User Guide
Contents
1. Enabled Disabled Server Folder Po ex diri dirz HTTP Web Log Interval Private Public OOO Enabled Disabled User Log Server Folder Po O OS ex dirl dirz Interval 1 Hour Note same as Interval of User Log in the Notification E mail Settings Logged Interface O Enabled Disabled On demand User Log Server Folder ex diydi Interval 1 Hour Note same as Interval of On demand User Log in the Notification E mail Settings FTP Server Settings FTP Destination Configures the common settings of the FTP server that the logs will be sent to which includes the following gt gt IP Address Port IP address and port number of FTP server Anonymous Check option Yes if the FTP server does not need ID credentials otherwise check option No and fill in the necessary Username and Password FTP Setting Test To test the FTP settings correct or not Session Log Log each connection created by users and tracking the source IP Port and destination IP Port Session Log will be sent to the FTP server automatically during every defined interval in Session Log email notification Session Log allows uploading the log file to a FTP server periodically The maximum log file size is 256K The log file also will be sent to the FTP server once the file size reaches its maximum size Enable Decid2. No Type IP Address Subnet Mask Secret Key 1 Roaming Out 10 0 0 0 255 0 0 0 8 _ a Coe 2 Disabe i 255 255 255 255 32 3 Disable v 255 255 255 255 32 4 Disable Si 255 255 255 255 32 Click the hyperlink Roaming Out amp 802 1x Client Device Settings to enter the Roaming Out amp 802 1X Client Device Settings interface Choose Roaming Out and key in the Roaming Out client s IP address and network mask and then click Apply to complete the settings In the other system such as another The HS1100N setup it s RADIUS server to this HS1100N with same postfix then the local user in this HS1100N can login success from another HS1100N by RADIUS authentication HS1100N User Guide 117 LALLA 12 4 Customizable Pages Configure Custom Pages go to System gt gt Zone Configuration click Configure in Public zone There are several user login and logout pages that can be customized by the administrator You can select Template Page or External Page Type Template Page External Page Color for Title Background 728899 Select RGB values in hex mode Color for Title Text F3F3F3 Select RGB values in hex mode Color for Page Background FFFFFF Select RGB values in hex mode Color for Page Text 000000 Select RGB values in hex mode Copyright Copyright Logo Image File Preview and Edit the Image File
3. Fate TYFE Name IP MAC Packets In Bytes In Packets Out Bytes Out 2005 02 17 18 09 03 0800 LOGIN aaaGwl 300 tw 192 168 30 189 00 0C F1 28 BF be 0 0 0 On demand History https 10 2 3 213 status ondemand_history 2005 02 17 F https 10 2 3 21 3 status ondemand history 2005 02 17 Microsoft Internet Explorer Fie Edt View Favorites Tools Help Qad O d iz fn A Search Favorites QP Meda oe a G Address https 10 2 3 21 3 stabus ondemand_history 2005 02 17 E io Links a Date Sys tem Name Type Name IP HAC Packets In Bytes In Packets Out Bytes OQutExpiret ime Valid 2003 02 17 16 44 19 0800 GA WI300 Caspear 213 Create_OD_User NTE 0 0 0 0 00 00 00 00 00 00 0 0 0 2005 02 17 16 44 57 0800 Qa W1300 Casper 213 OD User Login NTEQ 192 168 30 189 00 0C F1 28 BF Da 0 0 0 2005 02 17 16 45 22 0800 OA W1300 Casper 213 OD _User_Logout NTEQ 192 168 300 189 00 00 F1 28 BF D8 32 14499 30 HS1100N User Guide 83 10 4SNMP To configure SNMP go to System gt gt General The HS1100N supports SNMP v1 v2c If this function is enabled the SNMP Management IP and the Community string can be assigned for SNMP access to the system General Settings for the Entire System HS1100N 7 Internal Domain Name Use the name on the security certificate FQDN of this device for internal use e g controller office name com System Name Enable Disable
4. OA eae Se G 0 6 e Q Q G G G G 6 G HS1100N User Guide 152 Melton W g BRS WoriPay larbei Adminertticn Iaa Command Batch Installation ID Z39TEST Risk Management Administration Code TEST User Hanagement TEST User Profile wyw inwest com ae Dati current up to LZ Det Gz 4508 Merch Brit MERCHANT IOTAM Copyright RBG ple 2009 STEP Select the Save Changes button STEP Input Installation ID and Payment Gateway URL in gateway UI gt Installation ID 2009test gt URL https select wp3 rosworldpay com wcc purchase External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable WorldPay Payment Page Configuration Installation ID n https select wp3 rbswoarldpay com wec purchas Payment Gateway URL Currency SBP Pound Sterling WF le Note The WAN IP of gateway must be real IP HS1100N User Guide 153 NEILOMM Legal amp Regulatory Information Limitation of Liability NetComm Limited reserves the right to change the specifications and operating details of this product without notice The information in this document does not represent a commitment on the part of NetComm Limited To the fullest extent permitted by law NetComm Limited and its affiliates disclaim liability for any and all direct indirect special general incident
5. Wireless N Hotspot User Guide Revision History 1 1 1 2 1 3 PAA 22 2 3 2 4 29 2 6 3 1 OZ 3 3 3 4 3 9 4 1 4 2 4 3 4 4 5 1 J2 Table of Contents Before You Starless e T i 1 PITIO R ASAS 1 DOc UMENLCONVENTON nisreen A vasicseea tsesedlaaeyenadeseudaeusenatseaedsoae 1 Pacae CCG ie ott eens age ene ea ea a 2 System Overview and Getting Started cccsssccesssccssscccssssccssscsesssccessseeees 3 Iniroduchon to the HASON aaae ONO 3 Vs 21 08 0 0 6c 6 PEAREN EIEE RAT een COE E EAE E ETETE Ree 3 Hardware Deshin HG A Loe eee Ene ene NN EPP PE Pe 5 SVS ROGUEN ONT enee CEMERS A AE SERLAIWERE RTI ST een NUERER ANAT SE SnNO NER IN O NR ERENT Een IER 8 lets cl U G RYO e S res nee ee aree E rar Te Re ee Aer Shepae ene 8 Access Web Management Interface cccccccccccssscesssccsssccsssecesseccseecesseccsseecessecesssecssecesseeesesessas 9 Adding the HS1100N to the Net w Ork 0 ccsscccsssscesssccssscccsssccesssccessscsesscers 11 NGEWORK REQUIPEIICIU 2 incaceate ois elels toon ine eile tate are oah italia aiteain Gon ube SR 11 Conigurno te WAN PO casietin emcees dase e phen Anna a eseeiarols 11 E A rS e LE EAA E AE A E ATE EA AE AE E T A A AA AEA A AAT 12 3L DYNO oaa a a a TPC ne Se Pee Pet 12 SS BAe EPTO E eR nC et eS een AT RENT RON TRON tO TIER NCS EN nA NESE en TEER ET RTE RE Ne 13 Internet Connection DeteCHON ccccsssccccsssscccc
6. General Settings for the Entire System System Name JHS1100N if Use the name on the security certificate Internal Domain Name FQDN of this device for internal use e g controller office name com Portal URL When this function is disabled after users logged in successfully users will be directed to the original homepage set in their browsers HS1100N User Guide 75 8 2 2 Idle Timer To configure the Idle Timer go to Users gt gt Additional Control If a user is idle with no network activity the system will automatically disconnect the user The logout timer can be set between 1 1440 minutes and the default idle time is 10 minutes Additional Control E Idle Timeout minutes 10 1 1440 User Session Control Multiple Login E Authentication option using On demand database will not support this function HS1100N User Guide 76 8 2 3 Multiple Login To configure Multiple Login go to Users gt gt Additional Control When enabled a user can log in from different computers with the same account This function doesn t support On demand users and RADIUS authentication Additional Control Idle Timeout minutes 10 1 1440 User Session Control Multiple Login Authentication option using On demand database will not support this function HS1100N User Guide 77 9 Networking Features of a Gateway 9 1 IP Plugand Play To configure IP Plug and Play go to
7. Getting Ready and then click Next The wizard is preparing to set up your Internet connection How do you want to connect to the Internet a list of Internet service providers ISPs il need your account name password and a phone number For a broadband account you won t need a phone number Ci Use the CD got from an ISP eae J_Nea gt 6 Choose Connect using a broadband New Connection Wizard connection that is always on and then click internet Conmactidi How do you want to connect to the Internet Next O Connect using a dial up modem This type of connection uses a modem and a regular or ISON phone line Connect using a broadband connection that requires a user name and password This i a high speed connection using either a DSL or cable modern our SP may refer to this type of connection as PPPoE tak ten 7 Finally click Finish to exit the Connection Wizard New Connection Wizard f Completing the New Now the setup is completed Connection Wizard Your broadband connection should already be configured and ready to use If your connection is not working properly click the following link To close this wizard click Finish eck Cf Frisn e TCP IP Network Setup If the operating system of the computer in use is Windows 95 98 ME 2000 XP keep the default settings without any changes to directly start restart the system With the factory default settings during the proces
8. Enable Disable MAC Address of Remote AP Security Type None WDS Status Enable Disable MAC Address of Remote AP Security Type e WDS Status Select Enable to active this WDS link e MAC Address of Remote AP Enter the MAC of the remote AP that create WDS link with The HS1100N e Security Type 7 WEP WEP Key Length may be 64 bits 128 bits or 152 bits and WEP Key Format can be ASCII or HEX Lastly enter the WEP Key a WPA PSK Select the preferred ciphering method TK P or AES and enter the PSK Pass phrase HS1100N User Guide 124 Appendix D RADIUS Accounting This section will briefly introduce the basic configuration of RADIUS server to work with VSA for the purpose to control the maximum client volume usage upload download or upload download traffic This VSA will be sent from RADIUS server to gateway along with an Access Accept packet In other words when the external RADIUS server accepts the request it will reply not only an Access Accept but also a maximum value in bytes each user is allowed to transfer This value can be the maximum upload traffic the maximum download traffic or the sum of the download and upload traffics in bytes per user Gateway will check this value every minute if the user traffics reach this value gateway will stop the session of this user and send a Stop to RADIUS server 1 Description VSA is designed to allow vendors to support their own extended Attribu
9. gt VLAN ID when EtherType is VLAN The VLAN ID is provided to associate with certain VLAN tagging traffic gt VLAN Priority when EtherType is VLAN It denotes the priority level with associated VLAN traffics gt VLAN Type when EtherType is VLAN It can be used to indicate the type of encapsulated traffics gt Opcode when EtherType is ARP RARP This list can be used to specify the ARP Opcode in an ARP header gt Source MAC Address Mask indicates the source MAC IP Address Mask indicates the source IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields when EtherType is ARP gt Destination MAC Address Mask indicates the destination MAC IP Address Mask indicates the destination IP address when EtherType is IPv4 ARP IP MAC amp MASK indicate the ARP payload fields when EtherType is ARP When you have finished configuring these settings please click Apply to load the firewall rules gt gt To insert a specific rule The Insert Before in the Operation column of firewall list will lead to the following page for detailed configuration of the rule ID for the rule currently being inserted NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Client Mobility Layer 2 Firewall Edit Filter Rule Rule Number 9 Rule Name default rule Action for Matched Packets 5 Pass Block Rule Remark Link Layer Configuration Ether Type All X Interface From
10. http iwaw netcomm com au e g http www google com e g 192 168 2 1 Setup Management IP Address List Portal URL User Log Access IP Address Management IP Address List Enable Disable Manager IP Address Community HS1100N User Guide 84 10 5 Three Level Administration The HS1100N supports three kinds of account interface You can log in as admin manager or operator The default usernames and passwords show as follows Admin The administrator can access all configuration pages of the HS1100N Username admin Password admin Wireless N Hotspot NetCom Username Password After a successful login to the HS1100N a web management interface with a Home page will appear Logout Wireless N Hotspot Melton a Setup Wizard Quick Links SOGGU n Overview HS1100N User Guide 85 Manager The manager can only access the configuration pages under User Authentication to manage the user accounts User Name manager Password manager Authentication Settings auth server Nome post pohy lacktist Configure 2 vons ia Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator On demand Account Creation meee ts raon Usage time 15 min s connection time quota with expiration 10 91 Enabled Usage time
11. the user will be kicked out from system when the downlink uplink or total traffic exceeds the limit 2 VSA configuration in RADIUS server IAS Server This section will guide you through a VSA configuration in your external RADIUS server Before getting started please access your external RADIUS server s desktop directly or remotely from other PC Step 1 Confirm the following key elements in RADIUS server users groups and policies Verify whether there are already users in RADIUS Server Verify whether there are already Groups and assigned users belonging to these Groups in RADIUS Server Verify whether there are already Policies and assigned Groups belonging to these Policies in RADIUS Server Step 2 Run Internet Authentication Server and open Remote Access Policies Select a Policy with right click and scroll down to its Properties page HS1100N User Guide 126 MELON ia z Recycle Bin Getif 2 3 1 RADIUS Server Des ktop r P Internet Authentication Service ZE Ld File Action View Help T45 Log Viewer Internet Authentication Service Local a H RADIUS Clients E RADIUS MAC Authenticati ed Remote Access Policies Employee_i3h_si2h 0 Connection Request Processing 4 Groupt Ide3m SessionSm g i Group2_Session12m He fGroup3 Unlimited eJ u froup4 TdleSm MAS ID match cipher o Groups MAS5 IC match other S Connections to Microsoft Routing and Delete E Connections to other access
12. 19 19 04 04 04 47 25 15 04 50 Aug 25 19 09 26 disassociated Aug 25 19 14 43 disassociated Aug 26 10 38 56 6 10 45 24 26 10 48 07 26 10 48 39 26 10 49 00 6 10 49 03 6 10 49 05 6 10 49 07 26 10 49 08 26 10 49 10 6 10 49 16 41 43 NAM NAM NAM NAM NAM NAM NAM NAM NAM NAM NAM NAM daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon daemon info info info info info into info info info info info info info info info info info hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd hostapd Event Log athOapo athOapo athOapo athOapo athOapo athOapo athOapil athOapl athOapl athOapo athOapo athOapo athOapo athOapo athOapo athOapo athOapo STA STA STA STA STA STA STA STA STA STA STA STA STA STA STA STA STA 00 Od 00 00 Od 00 00 00 00 00 00 D0 00 Oo Od Od 00 I IT If LES LES l1 24 mi a r24 If 1f 1f If It It If If d4 d4 d4 d4 d4 d4 mF eie c fie d4 d4 d4 d4 d4 d4 d4 d4 og 00 og Oo 00 00 ai a7 aT 00 Oo 00 gg Oo o0 00 og z221 21 21 21 oz c2l 16 16 18 al l 2l oe 2l
13. 8 1 2 Internal Domain Name with Certificate cccccccccccssscccsssccesseccesseccsssecesssecesssecesssecesssecesssesesseeeesseeeenes 71 Boe Vy Cl oe OT E EE EE N E A I A AE AE EE teased ume E A E A TA ETT 73 SAA Walled Garden AD ISE tscccss se nA a a A 74 02 ARTUS LOO T naaeaoeeacansaeia naan 75 8 2 Portal URL alter SUCCESS logihnusasnrsate nina bed Wale a a OA 75 Oade MC aa A TTE E AOA E EEE dieiler toatl ice ecsmais AES 76 SANELEE ELE 1 a EEPE EE EE E E TIE E EA PE E ATE E EA PETN E E E 77 Networking Features of a Gateway eeesseesscessoeessoessocesocesscoeesocesooessoeesocessoeesoe 78 e EPET AR a E E EN 78 9 2 Dynamic Domain Name Service DDNS cccccccccccccessecesssccessecesseccsssecessecesssecessesesssecerseeesaees 79 Ja PONER a aE URE rte wir mp TOE TERC AO tet on CM SMUT rE NNT CRIN ares Sn PCN MIR RAAT 80 System Management and Utilities e seeesoeessoessoeesocessoeesocessceesoeesocessoeesocessoee 81 TAL SS VSB TNO a asada tins Bi paeasauane toad dticadaaneda i aatagansack toast edaeatatad iateGarss dea edna aes 81 10 2 Managemen UP ceca bat a a a a N 82 103 User Rog Access IPAUdTOS Sa E TA A 83 MINI TIE sectcrthasa ve ait cate eseaactteh ona ate atic tetra sates melas near ican sealant ee wereea uated 84 10 5 Three Level Administration 00 ccccccceccccessccessccessecesscecessecesseecsssecessscesssecessecesssecessseesssecenseeesaees 85 100 ChanGe THE Pass wor lis d csessascseasdcossecesaiesesalshus
14. Default 19 Range O35 Primary RADIUS Server D Defaut 1812 Defaut 1813 h Enable Disable Secondary RADIUS Server a Mame IP Address Enable Disable gt External RADIUS Related Settings m 802 1X Authentication Enable Disable 802 1X authentication for users authenticating through this Server Username Format Select the format which the user login information is sent to the external RADIUS Server You may choose to send username in Complete userlD Postfix Only ID or Leave Unmodified Please note If the Leave Unmodified option is selected the system will send the username to the Default Auth Server set in the 802 1X configuration page for authentication NAS Identifier This attribute is the string identifying the NAS originating the access request The HS1100N User Guide 38 System will send this value to the external RADIUS server if the external RADIUS server is configured to need this NAS Port Type Indicates the type of physical port the network access server is using to authenticate the user System will send this value to the external RADIUS server if the external RADIUS server is configured to need this Class Policy Mapping This function is to assign a Policy to a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attributes logs into the system via the RADIUS server each client will be mapped to an assigned
15. GMT 08 00 Taipei x WTP NTP Server 1 tock usno navy mil e g tock usno navy mil NTP Server 2 tock stdtime gov tw Manually set up Note When system cannot sync the time with the specified NTP server clients will not be allowed to login to system On demand accounts are also unable to be created HS1100N User Guide 81 Melton 10 2 Management IP To configure Management IP go to System gt gt General General Settings for the Entire System Use the name on the security certificate FQON of this device for internal use e g controller office name com Internal Domain Name Enable Disable Portal URL http www netcomm com au e g http www google com Management IP Address List Setup Management IP Address List SNMP Enable Disable Only PCs within the Management IP range on the list are allowed to access the system s web management interface For example 10 2 3 0 24 means that as long as an administrator is using a computer with the IP address range of 10 2 3 0 24 he or she can access the web management page Another example is 10 0 0 3 if an administrator is using a computer with the IP address of 10 0 0 3 he or she can access the web management page Management IP Address List No IP Address Segment
16. Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information HS1100N User Guide 135 Melton Editing Billing Plan Plan 3 Account Type Expiration Time With Expiration Time No Expiration Time 2 day s 3 hres 4 mings Quota Range of day s 0 364 Range of hourfs 0 23 Range of mings 0 59 they cannot all be zero First time login must be done within 5 day s le Account Activation pours Range of hours 0 23 they cannot both be zera j 7 itg Price Range 0 100000 induding two digits after decimal point 2 9 1 99 Reference TIP If the Account Type is Usage Time Customer can access internet as long as the account is valid with remaining quota connection time and within the valid period Customer alse needs to activate the issued account within a given time period by logging im for the first tima Te Giz Usage time No Expiration account lifespan lt gt Activation Time Quota up QU AT Creation Time realaiinn Time Invalid gt Valid HS1100N User Guide 136 Hotel Cut off time Hotel Cut off time is the clock time normally check out time at which the on demand account is cut off made expired by the system on the following day or many days later On the account creation UI of this plan operator can enter a Unit value which is
17. To configure Payments via WorldPay go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt WorldPay WorldPayPaymentConfiguration Service Disclaimer Content We may collect and store the following personal information physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us IT O Enable i 10 91 Enable Enable Enable Enable Enable Enable Disable Enable Disable Enable Disable Enable Disable WorldPayNoteContent You must 111 in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card a gt WorldPay Payment Configuration WorldPaylnstallation ID The ID of the associated Merchant Account Payment Gateway URL The default website of posting all transaction data Currency The currency to be used for the payment transactions gt Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here gt WorldPay Billing Configuration These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled gt WorldPay Note Content The message content will be displayed as a special notice to end customers Before setting up WorldPay it is required that
18. To configure the Walled Garden AD List go to Network gt gt Walled Garden AD List This function provides advertisement links to web pages for users to access free of charge before login and authentication Advertisement hyperlinks are displayed on the user s login page Clients who click on it will be redirected to the listed advertisement websites Walled Garden Ad List Item URL Topic Description Display a ie ij m AD TER B EB B a Es EE GE e Enter all items or make changes click Apply the items will be added and shown in the list e URL Enter the URL of the advertisement website e Topic Enter the content of the hyperlink for instance if you enter Google in this field on the user login page a hyperlink Google will be displayed e Description Any additional message for administrator s reference e Display Choose Display to display advertisement hyperlinks on the login pages HS1100N User Guide 74 6 2 After User Login 6 2 1 Portal URL after successful login To configure the Portal URL shown after a successful user login go to System gt gt General When this function is enabled enter the URL of a Web server as the Portal page Once logged in successfully users will be directed to this URL such as htto www google com regardless of the original homepage set in their browsers
19. 4 9 1 59 Group Group 1 i Reference TIP If the Account Type is Usage Time Customer can access intearmet as long as the account is valid with remaining quota connection time and within the valid period Customer alse needs to activate the issued sccount within a given time period by logging in for the first time Apply HS1100N User Guide 134 MELON Usage time Expiration Time account lifespan Quota up QU Activation Time Elapsed Time AT Creation Time Deletion Time CT I Invalid gt Valid Quota Up QU a ad Activation Time Elapsed Time AT Creation Time Deletion Time CT invalid m Valid o Usage time with No Expiration Time Can access internet as long as account has remaining quota usable time Need to activate the purchased account within a given time period by logging in for the first time Ideal for short term usage For example in coffee shops airport terminals etc Only deducts quota while using Account expires only when quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeem Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Price is the unit price of this plan
20. Buy How button ie Client s Purchasing Record o Starting Invoice Number An invoice number may be provided as additional information against a transaction This is a reference field that may contain any kind of information o Description Enter the product service description e g wireless access service o Title for Message to Seller Enter the information that will appear in the header of the PayPal payment page PayPal Payment Page Remark Content The message content will be displayed as a special notice to end customers in the page of Rate Plan For example it can describe the cautions for making a payment via PayPal HS1100N User Guide 148 4 Payments via SecurePay To configure Payments via SecurePay go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt SecurePay Before setting up SecurePay it is required that the hotspot owners have a valid SecurePay Merchant Account from its official website External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable SecurePay Payment Page Configuration Merchant ID Merchant Password Payment Gateway URL Verify SSL Certificate Currency Service Disclaimer Content We may collect and store the following personal information physical contact information credit card numbers and transactional information based on your activities on the Inter
21. E Invalid Valid HS1100N User Guide 140 o Duration time with Cut off Time Cut off Time is the clock time at which the on demand account is cut off made expired by the system on that day For example a shopping mall closing hour is 23 00 operators selling on demand tickets can create use this plan to create ticket set to be Cut off on 23 00 If an account of this kind is created after the Cut off Time the account will automatically expire Begin Time is the time that the account will be activated for use It is set to account creation time Cut off Time is the clock time when the account will expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 1 Account Type Counting Method Elapsed Time Begin and end Time Cut off Time Begin Time Upon Account Creation Cut off Time C HH MM range 00 00 23 59 4 C Price Range O0 100000 including two digits after decimal paint e g 1 99 TIP When the Account Type is Duration time three Counting Methods may be used to decide when the account expires i Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Date Time specif
22. Move to Insert Before Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete 1 7 Block CDP and VTP IEEE 802 3 2 W Block STP IEEE 802 3 3 v Block GARP IEEE 802 3 4 7 Block RIP IPv4 5 m Block HSRP IPv4 6 W Block OSPF IPv4 7 Block rule 7 ANY Delete 8 m Block rule 8 ANY Insert Before Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete 9 Block rule 9 ANY 10 E Block rule 10 ANY Total 10 First Prev Next Last HS1100N User Guide 28 From the overview table each rule is designated with the following field No The numbering decides the priority of the firewall rules in the table Active Checking this field will mark the rule as active which means this rule will be enforced Action Block denotes a block rule PASS denotes a pass rule Name This is the unique name of the rule EtherType It denotes the type of traffic subject to this rule Remark It shows the additional reference information of this rule Operation 4 actions are available Edit denotes to edit the rule details Move to denotes to move the rule to a specified rule number Insert Before denotes to insert a rule before the current rule and Delete denotes to delete the rule gt gt To edit a specific rule Clicking the Edit in the Op
23. allowing public users to scan this SSID in the air After the general wireless settings are done use the parameters in the Wireless Settings under each zone to fine tune the wireless network configuration To configure the Private Zone s Wireless Settings go to System gt gt Zone Configuration click the Configure button for the Private zone Wireless Settings VAP 1 i VAP Status Enable Disable Basic ESSID NetComm_HS1100N_2 Security Type WPA PSK Cipher Suite AES WPA2 gt Security Pre shared Key Pass phrase falbecad4e5 o Group Key Update Period 600 second s Beacon Interval ho 25 500ms RTS Threshald 2346 1 2346 Advanced Fragment Threshold 2346 256 2346 Station Isolation Enable Disable WMM Enable Disable gt Wireless Settings VAP1 Wireless Settings Private Zone o Basic Enable the VAP Status if you wish to provide wireless service under this zone Assign an ESSID for VAP1 under the Private Zone or use default HS1100N 1 the ESSID of the Private Zone will not be broadcasted and internal staff will need to associate to Private Zone s VAP1 manually o Security Configure the wireless network under Private Zone with security encryption to prevent unauthorized wireless association if necessary The encryption standards supported are WEP and WPA PSK By default WPA PSK is selected for use o Advanced The parameters in advanced are wireless settings that all
24. e Password Key The register password for the DNS provider HS1100N User Guide 79 9 3 Port and IP Redirect To configure Port and IP Redirect go to Network gt gt NAT gt gt Port and IP Redirect This function allows the administrator to set 40 sets of IP address redirection When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination Select TCP or UDP for the service s type These settings will become effective immediately after clicking Apply Port and IP Redirect Type rt Total 40 First Prev Next Las HS1100N User Guide 80 10 System Management and Utilities 10 1 System Time To configure the System Time go to System gt gt General The NTP Network Time Protocol communication protocol can be used to synchronize the system time with a remote time server Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically Universal Time is Greenwich Mean Time GMT Manually set up is another option to setup system time if you choose to setup system time manually please enter the Year Month Day the current time and click Apply to activate the changes System Time 2010 06 17 10 41 24 Time Zone
25. rect tee 4 MS warantine PFilter Microsoft specifies the IP traffic filter that is used by the Routing anc MS Quarantine Session T imeout Microsoft Species the time in seconds that the connection can rer Tunnel Tag Microsoft Description not yet defined USR ACCH T ype U S Robotics Inc Description not yet defined USR AT Call Input Filter U S Robotics Inc Description not yet defined USA AT Call Output Filter U S Robotics Inc Description not yet defined USR AT Input Filter US Robotics Inc Description not yet defined USR AT Output Filter U S Robotics Inc Description not yet defined USR AT ATMF Input Filter U S Robotics Inc Description not yet defined USR AT ATMF Output Filter U S Robotics Inc Description not yet defined USA AT zip Input Filter U S Robotics Ine Description not yet defined on 4 H 9 e HS1100N User Guide 127 NEILOMM Step 4 Add a new attribute under Vendor specific Set Vendor Code 21920 Check Yes to conform to the RADIUS RFC Click Configure Attribute to proceed Set Vendor assigned attribute number 10 Select Attribute format Hexadecimal Set Attribute Value 1000000 Fidiy ali Airea latiri ali Step 5 Confirm whether the Vendor specific Attribute has been added successfully HS1100N User Guide 128 Multivalued attribute Informat ion 7 x Echt Dial in Profile a Fa Attribute name Diskin Constants iP o Maik u endo S potecaba
26. 11 min s connection time quota EJ Enabled Valid until 12 00 the following day Enabled 4 Duration time Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 ey Enabled Note To logout simply click the Logout icon on the upper right corner of the WMI to return to the login screen HS1100N User Guide 86 LALLA 10 6 Change the Password To Change the Password go to Utilities gt gt Password Change There are three levels of authorities admin manager or operator The default usernames and passwords are as follows Admin The administrator can access all configuration pages of the HS1100N User Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user accounis User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create new on demand user accounts and print out the on demand user account receipts User Name operator Password operator The administrator can change the passwords here Click Apply to activate this new password Note Only admin account can change passwords HS1100N User Guide 87 Admin Password Original New F Change Manager Password New e Verify Change Operator Password New Verify s Caution If the administrator s password is lost the administrator s password still can be changed through th
27. 2l 2l 2l 2l 07 07 07 07 09 07 IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE IEEE In the log normally each line represents an event record which includes these fields e Date Time The time amp date when the event happened Hostname Indicate which host records this event Note that all events in this page are local event so the hostname in this field are all the same e Process name Indicate the event generated by the running instance Description Description of this event 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 HS1100N User Guide 113 associated associated associated associated associated associated associated associated associated associated associated associated associated associated associated The administrator can monitor the system status gt Lill 12 Advanced Applications 12 1 Upload Download Local Users Accounts To Upload Download Local Users Accounts go to Users gt gt Authentication click Configure button of Local Or click Quick Links gt gt Local User Management from system Home page Upload User Click Upload User to enter the Upload User from File interface Click the Browse button to select the text file for uploading user accounts the
28. 5 Who Can Access the Network 5 1 Type of Users To configure Users go to Users gt gt Authentication This section is for administrators to pre configure authentication servers for the entire system Concurrently up to three servers can be selected and pre configured for static user authentication one server uses a built in LOCAL database while the other two servers uses an external RADIUS database In addition another server called On demand can be configured for temporary user authentication Authentication Settings Auth Database Auth Server Name Postfix Policy Black List Configure LOCAL Server 1 local Poyi None J RADIUS Server 2 adus Poicy2 None W RaDIus 5erver3 eius Poia None ONDEMAND On demand User indemand Policy 4 e Auth Database There are four different authentication options in the HS1100N that uses databases LOCAL RADIUS1 RADIUS2 and ONDEMAND e Auth Server Name Set a name for the authentication databases by using numbers 0 9 alphabets a z or A Z dash underline _ space and dot only This name is used for the administrator to identify the authentication options easily such as HQ RADIUS e Postfix A postfix represents the authentication server in a complete username For example user1 local means that this user user1 will be authenticated against the LOCAL authentication database e Policy Select one Policy from the drop down list box for this speci
29. Add Remove Choose Settings iF you need to configure a proxy Settings server For a connection z Never dial a connector Dial whenever a network connection is not present Always dial my default connection Current Mone Local 4rea Network LAH settings LAM Settings do not apply to dial up connections LAN Settings Choose Settings above For dial up settings HS1100N User Guide 120 3 When the Welcome to the New Connection Wizard window appears click Next 4 Choose Connect to the Internet and then click Next Melton New Connection Wizard Welcome to the New Connection Wizard This wizard helps you Connect to the Internet Connect to a private network such as your workplace network Setup a home or small office network To continue click Next New Connection Wizard Network Connection Type What do you want to do Connect to the network at my workplace Connect to a business network using dial up or WPH 20 you can work from home a field office or another location O Set up a home or small office network Connect to an existing home or small office network or set up a new one Set up an advanced connection Connect directly to another computer using your seral parallel or infrared port or eet up this computer so that other computers can connect to tt HS1100N User Guide 121 5 Choose Set up my connection manually New Connection Wizard
30. Advanced Firewall Settings Enable Disable DHCP Snooping Trust DHCP List Configure Enable Disable Force DHCP Enable Disable ARP Inspection Broadcast Enable Disable Static List Configure ae Gi DHCP Snooping When enabled DHCP packets will be validated against possible threats like DHCP starvation attack in addition the Trust DHCP List IP MAC can be used to specify legitimate DHCP servers to prevent an unauthorised DHCP server ARP Inspection When enabled ARP packets will be validated against ARP spoofing o Force DHCP option when enabled the AP only learns MAC IP pair information through DHCP packets Devices configured with static IP address does not accept DHCP traffic therefore any clients with static IP address will be blocked from internet access unless its MAC IP pair is listed and enabled on the Static List o Broadcast can be enabled to let another AP with L2 firewall feature learn the trusted MAC IP pairs to issue ARP requests o Static List can be used to add MAC or MAC IP pairs of devices that are trusted to issue ARP request Other network nodes can still send their ARP requests however if their IP appears in the static list with a different MAC their ARP requests will be dropped to prevent eavesdropping If any changes are made to the settings please click Apply to save the new configuration before leaving this page HS1100N User Guide 33
31. American and Channel 1 13 in Europe or choose the default Auto Max Transmit Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of the wireless network Select from a range of transmission speed or keep the default setting Auto to make the Access Point automatically use the fastest rate possible Transmit Power Select from the range or keep the default setting as applicable for your environment DTIM Period Enter the DTIM Interval that is generated within the periodic beacon at a specified frequency A Higher DTIM interval will enable the wireless client to save power but the throughput will be effected HS1100N User Guide 20 ACK Timeout The time interval for waiting the ACKnowledgement frame If the ACK is not received within that timeout period then the packet will be re transmitted Setting a higher ACK Timeout will decrease the packet loss but the throughput will be effected HS1100N User Guide 21 Melton 4 2 Zone Wireless Settings Each zone has its own VAP Virtual Access Point and this corresponds to one SSID In the Private zone its VAP1 and the SSID is hidden so public users cannot scan this SSID in the air for privilege users who already know this SSID they can manually associate to the SSID of Private zone On the other hand the SSID of VAP2 under Public zone by default is enabled with SSID Broadcast feature
32. Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds HS1100N User Guide 26 4 4 Wireless Layer 2 firewall The system provides an additional security feature a Layer2 Firewall in addition to standard wireless security Layer2 Firewall offers a firewall function that is tailored specifically for Layer2 traffic providing another choice of shield against possible security threats coming from going to the WLAN AP interfaces hence besides firewall policies configured in Policies this extra security feature will assist to mitigate possible security breaches This section provides information in the following functions Generic Firewall Rules Predefined and Custom Service Protocols and Advanced HS1100N User Guide 27 4 4 1 Generic Firewall Rules You can choose to enable or disable the wireless Generic Firewall This section provides an overview of firewall rules for the system s wireless interface 6 default rules with up to a total of 20 firewall rules are available for configuration p d g am 4 Sa gdi NAT Privilege Monitor IP walled Garden j walled Garden Ad List DDNS Client Mobility Y Layer 2 Firewall Generic Firewall Enable Disable Firewall Rules No Active Action Rule Name Ether Type Remark Operation Edit Move to Insert Before Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete Edit
33. LAN This allows the system to remotely boot up a powered down computer with the Wake On LAN feature enabled in its BIOS while it is connected to a LAN port Enter the MAC Address of the desired device and click Wake Up button to execute this function 10 10 2 Ping It allows the administrator to detect a device using IP address or Host domain name to see if it is responding to network traffic or not 10 10 3 Trace Route It allows the administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name 10 10 4 Show ARP Table It allows the administrator to view the IP to Physical address translation tables used by the address resolution protocol ARP HS1100N User Guide 93 10 11 Monitor IP Link To Monitor the IP Link go to Network gt gt Monitor IP The HS1100N will send out a packet periodically to monitor the connection status of the IP addresses on the list On each monitored item with a WEB server running administrators may add a link for the easy access by entering the IP select the Protocol to http or https and then click Create After clicking Create button the IP address will become a hyperlink and administrators can easily access the host by clicking the hyperlink remotely Click the Delete button to remove the hyperlink if desired Monitor IP List HS1100N User Guide 94 10 12 Console Interface Via the console port administrators can enter
34. Local user user01 the Local Authentication is assigned to Policy3 Then user01 login to Public Zone will get Policy3 This is another common case for users that is assigned Policy by the authentication server gt f User is not assigned a Policy individually and the authentication server is also not assigned a Policy then the users will be applied the Global Policy For example a Local user user01 is assigned to None Policy and the Local Authentication is also assigned to None Policy in User list Then user01 logging to Public Zone will be applied with the Global Policy As aconclusion the Global Policy has the lowest policy priority on the other hand the User Policy has the highest one HS1100N User Guide 123 Appendix C WDS Management The Public Zone of the HS1100N supports up to 2 WDS links WDS Wireless Distribution System is a function used to connect APs Access Points wirelessly to extend wireless coverage The WDS management function of the system can help administrators to setup two WDS links To configure WDS go to System gt gt Zone Configuration click Configure in Public zone fone EEEE Name ESS Wireless Wireless Security Default Authen Default Authen Option Details WDS Wireless Distribution System is a function used to connect APs Access Points wirelessly The WDS management function of the system can help administrators to setup two WDS links WDS1 Settings Public WDS Status
35. NCEE eT Se mC RSet eee Ree TREE SOC TE or 113 12 Advanced APPLiCAatlON sccccsscccsssscccessscccescscccessscccescsccsessccsessccesessccesesessees 114 12 1 Upload Download Local Users Accounts eeeeeeeeeeeeeeeeeeeeresesreesriesereesereessressrressrreserressreessreess 114 22 RADIUSA dvanced StU enee e E N 116 WZ ROn QUe ceeetandieneradontetadacucaein ame arteandaneuieanasns 117 LCA Customizable PACS sates nsec hens cai sureties scabies ve di AS 118 Appendix A Network Configuration on PC amp User Login 0 sccssssccssscesseees 120 Appendix B POLG Priory wescsicteccctancciditeciesseeescsteiitetslentadateiissibkachiiiesislaiad ansaid 123 Appendix C WDS Management 00 0 ccsscccssseccsscccesscccesscccesscccssscccsssccessscsesssccesssecesssers 124 Appendix D RADIUS Accounting eeesseessceesceesseessoeesccessceesocesscessoeesocessoeesoeesocessoeesoeessoeesse 125 Appendix E On demand Account types amp Billing Plan oessoessoeesseessoessoeesscessoeesoe 134 Appendix F External Payment GatewayS seesseeesscessoeesocesscessocesocessoeesoeessoessoeesocessoeesoe 143 ili 1 Before You Start L1 Preface This manual is for wireless service providers or network administrators to set up a network environment using the HS1100N system It contains step by step procedures and graphic examples to guide IT staff or individuals with some network system knowledge to complete the insta
36. Network gt gt Client Mobility The HS1100N supports the IP PNP function User can login and access network with any IP address setting This function is disabled in default settings Client Mobility IP PNP Enable Disable When IP PNP is enabled at the user end a static IP address can be used to connect to the system Regardless of what the IP address at the user end is using authentication can still be performed through the HS1100N HS1100N User Guide 78 9 2 Dynamic Domain Name Service DDNS To configure the Dynamic Domain Name Service go to Network gt gt DDNS Before activating this function you must have your Dynamic DNS hostname registered with a Dynamic DNS provider The HS1100N supports DNS functions to alias the dynamic IP address for the WAN port to a static domain name allowing the administrator to easily access the HS1100N s WAN If the dynamic DHCP is activated at the WAN port it will update the IP address of the DNS server periodically These settings will become effective immediately after clicking Apply Dynamic DNS DONS O Enable Disable Provider DynDN S orglDynamic l Host Name i Username E mail ll E Password Key i E i l e DDNS Enable or disable this function e Provider Select the DNS provider e Host name The IP address domain name of the WAN port e Username E mail The register ID username or e mail for the DNS provider
37. No IP Address Seqment 1 0 0 0 0 0 0 0 0 2 3 a 4 L 5 5 L J 7 8 g i 7 Bi 10 11 i 12 l 13 J 14 _ 15 gt i 16 17 18 l 19 20 l The default value is 0 0 0 0 0 0 0 0 It means that the WMI can be accessed by any IP address for security reasons please change this value before the system provides network services HS1100N User Guide 82 NEICOMM 10 3 User Log Access IP Address To configure User Log Access IP History go to System gt gt General General Settings for the Entire System System Name JHS1100N if Use the name on the security certificate Internal Domain Name FQON of this device for internal use e g controller office name com Enable Disable http weww netcomm com au e g http www google com User Log Access IP Address eg 192 168 2 1 Management IP Address List Setup Management IP Address List Specify an IP address of the administrator s computer or a billing system to get billing history information of the Portal URL HS1100N with the predefined URLs The file name format is yyyy mm dd An example is provided as follows Traffic History https 10 2 3 213 status history 2005 02 17 https 10 2 3 2713 status history 2005 02 17 Microsoft Internet Explorer File Edt View Favorites Tools Help y A Seach Favorites Meda 00 a 4
38. Policy RADIUS Policy Mapping Server 2 O Enable Disable No Class Attribute Value policyName Remark 1 GP1 SY 4 j 5 gt Primary Secondary RADIUS Server Server Enter the domain name or IP address of your RADIUS Server Authentication Port Enter the Port number used for authentication Accounting Port Enter the Port number used for accounting Secret Key Secret Key used for authentication Accounting Service Enable Disable RADIUS accounting Authentication Protocol Select Challenge Handshake Authentication Protocol CHAP or Password Authentication Protocol PAP HS1100N User Guide 39 5 L3 On Demand Users On demand User Server Configuration The administrator can configure this authentication method to create on demand user accounts This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment Major functions include accounts creation users monitoring list billing plan and external payment gateway support Authentication Server On demand User WLAN ESSID Metlomm H51100N Wireless Key General Settings SUPERMEN c Input other desired currency e g AU Remaining Reminder Enable Disable Volume Enable Disable Syneinterval tomings a5min s _ 20mins On demand Account List View 1 General Settings These are the common setting
39. Reload factory default Choosing this option will reset the system configuration to the factory defaults Restart The HS1100N Choosing this option will restart the HS1100N HS1100N User Guide 97 11 System Status and Reports 11 1 View the Status This section includes System Interface Routing Table Online Users User Log and E mail amp SYSLOG to provide system status information and online user status 11 1 1 System Status To view the System Status go to Status gt gt System This section provides an overview of the system for the administrator System Setting Overview System Name HS1100N Portal URL http iiie w w netcomm com au Primary SYSLOG Server BA fas Secondary SYSLOG Server BA N A User Log NTP Server 0 netcomm pool ntp org System Time Idle Time Out 10 Mints User Session Control Multiple Login Disabled DNS HS1100N User Guide 98 Melton The description of the above mentioned table is as follows The IP address and port number of the external SYSLOG Server N A SYSLOG server System Log means that it is not configured The IP address and port number of the external SYSLOG Server N A SYSLOG server On demand Users Log means that it is not configured Show whether the status for the WAN connection is normal or disconnected Warning of Internet Disconnection Internet Connection Detection and whether online users are allowed disallowed to log in the network The maximum number of d
40. To VAP2 Source Destination MAC Address MAC Address MAC Mask MAC Mask gt gt To move a specific rule The Move to in the Operation column of firewall rules will lead to the following page for reordering confirmation Click OK to save the changes made HS1100N User Guide 30 Move to No 9 Please make sure all desired rules are checked as Active and applied in the overview page N A pons me Privilege Monitor A Walled Garden Walled Garden Ad List DDNS Client Mobility Layer 2 Firewall Gereric Firewall Enable Disable Firewall Rules No Active Action Rule Name Ether Type Remark Operation i Edit Move to 1 m Block CDP and VTP IEEE 802 3 licer Bek Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete Edit Move to Insert Before Delete Edit Move to 5 iv Block HSRP IPv4 Insert Before Delete Edit Move to 6 7 Block OSPF IPv4 Insert Before Delete Edit Move to ANY Insert Before Delete Edit Move to ARP Insert Before Delete Edit Move to 9 Block default rule ANY Insert Before E Delete Edit Move to ANY Insert Before Delete 2 7 Block STP IEEE 802 3 3 w Block GARP IEEE 802 3 ps F Block RIP IPv4 7 Block rule 7 8 E Block rule 8 10 E Block rule 9 Total 10 First Prev Next Last HS1100N U
41. Total 2 First Prev Next Last Search Enter a keyword of a username External ID or reference to be searched in the text filed and click this button to perform the search All usernames External ID or reference matching the keyword will be listed Username The login name of the account Password The login password of the account Remaining Quota The remaining time or volume or the cut off time that the account can continue to use to access the network HS1100N User Guide 45 e Status The status of the account o Normal the account is not currently in use and has not exceeded the quota limit o Online the account is currently in use o Expired the account is not valid any more even if there is remaining quota left o Out of Quota the account has exceeded the quota limit o Redeemed the account has applied for an account renewal e External ID This is an additional information field for combined with a unique account only for example the customer s name or social security number etc e Reference Any other additional information for example venue where the account is generated etc e Delete All This will delete all the users at once e Delete This will delete the users individually 9 Redeem On demand Accounts NETCOMM VELOGITY SERIES NEILOMM j Wireless N Hotspot Login Success Page Welcome testuser ondemand Credit Balance 3 58 40 Change Password Login Time 2011 6 1 16 29 17 Logout Redeem
42. Update a For Usage time accounts when the remaining quota is insufficient or if they are almost out of quota they can use redeem function to extend their quota After the user has got or bought a new account they just need to click the Redeem button in the login success page to enter Redeem Page input the new account Username and Password and then click Submit This new account s quota will be extended to the original account However the Redeem function can only be used with an account of the same billing type i e Volume accounts can only be redeemed with another Volume account and so on Wireless N Hotspot User ry ll Welcome To User Redeem Page Please Enter Your Name and Password to Redeem Username Password Submit Clear Copyright amp HS1100N User Guide 46 Note The maximum quota is 365dys 23hrs 59mins 59secs even after redeem If the redeem amount exceeds this number the system will automatically reject the redeem process Note Duration time and Hotel Cut off type do not support the redeem function HS1100N User Guide 47 5 2 User Login 5 2 1 Default Authentication There are different types of authentication database LOCAL RADIUS and ONDEMAND that are supported by the system Only the Public Zone can set authentication A postfix is used to inform the system which authentication option is to be used for authenticating an account e g Bob local or Tim radius1 etc when multiple opt
43. Zone only Wireless Settings and WDS Settings Public Zone only HS1100N User Guide 16 3 9 1 Port Role Assignment The Zone and Port mappings are shown below LAN1 and LAN2 maps to Private Zone and Public Zone respectively Public Zone Private Zone Note The system s WMI can also be accessed via the WAN port as long as the administrator uses an IP address listed in Management IP Address List setting If both WAN and LAN ports are unable to reach WMI please use the console interface to resolve this issue HS1100N User Guide 17 3 5 2 Configure the Zone Network To configure the Zone network go to System gt gt Zone Configuration Click the Configure button of Private zone for further configuration The parameter descriptions for the Basic Settings in the Private and Public Zones are the same The wireless settings under each zone will be covered in the next section Basic Settings Private Operation Mode NAT Router onaards IP Address 192 168 1 254 Subnet Mask 255 255 255 0 Disable DHCP Server Enable DHCP Server Start IP Address 1927 168 1 1 j End IP Address 192 168 1 100 Preferred DNS Server 168 95 1 1 f DHCP Server Alternate DNS Server Domain Name domain WINS Server Lease Time 1 Day v Reserved IP Address List Enable DHCP Relay gt Network Interface o Operation Mode Contains NAT mode and Router mode When NAT mode is chos
44. access categories voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only Normally we use VAP2 the VAP under Public Zone to provide wireless service to public clients in a hotspot environment To configure the Public Zone s Wireless Settings go to System gt gt Zone Configuration click the Configure button for the Public zone Wireless Settings VAP 2 VAP Status Enable Disable Basic ESSID NetComm_ HS1100N Beacon Interval m 25 500ms RTS Threshald 2346 1 2346 Fragment Threshold 2346 256 2346 Advanced Broadcast SSID Enable Disable Station Isolation Enable Disable vM Enable Disable gt Wireless Settings VAP2 Wireless Settings for Public Zone O Basic Enable the VAP Status if you wish to provide wireless service under this zone Assign an ESSID for VAP2 under the Public Zone or use the default setting of HS1100N 2 the ESSID of Public Zone will be broadcasted by default to allow it to be scanned in the air Security Configure the wireless network under Public Zone with security encryption to prevent unauthorized wireless association if necessary The encrypt
45. assigned automatically PPPoE HS1100N User Guide 12 3 2 3 PPPoE PPPoE When selecting PPPoE to connect to the network enter the Username Password MTU and Clamp MSS as supplied by your ISP There is also a Dial on demand function under PPPoE If this function Is enabled the Maximum Idle Time field becomes available When the idle time is reached the system will automatically disconnect itself WAN Configuration Static Use the following IP settings Dynamic IP settings assigned automatically PPPoE Username e WAN Password a ES eT MTU 1492 bytes Range 1000 1492 EPEE Clamp MSS 1400 bytes Range 980 1400 Dial on Demand Enable Disable HS1100N User Guide 13 NEILOMM 3 3 Internet Connection Detection To configure Internet Connection Detection go to System gt gt WAN Traffic WAN Traffic Available Bandwidth Uplink 100000 Kbps Range 10 100000 Downlink 100000 Kbps Range 10 100000 Enable Disable Target for detecting Internet connection IP Domain Name www google com Internet Connection Detection IP Domain Name IP Domain Name When Internet connection is down the system will display the message as Sorry The network outbound service is temporari e Internet Connection Detection When enabled the system will try to access
46. deducts quota while using however the count down to Expiration Time is continuous regardless of logging in or out Account expires when Valid Period has been used up or quota depleted Quota is the total period of time xx days yy hrs zz mins during which On demand users are allowed to access the network The total maximum quota is 364Days 23hrs 59mins 59secs even after redeeming Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Valid Period is the valid time period for using After this time period even with remaining quota the account will still expire Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 2 Account Type Usage time v Expiration Time with Expiration Time O No Expiration Time a day s 2 hris 3 minsi Quota Range of day s 0 364 Range of houris 0 23 Range of mints O 59 they cannot all be cero ae First time login must be done within 4 day s s Account Activation hour s Range of hour s i 0 23 they cannot both be zara Valid Period After activation account willbe expired in 6 dais Must be larger than 0 7 ies Price i Range 0 100000 including two digits after decimal point
47. field Please note The SDS AG1100 Smart Device Server is the terminal server device used to connect the PRT AG1100 POS Network Ticket printer to the HS1100N in order to generate tickets HS1100N User Guide 42 6 Terminal Server Configuration Item Server IP Port Location Remark On demand Account Creation After at least one billing plan is enabled the administrator can generate single on demand user accounts here Click this to enter the On demand Account Creation page Click on the Create button of the desired plan to create an on demand account The username and password to be created by an on demand account is configurable Select Manual created in Username Password Creation and then administrator can enter desired username and password for the on demand account In addition an External ID such as a student s school ID can be entered together with account creation After the account is created you can click Printout to print a receipt which will contain the on demand user s information including the username and password to a network printer Alternatively you can click Send to POS to print a receipt by a POS device Note If no Billing plan is enabled accounts cannot be created by clicking Create button Please go back to Billing Plans to activate at least one Billing plan by clicking Edit button and Apply the setting to activate the plan The printer used by Print is a
48. last 2 calendar months Each line in a monthly network usage of local user record consists of 6 fields Username Connection Time Usage Packets In Bytes In Packets Out and Bytes Out of users activities o Username Username of the local user account o Connection Time Usage The total time used by the user o Pkts In Pkts Out The total number of packets received and sent by the user o Bytes In Bytes Out The total number of bytes received and sent by the user gt Download Monthly Network Usage of Local User Click on the Download button to output the report manually to a local database Monthly Network Usage of Local User Month No of Entries Usage Data A warning message will then appear Click Save to download the record into txt format File Download Some files can harm your computer If the file information below looks suspicious or you do not fully trust the source do not open or save this file Filename 2007 08 txt Filetype Text Document From 192 168 2 254 Would you like to open the file or save itto your computer Cancel More Info NIS Ty e of file HS1100N User Guide 106 MeO 11 2 Notification Configure Notification go to Status gt gt E mail amp SYSLOG The HS1100N can automatically send the notification of Monitor IP Report Users Log On demand User Log and Session Log to up to 3 particular e mail addresses A trial email is provided by the system for validation Secondly the
49. on the specified cut off time normally the hotel s check out time after the number of nights specified Since quests may hang around in the lobby for a short while after checking out the hotel may want to specify a Grace period for their tenants Si Gc Hotel Cut off time account lifespan 3 night stay example 24 00 PM 24 00 PM 24 00 PM e 7w p gt Cut off Time Check out time Pera hin Deletion Time DT E Invalid Valid HS1100N User Guide 137 OOOO NE Hotel Cut off time account lifespan 3 night stay example with Grace Period 24 00 PM 24 00 PM 24 00 PM Grace Period Cut off Time Check out time Pers bin Deletion Time DT E Invalid Valid o Volume Can access internet as long as account valid with remaining quota traffic volume Account expires when Valid Period has been used up or quota depleted Ideal for small quantity applications such as sending receiving mail transferring a file etc Count down of Valid Period is continuous regardless of logging in or out Quota is the total Mbytes 1 2000 during which On demand users are allowed to access the network Account Activation is the time period for which the user must execute a first login Failure to do so in the time period set in Account Activation the account will expire Valid Period is the valid time period for using After this time period even with remaining quota the account will still expire P
50. pre configured printer connected to the administrator s computer On demand Account Creation Plan Account Type Quota Price Status Function 1 Usage time 15 min s connection time quota with expiration 10 91 Enabled 2 Usage time ii min s connection time quota i Enabled 3 Hotel Cut off time Valid until 12 00 the following day 5 Enabled 4 Duration time Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 1 Enabled 5 N A fo N A E E N A Disabled Create E 6 N A E N A N A Disabled 7 N A N A N A Disabled 8 N A N A N A Disabled 9 N A N A N A Disabled 0 N A i N A N A i Disabled e Plan The number of a specific plan e Account Type Show account type of the plan in Usage time Duration time or Hotel Cut off e Quota The total amount of time or period of time that On demand users are allowed to access the network For Time users it is the total time For Volume users it is the total amount of traffic e Price For each plan this is the unit price charged for an account HS1100N User Guide 43 e Status Show the status in enabled or disabled e Function Press Create button for the desired plan and the Creating an On demand Account page will appear On demand Account Creation Plan Account Type Quota Price Status Function 1 Usage time 15 min s connection time quota with expiration 10 911 Enab
51. problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Continue to this website not recommended More information Click Continue to this website to access the user login page Use Default Certificate Click Use Default Certificate to use the default certificate and key Click restart to validate the changes You just overwrote the setting with default KEY amp default CA file You should restart the system to activate this Click to restart HS1100N User Guide 72 8 L3 Walled Garden To configure the Walled Garden go to Network gt gt Walled Garden This function provides certain free services for users to access the websites listed here before login and authentication Up to 20 addresses or domain names of the websites can be defined in this list Users without network access can still have a chance to utilise the network free of charge Enter the website IP Address or Domain Name in the list and click Apply to save the settings Walled Garden List No Domain Name IP Address No Domain Name IP Address 1 C 2 a 3 i 4 ii 5 6 7 B 9 Pp 10 Po i1 fs 12 Oooo OE 13 14 15 16 17 ss 18 e g D l N HS1100N User Guide 73 8 14 Walled Garden AD List
52. system supports recording of System Log On demand Users Log Session Log and HTTP Web Log via external SYSLOG servers Thirdly Session Log and HTTP Web Log can also be configured to be sent to an external FTP server In addition Event Log section on WMI displays of clients associate and disassociate messages HS1100N User Guide 107 1L2 1 E Mail To configure Email Notification go to Status gt gt E mail amp SYSLOG Notification E mail Settings Receiver E mail Address es Monitor IP Report User Log On demand User Log peg Doo E o o o o E o oO o o E E E Ooo Interval Sender E mail address SCS SMTP Server Po SMTP Auth Method None Notification E mail Settings gt Receiver Email Address es Up to 3 e mail address can be set up to receive the notification These are the receiver s e mail addresses There are four kinds of notification to selection Monitor IP Report Users Log On demand Users Log and Session Log check the selection box to choose the type of notification to be sent gt Interval The time interval to send the e mail report gt SMTP Setting Test To test the settings immediately gt Sender Email Address The e mail address of the administrator in charge of the monitoring This will show up as the sender s e mail gt SMTP Server Th
53. that can be shared by clients of the system HS1100N User Guide 15 3 5 Whatis a Zone To configure Zones go to System gt gt Zone Configuration A Zone is a logical network area that covers wired or wireless networks or both of them By associating to the unique ESSID of a Zone the wireless network is divided into different logical zones Clients attempting to access the resources within a particular Zone will be controlled based on the access control profile of that Zone such as authentication security feature wireless encryption method and traffic control etc There are two Zones that can be utilised by The HS1100N A Private Zone and a Public Zone as shown in the table below Using the Private Zone means clients are not required to be authenticated before using the network services On the other hand clients in the Public Zone are required to get authentication before using the network services fone EEE Name ESS Wireless Wireless Security Default Authen Default Authen Option Details Name The mnemonic name of the Zone e ESSID The SSID that is associated with the Zone e Wireless Security Data encryption method for wireless networks within the Zone e Default Authen Option Default authentication method server that is used within the Zone e Details Configurable detailed settings for each Zone Click the Configure button to configure each Zone Basic Settings Authentication Settings Public
54. the format of MMYY For example an expiration date of July September 2009 should be entered as 0709 Card Type This value indicates the level of match between the Card Code entered ona transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results returned by the processor Card Code The three or four digit code assigned to a customer s credit card number at the end of the credit card number found either on the front of the card or on the back of the card E mail An email address may be provided along with the billing information of a transaction This is the customer s email address and should contain an symbol HS1100N User Guide 145 O Customer ID This is an internal identifier for a customer that may be associated with the billing information of a transaction This field may contain any format of information O First Name The first name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter John in the First Name field indicating this customer s name O Last Name The last name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter Doe in the Last Name field indicating this customer s name O Company The name of the company associated with the billing or shipping information entered on a
55. the console interface for handling problems and situations which may occur during normal operation 1 In order to connect to the console port of the HS1100N a console modem cable and a terminal emulation program such as the Hyper Terminal are needed 2 Ifa Terminal emulator is used please set the parameters as 9600 8 None 1 None Caution The main console is a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of the HS1100N is connected properly the console main screen will appear automatically If the screen does not appear in the terminal emulation program automatically please try to press the arrow keys so that the terminal emulation program will send some messages to the system and the welcome screen or main menu should appear If the welcome screen or main menu of the console still does not pop up please check the connection of the cables and the settings for the terminal emulation program spot Gateway Basic Configuration a rog network debugging i Wipelegs E enter your choice Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems The utilities are described as follows Wireless Hotspot Gateway Configuration Utility Ping host
56. the hotspot owners have a valid WorldPay Merchant Account HS1100N User Guide 151 from its official website RBS WorldPay Merchant Services amp Payment Processing going to rbsworldpay com gt gt support centre gt gt account login STEPO STEPO Log in to the Merchant Interface gt Login url www rbsworldpay com support index php page login amp c WW gt Select Business Gateway Formerly WorldPay gt Click Merchant Interface gt Username user2009 gt Password user2009 Select Installations from the left hand navigation STEP Choose an installation and select the Integration Setup button for the specific environment STEP STEPO STEP gt Installation ID 239xxx 223643 Select Junior O1server 737449 Select Junior Raja Dasgupta 237397 Select Junior 237398 Select Junior vis Group 212370 Select Junior SAI GLOBAL 213296 Select Junior 21443 Select Junior 2155608 Select Junior Stof 2715910 Select Junior 219440 Select Junior Unearthed 239341 Select Junior futurepay 239805 Select Junior Weton 239 Select Junior System 710071 Select Junior KNOG 710158 Select Junior Chris 2229 46 Select Junior innopacific Check the Enable Payment Response checkbox Enter the Payment Response URL gt URL lt wpdisplay item MC_callback gt Check the Enable the Shopper Response J P ic
57. the listed IP Domain addresses If the system can reach these IP Domain address it means that the outbound Internet connection is in a normal state There is also a text box available for the administrator to enter a message This message will appear on clients screens when the Internet connection is down HS1100N User Guide 14 NELLOMM 3 4 WAN Bandwidth Control To configure WAN Bandwidth Control go to System gt gt WAN Traffic WAN Traffic Available Bandwidth Uplink 100000 Kbps Range 10 100000 on WAN Interface Downlink 100000 J Kbps Range 10 100000 Enable Disable Target for detecting Internet connection IF Domain Name www google com Internet Connection Detection IP Domain Name IP Domain Name When Internet connection is down the system will display the message as Sorry The network outbound service is temporari The feature gives administrators control over the entire system s traffic though the WAN interface These parameters set here should not exceed the real bandwidth coming from your ISP For example if your xDSL connection is 8Mbs 640kbs you may input these two values here Available Bandwidth on WAN Interface e Uplink Specifies the maximum uplink bandwidth that can be shared by clients of the system e Downlink Specifies the maximum downlink bandwidth
58. the number of days to Cut off time according to customer stay time For example Unit 2 days Cut off Time 13 00 then account will expire on 13 00 two days later Grace Period is an additional short period of time after the account is cut off that allows user to continue to use the on demand account to access the Internet without paying additional fee Unit Price is a daily price of this billing plan Mainly used in hostel venues to provide internet service according to guests stay time Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 5 Account Type Hotel Cut off time Hotel Cut off Time i C HH MM range 00 00 23 59 Grace Period Account remains usable for hours after cut off 60 perday Unit Price Range O 100000 including two digits after decimal point eg 1 99 TIP The Hotel Cut off time Account Type is designed for hotel applications and conforms to check infout scenario For cut off applications within one day for example the account expires upon bookstore s closing hour 11PM please select Duration Time One day stay in Hotel terms is counted from a customer check in time to the check out time on the following day When a tenant checks in for one or multiple days the operator can generate an account ticket based on the number of the over night stay The account will be cut off
59. this Policy e Maximum Concurrent Sessions Set the maximum concurrent sessions for each client belonging to this group HS1100N User Guide 55 6 3 1Firewall Firewall Profile Click Setting for Firewall Profile The Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click Firewall Rules to edit the rules Policy 1 Firewall Configuration Predefined and Custom Service Protocols Firewall Rules 1 Predefined Protocols Predefined and Custom Service Protocols There are predefined service protocols available for firewall rules editing Policy 1 Service Protocols List No fina Description select All 1 ALL ALL 2 ALL TCP TCP Source Port O0 65535 Destination Port 0 65535 a 3 ALL UDP UDP Source Port O 65535 Destination Port O 65535 4 ALL ICMP ICMP Type Any Code Any k 5 FTP TCP UDP Destination Port 20 21 6 Hm TCP UDP Destination Port 80 _ Fj HTTPS i TCP UDP Destination Port 443 8 POPS TCP Destination Port 110 9 SMTP TCP Destination Port 25 10 DHCP UDP Destination Port 67 68 k Total 27 First Prev Next Last The administrator is able to add new custom service protocols by clicking Add and delete the added protocols individually or with Select All followed by Delete operation Caution The Predefined Service Protocols cannot be deleted Click Add to add a custom service prot
60. user to try to correct the interference by one or more of the following measures e Change the direction or relocate the receiving antenna e ncrease the separation between this equipment and the receiver e Connect the equipment to an alternate power outlet on a different power circuit from that to which the receiver TV is connected e Consult an experienced radio TV technician for help 3 The power supply that is provided with this unit is only intended for use with this product Do not use this power supply with any other product or do not use any other power supply that is not approved for use with this product by NetComm Failure to do so may cause damage to this product fire or result in personal injury NEILOMM WARNING This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures GNU General Public License This product includes software code that is subject to the GNU General Public License GPL or GNU Lesser General Public License LGPL This code is subject to the copyrights of one or more authors and is distributed without any warranty A copy of this software can be obtained by contacting NetComm Limited on 61 2 9424 2059 Product Warranty The warranty is granted on the following conditions 1 This warranty extends to the original purchaser you and is not transferable 2 This warranty shall
61. 0N User Guide 4 2 3 Hardware Descriptions Front Panel Jose rr a 2 wes Press to start running WES WDS Easy Setup process e comet NAS oe Fo aoe LAN1 LAN2 Attach Ethernet cables here for connecting to the wired local network LAN1 maps to Private Zone and requires no user authentication LAN2 maps to Public Zone and by default requires user authentication WAN PoE Attach the wired external network here This port supports Power over Ethernet PoE for flexible installation spe oo Hardware reset button press once to restart the system Power Socket For connecting to external power supply via the power adapter 12VDC 1A HS1100N User Guide 5 Rear Panel Antenna Connector Attach antennas here The HS1100N supports 1 RF interface with 2 SMA connectors HS1100N User Guide 6 MEON Top LED Panel outbound internet connection is down The detection interval is 1 minute hence it reflects the connection status within the last minute p f For indicating WES status during WES setup Oo e o WES Start LED BLINKING SLOWLY LED BLINKING QUICKLY WES Negotiate LED BLINKING SLOWLY LED BLINKING LED BLINKING QUICKLY WES Fail Negotiate LED OFF LED OFF Timeout LED ON for over 5 seconds WES Success LED ON for over 5 seconds after Master displays WES Success Ae o oo E i HS1100N User Guide 7 2 4 System Requirement e Standard 10 100BaseT including network cables with RJ 45 connec
62. Address The MAC address of the WAN port IP Address The IP address of the WAN port SubnetMask The Subnet Mask of the WAN port The total accumulated packets in out through this WAN port since the WAN Packets Out In gateway was booted up The delta shows the difference between the numbers from last time this Interface Status page was visited The total accumulated bytes in out through this WAN port since the gateway Bytes Out In boots up The delta shows the difference between the numbers from last time this Interface Status page is visited Number of Sessions The number of concurrent WAN port sessions MAC Address The MAC address of the Wireless interface Zone Wireless Band The current Band setting of Wireless interface General Settings Channel The current Channel setting of Wireless interface Transmit Power The current Transmit Power setting of Wireless interface The operation mode of the zone MAC Address The MAC address of the zone Zone General IP Address The IP address of the zone The Subnet Mask of the zone Status o Enable disable stands for status of the DHCP server in this zone The WINS server IP from the DHCP server N A means that it is not WINS IP Address configured Zone DHCP Start IP Address The start IP address of the DHCP IP range End IP address The end IP address of the DHCP IP range Lease Time Minutes of the lease time for the DHCP IP address Th
63. Custom Pages Login Page Preview Logout Page Redeem Page jure Login Success Page Login Failed Page Logout Success Page Logout Failed Page Status Enable Disable Disclaimer P a Template Page To utilise the template user pages stored locally in the system choose Template Page and configure the necessary settings as follows Click Select hyperlink to pick up a colour for each item and then fill in your copyright message You can also upload a Logo image file for your template with the Preview and Edit the Image File button Click the button of Configure the setup page will appear for the corresponding page where you can change the text displayed as you wish After finishing the setting click Preview to see the result If you are happy with the customized pages click Apply to activate the changes made HS1100N User Guide 118 Disclaimer Page The Disclaimer Page is for the hotspot owner or IT staff who want to display a terms of use or an announcement before the user login page Click the button for Configure and the setup page will appear An unauthorized client will receive a disclaimer page once opening the web browser If a client selects agree and clicks Next then he or she will proceed to the User Login Page for client to login with username and password o External Page Choose the External Page option if you wish to use other pages located on a designated website Click the button to C
64. IF Trace routing path Display interface s Display routing Display ARP table Display system up time Check Service status Set device into sate mode synchronize clock with NTP s 10 Print the kernel ring butt Main menu your choice W DY je m m a i I oa I ID gt Ping host IP By sending ICMP echo requests to a specified host and wait for the response to test the network status gt Trace routing path Trace and display the routing path to a specific target gt Display interface settings It displays the information for each network interface including the MAC HS1100N User Guide 95 address IP address and Netmask gt Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings gt Display ARP table The internal ARP table of the system is displayed gt Display system up time The system live time time since the system was powered on is displayed gt Check service status Check and display the status of the system gt Set device into safe mode If the administrator is unable to use the Web Management Interface via a browser the administrator can choose this utility and set it into safe mode This enables them to manage this device with a web browser again gt Synchronize clock with NTP server Immediately synchronize the clock through the NTP protocol and the specified network time serve
65. N Configuration General Y WAN Configuration WAN Traffic Zone Configuration N WAN Configuration Static Use the following IP settings WAN Dynamic IP settings assigned automatically PPPoE The parameters related to each connection method are described in the following page HS1100N User Guide 11 3 2 1 Static IP Static Manually specifying the IP address of the WAN Port The fields with red asterisks are mandatory IP Address The IP address of the WAN port Subnet Mask The subnet mask of the WAN port Default Gateway The gateway of the WAN port Preferred DNS Server The primary DNS Server of the system Alternate DNS Server The substitute DNS Server of the system This is an optional field WAN Configuration Static Use the following IP settings IP Address Subnet Mask Default Gateway l 1 i Ji i i wt l ee WAN l Preferred DNS Server n Alternate DNS Server j Dynamic IP settings assigned automatically PPPoE 3 2 2 Dynamic Dynamic This options is only applicable for a network environment where the DHCP server is available upstream i e Available from your ISP of the HS1100N Click the Renew button to get an IP address automatically WAN Configuration Static Use the following IP settings WAN Dynamic IP settings
66. SE 1 Blacklisti Configure 42 Blacklist 3 Blacklist3 4 Blacklist4 5 Blacklist5 HS1100N User Guide 52 Mellom 6 2 MAC Address Control To configure MAC Address Control go to Users gt gt Additional Control Additional Control Idle Timeout minutes 10 1 1440 User Session Control Multiple Login E Authentication option using On demand database will not support this function r Session Timeout minutes 120 5 1440 Built in RADIUS 7 Server Settings Idle Timeout minutes 10 1 120 Interim Update minutes 5 1 120 Upload File Certificate Upload SMTP Port Forwarding Enable Disable MAC ACL With this function only the users with their MAC addresses in this list can login to the HS1100N There are 40 users maximum allowed in this MAC address list User authentication is still required for these users Click Edit to enter the MAC Address Control list Fill in these MAC addresses select Enable and then click Apply Access Control List Enable Disable No MAC Address No MAC Address 1 i 2 a 3 i 4 5 6 7 8 9 E i 10 i il a 12 e 13 14 15 De 16 e 17 COO 18 Oooo TT 19 Doo 20 D Total 40 First Prey Next Last Caution The format of the MAC address IS XX XX XX XX XX XX Ol XX XX XX XX XX XX HS1100N User Guide 53 6 3 Policy To configure Po
67. TY SERIES Wireless N Hotspot NEILOMMT Username admin Password eeess After a successful login the Home page with four main buttons will appear on the screen HS1100N User Guide 9 D Logout Wireless N Hotspot Melton Setup Wizard Quick Links SAGU n Overview For the first time if the HS1100N is not using a trusted SSL certificate there will be a Certificate Error because the browser treats the HS1100N as an illegal website Please press Continue to this website to continue Caution If you are unable to see the login screen verify your computer is configured to obtain an IP address automatically You can also try using a static IP address such as 192 168 110 xxx where xxx is a number between 2 and 254 and then try loading the page again For assistance configuring your computer please refer to Appendix A Network Configuration on a Computer HS1100N User Guide 10 3 Adding the HS1100N to the Network 3 1 Network Requirement In typical network environment the main role of the HS1100N is a gateway that manages all the network access from the internal network to the Internet Thus the first step is to prepare an Internet connection from your ISP Internet Service Provider and connect it to the WAN port of The HS1100N 3 2 Configuring the WAN Port There are 3 connection types for the WAN Port Static Dynamic and PPPoE To configure the WAN port go to System gt gt WA
68. User s e Select Black List There are 5 black list profiles available for utilization e Name Set the black list name and it will show on the pull down menu above e Add User s Click the Add User s button to add users to the selected black list Adding User s to Blacklist1 No Username Remark 10 HS1100N User Guide 51 After entering the usernames in the Username field and the related information in the Remark blank not required click Apply to add the users If removing a user from the black list is desired select the user s Delete check box and then click the Delete button to remove that user from the black list Black List Settings Select Black List 1 Blacklist1 Name Blacklist 1 Username Remark blackuser Total 1 First Prey Next Last Add User s After the Black List editing is completed You can select the appropriate Black List in each Authentication Server type to enable it Auth Database LOCAL RADIUS RADIUS ONDEMAND Authentication Settings Auth Server Name Postfix Policy Gee ba Piv TT Black List Configure None Mi Configure None v Configure Configure None None _ PE
69. al consequential punitive or exemplary damages including but not limited to loss of profits or revenue or anticipated profits or revenue arising out of the use or inability to use any NetComm product even if NetComm Limited and or its affiliates has been advised of the possibility of such damages or they are foreseeable or for claims by any third party Notwithstanding the foregoing in no event shall NetComm Limited and or its affiliates aggregate liability arising under or in connection with the NetComm product regardless of the number of events occurrences or claims giving rise to liability be in excess of the price paid by the purchaser for the NetComm product Where the NetComm product supplied is not of a kind ordinarily acquired for personal domestic or household use or consumption NetComm Limited and its affiliates limit their liability to at their option the replacement or repair of the NetComm product or the payment of the cost of replacement or repair of the NetComm product Nothing in this clause excludes restricts or modifies any condition warranty guarantee right or remedy under a mandatory law Copyright This manual is copyright Apart from any fair dealing for the purposes of private study research criticism or review as permitted under the Copyright Act no part may be reproduced stored in a retrieval system or transmitted in any form by any means be it electronic mechanical recording or otherwise without the
70. and One Time Recurring is set with the hours within a week o Action for Matched Packets There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets through 6 3 2Routing Specific Route Profile Click the Setting button for Specific Route Profile the Specific Route Profile list will HS1100N User Guide 58 appear 1 Specific Route gt Specific Route Profile The Specific Default Route is use to control clients to access some specific IP segment by the specified gateway Global Policy Specific Routes Destination Gateway Route No T IP Address Subnet Netmask IP Address 1 255 255 255 255 32 2 255 255 255 255 32 o 3 tor 255 255 255 255 32 4 255 255 255 255 32 Policy 1 Specific Default Route Enable IP Address Policy 1 Specific Routes Destination Gateway Route No IP Address Subnet Netmask IP Address 1 255 255 255 255 32 2 r 255 255 255 255 32 3 255 255 255 255 32 4 255 255 255 255 52 l o Destination IP Address The destination network address or IP address of the destination host Please note that if applicable the system will calculate and display the appropriate value based on the combination of Network IP Address and Subnet Mask that have just been entered and applied o Destination Subnet Netmask The subnet mask of the destination network Se
71. astancanieaer meant E A NN 48 SA LOW O T aan a descend aaa aueistaa casa eanaa oc sdao hg encom ease 48 O20 AN ELmMDeorUSEr LOTIN oie EEE EE TEN 49 10 Restrain the Users eooosssoossssoossssoossssoossssoosossoossssoosossoosossoosossoossssoossssooosssoosossooo 51 O AG LSe E E EE E OE 51 OZ MAC AdGress Comolli erasa a T A 53 O PON aa A A NA 54 O TN aa E E TER 56 Ooa RUU a a E a A es 58 Ooa E a none traseuaecat estan aia uuesa raauteesancueatantenuiiioautciineed uta geea satan esse eununeauetuamuaes 61 OA OOS PO tal Cass asc ascrscss hose ceca eae San BS Re BE 62 ss SSS IO MMA 3 5 a a centtacatenancancitutane O A 63 Access Network without Authenticattionn csccccssccsssccsssccsssccesssccesscees 64 TM MINA Zs shee srdtiete tet device T T teiteee nant cai teNnie tad etuatere caueaaieha nace 64 T 10 Fal rm as Gee mepnae metro RenTe enter ee RT eRe emrEnO T Ry SORETE OntETE COMDEnE TT Mar ent Sine nro 65 Te NMS VN ee sas cases tects chee bd saacae tirea se elana Neusat E E 66 PACT Satizile o E Te eee eo eee eee 67 irs Ad ea ig CS On WA V2 ee te YD OED Ro ER MeN DOT Te ECE NY 68 7 4 Disable Authentication in Public ZOMGE cccccccccccscscesssccsscecessscesseecsssecesseccsssecesseecseecesseeessesessas 69 User Login and Logout seesseesseeesccessoessocesscoessoeesocesscessoeesocessoeesoeessoessoeesseessoeesoe 70 ok Boe Se Tyres tues T T O T T ache uhece anes 70 o LLEGIT WMT o Eeee a T a a EO 70
72. ays for the system to retain the users Retained Days information User Log Receiver Email The email address to which the user log information will be set Address es NTP Server The network time server that the system is set to synchronise against System Time Time The system time is shown as the local time The minutes allowed for the users to be inactive before their account expires Idle Time Out automatically User Session Control Enabled disabled stands for the current setting to allow disallow multiple Multiple Login login from the same local account Preferred DNS IP address of the preferred DNS Server Server Alternate DNS IP address of the alternate DNS Server Server HS1100N User Guide 99 1L 1 2 Interface Status To view the Interface Status go to Status gt gt Interface This section provides an overview of the interface for the administrator including WAN Zone Wireless General Settings Zone Private and Zone Public i a OO rot Packets Out 3251 General Bytes Out 502256 a ee S MAC Address 00 1F D4 00 7E 63 General IP Address 192 168 110 1 DHCP Server Start IP Address 192 168 110 2 End IP Address 192 168 110 100 VAP 1 Security Type WPA PSK a General OO e O s ee General End IP Address 192 168 11 100 VAP 2 HS1100N User Guide 100 Melton The description of the above mentioned table is as follows Description MAC
73. ble Server Port and IP Redirect There are 20 sets of static Internal IP Address and External IP Address available Enter the Internal and External IP Address as a Set After the setup accessing the External IP address listed in DMZ will be mapped to accessing the corresponding Internal IP Address These settings will become effective immediately after clicking the Apply button The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface WAN that will change dynamically if WAN Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with the WAN interface Automatic WAN IP Assignment Enable External IP Address Internal IP Address c 10 2 3 70 j DMZ Demilitarized Zone Item External IP Address Internal IP Address HS1100N User Guide 64 7 2 Virtual Server To configure the Virtual Server go to Network gt gt Network Address Translation gt gt Public Accessible Server NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Client Mobility Network Address Translation DMZ Demilitarized Zone Public Accessible Server Port and IP Redirect This function allows the administrator to set 20 virtual servers at most so that client devices outside the managed network can access these servers within the managed network Different virtual se
74. c Authentication Encryption Advanced _Altibute number Specily additional conmection altnbutes to be returned to the Remote fT Access served a6 A I Atiibute foamat Microsoft False RADIUS Standard ClaseQ3 RADIUS Standard PPP Vendorcode 21920 100000 7 Max download upload traffic is 1 M Bytes Step 6 Follow the same steps to create another Vendor specific Attribute if needed HS1100N User Guide 129 NEILOMM 3 VSA configuration in RADIUS server FreeRADIUS This section will guide you through VSA configuration with FreeRADIUS v1 0 5 running on Fedora Before getting started open the shell of RADIUS server for example use Putty to access the Linux host i PuTTY Configuration Category Session Basic options for your PuTTY session Logging Specify the destination you want to connect to E Terminal Keyboard Host Hame or IF address Port Bell 10 2 3 217 Features Connection type E Window Ras Telnet Alogin SSH Serial Appearance Behaviour Tranelatior Saved Sessions Load sawe or delete a stored session Selection Colours D efault Settings Load B Connection Data Proxy Save Telnet Alogin SSH Seral Save Close window on exit Always CO Hever E Only on clean esit Step 1 Confirm the following key elements in RADIUS server users groups Verify whether there are already users in RADIUS Server Verify
75. ddress Applied Policy Remark user user Folicy 1 Delete l users users None ia Delete useri useri Policy4 Delete Total 3 500 First Prev Next Last Add User Click this button to enter into the Adding User s to the List interface Fill in the necessary information such as Username Password MAC Address and Remark Select a desired Policy to classify local users Click Apply to complete adding the user s The MAC address of a networking device can be bound with a local user as well It means this user must login to system with a networking device PC that has the corresponding MAC address so this user can not login with other networking devices HS1100N User Guide 35 Adding User s to the List MAC Address XM KX NX MMM m FEE mone E Sd None MOL id m E OOO mo E O No Username Password Policy Remark ponani UL ooNNoCNT i 10 e Search Enter a keyword of a username or remark to be searched in the text filed and click this button to perform the search All usernames matching the keyword will be listed Upload User Download User Local User List Username Password MAC Address Applied Policy Remark userl useri Policy4 Delete Total 1 500 First Prev Next Last e Del All Click on this button to delete all the users at once or click on the Delete hyperlink to delete a specific user individually HS1100N User Guide 36 e Edit User If editing the c
76. e When Specific Routes are configured here all clients effected by this policy will access the specific destination through these gateway settings e Maximum Concurrent Sessions Set the maximum concurrent sessions for each client belonging to this group Policy 1 Policy 5 Beside Global Policy Policy1 to Policy5 each consists of access control profiles that can be configured respectively and applied to a certain authentication server or user HS1100N User Guide 54 Policy Configuration Policy 1 Select Policy Policy 1 Firewall Profile Specific Route Profile Schedule Profile QoS Profile Maximum Concurrent Sessions 500 sessions per user e Select Policy Select the desired policy profile to configure e Firewall Profile Each Policy has a firewall service list and a set of firewall profiles consisting of firewall rules e Specific Route Profile The default gateway of a desired IP address can be defined in a policy When Specific Routes are configured here all clients applied with this policy will access the specific destination through these gateway settings e Schedule Profile The Schedule table in a 7X24 format is used to control the clients login time When Schedule is enabled clients applied with this policy are only allowed to login the system at the time which is checked in Schedule profile settings e QoS Profile QoS profile defines the traffic class for the users governed by
77. e BSSID of this zone The ESSID of this zone Zone VAP Security Type The current security type of this zone Associated Clients The number of associated clients in this zone HS1100N User Guide 101 1L 13 Routing Table To view the System Status go to Status gt gt Routing Table All the Policy Route rules and Global Policy Route rules will be listed here Also it will show the System Route rules specified by each interface Policy 1 Destination Subnet Mask Policy 2 Destination Subnet Mask Policy 3 Destination Subnet Mask Policy 4 Destination Subnet Mask Policy 5 Destination Subnet Mask Global Policy Destination Subnet Mask System Destination 192 168 1100 192 168 11 0 10 22 0 0 0 0 0 0 Policy 1 5 Shows the information of the individual Policy from 1 to 5 Global Policy Shows the information of the Global Policy System Shows the current system routing table gt Destination The Destination IP address gt Subnet Mask The Subnet Mask of the IP address range gt Gateway The Gateway IP address of the interface gt Interface Including WAN Private and Public HS1100N User Guide 102 11 1 4 Current Users To view the Current Users go to Status gt gt Online Users In this page each online user s information including Username IP Address MAC Address Pkts In Bytes In Pkts Out Bytes Out Idle and Kick Out will be shown Administrators can disco
78. e IP address of the sender s SMTP server gt SMTP Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMvt1 is not currently available for general use o Plain and CRAM MD5d are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM MD5d or Login but which method to be used cannot be configured HS1100N User Guide 108 Notification E mail Settings Receiver E mail Address es Monitor IP Report User Log On demand User Log sai rae A A A A E E A A E E A Interval 1 Hour 1 Hour 1 Hour 1 Hour SMTP Setting Test Sender E mail Address SMTP Server SMTP Auth Method None X HS1100N User Guide 109 1L2 2 SYSLOG SYSLOG Server Settings There are 4 types of SYSLOG supported System Log On demand User Log Session Log and HTTP Web Log Enter the IP address and Port number to specify the SYSLOG server where the report should be sent to Except for System Log each supported log may be assigned Tag info as well as SYSLOG standard attributes Severity and Facility to me
79. e text mode management interface via the serial console port HS1100N User Guide 88 LALLA 10 7 Backup Restore and Reset to Factory To configure Backup Restore and Reset to Factory Default go to Utilities gt gt Backup amp Restore This function is used to backup restore the HS1100N settings Also the HS1100N can be restored to the factory default settings here Backup System Settings Restore System Settings File Name Po Brows Reset to the Factory Default e Backup System Settings Click Backup to create a db database backup file and save it on disk File Download i xi Do you want to open or save this file a Name 20050303 db Type Data Base File From 10 2 3 70 wen soe W Always ask before opening this type of file While files from the Internet can be useful some files can potentially harm your computer IF you do not trust the source do not open or save this file What s the risk e Restore System Settings Click Browse to search for a db database backup file created by the HS1100N and click Restore to restore to the same settings at the time when the backup file was saved e Reset to Factory Default Click Reset to load the factory default settings of the HS1100N 10 8 Firmware Upgrade To perform a Firmware Upgrade go to Utilities gt gt System Upgrade HS1100N User Guide 89 The administrator can download the la
80. e the following personal Al information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us If the information you provide cannot be verified we may v Choose Billing Plan for PayPal Payment Page Plan Enable Disable Quota Price 1 Enable Disable 5 hris 5 mings 0 2 Enable Disable 3 Enable Disable 10 hr s 6 min s 9000 4 Enable Disable 3 Enable Disable Until 18 30 58 6 Enable Disable 7 Enable Disable 20 73 Mbytes 0 59 3 Enable Disable g Enable Disable 10 Enable Disable 600 Mbyte s 6 99 o Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here o Choose Billing Plan for PayPal Payment Page These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled gt Client s Purchasing Record PayPal Payment Page Remark Content Client s Purchasing Record Starting Invoice Number Hotspo 0000000 Change the Number Description Item Name Internet Access _ Title for Message to Seller Special Note to Seller PayPal Payment Page Remark Content lt A Payment is accepted via PayPal PayPal enables you to Sl send payments securely online using PayPal account a credit card or bank account Clicking on
81. e whether or not to send Session Log file to the FTP Server configured in FTP Destination Server Folder The folder in the configured FTP Server in which the sent Log will be placed HTTP Web Log Records the URL of websites visited by users accessing the internet via The HS1100N to a specific FTP server HS1100N User Guide 111 gt Enable Decide whether or not to send HTTP Web Log file to the FTP Server configured in FTP Destination Server Folder The folder in the configured FTP Server in which the sent Log will be placed Interval The time interval at which the Log will be sent Vv Logged Interface The check box of Public or Private shall be checked to enable logging the HT TP Web Log of this interface User Log Records the User Log of the system to a specific FTP server Enable Decide whether or not to send User Log file to the FTP Server configured in FTP Destination Server Folder The folder in the configured FTP Server in which the sent Log will be placed On demand User Log Records the On demand User Log of the system to a specific FTP server Vv y VV y Enable Decide whether or not to send On demand User Log to the FTP Server configured in FTP Destination gt Server Folder The folder in the configured FTP Server in which the sent Log will be placed HS1100N User Guide 112 11 2 4 Event Log Event Log The Event Log provides the system activities records by checking this log 25 25 25 19
82. ed by this Policy Policy 1 Traffic Configuration Traffic Class Best Effort Total Downlink Unlimited Individual Maximum Downlink Unlimited Individual Request Downlink None h Total Uplink Unlimited Individual Maximum Uplink Unlimited Individual Request Uplink None gt Traffic Class A Traffic Class can be chosen for a Group of users There are four traffic classes Voice Video Best Effort and Background Voice and Video traffic will be placed in the high priority queue When Best Effort or Background is selected more bandwidth management options such as Downlink and Uplink Bandwidth will appear gt Total Downlink Defines the maximum bandwidth allowed to be shared by clients gt Individual Maximum Downlink Defines the maximum downlink bandwidth allowed for an individual client The Individual Maximum Downlink cannot exceed the value of Total Downlink gt Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual client The Individual Request Downlink cannot exceed the value of Total Downlink and Individual Maximum Downlink gt Total Uplink Defines the maximum uplink bandwidth allowed to be shared by clients gt Individual Maximum Uplink Defines the maximum uplink bandwidth allowed for an individual client The Individual Maximum Uplink cannot exceed the value of Total Uplink gt Individual Request Uplink Defines the guaranteed minimum bandwidth allowed for a
83. en the service zone runs in NAT mode When Router mode is chosen this zone runs in Router mode o IP Address The IP Address of this zone o Subnet Mask The subnet Mask of this zone gt DHCP Server Related information needed on setting up the DHCP Server is listed here Please note that when Enable DHCP Relay is enabled the IP address of clients will be assigned by an external DHCP server The system will only relay DHCP information from the external DHCP server to downstream clients of this zone o Start IP Address End IP Address A range of IP addresses that the built in DHCP server will assign to clients Note Please remember to change the Management IP Address List accordingly in the System gt gt General gt gt Management IP Address List section of the WM to permit the administrator to access the HS1100N admin page after the default IP address of the network interface is changed o Preferred DNS Server The primary DNS server that is used by this Zone o Alternate DNS Server The substitute DNS server that is used by this Zone o Domain Name Enter the domain name for this zone HS1100N User Guide 18 o WINS Server The IP address of the WINS Windows Internet Naming Service server if WINS server is applicable to this zone o Lease Time This is the period of time that the IP addresses issued from the DHCP server are valid and available o Reserved IP Address List Each zone can reserve up to 40 IP addresses from a p
84. ep 7 Open the radius database vivian linux mysql u root p radius Enter password Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with 4 Welcome to the MySQL monitor Commands end with or Your My50L connection id is 968 to server wersion Type help or h for help Type 4c mys l gt Step 8 Insert VSA into RADIUS response In this example the maximum download and upload traffics in bytes for group03 users is 1MBytes mysql gt INSERT INTO radgroupreply Pera char ng a Dian earns Value VALUES qroupos cipherium Byte aimount 1048576 j i Query OF 1 row affected 0 00 sec mysql gt exit Bye HS1100N User Guide 132 Step 9 Restart RADIUS daemon to get your settings activated erinit d radiusd restart Thu Oct 30 14 26 41 2008 Into Starting reading cont HS1100N User Guide 133 Appendix F On demand Account types amp Billing Plan This section explains the parameters as well as the different account types provided when editing billing plans in On demand authentication o Usage time with Expiration Time Can access internet as long as account valid with remaining quota usable time Need to activate the purchased account within a given time period by logging in for the first time Ideal for short term usage For example in coffee shops airport terminals etc Only
85. eration column of firewall rules will lead to the following page for detailed configuration From this page an existing rule can be revised NAT Privilege X Monitor IP Walled Garden Walled Garden Ad List X DDNS Client Mobility Y Layer 2 Firewall Edit Filter Rule Rule Number 8 Rule Name rule 8 Action for Matched Packets 5 Pass Block Rule Remark Link Layer Configuration Ether Type All v Interface From To VAP2 Source Destination MAC Address MAC Address MAC Mask MAC Mask gt Rule Number The numbering of this specific rule will decide its priority among available firewall rules in the list gt Rule name The rule name can be specified here v Action for Matched Packets The rule can be chosen to be Block or Pass packets that match the rule criteria Rule Remark The additional reference note of this rule can be specified here EtherType The drop down list will provide the available types of traffics subject to this rule Interface For specifying the traffic direction To or From VAP2 subjected to this rule v y 7y y IPv4 Service when EtherType is IPv4 Select the available upper layer protocols services from the drop down list HS1100N User Guide 29 gt DSAP SSAP when EtherType is IEEE 802 3 The value can be further specified for the fields in an 802 2 LLC frame header gt SNAP Type when EtherType is IEEE802 3 The field can be used to indicate the type of encapsulated traffic
86. ertificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 information pieces about its owner called the subject and the signing Certificate Authority called the issuer plus the owner s public key and the signature made by the CA Network entities verify these signatures using CA certificates You can apply for a SSL certificate at CAs such as VeriSign If you already have a SSL Certificate please Click Browse to select the file and upload it Click Apply to complete the upload process If you do not have a valid SSL Certificate use the system default certificate Authentication Black List Policy i Additional Control Upload Certificate Private Key Customer Certificate Certification Path Verification Enable Disable Without a valid certificate users may encounter the following problem in IE7 when they try to open the login page HS1100N User Guide 71 Certificate Error Navigation Blocked Windows Internet Explorer wt 7 iG http www google com File Edit view Favorites Tools Help we wt iG Certificate Error Navigation Blocked x There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate
87. et the filtering requirements on the SYSLOG Server HTTP Web Log can further select which Service Zone Web interface information to log For each type of log information whenever an incident occurs and data is updated the updated log will be immediately sent to the configured SYSLOG server SYSLOG Server Settings SYSLOG Server 1 IP Address Port SYSLOG Destinations SYSLOG Server 2 IP Address Port System Log Enabled Disabled Enabled Disabled Tag Severity Emergency X On demand User Log Facility local0 Enabled Disabled Tag Severity Emergency bi Session Log Facility local0 Enabled Disabled Tag Severity Emergency i Facility local0 HTTP Web Log Private Public Logged Interface Note When the number of a user s session TCP and UDP reaches the session limit specified in the policy a record will be logged to this SYSLOG server HS1100N User Guide 110 11 2 3 FTP This configuration page allows the setting of FTP Server to send including the types of Session Log HTTP Web Log User Log or On demand User Log based on Server Folder and Interval FTP Server Settings tP Address Ports _ FTP Destination Anonymous Yes ONo FIP Setting Test Send Test Log O Enabled Disabled Interval 1 Hour Nete same as Interval of Session Log in the Notification E mail Settings
88. fic authentication option e Black List There are 5 sets of black lists provided by the system A user account listed in the black list is not allowed to log into the system the client s access will be denied The administrator may select one or None black list from the drop down menu and this black list will be applied to this specific authentication option e Configure Click Configure button to display the specific authentication page For example if you want to edit the Local authentication database please click Configure button of Local HS1100N User Guide 34 MULL 5 L1 Local Click the Configure button in the Local section for further configuration options Local User Database Settings Local User List Enable Disable Local user database will be used as authentication database for roaming out users Enable Disable 302 1 Authentication Local user database will be used as internal RADIUS database for 802 1xX enabled LAN devices such as AP and switch Account Roaming Out e Local User List Lets the administrator view add or delete a local user account The Upload User button is for importing a list of user account from a text file The Download User button is for exporting all local user accounts into a text file Clicking on each user account leads to a page for configuring the individual local account Add User Upload User Download User Local User List Username Password MAC A
89. ficate FOON of this device for internal use e g controller ofice name com Internal Domain Name Enable Disable Portal URL http www netcomm com au e g http www google com Management IP Address List Setup Management IP Address List SNMP Enable Disable a HTTPS Protected Login Enable Disable System Time 2011 07 15 16 25 32 Time Zone SMT 1 0 00 Canberra Melbourne Sydney MTF MTP Serwer 1 C netcomm pool nty fe g tock usno nayvy mil MTP Server Z L netcomm pool nt Manually set up HS1100N User Guide 70 Melton 8 12 Internal Domain Name with Certificate To configure the Internal Domain Name go to System gt gt General Internal Domain Name is the domain name of the HS1100N as seen on client machines connected under zone It must conform to the FQDN Fully Qualified Domain Name standard A user on client machine can use this domain name to access the HS1100N instead of its IP address In addition when Use the name on the security certificate option is checked the system will use the CN Common Name value of the uploaded SSL certificate as the domain name General Settings for the Entire System System Name JHS1100N i l Use the name on the security certificate Internal Domain Name FQDN of this device for internal use e g controller ofice name com To configure a Certificate go to Users gt gt Additional Control gt gt Upload File C
90. footers are optional e Remark Enter any additional information that will appear at the bottom of the receipt e Background Image You can choose to customize the ticket by uploading your own background image for the ticket or choose none Click Edit to select the image file and then click Upload The background image file size limit is 100 Kbytes No limit for the dimensions of the image is set but a 460x480 image is recommended e Number of Tickets Enable this function to print duplicate receipts Another Remark field will appear when the Number of Ticket is selected to 2 and the content will appear at the bottom of the 2 duplicate receipt e Preview Click Preview button the ticket will be shown including the username and password information with the selected background You can also print the ticket here Billing Plans Administrators can configure several billing plans Click Edit button to enter the page of Editing Billing Plan Configure billing plans with desired account type expiration date price etc Click Apply to save the plan Go back to the screen of Billing Plans check the Enable checkbox or click Select all button and then click Apply The plan s will then be activated HS1100N User Guide 41 4 5 Billing Plans Plan Account Type Quota Price Enable Function 1 Usage time 15 min s connection time quota with expiration 10 91 2 Usage time 11 min s connection time quota 1 3 Hotel Cut off time Valid u
91. given transaction O Address The address entered either in the billing or shipping information of a given transaction O City The city is associated with either the billing address or shipping address of a transaction O State A state is associated with both the billing and shipping address of a transaction This may be entered as either a two character abbreviation or the full text name of the state O Zip The ZIP code represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits O Country The country is associated with both the billing and shipping address of a transaction This may be entered as either an abbreviation or full name O Phone A phone number is associated with both a billing and shipping address of a transaction Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number O Fax A fax number may be associated with the billing information of a transaction This number may be entered as all number or contain parentheses and dashes to separate the area code and number Authorizie Net Payment Page Remark Content Enter additional details for the transaction such as Tax Freight and Duty Amounts Tax Exempt status and a Purchase Order Number if applicable HS1100N User Guide 146 2 Payments via PayPal To configure Pa
92. has been reached Ideal for providing internet service immediately after account creation throughout a specific period of time Begin Time is the time that the account will be activated for use It is set to account creation time Elapsed Time is the time interval for which the account is valid for internet access xx hrs yy mins Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 7 Account Type Counting Method Elapsed Time Begin and end Time Cut off Time Begin Time Upon Account Creation EiT 8 ldayts 3 hris 0 mints Elapsed Time Range of day s O 364 Range of hourfs O 23 Range of mints 0 59 they cannot all be zero J 47 t Price Range 0 100000 including two digits after decimal point eg 1 99 J TIF When the Account Type is Duration time three Counting Methods may be used to decide when the account expires i Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Date Time specifies that the account is valid between the two time points i Gis Duration time Elapsed Time account lifespan e a Elapsed Time ET Creation Time CT Deletion Time DT
93. ick YES to restart the HS1100N click NO to go back to the previous screen Do NOT power off the power during system restart as this might damage the system If the power needs to be turned off it is highly recommended to restart the HS1100N first and then turn off the power after completing the restart process Do you want to RESTART the system Caution All online users will be disconnected when system is in the process of restarting HS1100N User Guide 91 LLL 10 10 Network Utility To use the Network Utilities go to Utilities gt gt Network Utilities The System provides some network utilities to allow administrators to use Wake on LAN is for waking up remote devices that supports Wake on LAN feature by entering the MAC address of the target device and then press Wake Up buiton Ping is to see whether a destination host is reachable and alive by entering the destination host s domain name or IP address and then press Ping button Trace Route displays the actual route taken to reach the destination host by entering the destination host s domain name or IP address and then press Start button ARP Table is for displaying ARP information stored on the system Network Utilities Wake on LAN mac e g XXiXKIKX XXIXNI NX Ping il ueroemain Name Trace Route IP Domain Name Stor ARP Table Status Result HS1100N User Guide 92 LLL 10 10 11 Wake on
94. ies that the account is valid between the two time points Ti Gs Duration time Cut off Time account lifespan exapmle showing Cut off on 23 00 _ewreeoee gt Cut off Time Creation Time CT Deletion Time DT Invalid Valid HS1100N User Guide 141 o Duration time with Begin and End Time Define explicitly the Begin Time and End Time of the account Countdown begins immediately after account activation and expires when the End Time has been reached Ideal for providing internet service throughout a specific period of time For example during exhibition events or large conventions such as Computex where each registered participant will get an internet account valid from 8 00 AM Jun 1 to 5 00 PM Jun 5 created in batch like coupons Begin Time is the time that the account will be activated for use defined explicitly by the operator End Time is the time that the account will become expired and not able to use any more defined explicitly by the operator Price is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 6 Account Type Counting Method Time Begin and end Time Cut off Time End Time cn oy 7000 Price f Range 0 100000 including two digits after decimal point ag 1 99 a TIP When the Account Type is Duratian time three Counting Me
95. ion standards supported are WEP 802 1X WPA PSK and WPA RADIUS Advanced The parameters in advanced are wireless settings that allow customization of data transmission enhanced security and wireless roaming Beacon Interval The entered amount of time indicates how often the beacon signal will be sent from the VAP RTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the frame to prevent the hidden node problem The RTS mechanism will be activated if the data size HS1100N User Guide 23 exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with the HS1100N or in areas where the clients are far apart and can detect only the HS1100N but not each other Fragment Threshold Enter a value between 256 and 2346 The default is 2346 A packet size larger than this threshold will be fragmented sent with several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference Broadcast SSID Enable to broadcast VAP2 s SSID in the air Disable to hide VAP s SSID so that it cannot be scanned Station Isolation By enabling this function all
96. ions are concurrently in use One of the authentication options can be assigned as default For the default authentication assigned the postfix can be omitted For example if local is the postfix of the default option then user with username Bob can login as Bob without having to type in Bob local Authentication Settings Authentication Required For a the maiis Enable Disable On demand User ondemand 9 2 2 Login with Postfix For each authentication option set a postfix that is easy to distinguish e g Local user login with the appropriate authentication server The acceptable characters are numbers 0 9 alphabet a z or A Z dash underline _ and dot within a maximum of 40 characters No other characters are allowed Beside the Default Authentication all other authentication server users logging into to system the username must contain the postfix to identify the authentication option this user belongs to ha obese aun servername pos rai none E oon E rom aia e HS1100N User Guide 48 5 2 3An Example of User Login Normally users will be authenticated before they get network access through the HS1100N This section presents the basic authentication flow for end users Please make sure that the HS1100N is configured properly and that the network related settings are done 1 Connect a client PC to Public Zone of The HS1100N Open an Internet browser and try to connect t
97. le credit card gateways traffic logs and IP sharing The HS1100N also includes the extra advantage of being wall mountable and dust proof with a IP50 metal housing 2 2 System Concept The HS1100N is capable of managing user authentication authorisation and accounting The user account information is stored in the local database or a specified external RADIUS database server Featuring user authentication and integrated with external payment gateway the HS1100N allows users to easily pay the applicable fee and enjoy the Internet service using credit cards through a variety of payment gateways including Authorize Net PayPal SecurePay and WorldPay Furthermore the HS1100N introduces the concept of Zones a Private Zone and Public Zone each with its own definable access control profiles The Private Zone means clients are not required to be authenticated before using the network services On the other hand clients in the Public Zone are required to be authenticated before using the network services This enables hotspot owners to deploy wireless network services for clients and then to manage the network as well The following diagram is an example of the HS1100N set to manage the Internet and access to network services in a typical deployment scenario HS1100N User Guide 3 ADSL Cable Modem Internet Public Zone _ q ae a B Netwrk Printer Owner s office Example A typical Hotspot network HS110
98. lect 255 255 255 255 32 if the destination is a single host o Gateway IP Address The IP address of the gateway or next router to the destination HS1100N User Guide 59 2 Default Gateway gt Default Gateway The default gateway of a desired IP address can be defined in each Policy except Global Policy When Specific Default Route is enabled all clients applied with this Policy will access the Internet through this default gateway Policy 1 Specific Default Route Enable IP Address o Enable Check Enable box to activate this function or uncheck to disable it o Default Gateway IP Address You may need to enter the IP address of the default gateway HS1100N User Guide 60 Melton 6 3 3Schedule gt Schedule Profile Click Setting of Schedule Profile to enter the configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots checkbox and click Apply to save the settings These settings will become effective immediately after clicking Apply Enable Disable Policy 1 Permitted Login Hours HOUR SUN MON TUE WED THU FRI SAT 00 00 00 59 01 00 01 59 02 00 02 59 03 00 03 59 04 00 04 59 EO O E E C E HS1100N User Guide 61 6 3 4 QoS Profile For certain applications or users that need stable bandwidth or traffic priority Policy 1 to 5 allows defining the QoS profile for the users govern
99. led Create 2 Usage time 11 min s connection time quota 1 Enabled create 3 Hotel Cut off time Valid until 12 00 the following day 5 Enabled Create 4 Duration time Valid from 2010 07 14 12 00 00 till 2010 07 14 23 59 00 1 Enabled Create v Creating an On demand Account Plan Account Type 2 Usage time Quota 11 min s connection time quota Userna me Password Creation System created Account Activation First time login must be done within 1 hour s Total Price 1 this is a ref Add a reference related to this account for example the customer s name Reference External ID Enter an external ID such as Library ID No Please confirm the information and press Create button to create an account 7 On demand Account Batch Creation After at least one billing plan is enabled the administrator can generate multiple on demand user accounts at once with batch creation Click Create button to enter the On demand Account Batch Creation Enter the desired number of accounts of enabled plans to create a batch of on demand accounts together The Number of Accounts field of disabled plans will not be able to enter any number The sum of all Number of Accounts will be constrained and will not accept a number over the available account limits in database Click Create button to start batch creation Next page will show Success or Failed message to indicate the batch creation status O
100. licy go to Users gt gt Policy The HS1100N supports multiple Policies including one Global Policy and 5 individual Policy types Global Policy is the system s universal policy and applied to all clients unless they are bounded by another policy Individual Policy can be defined and applied to different authentication server The client login with this authentication server will be bound by the corresponding Policy if for an authentication server no policy is applied its users will be governed by the Global Policy When the type of authentication database is RADIUS the Class Policy Mapping function will be available to allow the administrator to assign a Policy for a RADIUS class attribute therefore a Policy will be mapped to a user of a RADIUS class attribute Global Policy Global policy is the system s universal policy containing Firewall Rules Specific Routes Profile and Maximum Concurrent Sessions which will be applied to all users unless the user has been regulated and applied with another individual Policy Policy Configuration Global Policy Select Policy Global Firewall Profile Specific Route Profile Setting Maximum Concurrent Sessions 500 sessions per user e Select Policy Select the desired policy profile to configure e Firewall Profile Global policy and policy 1 5 all have a firewall service list and a set of firewall profiles which is composed of firewall rules e Specific Route Profil
101. ll automatically send this historicalinformation to that specified email address e Primary User Log All user activities occuring on the system within the last 72 hours excluding other user logs such as on demand user log are recorded in date and time order Each line is a traffic history record consisting of 9 fields Date Type Name IP MAC Pkts In Bytes In Pkts Out and Bytes Out of the users activities e On demand User Log Each line is an on demand user log record consisting of 14 fields Date System Name Type Name IP MAC Pkts In Bytes In Pkts Out Bytes Out Activation Time 1st Login Expiration Time and Remark of on demand users activities e Roaming Out User Log Each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionlD SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of users activities e Roaming In User Log Each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserIP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of users activities HS1100N User Guide 105 LALLA 11 1 6 Local User Monthly Network Usage To view the Local User Monthly Network Usage go to Status gt gt User Log e Monthly Network Usage of Local User The system keeps a cumulated record of the traffic generated by each Local user in the
102. ll Rules Source Rule Name Destination ANY ANY ANY ANY Rule Number 1 as an example Policy 1 Edit Filter Rule Rule Number 1 Rule Name Source Interface 7one ALL ki Interface Zone IP Address hi 0 0 0 0 IF Address X Subnet Mask 0 0 0 0 0 Subnet Mask MAC Address Service Protocol ALL hi Schedule Action for Matched Packets Always Recurring One Time Block Pass Service Schedule ALL Always ALL Always Destination ALL kd 0 0 0 0 0 0 0 0 0 X o Rule Number This is the rule selected 1 Rule No 1 has the highest priority rule No 2 has the second priority and so on o Rule Name The rule name can be changed here o Source Destination Interface Zone There are choices of ALL WAN Public and Private to be applied for the traffic interface o Source Destination IP Address Domain Name Enter the source and destination IP addresses Domain Name filtering is supported but Domain Host filtering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Service Protocol These are the defined protocols in the service protocols list to be selected o Schedule When schedule is selected clients assigned with this policy are applied the firewall rule only within the time specified There are three options Always Recurring
103. llation L2 Document Conventions Represents essential steps actions or messages that should not be ignored Contains related information that corresponds to a specific topic i Indicates that clicking this button will apply all of your settings Indicates that clicking this button will clear any changed settings Indicates that clicking this button will save the changes you made Please note You must reboot the system upon the completion of the configuration for these changes to take effect The red asterisk indicates that information in this field is compulsory HS1100N User Guide 1 L3 Package Checklist The standard package of The HS1100N includes HS1100N x 1 Quick Installation Guide QIG x 1 Console Cable x 1 Ethernet Cable x 1 Power Adapter DC 12V x 1 Rubber Antenna x 2 Mounting Kit x 1 Ground Cable x 1 Caution It is highly recommended to use the original parts supplied instead of substituting components by other suppliers in order to guarantee the best performance possible HS1100N User Guide 2 2 System Overview and Getting Started 2 1 Introduction to the HS11I00N The HS1100N is an economical and feature rich Wireless Hotspot Gateway Feature packed for hotspot operation the HS1100N comes with a built in wireless 802 11 n b g MIMO access point web server and web pages for clients to login simple user visitor account management tool payment plans multip
104. n the database and then try again e Download User Use this function to create a txt file with all Local user account information and then save it on disk Add User Upload User Download User TT Local User List Username Password MAC Address Applied Policy Remark ul ul None Delete Total 1 100 First Prey Next Last Download User to File MAC e Username Password Address Applied Policy Remark userol userOol 1 Download HS1100N User Guide 115 LLL 12 2 RADIUS Advanced Settings To configure RADIUS Advanced Settings go to Users gt gt Authentication Click Configure of RADIUS gt Complete vs Only ID For RADIUS authentication there is an option to send the complete username with postfix or username only Username Format When Complete option is checked both the username and postfix will be transferred to the RADIUS server for authentication On the other hand when Only ID option is checked only the username will be transferred to the external RADIUS server for authentication gt NAS Identifier System will send this value to the external RADIUS server if the external RADIUS server needs this gt NAS Port Type System will send this value to the external RADIUS server if the external RADIUS server needs this gt Class Policy Mapping This function is to assign a Policy to a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attribu
105. n click Upload to complete the upload process Local User Database Settings Local User List a a a Q Enable Disable E Local user database will be used as authentication database for roaming out users Enable Disable Local user database will be used as internal RADIUS database for 802 1X enabled LAN 802 1 Authentication devices such as AP and switch Add User Upload User Download User eae Local User List Username Password MAC Address Applied Policy Remark Del All ul p ul None a a Delete Total 1 100 First Prey Next Last Note 1 The format of each line is Username Password MAC Address Applied Policy Remark without the quotes There must be no space between the fields and commas The MAC field could be omitted but the trailing comma must be retained When adding user accounts by uploading a file existing accounts in the embedded database that are also defined in the data file will not be replaced by the new ones Note 2 Only O90 Asz asz and _ are acceptable for password field Upload User from File File Name Upload HS1100N User Guide 114 When uploading a file any format error or duplicated username will terminate the uploading process and no account will be uploaded Please correct the format in the uploading file or delete the duplicated user account i
106. n individual client The Individual Request Uplink cannot exceed the value of Total Uplink and Individual Maximum Uplink HS1100N User Guide 62 6 3 5Session Limit To prevent ill behaved clients or malicious software from taking up the system s connection resources the administrator can restrict the number of concurrent sessions that a user can establish Policy Configuration Policy 1 Firewall Profile ing Schedule Profile QoS Profile Maximum Concurrent Sessions f 500 sessions per user The maximum number of concurrent sessions including TCP and UDP for each user can be specified in the Global policy which applies to authenticated users users on a non authenticated port privileged users and clients in DMZ zones This can also be specified in the other policies to apply to the authenticated users gt When the number of a user s sessions reaches the session limit a choice of Unlimited 10 25 50 100 200 350 and 500 the user will be implicitly suspended upon receipt of any new connection request In this case a record will be logged to a SYSLOG server HS1100N User Guide 63 7 Access Network without Authentication 7 1 DMZ To configure the DMZ go to Network gt gt Network Address Translation gt gt DMZ Demilitarized Zone NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Client Mobility Network Address Translation DMZ Demilitarized Zone Public Accessi
107. nce creation is successful all created accounts can be exported to a text file for extended usage Moreover you can click Send to POS to print a receipt to a POS device via Serial or Ethernet network Please note It can take some time if you create lots of on demand accounts by a batch creation HS1100N User Guide 44 On demand Account Batch Creation Plan Account Type Quota Price Number of Accounts 1 Usage time 15 min s connection time quota with expiration 10 91 2 Usage time 11 min s connection time quota 1 3 Hotel Cut off Valid until 12 00 the following day 5 F Duration time Valid from 2010 07 14 12 00 00 till 2010 07 14 R 23 59 00 5 N A 6 N A Fi N A 8 N A 9 N A 0 l N A l Plan The number of a specific plan Account Type Show account type of the plan in Usage time Duration time or Hotel Cut off Quota The total time amount interval or traffic volume on how On demand users are allowed to access the network Price For each plan this is the unit price charged for an account Number of Accounts The desired number of accounts to be created from the plan 8 On demand Account List All created On demand accounts are listed and related information on is also provided Upload User Download User On demand Account List Username Password Remaining Quota Status External ID Reference Delete All 7k3t g3x5fum4 11 min s Normal New York branch Delete gcz9 6ey68m44 Until 2010 06 16 12 30 Normal Boston Branch Delete
108. net service provided by us Choose Billing Plan for SecurePay Payment Page Plan Enable Disable Quota Price 1 Enable Disable 2 Enable Disable 3 Enable Disable 4 Enable Disable 5 Enable Disable 6 Enable Disable 7 Enable Disable 8 Enable Disable 9 Enable Disable j a Enable Disable SecurePay Payment Page Remark Content You must fill in the correct credit card number and xpiration date Card code is the last 3 digits of the security code located on the back of your credit card HS1100N User Guide 149 gt SecurePay Page Configuration Merchant ID The ID that is associated with the Merchant Account Merchant Password This is the key used by Secure Pay to validate all the transactions Payment Gateway URL The default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Secure Pay Currency The currency to be used for the payment transactions gt Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here gt Choose Billing Plan for SecurePay Payment Page These 10 plans are the plans in Billing Configuration and the desired plan s can be enabled gt SecurePay Payment Page Remark Content The message content will be displayed as a special notice to end customers HS1100N User Guide 150 5 Payments via World Pay
109. nnect a specific online user by clicking the Kick Out hyperlink Click Refresh to update the current users list Online Users List Username Pkts In Bytes In Idle No Sec IP Address MAC Address Pkts Out Bytes Out Kick Out Refresh HS1100N User Guide 103 1L 1 5 User Log To view the User Log go to Status gt gt User Log This page is used to check the traffic history of the HS1100N The history of each day will be saved separately in memory for at least 3 days 72 full hours The system also keeps a cumulated record of the traffic data generated by each user in the last 2 calendar months User Log Date Size Byte 2009 04 22 635 2000 08 23 Bie On demand User Log Date Size Byte 2009 04 22 105 2009 04 23 ai Roaming Out User Log Date Size Byte 2009 04 22 106 2009 04 23 106 Roaming In User Log Date Size Byte 2009 04 22 112 2009 04 23 112 Monthly Network Usage of Local User Month No of Entries Usage Data ___2009 04 _3 _ Download Caution Since the history is saved in the DRAM if you need to restart the system and at the same time keep the history please manually copy and save the traffic history information before restarting HS1100N User Guide 104 If the Receiver E mail Address es has been entered under the E mail amp SYSLOG page the system wi
110. not apply to software programs batteries power supplies cables or other accessories supplied in or with the product 3 The customer complies with all of the terms of any relevant agreement with NetComm and any other reasonable requirements of NetComm including producing such evidence of purchase as NetComm may require 4 The cost of transporting product to and from NetComm s nominated premises is your responsibility and 5 NetComm does not have any liability or responsibility under this warranty where any cost loss injury or damage of any kind whether direct indirect consequential incidental or otherwise arises out of events beyond NetComm s reasonable control This includes but is not limited to acts of God war riot embargoes acts of civil or military authorities fire floods electricity outages lightning power surges or shortages of materials or labour 6 The customer is responsible for the security of their computer and network at all times Security features may be disabled within the factory default settings NetComm recommends that you enable these features to enhance your security The warranty is automatically voided if 1 You or someone else use the product or attempts to use it other than as specified by NetComm 2 The fault or defect in your product is the result of a voltage surge subjected to the product either by the way of power supply or communication line whether caused by thunderstorm activity or a
111. nt Page Remark Content Authorize Net Payment Page Fields Configuration Item Displayed Text Required Credit Card Number Cred it Card Number fi Credit Card Expiration Date Credit Card Expiration Date First Name First Name l Last Name Last Name Card Type Card Type Visa American Express Master Card Discover Card Code Card Code E mail E mail i F C Customer ID Room Number E Company Company IE c Address Address i a E city City a State State ii Zip Zip C Country Country s E Phone Phone C Fax Fax m E Displayed text fileds must be filled Authorizie Net Payment Page Remark Content You mast fill in the correct credit card number and expiration date Card code is the last 3 digits of the Security code located on the back of your credit card If K3 Aii gt Authorize Net Payment Page Fields Configuration O O O Item Check the box to show this item on the customer s payment interface Displayed Text Enter what needs to be shown for this field Required Check the box to indicate this item as a required field Credit Card Number Credit card number of the customer The Payment Gateway will only accept card numbers that correspond to the listed card types Credit Card Expiration Date Expiration date of the credit card This should be entered in
112. ntil 12 00 the following day 5 4 Duration time Valid from 2010 07 14 12 00 00 til 2010 07 14 23 59 00 i 5 N A 6 N A 7 N A 8 N A 9 N A 0 N A e Plan The number of the specific plan e Type This is the type of the plan which defines how the account can be used including Usage time Volume Hotel Cut off and Duration time e Quota The limit on how On demand users are allowed to access the network e Price The unit price charged for buying an account from this billing plan e Enable Check the checkbox to activate the plan e Function Click the button Edit to add one billing plan For detailed information regarding on demand accounts and billing plan configuration please refer to Appendix E On demand Account types amp Billing Plan External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access services to end customers who wish to pay for the service on line The options are Authorize Net PayPal SecurePay WorldPay or Disable For detailed parameter descriptions please refer to Appendix F External Payment Gateways External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable Terminal Server Terminal Server Configuration is a list of serial to Ethernet devices that communicate with the system only they never go online and have no need to go through the authentication process Enter the device IP into server IP
113. ny other cause s 3 The fault is the result of accidental damage or damage in transit including but not limited to liquid spillage 4 Your product has been used for any purposes other than that for which it is sold or in any way other than in strict accordance with the user manual supplied 5 Your product has been repaired or modified or attempted to be repaired or modified other than by a qualified person at a service centre authorised by NetComm and 6 The serial number has been defaced or altered in any way or if the serial number plate has been removed Limitations of Warranty The Trade Practices Act 1974 and corresponding State and Territory Fair Trading Acts or legalisation of another Government the relevant acts in certain circumstances imply mandatory conditions and warranties which cannot be excluded This warranty is in addition to and not in replacement for such conditions and warranties To the extent permitted by the Relevant Acts in relation to your product and any other materials provided with the product the Goods the liability of NetComm under the Relevant Acts is limited at the option of NetComm to e Replacement of the Goods or e Repair of the Goods or e Payment of the cost of replacing the Goods or e Payment of the cost of having the Goods repaired All NetComm ACN 002 490 486 products have a standard 12 months warranty from date of purchase However some products have an extended warranty
114. o any website in this example we try to connect to www google com a For the first time if the HS1100N is not using a trusted SSL certificate there will be a Certificate Error because the browser treats the HS1100N as an illegal website Certificate Error Navigation Blocked Windows Internet Explorer iil Ky GA Y C http teww google com Fie Edit View Favorites Tools Help w k C certificate Error Navigation Blocked i x There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Continue to this website not recommended More information b Please press Continue to this website to continue c The default user login page will appear in the browser NETCOMM VELOCITY SERIES NElLQMa Wireless N Hotspot User Login Page Welcome To User Login Page Please Enter Your Name and Password to Sign In Username Password E Remember Me Click here to purchase by Credit Card Online 2 Enter the username and password for example
115. ocol The Protocol Type can be defined from a list of service by protocols TCP UDP ICMP P and then define the Source Port range and Destination Port range click Apply to save this protocol HS1100N User Guide 56 Add Service Protocol Name Protocol Type TCP 7 Source Port E t 69535 o Destination Port d w 65939 Apply If the Protocol Type is ICMP define the Type and Code Add Service Protocol Name Protocol Type ICMP l I Type Code lf the Protocol Type is IP define the Protocol Number Add Service Protocol Name Protocol Type IP Protocol Number Apply 2 Firewall Rules After the custom protocol is defined or just use the Predefined Service Protocols you will need to enable the Firewall Rule to apply these protocols o Firewall Rules Click the number of filter Rule No to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active checkbox and click Apply to enable that rule Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced It can be set to Always Recurring or One Time HS1100N User Guide 57 No Active Action i E Block 2 E Block Selecting the Filter Policy 1 Firewa
116. onfigure for each custom pages and enter the URL of its corresponding external login page and then click Apply After applying the setting the new login page can be previewed by clicking Preview button HS1100N User Guide 119 Appendix A Network Configuration on PC amp User Login Network Configuration on PC After The HS1100N is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup e Internet Connection Setup Windows XP 1 Choose Start gt gt Control Panel gt gt Internet P uul oak File Edit View Favorites Tools Help ay Option i ay Bact E o Search Kea Folders Ei 5 G Control Panel EJ co v s a vi Control Panel a Accessibility Add Hardware Administrative Date and Time G Switch to Category View Options sie Tools See Also A D Display Folder Options Internet 4 Windows Update Controllers Options Help and Support Keyboard Network Phone and Power Options Connections Modem D Printers and Regional and Scannersand Scheduled Sounds and Faxes Language Cameras Tasks Audio Devices gs P te Speech System Taskbar and User Accounts Mware Tools 2 Choose the Connections tab and then click Internet Properties General Security Privacy Content Connections Programs Advanced Setup To set up an Internet connection click Setup Dial up and Virtual Private Network settings
117. ontent of individual user account is needed click the username of the desired user account in Local User List to enter the User Profile Interface for that particular user and then modify or add any desired information such as Username Password MAC Address optional Applied Policy optional and Remark optional Click Apply to complete the modification Editing Existing User Data Username userQl Password luseror_ MAC Address Applied Policy Policy 1 v Remark HS1100N User Guide 37 5 12 RADIUS There are two RADIUS authentication databases for configuration Click the Configure button of any one of RADIUS servers for further configuration options The RADIUS server sets the external authentication for user accounts Enter the information for the primary server and or the secondary server the secondary server is not mandatory The fields with red asterisk are necessary information These settings will become effective immediately after clicking the Apply button 807 1 Authentication Username Format NAS Identifier NAS Port Type Class Policy Mapping Server Authentication Port Accounting Port Secret Key Accounting Service Authentication Protocol Server Authentication Port Accounting Port Secret Key Accounting Service External RADIUS Server Related Settings Enable Disable Complete e g userL companyname com Only ID e g useri Po
118. option refer to packaging To be eligible for the extended warranty you must supply the requested warranty information to NetComm within 30 days of the original purchase by registering on line via the NetComm web site at www netcomm commercial com au NEILOMM NETCOMM LIMITED Head Office PO Box 1200 Lane Cove NSW 2066 Australia P 02 9424 2070 F 02 9424 2010 E int sales netcomm com au W www netcommiimited com Trademarks and registered trademarks are the property of NetComm Limited or their respective owners Specifications are subject to change without notice Images shown may vary slightly from the actual product
119. ow customization of data transmission enhanced security and wireless roaming Beacon Interval The entered amount of time indicates how often the beacon signal will be sent from the VAP RTS Threshold Enter a value between 1 and 2346 RTS Request to Send Threshold determines the packet size at which the system issues a request to send RTS before sending the frame to prevent the hidden node problem The RTS mechanism will be activated if the data size exceeds the value provided A lower RTS Threshold setting can be useful in areas where many client devices are associating with the HS1100N or in areas where the clients are far apart and can detect only the HS1100N but not each other Fragment Threshold Enter a value between 256 and 2346 The default is 2346 A packet size HS1100N User Guide 22 larger than this threshold will be fragmented split into several pieces instead of one chunk before transmission A smaller value results in smaller frames but allows a larger number of frames in transmission A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference Station Isolation By enabling this function all stations wirelessly associated to this zone are isolated from each other and can only communicate with the system WMM The default is Enable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four
120. prior written permission of NetComm Limited NetComm Limited accepts no liability or responsibility for consequences arising from the use of this product Trademarks NetComm the NetComm logo and NetComm CallDirect are trademarks of NetComm Limited Sierra Wireless is trademark of Sierra Wireless Windows is a registered trademark of Microsoft Corporation All other trademarks are acknowledged the property of their respective owners Regulatory Information Australia ACA Australian Communications Authority requires you to be aware of the following information and warnings 1 This unit shall be connected to the Telecommunication Network through a line cord which meets the requirements of the ACA TS008 Standard 2 This equipment has been tested and found to comply with the Standards for C Tick and or A Tick as set by the ACA These standards are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio noise and if not installed and used in accordance with the instructions detailed within this manual may cause interference to radio communications However there is no guarantee that interference will not occur with the installation of this product in your home or office If this equipment does cause some degree of interference to radio or television reception which can be determined by turning the equipment off and on we encourage the
121. r Since this interface does not support manual setup for its internal clock the internal clock is reset through the NTP gt Print the kernel ring buffer It is used to examine or control the kernel ring buffer The program helps users to print out their boot up messages instead of copying the messages by hand gt Main menu Go back to the main menu Change admin password Besides supporting the use of console management interface through the connection of null modem cable the system also supports SSH connections for setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface But when connecting to the system by SSH the username and password are required The username is admin and the default password is also admin The password can also be changed here If administrators forget the password and are unable to log in the management interface from the web or the remote end of the SSH they can still use the null modem to connect the console management interface and set the administrator s password again HS1100N User Guide 96 Caution Although it does not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the HS1100N Admin username and password after logging in the system for the first time
122. redefined DHCP range to prevent the system from issuing these IP addresses to downstream clients The administrator can reserve a specific IP address for a special device with a certain MAC address HS1100N User Guide 19 4 Enabling the Wireless Network 4 1 General Wireless Settings To configure the System s General Wireless Settings go to System gt gt Zone Configuration Wireless General Settings Short Preamble Enable Disable Short Guard Interval Enable Disable Wireless General Settings Band There are 4 modes to select 802 11b 2 4G 1 11Mbps 802 11g 2 4G 54Mbps 802 11b g and 802 11g n Short Preamble The length of the CRC Cyclic Redundancy Check block for communication between the Access Point and roaming wireless adapters Select Enable for Short Preamble or Disable for Long Preamble Short Guard Interval 802 11g n only The guard interval is the space between symbols characters being transmitted to eliminate inter symbol interference With 802 11n short guard interval is half of what it is used to be to increase throughput Select Enable to use Short Guard Interval or Disable to use normal Guard Interval Channel Width 802 11g n only For 802 11n double channel bandwidth up to 40 MHz is supported to enhance throughput Channel Select the appropriate channel from the drop down menu to correspond with your network settings for example Channel 1 11 is available in North
123. rice is the unit price of this plan Group will be the applied Group to users created from this plan Reference field allows administrator to input additional information Editing Billing Plan Plan 4 Account Type Quota 500 Mbi Mbytes f Range 1 2000 J First time login must be done within day s Account Activation hourts i Range of hourfs 0 23 they cannot both be zero J Valid Period After activation account will be expired in le day si Must be larger than O 7 es Price Range O 100000 including two digits after decimal paint eg 1 949 TIF If the Account Type is Volume Customer can access internet as long as the account is valid within the valid period with remaining quota traffic volumel Customer also needs to activate the issued account within a given time period by lagging in for the first time i Gs HS1100N User Guide 138 Volume account lifespan Quota up QU Activation Time Expiration Time ET i Deletion Time Wanhan Time DT E Invalid gt Valid Volume account lifespan Quota Up QU Activation Time Expiration Time ET Creation Time Ralajiap Time CT Invalid gt Valid HS1100N User Guide 139 o Duration time with Elapsed Time Account activated upon the account creation time Countdown begins immediately after account created and is continuous regardless of logging in or out Account expires once the Elapsed Time
124. rocess under Public zone may cause security problems HS1100N User Guide 68 7 4 Disable Authentication in Public Zone Configure Disable Authentication in Public Zone go to System gt gt Zones Configuration click Configure in Public Zone General WAN Configuraben WAN Traffic Zone Confduraton fone Settings Name ESSID Wireless Security Default Authen Option Details Prvate None N A Configure Public None Server 1 Authentication Required For the Zone Enable Disable Authentication Options wows radiusi Server 3 RADIUS radius2 o On demand User ONDEMAND ondemand Authentication Required For the Zone When it is disabled users will not need to authenticate before they get access to the network within Public Zone HS1100N User Guide 69 8 User Login and Logout 8 1 Before User Login 8 11 Login with SSL Configure HT TPS go to System gt gt General HTTPS HTTP over SSL or HTTP Secure is the use of Secure Socket Layer SSL or Transport Layer Security TLS as a sub layer under regular HT TP application layering HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server HTTP Protected Login function will let the client s login with https for more security Enable to activate https encryption or disable to activate http non encryption login page General Settings for the Entire System Use the name on the security certi
125. rtificate Trusted CA Management Test Mode O Enable Disable Try Test MD5 Hash O Enable Disable Merchant ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Authorize Net Test Mode In this mode merchants can post test transactions for free to check if the payment function works properly MD5 Hash If transaction responses need to be encrypted by the Payment Gateway enter and confirm a MD5 Hash Value and select a reactive mode The MD5 Hash security feature enables merchants to verify that the results of a transaction or transaction response received by their server were actually sent from the Authorize Net HS1100N User Guide 143 gt Service Disclaimer Content Choose Billing Plan for Authorize Net Payment Page Client s Purchasing Record Plan Starting Invoice Number Description Item Name po CF w Om OF amp W N E mail Header information Service Disclaimer Content We may collect and store the following personal A email address physical contact information credit card numbers and transactional information based on your 3 B J be t ac
126. rvers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server IP Address and Local Server Port Select TCP or UDP for the service s type In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply button No 10 External Service Port Public Accessible Server Local Server IP Address Total 20 First Prev Next Last Local Server Port Type E O O O O TCP UDP TEP UDP TCP UDP TEP UDP TCP UDP TCP UDP TEP UDP TEP UDP TCP UDP TCP UDP Enable a al HS1100N User Guide 65 7 3 Privilege List To configure the Privilege List go to Network gt gt Privilege Setup the Privilege IP Address List and Privilege MAC Address List The clients accessing the internet via IP addresses and or networking devices in the list can access the network without any authentication Privilege List IP Address List MAC Address List HS1100N User Guide 66 Melton 7 3 1 Privilege IP Privilege IP Address List To configure a Privilege IP Address List go to Net
127. s for the On demand User authentication option e WLAN ESSID It will show the ESSID of Public Zone e Wireless Key It will show the wireless key that was configured in Public Zone settings e Currency Select the desired currency unit for charged internet access e Remaining Reminder Enable it and input the count down minute system will remind users that their quota will run out soon when their quota reaches this time The remaining message will not show up if the Remaining Reminder time is configured longer than the quota of billing plans e Sync Interval Select the desired interval for on demand user quota update The quota information i e remaining time or remaining quota displayed on the on demand user login success page will be refreshed according to the time interval configured here 2 Ticket Customization The On demand account ticket can be customized here and previewed on the screen HS1100N User Guide 40 3 Ticket Customization Receipt Header 1 Welcome Receipt Header 2 Receipt Header 3 Receipt Footer 1 Thank You Receipt Footer 2 Receipt Footer 3 Remark None Background Image Uploaded Image Number of Tickets 18 e Receipt Header There are 3 receipt headers supported by the system The entered content will be printed on the receipt These headers are optional e Receipt Footer There are 3 receipt footers supported by the system The entered content will be printed on the receipt These
128. s of starting the system the HS1100N DHCP function will automatically assign an appropriate IP address and related information for each PC HS1100N User Guide 122 Appendix B Policy Priority Global Policy Authentication Policy and User Policy The HS1100N supports multiple Policies including one Global Policy and 5 individual Policies which can be assigned to different Authentication Servers The Global Policy is the system s universal policy and is applied to all clients while other individual Policy can be selected and defined to be applied to any Authentication Server For some authentication such as Local and RADIUS users can be assigned to different Policy individually So one user may be applied different policies at the same time Which policy is actually then applied to this user The Policy Priority are enforced as follows User Policy gt gt Authentication Policy gt gt Global Policy Now let us discus different user policy type gt For Local and RADIUS the users can be assigned to different Policy individually For example a Local user user01 is assigned to Policy1 and the Local Authentication is assigned to Policy2 Then user01 login to Public Zone will get Policy1 This is a common case for users that can assign Policy individually gt For Local and RADIUS if these users are not assigned any User Policy individually they will be the same as other users within the same authentication server For example a
129. s security profile it include WEP 802 1x for Public Zone only WPA PSK or WPA RADIUS for Public Zone only gt WEP o 802 11 Authentication Select from Open System or Shared Key o WEP Key Length Select from 64 bit 128 bit 152 bit key length o WEP Key Format Select from ASCII or Hex format for the WEP key o WEP Key Index Select a key index from 1 4 The WEP key index is a number that specifies which WEP key will be used for the encryption of wireless frames during data transmission o WEP Keys Provide the pre defined WEP key value the system supports up to 4 sets of WEP keys gt 802 1X o Dynamic WEP For 802 1X security type Dynamic WEP is always enabled to automatically generate WEP keys for encryption o WEP Key Length Select from 64 bit or 128 bit key length o Re keying Period The time interval for the dynamic WEP key to be updated the time unit specified is in seconds gt WPA PSK o Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES HS1100N User Guide 25 WAP2 or Mixed o Pre shared Key Passphrase Enter the key value for the pre shared key or passphrase o Group Key Update Period The time interval for the Group Key to be renewed the time unit is in seconds gt WPA RADIUS Same as 802 1X when it is selected it is combined with TKIP AES or Mixed mode o Cipher Suite Select an encryption method from TKIP WPA AES WPA TKIP WAP2 AES WAP2 or Mixed o
130. ser Guide 31 4 4 2 Predefined and Custom Service Protocols The administrator can add or delete firewall service protocols here the services in this list will become available drop down options to choose from in firewall rule when EtherType is IPv4 The first 27 entries are default services and the administrator can add any extra desired services The 27 default firewall services cannot be deleted but can be disabled _ A NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DONS Client Mobility Layer 2 Firewall Service Protocols List No E Name E EEEE Select All 1 ALL ALL 2 ALL TCP TCP Source Port 0 65535 Destination Port 0 65535 a o 3 ALL ICMP ICMP 4 FTP TCP UDP Destination Port 20 21 a HTTP TCP UDP Destination Port 80 6 HTTPS TCP UDP Destination Port 443 7 POPS TCP Destination Port 110 8 SMTP TCP Destination Port 25 9 DHCP UDP Destination Port 67 68 10 DNS TCP UDP Destination Port 53 Add Delete Total 27 First Prev Next Last HS1100N User Guide 32 4 4 3 Advanced Advanced Firewall Settings can be enabled to supplement the firewall rules providing extra security enhancement against DHCP and ARP traffics traversing the available interfaces of system NAT Privilege Monitor IP Walled Garden Walled Garden Ad List DDNS Client Mobility Layer 2 Firewall Advanced Enable Disable
131. servers Rename ay aae eat A roperties Daemon BS p A Move Up Move Down e Active records cs Director E E Ed Certification Authority ES ps Opens property sheet for the current selection we Ss Command SEPVICES Click Edit Profile and select the Advanced Tag Click Add to add a new Vendor specific attribute Group3_Unlimited Properties Settings Specify the conditions that connection requests must match Policy conditions abs SE ls toy 2 x Windowes Groups ae P a iaaea Dial in Constraints IF Multilink Authentication Encryption Advanced Specify addition Add Attribute Access Server Attributes To add an attribute to the Profile select the attribute and then click Add Add Name T n ma 3 1 o add an attribute that i not listed select the Yendor Specitic attribute Generate Class IF connection requ Class l associated profile Framed Pratoce Attribute Service T ype Unless individual el coerce h Ess Ss policy controls acc Allowed Certificate O1D Microsoft Specifies the certificate purpose or usage object identifiers f Generate Class Attibute Microsoft Species whether LAS automatically generates the class al If a connection rer Generate Session Timeout Microsoft Species whether 45 automatically generates the session C Deny remote Ignore U ser Dialin Properties Microsoft Specities that the user s dial in properties are ignored
132. ssscccesssacccesssececesssacecesseaceccessaceccessacecceseaeescesenes 14 WAN Bandwidth CONTO reana a at diawassandicsa bin stuns cbawd use diaas hse adinanedeaenneamanices 15 LAY a s bai a 7 0 p mnt On a Rea RN ia RTE ACU tC OR CRO 16 Ded Me POLE ROI SSIOM GING sajaiceateanas tate seie aaa aise E EE A 17 39 2 CONMOUre the ZONE NetWork esimus anan a a eo ieseeie ies aie Aa 18 Enabling the Wireless Netw ork ccsscccsssscssssssssssccsssccesssccesssccesssccessscsesees 20 General Wiroloss SUH OS sree enacts E sens gisnadaetenuncne baal nedened A TA 20 ZORO WAL CICSS SONOS araa a a aoa daclstahtielbsen 22 ZOnE NNIT ISS SCCOMILY saaa E 25 Wireless Gaver 2 OW aani E EO 27 AAV Generic Prewall RUES cerniera ASN 28 4 4 2 Predefined and Custom Service Protocols cccccccccccsssccesscccssseccssseccsssecesssecesseecesseecesseecesseecesseeesnseeess 32 da Adya CO ea AE EER 33 Who Can Access the Netw ork cscccsssscssssssesssccessccssscccsssccesssccessscsesssesesscees 34 fy 4 59 6 Of Bc ac pene enn Tee PERT or ERT PEE Cm PSNI UTE ESI TREN Rn eNE WOME enue eye rarer 34 SEL TOCA a ceccint se ete tae E anon renee A ae pened T eet anata eae ae 35 pee RADI a A E EE E NEEE CE EEE E E 38 SL OMEIDOH aG sels iain ereetiatesausncetanascotentadou shin tesennn cop arpa euseametci EE sueeiiensasaaeimaannientes 40 Usor Log a Bempeeamees tne ere a Ne Pr nai RIT BO ee re PB RP AO 48 52k DofadltA thentcal nsus anaa E anon osseral
133. sstaasncuesdscuayacacaueceadstoatntaes A A 87 10 7 Backup Restore and Reset to FactOry ccccccescccsssccsssscesssecsssscesseccssscessecesseecsssecessecessseesaees 89 TOSS Pray ware Up Grae siatastesedas i wine ciostiesitiaintaiatsivdnginie A nese aden 89 10 9 REST eA O ere ee ee 91 1010 IN ENO k y aa A 92 TOBTO ET WV ACO aa AN scr chic sare aire casita beta a a a a aa 93 IFO AG dees scabs E AT T A O Wau eas 93 OS et are ROE a A E O E EA EEE A T E 93 TO Oy SIO Wy ARP Tahle sirar a AE A iis tec E ose ETA 93 IOE MOm Or TREINE seun A A A 94 TOAD COn ole TME E E ated ee 95 11 System Status and Reports seeesseessoessocesscessocesocessoeesocessoeesocesocessoeesocessoeesocessoee 98 ILE Vew SUAS aenn e A Gaetan 98 Medi Woy St CMM a A E E T E 98 LLZ TEC AS e ST OP a a Te ee 100 TLL ROUNO Table en a rE E N T T A A 102 EFOTT USEI aa ee ee E AAE AEE ee ee ene eee ree 103 PELS US T VON rca tee trace oer coe sate case spec lean career nen a8 at came eae tee cine ena E cis otianess 104 11 1 6 Local User Monthly Network USag cccccccsssscssssscesssecesseccesseecesseccesseecesseecesseecesseecesseecssseecstseeesnas 106 1 Nonno erence ei en Pt eae oe eI PS DCP ITE ee Oe 107 Tee E M Fs ee ere ere Ree er ne re ee en Sears tere eee te 108 A BAZ An UN etree re er Ne A eer Ee a eae ne ee eee 110 i DAS le Zetec rere ve nr ee oP Te er E AE EA Ne P E Pe re Pe A re Pe 111 T PEV LOO eee Ramee ere nC a OR nC Set EON A Tartar
134. stations wirelessly associated to this zone are isolated from each other and can only communicate with the system WMM The default is Enable Wi Fi Multimedia WMM is a Quality of Service QoS feature that prioritizes wireless data packets based on four access categories voice video best effort and background Applications without WMM and applications that do not require QoS are assigned to the best effort category which receives a lower priority than that of voice and video Therefore WMM decides which data streams are more important and assigns them a higher traffic priority This option works with WMM capable clients only HS1100N User Guide 24 4 3 Zone Wireless Security To configure a Zones Wireless Security go to System gt gt Zone Configuration click the Configure bution for the Private zone or click the Configure button for the Public zone Please note Ensure a wireless security key is set to protect your wireless network Wireless Settings VAP 1 VAP Status Enable Disable Basic ESSID z Security Security Type None a Beacon Interval 100 WEP 500ms WPA PSEK RTS Threshold 2346 1 2346 Se es we VAP Stabus Enable Disable a ESSID Security Security Type None Beacon Interval WEP 500ms BO2 1 RTS Threshold WPA PSK 1346 s WPA RADIUS i Fragment Threshold 2346 256 2346 Security For each zone administrators can set up a different wireles
135. ter supplied with the HS1100N Using a different power adapter may damage the unit HS1100N User Guide 8 2 6 Access Web Management Interface The HS1100N supports Web Management Interface WMI configuration Upon the completion of hardware installation the HS1100N can be configured via web browsers with JavaScript enabled such as Internet Explorer version 6 0 and above or Firefox Default LAN interface IP address LAN1 192 168 110 1 is mapped to Private Zone with no authentication required for users LAN2 192 168 11 254 is mapped to Public Zone by default authentication is required for users Note The instructions below are illustrated with the administrator PC connected to LAN1 To access the web management interface connect a PC to LAN1 Port and then launch a browser Make sure you have set your computer to Obtain an IP address automatically The default gateway IP address should be the default gateway IP address of the Private Zone 192 168 110 1 Next enter the gateway IP address of The HS1100N at the address field The default gateway IP address of LAN1 Port is https 192 168 110 1 https is used for a secured connection HS1100N Mozilla Firefox File Edit View History Bookmarks Tools Help The administrator login page will appear Enter admin the default username and admin the default password in the User Name and Password fields Click LOGIN to log in NETOOMM VELOG
136. tes log into the system via the RADIUS server each client will be mapped to its assigned Policy RADIUS Policy Mapping Server 2 Enable Disable No Class Attribute Value policyName Remark 1 Policy 1 2 o Policy 1 i 3 Policy 1 4 Policy 1 5 J Policy 1 HS1100N User Guide 116 LALLA 12 3 Roaming Out To configure local user Roaming Out go to Users gt gt Authentication click configure of Local Under certain configurations The HS1100N can act as a RADIUS server for Roaming Out local user logged from other system The Local User database will act as the RADIUS user database e Account Roaming Out amp 802 1X Authentication When Account Roaming Out is enabled the link of Roaming Out amp 802 1X Client Device Settings will be available to define the client device authorized to roam by entering the IP address Subnet Mask and Secret Key Local User Database Settings Local User List Enable Disable Local user database will be used as authentication database for roaming out users Enable Disable 802 1X Authentication Local user database will be used as internal RADIUS database for 802 1 enabled LAN devices such as AP and switch Account Roaming Out Roaming Out amp 802 1 Cllent Device Settings Roaming Out amp 802 1x Client Device Settings
137. tes not covered in common attributes It MUST not affect the operation of the RADIUS protocol The Attribute Type of VSA is 26 and the Vendor ID should be determined before proceeding to RADIUS configuration in this example the Vendor ID is 21920 Attribute Number and Attribute Value can then be designed to provide additional control over RADIUS Attribute Name Attribute Number Attribute Value HS1100N Byte Amount 10 To be defined by administrator for different user group HS1100N MaxByteln 11 To be defined by administrator for different user group HS1100N MaxByteOut 12 To be defined by administrator for different user group HS1100N Byte Amount 4GB 20 To be defined by administrator for different user group HS1100N MaxByteln 4GB 21 To be defined by administrator for different user group HS1100N MaxByteOut 4GB 22 To be defined by administrator for different user group HS1100N User Guide 125 If the amount of traffics is larger than 4 GB the attributes of XXXX 4GB will be used For example if the amount is 5 GB the following settings should be set HS1100N Byte Amount 1048576 and HS1100N Byte Amount 4GB 1 On the other hand when the administrator fills in all attributes the user will be kicked out from system if any condition is reached For example if the administrator sets HS1100N Byte Amount 1048576 HS1100N MaxByteln 1048576 and HS1100N MaxByteOut 1048576
138. test firmware from the NetComm website and upgrade the system here Select the latest firmware with Browse button then click Apply the system will upload the file and restart to perform the upgrade process It might take a few minutes before the upgrade process completes and the new firmware s WMI interface appears System Firmware Upgrade Current Version 1 00 00 Build 1 7 1 3224 File Name Note For better maintenance we strongly recommend you backup system settings before upgrading firmware Apply Note After clicking Apply the system will begin uploading the chosen firmware into the system Once the upload process is complete system will restart to activate the new firmware The entire process may take a few minutes until the new firmware WMI appears When restart is complete the system will not lease IP addresses Use a static IP configured computer to upgrade the system firmware Caution 1 Firmware upgrade may cause the loss of some data You may need to manually backup user account information please refer to the release notes for any limitations before upgrading 2 Do not power on off the system during the upgrade or restart process It may damage the system and cause malfunction HS1100N User Guide 90 10 9 Restart To perform a system restart go to Utilities gt gt Restart This function allows the administrator to safely restart the HS1100N and the process takes approximately three minutes Cl
139. thods may be used to decide when the account expires i Elapsed Time specifies the time duration from account creation for which the account is valid 2 Cut off Time specifies the next cut off time point for which the account becomes invalid 3 Begin and End Date Time specifies that the account is valid between the two time points Cancel Duration time Begin and end Time account lifespan ee End Time Begin Time Creation Time Ralajiap Time CT E Invalid m Valid HS1100N User Guide 142 This section is to show independent Hotspot owners how to configure related settings in order to accept payments via Authorize net PayPal SecurePay or WorldPay making the Hotspot an e commerce environment for end users to pay for and obtain Internet access with credit cards 1 Payments via Authorize Net To configure Payments via Authorize Net go to Users gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt Authorize Net Before setting up Authorize Net it is required that the merchant owners have a valid Authorize Net account gt Authorize Net Payment Page Configuration External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable Authorize Net Payment Page Configuration Merchant Transaction Key fo Payment Gateway URL https secure authorize net gateway transact dll Enable Disable Verify SSL Ce
140. tivities on the Internet service provided by us Choose Billing Plan for Authorize Net Payment Page Enable Disable Quota Price Enable Disable 5 ris 5 mints 0 Enable Disable Enable Disable 10 hris 6 mints 9000 Enable Disable Enable Disable Until 18 30 ae Enable Disable Enable Disable 20 73 Mbyte s 0 59 Enable Disable Enable Disable Enable Disable 600 Mbytels 6 99 Client s Purchasing Record Hotspot o J C Change the Number Internet Access li Enjoy Online _ gt Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer Choose Billing Plan for Authorize Net Payment Page These 10 plans are the plans configured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed Client s Purchasing Record O Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change tt Description Item Name This is the item information to describe the product for example Internet Access Email Header Enter the information that should appear in the header of the invoice HS1100N User Guide 144 gt Authorize Net Payment Page Fields Configuration Authorize Net Payme
141. tors e All PCs need to install the TCP IP network protocol 2 9 Installation Steps Please follow the steps below to install the HS1100N 1 Place the HS1100N in the best location possible The best location for The HS1100N is usually at the centre of your wireless network 2 There are two ways to supply power over to the HS1100N a Connect the DC power adapter to the HS1100N power socket on the front panel b The HS1100N is capable of receiving DC current via its WAN PoE port Connect an IEEE 802 3af compliant PSE device e g a PoE switch to the WAN port of The HS1100N with the Ethernet cable 3 Connect the HS1100N to your outbound network device Connect one end of the Ethernet cable to the WAN port of the HS1100N on the front panel Depending on the type of internet service provided by your ISP connect the other end of the cable to an ADSL cable modem a switch or a hub The WAN LED indicator should be ON to indicate a proper connection 4 Connect the HS1100N to your network device Connect one end of the Ethernet cable to the LAN1 port of The HS1100N on the front panel Connect the other end of the cable to a PC for configuring the system The LAN1 LED indicator should be ON to indicate a proper connection Note The HS1100N has two virtual zones Private and Public which are mapped to LAN1 192 168 110 254 and LAN2 192 168 11 254 respectively The hardware installation is now complete Caution Only use the power adap
142. we use a local user account test local here and then click Submit button If the Remember Me check box is checked the browser will store the username and password on the current computer in order to automatically login to the system at the next login Then click the Submit button The Credit Balance button on the User Login Page is for on demand users only they can check their Remaining quota here HS1100N User Guide 49 NETCOMM VELOGITY SERIES NELGAA Wireless N Hotspot User Login Page Welcome To User Login Page Please Enter Your Name and Password to Sign In Username Password Remember Me Copyright Click here to purchase by Credit Card Online 3 Successful The Login Success Page means you are now connected to the network and Internet NETCOMM VELOCITY SERIES KE Wireless N Hotspot Login Success Page Welcome testuser local Login Time 2011 7 15 16 22 32 Logout Copyright amp HS1100N User Guide 50 6 Restrain the Users 6 1 Black List To configure Black Lists go to Users gt gt Black List The administrator can add delete or edit the black list for user access control Users accounts that appear in the black list will be denied network access The administrator can use the pull down menu to select the desired black list Black List Settings Select Black List 1 Blacklist1 7 Name Blacklist Username Remark Total 0 First Prev Next Last Add
143. whether there are already Groups and assigned users belonging to these Groups in RADIUS Server Step 2 Log in the Linux host of the RADIUS server E a C g vivian linux login as vivian VWivian1lO 2 3 217 s password P ries 30 13 53 37 2008 from 10 29 2 97 vivian linux 4 Step 3 Create a file dictionary HS1100N under the freeradius folder wivianllinux wi usr share freeradius dictionary HS1100N User Guide 130 LALLA attribute Byte A mount interger Ste attribute ATTRIBUTE Byte imount interder ATTRIBUTE MaxBytetIn interger ATTRIBUTE Max Byte In 2 interqer ATTRIBUTE Byte A mount 4G8 2 interger ATTRIBUTE MaxByteIn 4G8 A interger ATTRIBUTE MaxByteIn 4G8 Di interger Step 5 Edit the file dictionary under the folder freeradius vivian linux wi usr share freeradius dictionary HS1100N User Guide 131 MeltOnM To include dictionary HS1100N in the dictionary of RADIUS server insert it in an incremental position as follows INCLUDE dictionary ascend INCLUDE dictionary bay INCLUDE dictionary bintec INCLUDE dictionary cabletron INCLUDE dictionary INCLUDE This is the same as the altiga dictionary a 5 INCLUDE dictionary cisco vpn3000 INCLUDE dictionary y cisco wpnasi00 INCLUDE dictionary cisco bhsam INCLUDE dictionary colubris S INCLUDE dictionary er St
144. work Configuration gt gt Privilege gt gt IP Address List If there are workstations inside the managed network that need to access the network without authentication enter the IP addresses of these workstations in the Granted Access by IP Address The Remark field is not necessary but is useful to keep track of each entry The HS1100N allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply Granted Access by IP Address No IP Address Remark Caution Permitting specific IP addresses to have network access rights without going through standard authentication process under Public zone may cause security problems HS1100N User Guide 67 7 3 2 Privilege MAC Privilege MAC Address List In addition to the Privilege IP List the MAC address List allows the MAC address of the workstations that need to access the network without authentication to be set in the Granted Access by MAC Address The HS1100N allows 100 privilege MAC addresses at most When manually creating the list enter the MAC address the format IS XX XX XX XX XX XX aS well as the remark not necessary These settings will become effective immediately after clicking Apply Granted Access by MAC Address No MAC Address Remark Total 100 First Prev Next Last Caution Permitting specific MAC addresses to have network access rights without going through standard authentication p
145. yments via PayPal go to User gt gt Authentication gt gt On demand User gt gt External Payment Gateway gt gt PayPal Before setting up PayPal it is required that the hotspot owners have a valid PayPal Business Account After opening a PayPal Business Account the hotspot owners should find the Identity Token of this PayPal account to continue PayPal Payment Page Configuration gt External Payment Gateway PayPal Payment Page Configuration External Payment Gateway Authorize Net PayPal SecurePay WorldPay Disable PayPal Payment Page Configuration Payment Gateway URL https www paypal com cqi bin webscr Identity Token Pid Enable Disable Trusted CA Management Currency USD U S Dollar Ba Verify SSL Certificate o Business Account The Login ID an email address that is associated with the PayPal Business Account o Payment Gateway URL The default website address to post all transaction data o Identity Token This is the key used by PayPal to validate all the transactions o Verify SSL Certificate This is to help protect the system from accessing a website other than PayPal o Currency The currency to be used for the payment transactions HS1100N User Guide 147 gt Service Disclaimer Content Choose Billing Plan for PayPal Payment Page Service Disclaimer Content We may collect and stor
Download Pdf Manuals
Related Search