User's Manual Part 2

ManualsBrandsGemtek Technology ManualsElectronics54 Mb Hotspot-in-a-Box

User’s Guide Chapter 7 – Reference Manual

Internet Router

Internal Servers

P-560

Employees Traffic

Visitor Traffic

Visitor

Employe

WLAN

LAN

WAN

Figure 146 – User Access

Step 1 Configure your RADIUS server to use the "Billing-Class-of-Service" attribute as

defined in the WISPr vendor specific attribute set (see appendix: Vendor Specific

Attributes). If this BCoS attribute is set to the value "visitor_access" during the

authentication response, the AC will allow routing between the WLAN port and the

LAN port for this specific user.

Step 2 Use the system | access | NAV menu and enable visitor access function on ixp0

(LAN).

Such a user (visitor) will have employee access rights and access to servers running in the LAN (see

Figure 146 – User Access, employee traffic). In other words, the P-560 controls the client’s access to

the LAN via RADIUS attributes specifically addressing which clients are allowed to connect to the

LAN.

Visitor access on selected interface can only function with enabled

authentication. RADIUS server should authenticate the user, in order to control

user’s access to LAN.

If authentication is on enabled (visitor access enabled) user only receives the access to the Internet

independently from his/her access rights.

System | Access | SNMP

SNMP is the standard protocol that regulates network management over the Internet. With enabled

SNMP service Hotspot-in-a-Box can act as SNMP agent. To communicate with SNMP manager you

must set up the same SNMP communities and identifiers on both ends: manager and agent. For more

information about SNMP see Chapter 6 – SNMP Management.

Use the system | access | SNMP menu to enable/disable SNMP service or change current SNMP

configuration on your P560 controller.

Gemtek Systems Page 101

Summary of content (51 pages)

PAGE 1
User’s Guide Chapter 7 – Reference Manual Employees Traffic Visitor Traffic Internal Servers LAN WLAN Employe WAN P-560 Internet Router Visitor Figure 146 – User Access Step 1 Configure your RADIUS server to use the "Billing-Class-of-Service" attribute as defined in the WISPr vendor specific attribute set (see appendix: Vendor Specific Attributes).
PAGE 2
User’s Guide Chapter 7 – Reference Manual Figure 147 – SNMP Settings SNMP Table: SNMP Service – enable or disable SNMP service on AC [enabled/disabled]. By default SNMP service is enabled. With service enabled the AC acts as the SNMP agent. If enabled, then device can be configured via SNMP: SNMP Name – An administratively assigned name for this managed node [0-99 any string]. By convention, this is the node’s fully qualified domain name. SNMP Location – The physical location of this node (e.g.
PAGE 3
User’s Guide Chapter 7 – Reference Manual SNMP Users Table: SNMP Users table is only used for SNMP v3. SNMP Users – Users are used in SNMP version 3. They have the same access rights as communities, but instead of a single community name there are user name and password. Strong encryption is supported in SNMPv3. User Name – enter user name for read-only (RO) or read-write (RW) SNMP access [1-32 all ASCII printable characters, no spaces].
PAGE 4
User’s Guide Chapter 7 – Reference Manual IP Address – specify the host address (AP in our case) to which any incoming requests should be resent [dots and digits]. OID Local – enter Object Identifier (OID) of MIB tree if you want to proxy only the specified SNMP requests under the specific OID in the MIB tree. That part is specified by OID local tree [optional, number and dots].
PAGE 5
User’s Guide Chapter 7 – Reference Manual Currently Connected Administrators – logged administrators list in format: [administrator name, IP address, and idling time in hours/minutes/seconds]. Uptime – indicates the time, expressed in days, hours and minutes since the system was last rebooted [days/hours/minutes/seconds]. Software Runtime – indicates the time, expressed in days, hours and minutes since the software reboot.
PAGE 6
User’s Guide Chapter 7 – Reference Manual Figure 153 – LAN Interface Statistics RX – indicates data volume received on the WLAN interface since reboot. TX – indicates data volume transmitted to the WLAN interface since reboot. LAN interface (ixp0) (including the IP address, netmask, MAC address of the LAN interface, RX/TX statistics) RX – indicates data volume received on the WLAN interface since reboot. TX – indicates data volume transmitted to the WLAN interface since reboot.
PAGE 7
User’s Guide Chapter 7 – Reference Manual System | Reset Check the Factory defaults values in the Appendix section: B) Factory Defaults for the Access Controller. If you need to reboot your device or reset to factory defaults select the system | reset menu: Figure 154 – Reset and Reboot Reset – reset device to factory default values. Keep in mind that resetting the device is an irreversible process. Please note that even the administrator password will be set back to the factory default.
PAGE 8
User’s Guide Chapter 7 – Reference Manual System | Update Check for new product updates at the Gemtek Systems website: http://www.gemtek-systems.com To update your device firmware, use only the original firmware image and under system | update menu click the upload button: Figure 155 – Firmware Update Specify the full path to the new firmware image and click the upload button: Figure 156 – New Firmware Upload Firmware Image – enter the firmware image using the full path.
PAGE 9
User’s Guide Chapter 7 – Reference Manual Figure 158 – Firmware Auto-update Configuration Status - defines if auto-update is enabled or disabled. Default value disabled. Update URL - defines where firmware should be downloaded from. It points directly to firmware update file. URL should be accessible without any user authentication. URL can use HTTP, HTTPS and FTP protocols. Default value - empty string. Update interval – time interval between each update in hours [1-9999].
PAGE 10
User’s Guide Chapter 7 – Reference Manual Connection Use the connection menu to view the connected user’s statistics, set outgoing mail server or observe the connected station availability. Figure 159 – Connection Menu Connection | Users The users menu is for viewing the connected users’ statistics. Also ability to logout user from the system is implemented here: Figure 160 – Users’ Statistics The users’ statistics parameters are as follows: No – number of the user’s session connection.
PAGE 11
User’s Guide Chapter 7 – Reference Manual Interface – name of interface, through which client is connected. User IP – IP address, from which the user’s connection is established. Address is presented in digits and dots notation. MAC Address – hardware address of the network device from which the user is connected. Authentication mode – authentication method which user uses to connect. WISP – WISP domain name where the user belongs. Session ID – the unique user’s session ID number.
PAGE 12
User’s Guide Chapter 7 – Reference Manual Connection | E-mail Redirection The outgoing mail (SMTP) server redirection is performed using the e-mail redirection menu. By default such redirection settings is displayed: Figure 162 – E-mail Redirection Settings Click the edit button to specify your outgoing mail server settings. Figure 163 – Edit E-mail Redirection Status – enable/disable e-mail redirection function.
PAGE 13
User’s Guide Appendix Appendix A) Access Controller Specification Technical Data Wireless Standard IEEE 802.11g (OFDM), IEEE 802.11b (DSSS), 2.4GHz ISM band, Wi-Fi compliant Data Rate 802.11g: 54, 48, 36, 24, 18, 12, 9, 6 Mbps, 802.11b: 11Mbps, 5.5Mbps, 2, 1Mbps (auto fall back) Client Stations Max. 250 simultaneous client stations (depending on SW license Bronze, Silver, Gold) Typical range 50 meters in indoor environments, up to 300m outdoors Transmit Power Max.
PAGE 14
User’s Guide Weight Appendix - Environment Specification Operating Temperature Humidity 0 to 55°C 10 % to 95%, non-condensing Power Supply External 100-230V AC, 50/60Hz LEDs 8 LEDs Power, Online, WAN link, WLAN link, 4x LAN-link Warranty 2 years Package Contents P560 Hotspot-in-a-Box Two Ethernet patch cables Two detachable antenna’s SMA connector type CD-ROM with software and documentation Mounting Kit including tool to remove AP from wall mounting External power supply, 100-230 V, 50/60 Hz Po
PAGE 15
User’s Guide Appendix B) Factory Defaults for the Access Controller Network Interface Configuration Settings Configuration | Interface Configuration Interface Eth0 Status Enabled Type LAN IP Address 192.168.4.1 Netmask 255.255.255.0 Gateway Ixp1 Interface Ixp1 Status Enabled Type WAN IP Address 192.168.2.66 Netmask 255.255.255.0 Gateway 192.168.2.1 Interface Ixp0 Status Enabled Type LAN IP Address 192.168.3.1 Netmask 255.255.255.
PAGE 16
User’s Guide Appendix DNS Hostname None Domain None Type Primary IP Address 0.0.0.0 Type Secondary IP Address 0.0.0.0 DHCP Status DHCP Server Interface Eth0 IP Address from 192.168.4.2 IP Address to 192.168.4.254 WINS Address 0.0.0.0 Status DHCP Server Interface Ixp0 IP Address from 192.168.3.2 IP Address to 192.168.3.254 WINS Address 0.0.0.
PAGE 17
User’s Guide Appendix Port 1813 Secret secret (case sensitive) Reverse Accounting disabled Strip WISP enabled UAM authentication method PAP WISP No WISP defined on system. Accounting Backup Description Backup via syslog Status Disabled Host 0.0.0.0 Description Backup to local file Status Disabled Host - Tunnels | PPPoE/PPTP/GRE PPPoE/PPTP/GRE services are disabled. Tunnels | PPTP Client for VPN No PPTP client for VPN entries defined on system.
PAGE 18
User’s Guide Appendix Wireless | WDS No WDS links are specified. User Interface Configuration Settings Pages Page Welcome Use Internal Status Enabled Location Welcome.xsl Page Login Use Internal Status - Page Logout Use Internal Status - Location Logout.xsl Page Help Use Internal Status - Location Images/help.html Page Unauthorized Use Internal Status - Location Images/unauthorized.
PAGE 19
User’s Guide Appendix No free site (or walled garden) URL is specified. Web Proxy Web Proxy Enabled Port 3128, 8080 System Configuration Settings Configuration | Syslog Remote Log Status Disabled Host 0.0.0.0 Level Debug Configuration | Trace System History Size 100 Level Debug Configuration | Clock Date Time No further known parameter. Configuration | NTP NTP Service Disabled Host 0.0.0.
PAGE 20
User’s Guide Appendix Access | AAA UAM Enabled EAP802.1x Disabled MAC Disabled Use Password RADIUS secret Password password (case sensitive) Access | UAT Interface Eth0 UAT Status Disabled IP Address 0.0.0.0 Netmask 0.0.0.0 Interface Ixp0 UAT Status Disabled IP Address 0.0.0.0 Netmask 0.0.0.0 Access | Isolation Bindmac Disabled Isolation Disabled Access | NAV Interface Eth0 IP Address 192.168.3.
PAGE 21
User’s Guide Appendix User Name private (case sensitive) Password password (case sensitive) There are no SNMP proxies on system. There are no SNMP traps on system. Update Status Disabled Update URL None Update interval 48 Delay 0 Connection Settings E-mail Redirection Status Disabled Host 0.0.0.
PAGE 22
User’s Guide Appendix C) Regulatory Domain/Channels Channels Identifiers Frequency in MHz France China Japan 1 2412 • • • — • • • 2 2417 • • • — • • • 3 2422 • • • — • • • 4 2427 • • • — • • • 5 2432 • • • — • • • 6 2437 • • • — • • • 7 2442 • • • — • • • 8 2447 • • • — • • • 9 2452 • • • — • • • 10 2457 • • • • • • • 11 2462 • • • • • • • 12 2467 — • — • • • • 13 2472 — • — • • • • 14
PAGE 23
User’s Guide Appendix D) CLI Commands and Parameters Network Commands network configuration Network Interfaces configuration. dhcp Dynamic Host Configuration Protocol services configuration. dns DNS Server settings. radius Configuration set for changing RADIUS Server settings. tunnels Tunnels configuration commands. network configuration interface Network Interfaces configuration. portforward Port forwarding setup. routes Static IP routing settings. subnet Management subnet configuration.
PAGE 24
User’s Guide Appendix Interface name. Target ip address. Target netmask. Gateway for the target address. network configuration subnet Interface name on which the management subnet is configured. -s Interface ip address for management subnet. -a Interface ip address for management subnet. -m Interface netmask for management subnet.
PAGE 25
User’s Guide Appendix settings General RADIUS settings configuration. wisp WISP information and setup. network accounting_log -l Local accounting log status. Possible values are enabled or disabled. -r Remote accounting log status. Possible values are enabled or disabled. -a The host IP address where to send the accounting information. network radius servers accounting Accounting RADIUS servers' configuration.
PAGE 26
User’s Guide Appendix -t Maximal amount of time before retrying RADIUS packets (in seconds). -n NAS Server identification string. -o Amount of time from user side (no network carrier) before closing the connection (in seconds). -a Period after which server should update accounting information (in seconds). -c Retry time period in which server should try to update accounting information before giving up (in seconds).
PAGE 27
User’s Guide Appendix -c PPTP channel. Used only with A and E actions. -s PPTP server ip address. Used only with A and E actions. -u PPTP username. Used only with A and E actions. -p PPTP password. Used only with A and E actions. -e PPTP encryption status: enabled or disabled. Used only with A and E actions. -a PPTP remote network address. Used only with A and E actions. -m PPTP remote network netmask.
PAGE 28
User’s Guide Appendix wireless wds -a Add WDS MAC address. -r Remove WDS MAC address. User Commands user administrator Administrator login and password change. connected Connected users list. start_page Definition of first URL after user login. walled_garden Free Web sites list. webproxy Web proxy configuration. user administrator Enter for wizard Follow the wizard and complete administrator settings changes.
PAGE 29
User’s Guide Appendix System Commands system access System access configuration. configuration System configuration. system access aaa Multimode settings. control Allow or deny management access depending on user network address. isolation Isolation setup. snmp Configuration of SNMP service. telnet Enabling or disabling of telnet protocol. uat Universal Address Translation of all IP and proxy settings.
PAGE 30
User’s Guide Appendix system access snmp proxies Action to take upon SNMP proxy entry: A(dd), E(dit) or D(elete). Entry id. Needed only with Edit and Delete actions. -t Proxy type. May have values v1, v2c. Can be used only when adding or editing proxy. -a Proxy ip address. -c Proxy community name. -l Proxy local OID. -r Proxy target OID. system access snmp settings -s Status of SNMP service.
PAGE 31
User’s Guide Appendix system configuration clock New date values in YYYY.MM.DD format. New time in hh:mm format. New time zone (time from GMT in minutes). system configuration ntp Action: A(dd), E(dit), D(elete) server or set NTP S(tatus). Server id. Needed only with E and D actions. -a NTP server address. -s NTP service status: enabled or disabled. Needed only with S action.
PAGE 32
User’s Guide Appendix SMTP redirection status: enabled or disabled. New SMTP server host IP address. New port number. connection supervision Gemtek Systems ARP-Ping interval in seconds and failure number after reaching which user is automatically logged out.
PAGE 33
User’s Guide Appendix E) Standard RADIUS Attributes The following standard RADIUS attributes and messages are supported by the Hotspot-in-a-Box. The Gemtek System vendor specific attributes are described at the client point of view (reverse accounting is disabled).
PAGE 34
User’s Guide Appendix Acct-Session-Time 46 Integer X Call duration in seconds (already compensated for idle timeout) Acct-Input-Packets 47 Integer X Indicates how many packets have been received from the port over the course of this service being provided Acct-Output Packets 48 Integer X Indicates how many packets have been sent to the port in the course of delivering this service Acct-TerminateCause 49 Integer X 1=Explicit Logoff, 4=Idle Timeout, 5=Session Timeout, 6=Admin Reset, 9=NAS
PAGE 35
User’s Guide Appendix Session-TerminateTime 9 String X YYYY-MMDDThh:mm:ssTZD Session-TerminateTime-End-of-Day 10 Integer X Flag zero or one indicating termination rule. Billing-Class-OfService 11 String X Text string indicating service type e.g. used for the visitor access feature The Gemtek System vendor specific attributes are described at the client point of view (reverse accounting is disabled).
PAGE 36
User’s Guide Appendix F) Location ID and ISO Country Codes This list states the country names (official short names in English) in alphabetical order as given in ISO 3166-1 and the corresponding ISO 3166-1-alpha-2 code elements. It lists 239 official short names and code elements.
PAGE 37
User’s Guide Appendix KH Cambodia NU Niue CM Cameroon NF Norfolk island CA Canada MP Northern Mariana islands CV Cape Verde NO Norway KY Cayman islands OM Oman CF Central African republic PK Pakistan TD Chad PW Palau CL Chile PS Palestinian territory, occupied CN China PA Panama CX Christmas island PG Papua new guinea CC Cocos (keeling) islands PY Paraguay CO Colombia PE Peru KM Comoros PH Philippines CG Congo PN Pitcairn CD Congo, the democratic re
PAGE 38
User’s Guide Appendix GA Gabon ES Spain GM Gambia LK Sri Lanka GE Georgia SD Sudan DE Germany SR Suriname GH Ghana SJ Svalbard and Jan Mayan GI Gibraltar SZ Swaziland GR Greece SE Sweden GL Greenland CH Switzerland GD Grenada SY Syrian Arab republic GP Guadeloupe TW Taiwan, province of china GU Guam TJ Tajikistan GT Guatemala TZ Tanzania, united republic of GN Guinea TH Thailand GW Guinea-Bissau TL Timor-leste GY Guyana TG Togo HT Haiti TK Tok
PAGE 39
User’s Guide Appendix Zaire see Congo, the democratic republic of the LB Lebanon LS Lesotho ZM Zambia LR Liberia ZW Zimbabwe LY Libyan Arab Jamahiriya Gemtek Systems Page 139
PAGE 40
User’s Guide Appendix G) User Pages Templates Syntax In this section you will find syntax for the writing of the user pages with examples for the writing of XSL templates. The P560 web server creates XML, having data inside its structure: Example:
PAGE 41
User’s Guide Appendix /Gemtek/Data/@ip - detected user IP from which he/she tries to register on the network; /Gemtek/Data/@mac - detected users MAC address; /Gemtek/Errors/@id - returned error code, which can be as follows: error description 4101 Failed to authorize. 4102 Login or/and password incorrect. 4103 Network connection failed. 4104 Accounting error. 4105 Unknown authorization error. 4106 Could not get redirection URL. 4107 Already logged in.
PAGE 42
User’s Guide Appendix Logout page has variables: /Gemtek/Header/@Script_Name - current script name, to send command to logout or refresh the statistics on page. /Gemtek/Data/entry/@auth - authentication method. /Gemtek/Errors/@id - returned error code. Error code is a follows: error description 4107 Already logged in. This error code usually comes from login screen, when redirecting.
PAGE 43
User’s Guide Appendix /Gemtek/Data/entry/@up - bandwidth upstream. If there is no /Gemtek/Data/entry in XML tree, it indicates that the user is not logged in. Logout page has two purposes: Log off the user Show the user usage statistics. To log off the user, call the script defined in /Gemtek/Header/@Script_Name with variable cmd set to logout. This could be done trough POST or simply GET methods supplying simple link with parameters: .
PAGE 44
User’s Guide Appendix https://P560_ip_address/logout.user with parameter 'cmd' with value 'logout'. Entering the following address into the browser will disconnect the currently logged in user: https://P560_ip_address/logout.user?cmd=logout Upload Templates All user pages files (welcome.xsl, login.xsl, logout.xsl, help.html, unauthorized.html) can be on an external server or on the P560. Which templates are to be used is found in user interface | configuration | pages.
PAGE 45
User’s Guide Glossary Glossary Symbols: 802.11: 802.11 is a family of specifications for wireless local area networks (WLANs) developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). The original specification provides for an Ethernet Media Access Controller (MAC) and several physical layer (PHY) options, the most popular of which uses GFSK modulation at 2.4GHz, enabling data rates of 1 or 2Mbps.
PAGE 46
User’s Guide G gateway: A gateway is a network point that acts as an entrance to another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes.
PAGE 47
User’s Guide ISP: An ISP (Internet Service Provider) is a company that provides individuals and other companies access to the Internet and other related services such as Web site building and virtual hosting. An ISP has the equipment and the telecommunication line access required to have a point-of-presence on the Internet for the geographic area served.
PAGE 48
User’s Guide PPPoE: PPPoE (Point-to-Point Protocol over Ethernet) is a specification for connecting multiple computer users on an Ethernet local area network to a remote site through common customer premises equipment, which is the telephone company's term for a modem and similar devices. PPPoE can be used to have an office or building-full of users share a common Digital Subscriber Line (DSL), cable modem, or wireless connection to the Internet.
PAGE 49
User’s Guide TCP/IP: TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP. TCP/IP is a two-layer program.
PAGE 50
Index A AAA, 9 configuration, 99 AC specification, 114 access AC using KickStart utility, 17 using Web-browser, 16 access control on device, 97 ACL configuration, 79 administrator, 87 antenna gain, 78 authentication, 101 B back pannel, 13 C certificates upload, 94 CLI, 41 connection commands, 132 network commands, 124 network RADIUS commands, 125 network tunnels commands, 127 status commands, 132 system commands, 130 system configuration commands, 131 user commands, 129 wireless commands, 128 CLI commands
PAGE 51
User’s Guide Index NTP, 93 T O technical data, 114 telnet access, 98 trace system, 92 trace system levels, 92 tunnels, 71 output power, 78 P port forwarding, 57 PPPoE/PPPTP for DSL, 71 PPTP client for VPN, 72 Product overview, 8 proxy configuration, 68 R RADIUS WISP, 68 RADIUS, 63 accounting backup, 70 attributes, 134, 135 servers, 66 settings, 64 redirection URL, 88 regulatory domain, 123 remote authentication, 85, 86 restore settings, 95 route configuration, 56 U UAT, 22, 100 upgrade, 109 user is