IWE3200 HotSpot Gateway User’s Guide Version: 1.
Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiated radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
R&TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal equipment and the mutual recognition of their conformity (R&TTE). The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) as of April 8, 2000.
Table of Contents 1. Introduction ......................................................................................................................... 1 1.1. Overview................................................................................................................... 1 1.2. Features.................................................................................................................... 2 1.3. LED Definition........................................................................
2.13.2. RADIUS ...................................................................................................... 55 2.13.3. Authentication Session Control .................................................................. 57 2.13.4. Authentication Page Customization............................................................ 57 2.14. DDNS.................................................................................................................... 59 2.15. Configuring Advanced Settings ...........
1. Introduction 1.1. Overview The IWE3200 Wireless HotSpot Gateway enables Telco operators, wireless ISPs, enterprises, government institutes, or school campuses to deploy WLANs with secured user authentication support. It generates the user log on/off information for back-end billing systems, and user access log status for tracking purpose, which is very useful and demanded function for the environment requires highly security deployment, such as government institute, bank, or military campus.
1.2. Features z User Authentication, Authorization, and Accounting Local pages or external pages. The IWE3200 can be configured to use log-on, log-off, authentication success, and authentication failure pages, which are stored in itself or stored in an external Web server maintained by the WISP. The contents of local authentication pages can be customized. Advertisement links. The log-off authentication page can be configured to show a sequence of advertisement banners. Unrestricted clients.
z Enabling/disabling SSID broadcasts. The user can enable or disable the SSID broadcasts functionality for security reasons. When the SSID broadcasts functionality is disabled, a client computer cannot associate the wireless AP with an “any” network name (SSID, Service Set ID); the correct SSID has to be specified on client computers. MAC-address-based access control. Blocking unauthorized wireless client computers based on MAC (Media Access Control) addresses. Repeater.
z Virtual server. Exposing servers on the intranet to the Internet. PPTP, IPSec, and L2TP passthrough. Passing VPN (Virtual Private Network) packets through the intranet-Internet boundary. PPTP means Point-to-Point Tunneling Protocol, IPSec means IP Security, and L2TP means Layer 2 Tunneling Protocol. DMZ (DeMilitarized Zone). All unrecognized IP packets from the Internet can be forwarded to a specific computer on the intranet. Multiple public IP addresses support.
Wireless-to-Ethernet-LAN traffic blocking. Traffic between the wireless interface and the Ethernet LAN interface can be blocked. z Changeable MAC Address of the Ethernet WAN Interface. Some ADSL modems work only with Ethernet cards provided by the ISP. If IWE3200 is used in such an environment, the MAC address of the WAN interface of the Router has to be changed to the MAC address of the ISP-provided Ethernet network card. z SNTP.
In addition, it can also be configured to accept management commands only from specific hosts. UPnP. The access Router responds to UPnP discovery messages so that a Windows XP user can locate the access Router in My Network Places and use a Web browser to configure it. SNMP. SNMP (Simple Network Management Protocol) MIB I, MIB II, IEEE 802.1d, IEEE 802.1x, Private Enterprise MIB are supported. System log. For system operational status monitoring. Local log.
1.3. LED Definition z z z z PWR ALV RF WAN/LAN : Power : Alive. Blinks when the IWE3200 is working normally. : IEEE 802.11b/g interface activity : Ethernet WAN/LAN interface activity Fig. 1. LED Indicator. 1.4. Feature Comparison IWE32000S36X Wired Advanced IEEE 802.11 AP functionality IEEE 802.1x SNMP IEEE 802.
2. First-Time Installation and Configuration 2.1. Selecting a Power Supply Method The IWE3200 can be powered by either the supplied AC power adapter or the optional IWE500-INJ POE Power Injector. The IWE3200 automatically selects the suitable power depending on your decision. To power the IWE3200 by the supplied power adapter: 1. Plug the power adapter to an AC socket. 2. Plug the connector of the power adapter to the power jack of the IWE3200.
Fig. 4. Connecting Ethernet cables to IWE500-INJ. 5. Check the “ACTIVE” LED: if power is successfully fed into the IWE3200, the “ACTIVE” LED will be on (Red light); otherwise, the “ACTIVE” LED will be off. 6. If the electricity current is over the normal condition (Io>1.0 A), the “ACTIVE” LED will flash (Red light). NOTE: IWE500-INJ is specially designed for IWE3200. The use of IWE500-INJ with other Ethernet-ready devices that are not compliant to IEEE 802.3af may cause damage to the devices. 2.2.
2.3. Preparing for Configuration To configure a IWE3200, a managing computer with a Web browser is needed. For first-time configuration of a IWE3200, an Ethernet network interface card (NIC) should have been installed in the managing computer. For maintenance-configuration of a deployed IWE3200, either a wireless computer or a wired computer can be employed as the managing computer. NOTE: If “Opera” browser is used to configure an IWE3200, click the menu item File, click Preferences...
2.3.2. Changing the TCP/IP Settings of the Managing Computer Use the Windows Network Control Panel Applet to change the TCP/IP settings of the managing computer, so that the IP address of the computer and the IP address of the IWE3200 are in the same IP subnet. Set the IP address of the computer to 192.168.0.xxx. NOTE: For some versions of Windows, the computer needs to be restarted for the changes of TCP/IP settings to take effect. 2.4.
On the Home page, click the SETUP WIZARD to quickly change the configuration of the gateway. Fig. 8. The Home Page. 2.4.2. SETUP WIZARD Step 1: Selecting an Operational Mode Fig. 9. Operational modes.
2.4.3. SETUP WIZARD Step 2: Configuring TCP/IP Settings 2.4.3.1. Router with a PPPoE-Based DSL/Cable Connection Fig. 10. TCP/IP settings for Router with a PPPoE-Based DSL/Cable Connection mode. In this mode, two IP addresses are needed—one for the Ethernet LAN interface and the other for the WAN interface. The LAN IP address must be set manually to a private IP address, say 192.168.0.xxx. The default LAN IP address is 192.168.0.1 and the default subnet mask is 255.255.255.0.
The default LAN IP address is 192.168.0.1 and the default subnet mask is 255.255.255.0. In most cases, these default settings need no change. As for the WAN IP address, it is obtained by DHCP from the ISP. The Trigger mode setting affects the behavior of the DHCP client of the Router. In Auto mode, you don’t have to worry about the DHCP process; the device takes care of everything.
Fig. 13. TCP/IP settings for Router with Multiple DSL/Cable Connections mode. Since the Internet connection can be PPPoE-based, DHCP-based, or Static-IP-based, the addressing settings of each WAN interface are the same as those of Router with a PPPoE-Based DSL/Cable Connection, DHCP-Based DSL/Cable Connection, or Router with a Static-IP DSL/Cable Connection, respectively. As a result, refer to Sections 2.4.3.1, 2.4.3.2, and 2.4.3.3 for more information. 2.4.4.
puter and the SSID of the wireless access Router must be identical for them to communicate with each other. 2.4.6. Configuring User Authentication Settings The IWE3200 supports both Web redirection-based and non-802.1x-based user and IEEE 802.1x-based user authentication. After the IP addressing settings have been set using SETUP WIZARD, you have to configure Web redirection settings and/or IEEE 802.1x settings for wireless user authentication. When both Web redirection and IEEE 802.
1.3.2. PAP 1.3.3. CHAP 2. Enable without Authentication – Enable only the Web-Redirection, but disable the user Authentication mechanism. User will automatically redirect to the destination web page if the URL indicated. Fig. 18. Web redirection settings – Enable without Authentication 3. Disable – Disable all Web-Redirection mechanisms. 2.4.6.2.
Internet , which is used with the input unit by the control keypad. For example, if the per unit time is 50 (min) and the control keypad is input to be 5 (units), then the total available access time frame of the user is 50 x 5 = 250 (min). Default is ‘1’ min. Valid period (hour): to define the valid period (by hour) while the user account generated. If the user account generated but not activated during the valid period, the gateway will automatically disable the user after the valid period expired.
Inactive: to show the user account that access time frame expired, or ‘Valid Period’ expired. Permanent: to show the user account that would never expire. The state for the user accounts which created by manual would be permanent. This kind of account would not have any information for the session time and cost Fig. 22. Account Table List 2.4.6.3.
defined Fig 24 of Sec.2.4.7.2. 2.4.6.4. IEEE 802.1x Fig. 23. Changing security mode to an IEEE 802.1x option. To setup IEEE 802.1x-based user authentication, go to WIRELESSÆCommunicationÆSecurity section, and then change the Security mode setting to an IEEE 802.1x-related option according to your needs. The advanced wireless access Router supports IEEE 802.1x EAP-MD5, EAP-TLS, EAP-TTLS, PEAP, and WAP authentication methods. Click Save when finished. 2.4.7.
Web Redirection Disabled ■ ■ ■ Table 1. Allowable authentication modes. 2.5. Deploying the IWE3200 After the settings have been configured, deploy the Router to the field application environment. You have to connect AP(s), modem(s), and RADIUS server(s) to the IWE3200. The system configuration in Fig. illustrates how to deploy the IWE3200.
tion). The IWE3200 supports the built-in user database for local authentication, this function also associates the optional external mini-POS Ticket Printer for billing printing purpose. The setup scenario is shown in Fig 28. Please also refer to Sec. 2.4.7.3 for detail operation instruction of mini-POS, keypad, and ticket printing. Fig. 26. mini-POS Ticket Printer & Control Keypad Deployment. 2.6.
Both the wireless client computer and the deployed APs must have the same WEP settings for them to communicate with each other. Therefore, unless IEEE 802.1x EAP-TLS, which supports dynamic WEP key distribution, is used, it’s strongly suggested not to enable WEP functionality of the deployed APs for hotspot applications. 2.6.2.
Fig. 28. User name and password for authentication. 5. If the user name and password are correct. Now you’ll be brought to the original page you have requested after waiting for a few seconds. Meanwhile, a window for log-off and session status appears. Fig. 29. Authentication success. Fig. 30. Log-off window. 6. Click Log Off within the log-off window to end the session. NOTE: 7. On a PDA such as Pocket PC, the log-off would not be shown.
If you complete the above procedure without error, the Router together with the RADIUS server has been correctly set up for Web redirection-based authentication. 2.8. Using Web-Based Network Management Fig. 32. The Home page. 2.8.1. Menu Structure The left side of the start page contains a menu for you to carry out commands. Here is a brief description of the hyperlinks on the menu: z Home. z SETUP WIZARD. For you to quickly set up the Router. z SYSTEM. System monitoring information.
z z z TCP/IP. TCP/IP-related settings. Address. IP addressing settings for the Router to work in the TCP/IP networking world, or user name and password provided by the ISP. DNS. DNS (Domain Name System) proxy settings. NAT. Settings for the NAT (Network Address Translation) server on the Router. DHCP Server. Settings for the DHCP (Dynamic Host Configuration Protocol) server on the Router. Load Balancing. Settings for the WAN ports load-balancing policy by Port or IP address range.
z Access Rules. Settings for the time frame policy to Permit/Deny administrator to access the IWE3200. LAN Device Management. Settings for the Router to know what LAN devices it has to manage. Status. System monitoring information. Associated Wireless Clients. Display the status of all wireless clients who associated to IWE3200. Authenticated Users. Display the status of the users who have been authenticated by IWE3200. Authenticated users can be also forced terminated in this table.
At the bottom of each status page that shows read-only information, there are two buttons—Home and Refresh. Clicking Home brings you back to the start page. Clicking Refresh updates the shown status information. 2.9. Seeing Status 2.9.1. Associated Wireless Clients Fig. 35. Status of associated wireless clients. On this page, the status information of each associated client, including its MAC address, IP address, user name (if the client has been IEEE 802.
Any authenticated user can be terminated by clicking the corresponding Terminate link so that this user is blocked from using networking services provided by the Router. A terminated user is moved to the Terminated Users Table. Clicking the corresponding Release link puts a terminated user back into authenticated state. Fig. 38. Terminated users. 2.9.3. Account Table Fig. 39. Account Table List On this page, all the local under registered in local user database are shown.
Fig. 41. Latest incoming user traffic sessions. On this page, latest 50 outgoing and 50 incoming user traffic sessions are shown for monitoring network activity. 2.9.5. Managed LAN Devices Fig. 42. Managed LAN devices. On this page, the status of every managed LAN device is shown. The Offline status indicates a nonworking device while the Online status indicates a working device.
Fig. 43. Operational modes. On this page, you can specify the operational mode for the Router. Currently, 5 modes are available: z Router with a PPPoE-based DSL/Cable Connection. In this mode, the Router assumes that a DSL or cable modem is connected to its Ethernet WAN interface. The client computers can therefore share this DSL/cable-based Internet connection by the NAT server functionality. The IP address of the Ethernet WAN interface is obtained automatically by PPPoE from the ISP.
2.10.2. Changing Password Fig. 45. Password. On this page, you could change the user name and password of the administrator. The administrator can view and modify the configuration of the IWE3200. The new password must be typed twice for confirmation. 2.10.3. Managing Firmware Fig. 46. Firmware management protocol setting.
Fig. 48. Configuration backup by HTTP. To back up configuration of the access Router by HTTP: 1. Click Back Up. 2. You’ll be prompted to open or save the configuration file. Click Save. 3. The configuration file is named by the IWE3200’s MAC address. For example, if the IWE3200’s MAC address is 00-01-02-33-44-55, the configuration backup file should be “000102334455.hex”. Don’t change the configuration file name in the Save As dialog box. Select a folder in which the configuration file is to be stored.
Fig. 51. Firmware upgrade by TFTP. To upgrade firmware of the access Router by TFTP: 1. Get a computer that will be used as a TFTP server and as a managing computer to trigger the upgrade process. 2. Connect the computer and one of the LAN Ethernet switch port with a normal Ethernet cable. 3. Configure IP address of the computer so that the Router and the computer are in the same IP subnet. 4. On the computer, run the TFTP Server utility. And specify the folder in which the firmware files reside. 5.
net. In this case, you must have configured the Router to be remotely manageable (see Section 2.13.1.1) and adjust the Timeout and Max no. of retries settings of TFTP Server for remote TFTP upgrade to succeed. 2.10.3.4. Backing up and Restoring Configuration Settings by TFTP Fig. 53. Configuration backup/restore. To back up configuration of the access Router by TFTP: 1. Get a computer that will be used as a TFTP server and as a managing computer to trigger the backup process. 2.
example, if the Router’s MAC address is 00-01-02-33-44-55, the configuration backup file should be “000102334455.hex”. 5. On the computer, run a Web browser and click the General, Firmware Tools hyperlink. 6. Within the Configuration Backup/Restore section, specify the IP address of the computer, which acts as a TFTP server. If you don’t know the IP address of the computer, open a Command Prompt, and type IpConfig, then press the Enter key. 7. Trigger the restoring process by clicking Restore.
2.11.1.1. Router with a PPPoE-Based DSL/Cable Connection Fig. 56. TCP/IP settings for Router with a PPPoE-Based DSL/Cable Connection mode. If the IWE3200 was set to be in Router with a PPPoE-Based DSL/Cable Connection mode, two IP addresses are needed—one for the Ethernet LAN interface and the other for the WAN interface. The LAN IP address must be set manually to a private IP address, say 192.168.0.xxx. The default LAN IP address is 192.168.0.1 and the default subnet mask is 255.255.255.0.
Fig. 57. TCP/IP settings for Router with a DHCP-Based DSL/Cable Connection mode. If the IWE3200 was set to be in Router with a DHCP-Based DSL/Cable Connection mode, two IP addresses are needed—one for the Ethernet LAN interface and the other for the WAN interface. The LAN IP address must be set manually to a private IP address, say 192.168.0.xxx. The default LAN IP address is 192.168.0.1 and the default subnet mask is 255.255.255.0. In most cases, these default settings need no change.
2.11.1.4. Router with Multiple DSL/Cable Connections Fig. 59. TCP/IP settings for Router with Multiple DSL/Cable Connections mode. Since the Internet connection can be PPPoE-based, DHCP-based, or Static-IP-based, the addressing settings of each WAN interface are the same as those of Router with a PPPoE-Based DSL/Cable Connection, DHCP-Based DSL/Cable Connection, or Router with a Static-IP DSL/Cable Connection, respectively. As a result, refer to Sections 2.11.1.1, 2.11.1.2, and 2.11.1.
2.11.2.2. Static DNS Mappings Fig. 61. Static DNS mappings. By Static DNS Mappings, an internal server can be given a domain name, so that other hosts on the intranet can access the server by its domain name instead of by its IP address. For example, an internal Web server for the intranet, say 192.168.0.2, may be associated with the domain name, www.company-name.com. To give an internal server a domain name: 1. Specify the domain name and the private IP address of the internal server. 2.
2.11.3.2. Virtual Server Mappings Fig. 63. Virtual server mappings. The gateway enables you to expose internal servers on the intranet through NAT to the Internet for public use. The exposed internal servers are called virtual servers because from perspective of hosts on the Internet, these servers are invisible in terms of TCP/IP. To expose “preset” internal servers: 1. Select the corresponding Enabled check boxes for the kinds of servers (FTP, IMAP4, SMTP, POP3, TELNET, and HTTP) you want to expose. 2.
2.11.4.2. Basic Fig. 64. Basic DHCP server settings. The Router can automatically assign IP addresses to client computers by DHCP. In this section of the management page, you can specify the Default Router, Subnet mask, Primary DNS server, and Secondary DNS server settings that will be sent to a client at its request. Additionally, you can specify the first IP address that will be assigned to the clients and the number of allocateable IP addresses.
To always assign a static IP address to a specific DHCP client: 1. Specify the MAC address of the DHCP client and the IP address to be assigned to it. Then, give a description for this mapping. 2. Select the corresponding Enabled check box. 2.11.5. Load Balancing The IWE3200 provides the multiple WAN port Load Balancing mechanism.
2.11.6. Zero Client Reconfiguration Fig. 68. Zero Client Reconfiguration Settings. The IWE3200 provides the ‘Zero Client Reconfiguration’ function to allow the wireless clients associate to the IWE3200 without any network setting modification required. It is convenient function for the wireless users who can associate the IWE3200 automatically and no need to learn the network environment detail where the IWE3200 deployed.
Since the IEEE 802.11g-based IWE3200 is also IEEE 802.11b compatible, you can configure the Date rate setting to meet your backwards compatibility needs. If there is RF interference, you may want to reduce the Data rate for more reliable wireless transmission. In most cases, leave the setting to Auto. The number of available RF channels depends on local regulations; therefore you have to choose an appropriate regulatory domain to comply with local regulations.
To enable a WDS link: 1. Specify the MAC address of the AP or wireless bridge at the other end of the WDS link. 2. Select the corresponding Enabled check box. For example, assume you want a wireless access Router and an AP with MAC addresses 00-02-65-01-62-C5 and 00-02-65-01-62-C6, respectively, to establish a WDS link between them. On Router 00-02-65-01-62-C5, set the peer MAC address of port 1 to 00-02-65-01-62-C6 and on AP 00-02-65-01-62-C6, set the peer MAC address of port 1 to 00-02-65-01-C5.
2.12.2. Security IEEE 802.11b/g security settings include SSID broadcasts, Security mode, IEEE 802.11 Authentication algorithm, WEP keys, MAC-Address-Based Access Control. 2.12.2.1. Basic Fig. 74. Basic IEEE 802.11g security settings. For security reasons, it’s highly recommended that the security mode be set to options other than Open System. When the security mode is set to Open System, no authentication and data encryption will be performed.
Fig. 76. Behavior of the “All APs on This Subnet” wireless client isolation option. As illustrated in Fig. when AP 1 and AP 2 are using the “This AP Only” option, wireless traffic between STA 1 and STA 2 is blocked by AP 1, while wireless traffic between STA 2 and STA 3, which are associated with different APs, is still allowed. If the “All APs in This Subnet” option is used as shown in Fig.
In the above security modes, a back-end RADIUS (Remote Authentication Dial-In User Service) server is needed if IEEE 802.1x functionality is enabled. See Section 2.13.2 for more information about IEEE 802.1x and RADIUS. According to the IEEE 802.11 standard, WEP can be used for authentication and data encryption. Normally, Shared Key authentication is used if WEP data encryption is enabled. In rare cases, Open System authentication may be used when WEP data encryption is enabled.
3. Specify the MAC address of a wireless client to allow access, and then click Add. 4. Repeat Step 3 for each other wireless client. To delete an entry in the access control table: z Click Delete next to the entry. NOTE: The size of the access control table is 64. Fig. 78. MAC ACL download settings.
2.13. Configuring AAA (Authentication, Authorization, Accounting) Settings 2.13.1. Web Redirection The IWE3200 supports both IEEE 802.1x-based and Web redirection-based user authentication. Here is a brief description of how Web redirection works: When an unauthenticated wireless user is trying to access a Web page, a logon page is shown instead of the requested page, so that the user can type his/her user name and password for authentication.
2.13.1.1. Basic Fig. 81. Web redirection enabled with authentication. There are three modes for Web redirection—Enabled with Authentication, Enabled without Authentication, and Disabled. In Enabled with Authentication mode, you specify the RADIUS authentication method that corresponds to your RADIUS server settings. Currently EAP-MD5, PAP, and CHAP are supported.
Fig. 83. Default log-off page. NOTE: On a PDA such as Pocket PC, the log-off would not be shown. To log off from the network, go back to the log-on page, and then click Log Off to end the session. If the user fails the authentication, the user can be brought to a default warning page (Default page) or a page for the user to subscribe a wireless Internet access service (The following URL). Fig. 84. Default authentication failure warning page.
There are occasions on which you want some computers to be able to freely access the Internet without being authenticated first. For example, you may want your wired desktop computers connected with the Router to be uncontrolled by the Router while providing wireless Internet access service for your customers with wireless laptop computers. The Unrestricted Clients feature is for this purpose. You can specify the computers to be uncontrolled by IP address or MAC address.
2.13.2. RADIUS IEEE 802.1x Port-Based Network Access Control is a standard for solving some security issues associated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key distribution. With IEEE 802.1x, a RADIUS (Remote Authentication Dial-In User Service) server, and a user account database, an enterprise or ISP (Internet Service Provider) can manage its mobile users’ access to its wireless LANs. Before granting access to a wireless LAN supporting IEEE 802.
2.13.2.1. Basic Fig. 89. RADIUS basic settings. For the IWE3200, the RADIUS client component of the Router is shared by the IEEE 802.1x and Web redirection components. The RADIUS settings are for the RADIUS client to communicate with backend RADIUS servers. The RADIUS server do not support all combinations of authentication methods if both IEEE 802.1x and Web redirection are enabled. The following table shows the allowable IEEE 802.1x and Web redirection authentication modes. NOTE: IEEE 802.
2.13.3. Authentication Session Control Fig. 91. Authentication session control settings. Authentication session control settings are for controlling the lifetimes of user authentication sessions. The Idle timeout setting specifies how long a user can be idle without generating any traffic before being terminated. The Session timeout setting specifies the maximum session lifetime.
Fig. 93. Authentication success page customization settings. Fig. 94. Authentication failure page customization settings. In addition to the Text alignment, HTML title, and Contents setting, two more settings are provided for specifying the size of the Log-Off window (Windows width and Window height). Fig. 95. Log-off page customization settings. Furthermore, Banner images and Hyperlinks can be added to the Log-Off window for advertisement purposes.
Fig. 96. Advertisement links settings. Fig. 97. Advertisement links in action. 2.14. DDNS Fig. 98. Dynamic DNS settings. With the help of dynamic DNS (DDNS) services provided by dyndns.org or no-ip.com, you can make your device automatically register the IP address it obtains dynamically by PPPoE or DHCP with the DDNS servers. DDNS is useful if you want to set up a Web server whose IP address is dynamically obtained rather than statically configured.
2.15. Configuring Advanced Settings 2.15.1. Filters and Firewall 2.15.1.1. Packet Filters Fig. 99. Packet filters settings. You can specify rules for the firewall component of the Router to check outgoing packets. Packets that meet the rules can be permitted or denied. The protocol field, source IP address field, destination IP address field, and destination port field of a packet’s IP header are inspected to see if it meets a rule.
NOTE: Set the rules with great care since incorrect rules would make the Router inaccessible. The last resort to restore the Router to service may be resetting its configuration to factory-set values by pressing the Default switch on the housing of the Router. 2.15.1.2. VLAN Fig. 100. VALN settings. VLAN (Virtual Local Area Network) settings are for traffic isolation.
The IWE3200 is capable of blocking HTTP traffic from the intranet to specified unwelcome Web sites. To block HTTP traffic to an unwelcome Web site: 1. Specify the URL (ex. www.xxx.com) of the unwelcome Web site. 2. Select the corresponding Enabled check box. NOTE: Do not type “http://” when specifying a URL. Just type the domain name. 2.15.2. Management 2.15.2.1. Basic Fig. 103. Web-based management type setting.
UPnP (Universal Plug and Play) enables a Windows XP user to automatically discover peripheral devices by HTTP. When the UPnP functionality is enabled, you can see the Router in My Network Places of Windows XP. The Router can be given a friend name that will be shown in My Network Places. Double-clicking the icon in My Network Places that stands for the Router will launch the default Web browser for you to configure the Router. 2.15.2.3. System Log Fig. 105. System log settings.
2.15.2.4. SNMP Fig. 106. SNMP settings. The IWE3200 can be managed by SNMP (Simple Network Management Protocol), and the SNMP management functionality can be disabled. You can specify the name (used as a password) of the read-only and read-write community. In addition, up to 5 SNMP trap targets can be set in the SNMP Trap table. To specify a trap target: 1. Type the IP address of the target host. 2. Type the Community for the host. 3. Select the corresponding check box next to the IP address text box.
A management server from the Internet sees a managed LAN device as a combination of the access Router’s WAN IP address and a Virtual Port reserved for this device. When a TCP or UDP-based management request (specified by the Protocol field) is received by the access Router from the Internet, the IWE3200 translates the destination IP address and destination port of the request to the corresponding Device IP Address and Device Port.
Appendix A A-1: Default Settings TIP: Press the Default switch on the housing of a powered-on Router to reset the configuration settings to factory-set values. Setting Name Global User Name Password Operational Mode Default Value root root Gateway with a Static-IP DSL/Cable Connection WAN Interface Type DHCP Changeable MAC Address Default MAC address of WAN interface IP Address 192.168.100.1 Subnet Mask 255.255.255.0 Default Gateway 0.0.0.0 Primary DNS Server 0.0.0.0 Secondary DNS Server 0.0.0.
DNS Proxy Static DNS Mappings Filters/Firewall Packet Filters URL Filters VLAN WAN ICMP Request Blocking State Packet Inspection (SPI) Authentication Web Redirection RADIUS RADIUS Robustness Reboot User Name Session Control Management Web-Based Management Type SNMP SNMP Read-Only Community SNMP Read-Write Community Not set Not set Not set Disabled Disabled Disabled Disabled Not set reboot Disabled LAN only Enabled public private A-2: LED Definitions There are several LED indicators on the housing of a Rou
Appendix B: Troubleshooting Check the following first: z Make sure that the power of the Router is on and the Ethernet cables are connected firmly to the RJ-45 jacks of the Router. z Make sure that the LED ALV of the Router is blinking to indicate the Router is working. z Make sure the types of the Ethernet cables are correct. Recall that there are two types—normal and crossover. z Make sure that the DSL, cable, V.90, or ISDN modem connected with the Router is powered on.
Solve the following problems in order: z The wireless client cannot pass Web redirection-based authentication. Are user name and password are correct? z Is the RADIUS server correctly set up? Check whether the password for the wireless client is stored using reversible encryption on the RADIUS server. Check if the RADIUS server is set to use EAP-MD5, PAP, and CHAP authentication. The IWE3200 does not respond to ping from the client computer.
Is the NAT server functionality of the IWE3200 enabled? z z Find out the answer on the start page of the Web-Based Network Manager. Find out the answer on the start page of the Web-Based Network Manager. If you cannot find any incorrect settings of the IWE3200, the default Router of the IWE3200 may be really down or there are other communication problems on the network backbone. The DNS server(s) of the IWE3200 do not respond to ping from the client computer.
B-3: Other Problems z I forget the IP address of the LAN interface of the IWE3200. What can I do to connect to it using a Web browser? z My IWE3200 has been set to obtain an IP address automatically by DHCP. How can I know its acquired IP address so that I can manage it using a Web browser? NOTE: Wireless Gateway/AP Browser (WLBrwsr.exe) in the “Utilities” folder on the companion CD-ROM disc.
Appendix C: Technical Specifications C-1: IWE3200 Standards: 802.11b 802.11g 802.3 802.3u 802.3af Data rate & modulation: OFDM@54Mbps, CCK@11/5.5Mbps, DQPSK@2Mbps and DBSK@1Mbps Radio Technology: OFDM DSSS Operating Range: Up to 1,155 feet Channels: USA: 1-11 (FCC), Canada: 1-11 (IC), Europe: 1-13 (ETSI), Japan: 1-14 Frequency range: 2.402 ~ 2.472 GHz (North America) 2.402 ~ 2.4970 GHz (Japan) 2.402 ~ 2.4835 GHz (Europe ETSI) 2.4465 ~ 2.4835 GHz (France) Transmission output Power: Typ.
Interface: 10/100 Mbps RJ-45 Connector RS-232c Serial Connector 802.11b/g WLAN Security: 64/128-bit WEP 802.1x WPA MAC address filtering Disabled SSID broadcast Wireless client isolation Configuration and Management: Web-browser TFTP SNMP Syslog Event Logging LEDs: Power LAN/WAN WLAN Alive Environmental: Temperature: Operating (0~55C), storage (-20~70C) Humidity: 5% to 95% non-condensing in storage Electromagnetic Compatibility: FCC Class B Industry Canada CE ETS 300.
C-2: IWE500-INJ Power Injector Input Power Requirements AC Input Voltage AC Frequency AC Input Current : 90 – 264Vac : 47 – 63 Hz : 2A at 100Vac, 1A at 240Vac, (-48Vdc) Power over LAN output Specification Pin Assignments and Polarity: (+) 4/5 (-) 7/8 Output Voltage : Aggregate Power:50W (48Vdc) Mechanical Requirement Dimensions Weight Indicators System Indicator : 4” x 5.5” x 1.5” : 1.38 Lbs : AC Power (Green) Power Active (Red) 0.05 A<Io<0.8 A Over Current Protection (Red, Flash) Io>1.
C-3: IWE810-POS mini-POS Ticket Printer Printing Method Printing Speed Dot Density Dot Pitch Effective Printing Width Character Per Line Paper Type Paper Width Paper Thickness Paper Roll Diameter Roll Core Inner Diameter Paper Supply Method Reliability TPH Life Character Set Barcode Emulation Driver Draw Port Interface Power Adapter Environment Auto cutter Direct Thermal 150 mm/sec (5.905 inch/sec) 180 x 180 DPI 0.141 mm, 0.