User manual

ManualsBrandsLevelOne ManualsComputer AccessoriesWHG-1000

LevelOne

WHG-1000

300Mbps Wireless PoE Hotspot Gateway

User Manual

V2.00

Summary of content (172 pages)

PAGE 1
LevelOne WHG-1000 300Mbps Wireless PoE Hotspot Gateway User Manual V2.
PAGE 2
Table of Contents 1 Before You Start..........................................................................................................1 1.1 Preface ..................................................................................................................................................1 1.2 Document Conventions ..................................................................................................................1 1.3 Package Checklist .......................................
PAGE 3
6.2 MAC Address Control ....................................................................................................................59 6.3 Policy ...................................................................................................................................................60 6.3.1 Firewall ................................................................................................................................................ 62 6.3.2 Routing .........................
PAGE 4
10.10.3 Trace Route .......................................................................................................................................... 99 10.10.4 Show ARP Table .................................................................................................................................. 99 10.11 Monitor IP Link ..........................................................................................................................100 10.12 Console Interface .................
PAGE 5
User’s Manual WHG-1000 Wireless Hotspot Gateway ENGLISH 1 Before You Start 1.1 Preface This manual is for WLAN service providers or network administrators to set up a network environment using the WHG-1000 system. It contains step-by-step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation. 1.2 Document Conventions Caution: Note: Represents essential steps, actions, or messages that should not be ignored.
PAGE 6
User’s Manual WHG-1000 Wireless Hotspot Gateway ENGLISH 1.
PAGE 7
User’s Manual WHG-1000 Wireless Hotspot Gateway ENGLISH 2 System Overview and Getting Started 2.1 Introduction of WHG-1000 The WHG-1000 is the most economical and feature rich Wireless PoE Hotspot Gateway, targeting mini-size stores that want to provide small, single-point wireless Internet access service. WHG-1000 is a perfect choice for beginners to run hotspot businesses.
PAGE 8
User’s Manual WHG-1000 Wireless Hotspot Gateway ENGLISH 【Example: A typical Hotspot network】 4
PAGE 9
2.3 Hardware Descriptions Front Panel 1 USB For future usage only. 2 WES Press to start running WES (WDS Easy Setup) process. 3 Console Attach the RS-232 console cable here, for management use only. 4 LAN1/LAN2 Attach Ethernet cables here for connecting to the (PoE) wired local network. LAN1 maps to Private Zone and requires no user authentication, LAN2 maps to Public Zone and by default requires user authentication. 5 WAN (PoE) Attach the wired external network here.
PAGE 10
Rear Panel Antenna Connector Attach antennas here. WHG-1000 supports 1 RF interface with 2 SMA connectors.
PAGE 11
Top LED Panel 1 LED ON indicates power on; OFF indicates power off. 2 LED ON indicates WAN connection; OFF indicates no connection; BLINKING indicates transmitting data. 3 LED ON indicates LAN1/LAN2 connection; OFF indicates no connection; BLINKING indicates transmitting data. 4 LED ON indicates wireless ready. 5 LED ON indicates WAN port is connected to the internet.
PAGE 12
7 For future usage only.
PAGE 13
2.4 System Requirement  Standard 10/100BaseT including network cables with RJ-45 connectors  All PCs need to install the TCP/IP network protocol 2.5 Installation Steps Please follow the steps below to install WHG-1000: Please follow the steps mentioned below to install the hardware of WHG-1000: 1. Place the WHG-1000 at a best location. The best location for WHG-1000 is usually at the center of your wireless network. 2. Connect WHG-1000 to your outbound network device.
PAGE 14
Caution: Please only use the power adapter supplied with the WHG-1000 package. Using a different power adapter may damage this system. Caution: To double verify the wired connection between WHG-1000 and your switch/router/hub, please check the LED status indication of these network devices.
PAGE 15
2.6 Access Web Management Interface WHG-1000 supports Web Management Interface (WMI) configuration. Upon the completion of hardware installation, WHG-1000 can be configured via web browsers with JavaScript enabled such as Internet Explorer version 6.0 and above or Firefox. Default LAN interface IP address: LAN1 (192.168.1.254) is mapped to Private Zone with no authentication is required for users. LAN2 (192.168.11.254) is mapped to Public Zone, by default authentication is required for users.
PAGE 16
For the first time, if WHG-1000 is not using a trusted SSL certificate, there will be a “Certificate Error”, because the browser treats WHG-1000 as an illegal website. Please press “Continue to this website” to continue. Caution: If you can’t get the login screen, the reasons may be: (1) The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the LAN port; (2) The IP address and the default gateway are not under the same network segment.
PAGE 17
2.7 Setup Wizard WHG-1000 provides a Setup Wizard for quick configuration. To quickly configure WHG-1000 by using the Setup Wizard, click on the Setup Wizard button to start the configuration process.
PAGE 18
Step 1. General • Enter a new administrator’s password in the New Password field, and re-enter it again in the Verify Password field (a maximum of 20 characters and no spaces allowed in between). • Select an appropriate time zone from the Time Zone drop-down list box and enter the URL of a valid NTP server to set up the system time. • Client’s browser will be redirected after logging into the system successfully.
PAGE 19
Step 2. WAN and Wireless Interfaces For setting up both wired WAN and Wireless LAN interfaces: • Select a proper type of Internet connection for WAN interface from the following three available connections: Static, Dynamic, or PPPoE. Your ISP or network administrator can advise on the connection type available to you. Below depicts an example for Dynamic. • Click Wireless radio button. • Select desired wireless Band, Channel, and ESSID for public zone. • Click Next to continue.
PAGE 20
with ESSID “LevelOne1” and “LevelOne2” respectively by default. The ESSID for VAP under Private will not be broadcasted. Detailed configurations for these two VAP can be performed under Main Menu >> System >> Zone Configuration.
PAGE 21
Step 3. Authentication Settings for Public Zone • For public zone (by default, authentication is enabled), authentication can be enabled or disabled. Clients shall login in the system before using network service if Auth Required is enabled. When authentication is enabled, a default authentication server shall be configured. WHG-1000 supports 4 kinds of authentication servers including Server 1 (LOCAL), Server 2 (RADIUS), Server 3 (RADIUS), and On-demand (ONDEMAND). Below depicts an example for LOCAL.
PAGE 22
18
PAGE 23
Step 4. Confirm and Restart • Click Finish to save current settings and restart the system. • A confirmation dialog box will then appear. Click OK to continue.
PAGE 24
• A Confirm and Restart message will appear on the screen during the restarting process. Please do not interrupt the system until the Administrator Login Page appears. Note: The system is trying to locate a DNS server at this stage. Therefore, a longer startup time is required if the configured DNS cannot be found. • When the following Administrator Login Page appears, it means the restart process is now completed.
PAGE 25
< User Login > To verify whether the configuration of the new local user account(s) created via the Setup Wizard has been completed successfully: 1. Connect a client device (e.g. laptop, PC) with wireless interface to scan the configured ESSID of WHG-1000 (e.g. “LevelOne2”) and get associated with this ESSID. 2. The client device will obtain an IP address automatically via DHCP from WHG-1000. Open a web browser on a client device, access any URL, and then the default User Login Page will appear. 3.
PAGE 26
Note: 1. WHG-1000 supports multiple authentication options including built-in local user database and external authentication database (e.g. RADIUS). The system will automatically identify which authentication option is used from the full username entered. 2. The format of a full (valid) username is userid@postfix, where “userid” is the user ID and “postfix” is the name of the selected authentication option. 3. Exception: The postfix can be omitted only when the default authentication option is used.
PAGE 27
3 Combine WHG-1000 to the Network 3.1 Network Requirement In the general network environment, the main role of WHG-1000 is a gateway that manages all the network access from internal network to Internet. Thus, the first step is to prepare an Internet connection from your ISP (Internet Service Provider) and connect it to the WAN port of WHG-1000. 3.2 Configure WAN Port There are 3 connection types for the WAN Port: Static, Dynamic and PPPoE. These connection types are enough to support most ISP.
PAGE 28
3.2.1 Static IP Static: Manually specifying the IP address of the WAN Port. The fields with red asterisks are mandatory.  IP Address: The IP address of the WAN port.  Subnet Mask: The subnet mask of the WAN port.  Default Gateway: The gateway of the WAN port.  Preferred DNS Server: The primary DNS Server of the system.  Alternate DNS Server: The substitute DNS Server of the system. This is an optional field. 3.2.
PAGE 29
25
PAGE 30
3.3 Internet Connection Detection Configure Internet Connection Detection, go to: System >> WAN Traffic.  Internet Connection Detection: When enabled, system will try to access these IP/Domain addresses, if system can reach these IP/Domain address, it means that the outbound Internet connection is in normal state. On the other hand, there is a text box available for the administrator to enter a reminding message. This reminding message will appear on clients’ screens when Internet connection is down.
PAGE 31
3.4 WAN Bandwidth Control Configure WAN Bandwidth Control, go to: System >> WAN Traffic. The feature gives administrators control over the entire system’s traffic though the WAN interface. These parameters set here should not exceed the real bandwidth coming from your ISP. For example, if your xDSL is 8Mbs/640kbs, you may input these two values here. Available Bandwidth on WAN Interface:  Uplink: It specifies the maximum uplink bandwidth that can be shared by clients of the system.
PAGE 32
3.5 What is Zone Configure Zone, go to: System >> Zone Configuration. A Zone is a logical network area that covers wired or wireless networks, or both of them. By associating to a unique ESSID of a Zone, wireless network is divided into different logical zones. Clients attempting to access the resources within a Zone will be controlled based on the access control profile of that Zone, such as authentication, security feature, wireless encryption method, traffic control, and etc.
PAGE 33
3.5.1 Port Role Assignment WHG-1000 supports two zones, Private and Public. In the Private Zone, authentication is not required to access the network via wired and wireless. In the Public Zone, by default, Authentication required is enabled by default, so clients are required to get authenticated successfully before surfing the Internet. The Zone and Port mappings are shown below, LAN1 and LAN2 maps to Private Zone and Public Zone respectively.
PAGE 34
3.5.2 Planning Your Internet Network WHG-1000 supports two zones, Private and Public. In the Private Zone, authentication is not required to access the network via wired and wireless. In Public Zone, by default Authentication required is enabled, so clients are required to get authenticated successfully before surfing the Internet. Administrator can access the Web Management Interface (WMI) of WHG-1000 through the wired LAN port.
PAGE 35
3.5.3 Configure Zone Network Configure Zone network; go to: System >> Zone Configuration. Click the button Configure of Private zone for further configuration. The parameter descriptions of Basic Settings for Private Zone and Public Zone are the same. The wireless settings under each zone will be covered in the next section.  Network Interface: o Operation Mode: Contains NAT mode and Router mode. When NAT mode is chosen, the service zone runs in NAT mode.
PAGE 36
o Alternate DNS Server: The substitute DNS server that is used by this Zone. o Domain Name: Enter the domain name for this zone. o WINS Server: The IP address of the WINS (Windows Internet Naming Service) server if WINS server is applicable to this zone. o Lease Time: This is the time period that the IP addresses issued from the DHCP server are valid and available.
PAGE 37
4 Let Your Network to Be a Wireless Network 4.1 System Wireless General Settings Configure System’s Wireless General Settings, go to: System >> Zone Configuration. Wireless General Settings:  Band: There are 4 modes to select, 802.11b (2.4G, 1~11Mbps), 802.11g (2.4G, 54Mbps), 802.11b+g, and 802.11g+n.  Short Preamble: The length of the CRC (Cyclic Redundancy Check) block for communication between the Access Point and roaming wireless adapters.
PAGE 38
34
PAGE 39
4.2 Zone Wireless Settings Each zone has its own VAP and corresponds to one SSID. In Private zone, it’s VAP1 and the SSID is hidden, so public users cannot scan this SSID in the air, for privilege users who already know this SSID, they can manually associate to the SSID of Private zone. On the other hand, the SSID of VAP2 under Public zone by default is enabled with SSID Broadcast feature, allowing public users to scan this SSID in the air.
PAGE 40
Fragment Threshold: Enter a value between 256 and 2346. The default is 2346. A packet size larger than this threshold will be fragmented (sent with several pieces instead of one chunk) before transmission. A smaller value results in smaller frames but allows a larger number of frames in transmission. A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference.
PAGE 41
will be sent from the VAP. RTS Threshold: Enter a value between 1 and 2346. RTS (Request to Send) Threshold determines the packet size at which the system issues a request to send (RTS) before sending the frame to prevent the hidden node problem. The RTS mechanism will be activated if the data size exceeds the value provided.
PAGE 42
4.3 Zone Wireless Security Configure Zone Wireless Security, go to: System >> Zone Configuration, click Configure of Private zone or click Configure of Public zone. After the above configurations are finish, setup the wireless security is very important to protect your wireless network. Security: For each zones, administrators can set up the wireless security profile, it include WEP, 802.1x (for Public Zone only), WPA-PSK or WPA-RADIUS (for Public Zone only).  WEP:  802.
PAGE 43
 802.1X:  Dynamic WEP: For 802.1X security type, Dynamic WEP is always enabled to automatically generate WEP keys for encryption.  WEP Key Length: Select from 64-bit or 128-bit key length.  Re-keying Period: The time interval for the dynamic WEP key to be updated; the time unit is in second.  WPA-PSK:  Cipher Suite: Select an encryption method from TKIP (WPA), AES (WPA), TKIP (WAP2), AES (WAP2), or Mixed.
PAGE 44
5 Who Can Access the Network 5.1 Type of Users Configure Users, go to: Users >> Authentication. This section is for administrators to pre-configure authentication servers for the entire system. Concurrently up to three servers can be selected and pre-configured for static user authentication, one server uses built-in LOCAL database while the other two servers uses external RADIUS database. In addition, another server called On-demand can be configured for temporary user authentication.
PAGE 45
5.1.1 Local Click the button Configure of Local for further configuration.  Local User List: It let the administrator to view, add or delete local user account. The Upload User button is for importing a list of user account from a text file. The Download User button is for exporting all local user accounts into a text file. Clicking on each user account leads to a page for configuring the individual local account. Add User: Click this button to enter into the Adding User(s) to the List interface.
PAGE 46
 Search: Enter a keyword of a username or remark to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed.  Del All: Click on this button to delete all the users at once or click on Delete hyperlink to delete a specific the user individually.
PAGE 47
 Edit User: If editing the content of individual user account is needed, click the username of the desired user account in Local User List to enter the User Profile Interface for that particular user, and then modify or add any desired information such as Username, Password, MAC Address (optional), Applied Policy (optional) and Remark (optional). Click Apply to complete the modification.
PAGE 48
5.1.2 RADIUS There are two RADIUS authentication database for configuration. Click the button Configure of any one of RADIUS servers for further configuration. The RADIUS server sets the external authentication for user accounts. Enter the information for the primary server and/or the secondary server (the secondary server is not mandatory). The fields with red asterisk are necessary information. These settings will become effective immediately after clicking the Apply button.
PAGE 49
 NAS Port Type: Indicates the type of physical port the network access server is using to authenticate the user. System will send this value to the external RADIUS server, if the external RADIUS server needs this.  Class-Policy Mapping: This function is to assign a Policy to a RADIUS class attribute sent from the RADIUS server. When the clients classified by RADIUS class attributes logs into the system via the RADIUS server, each client will be mapped to an assigned Policy.
PAGE 50
5.1.3 On-Demand Users On-demand User Server Configuration: The administrator can configure this authentication method to create on-demand user accounts. This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment. Major functions include accounts creation, users monitoring list, billing plan and external payment gateway support. 1) General Settings This is the common setting for the On-demand User authentication option.
PAGE 51
 Receipt Header: There are 3 receipt headers supported by the system. The entered content will be printed on the receipt. These headers are optional.  Receipt Footer: There are 3 receipt footers supported by the system. The entered content will be printed on the receipt. These footers are optional.  Remark: Enter any additional information that will appear at the bottom of the receipt.
PAGE 52
 Plan: The number of the specific plan.  Type: This is the type of the plan, based on which it defines how the account can be used including Usage-time, Volume, Hotel Cut-off and Duration-time.  Quota: The limit on how On-demand users are allowed to access the network.  Price: The unit price charged for buying an account from this billing plan.  Enable: Check the checkbox to activate the plan.  Function: Click the button Edit to add one billing plan.
PAGE 53
6) On-demand Account Creation After at least one billing plan is enabled, the administrator can generate single on-demand user accounts here. Click this to enter the On-demand Account Creation page. Click on the Create button of the desired plan to create an on-demand account. The username and password of to be created on-demand account is configurable. Select Manual created in Username/Password Creation and then administrator can enter desired username and password for the on-demand account.
PAGE 54
network. For Time users, it is the total time. For Volume users, it is the total amount of traffic.  Price: For each plan, this is the unit price charged for an account.  Status: Show the status in enabled or disabled.  Function: Press Create button for the desired plan; an Creating an On-demand Account will appear for creation.
PAGE 55
 Plan: The number of a specific plan.  Account Type: Show account type of the plan in Usage-time, Duration-time or Hotel Cut-off.  Quota: The total time amount, interval or traffic volume on how On-demand users are allowed to access the network. 8)  Price: For each plan, this is the unit price charged for an account.  Number of Accounts: The desired number of accounts to be created from the plan.
PAGE 56
  Status: The status of the account. o Normal: the account is not currently in use and has not exceed the quota limit. o Online: the account is currently in use. o Expired: the account is not valid any more, even if there is remaining quota left. o Out of Quota: the account has exceeded the quota limit. o Redeemed: the account has been applied for account renewal.
PAGE 57
Note: The maximum quota is 365dys 23hrs 59mins 59secs” even after redeem. If the redeem amount exceeds this number, the system will automatically reject the redeem process. Note: Duration-time and Hotel Cut-off type do not support redeem function.
PAGE 58
5.2 User Login 5.2.1 Default Authentication There are different types of authentication database (LOCAL, RADIUS and ONDEMAND) that are supported by the system. Only Public Zone can set authentication. A postfix is used to inform the system which authentication option to be used for authenticating an account (e.g. Bob@local or Tim@radius1 etc.) when multiple options are concurrently in use. One of the authentication options can be assigned as default.
PAGE 59
5.2.3 An Example of User Login Normally, users will be authenticated before they get network access through WHG-1000. This section presents the basic authentication flow for end users. Please make sure that the WHG-1000 is configured properly and network related settings are done. 1. Open an Internet browser and try to connect to any website (in this example, we try to connect to www.google.com).
PAGE 60
3.
PAGE 61
6 Restrain the Users 6.1 Black List Configure Black List, go to: Users >> Black List. The administrator can add, delete, or edit the black list for user access control. Users’ accounts that appear in the black list will be denied of network access. The administrator can use the pull-down menu to select the desired black list.  Select Black List: There are 5 black list profiles available for utilization.  Name: Set the black list name and it will show on the pull-down menu above.
PAGE 62
After entering the usernames in the “Username” field and the related information in the “Remark” blank (not required), click Apply to add the users. If removing a user from the black list is desired, select the user’s “Delete” check box and then click the Delete button to remove that user from the black list. After the Black List editing is completed. You can select the Black List in each Authentication Server to let it to become effective.
PAGE 63
6.2 MAC Address Control Configure MAC Address Control, go to: Users >> Additional Control. MAC ACL: With this function, only the users with their MAC addresses in this list can login to WHG-1000. There are 40 users maximum allowed in this MAC address list. User authentication is still required for these users. Click Edit to enter the MAC Address Control list. Fill in these MAC addresses, select Enable, and then click Apply. Caution: The format of the MAC address is: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.
PAGE 64
6.3 Policy Configure Policy, go to: Users >> Policy. WHG-1000 supports multiple Policies, including one Global Policy and 5 individual Policy. Global Policy is the system’s universal policy and applied to all clients unless they are bounded by another policy. Individual Policy can be defined and applied to different authentication server.
PAGE 65
 Select Policy: Select the desired policy profile to configure.  Firewall Profile: Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules.  Specific Route Profile: The default gateway of a desired IP address can be defined in a policy. When Specific Routes are configured here, all clients applied with this policy will access the specific destination through these gateway settings.
PAGE 66
6.3.1 Firewall Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. 1) Predefined Protocols Predefined and Custom Service Protocols: There are predefined service protocols available for firewall rules editing.
PAGE 67
If the Protocol Type is ICMP, it will need to define Type and Code. If the Protocol Type is IP, it will need to define Protocol Number. 2) Firewall Rules After the custom protocol is defined or just use the Predefined Service Protocols, you will need to enable the Firewall Rule to apply these protocols. o Firewall Rules: Click the number of filter Rule No. to edit individual rules and click Apply to save the settings. The rule status will show on the list.
PAGE 68
Selecting the Filter Rule Number 1 as an example: o Rule Number: This is the rule selected “1”. Rule No. 1 has the highest priority; rule No. 2 has the second priority, and so on. o Rule Name: The rule name can be changed here. o Source/Destination – Interface/Zone: There are choices of ALL, WAN, Public and Private to be applied for the traffic interface. o Source/Destination – IP Address/Domain Name: Enter the source and destination IP addresses.
PAGE 69
6.3.2 Routing  Specific Route Profile: Click the button of Setting for Specific Route Profile, the Specific Route Profile list will appear. 1) Specific Route  Specific Route Profile: The Specific Default Route is use to control clients to access some specific IP segment by the specified gateway. o Destination / IP Address: The destination network address or IP address of the destination host.
PAGE 70
2) Default Gateway  Default Gateway: The default gateway of a desired IP address can be defined in each Policy except Global Policy. When Specific Default Route is enabled, all clients applied with this Policy will access the Internet through this default gateway. o Enable: Check Enable box to activate this function or uncheck to inactivate it. o Default Gateway IP Address: You may need to fill the IP address of the default gateway.
PAGE 71
6.3.3 Schedule  Schedule Profile: Click Setting of Schedule Profile to enter the configuration page. Select Enable to show the Permitted Login Hours list. This function is used to limit the time when clients can log in. Check the desired time slots checkbox and click Apply to save the settings. These settings will become effective immediately after clicking Apply.
PAGE 72
6.3.4 QoS Profile For certain applications or users that need stable bandwidth or traffic priority, Policy 1 to 5 allows defining the QoS profile for the users governed by this Policy.  Traffic Class: A Traffic Class can be chosen for a Group of users. There are four traffic classes: Voice, Video, Best-Effort and Background. Voice and Video traffic will be placed in the high priority queue.
PAGE 73
6.3.5 Session Limit To prevent ill-behaved clients or malicious software from taking up the system’s connection resources, the administrator can restrict the number of concurrent sessions that a user can establish.  The maximum number of concurrent sessions including TCP and UDP for each user can be specified in the Global policy, which applies to authenticated users, users on a non-authenticated port, privileged users, and clients in DMZ zones.
PAGE 74
7 Access Network without Authentication 7.1 DMZ Configure DMZ, go to: Network >> Network Address Translation >> DMZ (Demilitarized Zone). There are 20 sets of static Internal IP Address and External IP Address available. Enter Internal and External IP Address as a set. After the setup, accessing the External IP address listed in DMZ will be mapped to accessing the corresponding Internal IP Address. These settings will become effective immediately after clicking the Apply button.
PAGE 75
7.2 Virtual Server Configure Virtual Server, go to: Network >> Network Address Translation >> Public Accessible Server. This function allows the administrator to set 20 virtual servers at most, so that client devices outside the managed network can access these servers within the managed network. Different virtual servers can be configured for different sets of physical services, such as TCP and UDP services in general. Enter the “External Service Port”, “Local Server IP Address” and “Local Server Port”.
PAGE 76
7.3 Privilege List Configure Privilege List, go to: Network >> Privilege Setup the Privilege IP Address List and Privilege MAC Address List. The clients accessing the internet via IP addresses and/or networking devices in the list can access the network without any authentication.
PAGE 77
7.3.1 Privilege IP Privilege IP Address List Configure Privilege IP Address List, go to: Network Configuration >> Privilege >> IP Address List. If there are workstations inside the managed network that need to access the network without authentication, enter the IP addresses of these workstations in the “Granted Access by IP Address”. The “Remark” field is not necessary but is useful to keep track. WHG-1000 allows 100 privilege IP addresses at most.
PAGE 78
7.3.2 Privilege MAC Privilege MAC Address List In addition to the Privilege IP List, MAC address List allows the MAC address of the workstations that need to access the network without authentication to be set in the “Granted Access by MAC Address”. WHG-1000 allows 100 privilege MAC addresses at most. When manually creating the list, enter the MAC address (the format is xx:xx:xx:xx:xx:xx) as well as the remark (not necessary). These settings will become effective immediately after clicking Apply.
PAGE 79
7.4 Disable Authentication in Public Zone Configure Disable Authentication in Public Zone, go to: System >> Zones Configuration, click Configure in Public Zone.  Authentication Required For the Zone: When it is disabled, users will not need to authenticate before they get access to the network within Public Zone.
PAGE 80
8 User Login and Logout 8.1 Before User Login 8.1.1 Login with SSL Configure HTTPS, go to: System >> General. HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sub-layer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTP Protected Login function will let the client’s login with https for more security.
PAGE 81
8.1.2 Internal Domain Name with Certificate Configure Internal Domain Name, go to: System >> General. Internal Domain Name is the domain name of the WHG-1000 as seen on client machines connected under zone. It must conform to FQDN (Fully-Qualified Domain Name) standard. A user on client machine can use this domain name to access WHG-1000 instead of its IP address.
PAGE 82
Click “Continue to this website” to access the user login page. Use Default Certificate: Click Use Default Certificate to use the default certificate and key. Click restart to validate the changes.
PAGE 83
8.1.3 Walled Garden Configure Walled Garden, go to: Network >> Walled Garden. This function provides certain free services for users to access the websites listed here before login and authentication. Up to 20 addresses or domain names of the websites can be defined in this list. Users without the network access right can still have a chance to experience the actual network service free of charge. Enter the website IP Address or Domain Name in the list and click Apply to save the settings.
PAGE 84
8.1.4 Walled Garden AD List Configure Walled Garden AD List, go to: Network >> Walled Garden AD List. This function provides advertisement links to web pages for users to access free of charge before login and authentication. Advertisement hyperlinks are displayed on the user’s login page. Clients who click on it will be redirected to the listed advertisement websites.  Enter all items or make changes, click Apply, the items will be added and shown in the list.
PAGE 85
8.2 After User Login 8.2.1 Portal URL after successful login Configure Portal URL after a successful user login, go to: System >> General. When this function is enabled, enter the URL of a Web server as the Portal page. Once logged in successfully, users will be directed to this URL, such as http://www.google.com, regardless of the original homepage set in their browsers.
PAGE 86
8.2.2 Idle Timer Configure Idle Timer, go to: Users >> Additional Control. If a user has idled with no network activities, the system will automatically kick out the user. The logout timer can be set between 1~1440 minutes, and the default idle time is 10 minutes.
PAGE 87
8.2.3 Multiple Login Configure Multiple Login, go to: Users >> Additional Control. When enabled, a user can log in from different computers with the same account. (This function doesn’t support On-demand users and RADIUS authentication.
PAGE 88
9 Networking Features of a Gateway 9.1 IP Plug and Play Configure IP Plug and Play, go to: Network >> Client Mobility. WHG-1000 supports IP PNP function. User can login and access network with any IP address setting. This function is disabled in default settings. When IP PNP is enabled, at the user end, a static IP address can be used to connect to the system. Regardless of what the IP address at the user end is using, authentication can still be performed through WHG-1000.
PAGE 89
9.2 Dynamic Domain Name Service (DDNS) Configure Dynamic Domain Name Service, go to: Network >> DDNS. Before activating this function, you must have your Dynamic DNS hostname registered with a Dynamic DNS provider. WHG-1000 supports DNS function to alias the dynamic IP address for the WAN port to a static domain name, allowing the administrator to easily access WHG-1000’s WAN. If the dynamic DHCP is activated at the WAN port, it will update the IP address of the DNS server periodically.
PAGE 90
9.3 Port and IP Redirect Configure Port and IP Redirect, go to: Network >> NAT >> Port and IP Redirect. This function allows the administrator to set 40 sets of the IP addresses at most for redirection purpose. When the user attempts to connect to a destination IP address listed here, the connection packet will be converted and redirected to the corresponding destination. Please enter the “IP Address” and “Port” of Destination, and the “IP Address” and “Port” of Translated to Destination.
PAGE 91
10 System Management and Utilities 10.1 System Time Configure System Time, go to: System >> General. NTP (Network Time Protocol) communication protocol can be used to synchronize the system time with remote time server. Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically (Universal Time is Greenwich Mean Time, GMT).
PAGE 92
10.2 Management IP Configure Management IP, go to: System >> General. Only PCs within the Management IP range on the list are allowed to access the system's web management interface. For example, 10.2.3.0/24 means that as long as an administrator is using a computer with the IP address range of 10.2.3.0/24, he or she can access the web management page. Another example is 10.0.0.3: if an administrator is using a computer with the IP address of 10.0.0.3, he or she can access the web management page.
PAGE 93
10.3 User Log Access IP Address Configure User Log Access IP History, go to: System >> General. Specify an IP address of the administrator’s computer or a billing system to get billing history information of WHG-1000 with the predefined URLs. The file name format is “yyyy-mm-dd”. An example is provided as follows: Traffic History：https://10.2.3.213/status/history/2005-02-17 On-demand History：https://10.2.3.
PAGE 94
10.4 SNMP Configure SNMP, go to: System >> General. WHG-1000 supports SNMP v1/v2c. If this function is enabled, the SNMP Management IP and the Community string can be assigned for SNMP access to the system.
PAGE 95
10.5 Three-Level Administration WHG-1000 supports three kinds of account interface. You can log in as admin, manager or operator. The default usernames and passwords show as follows: Admin: The administrator can access all configuration pages of WHG-1000. Username: admin Password: admin After a successful login to WHG-1000, a web management interface with a Home manual will appear.
PAGE 96
Manager: The manager can only access the configuration pages under User Authentication to manage the user accounts. User Name: manager Password: manager Operator: The operator can only access the configuration page of Create On-demand User to create new on-demand user accounts and print out the on-demand user account receipts. User Name: operator Password: operator Note: To logout, simply click the Logout icon on the upper right corner of the interface to return to the login screen.
PAGE 97
10.6 Change Password Configure Change Password, go to: Utilities >> Password Change. There are three levels of authorities: admin, manager or operator. The default usernames and passwords are as follows: Admin: The administrator can access all configuration pages of WHG-1000. User Name: admin Password: admin Manager: The manager can only access the configuration pages under User Authentication to manage the user accounts.
PAGE 98
Caution: If the administrator’s password is lost, the administrator’s password still can be changed through the text mode management interface via the serial console port.
PAGE 99
10.7 Backup / Restore and Reset to Factory Configure Backup / Restore and Reset to Factory Default, go to: Utilities >> Backup & Restore. This function is used to backup/restore the WHG-1000 settings. Also, WHG-1000 can be restored to the factory default settings here.  Backup System Settings: Click Backup to create a .db database backup file and save it on disk.  Restore System Settings: Click Browse to search for a .
PAGE 100
10.8 Firmware Upgrade Configure Firmware Upgrade, go to: Utilities >> System Upgrade. The administrator can download the latest firmware from website and upgrade the system here. Select the latest firmware and Browse button, then click Apply, the system will upload the file and restart to perform the upgrade process. It might take a few minutes before the upgrade process completes and the new firmware’s WMI interface appears.
PAGE 101
10.9 Restart To perform system restart, go to: Utilities >> Restart. This function allows the administrator to safely restart WHG-1000, and the process takes approximately three minutes. Click YES to restart WHG-1000; click NO to go back to the previous screen. Do NOT power off the power during system restart as this might damage the system. If the power needs to be turned off, it is highly recommended to restart WHG-1000 first and then turn off the power after completing the restart process.
PAGE 102
10.10 Network Utility Configure Network Utility, go to: Utilities >> Network Utilities. System provide some network utilities to allow administrators to use. Wake-on-LAN is for waking up remote devices that supports Wake-on-LAN feature by entering the MAC address of the target device and then press Wake Up button. Ping is to see whether a destination host is reachable and alive by entering the destination host’s domain name or IP address and then press Ping button.
PAGE 103
10.10.3 Trace Route It allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name. 10.10.4 Show ARP Table It allows administrator to view the IP-to-Physical address translation tables used by address resolution protocol (ARP).
PAGE 104
10.11 Monitor IP Link Configure Monitor IP Link, go to: Network >> Monitor IP. WHG-1000 will send out a packet periodically to monitor the connection status of the IP addresses on the list. On each monitored item with a WEB server running, administrators may add a link for the easy access by entering the IP, select the Protocol to http or https and then click Create.
PAGE 105
10.12 Console Interface Via the console port, administrators can enter the console interface for handling problems and situations occurred during operation. 1. In order to connect to the console port of WHG-1000, a console, modem cable and a terminal simulation program, such as the Hyper Terminal are needed. 2. If a Hyper Terminal is used, please set the parameters as 9600, 8, None, 1, None. Caution: The main console is a menu-driven text interface with dialog boxes.
PAGE 106
 Display interface settings: It displays the information of each network interface setting including the MAC address, IP address, and Netmask.  Display the routing table: The internal routing table of the system is displayed, which may help to confirm the Static Route settings.  Display ARP table: The internal ARP table of the system is displayed.  Display system up time: The system live time (time for system being turn on) is displayed.
PAGE 107
Caution: Although it does not require a username and password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore, we recommend you to immediately change the WHG-1000 Admin username and password after logging in the system for the first time.  Reload factory default Choosing this option will reset the system configuration to the factory defaults.  Restart WHG-1000 Choosing this option will restart WHG-1000.
PAGE 108
11 System Status and Reports 11.1 View the Status This section includes System, Interface, Routing Table, Online Users, User Log and E-mail & SYSLOG to provide system status information and online user status. 11.1.1 System Status View System Status, go to: Status >> System. This section provides an overview of the system for the administrator.
PAGE 109
The description of the above-mentioned table is as follows: Description Item Firmware Version The present firmware version of WHG-1000 System Name The system name. The default is WHG-1000 Portal URL The page the users are directed to after initial login success. Primary SYSLOG server Secondary SYSLOG server Warning of Internet Disconnection N/A means that it is not configured. The IP address and port number of the 2nd external SYSLOG Server. N/A means that it is not configured.
PAGE 110
11.1.2 Interface Status View Interface Status, go to: Status >> Interface. This section provides an overview of the interface for the administrator including WAN, Zone Wireless General Settings, Zone - Private and Zone - Public.
PAGE 111
The description of the above-mentioned table is as follows: Description Item MAC Address IP Address Subnet Mask The MAC address of the WAN port. The IP address of the WAN port. The Subnet Mask of the WAN port. The total accumulated packets in/out through this WAN port since WAN Packets Out/In the gateway boots up. The delta shows the difference between the numbers from last time this Interface Status page is visited.
PAGE 112
11.1.3 Routing Table View System Status, go to: Status >> Routing Table. All the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface.  Policy 1~5: Shows the information of the individual Policy from 1 to 5.  Global Policy: Shows the information of the Global Policy.  System: Shows the information of the system administration.  Destination: The Destination IP address.
PAGE 113
11.1.4 Current Users View Current Users, go to: Status >> Online Users. In this page, each online user’s information including Username, IP Address, MAC Address, Pkts In, Bytes In, Pkts Out, Bytes Out, Idle and Kick Out will be shown. Administrators can force out a specific online user by clicking the hyperlink of Kick Out. Click Refresh to update the current users list.
PAGE 114
11.1.5 User Log View User Log, go to: Status >> User Log. This page is used to check the traffic history of WHG-1000. The history of each day will be saved separately in the DRAM for at least 3 days (72 full hours). The system also keeps a cumulated record of the traffic data generated by each user in the last 2 calendar months.
PAGE 115
Expiration Time, and Remark, of on-demand user activities.  Roaming Out User Log Each line is a roaming out traffic history record consisting of 14 fields, Date, Type, Name, NSID, NASIP, NASPort, UserMAC, SessionID, SessionTime, Bytes in, Bytes Out, Pkts In, Pkts Out and Message, of user activities.
PAGE 116
11.1.6 Local User Monthly Network View Local User Monthly Network Usage, go to: Status >> User Log.  Monthly Network Usage of Local User The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months. Each line in a monthly network usage of local user record consists of 6 fields, Username, Connection Time Usage, Packets In, Bytes In, Packets Out and Bytes Out of user activities.  o Username: Username of the local user account.
PAGE 117
11.2 Notification Configure Notification, go to: Status >> E-mail & SYSLOG. WHG-1000 can automatically send the notification of Monitor IP Report, Users Log and Session Log to up to 3 particular e-mail addresses. A trial email is provided by the system for validation. Secondly, the system supports recording of System Log, On-demand Users Log and Session Log via external SYSLOG servers and sending Session Log to an external FTP server.
PAGE 118
11.2.1 E-Mail Configure Notification, go to: Status >> E-mail & SYSLOG.  Notification E-mail Settings:  Receiver Email Address (es): Up to 3 e-mail address can be set up to receive the notification. These are the receiver’s e-mail addresses. There are four kinds of notification to selection -Monitor IP Report, User Log, On-demand Users Log and Session Log, and check which type of notification to be sent.  Interval: The time interval to send the e-mail report.
PAGE 119
11.2.2 SYSLOG  SYSLOG Server Settings: There are 4 types of SYSLOG supported: System Log, On-demand User Log, Session Log, and HTTP Web Log. Enter one or two of the Syslog server IP address and Port number to specify which and from where the report should be sent to. Note: When the number of a user’s session (TCP and UDP) reaches the session limit specified in the policy, a record will be logged to this SYSLOG server.
PAGE 120
11.2.3 FTP  FTP Server Settings:  FTP Server Settings FTP Destination: Session Log will be sent to the FTP server automatically during every defined interval in Session Log email notification. The maximum log file size is 128K. In addition, the log file also will be sent to the FTP server once the file size reaches its maximum limit.    IP Address/Port: IP address and port number of FTP server. Anonymous: Enter the Username and Password for accessing your FTP Server if required.
PAGE 121
11.2.4 Event Log Event Log: The Event Log provides the system activities records. The administrator can monitor the system status by checking this log. In the log, normally, each line represents an event record which includes these fields:  Date/Time: The time & date when the event happened  Hostname: Indicate which host records this event. Note that all events in this page are local event, so the hostname in this field are all the same.
PAGE 122
12 Advanced Applications 12.1 Upload/Download Local Users Accounts To Upload / Download Local Users Accounts, go to: Users >> Authentication, click Configure button of Local. Or click Quick Links >> Local User Management from system Home page.  Upload User: Click Upload User to enter the Upload User from File interface. Click the Browse button to select the text file for uploading user accounts, then click Upload to complete the upload process.
PAGE 123
then save it on disk.
PAGE 124
12.2 RADIUS Advanced Settings Configure RADIUS Advanced Settings, go to: Users >> Authentication. Click Configure of RADIUS.  Complete vs. Only ID For RADIUS authentication, there is an option to send the complete username with postfix or username only. Username Format: When Complete option is checked, both the username and postfix will be transferred to the RADIUS server for authentication.
PAGE 125
12.3 Roaming Out Configure local user Roaming Out, go to: Users >> Authentication, click configure of Local. Under certain configurations, WHG-1000 can act as a RADIUS server for Roaming Out local user logged from other system. The Local User database will act as the RADIUS user database.  Account Roaming Out & 802.1X Authentication: When Account Roaming Out is enabled; the link of Roaming Out & 802.
PAGE 126
12.4 Customizable Pages Configure Custom Pages, go to: System >> Zone Configuration, click Configure in Public zone. There are several user login and logout pages that can be customized by the administrator. You can select Template Page or External Page.  Template Page: To utilize the template user pages stored locally in the system, choose Template Page and configure the necessary settings as follows. Click Select hyperlink to pick up a color for each item and then fill in your copyright message.
PAGE 127
Page for client to login with username and password.  External Page: Choose the External Page option if you wish to use user pages located on a designated website. Click the button of Configure for each custom pages and enter the URL of its’ corresponding external login page and then click Apply. After applying the setting, the new login page can be previewed by clicking Preview button.
PAGE 128
Appendix A. Network Configuration on PC & User Login  Network Configuration on PC After WHG-1000 is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup.  Internet Connection Setup  Windows 9x/2000 1) Choose Start >> Control Panel >> Internet Options. 2) Choose the Connections tab, and then click Setup.
PAGE 129
3) Choose “I want to set up my Internet connection manually, or I want to connect through a local Area network (LAN)”, and then click Next. 4) Choose “I connect through a local area network (LAN)” and then click Next. 5) DO NOT choose any option in the following LAN window for Internet configuration, and just click Next.
PAGE 130
6) Choose “No” and then click Next. 7) Finally, click Finish to exit the Internet Connection Wizard. Now, the set up is completed.  Windows XP 1) Choose Start >> Control Panel >> Internet Option.
PAGE 131
2) Choose the Connections tab, and then click Setup. 3) When the Welcome to the New Connection Wizard window appears, click Next. 4) Choose “Connect to the Internet” and then click Next.
PAGE 132
5) Choose “Set up my connection manually” and then click Next. 6) Choose “Connect using a broadband connection that is always on” and then click Next. 7) Finally, click Finish to exit the Connection Wizard. Now, the setup is completed.
PAGE 133
 TCP/IP Network Setup If the operating system of the PC in use is Windows 95/98/ME/2000/XP, keep the default settings without any changes to directly start/restart the system. With the factory default settings, during the process of starting the system, WHG-1000 with DHCP function will automatically assign an appropriate IP address and related information for each PC.
PAGE 134
3) Using DHCP: If you want to use DHCP, click on the IP Address tab and choose “Obtain an IP address automatically”, and then click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from WHG-1000. 4) Using Specific IP Address: If you want to use a specific IP address, acquire the following information from the network administrator: the IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG-1000.
PAGE 135
4.2) Click on the Gateway tab. Enter the gateway address of WHG-1000 in the “New gateway” field and click Add. Then, click OK. 4.3) Click on DNS Configuration tab. If the DNS Server field is empty, select “Enable DNS” and enter DNS Server address. Click Add, and then click OK to complete the configuration.  Check the TCP/IP Setup of Window 2000 1) Select Start >> Control Panel >> Network and Dial-up Connections.
PAGE 136
2) Right click on the Local Area Connection icon and select “Properties”. 3) Select “Internet Protocol (TCP/IP)” and then click Properties. Now, you can choose to use DHCP or a specific IP address. 4) Using DHCP: If you want to use DHCP, choose “Obtain an IP address automatically”, and then click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from WHG-1000.
PAGE 137
5) Using Specific IP Address: If you want to use a specific IP address, acquire the following information from the network administrator: the IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG-1000. Caution: If your PC has been set up completely, please inform the network administrator before proceeding to the following steps. 5.1) Choose “Use the following IP address” and enter the IP address, Subnet mask.
PAGE 138
5.4) Enter the gateway address of WHG-1000 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to complete the configuration.  Check the TCP/IP Setup of Window XP 1) Select Start >> Control Panel >> Network Connection. 2) Right click on the Local Area Connection icon and select “Properties”.
PAGE 139
3) Click on the General tab and choose “Internet Protocol (TCP/IP)”, and then click Properties. Now, you can choose to use DHCP or a specific IP address. 4) Using DHCP: If you want to use DHCP, choose “Obtain an IP address automatically” and click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from WHG-1000.
PAGE 140
5.1)Choose “Use the following IP address” and enter the IP address, Subnet mask. If the DNS Server field is empty, select “Using the following DNS server addresses” and enter the DNS Server address. Then, click OK. 5.2)Click Advanced to enter the Advanced TCP/IP Settings window. 5.3)Click on the IP Settings tab and click Add below the “Default gateways” column and the TCP/IP Gateway Address window will appear. 5.4)Enter the gateway address of WHG-1000 in the “Gateway” field, and then click Add.
PAGE 141
Appendix B. Policy Priority  Global Policy, Authentication Policy and User Policy WHG-1000 supports multiple Policies, including one Global Policy and 5 individual Policy can be assign to different Authentication Server. Global Policy is the system’s universal policy and applied to all clients, while other individual Policy can be selected and defined to be applied to any Authentication Server. For some authentication, such as Local and RADIUS, user can be assigned to different Policy individually.
PAGE 142
Appendix C. WDS Management The Public Zone of WHG-1000 supports up to 2 WDS links. WDS (Wireless Distribution System) is a function used to connect APs (Access Points) wirelessly to extend wireless coverage. The WDS management function of the system can help administrators to setup two WDS links. Configure WDS, go to: System >> Zone Configuration, click Configure in Public zone. WDS (Wireless Distribution System) is a function used to connect APs (Access Points) wirelessly.
PAGE 143
Appendix D. RADIUS Accounting This section will briefly introduce the basic configuration of RADIUS server to work with VSA for the purpose to control the maximum client volume usage (upload; download or upload + download traffic). This VSA will be sent from RADIUS server to gateway along with an Access-Accept packet. In other words, when the external RADIUS server accepts the request, it will reply not only an Access-Accept but also a maximum value in bytes each user is allowed to transfer.
PAGE 144
If the amount of traffics is larger than 4 GB, the attributes of “XXXX-4GB” will be used. For example, if the amount is 5 GB, the following settings should be set: “WHG-1000-Byte-Amount = 1048576” and “WHG-1000-Byte-Amount-4GB = 1”. On the other hand, when the administrator fills in all attributes, the user will be kicked out from system if any condition is reached.
PAGE 145
Step 3 Click Edit Profile and select the Advanced Tag. Click Add to add a new Vendor-specific attribute.
PAGE 146
Step 4 Add a new attribute under Vendor-specific Set “Vendor Code = 21920”. Check Yes to conform to the RADIUS RFC. Click Configure Attribute to proceed.
PAGE 147
Step 6 Follow the same steps to create other Vendor-specific Attribute if needed.
PAGE 148
3. VSA configuration in RADIUS server (Free RADIUS) This section will guide you through VSA configuration with FreeRADIUS v1.0.5 running on “Fedora”. Before getting started, open the shell of RADIUS server; for example, use Putty to access the Linux host: Step 1 Confirm the following key elements in RADIUS server: users, groups ♦ ♦ Verify whether there are already users in RADIUS Server. Verify whether there are already Groups and assigned users belonging to these Groups in RADIUS Server.
PAGE 149
Step 4 Edit and save the contents of the file “dictionary.WHG-1000” as follows: Administrator can also add other attributes as the table stated in Section 2 with the same format. Step 5 Edit the file “dictionary” under the folder “freeradius”.
PAGE 150
Step 6 To include “dictionary.WHG-1000” in the dictionary of RADIUS server, insert it in an incremental position as follows. Step 7 Open the “radius” database. Step 8 Insert VSA into RADIUS response. In this example, the maximum download and upload traffics in bytes for group03 users is 1MBytes.
PAGE 151
Step 9 Restart RADIUS daemon to get your settings activated.
PAGE 152
Appendix E. On-demand Account types & Billing Plan This section explains the parameters as well as the different account types provided when editing billing plans in On-demand authentication. o Usage-time with Expiration Time: Can access internet as long as account valid with remaining quota (usable time). Need to activate the purchased account within a given time period by logging in for the first time. Ideal for short term usage. For example in coffee shops, airport terminals etc.
PAGE 153
o Usage-time with No Expiration Time: Can access internet as long as account has remaining quota (usable time). Need to activate the purchased account within a given time period by logging in for the first time. Ideal for short term usage. For example in coffee shops, airport terminals etc. Only deducts quota while using. Account expires only when quota depleted.  Quota is the total period of time (xx days yy hrs zz mins), during which On-demand users are allowed to access the network.
PAGE 154
150
PAGE 155
 Hotel Cut-off-time: Hotel Cut-off-time is the clock time (normally check-out time) at which the on-demand account is cut off (made expired) by the system on the following day or many days later. On the account creation UI of this plan, operator can enter a Unit value which is the number of days to Cut-off-time according to customer stay time. For example: Unit = 2 days, Cut-off Time = 13:00 then account will expire on 13:00 two days later.
PAGE 156
o Volume: Can access internet as long as account valid with remaining quota (traffic volume). Account expires when Valid Period has been used up or quota depleted. Ideal for small quantity applications such as sending/receiving mail, transferring a file etc. Count down of Valid Period is continuous regardless of logging in or out.  Quota is the total Mbytes (1~2000), during which On-demand users are allowed to access the network.
PAGE 157
o Duration-time with Elapsed Time: Account activated upon the account creation time. Count down begins immediately after account created and is continuous regardless of logging in or out. Account expires once the Elapsed Time has been reached.
PAGE 158
providing internet service immediately after account creation throughout a specific period of time.  Begin Time is the time that the account will be activated for use. It is set to account creation time.  Elapsed Time is the time interval for which the account is valid for internet access (xx hrs yy mins). o  Price is the unit price of this plan.  Group will be the applied Group to users created from this plan.  Reference field allows administrator to input additional information.
PAGE 159
plan to create ticket set to be Cut-off on 23:00. If an account of this kind is created after the Cut-off Time, the account will automatically expire.  Begin Time is the time that the account will be activated for use. It is set to account creation time. o  Cut-off Time is the clock time when the account will expire.  Price is the unit price of this plan.  Group will be the applied Group to users created from this plan.  Reference field allows administrator to input additional information.
PAGE 160
period of time. For example during exhibition events or large conventions such as Computex where each registered participant will get an internet account valid from 8:00 AM Jun 1 to 5:00 PM Jun 5 created in batch like coupons.  Begin Time is the time that the account will be activated for use, defined explicitly by the operator.  End Time is the time that the account will become expired and not able to use any more, defined explicitly by the operator.  Price is the unit price of this plan.
PAGE 161
Appendix F. External Payment Gateways This section is to show independent Hotspot owners how to configure related settings in order to accept payments via Authorize.net, PayPal, SecurePay or WorlPay, making the Hotspot an e-commerce environment for end users to pay for and obtain Internet access with credit cards. 1. Payments via Authorize.Net Configure Payments via Authorize.Net, go to: Users >> Authentication >> On-demand User >> External Payment Gateway >> Authorize.Net. Before setting up “Authorize.
PAGE 162
 Service Disclaimer Content/ Choose Billing Plan for Authorize.Net Payment Page/Client’s Purchasing Record Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer. Choose Billing Plan for Authorize.Net Payment Page These 10 plans are the plans configured in Billing Plans page, and all previously enabled plans can be further enabled or disabled here, as needed.
PAGE 163
 Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content Authorize.Net Payment Page Fields Configuration o Item: Check the box to show this item on the customer’s payment interface. o Displayed Text: Enter what needs to be shown for this field. o Required: Check the box to indicate this item as a required field. o Credit Card Number: Credit card number of the customer. The Payment Gateway will only accept card numbers that correspond to the listed card types.
PAGE 164
o E-mail: An email address may be provided along with the billing information of a transaction. This is the customer’s email address and should contain an @ symbol. o Customer ID: This is an internal identifier for a customer that may be associated with the billing information of a transaction. This field may contain any format of information. o First Name: The first name of a customer associated with the billing or shipping address of a transaction.
PAGE 165
2. Payments via PayPal Configure Payments via PayPal, go to: User >> Authentication >> On-demand User >> External Payment Gateway >> PayPal. Before setting up “PayPal”, it is required that the hotspot owners have a valid PayPal “Business Account”. After opening a PayPal Business Account, the hotspot owners should find the “Identity Token” of this PayPal account to continue “PayPal Payment Page Configuration”.
PAGE 166
 Service Disclaimer Content / Choose Billing Plan for PayPal Payment Page o Service Disclaimer Content: View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here. o Choose Billing Plan for PayPal Payment Page: These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled.
PAGE 167
3. Payments via SecurePay Configure Payments via SecurePay, go to: Users >> Authentication >> On-demand User>> External Payment Gateway >> SecurePay. Before setting up “SecurePay”, it is required that the hotspot owners have a valid SecurePay “Merchant Account” from its official website.
PAGE 168
 SecurePay Page Configuration Merchant ID: The ID that is associated with the Merchant Account. Merchant Password: This is the key used by Secure Pay to validate all the transactions. Payment Gateway URL: The default website address to post all transaction data. Verify SSL Certificate: This is to help protect the system from accessing a website other than Secure Pay. Currency: The currency to be used for the payment transactions.
PAGE 169
4. Payments via World Pay Configure Payments via WorldPay, go to: Users >> Authentication >> On-demand User >> External Payment Gateway >> WorldPay.  WorldPay Payment Configuration WorldPayInstallation ID: The ID of the associated Merchant Account. Payment Gateway URL: The default website of posting all transaction data. Currency: The currency to be used for the payment transactions.
PAGE 170
View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here.  WorldPay Billing Configuration These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled.  WorldPay Note Content The message content will be displayed as a special notice to end customers.
PAGE 171
STEP④. Check the Enable Payment Response checkbox. STEP⑤. Enter the Payment Response URL.  URL : STEP⑥. Check the Enable the Shopper Response.
PAGE 172
STEP⑦. Select the Save Changes button STEP⑧. Input Installation ID and Payment Gateway URL in gateway UI.  Installation ID: 2009test  URL : https://select.wp3.rbsworldpay.com/wcc/purchase Note: The WAN IP of gateway must be real IP.