4 ip n e t WHG 301 Use r’s Ma nua l V1.
Co p yrigh t The c o nte nts o f this p ub lic a tio n ma y no t b e re p ro d uc e d in a ny p a rt o r a s a who le , sto re d , tra nsc rib e d in a n info rma tio n re trie va l syste m , tra nsla te d into a ny la ng ua g e , o r tra nsmitte d in a ny fo rm o r b y a ny me a ns, me c ha nic a l, ma g ne tic , e le c tro nic , o p tic a l, p ho to c o p ying , ma nua l, o r o the rwise , witho ut the p rio r writte n p e rmissio n o f 4IPNET, INC . D is claim e r 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l FCC CAUTION This equipment has been tested and proven to comply with the limits for a class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
ip ne t WHG 301 Use r’s Ma nua l Table o f Co n te n ts 1. 2. 3. Before You Start................................................................................................................................................. 1 1.1 Preface ................................................................................................................................................... 1 1.2 Document Conventions ........................................................................................
4ip ne t WHG 301 Use r’s Ma nua l 4.3.6 AP Upgrade ................................................................................................................................. 90 4.3.7 WDS Management....................................................................................................................... 91 4.4 Network Configuration .......................................................................................................................... 92 4.4.
4ip ne t WHG 301 Use r’s Ma nua l 1. Be fo r e Y o u St a r t 1.1 Preface This manual is for hotspot owners or network administrators to set up a network environment using the 4ipnet WHG301 system. It contains step-by-step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation. 1.2 Document Conventions Represents essential steps, actions, or messages that should not be ignored.
4ip ne t WHG 301 Use r’s Ma nua l 2 . Sy s t e m Ov e r v ie w 2.1 Introduction of 4ipnet WHG301 4ipnet WHG301 is an all-in-one product specially designed for wired and wireless data network environments in small to middle scaled businesses and hotspots. It features integrated management, secured data transmission, and enhanced accounting and billing. System administrators can effectively monitor wired or wireless users, including employees and guest users via its user management interface.
4ip ne t WHG 301 Use r’s Ma nua l 2.3 Specification 2.3.1 Hardware Specification General Form Factor: Mini-desktop Dimensions (W x D x H): 9.6" x 5.9" x 1.8" (243 mm x 150 mm x 45.5 mm) Weight: 2.8 lbs (1.
4ip ne t WHG 301 Use r’s Ma nua l Each service zone allows access to the selected groups Each service zone assigns a network policy to each user group User Management and Guest Accounts Authentication methods supported: Local and On-demand accounts, POP3, LDAP, RADIUS, Windows Domain, and SIP authentication Single-Sign-On for Windows Domain Allow MAC address and user identity binding for local user authentication Support MAC Access Control List Support auto-expired guest accounts Users can be divided into
4ip ne t WHG 301 Use r’s Ma nua l Monitoring and Reporting Status monitoring of online users IP-based monitoring of network devices Uplink (WAN) connection failure alert Support Syslog for diagnosis and troubleshooting User traffic history logging Traffic history report via email to administrator Users’ session log can be sent to ftp or Syslog server Accounting and Billing Support local on-demand and external RADIUS server Contain ten configurable billing plans for on-demand accounts Support credit card bi
4ip ne t WHG 301 Use r’s Ma nua l 3 . In s t a lla t io n 3.1 Hardware Installation 3.1.1 System Requirements Standard 10/100BaseT including five network cables with RJ-45 connectors All PCs need to install the TCP/IP network protocol 3.1.
4ip ne t WHG 301 Use r’s Ma nua l 3.1.3 Panel Function Descriptions Front Panel ① LED: There are four kinds of LED, Power, Status, WAN and LAN, to indicate different status of the system. Power: LED ON indicates power on. Status: While system power is on, status OFF indicates BIOS is running; BLINKING indicates the OS is running, and ON indicates system is ready. WAN: LED ON indicates connection to the WAN port. LAN: LED ON indicates connection to the LAN port.
4ip ne t WHG 301 Use r’s Ma nua l 3.1.4 Installation Steps Please follow the steps below to install 4ipnet WHG301: 1. Connect the 12V power adapter to the power socket on the rear panel. The Power LED should be on to indicate a proper connection. 2. Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable to an xDSL/cable modem, or a switch/hub on the LAN of a company/organization. The LED of this port should be on to indicate a proper connection. 3.
4ip ne t WHG 301 Use r’s Ma nua l 3.2 Quick Software Configuration 4ipnet WHG301 supports web-based configuration. Upon the completion of hardware installation, WHG301 can be configured via web browsers with JavaScript enabled such as Internet Explorer version 6.0 and above or Firefox. There are two ways to configure the 4ipnet WHG301 system: using the online Configuration Wizard or changing the settings by commands manually. The Configuration Wizard comprises of six basic steps as follows.
4ip ne t WHG 301 Use r’s Ma nua l For the first time, if WHG301 is not using a trusted SSL certificate, there will be a “Certificate Error”, because the browser treats WHG301 as an illegal website. Please press “Continue to this website” to continue. The default user login page will then appear in the browser. For more information, please see 4.2.5 Additional Configuration.
4ip ne t WHG 301 Use r’s Ma nua l Manager: The manager can only access the configuration pages under User Authentication to manage the user accounts, but without the permission to change the settings of the profiles of Firewall, Specific Route and Schedule. User Name: manager Password: manager Operator: The operator can only access the configuration page of Create On-demand User to create new on-demand user accounts and print out the on-demand user account receipts.
4ip ne t WHG 301 Use r’s Ma nua l After a successful login to WHG301, a web management interface with a welcome message will appear. 8 Note: 2. To logout, simply click the Logout icon on the upper right corner of the interface to return to the login screen. Now you are ready to run the Wizard. To quickly configure WHG301 by using the Configuration Wizard, click System Configuration from the top menu to go to the System Configuration page. Then, click Configuration Wizard on the left.
4ip ne t WHG 301 Use r’s Ma nua l 3. Running Configuration Wizard A welcome screen that briefly introduces the 6 steps will appear. Click Next to begin. 8 Note: During every step of the wizard, if you wish to go back to modify the settings, please click the Back button to go back to the previous step. Step 1. Change Admin’s Password Enter a New Password for the admin account and retype it in the Verify Password field (20-character maximum and no spaces).
4ip ne t WHG 301 Use r’s Ma nua l Step 2. Choose System’s Time Zone Select a proper time zone from the drop-down list box. Click Next to continue. Step 3. Set System Information Home Page: Enter the URL that users should be initially directed to when successfully authenticated to the network. NTP Server: Enter the URL of the external time server for 4ipnet WHG301 time synchronization or use the default setting.
4ip ne t WHG 301 Use r’s Ma nua l Step 4. Select Connection Type for WAN Port Three are three types of WAN port to be selected from: Static IP Address, Dynamic IP Address and PPPoE Client. Select a proper Internet connection type and click Next to continue. Dynamic IP Address If this option is selected, an appropriate IP address and related information will automatically be assigned. Click Next to continue.
4ip ne t WHG 301 Use r’s Ma nua l PPPoE Client: Set PPPoE Client’s Information Enter the “Username” and “Password” provided by your ISP. Click Next to continue. 16 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l Step 5. Add Local User Account (Optional) A new user can be added to the Local User database. To add a user here, enter the Username (e.g. test), Password (e.g. test), MAC Address (optional) and assign an Applied Group to this particular user (or use the default None). More users can be added to this authentication method by clicking the Add Now button. Click Next to continue. Step 6.
4ip ne t WHG 301 Use r’s Ma nua l Restart: When WHG301 is restarting, a “Restarting now. Please wait for a moment.” message will appear on the screen. Please do NOT interrupt WHG301 restart process until the Configuration Wizard pop-up window has disappeared—which indicates the restart process has been completed. If all steps are done properly, you can start working on the system or refer to the user’s manual for advanced settings. 18 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4 . W e b In t e r fa ce Co n fig u r a t io n This chapter will guide you through further detailed settings. The following table shows all the functions of 4ipnet WHG301. 19 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l System User AP Network Configuration Authentication Management Configuration Configuration Authentication OPTION Utilities Status Change System Password Status Backup/Restore Interface Settings Status Firmware Routing Upgrade Table Network AP List Wizard Address Configuration Translation System Black List AP Discovery Information Configuration WAN1 Group Privilege List Manual Monitor IP List FUNCTION Configuration Configuration Config
4ip ne t WHG 301 Use r’s Ma nua l 4.1 System Configuration This section includes the following functions: Configuration Wizard, System Information, WAN1 Configuration, WAN2 Configuration, WAN Traffic Settings, LAN Port Mapping and Service Zones. 21 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.1.1 Configuration Wizard There are two ways to configure the 4ipent WHG301 system: using the online Configuration Wizard or changing the settings by commands manually. The Configuration Wizard comprises of 6 basic steps, providing a simple and easy way to go through the basic setups of WHG301. Please refer to 3.2 Quick Software Configuration for the detailed description of Configuration Wizard. 22 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.1.2 System Information Main information about 4ipnet WHG301 is shown as follows: System Name: Set the system’s name or use the default. Device Name: FQDN (Fully-Qualified Domain Name). This is the domain name of the WHG301 as seen on client machines connected on LAN ports. A user on client machine can use this domain name to access WHG301 instead of its IP address.
4ip ne t WHG 301 Use r’s Ma nua l Traffic History:https://10.2.3.213/status/history/2005-02-17 On-demand History:https://10.2.3.213/status/ondemand_history/2005-02-17 Management IP Address List: The IP address or subnet of remote management PCs. Only PCs within this IP range on the list are allowed to access the system's web management interface. For example, 10.2.3.0/24 means that as long as an administrator is using a computer with the IP address range of 10.2.3.
4ip ne t WHG 301 Use r’s Ma nua l 4.1.3 WAN1 Configuration There are 4 connection types for the WAN1 Port: Static IP Address, Dynamic IP Address, PPPoE and PPTP Client. Static IP Address: Manually specifying the IP address of the WAN Port. The fields with red asterisks are required to be filled in. IP Address: The IP address of the WAN1 port. Subnet Mask: The subnet mask of the WAN1 port. Default Gateway: The gateway of the WAN1 port. Preferred DNS Server: The primary DNS server used by the system.
4ip ne t WHG 301 Use r’s Ma nua l PPTP Client: Select STATIC to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically. The fields with red asterisks are required to be filled in. There is a Dial on demand function under PPPoE. If this function is enabled, a Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself. 26 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.1.4 WAN2 Configuration Select None to disable this WAN2 interface, or there are 3 connection types for the WAN2 port: Static IP Address, Dynamic IP Address, and PPPoE Client. None: The WAN2 Port is disabled. Static IP Address: Manually specifying the IP address of the WAN port. The red asterisks indicate required fields to be filled in. IP address: the IP address of the WAN2 port. Subnet mask: the subnet mask of the network WAN2 port connects to.
4ip ne t WHG 301 Use r’s Ma nua l 28 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.1.5 WAN Traffic Settings The section is for administrators to configure the control over the entire system’s traffic though the WAN interface (WAN1 and WAN2 ports). Available Bandwidth on WAN Interface: Uplink: It specifies the maximum uplink bandwidth that can be shared by clients of the system. Downlink: It specifies the maximum downlink bandwidth that can be shared by clients of the system.
4ip ne t WHG 301 Use r’s Ma nua l a reminding message. This reminding message will appear on clients' screens when Internet connection is down. SIP authentication is exempt from Load Balancing and WAN Failover. A fixed WAN port is used for SIP traffic. 30 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.1.6 LAN Port Mapping WHG301 supports multiple Service Zones in either of the two VLAN modes, Port-Based or Tag-Based, but not concurrently. In Port-Base mode, each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports. In Tag-Based mode, each LAN port can serve traffic from any Service Zone as each Service Zone is identified by VLAN tags carried within message frames.
4ip ne t WHG 301 Use r’s Ma nua l It is recommended that the administrator decides which mode is better for a multiple-service-zone deployment before proceeding further with the system configuration. Settings for the two VLAN modes are slightly different, for example, the VLAN Tag setting is required for Tag-Based mode. Select Service Zone Mode: Select a VLAN mode, either Port-Based or Tag-Based. The switches deployed under WHG301 in Port-Based mode must be Layer2 Switches only.
4ip ne t WHG 301 Use r’s Ma nua l Tag-Based: When the Tag-Based mode is selected, traffic from different virtual Service Zones will be distinguished by VLAN tagging, instead of by physical LAN ports. Select Tag-Based and then click Apply to activate the Tag-Based VLAN function. When a restart message screen appears, do NOT restart the system until you have completed the configuration under the Service Zones tab first.
4ip ne t WHG 301 Use r’s Ma nua l 4.1.7 Service Zones A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices. By associating a unique VLAN Tag and SSID with a Service Zone, administrators can separate wired network and wireless network into different logical zones.
4ip ne t WHG 301 Use r’s Ma nua l Click Configure button to configure each Service Zone: Basic Settings, SIP Interface Configuration, Authentication Settings, Wireless Settings, and Managed AP in Each Service Zone. 1) Service Zone Settings – Basic Settings Service Zone Status: Each service zone can be enabled or disabled except for the default service zone. Service Zone Name: The name of service zone could be input here. Network Settings: o Operation Mode: Contains NAT mode and Router mode.
4ip ne t WHG 301 Use r’s Ma nua l o WINS Server IP: The IP address of the WINS (Windows Internet Naming Service) server that if WINS server is applicable to this service zone. o Lease Time: This is the time period that the IP addresses issued from the DHCP server are valid and available. o Reserved IP Address List: Each service zone can reserve up to 40 IP addresses from predefined DHCP range to prevent the system from issuing these IP addresses to downstream clients.
4ip ne t WHG 301 Use r’s Ma nua l 3) Service Zone Settings – Authentication Settings Authentication Status: When enabled, users must be authenticated before they get access to the network within this Service Zone. Authentication Options: There are total seven types of authentication database (LOCAL, POP3, RADIUS, LDAP, NTDOMAIN, ONDEMAND, and SIP) that are supported by the entire system.
4ip ne t WHG 301 Use r’s Ma nua l Default Policy in this Service Zone: For each Service Zone, one policy can be applied to enforce the access control over the users. Please refer to 4.2.4 Policy Configuration for complete description. Email Message for Login Reminding: When enabled, the system will automatically send an email to users if they attempt to send/receive their emails using POP3 email program (for example, Microsoft Outlook) before they are authenticated.
4ip ne t WHG 301 Use r’s Ma nua l 4.2 User Authentication This section includes the following functions: Authentication Configuration, Black List Configuration, Group Configuration, Policy Configuration and Additional Configuration. 39 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.2.1 Authentication Configuration This section is for administrators to pre-configure authentication servers for the entire system's Service Zones. For a particular Service Zone, administrators can enable all the authentication servers which will be used and also specify a default authentication server in the page of Service Zone Settings.
4ip ne t WHG 301 Use r’s Ma nua l Authentication Server Configuration WHG301 provides four authentication servers and one on-demand server that the administrator can apply with different policy. Click on the server name to set the configuration for that particular server. After completing and clicking Apply to save the settings, go back to the previous page to select a server to be the default server and enable or disable any server on the list.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.1.1 Authentication Method – Local Choose “Local User” from the Authentication Method field, the button besides the pull-down menu will become “Local User Setting”. Click the button of Local User Setting for further configuration. Edit Local User List: It let the administrator view / add, and delete local user account. The Upload User button is for importing a list of user account from a text file.
4ip ne t WHG 301 Use r’s Ma nua l o Add User: Click this button to enter into the Adding User(s) to the List interface. Fill in the necessary information such as “Username”, “Password”, “MAC”, and “Remark”. Select a desired Group to classify local users. Check to enable Local VPN in the Enable Local VPN column. Click Apply to complete adding the user(s). For more information on Group configuration, please refer to 4.2.3. Group Configuration.
4ip ne t WHG 301 Use r’s Ma nua l Download User: Use this function to create a .txt file with all built-in user account information and then save it on disk. Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Del All: Click on this button to delete all the users at once and click on Delete to delete the user individually. 44 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l Edit User: If editing the content of individual user account is needed, click the username of the desired user account to enter the User Profile Interface for that particular user, and then modify or add any desired information such as Username, Password, MAC Address (optional), Group (optional), Enable Local VPN (optional) and Remark (optional). Click Apply to complete the modification. Roaming Out & 802.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.1.2 Authentication Method – POP3 Choose “POP3” from the Authentication Method field, the button beside the pull-down menu will become “POP3 Setting”. Click the button of POP3 Setting for further configuration. Enter the information for the primary server and/or the secondary server (the secondary server is not required). The fields with red asterisk are necessary information. These settings will become effective immediately after clicking the Apply button.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.1.3 Authentication Method – RADIUS Choose “RADIUS” from the Authentication Method field, the button beside the pull-down menu will become “Radius Setting”. Click the button of Radius Setting for further configuration. The RADIUS server sets the external authentication for user accounts. Enter the information for the primary server and/or the secondary server (the secondary server is not required). The fields with red asterisk are necessary information.
4ip ne t WHG 301 Use r’s Ma nua l Click the hyperlink of Radius Client List to enter the Radius Client Configuration page. Choose a desired type from Disable, Roaming Out or 802.1X. Enter the IP Address, Segment (Subnet Mask), and Secret Key of 802.1X clients. Click Apply to complete the settings. Trans Full Name: When Complete option is checked, both the username and postfix will be transferred to the RADIUS server for authentication.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.1.4 Authentication Method – LDAP Choose “LDAP” from the Authentication Method field, the button beside the pull-down menu will become “LDAP Setting”. Click the button of LDAP Setting for further configuration. Enter the information for the primary server and/or the secondary server (the secondary server is not required). The blanks with red asterisk are necessary information which should be filled in.
4ip ne t WHG 301 Use r’s Ma nua l 50 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.2.1.5 Authentication Method – NTDomain Choose “NTDomain” from the Authentication Method field, the button beside the pull-down menu will become “NT Domain Setting”. Click the button of NT Domain Setting for further configuration. Enter the server IP address and enable/disable the transparent login function. These settings will become effective immediately after clicking the Apply button. Server IP: The IP address of the external NT Domain Server.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.1.6 Authentication Method – On-demand User On-demand User Server Configuration: The administrator can enable and configure this authentication method to create on-demand user accounts. This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment.
4ip ne t WHG 301 Use r’s Ma nua l billing notice of the login successful page by the time interval defined here. Number of Tickets: Print one or duplicate receipts, when pressing the print button of the ticket printer which connected to serial port. 2) Ticket Customization On-demand account ticket can be customized here and previewed on the screen. Receipt Header: There are two receipt headers supported by the system. The entered content will be printed on the receipt. These headers are optional.
4ip ne t WHG 301 Use r’s Ma nua l 3) Billing Plans Administrators can configure several billing plans. Click Edit button to enter the page of Editing Billing Plan. Click Apply to save the plan that manually set up by the administrators. Go back to the screen of Billing Plans, click Enable button, and then the plan is activated. Plan: The number of the specific plan. Type: This is the type of the plan, based on which it defines how the account can be used.
4ip ne t WHG 301 Use r’s Ma nua l o Cut-off Time: The time of day at which the on-demand account is cut off (made expired) by the system on that day. Please note that the “Grace Period” is an additional, short period of time after the account is cut off, during which a user is allowed to continue to use the on-demand account to access the Internet without paying additional fee.
4ip ne t WHG 301 Use r’s Ma nua l Verify SSL Certificate: This is to help protect the system from accessing a website other than Authorize.Net. Test Mode: In this mode, merchants can post test transactions for free to check if the payment function works properly. MD5 Hash: If transaction responses need to be encrypted by the Payment Gateway, enter and confirm a MD5 Hash Value and select a reactive mode.
4ip ne t WHG 301 Use r’s Ma nua l “Change the Number” checkbox to change it. Description (Item Name): This is the item information to describe the product (for example, Internet Access). Email Header: Enter the information that should appear in the header of the invoice. Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content Authorize.Net Payment Page Fields Configuration Item: Check the box to show this item on the customer’s payment interface.
4ip ne t WHG 301 Use r’s Ma nua l Card Code: The three- or four-digit code assigned to a customer’s credit card number (found either on the front of the card at the end of the credit card number or on the back of the card). E-mail: An email address may be provided along with the billing information of a transaction. This is the customer’s email address and should contain an @ symbol.
4ip ne t WHG 301 Use r’s Ma nua l § PayPal Before setting up “PayPal”, it is required that the hotspot owners have a valid PayPal “Business Account”. Please see Appendix B. Accepting Payments via PayPal for more information about setting up a PayPal Business Account, relevant maintenance functions, and an example for clients. After opening a PayPal Business Account, the hotspot owners should find the “Identity Token” of this PayPal account to continue “PayPal Payment Page Configuration”.
4ip ne t WHG 301 Use r’s Ma nua l Service Disclaimer Content: View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here. Choose Billing Plan for PayPal Payment Page: These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled.
4ip ne t WHG 301 Use r’s Ma nua l 5) On-demand Account Creation On-demand accounts are listed and related. When at least one plan is enabled, the administrator can generate on-demand user accounts here. Click this to enter the On-demand Account Creation screen. Click on the Create button of the desired plan and an on-demand user account will be created. Click Print to print a receipt which will contain the on-demand user’s information, including the username and password.
4ip ne t WHG 301 Use r’s Ma nua l 62 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 6) On-demand Account List All created On-demand accounts are listed and related information on is also provided. Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Username: The login name of the user. Password: The login password of the user. Remaining Quota: The remaining time or volume that the user can continue to use to access the network.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.1.7 Authentication Method – SIP The system provides SIP proxy for SIP clients (devices or soft clients) pass through NAT. After enable SIP proxy server, all SIP traffic can pass through NAT with a selective but fixed WAN interface. Administrator will be able to add trusted SIP Registrars up to four of them. A group can be chosen to govern SIP traffic. SIP: SIP authentication supports 4 Trusted SIP Registrar. IP Address: The IP address of the Trusted SIP Registrar.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.2 Black List Configuration The administrator can add, delete, or edit the black list for user access control. Each black list can include up to 40 users. Users’ accounts that appear in the black list will be denied of network access. The administrator can use the pull-down menu to select the desired black list. Select Black List: There are 5 lists to select from for the desired black list. Name: Set the black list name and it will show on the pull-down menu above.
4ip ne t WHG 301 Use r’s Ma nua l 66 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.2.3 Group Configuration There are 8 groups to choose from. Local users can be classified by applying Group options. A Group which is allowed to access a Service Zone can be applied with a Policy within this zone. The same Group within different Service Zones can be applied with different Policies as well as different Authentication Options. Group Configuration – Group 1~8 QoS Profile: Set parameters for traffic classification.
4ip ne t WHG 301 Use r’s Ma nua l queue. When Best-Effort or Background is selected, more bandwidth management options such as Downlink and Uplink Bandwidth will appear. o Group Total Downlink: Defines the maximum bandwidth allowed to be shared by clients within this Group. o Individual Maximum Downlink: Defines the maximum downlink bandwidth allowed for an individual client belonging to this Group. The Individual Maximum Downlink cannot exceed the value of Group Total Downlink.
4ip ne t WHG 301 Use r’s Ma nua l Name: The name of Service Zones and Remote VPN. Enabled: Select Enabled to allow clients of this Group to log into the selected Service Zones. For example, the above figure shows that users in Group 1 can access network services via every Service Zone as well as Remote VPN under constraints of Policy 1. Policy: Select a Policy that the Group will be applied with when accessing respective Service Zones.
4ip ne t WHG 301 Use r’s Ma nua l constraints of the selected Policies. Check Enabled of each individual Group to assign it to the Service Zone listed. For example, the above figure shows, clients in Group 1~8 can access Default Service Zone, where they are governed by Policy 1~8 respectively. o Policy: Select a Policy that the Group will be applied with when accessing this Service Zone.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.4 Policy Configuration WHG301 supports multiple Policies, including one Global Policy and 12 individual Policy. Each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users. Global Policy is the system’s universal policy and applied to all clients, while other individual Policy can be selected and defined to be applied to any Service Zone.
4ip ne t WHG 301 Use r’s Ma nua l Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. o Predefined and Custom Service Protocols: There are predefined service protocols available for firewall rules editing. The administrator is able to add new custom service protocols by clicking Add, and delete the added protocols with Select All and Delete operations.
4ip ne t WHG 301 Use r’s Ma nua l o Rule Number: This is the rule selected “1”. Rule No. 1 has the highest priority; rule No. 2 has the second priority, and so on. o Rule Name: The rule name can be changed here. o Source/Destination – Interface/Zone: There are choices of ALL, WAN1, WAN2, Default, and the named Service Zones to be applied for the traffic interface. o Source/Destination – IP Address/Domain Name: Enter the source and destination IP addresses.
4ip ne t WHG 301 Use r’s Ma nua l Maximum Concurrent Session for User: Include Maximum Concurrent Session for User, from 10 to Unlimited. The concurrent sessions for each user, it can be restricted by administrator. 8 Note: For more information, please refer to Appendix E. Session Limit and Session Log. 4.2.4.2 Policy 1 ~ Policy 12 Each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users.
4ip ne t WHG 301 Use r’s Ma nua l Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. o Predefined and Custom Service Protocols: This link leads to a Service Protocols List where the administrator can define a list of service by protocols (TCP/UDP/ICMP/IP). There are predefined service protocols available for firewall rules editing.
4ip ne t WHG 301 Use r’s Ma nua l o Rule Item: This rule number of the selected rule. Rule No. 1 has the highest priority; Rule No. 2 has the second priority, and so on. o Rule Name: The rule name can be changed here. o Source / Destination – Interface/Zone: There are choices of ALL, WAN1, WAN2, Default and the Service Zones to be applied to the traffic interface. o Source / Destination – IP Address/Domain Name: Enter the source and destination IP addresses.
4ip ne t WHG 301 Use r’s Ma nua l o Enable: Check Enable box to activate this function or uncheck to inactivate it. o Destination / IP Address: The destination network address or IP address of the destination host. Please note that, if applicable, the system will calculate and display the appropriate value based on the combination of Network/IP Address and Subnet Mask that are just entered and applied. o Destination / Subnet Netmask: The subnet mask of the destination network. Select 255.255.255.
4ip ne t WHG 301 Use r’s Ma nua l 4.2.5 Additional Configuration User Control: Functions under this section apply to all general users. Idle Timer: If a user has idled with no network activities, the system will automatically kick out the user. The logout timer can be set between 1~1440 minutes, and the default logout time is 10 minutes. Multiple Login: When enabled, a user can log in from different computers with the same account. (This function doesn’t support On-demand users and RADIUS authentication.
4ip ne t WHG 301 Use r’s Ma nua l Without a valid certificate, users may encounter the following problem in IE7 when they try to open the login page. Click “Continue to this website” to access the user login page. To Use Default Certificate: Click Use Default Certificate to use the default certificate and key. Click restart to validate the changes. Credit Reminder: The administrator can enable this function to remind the on-demand users before their credit run out.
4ip ne t WHG 301 Use r’s Ma nua l Enhance User Authentication: With this function, only the users with their MAC addresses in this list can log into WHG301. There are 40 users maximum allowed in this MAC address list. User authentication is still required for these users. Please enter the Permit MAC Address List to fill in these MAC addresses, select Enable, and then click Apply. The format of the MAC address is: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx. 80 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.3 AP Management WHG301 supports to manage up to 12 access points (AP), and they can be configured in this section. This section includes the following functions: AP List, AP Discovery, Manual Configuration, Template Settings, Firmware Management, AP Upgrade and WDS Management. 81 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.3.1 AP List All of the APs under the management of WHG301 will be shown in the list. The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status. Check any AP and then click the button below to Reboot, Enable, Disable and Delete the checked AP if desired. Click Apply Template to select one template to apply to the AP. 82 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l AP Name Click AP Name and enter the interface about related settings. There are four kinds of settings, General Settings, LAN Interface Setting, Wireless Interface Setting and Access Control Setting. Click the hyperlink to go on the configuration. General Setting: Click Setting to enter the General Setting interface. Firmware information can be observed here. LAN Setting: Click LAN to enter the LAN Setting interface.
4ip ne t WHG 301 Use r’s Ma nua l Wireless LAN: Click Wireless LAN to enter the Wireless interface. Access Control: In this function, when the status is “Allowed”, only these clients whose MAC addresses are listed in this list can be allowed to connect to the AP; on the other hand, when the status is “Denied”, the clients whose MAC addresses are listed in the list will be denied to connect to the AP. When “Disabled” is selected, all clients can connect to the AP. The default is Disabled.
4ip ne t WHG 301 Use r’s Ma nua l 85 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.3.2 AP Discovery Use this function to detect and manage all of the APs in the network segments. Note that WHG301 can only manage APs that are connected to its LAN ports. Therefore, the AP discovery function is for adding locally connected APs to its management list. The administrator must know the local IP addresses of the APs he/she wishes to discover. To discover AP manually, please fill in the required data. AP Type: Choose the type of AP you wish to discover.
4ip ne t WHG 301 Use r’s Ma nua l Click Configuring to go on the related configuration. For the details, please refer to 4.3.1 AP List. Background AP Discovery: Click Configure to enter Background AP Discovery interface to go on related configuration. The Interface and AP Access configuration is the same as the settings mentioned above. When Background AP Discovery function is enabled, the system will scan once every 10 minutes or according to the time set by the administrator.
4ip ne t WHG 301 Use r’s Ma nua l 4.3.3 Manual Configuration The AP also can be added manually even though when it is offline. Input the related data of the AP and select a Template. After clicking Add, the AP will be added to the managed list. 88 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.3.4 Template Settings Template is a model that can be copied to every AP and not necessary to configure the AP individually. There are three templates provided. Click Edit to go on configuration. Before configure the template, copy the configuration mode of an AP to the template by selecting a Source AP, and without configuring the template from the beginning, administrators can also revise some settings for demand. If copy is not desired, please select NONE.
4ip ne t WHG 301 Use r’s Ma nua l 4.3.5 Firmware Management Firmware Upload displays the current version of the AP’s firmware. New firmware can be uploaded here to update the current firmware. To upload, click Browse to select the file and then click Upload. 4.3.6 AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware, and click Apply to upgrade firmware. 90 © 2008 4IPNET, INC .
4ip ne t WHG 301 Use r’s Ma nua l 4.3.7 WDS Management WDS Management (Wireless Distribution System) is a function used to connect APs (Access Points) wirelessly. The WDS management function of the system can help administrators to setup a “Tree” structure of WDS network. WDS Status: Status shows the added APs in the WDS Tree with the Security and Channel settings. The WDS could be set up more than one tree. Click the Edit is to change the WDS connection settings for the associated WDS Tree.
4ip ne t WHG 301 Use r’s Ma nua l 4.4 Network Configuration This section includes the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled Garden List, Proxy Server Properties, Dynamic DNS, IP Mobility and VPN Configuration. 92 © 2008 4IPNET, INC .