address authentication for local accounts User Management Supports up to 120 concurrent users for LANPRO LP NC1 Provides 500 local accounts for LANPRO LP NC1 Provides 2000 on demand accounts Simultaneous support for multiple authentication methods Local and On demand accounts POP3 S LDAP RADIUS NT Domain Role based and policy based access control per role assignments based on Firewall policies Routing Login Schedule Bandwidth Customizable login and logout portal page User Session Management 1 SSL protected login portal page Supports multiple logins with one single account Session idle timer Session account expiration control Friendly notification email to provide a hyperlink to login portal page Windows domain transparent login Pe Oe OT ee Configurable login time frame AP Management Supports up to 12 IEEE 802 11b g APs Cipherium A200 Centralized remote management via HT TP SNMP interface Automatic discovery of managed APs and list of managed APs Allows administrators to add and delete APs from the AP list Allows administrators to enable or disable managed APs Provides MAC Access Control List of client stations for each managed AP Locally maintained configuration profiles of managed APs Single Ul for upgrading and restoring managed APs firmware System status monitoring of managed APs and associated cl
77. ct the desired black list to edit adding users into the black list Black List Configuration Select Black List 1 Blacklist Name Blacklist Wiser Remark a Total 0 First Frew Me Add Users Las e Select Black List There are 5 lists that LANPRO LP NC1 supports to select from Each list configures up to 10 items e Name Set the name of the black list and it will show in the pull down menu above e Add Users Click the button of Add Users the Add Users to Blacklist page will appear for adding users to the selected black list Add Users to Blacklist Blacklist eee ae ee i E DO GE After entering the usernames in the Username field and the related information in the Remark field not required Add Users to Blacklist Blacklisti tem Username Remark i z 3 E S ae Click Apply to save the settings 66 LANPRO LP NC1 User s Manual User James has been added User Jumor has been added A Add Users to Blacklist Add Users to Blacklist Blacklistt tem Username Remark a a re ee ee If the administrator wants to remove a user from the black list just select the user s Delete check box and then click the Delete button to remove that user from the black list Black List Configuration Select Black List 1 Blacklist Name Blacklist I User Fermark Delete James fraud Junior hacker E Total 2 First Prey Mext Last Add User s 67 LANPRO LP NC1 User
78. d port number of the external Syslog Syslog server Traffic History Server N A means that it is not configured The IP address and port number of the external Syslog Syslog server On demand User log l Server N A means that it is not configured Enabled disabled stands for that the system is currently Proxy Server using the proxy server or not Enabled disabled stands for the setting of Friendly Logout hiding displaying an extra confirmation window when users try to close the login successful window Enabled Disabled stands for the connection at WAN is Warning of Internet Disconnection normal or abnormal and all online users are allowed disallowed to log in the network Show WAN1 and WAN2 status when WAN Failover is WAN Failover enabled The IP or IPs that is allowed for accessing the Remote Management IP management interface Management Enabled disabled stands for the current status of the SNMP management function The maximum number of days for the system to retain the Retained Days users information History The email address that the traffic history information will Email To be sent to NTP Server The network time server that the system is set to align Time DateTime The system time is shown as the local time The number of minutes allowed for the users to be Idle Timer inactive Enabled disabled stands for the current setting to Multiple Login allow disallow multiple logins form the same account Pre
79. e Page Uploaded Page External Page Template Page Setting Color for Tithe Background Select RGB values in hex mode Color for Tithe Text Select RGB values in hex mode Color for Page Background Select RGB values in hex mode Color for Page Text Select RGB values in hex mode Title Logout Success Page Information Logout successfully 85 LANPRO LP NC1 User s Manual c Choose Uploaded Page and you can get the logout success page by uploading Click the Browse button to select the file for the logout success page upload Then click Submit to complete the upload process Logout Success Page Selection for Users Default Page Teriplate Page Uploaded Page External Page Upload Logout Success Page Existing Image Files Total Capacity 512 K Now Used 0 K Upload Image Files Preview After the upload process is completed the new logout success page can be previewed by clicking Preview button at the bottom lf the user defined logout success page includes an image file the image file path in the HTML code must be the image file you will upload lt img src images xx jpg Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K Total Capacity 512 K Now Used 0K Upload Image Files Upload linages Broise S
80. e follow the wizard step by step to configure LP MG1 25 LANPRO LP NC1 User s Manual 4 1 2 System Information Most of the major system information about LANPRO LP NC1 can be set here Please refer to the following description for each field System Information System Name LP M1 nci larn products com Device Name FOCH for this device Enabled Disabled Home Page http iww lan products cam e g http iSwan an products com Access History IP e g 192 168 2 1 Remote Management IP oooomooo ee 192 168 5 1 of 192 168 3 0 24 SNMP Enabled Disabled User Logon SSL Enabled Disabled Device Time 2007094 2 23 54 11 Time one Shi T OS 00iEastern Timefls amp Canadal we NTP Enable MTP Server 4 tock usno nawy mil e g tock usno navy mil Time MTP Server 3 nto faude MTP Server 3 clock cuhk edu hk MTP Server 4 ntped pads utr br MTF Server 4 ntpi cs mu Dz U Set Device Date and Time e System Name Set the name of the system or use the default e Device Name FQDN Fully Qualified Domain Name This is used as the domain name used in login page For example if Device Name ashop com the URL of login page will be https ashop com loginpages login shtml e Home Page Enter the website of a Web Server to be the homepage When users login successfully they will be directed to this homepage Usually the homepage is the company s website such as http www
81. e prepared start configuring the settings on LANPRO LP NC1 and Athorize Net 1 2 Configure LANPRO LP NC1 using an Authorize Net account Please log in LANPRO LP NC1 User Authentication gt Authentication Configuration Click the server On demand User On demand User Server Configuration gt Click Credit Card Credit Card Configuration Some major fields are required Merchant Login ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key To get a new key please log in Authorize Net gt Click Settings and Profile Go to the Security section gt Click Obtain Transaction Key gt Enter Secret Answer Click Submit Payment Gateway URL https secure authorize net gateway transact dll default payment gateway To enhance the transaction security merchant owner can choose to enable this function and enter a value in the text box MD5 Hash Value Note For detailed description please see 4 2 1 6 5 Credit Card 1 3 Configure the Authorize Net Merchant Account to Match the Configuration of LANPRO LP NC1 Settings of the merchant account on Authorize Net should be matched with the configuration of LANPRO LP NC1 Setting Description To configure MD5 Hash Value please log in Authorize Net Click Settings and Profile Go to the Security section click MD5 Hash Enter New Hash Value amp Confirm Hash Value
82. e substitute DNS Server of the WAN1 port This is not required WANI Configuration Static IP Address IP Address H subnet Wask ee Default Gateway ee Preferred DMS Serer Alternate ONS Server Dynamic IP Address PPPoE Client PPTF Client WANT Port Dynamic IP address Configure WAN Port settings automatically using external DHCP Server Click the Renew button to get an IP address WAN1 Configuration Static IP Address j Renew MAAIE Dynamic IF Address PPPoE Client PPTP Client PPPoE Client This is the common connection type for ADSL When selecting PPPoE to connect to the network please enter the Username Password MTU and CLAMPMSS There is a Dial on Demand function under PPPoE If this function is enabled a Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself 29 LANPRO LP NC1 User s Manual WAN Configuration Static IP Address Dynamic IP Address PPPoE Client Username Password WAN1 Port MTU CLAMPMSS Dial on Demand PPTP Client 1492 bytes Range 1000 1 492 1400 bytes Range 980 1 400 Enabled Disabled PPTP Client Point to Point Tunneling Protocol is a service that applies to broadband connection used mainly in Europe and Israel Select Static to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically The fields with red asteri
83. e will not be replaced by the new ones Note 2 f you want user Enabled VPN Termination please set IPSec field to 1 or 0 would disable Note 3 Onhy 0 97 A 2 aez A r n and _ are acceptable for password field Upload User Account The uploading file should be a text file and the format of each line is ID Password MAC Policy Remark IPSec without the quotes There must be no spaces between the fields and commas The MAC field could be omitted but the trailing comma must be retained The Group field indicates policy number to use When adding user accounts by uploading a file the existing accounts in the embedded database will not be replaced by new ones If you want user Enable VPN Termination please set IPSec field to 1 to enable VPN or 0 to disable VPN password policy IPSec remark john john 00 00 00 00 00 00 1 the admin 1 test test 2 testing account 0 policy IPSec password remark 44 LANPRO LP NC1 User s Manual Download User Click this to enter the Users List page and the system will directly show a list of all created user accounts Click Download to create a txt file and then save it on the disk Policy Username Password MAC Remark VPN Termination Enabled Alice alice in land Bi Bob i235 O4 03 11 1b 2d 3a 0 4 Cathy eae 0 Download Refresh Click this to renew the Users List page Add User Wpload User Download User a Policy Username Passwo
84. ection Secondary POPS Server SSL Setting C Enable SSL Connection e IP Address IP address of the POPS server e Port POP3 Server authentication port e Enable SSL Connection Enable or disable Secured Socket Layer connection 48 LANPRO LP NC1 User s Manual 4 2 1 3 Authentication Method RADIUS The system may authenticate users using external RADIUS server You may configure both primary and secondary RADIUS server for fault tolerance Choose RADIUS in the Authentication Method field the button next to the drop down menu will become to RADIUS Setting Authentication Server Server 1 Server Name Sewert bets server name Server Status Disabled Postfix Postfix ts posti name Black List Authentication Method RADIUS w Policy Edit Policy Mapping Enable VPN Termination Enable VPN Termination Check to enable the VPN tunneling between client s device and the controller automatically to secure the transmissions for user under Windows XP SP1 SP2 and Windows 2000 Once the box is checked it will be activated and applied to all users been authenticated by the selected authentication server When POP3 RADIUS LDAP or NTDomain is selected from the drop down menu the function of Enable VPN Termination will show up Check Enable VPN Termination to enable this function Click the button of RADIUS Setting for further configuration Enter the related information of the primary server and or the secondary server the seconda
85. em will MOT authenticate those listed devices Walled Garden List C Maed Garden List System can monitor up to 40 network devices online status with an option to add theri as public access servers via HTTP orf HTTPS i eT i Monitor IP List dioika itni E Even under MAT mode after added the devices as public access servers the devices can beaccessed by clicking the hypertext Dynamic DNS Walled Garden List Wp to 20 hosts URL sae be defined m al ed Garden List Clients a ee may access these URL without authentication IF Mobility LP MO supports up to 10 external proxy servers Proxy Server C VPI Ponninirnt ian Properties System can redirect traffic to external proxy server into built in proxy Server Dynamic DNS LP NO1 supports dynamic ONS OONS feature IP Mobility System supports IP PNF Configuration YPM Termination an IPSec tunnel can be established between the system and the client located atthe LAN side Site to Site YPN an IPSec tunnel can be constructed to be Used to connectto other PSec capable device over the Internat VPN Configuration 105 LANPRO LP NC1 User s Manual 4 4 1 Network Address Translation There are three parts DMZ Demilitarized Zone Public Accessible Server and Port and IP Redirect need to be set Network Address Translation DMZ Demilitarized Zone Public Accessible Server Port and IP Redirect e DMZ Demilitarized Zone In the DMZ functions the adminis
86. en on networked Transmission Mode There are 3 modes to select 802 11b 2 4G 1 11Mbps 802 11g 2 4G 54Mbps and Mix mode b and g Transmission Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of the wireless network Select from a range of transmission speed or keep the default setting Auto to make the Access Point automatically use the fastest rate possible CTS Protection Select Enable or Disable this feature Fragment Threshold The fragmentation threshold determines whether packets will be fragmented Enter a value between 256 and 2346 RTS Threshold Request To Send A packet sent when a computer has data to transmit The computer will wait for a CTS Clear To Send message before sending data Beacon Interval Enter a value between 20 and 1024 msec The default value is 100 milliseconds Preamble Type The length of the CRC Cyclic Redundancy Check block for communication between the Access Point and roaming wireless adapters Select either Short Preamble or Long Preamble IAPP Inter Access Point Protocol is designed for the enforcement of unique association throughout a ESS Extended Service Set and for secure exchange of station s security context between current access point AP and new AP during handoff period Block Relay Select whether to enable this function Tx Power Type Choose which Tx power level desired from the drop down menu
87. en or While fles from the Internet can be ugeful some files can potentially save this tile What s the risk e Restore system settings Click Browse to search for a db database backup file created by LANPRO LP NC1 and click Restore to restore to the same settings at the time the backup file was created e Reset to the factory default settings Click Reset to load the factory default settings of LANPRO LP NC1 123 LANPRO LP NC1 User s Manual 4 5 3 Firmware Upgrade The administrator can download the latest firmware from website and upgrade the system here Click Browse to search for the firmware file and click Apply to go on with the firmware upgrade process It might take a few minutes before the upgrade process completes and the system needs to be restarted afterwards to make the new firmware effective Firmware Upgrade Current Version 1 00 00 Note For maintenance issues we strongly recommend you backup system settings before upgrading firmware Warning 1 Firmware upgrade may cause the loss of some of the data Please refer to the release notes for the limitation before upgrading the firmware 2 Please restart the system after upgrading the firmware Do not power on off the system during the upgrade or the restart process It may damage the system and cause it to malfunction 3 Firmware upgrade may take up to 5 minutes please wait for the confirmation page 124 LANPRO LP NC1 User s Manual 4
88. entication Port Enter the authentication port of the RADIUS server and the default value is 1812 e Accounting Port Enter the accounting port of the RADIUS server and the default value is 1813 e Secret Key Enter the key for encryption and decryption e Accounting Service Choose to enable or disable the accounting service for accounting capabilities e Authentication Protocol There are two methods CHAP and PAP for selection e Edit Policy Mapping Click the hyperlink of Edit Policy Mapping to enter the Policy Mapping page Choose to enable or disable policy mapping by RADIUS class attributes Policy Mapping Server 3 Enable Disable Class Attribute Policy Remark Policy1 e Class Attribute Class attribute sent from the RADIUS server iii e Policy Select the mapping policy of this class attribute e Remark Add some description if needed 51l LANPRO LP NC1 User s Manual 4 2 1 4 Authentication Method LDAP This system may authenticate users using external LDAP Server You may configure both primary and secondary LDAP server for fault tolerance Choose LDAP in the Authentication Method field the button next to the drop down menu will become to LDAP Setting Authentication Server Server 1 Server Name Sewer hts server name Server Status Disabled Posttix Postixt Its postfix name Black List Authentication Method Policy Edit Policy Mapping Enable VPN Termination d When POP3 RADIUS
89. es as Sorry The service 1s temporariy unavaichle e Static IP Address Configure WAN Port settings manually Specify the IP Address Subnet Mask and Default Gateway of WAN2 Port which should be applicable for the network environment WAN2 amp Failover None Static IP Address WAN Port Default Gateway ee Preferred DNS Server O F Alternate DNS Server Es Dynamic IP Address Target URLs for detecting Internet connection URLA http URLE http O Connection Detection URLS http ls amp Failover C Enable WAN Failover Warming of Internet Disconnection When Internet connection is down the system will display the Warning Messages as Sorry The service if temporarily unavailable z If WAN Failover function is enabled when WAN1 connection fails the traffic will be routed to WAN2 automatically If Fall back to WAN1 when possible function is enabled the routed traffic will be back to WAN1 when WAN1 connection is recovered 31 LANPRO LP NC1 User s Manual Dynamic IP Address Configure WAN Port settings automatically using external DHCP Server Select this item when WAN2 Port can obtain an IP address automatically For example a DHCP Server is available for WAN2 Port The probe target supports up to three URLs to detect the URLs They can check with the WAN Failover and Warning of Internet Disconnection functions The system will check these three URLs to detect the WAN ports co
90. esign is to have the disclaimer and login function in the same page but with the login function hidden until users agree with the disclaimer For more details about the codes of the disclaimer please refer to Appendix G If the page is successfully loaded an upload success page will show up Successtul You just uploaded page default_login_with disclaimer html Previews Preview can be clicked to see the uploaded page 77 We may collect and store the following personal information e mail address physical contact information Credit card numbers and transactional information based on your activities on the Internet service l provided Hy us If the information you provide cannot be Verified we may ask you to send us additional information such as your driver license credit card statement and or a recent utility bill or other information confirming your addressi ar ta answer additional questions to help verify your information e laqred ie disagree Mert ae a E Click here to purchase by Credit Card Online LANPRO LP NC1 User s Manual If a user checks I agree and clicks Next then he she is prompted to fill in the login name and password User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In o User Name Password ans a ax If a user checks I disagree and clicks Next a window will pop up to
91. et Byte count Expiretime Time of account expiration for accounts based on time limit not data rate Y VV V V WV Validtime Time when account is valid When valid time is reached account is disabled regardless of actual account usage gt Remark Any remark added by administrator at ON Demand User Group configuration Roaming Out Traffic History This log shows the Roaming out Traffic User History when system is the system is deployed with roaming center As shown in the following figure each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionlD SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities 133 LANPRO LP NC1 User s Manual Roaming Out Traffic History 2005 03 22 Date Type Name NASID NASIP NASPort UserMAC sessionID sessionTime Bytes In Bytes Out Pkts In Pkts Out Message v V VV VV NV V VV V WV Date The date and time of record Type Record type Authentication Accept Reject Account Expire Redeem etc Name Roaming Out user name NASID System ID of remote RADIUS NASIP The IP address of the RADIUS server NASPort The port number of remote RADIUS server UserMAC User MAC address SessionlD Session ID usually the time stamp SessionTime Session length in seconds Bytes In Out Byte count for in bound and outbound traffic Pkts In Out Packet count for inbound and outbound traffic Mes
92. etting of Windows Then reboot the PC to make sure an IP address is obtained from LANPRO LP NC1 2 2 Using Specific IP Address If want to use specific IP address you have to ask the network administrator for the information of the LANPRO LP NC1 IP address Subnet Mask New gateway and DNS server address e Please choose Use the following IP address and enter the information given from the network administrator in IP address Subnet mask and the DNS address es and then click OK LANPRO LP NC1 User s Manual Internet Protocol TCP IP Properties General Alternate Configuration _ You can get IP settings assigned automatically if your network supports this capability Othemnvwise pou need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically O Use the To Obtain OMS server address automatically O Use the following DMS server addresses Advanced Cancel Internet Protocol TCP IP Properties a General You can get IP settings assigned automatically if your network support this capability Othemnvise pou need to ask your network administrator for the appropriate IP settings IP address Subnet mask Default gateway Use the following DMS server addresses Prefered DNS server 4lternate DNS server Advanced 149 LANPRO LP NC1 User s Manua
93. eys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of LANPRO LP NC1 is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system and the welcome screen or the main menu should appear If you are still unable to see the welcome screen or the main menu of the console please check the connection of the cables and the settings of the terminal simulation program Please select functions Utilities for network bugging Change admin password Reload factory default Festart 138 LANPRO LP NC1 User s Manual Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems The utilities are described as follow V vV V WV Please select utility Ping host i IF Trace routing path Display interface settings Display routing table Display ARP table Display system up time Check Service status Set device into sate mode aynchranize clock with NTP server Print the kernel ring butter Hain menu Ping host IP By sending ICMP echo request to a specified host and wait for the response to test the network status Trace routing path Tr
94. f each user accessing the Internet In addition the log data can be sent out to a specified Syslog Server Email Box or FTP Server based on pre defined interval time gt The following table shows the fields of a session log record Description Date and Time The date and time that the session is established Session Type New This is the newly established session Blocked This session is blocked by a Firewall rule Username The account name with postfix of the user It shows N A if the user or device does not need to log in with a username For example the user or device is on a non authenticated port or on the privileged MAC IP list Note Only 31 characters are available for the combination of Session Type plus Username Please change the account name accordingly if the name is not identifiable in the record The communication protocol of session TCP or UDP The MAC address of the user s computer or device The source IP address of the user s computer or device The source port number of the user s computer or device DIP The destination IP address of the user s computer or device The destination port number of the user s computer or device 166 gt LANPRO LP NC1 User s Manual The following table shows an example of the session log data Jul 20 12 35 05 2007 Jul 20 12 35 05 2007 Jul 20 12 35 06 2007 Jul 20 12 35 06 2007 Jul 20 12 35 07 2007 Jul 20 12 35 09 2007 Jul 20 12 35 1
95. f the Network Configuration will appear Configuration Authentication ffietwork Address Translation privilege List Monitor IP List r Walled Gar den List zz Proxy Server Properties l i Dynamic DNS IP Mobility C VPH Configuration appear Network Configuration Network Address Translation Privilege List Monitor IP List Walled Garden List Proxy Server Properties Dynamic DNS IP Mobility VPN Configuration Network Configuration LP NC1 provides 3 types of network address translation DMZ Demilitarized Zone Public Accessible Server and IP Por Redirect System provides Privilege IP Address List and Privilege MAC Address List System will NOT authenticate those listed devices System can monitor up to 40 network devices online status with an option to add thern as public access servers Via HTTP of HTTPS Even under NAT mode after added the devices as public access servers the devices can be accessed by clicking the hypertext Up to 20 hosts URL could be defined in Walled Garden List Clients may access these URL without authentication LP NC1 supports up to 10 external proxy servers System can redirect traffic to external proxy server into builtin proxy server LP NC1 supports dynamic ONS DDNS feature System supports IP PNP Configuration YPN Termination an IPSec tunnel can be established between the system and the client located at the LAN
96. ferred DNS Server IP address of the preferred DNS Server Alternate DNS Server IP address of the alternate DNS Server 128 4 6 2 Interface Status LANPRO LP NC1 User s Manual This section provides an overview of the interface for the administrator including WAN1 WAN2 Controlled Port and Uncontrolled Port WAN Controlled Controlled DHCP Server Uncontrolled Uncontrolled DHCP Server Interface Status MAC Address IP Address Subnet Mask Mode MAC Address IP Address Subnet Mask Status WINS IP Address Start IP Address End iP Address Lease Time Mode MAC Address IP Address Subnet Mask Status WINS IP Address Start IP Address End iP Address Lease Time 00 30 00 00 00 03 10 2 3 656 255 255 255 0 NAT 00 30 00 00 00 01 192 166 1254 255 255 255 0 Enabled BIA 192 168 1 1 192 168 1 100 1440 Minsi MAT 00 30 00 00 00 01 192 168 2254 255 255 255 0 Enabled BIA 192 165 2 1 192 168 2100 1440 Mingis 129 LANPRO LP NC1 User s Manual The description of the table is as follows Item Description MAC Address The MAC address of the WAN1 port WAN1 IP Address The IP address of the WAN1 port T sumem Fe srera towan o wanz Subnet Mask Te Sunet Mask ofthe Wan2pon Mode The NAT or Router mode of the controlled port MAC Address The MAC address of the controlled port Controlled IP Address The IP address of the controlled port SubnetMask The Subnet Mask of the controlled port
97. fications of AP Status Change are triggered by event when a managed AP becomes unreachable while the other three types of emails are sent periodically in given intervals A trial email is provided by the system for validation In addition the system supports recording SYSLOG of User Log Guests User Log and Session Log via external SYSLOG servers Send To Interval Send Test Email Send From SMTP Auth Method System Log On demand User Log Session Log Session Log E mail Notification Configuration Monitor IP Traffic On demand Session AP Report History User Log Log Status CI E O E L C L L L L C C L E a 1 Hour 1 Hour 4 il Hour TAour A Send Send Bend Send Bena SYSLOG Server Settings IP Address _ Por IP Address o Por IF Address Port FTP Server Settings IP Address Port Send Log every Hours Mote same as Interval of Session Log in the Notification E mail Settings Anonymous Oves No sername Password FTP Setting Test send Test Log Send To The e mail address of the person whom the history email is for This will be the receiver s e mail Check which type of report to be sent Monitor IP Report Traffic History On demand User Log and AP Status Interval The time interval to send the e mail report Choose a proper number from the drop down box Send Test Email To test the settings correct or not Send From The e mail address of t
98. figure static IP OHOP on WAN por The Internet Connection Detection and UWAN Failover are also configured here The roles define two toes of LAN ports Controlled Authentication is required for wireless clients to access the network through these LAN ports Uncontrolled No authentication is feguired for wireless clients to access the network through these LAM ports Clients from Controlled por s must login before accessing network except those devices listed on the IPWMAC Privilege List The Controlled operates in NAT mode or Router mode avallable options include DHCP Server and DHCP Relay Clients from Uncontrolled ports will not be authenticated The Lincantrolled operates in NAT mode or Router mode Available options include DHCP Server and DHCP Relay 24 LANPRO LP NC1 User s Manual 4 1 1 Configuration Wizard There are two ways to configure the system using Configuration Wizard or changing the setting by demands manually The Configuration Wizard has 6 steps providing a simple and easy way to go through the basic setup of LANPRO LP NC1 and is served as Quick Configuration Please refer to 3 2 1 Quick Configuration for the introduction and description of Configuration Wizard Configuration Wizard LP WC1 is a Network Access Controller with access control features ideal for hotspot small and medium business networking The wizard will guide you through the process of creating a baseline strategy Pleas
99. g on Next Step 1 Change Admin s Password Step 2 Choose System s Time Zone Step 3 Set System Information Step 4 Select the Connection Type for WAN Port Step 5 Set Authentication Methods Step 6 Save and Restart LP NC1 e Step 1 Change Admin s Password Enter a new password for the admin account and retype it in the Verify Password field twenty character is the maximum and spaces are not allowed Click Next to continue step 1 Change Admin s Password You may change the Admin s account password by entering anew password Click Next to continue 13 LANPRO LP NC1 User s Manual Step 2 Choose System s Time Zone Select a proper time zone via the drop down menu Click Next to continue Step 2 Choose System s Time Zone Select the appropriate time zone for the system Click Next to continue SMT O5 00iEastern TimeflS amp Canaday w Step 3 Set System Information Home Page Enter the URL to where the users should be directed when they are successfully authenticated NTP Server Enter the IP address or the domain name of an external time server for LANPRO LP NC1 to do time synchronization or use the default DNS Server Enter a DNS Server provided by the ISP Internet Service Provider Contact the ISP if the DNS IP Address is unknown Click Next to continue Step 3 Set System Information Enter System Information Click Next to continue Home Page http wew lan products cam 3 e g http uy l
100. ground AP Discovery The system can be set up to discover APs periodically in background Background AP Discovery Status Disabled Configure Background AP Discovery AP Type A200 Interface Controlled Ww Factory Default IF Address 192 168 2 1 Login ID admin Password 1234 Manual IP Addresses of APs teas Start IF Address 192 168 1 1 after Discovery Status Enable Disable Admin Settings Used to Discover Settings of Background AP Discovery are the same as the in the AP Discovery settings mentioned above For the Status when enabled the system will discover APs in background at the time interval Default 10 minutes If any AP is discovered and Auto Add AP enabled the system will add the discovered APs into the AP List table automatically apply the selected Template of AP setting to the APs and assign available IP addresses to the APs e Discovered AP List Administrator can click Add button to register the APs to the AP List for management The Service Zone to which the APs will belong is specified here By clicking Add button the current management page is directed to AP List where the newly added APs will show up with a status of configuring It may take a couple of minutes to see the status of the newly added AP to change from configuring to online or offline Discovered AP List IP Address AP Name AP Type Template Channel MAC Address Password 98 LANP
101. gs to take effect All on line users will be disconnected during restart 23 4 1 System Configuration LANPRO LP NC1 User s Manual This section includes the following functions Configuration Wizard System Information WAN1 Configuration WAN2 amp Failover LAN Port Roles Controlled Configuration and Uncontrolled Configuration Se e a Configuration Wizard system Information _ Configuration Wizard WAIN Configuration WAH amp Failover LAH Port Roles j Controlled Configuration Uncontrolled Configuration Network Configuration System Configuration System Information WAN Configuration WAN amp Failover LAN Port Roles Controlled Configuration Uncontrolled Configuration System Configuration This wizard will guide you through basic system setup Configure system and network related parameters system name administrator information SNMP and time zone Clients will be directed to URL entered in the Home Page field after successful login Administrator may limit remote administration access to a specific IP address or network segments When enabled only devices with such IF address or from this network segment may enter system s administration web interface remotely Network Time Protocol NTP Server setting allows the system to synchronize its timefdate with external time server Configure static IP DHCP PPTP or PPPOE client on WANI port Con
102. guage Cameras Tasks Audio Devices g T kf Speech System Taskbar and User Accounts Mware Tools 2 Choose the Connections label and then click MOStEd dr Inii Setup i To set up an Internet connection click L Setup Dial up and Virtual Private Network settings Choose Settings iF you need to configure a proxy geltir server For a connection NEVE al amp Gone cir L lial Frere wet oe Mel Mork Sore Lele I Ware dial my Defaulbcornmecthan Morte Local 4rea Network LAH settings LAN Settings do nok apply to dial up connections LAM Settings Choose Settings above For dial up settings 145 LANPRO LP NC1 User s Manual 3 Click Next when Welcome to the New New Connection Wizard Connection Wizard screen appears arome to the New Connection Zar This wizard helps you Connect to the Internet Connect to a private network such as your workplace network Set up a home or small office network To continue click Next 4 Choose Connect to the Internet and then New Connection Wizard j Network Connection Type click Next What do you want to do Connect to the network at my workplace Connect to a business network using dial up or WPH so you can work from home a field office or another location Set up a home or small office network Connect to an existing home or small office network of set up anew one it Set up an advanced connection Connect directl
103. h in the HTML code must be the image file you will upload 76 LANPRO LP NC1 User s Manual lt img src images xx jpg Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login page click the Use Default Page button to restore it to default Total Capacity 512 K Now Used 0K Upload Image Files Upload linages j Erose Submit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 732engif C In LANPRO LP NC1 the end user first gets a login page when she he opens its web browser right after associating with an access point However in some situations the hotspot owners or MIS staff may want to display terms of use or announcement information before the login page Hotspot owners or MIS staff can design a new disclaimer announcement page and save the page in their local server After the agreement shown on the page is read users are asked whether they agree or disagree with the disclaimer By clicking agree users are able to log in If users choose to decline they will get a popup window saying they are unable to log in The basic d
104. he administrator in charge of the monitoring This will show up as the sender s e mail SMTP The IP address of the SMTP server Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method you select you have to enter the Account Name Password and Domain NTLMv1 is not currently available for general use 135 LANPRO LP NC1 User s Manual Plain and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express uses Login as default although they can be set to use NTLMv1 Pegasus uses CRAM MD5 or Login but can not be configured which method to use Syslog Server Settings There are 3 parts System Log On demand User Log and Session Log Enter the IP address and Port to specify which and from where the report should be sent Note When the number of a user s sessions TCP and UDP reaches the session limit specified in the policy a record will be logged to this Syslog server For more information about Session Limit please refer to Appendix H FTP Server Settings Session Log allows uploading the log file to a FTP server periodically The delivering frequency of session log to target repository can be adjusted via Interval time on E mail Notifica
105. he connection of null modem the system also supports the SSH online connection for the setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface But connecting the system by SSH we have to enter the username and password The username is admin and the default password is also admin which is the same as for the web management interface You can use this option to change the administrator s password Even if you forgot the password and are unable to log in the management interface from the web or the remote end of the SSH you can still use the null modem to connect the console management interface and set the administrator s password again Caution Although it does not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the LANPRO LP NC1 Admin username and password after logging in the system for the first time Reload factory default Choosing this option will reset the system configuration to the factory defaults Restart LANPRO LP NC1 Choosing this option will restart LANPRO LP NC1 140 LANPRO LP NC1 User s Manual Appendix B Configuration on Authorize Net Before the Credit Card and related functions can be managed appropriately LANPRO LP NC1 requires the merchant owners
106. hyperlink of Status the basic information of the AP including AP Name AP Type LAN MAC Wireless LAN MAC Up Time Report Time SSID Number of Associated Clients and Remark will be shown In the below of the AP Status Detail there are the related detailed information System Status LAN Status Wireless LAN Status Access Control Status and Associated Client Status 94 LANPRO LP NC1 User s Manual AP Status Summary AP Name NEWDEY 00004 AP Type A200 LAN MAC 00 0e e 7d tkf Wireless LAN MAC 00 0e e 7d tE Up Time day 1h 27m 215 Report Time 2006 11 30 13 26 48 SSID default Number of Associated q Clients Remark AP Status Detail System Status LAN Status Wireless LAN Status Access Control Status Associated Client Status gt System Status The table shows the information about AP Name AP Status and Last Reporting Time System Information AP Name MEWIDEY OOO02 AP Status Online Last Reporting Time 2006 06 28 10 27 37 95 LANPRO LP NCI1 User s Manual gt LAN Status The table shows the information about IP Address Subnet Mask and Gateway LAN Interface IP Address 192 168 2 2 Subnet Mask JOAO Gateway 0 0 0 0 gt Wireless LAN Status The table shows all of the related wireless information Wireless Interface Up Time 0day 15h45m485 SSID default Beacon Interval ms 100 RTS Threshold 2447 Channel ld Transmission Rate Auto Preamble Type Long Preamble IAPP Enabled Security Disable gt Access
107. ick the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active to enable that rule gt Specific Route Profile When Specific Default Route is enabled all clients applied this policy will access the Internet through this default gateway gt Maximum Concurrent Session for User Concurrent Session for each user it can be restricted by administrator 68 LANPRO LP NC1 User s Manual 4 2 3 2 Policy 1 8 Policy Configuration Select Policy Policy 1 Firewall Profile Specific Route Profile Schedule Profile Total Bandwidth Unlimited indvidual Maximum Bandwidth ee Individual Request Bandwidth 4 PP E Maxinum Concurrent Session for User w gt Select Policy Select Policy1 8 to set the Firewall Profile Specific Route Profile Schedule Profile Total Bandwidth Individual Maximum Bandwidth Individual Request Bandwidth and Maximum Concurrent Session for User Firewall Profile Define up to 10 firewall rules Specific Route Profile Define up to 10 static routes Schedule Profile Define allowed access hours Y vV V WV Total Bandwidth Define maximum bandwidth allowed of the total bandwidth shared by the users within the same policy gt Individual Maximum Bandwidth Define maximum bandwidth allowed for individual user the individual maximum bandwidth can not exceed the value of Total Bandwidth
108. ient stations Automatic recovery of APs in case of system failure System alarms and status reports on managed APs LANPRO LP NC1 User s Manual e Monitoring and Reporting Status monitoring of on line users IP based monitoring of network devices WAN connection failure alert Syslog support for diagnosing and troubleshooting User traffic history logging e Accounting and Billing Support for RADIUS accounting RADIUS VSA Vendor Specific Attributes Built in billing profiles for on demand accounts Enables session expiration control for on demand accounts by time hour and data volume MB Provides billing report on screen for on demand accounts Traffic history report in an automatic email to administrator e System Administration Multi lingual web based management Ul SSH remote management Remote firmware upgrade NTP time synchronization Backup and restore of system configuration LANPRO LP NC1 User s Manual Chapter 3 Base Installation 3 1 Hardware Installation 3 1 1 System Requirements e Standard 10 100BaseT network cables with RJ 45 connectors e All PCs need to install the TCP IP network protocol 3 1 2 Package Contents The standard package of LANPRO LP NC1 includes e LANPRO LP NC1 x 1 e CD ROM with User s Manual and QIG x 1 e Quick Installation Guide x 1 e DC 12V Power Adapter x 1 e Ethernet Cable x 1 e Console Cable x 1 Warning It is highly recommended to use all the supplies in the package instead of s
109. iguration Template Settings This discovery function is to detect the unmanaged APs within LANs sa and assign the desired IFs for the future management With the AF AP Discovery f M access information administrator is able to manually or automatically discover AP onthe selected LANs Manual Configuration Firmware Management AP Upgrade Administrators who are familiar with the new AP can set it up n Manual Configuration manually by filling in the necessary information There are three templates from the drop down box thatcan be chosen Administrators can edit template settings here These templates are Template Settings saved and can be used in Manual Configuration and AP Discovery sections This page lets administrators manage firmwares and shows each Firmware Management 3 s firmware s information with operations of download and delete This page shows each AP on name firmware version and the time previously being upgraded Administrators can choose 3 firmware version from the drop down box to upgrade APS Several AP upgrades Can be processed simultaneously by checking the upgrade boxes AP Upgrade 88 LANPRO LP NC1 User s Manual 4 3 1 AP List All of the supported APs under the management of LANPRO LP NC1 will be shown in the list At first the list is empty administrators can add APs from AP Discovery page see 4 3 2 AP Discovery for details or Manual Configuration page see 4 3
110. ine Gin Ghia a a 121 432 Backup Restore Seino oaa E EAEE E IAT E E inne 123 AS RMW are Wp era onae a esas sa sana ocean 124 Ua IR CSUAEL E E EIA AATA 125 4 6 SU ACS ses coesiccp cious sane nse ENESE ETEA E E AE E E E eee sae ees eadis 126 OE S65 es 0m 11 6 Deere ee ne ee ne ee Oe Re nC ee OnE roe ne Te 127 AG Meric StAWS acceso tic ce aicn dca cien deca dn cect E eat sas asad 129 71 yo C 10108 hc Knee Ree PERE RE Re REE ER TER SRN TERT ERD SER REESE ECE SETAE ET RED SERRE R TSE RE RRS pererer rer en errr ener 131 AOA atic HISTO sci het she oe nami a a E 132 46 5 Notification COMIC UPA NOM en ccd cede ce cta ced edcicte tad radiate eiei EE EEEE EE E 135 4 7 lel Pests isis ie ie sacs E E TRE 137 Appendix A Console Biter IC oerna E 138 Appendix B Configuration on Authorize N t sanni ninn nanen nAn a i 141 Appendix C Network Confisuration on PC resesoiririos iise EROE EEE EERE ts 145 Appendix D IPSEC VEN Terminations T NEEE E 150 Appendix E Poyo aT O O a E 156 Appendix F Appendix G Appendix H FAR 6 y Setin TOr ENEDES eee ene TO DACP REV aster vatican areca tent Sette itee ts eee ee eee Session Limit and Session 0G 2ccaceuannnannnanancnanenckonenoneuanonaieae LANPRO LP NC1 User s Manual Chapter 1 Before You Start 1 1 Preface This manual is for Hotspot owners SMBs or administrators in enterprises to set up network environment using LANPRO LP NC1 It contains step by step procedures and graphic e
111. ions Verify SSL Certificate Secure Sockets Layer a protocol developed by Netscape for transmitting private documents via the Internet SSL uses a cryptographic system that uses two keys to encrypt 61 gt gt gt LANPRO LP NC1 User s Manual data a public key known to everyone and a private or secret key known only to the recipient of the message Both Netscape Navigator and Internet Explorer support SSL and many Web sites use the protocol to obtain confidential user information such as credit card numbers By convention URLs that require an SSL connection start with https instead of http Test Mode When the test mode is enabled Try Test button can be clicked to input some information and test if the information will go through without really sending out the information and being charged MD5 Hash This feature enhances the network security when transferring customers inputted data from this gateway to the online payment system organization The hash value must be both implemented in online payment system organization and this gateway Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer Credit Card Payment Page Billing Configuration Plan Enable Disable Quota Price Enable Disable 2 hrs 0 mins 20 Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable
112. is is default login success page for users You could click preview link to preview the default login success page Thanks Preview 80 and then fill in all of the blanks You can LANPRO LP NC1 User s Manual b Choose Template Page to make a customized login success page here Click Select to pick up a color click Preview to see the result first Login Success Page Selection for Users O Default Page O Uploaded Fage Color for Title Background Color for Title Text Color for Page Background Color for Page Text Title Welcome Information Logout Information Login Time Template Page External Fage Template Page Setting oOo Select RGB values in hex mode Select RGB values in hex mode Select RGB values in hex mode Select RGB values in hex mode Login Success Page Hello Please click this button to Logout Thank you Login Time Preview Choose Uploaded Page and you can get the login success page by uploading Click the Browse button to select the file for the login success page upload Then click Submit to complete the upload process Login Success Page Selection for Users Default Page Uploaded Page File Name Existing Image Files Total Capacity 512 K Now Used 0 K Upload Images Template Page External Page Uploaded Page Setting C Upload Image Files C Preview l LANPRO LP NC1 User s Manual After the upload process i
113. l Appendix D IPSec VPN Termination LANPRO LP NC1 has equipped with IPSec VPN feature starts from released version v1 00 To fully utilize the nature supported IPSec VPN by Microsoft Windows XP SP2 with patch and Windows 2000 operating systems LANPRO LP NC1 implement IPSec VPN tunneling technology between clients windows devices and LANPRO LP NC1 itself no matter of through wired or wireless network By pushing down ActiveX to the client s Windows device from LANPRO LP NC1 no extra client software to be installed except ActiveX in which a so called clientless IPSec VPN setting is configured automatically At the end of this setup a build in IPSec VPN feature was enabled to be ready to serve once it is called to be setup The design goal is to eliminate the configuration difficulty from IPSec VPN users At the client side the IPSec VPN implementation of LANPRO LP NC1 is based on ActiveX and the built in IPSec VPN client of Windows OS Internet NSP F 4 VPN Termination IPSec Tunnel VPN Termination IPSec Tunnel 4 Iji IiI ijl Wired User Wireless User 150 LANPRO LP NC1 User s Manual 1 ActiveX component The ActiveX is a software component running inside Internet Explorer The ActiveX component can be checked by the following windows Programs Ad vanced General Security Privacy Content Connections Internet programs Manaze Add ons You can specify which p
114. mum ae A ARS Unlimited Bandwidth z _ Unlimited Individual Request Bandwidth Individual Request Bandwidth Select the bandwidth from the drop down menu It s the requested bandwidth for a user under this particular policy which cannot exceed the value for Individual Maximum Bandwidth y Configuration Select Policy Firewall Profile Specific Route Profile Schedule Profile Total Bandwidth Indnidual Maximum Bandwidth Indrvidual Request Bandwidth Maximum Concurrent Session for User The concurrent sessions for each user it can be restricted by administrator Use the drop down list to select the maximum number of concurrent sessions which is allowed to be established by each user Note For more information please refer to Appendix H Session Limit and Session Log Maxinum Concurrent Session for User 500 Ja LANPRO LP NC1 User s Manual 4 2 4 Additional Configuration In this section additional settings are provided for the administrator to the following for user management Additional Configuration Idle Timer Range 1 1440 User Control Multiple Login cRacius and On demand authentication do NOT support multiple login Logout upon closing the Login Success window d Session Timeout E hres 1440 Roaming Out Timer Idle Timeout 3 berange d 120 Interim Update e d 120 Certificate Login Page LogoutPage Login Success Page Upload File Login Success Page forOn Demand
115. n You will be secured by IPSec VPN x f Ore yog sure You Want to navigate away From this page re vou sure you want to log out Press OK to continue or Cancel to stay on the current page cae That shall all cause the termination of IPSec VPN tunneling if user chooses to click Yes The user has to log in again to regain the network access Suggestion Click Cancel if you do not intend to stop the IPSec VPN connection yet 6 Non supported OS and Browser In current version Windows Internet Explorer is the only browser supported by LANPRO LP NC1 Windows XP and Windows 2000 are the only two supported OS along with this release 155 LANPRO LP NC1 User s Manual Appendix E Proxy Setting for Hotspot HotSpot is a place such as a coffee shop hotel or a public area where provides Wi Fi service for mobile and temporary users HotSpot is usually implemented without complicated network architecture and using some proxy servers provided by Internet Service Providers Access Point p Client Computer A DSL able Moden ISF Frory Server In Hotspots users usually enable their proxy setting of the browsers such as IE and Firefox Therefore so we need to set some proxy configuration in the Gateway need to be set Please follow the steps to complete the proxy configuration 1 Login Gateway by using admin 2 Click the Network Configuration from top menu and the homepage o
116. n this section you can set the related configuration of Uncontrolled Port Uncontrolled Configuration Operation Mode NAT Router Uncontrolled IF Address 1927 160 2 254 P Subnet Wask 255 255 255 0 p Disable DHCP Server Enable DHCP Server Start IF Address 192 168 2 1 p End IF Address 1927 168 2 100 p Preferred DMS Server 1927 168 2 254 DHCP Server Alternate DNS Server Configuration Domain Mame domain WINS Serer IF Address lll Lease Time 1 Day Reserved IP Address List Enable DHCP Relay e Uncontrolled Uncontrolled Configuration Operation Mode NaT Router Uncontrolled IF Address 197 168 2754 p Subnet Wask 255 255 255 0 P Operation Mode Choose one of the two modes NAT mode and Router mode according to requirements IP Address Enter the desired IP address for the interface of the controlled port Subnet Mask Enter the desired subnet mask for the controlled port 37 LANPRO LP NC1 User s Manual e DHCP Server Configuration There are three types of DHCP server methods Disable DHCP Server Enable DHCP Server and Enable DHCP Relay 1 Disable DHCP Server Disable DHCP Server function of LANPRO LP NC1 Disable DHCP Server Enable DHCP Server Enable DHCP Relay DHCP Server Configuration 2 Enable DHCP Server Choose Enable DHCP Sever function and set the appropriate configuration for the built in DHCP server of LANPRO LP NC1 The fields with red asterisks
117. nnection status Warning of Internet Disconnection By putting at least one external URL address for system to check the internet connection possible availability continuously WAN Failover To trigger WAN2 port start to serve system s WAN traffic when WAN1 fail was detected A possible fallback of WAN traffic from WAN2 to WAN1 if WAN1 s internet connection is resumed again could be selected WAN2 amp Failover None WAN Port Static IP Address Dynamic IP Address Target URLS for detecting Internet connection URLA https www google com URLZ htp o Connection Detection URLE http E amp Failover C Enable WAN Failover Warning of Internet Disconnection When Internet connection is down the system will display the Warning Messages as sorry The service is temporarily unavailable x For Dynamic IP Address WAN Failover and Fall back to WAN1 when possible functions also can be enabled like as the functions for Static IP Address If Warning of Internet Disconnection is enabled a warning message can be entered to indicate what the system should display when Internet connection is down 32 LANPRO LP NC1 User s Manual 4 1 5 LAN Port Roles Administrators can choose which LAN port s to be Controlled port s by checking the box Each LAN port can be configured as one of two roles controlled or uncontrolled The differences of these two roles for a client connected to are Clients connect to the Cont
118. nterface Revise the AP Name Admin Password and Remark here if desired Firmware information can also be viewed here General Settings Admin Password Firmware 90 LANPRO LP NC1 User s Manual gt LAN Settings Click the hyperlink of LAN to enter the LAN Settings interface Input the data of LAN including IP address Subnet Mask and Default Gateway of AP IP Address Subnet Mask Default bateway gt need to be filled SSID SSID Broadcast Channel Transmission Mode Transmission Rate CTS Protection Fragment Threshold Properties RTS Threshold Beacon Interval ms Preamble Type IAPP Block Relay Tx Power Level Security Type Security WEP Properties LAN Settings 192 168 1 1 z 255 255 255 0 z 192 168 1 254 z Wireless LAN Click Wireless LAN to enter the Wireless interface The data of Properties and Security Wireless default Enable cc os oo a Pa on La 7 a La be J be a Ta T Cc it DJ it ho it T w w ojl ge o o w c c c c m Z c gi to x 3 a re a z a i z a z Sr T z u T a Iu tu tu w 3 a a it frm a o a T T m m A o J D o y J D D ga p 4 2 a E hl othe Ch D to E bl fs bl ta r g z amp F it eel cds Mixed vw Auto ka Disable Long Enable Default Enable Disable Default Disable not supported in versions before W1 25 100 Default 100 not supported in versions
119. of them makes the hyperlink of Radius Client List appear Local User Setting Edit Local User List Enabled Disabled RADIUS Roaming Out Local user database will be used as authentication database for roaming outusers Enabled Disabled 802 1 Authentication Local user database will be used as internal RADIUS database for 802 1 enabled LAN devices such as AP and switch RADIUS Client List 46 LANPRO LP NC1 User s Manual Click the hyperlink of Radius Client List to enter the Radius Client Configuration page Choose the desired type Disable Roaming Out or 802 1x and key in the related data and then click Apply to complete the configurations Radius Client Configuration No IP Address Segment Secret i Disable 02 1 x RADIUS Roaming Out When RADIUS Roaming Out is enabled local users can login from other domains by using their original local user accounts 802 1x Authentication 802 1x is a security standard for wired and wireless LANs It encapsulates EAP Extensible Authentication Protocol processes into Ethernet packets instead of using the protocol s native PPP Point to Point Protocol environment thus reducing some network overhead It also puts the bulk of the processing burden upon the client called a supplicant in 802 1x parlance and the authentication server such as a RADIUS letting the authenticator middleman simply pass the packets back and forth 47 LANPRO LP NC1 User s
120. om 10 2 3 112 Save i While hles from the Intemet can be usetul some tiles can potentially hatm your computer If pou do not trust the source do not save this fle whats the risk gt Delete Can be clicked to delete the current firmware 103 LANPRO LP NC1 User s Manual 4 3 6 AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware and click Apply to upgrade firmware AP List Upgraded Name Type Version y Time New Version Upgrade CETE CETE gt Upgraded Time Shows when the AP was last upgraded gt New Version Version of the firmware to upgrade the AP 104 LANPRO LP NC1 User s Manual 4 4 Network Configuration This section includes the following functions Network Address Translation Privilege List Monitor IP List Walled Garden List Proxy Server Properties and Dynamic DNS IP Mobility and VPN Configuration This section is used to set all the internet settings i System User i AP _ Configuration Authentication Management Network Configuration letwork Address Translation i eae ida aii Network Configuration m Privilege List Network Address LP MCT provides 3 types of network address translation OM Translation Demilitarized Zone Public Accessible Server and IF Port Redirect Monitor IP List s m Privilege List System provides Privilege IP Address List and Privilege MAC Address List Syst
121. omain in the Authentication Method field the button next to the drop down menu will become to NTDomain Setting Authentication Server Server 1 Server Name Sewer ets semer name Server Status Disabled Postfix Postid Its postfix name Black List Authentication Method Policy Enable VPN Termination When POP3 RADIUS LDAP or NTDomain is selected from the drop down menu the function of Enable VPN Termination will show up Check Enable VPN Termination to enable this function Click the button of NT Domain Setting for further configuration Enter the related information of the primary server and or the secondary server the secondary server is not required The blanks with red asterisks are necessary information These settings will become effective immediately after clicking the Apply button Domain Controller Transparent Login Enabled Disabled avindows 2000 2003 or above e IP address Server IP Address Enter the server IP address of the NT Domain Server e Transparent Login Enable this option for transparent user login to NT Domain login once only If the function is enabled users will log into the system automatically when they log into the Windows domain and the IP of NT Domain Server should be added into walled garden 54 LANPRO LP NC1 User s Manual 4 2 1 6 Authentication Method On demand User When the customers need to use wireless Internet service in stores they have to get printed receipts with
122. omized login and logout web pages 1 Certificate The administrator can upload new private key and customer certification Click the Browse button to select the file for the certificate upload Then click Submit to complete the upload process Upload Private Key File Name Browse Upload Customer Certificate File Name Browse Click Use Default Certificate to use the default certificate and key You just overwrote the setting with default KEY amp default CA file 74 LANPRO LP NC1 User s Manual 2 Login Page The administrator can use the default login page or get the customized login page by setting the template page uploading the page or downloading from the specific website After finishing the setting you can click Preview to see the login page a Choose Default Page to use the default login page Login Page Selection for Users Default Page C Template Page C Uploaded Page C External Page Default Page Setting This is default login page for users You could click preview link to preview the default login page Thanks Preview b Choose Template Page to make a customized login page here Click Select to pick up a color and then fill in all of the blanks Click Preview to see the result first Login Page Selection for Users Detault Page Template Page Uploaded Page External Page Template Page Setting Color for Tithe Background G Select RGB values in hex mode
123. other when VPN Client Isolation is enabled For more information about VPN Termination please see Appendix D IPSec VPN Termination IPSec VPN Termination Setting IPSec VPN Termination Enable Disable VPN Client Isolation Enable Disable IPSec Parameters Encryption DES 3 DES Integrity mos SHA 1 Diffie Hellman Groupi Group 2 Site to Site VPN Enable Site to Site VPN can create the IPSec VPN tunnel between two remote networks sites to encrypt the data transmission Click Add A New Site Entry button to set configuration about remote VPN capable devices such as a VPN gateway Click Add A Local Entry button to set configuration about local site 117 Name IP Address TPE 1 2 3 4 BJ 2 3 4 5 Local Subnet Local interface Remote VPN Gateway Remote Subnet Edit 192 166 1 0f24 192 168 2 0 WANT WANT LANPRO LP NC1 User s Manual Remote Site Configuration Pre shared Key Edit Delete Add A Remote Site Local Site Configuration Delete 1 2 34 192 168 117 024 2345 192 168 4 0 24 Click Add A Remote Site to enter the Remote VPN Gateway page for further configuration Name IP Address Authentication Method Pre shared Key Phase Proposal Diffie Hellman Group IKE Life Time Dead Peer Detection i Remote VPN Gateway Pre shared Key Encryption AES256 Authentication SHA 1 w Group 1 O Group 2 Ll Group 5 IKE Life Timel8h 5 second m minute h ho
124. ppear at the button of the receipt Billing Notice Interval While an on demand user is still logged in the system will update the billing notice of the login success page by the time interval defined here Users List Currently available user list Billing Configuration Setup different billing plans Create On demand User On demand user creation page Billing Report Summary report for on demand account usage 55 4 2 1 6 1 User List LANPRO LP NC1 User s Manual Click to enter the On demand Users List page In the On demand Users List detailed information will be shown here Y vV V WV ae On demand Users List Username Password Remain TimeVolume 2PK4 5556773 2 hour Status Expire Time Delete All 2007 05 20 Mormal Delete 09 35 53 Totalid First Previous Mext Last User detail Username Plan Total Time Volume Consumed Time olume Remain Time olume Generate time Last login Last logout Logout cause Price 2PK4 2 hour BA 2 hour 20070517 09 35 53 BA MA BA 20 Search Enter a keyword of a username to be searched in the text field and click this button to perform the search All usernames matching the keyword will be listed Username The login name of the on demand user Password The login password of the on demand user Remain Time Volume The total time Volume that the user still can use currently Status The status of the on demand account No
125. r it is activated This is the duration of time that the user can use the account after the activation of the account After this duration the account will self expire gt Price Account price The price charged for this billing plan 37 LANPRO LP NC1 User s Manual 4 2 1 6 3 Create On demand User Click this to enter the Create On demand User page Create On demand User Plan Type Price Status Function 1 2 hrs 0 mins 20 Enabled 2 NA NA Disabled 4 NA MA Disabled Pressing the Create button for the desired plan an on demand user will be created then click Printout to print a receipt which will contain this on demand user s information There are 2000 on demand user accounts available m Welcome Username 2PK4a ondemand Password SUSSe ria Price 20 Usage 2 hrs 0 mins ESSID default Valid to use until 2007 05 20 09 35 53 Thank You 58 LANPRO LP NC1 User s Manual 4 2 1 6 4 Billing Report Click this to enter the On demand users Summary report page In On demand users Summary report page the administrator can get a complete report or a report within a particular period From Year Month Day T Mvear Month Day gt Report All Click this to get a complete report including all the on demand records This report shows the total expenses and individual accounting of each plan for all plans available From v Year Month Day To _M vear Month M Day Search
126. ransaction This may be entered as either an abbreviation or full value Phone A phone number is associated with both a billing and shipping address of a transaction Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number Fax A fax number may be associated with the billing information of a transaction This number may be 64 LANPRO LP NC1 User s Manual entered as all number or contain parentheses and dashes to separate the area code and number Credit Card Payment Page Remark Content You must fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card If v Gaim CSETE gt Credit Card Payment Page Remark Content Some reminder notice that can appear in customer s credit card information page Administrator can choose to use the default credit card payment note or write a new one to suit the current circumstances better 65 LANPRO LP NC1 User s Manual 4 2 2 Black List Configuration The administrator can add delete or edit the black list for user access control System supports up to 5 Black Lists Each Black List contains up to 40 user accounts The user accounts may not access network If a user in the black list wants to log into the system the user s access will be denied The administrator can use the pull down menu to sele
127. rd MAC Remark VPN Termination Enabled Policy 1 Alice alice in land Delete Yes Policy 6 Bob 123 O4 05 11 1b2ds3a Delete Mo Policy 4 Cathy ales Delete ho Policy 2 Allen ali3s Delete Yes 45 LANPRO LP NC1 User s Manual Search Enter a keyword of a username that you want to search and click this button to perform the search All usernames matching the keyword will be listed Add User Upload User Download User Policy Username Password MAC Remark VEH Termination Enabled Policy 6 123 04 03 11 1b 2d 34 Delete D o a Mo Totali First Previous Next Last Del All This will delete all users at once Delete This will delete a specific user individually Edit User If you want to edit the content of an individual user account click the username of the desired user account to enter the User Profile page of the particular user and then modify or add any desired information such as Username Password MAC optional Policy and Remark optional Then check VPN Termination to enable this function or not Click Apply to complete the modification User Profile Username a Password Policy Enable VPN Termination RADIUS Roaming Out 802 1x Authentication When enabled local user may login to other connected external RADIUS clients This system will act as RADIUS Server for that specific external RADIUS client These 2 functions can be enabled or disabled by checking the radio buttons Checking either
128. red connection without extra hardware or client software installed 151 LANPRO LP NC1 User s Manual Hi jim tsiao l You have successtully logged in You will be secured by IPSec VPN Click ihis button to Logout Did ot HOSS Pis wit 2 Limitations The limitation of the client side due to ActiveX and Windows OS includes a Internet Connection Firewall of Windows XP or Windows XP SP1 is not compatible with IPSec protocol It shall be turned off to allow IPSec packets to pass through b Without patch ICMP Ping and PORT command of FTP can not work in Windows XP SP2 c The Forced termination through CTRL ALT DEL Task Manager of the Internet Explorer will stop the running of ActiveX It causes IPSec tunnel can t be cleared properly at client s device A reboot of client s device is needed to clear the IPSec tunnel d The crash of Windows Internet Explorer may cause the same result 32 LANPRO LP NC1 User s Manual 3 Internet Connection Firewall In Windows XP and Windows XP SP1 the Internet Connection Firewall is not compatible with IPSec Internet Connection Firewall will drop packets from tunneling of IPSec VPN F Ethernet Properties Ethernet Status y beat oer ET General Authentication Advanced General Support aces er Internet Connection Firewall Status Connected Protect my computer and network By limiting or preventing
129. register ID Username or e mail for the DNS provider Password Key The register password for the DNS provider The fields with red asterisks are necessary to fill in 115 LANPRO LP NC1 User s Manual 4 4 7 IP Mobility LANPRO LP NC1 supports IP PNP function When enabled IP PNP PC with static IP address will access the network properly When disabled the feature PC with static IP address cannot access network if IP address is in the predefined IP range IP Mobility IP PNP O Enable Disable 116 LANPRO LP NC1 User s Manual 4 4 8 VPN Configuration Virtual Private Network or VPN a type of technology designed to increase the security of information transferred over the Internet VPN can work with either wired or wireless networks as well as with dial up connections over POPS VPN creates a private encrypted tunnel from the end user s computer through the local wireless network through the Internet all the way to the corporate servers and database There are two types of VPN connection supported in the system including VPN Termination and Site to Site VPN VPN Configuration VPN Termination Site to Site VPN VPN Termination It allows the system to create the VPN tunnel between a user s device and LANPRO LP NC1 to encrypt the data transmission Only when this function is enabled here do users of the entire system are able to use VPN Termination In addition VPN Termination users can be isolated from each
130. renew the current users list Current Users List Username Pkts In Bytes In Location tem Idle IP MAC Pkts Out Bytes Out Kick Out 4a 35526 16813150 PA 1 0 192 168 1 148 00 061BE DO 90 37 54418 15360833 Logout 131 LANPRO LP NC1 User s Manual 4 6 4 Traffic History This function is used to check the history of LANPRO LP NC1 The history of each day will be saved separately in the DRAM for 3 days Sorted by time the traffic history provides all login and logout activity of specific date Other information includes User Name IP address MAC address In bound Packet Count Out bound Packet Count In bound Byte Count and out bound Byte Count Traffic History Date Size Byte 2007 04 13 65 On demand User Log Date Size Byte 2007 09 13 105 Roaming Out Traffic History Date Size Byte 2007 08 13 106 Roaming In Traffic History Date Size Byte 2007 09 13 112 Caution Since the history is saved in the DRAM if you need to restart the system and also keep the history then please manually copy and save the information before restarting 132 LANPRO LP NC1 User s Manual If the History Email has been entered under the Notify Configuration page then the system will automatically send out the history information to that email address Traffic History As shown in the following figure each line is a traffic history record consisting of 9 fields Date Type Name IP MAC Pkts In Bytes In Pkts Out and Bytes
131. rivilege MAC addresses at most If you want to manually create the list enter the MAC address the format is xx xx xx xx Xx xx aS well as the remark not necessary These settings will become effective immediately after clicking Apply Privilege MAC Address List tem MAC Address Remark Warning Permitting specific MAC addresses to have network access rights without going through standard authentication process at the controlled port may cause security problems 110 LANPRO LP NC1 User s Manual 4 4 3 Monitor IP List Administrators can input IPs to monitor their status After inputting the desired IPs to be monitored click Monitor button and a new page will show which IPs are unreachable red dot and which are reachable and alive green dot The administrator can setup the report emails for Monitor IP List This system will periodically Ping the specified IPs and send out the emails After entering the related information click Apply and these settings will become effective immediately When the monitored devices have built in Web servers and connect to the LAN interfaces operating under NAT mode they can be accessed by the hyperlink of theirs IP addresses To add the monitored IP addresses as hyperlink accessible mode by clicking Add button in Link column Monitor IP List tem Protocol IPAddress Link Item Protocol IPAddress Link 192 168 2201 2 Ea 3 5 7 i g 10 17 hip C Add 186 http e
132. rmal indicates that the account is not in use and not overdue Online indicates that the account is in use and not overdue Expire indicates that the account is overdue and cannot be used Expire Time The expiration time of the account Delete All This will delete all users at once Delete This will delete a specific user individually 56 4 2 1 6 2 Billing Configuration LANPRO LP NC1 User s Manual Click this to enter the Billing Configuration page In the Billing Configuration page the administrator may configure up to 10 plans Billing Configuration Plan Status Type volume Moyte Enabled 2 Disabled Time 2 hours o mins Volume Mbyte Enabled fain Disabled ina ene mins gt Plan The ID of a specific billing configuration gt Status Select to enable or disable this plan Expired info Ean Price 3 days 0 hours oe days St a hours a gt Type Quota type time or data volume Set the billing plan by Volume the maximum volume allowed is 9999999 Mbytes or Time the maximum time allowed is 999 hours and 59 minutes gt Expired info A period of time in which the account must be activated after it is created This is the duration of time that the user needs to activate the account after the generation of the account If the account is not activated during this duration the account will self expire gt Valid Duration Account life time afte
133. rogram Windows aubomatically uses For oY each Internet service View and manage add ons that are installed on your computer Disabling or deleting add ons might pieveni some webpages from working comecthy HTML editor Microsoft Wond a a E malli Micuesoft Outlook wl Show Add ons that have heen used by Intent E kpdores my Newsoroups Micii Outlook Internet Call Nethfeeting Name Publisher status Type File A gt TeCatch5 Class Not verified FlashGet Enabled Browser Helper Object jecatch Calendar bata n I BjtevaPmein 1 60 01 Sun Miccosystems Inc Enabled ActiveX Control sev all Contact List Minsi Delak a RealPlayer G2 Control RealNetworks Ine Enabled Activex Control moc 4 pean hAssistantOic Microsoft Corporation Enabled ActiveX Control shdocy Default web browser X Shockwave Flash Object Enabled Browser Helper Object appheh LB Shockwave Flash Object Adobe systems Incorporated Enabled ActweX Control Flashot Internet Explorer is the default web browser b sdl VPNClient Digital Data Cai tions Enabled Aiia Control VPNCI Tell me F Internet Explorer is not the default web browser N C Sara 5 aeania s wmpd Manage add ons S Windows Media Pleyer Microspft C egal Enabled ActiveX Control wimpy 3 Windows Messenger Enabled Browser Extension gt Ta eeri Piht jraiirkr
134. rolled Port that need authentication to access the network Clients connect to Uncontrolled Port that dont need authentication to access the network and can also access the web management interface without Remote Management IP configuration LAN Fort Role Setting Check the box if the LAN ports need to be controlled d C d d LAM 5 LAN 6 LAN T LAH amp LAN Fort Assignment LAN 1 LAN 2 LAN 3 LAN 4 33 LANPRO LP NC1 User s Manual 4 1 6 Controlled Configuration The clients of Controlled Port can access the network without authentication first In this section you can set the related configuration of Controlled Port Controlled Configuration Operation Mode NAT Router Controlled IF Address 192 168 1 254 Subnet Mask 255 255 255 0 Disable DHCP Server Enable DHCP Server Start IP Address End IP Address Preferred ONS Server DHCP Server Alternate DMS Server Configuration Domain Mame damain WINS Server IF Address lll Lease Time 1Day Reserved IP Address List Enable DHCP Relay e Controlled Controlled Configuration Operation Mode NAT Router Controlled IF Address 192 168 1 254 Subnet Wask 255 255 255 0 P Operation Mode Choose one of the two modes NAT mode and Router mode according to requirements IP Address Enter the desired IP address for the interface of the controlled port Subnet Mask Enter the desired subnet mask for the controlled port
135. rts Destination IP Address The destination IP address of the host or the network Destination Subnet Netmask Select a destination subnet netmask of the host or the network Gateway IP Address The IP address of the gateway or the router to the destination Schedule Profile Click the button of Setting for Schedule Profile to enter the Schedule Profile list Select Enable to show the list This function is used to restrict the time for users to log in Please enable disable the desired time slot and click Apply to save the settings These settings will become effective immediately after clicking the Apply button Enabled Disabled HOUR 00 00 00 54 01 00 01 59 02 00 02 59 03 00 03 59 04 00 04 59 05 00 05 59 06 00 06 59 Total Bandwidth Select the bandwidth from the drop down menu It s the total bandwidth the users under this particular policy need to share Total Bandwidth hmndividual Maximum Bandwidth Individual Request Bandwidth Policy 1 Login Schedule Profile SUN MON TUE WED THU FR SAT I fl K fl I lt sl I lt sl I lt sl K sl I lt sl Unlimited Wrlimited 71 LANPRO LP NC1 User s Manual Individual Maximum Bandwidth Select the bandwidth from the drop down menu It s the most bandwidth an individual user can obtain under this particular policy which cannot exceed the value for Total Bandwidth Total Bandwidth Unlimited individual Maxi
136. ry server is not required The blanks with red asterisks are necessary information These settings will become effective immediately after clicking the Apply button 49 LANPRO LP NC1 User s Manual RADIUS Setting Enabled Disabled RADIUS Client List 027 1 Authentication Username Format Complete e g userd company com Only ID e g usert Primary RADIUS Server IP Address OOOO on Name lP Address Authentication Port Default 1812 Ni Accounting Port Default 1812 Secret Key Accounting Service Enabled Disabled Authentication Protocol PAP E Secondary RADIUS Server IP Address See ea NameslP Address Authentication Port Accounting Port Secret Key Accounting Service Enabled Disabled Authentication Protocol 802 1x Authentication When enabled please click to edit RADIUS Client List RADIUS Client List Configure RADIUS clients and secret key Local user may login to any of the listed RADIUS clients as long as the RADIUS clients are configured accordingly Username Format When Complete option is checked both the username and postfix will be transferred to the RADIUS server for authentication On the other hand when Only ID option is checked only the username will be transferred to the external RADIUS server for authentication NASID The Network Access Server NAS Identifier of this system for the external RADIUS server IP Address IP address of the extern
137. s Manual e Add User Click this to enter the Add User interface Fill in the necessary information such as Username Password MAC optional and Remark optional Select a desired Policy check whether to enable VPN Termination Add User tem Username Password MAC Policy Remark a eee Termination 1 ale ee OOOO Poort rra 2 Boo eee __ oeoa1ianze Porwe 3 caty si Povey _ C ID ID i C1 sC IO JD eE sC J JL dite wl sid 7 a _Jii gt _ oC J JD Ji wL_ V JL JL S wdie id of JO JO a 1 Click Apply to save all the settings after finishing to add users H UO K w N Wiser Alice has been added User Bob has been added User Cathy has been added Aiki User MAC VPN meme rene enue pony Heak Termination C ACO O a l EC i ie d O a y at Eoo E iee l a tem Username Password bh Lo 43 LANPRO LP NC1 User s Manual Upload User Click this to enter the Upload User interface Click the Browse button to select the text file for uploading the user accounts Then click Submit to complete the upload process Note 1 The format of each line is ID Password MAC Policy Remark IPSec without the quotes There must be no space between the fields and commas The MAC field could be omitted but the trailing comma must be retained When adding user accounts by uploading a file existing accounts inthe embedded database that are also defined in the data fil
138. s completed the new login success page can be previewed by clicking Preview button at the bottom lf the user defined login success page includes an image file the image file path in the HTML code must be the image file you will upload lt img src Images xx pq Then enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login success page click the Use Default Page button to restore it to default Total Capacity 512 K Now Used 0K Upload liiage Files Upload linages if Browse SUT After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548_732en git C d Choose the External Page selection and you can get the login success page e from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new login success page can be previewed by clicking Preview button at the bottom of this page Login Success Page Selection for Users Default Page O Template Page O Uploaded Fage External Fage External Page Setting External URL http 82 LANPRO LP NC1 User s Manual 5 Login Succe
139. s public access servers the devices can be accessed by clicking the hypertext Up to 20 hosts URL could be defined in Walled Garden List Clients may access these URL without authentication LP NC1 supports up to 10 external proxy servers System can redirect traffic to external proxy server into builtin proxy server LP NC1 supports dynamic DNS DDNS feature System supports IP PNP Configuration VPN Termination an IPSec tunnel can be established between the system and the clientlocated at the LAN side Site to Site YPN an IPSec tunnel can be constructed to be used to connectto other IPSec capable device over the Internet LANPRO LP NC1 User s Manual Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will appear tem 10 Server IP Built in Proxy Server External Proxy Server Port Internal Proxy Server Enabled Disabled Add your proxy Server IP and Port into External Proxy Server Setting 160 LANPRO LP NC1 User s Manual External Proxy Server tem Server IP Port 10 2 3 230 6585 Internal Proxy Server Built in Proxy Server Enabled Disabled 5 Disable Built in Proxy Server in Internal Proxy Server Setting External Proxy Server tem Server IP Port 10 2 3 230 6588 Internal Proxy Server Built in Proxy Server O Enabled Disabled 6 Click Apply to save the settings Warning If your proxy server is disabled it will
140. sage System response Common messages are reject accept idle time out session time out etc Roaming In Traffic History As shown in the following figure each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserlIP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming In Traffic History 2005 03 22 Date Type Name NASID NASIP NASPort UserMAC UserlP SessionID SessionTime Bytes In Bytes Out Pkts In Pkts Out Message v V Y YV VV VV NV V V V Date Record time date Type Record type Authentication Accept Reject Account Expire Redeem etc Name Roaming Out user name NASID System ID usually MAC address of WAN port of this system NASIP The IP address of the RADIUS server NASPort The port number of remote RADIUS server UserMAC User MAC address SessionlD Session ID usually the time stamp SessionTime Session length in seconds Bytes In Out Byte count for in bound and outbound traffic Pkts In Out Packet count for inbound and outbound traffic Message System response Common messages are reject accept idle time out session time out etc 134 LANPRO LP NC1 User s Manual 4 6 5 Notification Configuration The system supports to send notification emails of Monitor IP Report Users Log Guest User Log Session Log and AP Status Change to email accounts automatically The noti
141. side Site to Site YPN an IPSec tunnel can be constructed to be used to connectto other IPSec capable device over the Internet Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will 156 LANPRO LP NC1 User s Manual Built in Proxy Server Enabled Disabled 4 Add the ISP s proxy Server IP and Port into External Proxy Server Setting Server IP 4 uza aa 6588 a 2 os Cea Ca EORR ee ee eee Built in Proxy Server O Enabled Disabled 157 5 Enable Built in Proxy Server in Internal Proxy Server Setting tem Click Apply to save the settings External Proxy Server Server IP 10 2 3 230 Internal Proxy Server Enabled Disabled Built in Proxy Server LANPRO LP NC I User s Manual 158 LANPRO LP NC1 User s Manual Appendix F Proxy Setting for Enterprise Enterprises usually isolate their intranet and internet by using more elaborated network architecture Many enterprises have their own proxy server which is usually at intranet or DMZ under the firewall protection F Router Gateway Ga U ore Switch p y SL 2 Switch Access Point Access Point 9 Notebook Notebook O Prozy Server Web Server Mall Server DMZ In enterprises network managers or MIS staff may often ask their users to enable their proxy setting of the browsers such as IE and Firefox to reduce the internet access loading
142. sks are required to be filled in There is a Dial on Demand function under PPTP If this function is enabled a Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself WAN Configuration Static IP Address Dynamic IP Address PPPoE Client PPTP Client Type PPTP Server IP WAN1 Port Lisername Password FPTF Connection ID Marme Dial on Demand Static DHCP E Enabled Disabled 30 LANPRO LP NC1 User s Manual 4 1 4 WAN2 amp Failover Except selecting None to disable WAN2 port there are 2 connection types for the WAN2 port Static IP Address and Dynamic IP Address The probe target supports up to three URLs Check Warning of Internet Disconnection to work with the WAN Failover function When Warning of Internet Disconnection is enabled the system will check the three URLs to detect the WAN ports connection status e None The WAN2 Port is disabled The probe target of up to three URLs can still be entered Check Warning of Internet Disconnection to detect the WAN1 port connection status WANZ2 amp Failover None WAN2 Port Static IP Address O Dynamic IF Address Target URLs for detecting Internet connection URLA http URL htt o Connection Detection 3 URLS https o Failover Warning of Internet Disconnection When Internet connection is down the system will display the warning messag
143. ss Page for On Demand The administrator can use the default login success page for On Demand or get the customized login success page for On Demand by setting the template page uploading the page or using the external website After finishing the setting you can click Preview to see the login success page for On Demand a Choose Default Page to use the default login success page for On Demand Login Success Page Selection for on demand Users Default Page Uploaded Page Template Page External Page Default Page Setting This is default login success page for on demand users You could click preview link to preview the default login success page Thanks Preview b Choose Template Page to make a customized login success page for On Demand here Click Select to pick up a color and then fill in all of the blanks You can click Preview to see the result first Login Success Page Selection for on demand Users Default Page Uploaded Page Color for Tithe Background Color for Tithe Text Color for Page Background Color for Page Text Title Welcome Information Logout Information Remaining Usage Day Hour Min Sec Login Time Redeem Template Page External Page Template Page Setting Select RGB values in hex mode Select RGB values in hex mode Select RGB values in hex mode JUUL Select RGB values in hex mode Login Success Page for on demand Please click this button to
144. ssary information After getting an Authorize Net account set the following configuration in Credit Card Configuration of LANPRO LP NC1 Credit Card General Configuration Credit Card Payment Enable Disable gt Credit Card General Configuration Credit Card Payment Enable or disable credit card payment as a method for customers to purchase on demand accounts Credit Card Configuration Credit Card General Configuration Credit Card Payment Enable Disable Credit Card Payment Page Configuration Merchant Login ID Merchant Transaction Key Payment Gateway URL ss hitps secure authorize netgatewayitransact dll Verify SSL Certificate Enable Disable Test Mode O Enable Disable Try Test MD5 Hash O Enable Disable Service Disclaimer Content We may collect and store the following personal Ai information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us al gt Credit Card Payment Page Configuration Merchant Login ID Administrator needs this ID from the online payment system organization before cooperating with each other in transactions Merchant Transaction Key Administrator needs this key from the online payment system organization before cooperating with each other in transactions Payment Gateway URL The URL of the online payment system organization in order to process the transact
145. system is deployed at Hotspot or corporate meeting rooms User Name operator Password operator operator o is User Name Big ew The administrator can change the passwords here Please enter all the required fields with red asterisks if changing the password is desired Click Apply to activate this new password Caution If the administrator s password is lost the administrator s password still can be changed through the text mode management interface on the serial port Passwords is allowed to set by using number 0 9 alphabets a z or A Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed All accounts and passwords have default value Please consult your user guide for default password 22 LANPRO LP NC1 User s Manual 4 5 2 Backup Restore Settings This function is used to backup restore the settings of LANPRO LP NC1 Also LANPRO LP NC1 can be reset to the factory default settings here Backup current system settings Restore system settings flename Te Reset to the factory default settings e Backup current system settings Click Backup to create a db database backup file and save it on disk File Download x Do wou Want to open or save this file Dl Hame 20050303 db Type Data Base File From 10 2 3 70 we sme C M Always ask before opening this type of file harm your computer IF pou do not trust the source do not op
146. t which supports automatic crossover If after the AP hardware resets the LANPRO LP NC1 could not be able to connect to the AP while connecting with a straight cable the user have to pull out and plug in the straight cable again This scenario does NOT occur while using a crossover cable After the hardware of LANPRO LP NC 1 is installed completely the system is ready to be configured in the following sections LANPRO LP NC1 User s Manual 3 2 Software Configuration 3 2 1 Quick Configuration There are two ways to configure the system using Configuration Wizard or changing the setting by demands manually The Configuration Wizard has 6 steps providing a simple and easy way to guide you through the setup of LANPRO LP NC1 Follow the procedures and instructions given by the Wizard to enter the required information step by step After saving and restarting LANPRO LP NC1 it is ready to use There will be 6 steps as listed below 1 Change Admin s Password Choose System s Time Zone Set System Information Select the Connection Type for WAN Port set Authentication Methods Save and Restart LANPRO LP NC1 eo O N Please follow the following steps to complete the quick configuration 1 Use the network cable of the 10 100BaseT to connect a PC to the uncontrolled port and then open a browser such as Microsoft IE 6 0 or Firefox Next enter the gateway IP address as the web management interface s URL the default gatew
147. tication Type Bath Security Type Disable W 802 1 Authentication WEP Authentication Type Both Security Radius Server IP a SORIK Port 1812 Secret WEP WEP uses an encryption key that automatically encrypts outgoing wireless data On the receiving side the same encryption key enables the computer to automatically decrypt the information so it can be read Select Authentication Type Open System Shared Key or Both Key Length 64 bits or 128 bits Key Index Key1 Key4 and then input the Key Check 802 1x Authentication to enable this function and enter the related data if necessary 92 LANPRO LP NC1 User s Manual Security Type AEF M 902 1 Authentication Authentication Type Both Key Length 64 bits Key Format ESCI key Index Ke WEP keyi key Security keya key02 keyi key03 Keyed keyns Radius Server IF 02 1 Pott IBE Secret WPA WPA is Wi Fi s encryption method that protects unauthorized network access by verifying network users through a server Select 802 1x or WPA PSK security type and enter the related information below Security Type AFA bi WPA PSK Security f _ WEA SH Passphrase PSk TKIP Passphrase Secuinnty Type WFA 5021x Radius Server Security IP ee Port IBE Secret WPA2 Wi Fi Protected Access version 2 The follow on security method to WPA for Wi Fi networks that provides stronger data protection and network
148. tion Configuration gt Session Log Log each connection created by users and tracking the source IP Port and destination IP Port 136 LANPRO LP NC1 User s Manual 4 7 Help On the screen the Help button is on the upper right corner Click Help to the Online Help window and then click the hyperlink of the items to get the information Online Help Overview system Configuration System Information WAN Configuration WAN2 amp Failover LAN Port Roles Controlled Configuration Uncontrolled Configuration User Authentication Authentication Configuration Authentication Server Configuration Local User Setting POPS Configuration RADIUS Configuration LDAP Configuration NT Domain Configuration On demand User Server Configuration Billing Configuration Credit Card Configuration 137 LANPRO LP NC1 User s Manual Appendix A Console Interface Via this port to enter the console interface for the administrator to handle the problems and situations occurred during operation 1 To connect the console port of LANPRO LP NC1 you 2 need a console modem cable and a terminal Port Settings simulation program such as the Hyper Terminal 2 If you use Hyper Terminal please set the parameters Bits per second 9600 as 9600 8 n 1 Data bits e Parity None TA E Flow contral None Restore Defaults Caution the main console is a menu driven text interface with dialog boxes Please use arrow k
149. to have a valid Authorize Net www authorize net account since Authorize Net is the on line payment gateway that LANPRO LP NC1 supports now The figure below shows the process of the credit card billing and we will introduce some important procedures for configurations on Authorize Net MERCHANT S BUSI INESS 4 il INTERNET CUSTOMER ip Authorize Ne MERCHANT S BANK ACCOUNT MERCHANT S BANK gy ee BANK S PROCESSOR sy CARD INTERCHANGE 1 Setting Up 1 1 Open Accounts As shown in the above figure four elements are needed to begin an on line business Element Description LANPRO LP NC1 has built in web pages to present to end users to use credit E COMMERCE WEB SITE i cards INTERNET MERCHANT A type of bank account that allows a business to accept Internet credit card ACCOUNT PAYMENT GATEWAY An Authorize Net account is the type of account that is supported by LANPRO ACCOUNT LP NC1 CONNECTION METHOD LANPRO LP NC1 will take care of the communication with the Authorize Net 141 LANPRO LP NC1 User s Manual Therefore to set uo LANPRO LP NC1 to process credit card billing the merchant owner will need two accounts Internet Merchant account and Authorize Net account If you are looking for a merchant account or Internet payment gateway to process transactions you can fill out the Inquiry Form on http www authorize net solutions merchantsolutions merchantinquiryform When the four elements ar
150. tory can be logged in the system volatile mernvory The system can send various reports via upto 3 email accounts such as Monitor IP report Users log and Session Log The external SYSLOG semer and FTP server are configured here External SYSLOG serveris configured here 126 4 6 1 System Status LANPRO LP NC1 User s Manual This page displays all important system network and user account configurations It also shows the WAN connection status and system time System Status Current Firmware Version Build System Name Home Page Syslog server Tratfic History Syslog server On demand User log Proxy Server Friendly Logout Warning of Internet Disconnection WAN Failover Remote Management IP Management SNMP Retained Days History Email To NTP Server Time Date Time dle Timer User Multiple Login Preferred DNS Server DNS Alternate DNS Server 1 00 00 o0200 LP MC1 http iew lan products com BAMIA BAMIA Disabled Enabled Disabled Disabled 0 0 0 0 0 0 0 0 Disabled 3 days MA BIA BIA tock usno navy mil 2007 0913 05 53 56 0400 10 Minis Disabled 1668 95 11 cipherium com tw 127 LANPRO LP NCI1 User s Manual The description of the table is as follows Current Firmware Version The present firmware version of LANPRO LP NC1 System Name The system name The default is LANPRO LP NC1 The page to which the users are directed after initial login Home Page SUCCESS yt ee The IP address an
151. trator can define mandatory external to internal IP mapping hence a user on WAN side network can access the private machine by accessing the external IP Choose to enable Automatic WAN IP Assignment by checking the Enable check box and enter the Internal IP address When Automatic WAN IP Address function is enabled accessing WAN1 will be mapped to access the Internal IP Address For Static Assignments enter Internal and External IP Addresses as a set and choose to use WAN1 or WAN2 for the External Interface from the drop down menu These settings will become effective immediately after clicking the Apply button Automatic WAN IP Assignment Enable External IP Address External Interface Internal IP Address c 10 29 2 204 WANI E Static Assignments tem External IP Address External Interface Internal IP Address 2 Pe gt E E we s E N 1 s OE o OE o C Total 40 First a Fy ou wn ES re 106 LANPRO LP NC1 User s Manual Public Accessible Server In this function the administrator can set 40 virtual servers at most so that the computers not belonging to the managed network can access the servers in the managed network via WAN1 port IP of LANPRO LP NC1 Please enter the External Service Port Local Server IP Address and Local Server Port According to the different services provided the network service can use the TCP protocol or the UDP protocol In the Enable column check the
152. ubmit After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file Existing Image Files 1102474548 _732en gif C 86 LANPRO LP NC1 User s Manual d Choose the External Page selection and you can get the logout success page from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new logout success page can be previewed by clicking Preview button at the bottom of this page Logout Success Page Selection for Users Default Page Template Page Uploaded Page External Page External Page Setting External URL http 87 LANPRO LP NC1 User s Manual 4 3 AP Management This section includes the following functions AP List AP Discovery Manual Configuration Template Settings Firmware Management and AP Upgrade This section is used to manage the APs Besides the various attributes of APs there are different functions provided for various configurations lt System oN z E i ET j Feuer A Configuration j i 2 Configuration AP Management AP List L AP Management AP Discovery 7 The list shows the current AP summary including type name IP MAC AP List and online status It also provides the operations for each AP on reboot enable disable delete apply a new template and to do further examination or detailed conf
153. ubstituting any components by other suppliers to guarantee best performance LANPRO LP NC1 User s Manual 3 1 3 Panel Function Descriptions Front Panel LANPRO LP NC1 2 1 2 3 4 6 6 Ff B oO oO 0 0 G OO 8 Oo LII O POWER o I WAN LAN e LED There are four kinds of LED Power Status WAN and LAN to indicate different status of the system WAN1 WAN2 The two WAN ports are connected to a network which is not managed by the LANPRO LP NC1 system and this port can be used to connect the ATU Router of the ADSL the port of a cable modem or a switch or a hub on the LAN of a company e LAN1 LAN8 Clients machines connect to LANPRO LP NC1 via LAN ports Each LAN port can be configured to one of the two roles controlled or uncontrolled The differences of these two roles for a client connected to are gt Clients connected to the controlled port need to be authenticated to access network gt Clients connected to uncontrolled port don t need to be authenticated to access network and can access the web management interface Rear Panel e Reset Press this button to restart the system e Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsofts HyperTerminal to login to the configuration console interface to change admin password or monitor system status etc e DC 12V The power adapter attaches here LANPRO LP NC1 User s Manu
154. ully logged in You will be secured by IPSec VPN lick this button to Logout Dio m l Hose Pas window Reasons may cause the Internet Explorer to stop the ActiveX unexpectedly as followings a Thecrash of Internet Explorer on running ActiveX Suggestion Please reboot client s computer once Windows service is resumed go through the login process again b Terminate the Internet Explorer Task from Windows Task Manager Suggestion Don t terminate this VPN task of Internet Explorer EI Windows Task Manager Seles Fie Wptions View Windows Help Applications Processes Performance Networking Task Status w untitled Paint Running ry REE Signs privabetloginpages yprn_ main shk Running HA WINDOWS Systemseicmd exe Running End Task Swikch To Processes 47 CPU Usage O Commit Charge 295466 l 64151 154 LANPRO LP NC1 User s Manual c There are some cases of Windows messages by which LANPRO LP NC1 will hint current user to 1 Close the Windows Internet Explorer 2 Click logout button on login success page 3 Click back or refresh of the same Internet Explorer 4 Enter new URL in the same Internet Explorer 5 Open a URL from the other application e g email of Outlook that occupies this existing Internet Explorer Hi jim hsiao You have successfully logged i
155. ur d day DPD Delay 10 i fs econ DPD Timeout 15 cn Remote Subnet Mask 255 255 255 255 32 W Click Add A Local Site to enter the Site Information page for further configuration of local site 118 Local Interface Site Information Remote Gateway IP Address Local Subnet Remote Subnet Phase Proposal Key Life Time Rekey Perfect Forward Secrecy fin prefis notation xx aya Encryption AES256 Authenticatian SHAT Key Life Time 24n fsseecond m minute hihour didai C Enable Rekey Rekey Margin 8m o secondi Enable FFS PFS GroupMODP1024 Click NEW to enter the screen of Remote VPN Gateway Name IP Address Authentication Method Pre shared Key Phase Proposal Diffie Hellman Group IKE Life Time Dead Peer Detection Remote VPN Gateway Pre shared Key Encryption AES256 Authentication SHA 1 w J Group 1 D Group 2 Cl Group 5 IKE Life Timel8h Ss second mi minute K hour d day DPD Delay 10 i secon DPD Timeout 15 i ssid second Remote Subnet Mo Metwork Wask 1 OoOo 255 255 255 255 32 2 OoOo 255 255 255 255 32 T C4 4 OoOo 255 255 255 255 32 5 OoOo 255 255 255 255 32 LANPRO LP NC I User s Manual 119 4 5 Utilities LANPRO LP NC1 User s Manual This section provides functions for modifying user s Password file of Backup Restore system Firmware Upgrade and Restart service System Configuration Change
156. urity management the system will match the proxy setting of External Proxy Server list to the clients proxy setting when clients have proxy setting in their browsers If there is no matching the clients will not be able to get the login page and then unable to access the network If there is a matching then the clients will be directed to the system first for authentication After successful authentication the clients will be redirected back to the desired proxy servers e Internal Proxy Server LANPRO LP NC1 has a built in proxy server If this function is enabled the clients will be forced to treat LANPRO LP NC1 as the proxy server regardless of the clients original proxy settings For more details about how to set up the proxy servers please refer to Appendix E and F 114 LANPRO LP NC1 User s Manual 4 4 6 Dynamic DNS System provides a convenient DNS function to translate the IP address of WAN port to a domain name that helps the administrator memorize and connect to WAN port If the DHCP is activated at WAN port this function will also update the newest IP address regularly to the DNS server These settings will become effective immediately after clicking Apply Dynamic DNS DONS Enabled Disabled Host name o Username E mail E Password Key DDNS Choose to enable or disable this function Provider Select the DNS provider Host name The IP address domain name of the WAN port Username E mail The
157. usernames and passwords from the store to log in the system for wireless access There are 2000 On demand User accounts available On demand User Server Configuration Server Status Enabled Postfix ondemand _ zieg ondemand bax 40 char Receipt Header 1 WWelcome ceg Weleamels Receipt Header 2 Receipt Footer Thank oul lina Thank ouh i none O Susp O foar FEUR Monetary Unit z Ka Cinput otherdesired monetan Unit e g AU Policy Name Policy 1 M WLAN ESSID default TERETE NIR Wireless Key Remark for customer Billing Notice Interval 10mins 15mins 20mins Users List Billing Configuration Create On demand User Billing Report Creditcard Server Status The status shows that the server is enabled or disabled Postfix Set a postfix that is easy to identify e g Local for the server by using numbers 0 9 alphabets a z or A Z dash underline _ and dot with a maximum of 40 characters all other letters are not allowed Receipt Header There are two fields Receipt Header 1 and Receipt Header 2 for the receipt s header Enter receipt header message or use the default Receipt Footer Enter receipt footer message here or use the default Monetary Unit Select or enter the desired monetary unit Policy Name Select a policy for the on demand user WLAN ESSID Enter the ESSID of APs Wireless Key Enter the Wireless key of APs Remark Enter any additional information that will a
158. ver Configuration Users List Click Delete on the record with the account name 2 3 Find the Username and Password for A Specific Customer Please log in Authorize Net Click Unsettled Transactions Try to locate the specific transaction record on the List of Unsettled Transactions gt Click the Trans ID number gt Click Show Itemized Order Information in the Order Information section gt Username and Password can be found in the Item Description 143 LANPRO LP NC1 User s Manual 2 4 Send An Email Receipt to A Customer If a valid email address is provided LANPRO LP NC1 will automatically send the customer an email receipt for each successful transaction via Authorize Net To change the information on the receipt for customer please log in LANPRO LP NC1 User Authentication gt Authentication Configuration Click the server On demand User gt On demand User Server Configuration Credit Card gt Credit Card Configuration Client s Purchasing Record gt Type in information in the text boxes E mail Header and Description gt Confirm and click Apply 2 5 Send An Email Receipt for Each Transaction to The Merchant Owner To configure the contact person who will receive a receipt for each transaction please log in Authorize Net Click Settings and Profile gt Go to the General section gt click Manage Contacts click Add New Contact to Enter necessar
159. web etc Enable this Rule After checking this function the rule will be enabled Action There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing Protocol There are three protocols to select TCP UDP and ICMP or choose ALL to use all three protocols Source MAC Address The MAC address of the source IP address This is for specific MAC address filter IPSec Traffic Check the check box will only filter the traffic with IPSec Source Destination Interface There are four interfaces to choose ALL WAN1 WAN2 Controlled Port and Uncontrolled Port Source Destination IP Enter the source and destination IP addresses Source Destination Subnet Mask Enter the source and destination subnet masks Source Destination Start End Port Enter the range of source and destination ports e Specific Route Profile Click the button of Setting for Specific Route Profile the Specific Default Route and Specific Route Profile page will appear 70 LANPRO LP NC1 User s Manual Policy 1 Specific Default Route Enable Default Gateway P Address a E Route tem Specific Default Route V v WV gt Policy 1 Specific Route Profile Destination Gateway IP Address Subnet Netmask IP Address E S S Enable Click to enable the setting of specific default route Default Gateway There are 3 methods of the default gateway that Specific Default Route suppo
160. xamples to guide MIS staff or individuals with slight network system knowledge to complete the installation 1 2 Document Convention For any caution or warning that requires special attention of readers a highlight box with the eye catching italic font is used as below Warning For security purposes you should immediately change the Administrator s password Indicates that clicking this button will return to the homepage of this section Indicates that clicking this button will return to the previous page PEALI Indicates that clicking this button will apply all of your settings D Indicates that clicking this button will clear all inouts before clicking Apply button LANPRO LP NC1 User s Manual Chapter 2 System Overview 2 1 Introduction of LANPRO LP NC1 LANPRO LP NC1 is a Network Access Controller specially designed for the small scaled wireless wired network management and access control The major functional areas include user management access control AP management and security management 2 2 System Concept LANPRO LP NC1 dedicates to user authentication authorization and management The user account information is stored in the local database or specified external databases server User authentication is processed via the SSL encrypted web interface This interface is compatible to most desktop devices and palm computers The following figure is an example of LANPRO LP NC1 set to control a part of
161. y contact information on this page gt Check the Transaction Receipt box Click Submit 3 Reporting During normal operation the following steps will be necessary to generate transaction reports 3 1 Transaction Statistics by Credit Card Type during A Period Please log in Authorize Net Click Reports Check Statistics by Settlement Date radio button Select Transaction Type Start Date and End Date as the criteria gt Click Run Report 3 2 Transaction Statistics by Different Location a To deploy more than one LANPRO LP NC1 the way to distinguish transactions from different locations is to make the invoice numbers different To change the invoice setting please log in LANPRO LP NC1 User Authentication gt Authentication Configuration Click the server On demand User On demand User Server Configuration Credit Card Credit Card Configuration Go to Client s Purchasing Record section gt Check the Reset box gt Alocation specific ID for example Hotspot A can be used as the first part of Invoice Number gt Confirm and click Apply b Please log in Authorize Net Click Search and Download gt Specify the transaction period or ALL Settled Unsettled in Settlement Date section gt Go to Transaction section Enter the first part of invoice number plus an asterisk character for example Hotspot A in the Invoice text
162. y to another computer using your serial parallel or infrared port or set up this computer so that other computers can connect to tt lt Bac CLs Cancel 5 Choose Set up my connection manually and PESES then click Next Getting Beau The wizard i preparing to set up your Internet connection How do you want to connect to the Internet x Choose a lis nternet service providers ISPs TT Wi i yog account name password anda phone faite lard your ISP For a broadband account you won t need a phone number Ci Use the CD got from an ISP 146 LANPRO LP NC1 User s Manual 6 Choose Connect using a broadband New Connection Wizard connection that is always on and then click IIS el CARA ee nee How do vou want to connect to the Internet Next C Connect using a dial up modem This type of connection uses a modem and a regular or SDN phone line Connect using a broadband connection that requires a user name and password This is a high speed connection using either a DSL or cable modem four ISP may refer to this type of connection as PPPoE z Back Lass Cancel 7 Finally click Finish to exit the Connection New Connection Wizard Wizard Now you have completed the setup Completing the New Connection Wizard our broadband connection should already be configured and ready to use IF your connection is not working properly click the following link
163. yahoo com If select Disable here it will redirect to the original webpage that configured in the clients computers e Access History IP The IP address of external billing system Only device with this IP address may directly access system s billing records Specify an IP address of the administrator s computer or to get history information directly with fixed format URLs as the following example Traffic History https 10 2 3 213 status history 2005 02 17 26 LANPRO LP NC1 User s Manual FB https 10 2 3 213 status history 2005 02 17 Microsoft Internet Explorer Be Edt View Favorites Tools Help r Oad G wan Seach Favortes Media Address EPP ttos 10 2 3 213statusshishory 2005 02 17 Links Date TYPE Name IP MAC Packets In Bytes In Packets Out Bytes Out 2005 02 17 18 09 03 0800 LOGIN aaaGwi300 tw 192 168 30 189 00 0C F1 28 BF D8 0 0 0 0 On demand History https 10 2 3 213 status ondemand_history 2005 02 17 https 10 2 3 213 status ondemand_history 2005 02 17 Microsoft Internet Explorer Fle Edt View Favewites Toole Help gt Q Bsk I a pi Search Favortes WP Media Address 4 https 10 2 3 213 status ondemand _history 2005 02 17 Links gt Date System Name Type Name IP MAC Packets In Bytes In Packets Out Bytes QutExplret ime Valid 2005 02 17 16 44 19 0800 QA amp W1300 Casper 213 Create_OD_User N7E9 0 0 0 0 00 00 00 00 00 00 0 0 0 U 2005 02 17 16 44 57 0200 QA wi
Download Pdf Manuals
Related Search