Manualshelf

User's Manual Part 1

ManualsBrandsGemtek Technology ManualsElectronics54 Mb Hotspot-in-a-Box
919293949596979899100
User’s Guide Chapter 7 – Reference Manual
IP address and netmask should be combined and used as pool for users on this interface. Note that
count of available IP addresses will become maximum user count on this interface - if there will be no
free IP addresses, access will be rejected because of lack of IP addresses.
System | Access | Isolation
Isolation mechanism under the system | access | isolation menu increases the security of the AC
users.
Figure 144 – Isolation
Bindmac – with bindmac function enabled, the AC binds the user’s MAC and IP addresses together
after a successful logon by the wireless client and thereby preventing Internet access to a new user
who uses the same client IP address, although be it with a different MAC address [enabled/disabled].
Isolation – enable this function to prevent users on the same LAN to communicate with each other.
Users can communicate only through the AC [enabled/disabled].
System | Access | NAV
To change visitor access on different LANs or VLANs, authentication or NAT attributes for AC
users, go to the system | access | NAV menu:
Figure 145 – NAT, Authentication and Visitor Access
Interface – interface on which the changes will be done [ixp0, non editable].
IP Address – IP address of interface [non editable].
NAT – network address translation service status [enabled/disabled]. If enabled, users can access the
Internet under its network gateway address.
Authentication – with disabled authentication, the user from his LAN gets access to the Internet
without any authentication. If enabled, authentication for Internet access is required for all users
[enabled/disabled].
This setting is important when configuring the UAT. See section: System | Access
| UAT for more details.
Visitor Access – client with specific WISPr attribute can reach the LAN with enabled visitor access
[enabled/disabled] (see more details about visitor access below).
Only one selected interface can have the visitor access enabled. Attempting to
enable an additional interface for visitor access will disable the previous interface.
Visitor Access
Users can be grouped in two logical groups: employees and visitors. By default, all users belong to
the visitors group without access to servers in the LAN. Employees have access to the Intranet
(servers that are running in the LAN), meanwhile visitors have access only to the Internet with no
way to connect and use services from servers running in the LAN. By default, clients connected on
the WLAN and LAN cannot communicate among them-selves. This is prevented by default firewall
rules. See the picture below to view the difference between employee and visitor traffic:
Gemtek Systems Page 100