Page 1
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus AMG-2100 Gigabit Access and AP Management Gateway AMG-2101 Gigabit Access and AP Management Gateway Plus User’s Manual V1.0...
Front Panel ............................9 2.3.2 Real Panel ............................10 Preparation before the Installation ..................11 Hardware Installation .......................12 Accessing Web Management Interface................14 Placing AMG-2100/AMG-2101 in a Network Environment .....16 Network Requirement ......................16 Setting up WAN1 Port ......................16 3.2.1 Static IP...............................17 3.2.2 DHCP (Dynamic IP).........................18 3.2.3...
Page 3
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus AP Security ...........................77 Change managed AP settings ....................78 AP Operations from AP List ....................81 5.7.1 Reboot, Enable, Disable and Delete the AP................81 5.7.2 Apply Template ..........................82...
Page 4
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 9.10 Network Utility ..........................137 9.10.1 Wake-on-LAN ..........................138 9.10.2 Ping ..............................138 9.10.3 Trace Route ............................138 9.10.4 Show ARP Table..........................138 9.11 Monitor IP Link..........................139 9.12 Console Interface........................140...
Page 5
If you would like a copy of the GPL or other open source code in this software on a physical CD medium, LevelOne (Digital Data Communications) offers to mail this CD to you upon request, for a price of US$9.99 plus the cost of shipping.
Besides this document, there is a “Quick Installation Guide” (QIG), which is for starting up AMG-2100/AMG-2101 quickly. It is recommended to start with the QIG, and then refer to this manual for further details. Some special topics are addressed separately in the Appendixes.
Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 1.3 Package Checklist The standard package of AMG-2100/AMG-2101 includes: AMG-2100/AMG-2101 x 1 CD-ROM (with User’s Manual and QIG) x 1 Quick Installation Guide (QIG) x 1...
2. System Overview and Getting Start 2.1 Introduction of AMG-2100/AMG-2101 AMG-2100/AMG-2101 is an all-in-one product specially designed for wired and wireless data network environments in middle scaled WLAN deployments. AMG-2100/AMG-2101 is a high-performance industrial grade network appliance, capable of supporting the network access management for a larger user base.
With its billing plan and payment features, WISPs and hospitalities (such as hotels, conventions) will find AMG-2100/AMG-2101 is an instant revenue generator without requiring hefty equipment investment or long term outsourcing service supports. AMG Series products are most affordable, best price-performance appliances, comparing to the similar equipments in the fields of Network Access Controllers, Wireless Controllers, Clientless VPN Gateway or Hotspot Subscriber Gateway.
AMG-2100/AMG-2101 to suit his own specific application. It is sufficient for most of administrators to use the default configuration with minor WAN/DNS address changes for simple deployments.
Page 11
A user needs only one account in the common database to access the network from different campuses. Service Zone is a logic partition of AMG-2100/AMG-2101’s LAN network. The concept of Service Zone is similar to the concept of virtual LAN (VLAN), which can be used to group the network traffic or network services for clients on the same VLAN segment, regardless of the clients’...
Page 12
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus A Service Zone may or may not require client authentication, depending on how the administrator sets it up. If a Service Zone requires user authentication, the client will be prompted for the login in first before using the network services, no matter the client is connecting to its SSID wirelessly or a switch port via wired line.
Page 13
Service Zones of AMG-2100/AMG-2101 – one for staff, one for students, and one for the guests. He also uses one zone for some shared servers in the diagram.
WAN1/ WAN2: Two WAN ports (10/100/1000 Base-T RJ-45) are connected to the external network, such as the ADSL Router from your ISP (Internet Service Provider). LAN1/ LAN2: Client machines connect to AMG-2100/AMG-2101 via these LAN ports (10/100/1000 Base-T RJ-45). Reset: Press and hold the Reset button for about 5 seconds and status of LED on front panel will start to blink before restarting the system.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 2.3.2 Real Panel Power Supply Socket: Connecting the power cord to the built-in open-frame power supply (Input: 100~240 VAC, 50/60 Hz ). Power Switch: Power-On (|) & Power-Off ( O ).
4) Prepare a PC with Web browser for accessing the Web Management Interface. 5) Identify an upstream device to plug in AMG-2100/AMG-2101 in your network, such as ADSL, CABLE modem or other edge devices. Collect the DNS server address provided by your ISP.
4) Connect an Ethernet cable to the Mgmt Port on the front panel. Connect the other end of the Ethernet cable to an administrator PC for configuring the AMG-2100/AMG-2101 system. Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel. Connect the other end of the Ethernet cable to an AP for extending wireless coverage;...
Page 18
Figure 3 below is a simple network diagram for the initial installation and configuration. Start with this simple network topology to set up AMG-2100/AMG-2101 for the first time; it helps to plan a more sophisticated network topology to suits your specific application needs later.
IP address from LAN Port is“https://192.168.255.254” (“https” is used for a secured connection). For the first time, if AMG-2100/AMG-2101 is not using a trusted SSL certificate, there will be a “Certificate Error”, because the browser treats AMG-2100/AMG-2101 as an illegal website. Please press “Continue to this website”...
Page 20
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus The administrator login page will appear. Enter “admin”, the default username, and “admin”, the default password, in the UserName and Password fields. Click LOGIN to log in.
Layer-2 switches or VLAN switches, between AMG-2100/AMG-2101’s LAN ports and the client devices. 3.2 Setting up WAN1 Port AMG-2100/AMG-2101’s two WAN ports are marked as WAN1 and WAN2 on the front panel. WAN1 port supports four connection types: Static, Dynamic, PPPoE and PPTP. WAN2 port supports 3 connection types: Static, Dynamic and PPPoE.
When the ISP assigns you static IP address, or for other reason, your network requires you to use a fixed IP address, then you (as the administrator of AMG-2100/AMG-2101) will manually enter the fixed IP address as AMG-2100/AMG-2101’s WAN address.
AMG-2100/AMG-2101) configure AMG-2100/AMG-2101 to receive an IP address dynamically as AMG-2100/AMG-2101’s WAN1 address. Dynamic: It is only applicable for the network environment where the DHCP server is available on the upstream network. Click the Renew button to get an IP address automatically.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.2.3 PPPoE If the ISP requires you use PPPoE Dialup connection, then the ISP will issue you an account with a password. You would need to enter the account credential in the WAN configuration page for dialing up to the ISP.
Although not a popular method, PPTP protocol for dialup connections is adapted by some ISPs (in European Countries). AMG-2100/AMG-2101 offers the PPTP dialup feature for the rare cases. Your PPTP ISP will issue you an account with a password as well as the PPTP server address.
Settings). Note: By default, all Policies of AMG-2100/AMG-2101 use WAN1 as the outgoing gateway; that is, all user groups’ traffic will use WAN1 as the Internet feed. Administrator can change the Routing Profile of a Policy to use WAN2 as default gateway; that way, for the groups bounded by the Policy will use WAN2 as their Internet feed.
Page 27
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Static: Manually specifying the IP address of the WAN port. The red asterisks indicate required fields to be filled in. IP Address: the IP address of the WAN2 port.
Page 28
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus PPPoE: When selecting PPPoE to connect to the network, please set the “User Name”, “Password”. MTU: Short for Maximum Transmission Unit of a PPPoE frame. The PPPoE protocol allows an Ethernet frame’s size to be up to 1492 bytes, but some ISP’s network equipments may support...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.4 Other WAN Traffic Settings It is a good idea to have two Internet feeds to the system, especial from two different ISP; it adds the service reliability to your clients by turning on WAN-Failover feature.
Configure WAN Failover: Go to: System >> WAN Traffic. Enable WAN Failover: Normally AMG-2100/AMG-2101 uses WAN1 as it primary WAN interface. When WAN Failover is enabled and WAN2 is available, WAN1's traffic will be routed to WAN2 when WAN1 connection is down. On the other hand, a Service Zone’s policy could also use WAN2 as its interface;...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.4.2 Load Balance Configure Load Balance Go to: System >> WAN Traffic. Enable Load Balancing: Outbound load balancing is supported by the system. When enabled, the system will allocate traffic between WAN1 and WAN2 dynamically according to designed algorithms based on the weight ratio.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.4.3 Internet Connection Detection The system will periodically check to see if the Internet (uplink) connection is down by seeing if it can get responses from three target sites.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.4.4 WAN Bandwidth Control The section is for administrators to configure the control over the entire system’s traffic though the WAN interface (WAN1 and WAN2 ports).
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.5 LAN Partition -- Service Zone Configure Service Zone, go to: System >> Service Zones. A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices.
Page 35
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Tag-Base Service Zone Name: Mnemonic name of the Service Zone. LAN Port Mapping (Port Base only): Choose which port is mapped to which Service Zone.
In Port-Based mode, each LAN port can only serve traffic from one Service Zone. An example of network application diagram is shown as below: one Service Zone for Employees and one for Guests. Caution: The switches deployed under AMG-2100/AMG-2101 in Port-Based mode must be Layer 2 switches only.
Page 37
Service Zone. So you need a VLAN switch or VLAN AP to take care the VLAN tags carried within the message frames. An example of network application diagram is shown as below: more than two Service Zones for different departments. Caution: The switch deployed under AMG-2100/AMG-2101 in Tag-Based mode must be a VLAN switch only.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.5.2 Configure Service Zone network Configure Service Zone, go to: System >> Service Zones. Service Zone Status: Each service zone can be enabled or disabled except for the default service zone.
Page 39
Note: please change the Management IP Address List accordingly (at System Configuration>> System Information >> Management IP Address List) to permit the administrator to access the AMG-2100/AMG-2101 admin page after the default IP address of the network interface is changed.
Configure Tag Base or Port Base, go to: System >> LAN Port Mapping. AMG-2100/AMG-2101 supports multiple Service Zones in either of the two VLAN modes, Port-Based or Tag-Based, but not concurrently. In Port-Base mode, each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports.
Page 41
Caution: The switches deployed under AMG-2100/AMG-2101 in Port-Based mode must be Layer2 Switches only. The switch deployed under AMG-2100/AMG-2101 in Tag-Based mode must be a VLAN switch only. Port-Based: When Port-Based mode is selected; traffic from different virtual Service Zones will be distinguished by physical LAN ports.
Page 42
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Tag-Based: When the Tag-Based mode is selected, traffic from different virtual Service Zones will be distinguished by VLAN tagging, instead of by physical LAN ports.
NTDOMAIN). In addition, there are two optional servers, On-demand User and SIP, which also can be selected by the system. Auth Option: There are several authentication options supported by AMG-2100/AMG-2101: Server 1 to Server 4, On-demand User, and SIP. Click the hyperlink of the respective Server Name to configure the authentication server.
Page 44
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Authentication Option Configuration Click on the server name to set the configuration for that particular server. After completing and clicking Apply to save the settings, go back to the previous page to select a server to be the default server and enable or disable any server in each service zone.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.1.1 Local Choose “Local” from the Authentication Database field. Click the button Configure for further configuration. Local User List: It let the administrator to view, add or delete local user account. The Upload User button is for importing a list of user account from a text file.
Page 46
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Add User: Click this button to enter into the Adding User(s) to the List interface. Fill in the necessary information such as “Username”, “Password”, “MAC Address”, and “Remark”.
Page 47
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Edit User: If editing the content of individual user account is needed, click the username of the desired user account to enter the User Profile Interface for that particular user, and then modify or add any desired information such as Username, Password, MAC Address (optional), Applied Group (optional), Enable Local VPN (optional) and Remark (optional).
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.1.2 POP3 Choose “POP3” from the Authentication Database field. Except Local authentication, the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.1.3 RADIUS Choose “RADIUS” from the Authentication Database field. Except Local authentication, the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.1.4 LDAP Choose “LDAP” from the Authentication Database field. Except Local authentication, the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database.
Page 51
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Server: The IP address of the external LDAP server. Port: The authentication port of the external LDAP server. Service Protocol: The transferring type of service protocol for LDAP authentication with 3 types available: LDAP, LDAPS, and LDAP+StartTLS.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.1.5 NT Domain Choose “NT Domain” from the Authentication Database field. Except Local authentication, the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.1.6 On-Demand Users On-demand User Server Configuration: The administrator can enable and configure this authentication method to create on-demand user accounts. This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment.
Page 54
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Ticket Customization On-demand account ticket can be customized here and previewed on the screen. Receipt Header: There are 3 receipt headers supported by the system. The entered content will be printed on the receipt.
Page 55
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Billing Plans Administrators can configure several billing plans. Click Edit button to enter the page of Editing Billing Plan. Click Apply to save the plan. Go back to the screen of Billing Plans, check the Enable checkbox or click Select all button, and then click Apply, the plan(s) will be activated.
Page 56
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Cut-off: Cut-off Time is the time of day at which the on-demand account is cut off (made expired) by the system on that day. Unit is the day periods of this Cut-off billing plan. Please...
Page 57
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Volume: Volume is the maximum Mbytes at which the on-demand account could be used by the system. Quota is the total Mbytes (1~2000), during which On-demand users are allowed to access the network.
Page 58
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Duration-time with Absolute Expiration Time: The scenario of this type is that a client goes to an exhibition and purchases an on-demand account. The exhibition is from 09:00 02/Jun/2009 ~ 18:00 07/Jun/2009.
Page 59
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Note: If no Billing plan is enabled, accounts cannot be created by clicking Create button. Please goes back to Billing Plans to active at least one Billing plan by clicking Edit button and Apply the setting to activate the plan.
Page 60
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus...
Page 61
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus On-demand Account Batch Creation After at least one plan is enabled, the administrator can generate multiple on-demand user accounts once by batch creation. Click this to enter the On-demand Account Batch Creation. Enter the desired number of accounts of enabled plans to create a batch of on-demand accounts together.
Page 62
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus On-demand Account List All created On-demand accounts are listed and related information on is also provided. Search: Enter a keyword of a username, External ID, or reference, to be searched in the text filed and click this button to perform the search.
Page 63
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Redeem On-demand Accounts For Usage-time accounts, when the remaining quota is insufficient or if they are almost out of quota, they can use redeem function to extend their quota. After the user has got, or bought, a new account, they just need to click the Redeem button in the login success page to enter Redeem Page, input the new account Username and Password and then click Submit.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.2 Users Group Configure Users Group, go to: Users >> Group. There are multiple groups for divide users. A Group which can be allowed to access a Service Zone or not;...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.2.1 Assign users to a Group Configure users to a Group, go to: Users >> Authentication. This section shows how to group users, how to rule each grouped user with different policy as he moves...
Page 66
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus In this example, Group 1 users are allowed to access the internet in 5 places; Service Zone 0,1,4,6, and 8. They must follow policy 1 at Service Zone 1, 6 and 8. They are ruled by Policy 3 at Service Zone 1 and by Policy 8 at Service Zone 4.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.2.2 Permission in Service Zone Configure Permission in Service Zone, go to: Users >> Group. A Group can be allowed to access one Service Zone or multiple Service Zones. Moreover, a Group can be applied different Policies within different Service Zones.
Page 68
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Group Option: The name of Group options available for selection. Enabled: Select Enabled to allow clients of the enabled Groups to log in to this Service Zone under constraints of the selected Policies.
Page 69
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus At Service Zone 1, Group 1 user is ruled by Policy 3. Group 2 is by Policy 9 and Group 3 is by Policy 11.
1. Open an Internet browser and try to connect to any website (in this example, we try to connect to www.google.com). For the first time, if the AMG-2100/AMG-2101 is not using a trusted SSL certificate (for more information, please see 4.2.5 Additional Configuration), there will be a “Certificate Error”, because the browser treats AMG-2100/AMG-2101 as an illegal website.
Page 71
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 2. Enter the username and password (for example, we use a local user account: test@local here) and then click Submit button. If the Remember Me check box is checked, the browser will remember this user’s name and password so that he/she can just click Submit next time he/she wants to login.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.3.1 Default Authentication In each Service Zone, there are different types of authentication database (LOCAL, POP3, RADIUS, LDAP, NTDOMAIN, ONDEMAND, and SIP) that are supported by the entire system.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4.3.3 Disable Authentication in Service Zone Configure Authentication in Service Zone, go to: System >> Service Zones. Authentication Required For the Zone: When it is disabled, users will not need to...
5. Managing Wireless Network 5.1 AMG-2100/AMG-2101 with Multiple Type of AP Beside the LAN ports in AMG-2100/AMG-2101, you can connect AP to AMG-2100/AMG-2101 to extent the network access by wireless. AMG-2100/AMG-2101 can manager multiple types of AP, such as, WAB-3003 (108M 11g Outdoor PoE AP), WAP-3101 (108M 11g PoE Wireless Access Point), WAP-6002 (150M N Wireless Access Point), WAP-6011 (300M N_Max Wireless Access Point).
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.2 Configure AP Template Configure AP Template, go to: Access Points >> Templates. Template is a model that can be copied to every AP and not necessary to configure the AP individually.
Page 76
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus General Setting: In this section, revise the Subnet Mask and Default Gateway here if desired. Configure the NTP Servers and Time Zone. Besides, it can enable SYSLOG server to...
Page 77
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Wireless: SSID Broadcast: Select this option to enable the SSID to broadcast in your network. When configuring the network, it is suggested to enable this function but disable it when the configuration is complete.
After AP template configuration is finish, use this function to detect and manage all of the APs in the network segments. Note that AMG-2100/AMG-2101 can only manage APs that are connected to its LAN ports. Therefore, the AP discovery function is for adding locally connected APs to its management list.
Page 79
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Discovery Results: The discovered new APs will be listed here. When the system’s Service Zone is set to Tag-based mode, service zones also can be assigned here. After clicking Add, the current management page is directed to AP List, where the newly added APs will show up with a status of “configuring”.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.4 AP with Service Zone Configure AP with Service Zone, go to: System >> Service Zones. Service Zone Settings – Assigned IP Address for AP Management Under port-based service zone, each service zone can designate an IP segment for IP address assignment to the managed AP when the newly discovered AP is added into the service zone.
Page 81
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Service Zone Settings – Access Control for Service Zone All managed APs (VAP) that belong to this service zone have same ACL table. When the status is Allowed, only these clients whose MAC addresses are listed in this list can be allowed to connect to the AP;...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.5 AP Security Configure AP Security, go to: System >> Service Zones. Security: For each service zone, administrators can set up the wireless security profile, including Authentication and Encryption.
Configure AP settings in AP List, go to: Access Points >> List. All of the APs under the management of AMG-2100/AMG-2101 will be shown in the list. The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status.
Page 84
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus General Setting: Click the link to enter the General Setting interface. Firmware information also can be observed here. LAN Setting: Click the link to enter the LAN Setting interface. Input the data of LAN including IP address, Subnet Mask and Default Gateway of AP.
Page 85
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Status After clicking the hyperlink in the Status column, there are two areas of information shown: AP Status Summary and AP Status Details.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.7 AP Operations from AP List Configure AP List, go to: Access Points >> List. 5.7.1 Reboot, Enable, Disable and Delete the AP Select any AP by the check the checkbox and then click the button below to Reboot, Enable, Disable and Delete the selected AP if desired.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.7.2 Apply Template Select any AP by check the checkbox and then click Apply Template; select one template to apply to the AP.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.7.3 Change Service Zone Select any AP by the check the checkbox and then click Apply Service Zone to select which Service Zones this AP associates to. For example, if SZ3 and SZ5 are selected for this AP, then these two Service Zones will be available under this AP.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.7.4 AP Background Discovery Configure AP Background Discovery, go to: AP Management >> Discovery. Background AP Discovery: Click Configure to enter Background AP Discovery interface and go on related configuration.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.7.5 Manually add AP Configure AP adding by Manually, go to: Access Points >> Adding. The AP also can be added manually even though when it is offline. Input the related data of the AP and select a Template.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.7.6 Firmware management and upgrade Configure Firmware management, go to: Access Points >> Firmware. Firmware Upload displays the current version of the AP’s firmware. New firmware can be uploaded here to update the current firmware.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 6. Policies and Access Control 6.1 Black List Configure Black List, go to: Users >> Black List. The administrator can add, delete, or edit the black list for user access control. Each black list can include lots of users.
Page 93
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus After the Black List is setup completed. You can select the Black List in each Authentication Server to let it to become effective.
MAC ACL: With this function, only the users with their MAC addresses in this list can login to AMG-2100/AMG-2101. There are maximum users allowed in this MAC address list. User authentication is still required for these users. Click Edit to enter the MAC Address Control list. Fill in these MAC addresses, select Enable, and then click Apply.
6.3 Policy Configure Policy, go to: Users >> Policy. AMG-2100/AMG-2101 supports multiple Policies, including one Global Policy and other individual Policy. Each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users. Global Policy is the system’s universal policy and applied to all clients, while other individual Policy can be selected and defined to be applied to any Service Zone.
Page 96
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Select Policy: Select Global to set the Firewall Profile, Specific Route Profile and Maximum Concurrent Session. Firewall Profile: Global policy and each policy have a firewall service list and a set of firewall profile which is composed of firewall rules.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 6.3.1 Firewall Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules.
Page 98
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus If the Protocol Type is ICMP, it will need to define Type and Code. If the Protocol Type is IP, it will need to define Protocol Number.
Page 99
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Selecting the Filter Rule Number 1 as an example: Rule Number: This is the rule selected “1”. Rule No. 1 has the highest priority; rule No.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 6.3.2 Routing Specific Route Profile: Click the button of Setting for Specific Route Profile, the Specific Route Profile list will appear. 1. Specific Route Specific Route Profile: The Specific Route is use to control clients to access some specific IP segment by the specified gateway.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 2. Default Gateway Default Gateway: The default gateway of WAN1, WAN2, or a desired IP address can be defined in each Policy except Global Policy. When Specific Default Route is enabled, all clients applied with this Policy will access the Internet through this default gateway.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 6.3.3 Schedule Schedule Profile: Click Setting of Schedule Profile to enter the configuration page. Select Enable to show the Permitted Login Hours list. This function is used to limit the time when clients can log in.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 6.3.4 Sessions Limit To prevent ill-behaved clients or malicious software from using up the system’s connection resources, the administrator can restrict the number of concurrent sessions that a user can establish.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 6.4 QoS Traffic Class and Bandwidth Control Configure QoS, go to: Users >> Group. QoS Profile: Set parameters for traffic classification. Traffic Class: A Traffic Class can be chosen for a Group of users. There are four traffic classes: Voice, Video, Best-Effort and Background.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7. Users’ Login and Logout 7.1 Before User Login 7.1.1 Login with SSL Configure HTTPS, go to: System >> General. HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering.
Internal Domain Name is the domain name of the AMG-2100/AMG-2101 as seen on client machines connected under service zone. It must conform to FQDN (Fully-Qualified Domain Name) standard. A user on client machine can use this domain name to access AMG-2100/AMG-2101 instead of its IP address.
Page 107
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Click “Continue to this website” to access the user login page. To Use Default Certificate: Click Use Default Certificate to use the default certificate and key. Click...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.1.3 Administrator Contact Information Configure Administrator Contact Information, go to: System >> General. Administrator Contact Information will appear in the user Login Fail window. When the user login fail with duplicate IP address or MAC address, system will show this contact information to the user by the Login Fail window.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.1.4 Walled Garden Configure Walled Garden, go to: Network >> Walled Garden. This function provides certain free services for users to access the websites listed here before login and authentication.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.1.5 Walled Garden AD List Configure Walled Garden AD List, go to: Network >> Walled Garden AD List. This function provides advertisement web pages for users to access free advertisement websites listed before login and authentication.
Page 111
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.1.6 Mail Message Configure Mail Message, go to: System >> Service Zones. When enabled, the system will automatically send an email to users if they attempt to send/receive their emails using POP3 email program (for example, Microsoft Outlook) before they are authenticated.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.2 After User Login 7.2.1 Browse which Home Page after login success Configure Portal URL, go to: System >> General. If enable this function, enter the URL of a Web server as the homepage. Once logged in successfully, users will be directed to this homepage, such as http://www.google.com, regardless of the original...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.2.2 Idle Timer Configure Idle Timer, go to: Users >> Additional Configuration. If a user has idled with no network activities, the system will automatically kick out the user. The...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.2.3 Multiple Login Configure Multiple Login, go to: Users >> Additional Configuration. When enabled, a user can log in from different computers with the same account. (This function doesn’t support On-demand users and RADIUS authentication.)
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.2.5 Local Users Change Password Privilege Configure Local Users Change Password Privilege, go to: Users >> Group. Privilege Profile: Change Password Change Password Privilege: When Change Password Privilege is enabled, the authenticated local users within this Group are allowed to change their password via the Login Success Page.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 7.2.6 On-demand Account Creation Privilege Configure On-demand Account Creation Privilege, go to: Users >> Group. Privilege Profile: On-demand Account Creation When On-demand Account Creation Privilege is enabled, the authenticated users within this Group are allowed to create On-demand account via the Login Success Page.
Page 118
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Caution: This function is not for On-demand User. On-demand users can not create another On-demand user.
Configure Proxy Server, go to: Network >> Proxy Server. Basically, a proxy server can help clients access the network resources more quickly. This section presents basic examples for configuring the proxy server settings of AMG-2100/AMG-2101. Using Internet Proxy Server The first scenario is that a proxy server is placed outside the LAN environment or in the Internet. For example, the following diagram shows that a proxy server of an ISP will be used.
Page 120
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Step 3. Make sure that the proxy server settings match with at least one of the proxy server setting of the system – for example, in this case, 203.125.142.1:3128 matches with blank:3128.
Page 121
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Caution: It is required that the proxy server setting of the clients match with the proxy server setting of the system. Otherwise, users will not be able to get the Login page for authentication via browsers and it will show an error page in the browser.
Page 122
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Using Extranet Proxy Server The second scenario is that a proxy server is placed in the Extranet (such as DMZ), which all users from the Intranet or the Internet are able to access.
Page 123
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Caution: It is required that the proxy server setting of the clients match with the proxy server setting of the system. Otherwise, users will not be able to get the Login page for authentication via browsers...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 8. Networking Features of a Gateway 8.1 DMZ Configure DMZ, go to: Network >> NAT >> DMZ (Demilitarized Zone). The system supports Internal IP address (LAN) to External IP address (WAN) mapping in the Static Assignments.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 8.2 Virtual Server Configure Virtual Server, go to: Network >> NAT >> Public Accessible Server. This function allows the administrator to set virtual servers, so that client devices outside the managed network can access these servers within the managed network.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 8.3 Privilege List Configure Privilege List, go to: Network >> Privilege. Setup the Privilege IP Address List and Privilege MAC Address List. The clients in the list can...
IP addresses of these workstations in the “Granted Access by IP Address”. The “Remark” field is not necessary but is useful to keep track. AMG-2100/AMG-2101 allows privilege IP addresses at most. These settings will become effective immediately after clicking Apply.
In addition to the IP address, the MAC address of the workstations that need to access the network without authentication can also be set in the “Granted Access by MAC Address”. AMG-2100/AMG-2101 allows privilege MAC addresses. When manually creating the list, enter the MAC address (the format is xx:xx:xx:xx:xx:xx) as well as the remark (not necessary). These settings will become effective immediately after clicking Apply.
8.4 IP Plug and Play Configure IP Plug and Play, go to: Network >> Client Mobility AMG-2100/AMG-2101 supports IP PNP function. User can login and access network with any IP address setting. At the user end, a static IP address can be used to connect to the system. Regardless of what the IP...
Before activating this function, you must have your Dynamic DNS hostname registered with a Dynamic DNS provider. AMG-2100/AMG-2101 supports DNS function to alias the dynamic IP address for the WAN port to a static domain name, allowing the administrator to easily access AMG-2100/AMG-2101’s WAN.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 8.6 Port and IP Redirect Configure Port and IP Redirect, go to: Network >> NAT >> Port and IP Forwarding. This function allows the administrator to set the IP addresses for redirection purpose. When the user attempts to connect to a destination IP address listed here, the connection packet will be converted and redirected to the corresponding destination.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 9. System Management and Utilities 9.1 System Time Configure System Time, go to: System >> General. 9.1.1 NTP NTP (Network Time Protocol) communication protocol can be used to synchronize the system time with remote time server.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 9.2 Management IP Configure Management IP, go to: System >> General. Only PCs within this IP range on the list are allowed to access the system's web management interface.
Configure Access History IP, go to: System >> General. Specify an IP address of the administrator’s computer or a billing system to get billing history information of AMG-2100/AMG-2101 with the predefined URLs. The file name format is “yyyy-mm-dd”. An example is provided as follows: Traffic History:https://10.2.3.213/status/history/2005-02-17...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 9.4 SNMP Configure SNMP, go to: System >> General. If this function is enabled, the SNMP Management IP and the Community can be assigned to access the...
Gigabit Access and AP Management Gateway Plus 9.5 Three-Level Administration AMG-2100/AMG-2101 supports three kinds of account interface. You can log in as admin, manager or operator. The default usernames and passwords show as follows: Admin: The administrator can access all configuration pages of AMG-2100/AMG-2101.
Page 137
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Operator: The operator can only access the configuration page of Create On-demand User to create new on-demand user accounts and print out the on-demand user account receipts.
Configure Change Password, go to: Utilities >> Password Change. There are three levels of authorities: admin, manager or operator. The default usernames and passwords are as follows: Admin: The administrator can access all configuration pages of AMG-2100/AMG-2101. User Name: admin Password: admin...
Backup System Settings: Click Backup to create a .db database backup file and save it on disk. Restore System Settings: Click Browse to search for a .db database backup file created by AMG-2100/AMG-2101 and click Restore to restore to the same settings at the time when the backup file was saved.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 9.8 Firmware Upgrade Configure Firmware Upgrade, go to: Utilities >> System Upgrade. The administrator can download the latest firmware from website and upgrade the system here. Click Browse to search for the firmware file and click Apply for the firmware upgrade.
This function allows the administrator to safely restart AMG-2100/AMG-2101, and the process might take approximately three minutes. Click YES to restart AMG-2100/AMG-2101; click NO to go back to the previous screen. If the power needs to be turned off, it is highly recommended to restart AMG-2100/AMG-2101 first and then turn off the power after completing the restart process.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 9.10 Network Utility Configure Network Utility, go to: Utilities >> Network Utilities. System provide some network utilities to allow administrators to use, the functions including...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 9.10.1 Wake-on-LAN It allows the system to remotely boot up a power-down computer with Wake-On-LAN feature enabled in its BIOS and it is connect to any service zone. Enter the MAC Address of the desired device and click Wake Up button.
Configure Monitor IP Link, go to: Network >> Monitor IP. AMG-2100/AMG-2101 will send out a packet periodically to monitor the connection status of the IP addresses on the list. On each monitored item with a WEB server running, administrators may add a link for the easy access by entering the IP, select the Protocol to http or https and then click Create.
Enter key to make selection or confirm what you enter. 3. Once the console port of AMG-2100/AMG-2101 is connected properly, the console main screen will appear automatically. If the screen does not appear in the terminal simulation program automatically, please try to press the arrow keys, so that the terminal simulation program will send some messages to the system, where the welcome screen or main menu should appear.
Page 146
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems. The utilities are described as follows: Ping host (IP): By sending ICMP echo request to a specified host and wait for the response to test the network status.
Page 147
Although it does not require a username and password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore, we recommend you to immediately change the AMG-2100/AMG-2101 Admin username and password after logging in the system for the first time.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10. System Status and Reports 10.1 View the status This section includes System, Interface, Hardware, Routing Table, Online Users, User Logs, and E-mail & SYSLOG to provide system status information and online user status.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10.1.1 System Status View System Status, go to: Status >> System. This section provides an overview of the system for the administrator.
Page 150
The present firmware version of AMG-2100/AMG-2101 Firmware Version The current build number. Build The system name. The default is AMG-2100/AMG-2101 System Name Homepage Redirect URL The page the users are directed to after initial login success. The IP address and port number of the external Syslog Server. N/A Syslog server- System Log means that it is not configured.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10.1.2 Interface Status View Interface Status, go to: Status >> Interface. This section provides an overview of the interface for the administrator including WAN1, WAN2, SZ Default and SZ1 ~ SZ8.
Page 152
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus The description of the above-mentioned table is as follows: Description Item The MAC address of the WAN1 port. MAC Address The IP address of the WAN1 port.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10.1.3 Hardware Information View Hardware Information, go to: Status >> Hardware. It will show the current CPU and Memory usage of the system.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10.1.4 Routing Table View Routing Table, go to: Status >> Routing Table. All the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10.1.5 Online Users View Online Users, go to: Status >> Online Users. In this page, each online user’s information including Username, IP Address, MAC Address, Pkts In, Bytes In, Pkts Out, Bytes Out, Idle, Access From and Kick Out will be shown.
View User Logs, go to: Status >> User Logs. This page is used to check the traffic history of AMG-2100/AMG-2101. The history of each day will be saved separately in the system memory for at least 3 days (72 full hours). The system also keeps a cumulated record of the traffic data generated by each user in the latest 2 calendar months.
Page 157
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Users Log All activities occur on the system within the nearest 72 hours are recorded; in date and time order. As shown in the following figure, each line is a traffic history record consisting of the following fields, Date, Type, Name, IP, MAC, Pkts In, Bytes In, Pkts Out and Bytes Out of the user activities.
Page 158
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus SIP Call Usage Log The log provides the login and logout activities of SIP clients (device and soft clients), such as Start Time, Caller, Callee and Duration (seconds).
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10.1.7 Local User Monthly Network Usage View Local User Monthly Network Usage, go to: Status >> User Logs. Monthly Network Usage of Local User The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months.
10.2 Notification Configure Notification, go to: Status >> E-mail & SYSLOG. AMG-2100/AMG-2101 can automatically send the notification of Monitor IP Report, Users Log, On-demand Users Log, Session Log and AP Status Change to more than one particular e-mail addresses. The notification of AP Status is triggered by the event when a managed AP becomes unreachable while the other types of emails are sent periodically in given intervals such as 1 hour.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10.2.1 E-Mail Notification E-mail Settings: Receiver Email Address(es): The e-mail addresses can be set up to receive the notification. These are the receiver’s e-mail addresses. There are different kinds of notification to be selected -- Monitor IP Report, Users Log, On-demand Users Log, Session Log and AP Status Change, and check which type of notification to be sent.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 10.2.2 SYSLOG SYSLOG Server Settings: There are multiple types of Syslog supported: System Log, On-demand User Log, Session Log and Hardware Log. Enter the IP address and Port number to specify which and from where the report should be sent to.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 11. Virtual Private Network (VPN) 11.1 Local VPN Configure Local VPN, go to: Users >> Authentication. The system is equipped with IPSec VPN feature. To utilize IPSec VPN supported by Microsoft Windows XP SP2 (with patch) and Windows 2000 operating systems, the system implements IPSec VPN tunneling technology between client’s windows devices and the system itself regardless of wired or...
Page 164
The ActiveX component helps set up individual IPSec VPN tunnels between clients and AMG-2100/AMG-2101 and check the validity of IPSec VPN tunnels between them. If the connection is down, the ActiveX component will detect the broken link and decompose the IPSec tunnel. Once the IPSec VPN tunnel was built, all sent packets will be encrypted.
Page 165
To ensure that the built-in IPSec VPN tunnel is always alive, unless clients decide to close the session and to disconnect from AMG-2100/AMG-2101, the following conditions or behaviors, which may cause the Internet Explorer to stop the ActiveX, should be avoided.
Page 166
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus (3) Execution of instructions given by the following Windows messages: Close the Windows Internet Explorer. Click Logout on Login Success page. Click Back or Refresh of the same Internet Explorer browser page.
Page 167
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus • FAQ (1) How to clean IPSec client? ANS: Open a command prompt window and type the commands as follows. C:\> cd %windir%\system32 C:\>...
Configure Remote VPN, go to: Network >> VPN >>Remote VPN. AMG-2100/AMG-2101 support Remote VPN for user login to system from remote area. After the user is login to system from the outside network of WAN, the user will feel that it is look like login to AMG-2100/AMG-2101 under the service zone locally.
AMG-2100/AMG-2101 support Site-to-Site VPN for more than 2 AMG-2100/AMG-2101 create VPN tunnel to each other over the WAN network. For example, if there are 2 AMG-2100/AMG-2101, you can create a VPN tunnel to let a subnet of one AMG-2100/AMG-2101 to access the subnet of another AMG-2100/AMG-2101.
Page 170
Gigabit Access and AP Management Gateway Plus And then create a Local Site with subnet for mapping to the remote site. Such as “192.168.11.0/24” of AMG-2100/AMG-2101_A >> “192.168.111.0/24” of AMG-2100/AMG-2101_B, after the tunnel is created, the users within these two subnets can reach each other. Caution: You can create more than one VPN tunnel, but the IP segment mapping can not be overlap that same IP segment has more than one routing rule.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 12. Customization of Portal Pages 12.1 Customizable Pages Configure Customizable Pages, go to: System >> Service Zones. There are several users’ login and logout pages for each service zone that can be customized by administrators.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 12.2 Loading a Customized Login Page The administrator can use the default login page or get the customized login page by setting the template page, uploading the page or downloading from a designated website.
Page 173
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Custom Pages >> Login Page >> Uploaded Page Choose Uploaded Page and upload a login page. The user-defined login page must include the following HTML codes to provide the necessary fields...
Page 174
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus And if the user-defined login page includes an image file, the image file path in the HTML code must be the image file to be uploaded.
Page 175
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Custom Pages >> Login Pages >> External Page Choose the External Page selection and get the login page from a designated website. In the External Page Setting, enter the URL of the external login page and then click Apply.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 12.3 Load a Customized Logout Page Custom Pages >> Logout Page The administrator can apply their own logout page in the menu. As the process is similar to that of the Login Page, please refer to the “Login Page >>...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 13. Payment Gateways 13.1 Payments via Authorize.Net Configure Payments via Authorize.Net, go to: Users >> Authentication >> On-demand>> External Payment Gateway>> Authorize.Net. Before setting up “Authorize.Net”, it is required that the merchant owners have a valid Authorize.Net account.
Page 178
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Service Disclaimer Content/ Choose Billing Plan for Authorize.Net Payment Page/Client’s Purchasing Record Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer.
Page 179
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content Authorize.Net Payment Page Fields Configuration Item: Check the box to show this item on the customer’s payment interface.
Page 180
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus of the card). E-mail: An email address may be provided along with the billing information of a transaction. This is the customer’s email address and should contain an @ symbol.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 13.2 Payments via PayPal Configure Payments via PayPal, go to: User >> Authentication >> On-demand>> External Payment Gateway>> PayPal. Before setting up “PayPal”, it is required that the hotspot owners have a valid PayPal “Business Account”.
Page 182
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Service Disclaimer Content / Billing Configuration for Payment Page Service Disclaimer Content: View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here.
Page 183
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus PayPal Payment Page Remark Content: The message content will be displayed as a special notice to end customers in the page of “Rate Plan”. For example, it can describe the...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 13.3 Payments via SecurePay Configure Payments via SecurePay, go to: Users >> Authentication >> On-demand>> External Payment Gateway >> SecurePay. Before setting up “SecurePay”, it is required that the hotspot owners have a valid SecurePay...
Page 185
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Payment Page Configuration Merchant ID: The ID that is associated with the Business Account. Password: This is the key used by Secure Pay to validate all the transactions.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 13.4 Payments via World Pay Configure Payments via WorldPay, go to: Users >> Authentication >> On-demand User >> External Payment Gateway >> WorldPay.
Page 187
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled. SecurePay Payment Page Remark Content The message content will be displayed as a special notice to end customers.
Page 188
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus STEP ⑥ . Check the Enable the Shopper Response. STEP ⑦ . Select the Save Changes button STEP ⑧ . Input Installation ID and Payment Gateway URL in gateway UI.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 14. Additional Applications 14.1 Upload / Download Local Users Accounts Configure Upload / Download Local Users Accounts, go to: Users >> Authentication >> Local-Server1~4 >> Configure >> Local User List.
Page 190
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus...
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 14.2 Backup and Restore On-demand Users Accounts Configure Backup / Restore On-demand Users Accounts, go to: Users >> Authentication >> On-demand User >> On-demand Account List.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 14.3 POP3 login with complete name format Configure POP3 login with complete name format, go to: Users >> Authentication >> POP3-Server1~4 >> Configure.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 14.4 RADIUS Advance settings Configure RADIUS Advance settings, go to: Users >> Authentication >> RADIUS-Server1~4 >> Configure. Complete Name vs. Only ID For RADIUS authentication, there have an option to send the complete username with postfix or username only.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 14.5 LDAP Advance settings - Attribute-Group Mapping Configure LDAP - Attribute-Group Mapping, go to: Users >> Authentication>> LDAP-Server1~4 >> Configure. This function is to assign a Group to a LDAP attribute sent from the LDAP server. When the clients classified by LDAP attributes log into the system via the LDAP server, each client will be mapped to its assigned Group.
Domain first, and then they will be assigned the access right in this domain. On the other hand, user also need to login to AMG-2100/AMG-2101 to get the network access right. So user must login twice for network access right and domain resource access right.
Configure Roaming Out, go to: Users >> Authentication >> Local-Server1~4 >> Configure >> Local User List >> Roaming Out & 802.1X Client Device Settings. In sometime, AMG-2100/AMG-2101 can act as a RADIUS server for Roaming Out from other system. The Local User database will act as the RADIUS user database.
NAT with a selective but fixed WAN interface. In this example, client extension #301 is trying to call #303. AMG-2100/AMG-2101 asks an external trusted SIP registrar to verify both identities. After SIP registrar responds with a YES, call is established through AMG-2100/AMG-2101.
Page 198
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus SIP: SIP authentication supports 4 Trusted SIP Registrar. IP Address: The IP address of the Trusted SIP Registrar. Remark: The administrator can enter extra information in this field for remark.
Gigabit Access and AP Management Gateway Plus Appendix A. Network Configuration on PC & User Login Network Configuration on PC After AMG-2100/AMG-2101 is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup. Internet Connection Setup Windows 9x/2000 1) Choose Start >>...
Page 200
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3) Choose “I want to set up my Internet connection manually, or I want to connect through a local Area network (LAN)”, and then click Next.
Page 201
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 6) Choose “No” and then click Next 7) Finally, click Finish to exit the Internet Connection Wizard. Now, the set up is completed.
Page 202
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 2) Choose the Connections tab, and then click Setup. 3) When Welcome Connection Wizard window appears, click Next. 4) Choose “Connect to the Internet” and...
Page 203
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5) Choose “Set connection manually” and then click Next. 6) Choose “Connect using a broadband connection that is always on” and then click Next.
Page 204
With the factory default settings, during the process of starting the system, AMG-2100/AMG-2101 with DHCP function will automatically assign an appropriate IP address and related information for each PC. If the Windows operating system is not a server version, the default settings of the TCP/IP will regard the PC as a DHCP client, and this function is called “Obtain an IP address automatically”.
Page 205
4) Using Specific IP Address: If you want to use a specific IP address, acquire the following information from the network administrator: the IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of AMG-2100/AMG-2101. Caution: If your PC has been set up completely, please inform the network administrator before proceeding to the following steps.
Page 206
Gigabit Access and AP Management Gateway Plus 4.2) Click on the Gateway tab. Enter the gateway address of AMG-2100/AMG-2101 in the “New gateway” field and click Add. Then, click 4.3) Click on DNS Configuration tab. If the DNS Server field is empty, select “Enable DNS”...
Page 207
DHCP or a specific IP address. 4) Using DHCP: If you want to use DHCP, choose “Obtain address automatically”, and then click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from AMG-2100/AMG-2101.
Page 208
5) Using Specific IP Address: If you want to use a specific IP address, acquire the following information from the network administrator: the IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of AMG-2100/AMG-2101. If your PC has been set up completely, please inform the network administrator before proceeding to the following steps.
Page 209
Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 5.4) Enter the gateway address of AMG-2100/AMG-2101 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to complete the configuration.
Page 210
IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of AMG-2100/AMG-2101. Caution: If your PC has been set up completely, please inform the network administrator before proceeding to...
Page 211
5.3) Click on the IP Settings tab and click Add below the “Default gateways” column TCP/IP Gateway Address window will appear. 5.4) Enter the gateway address of AMG-2100/AMG-2101 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to finish the configuration.
Appendix B. Policy Priority (Global Policy, Service Zone Policy, Authentication Policy and User Policy) AMG-2100/AMG-2101 supports multiple Policies, including one Global Policy and 24 individual Policy can be assign to different Group. Global Policy is the system’s universal policy and applied to all clients, while other individual Policy can be selected and defined to be applied to any Service Zone.
If you are using 3 party AP, you can use Monitor IP function to monitor the AP connection status. Because AMG-2100/AMG-2101 can not manage these APs, Monitor IP is a better way to monitor the AP connection status. AMG-2100/AMG-2101 will send out a packet periodically to monitor the connection status of the IP addresses on the list.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Appendix D. RADIUS Accounting This section is trying to organize the basic configuration with RADIUS server to work with VSA. The aim is trying to control the maximum usage (upload; download or upload + download traffic) of clients in each session.
Page 215
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus If the amount of traffic is larger than 4 GB, then the attribute of “XXXX-4GB” is for the carry. For example, if the amount is 5 GB, you must set “None-Byte-Amount = 1048576” and “None-Byte-Amount-4GB = 1”.
Page 216
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 2.3. Step 3 Edit Profile Select the Advanced Tag Add a new attribute Add a new Vendor-specific attribute...
Page 217
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 2.4. Step 4 Add a new attribute under Vendor-specific Set “Vendor Code = 22426” Set it conforms to the RADIUS RFC Configure Attribute Set “Vendor-assigned attribute number = 10”...
Page 218
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 2.5. Step 5 Confirm the Vendor-specific Attribute has been added success 2.6. Step 6 Follow the same steps to create other Vendor-specific Attribute as you need.
Page 219
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3. VSA configuration in RADIUS server (FreeRADIUS) This section will guide you through a VSA configuration using the operating system “Fedora” FreeRADIUS version 1.0.5. Before getting start, open the shell of RADIUS server, for example, use Putty to access the Linux Host: 3.1.
Page 220
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.3. Step 3 Create a file “dictionary.none” under the “freeradius” folder. 3.4. Step 4 Edit and save the content of the file “dictionary.none” as the following: Administrator also can add other attributes as the table stated in Section 2 with same format.
Page 221
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3.7. Step 7 Open the “radius” database. 3.8. Step 8 Insert VSA into RADIUS respond. In this example, the maximum download and upload in bytes for group03 users is 1MBytes.
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Appendix E. Net Retriever and Port Mapping This section is trying to introduce the configuration of Net Retriever with VLAN Port Mapping. Net Retriever is a "middleware"...
Page 223
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Secret: The secret key between Guest Service Device and Net Retriever for challenge and response (MD5 Hash) to test the link. It should contain one or more lowercase letters, uppercase letters, numbers and symbols.
Page 224
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus Now, let us begin to configure the Port Mapping. There are three main group of setting: Create Batch, Change All Room State and Create One.
Page 225
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus After you had created the VLAN Tag and Room number mapping, you can change all of the Room State in the same Service Zone.
Page 226
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 3. Check or modify the VLAN Port (Room) Mapping If you want to check the room mapping information or you want to change any setting of the room mapping.
Page 227
User’s Manual AMG-2100 Gigabit Access and AP Management Gateway/ AMG-2101 Gigabit Access and AP Management Gateway Plus 4. View the Event Login After all of the configuration has completed. User may try to login from the “Charge” room. Connect the user’s notebook (laptop) to the Ethernet port of this room. Enable DHCP client in this notebook (laptop).