LevelOne WHG-1000 User Manual
  1. Manuals
  2. Brands
  3. LevelOne Manuals
  4. Gateway
  5. WHG-1000
  6. User manual
LevelOne WHG-1000 User Manual

LevelOne WHG-1000 User Manual

300mbps wireless poe hotspot gateway
Hide thumbs Also See for WHG-1000:
Table of Contents

Advertisement

Quick Links

Download this manual
LevelOne
WHG-1000
300Mbps Wireless PoE Hotspot Gateway

User Manual

V1.00
i

Advertisement

Table of Contents
loading

Related Manuals for LevelOne WHG-1000

Summary of Contents for LevelOne WHG-1000

  • Page 1: User Manual

    LevelOne WHG-1000 300Mbps Wireless PoE Hotspot Gateway User Manual V1.00...

  • Page 2: Table Of Contents

    Hardware Descriptions ........................5 System Requirement ........................9 Installation Steps ..........................9 Access Web Management Interface ..................11 Combine WHG-1000 to the Network ............13 Network Requirement ........................13 Configure WAN Port ........................13 3.2.1 Static IP ..............................14 3.2.2 Dynamic ..............................14 3.2.3 PPPoE ................................
  • Page 3 MAC Address Control ........................49 Policy ..............................50 6.3.1 Firewall ..............................52 6.3.2 Routing ..............................55 6.3.3 Schedule ............................. 57 6.3.4 QoS Profile ............................58 6.3.5 Session Limit ............................. 59 Access Network without Authentication ............ 60 DMZ ..............................60 Virtual Server ........................... 61 Privilege List .............................
  • Page 4 10.10.3 Trace Route ............................89 10.10.4 Show ARP Table ..........................89 10.11 Monitor IP Link ..........................90 10.12 Console Interface ........................91 System Status and Reports ................94 11.1 View the Status .......................... 94 11.1.1 System Status ............................94 11.1.2 Interface Status ............................ 96 11.1.3 Routing Table ............................

  • Page 5: Before You Start

    This manual is for WLAN service providers or network administrators to set up a network environment using the WHG-1000 system. It contains step-by-step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation.

  • Page 6: Package Checklist

    User‟s Manual WHG-1000 Wireless Hotspot Gateway ENGLISH 1.3 Package Checklist The standard package of WHG-1000 includes: WHG-1000 x 1  CD-ROM (with User‟s Manual and QIG) x 1  Quick Installation Guide (QIG) x 1  Console Cable x 1 ...

  • Page 7: System Overview And Getting Started

    This is very useful for hotspot owners seeking to deploy wireless network service for clients and manage the network as well. The following diagram is an example of WHG-1000 set to manage the Internet and network access services at a hotspot venue.
  • Page 8 User‟s Manual WHG-1000 Wireless Hotspot Gateway ENGLISH 【Example: A typical Hotspot network】...

  • Page 9: Hardware Descriptions

    2.3 Hardware Descriptions Front Panel For future usage only. Press to start running WES (WDS Easy Setup) process. Console Attach the RS-232 console cable here, for management use only. LAN1/LAN2 Attach Ethernet cables here for connecting to the wired local network. LAN1 maps to Private Zone and requires no user authentication, LAN2 maps to Public Zone and by default requires user authentication.
  • Page 10 Antenna Connector Attach antennas here. WHG-1000 supports 1 RF interface with 2 SMA connectors.
  • Page 11 Top LED Panel LED ON indicates power on; OFF indicates power off. LED ON indicates WAN connection; OFF indicates no connection; BLINKING indicates transmitting data. LED ON indicates LAN1/LAN2 connection; OFF indicates no connection; BLINKING indicates transmitting data. LED ON indicates wireless ready. LED ON indicates WAN port is connected to the internet.
  • Page 12 For future usage only.

  • Page 13: System Requirement

    3. Connect WHG-1000 to your network device. Connect one end of the Ethernet cable to the LAN1 port of WHG-1000 on the front panel. Connect the other end of the cable to a PC for configuring the system. The LAN1 LED indicator should be ON to indicate a proper connection.
  • Page 14 Caution: Please only use the power adapter supplied with the WHG-1000 package. Using a different power adapter may damage this system. Caution: To double verify the wired connection between WHG-1000 and your switch/router/hub, please check the LED status indication of these network devices.

  • Page 15: Access Web Management Interface

    IP address is the default gateway IP address of Private Zone: “192.168.1.254”. Next, enter the gateway IP address of WHG-1000 at the address field. The default gateway IP address from LAN Port is“https://192.168.1.254” (“https” is used for a secured connection).
  • Page 16 For the first time, if WHG-1000 is not using a trusted SSL certificate, there will be a “Certificate Error”, because the browser treats WHG-1000 as an illegal website. Please press “Continue to this website” to continue. Caution: If you can’t get the login screen, the reasons may be: (1) The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the LAN port;...

  • Page 17: Combine Whg-1000 To The Network

    Combine WHG-1000 to the Network 3.1 Network Requirement In the general network environment, the main role of WHG-1000 is a gateway that manages all the network access from internal network to Internet. Thus, the first step is to prepare an Internet connection from your ISP (Internet Service Provider) and connect it to the WAN port of WHG-1000.

  • Page 18: Static Ip

    3.2.1 Static IP Static: Manually specifying the IP address of the WAN Port. The fields with red asterisks are mandatory. IP Address: The IP address of the WAN port.  Subnet Mask: The subnet mask of the WAN port.  Default Gateway: The gateway of the WAN port.

  • Page 20: Internet Connection Detection

    3.3 Internet Connection Detection Configure Internet Connection Detection, go to: System >> WAN Traffic. Internet Connection Detection: When enabled, system will try to access these IP/Domain  addresses, if system can reach these IP/Domain address, it means that the outbound Internet connection is in normal state.

  • Page 21: Wan Bandwidth Control

    3.4 WAN Bandwidth Control Configure WAN Bandwidth Control, go to: System >> WAN Traffic. The feature gives administrators control over the entire system‟s traffic though the WAN interface. These parameters set here should not exceed the real bandwidth coming from your ISP. For example, if your xDSL is 8Mbs/640kbs, you may input these two values here.

  • Page 22: What Is Zone

    Zone, such as authentication, security feature, wireless encryption method, traffic control, and etc. There are two Zones that can be utilized by WHG-1000 – Private Zone and Public Zone, as shown in the table below. Private Zone means clients are not required to be authenticated before using the network service.

  • Page 23: Port Role Assignment

    3.5.1 Port Role Assignment WHG-1000 supports two zones, Private and Public. In the Private Zone, authentication is not required to access the network via wired and wireless. In the Public Zone, by default, Authentication Required is enabled by default, so clients are required to get authenticated successfully before surfing the Internet.

  • Page 24: Planning Your Internet Network

    3.5.2 Planning Your Internet Network WHG-1000 supports two zones, Private and Public. In the Private Zone, authentication is not required to access the network via wired and wireless. In Public Zone, by default Authentication Required is enabled, so clients are required to get authenticated successfully before surfing the Internet.

  • Page 25: Configure Zone Network

    Note: please change the Management IP Address List accordingly (at System >> General >> Management IP Address List) to permit the administrator to access the WHG-1000 admin page after the default IP address of the network interface is changed. Preferred DNS Server: The primary DNS server that is used by this Zone.
  • Page 26 Alternate DNS Server: The substitute DNS server that is used by this Zone. Domain Name: Enter the domain name for this zone. WINS Server: The IP address of the WINS (Windows Internet Naming Service) server if WINS server is applicable to this zone. Lease Time: This is the time period that the IP addresses issued from the DHCP server are valid and available.

  • Page 27: Let Your Network To Be A Wireless Network

    Let Your Network to Be a Wireless Network 4.1 System Wireless General Settings Configure System‟s Wireless General Settings, go to: System >> Zone Configuration. Wireless General Settings: Band: There are 4 modes to select, 802.11b (2.4G, 1~11Mbps), 802.11g (2.4G, 54Mbps), ...

  • Page 29: Zone Wireless Settings

    4.2 Zone Wireless Settings Each zone has its own VAP and corresponds to one SSID. In Private zone, it‟s VAP1 and the SSID is hidden, so public users cannot scan this SSID in the air, for privilege users who already know this SSID, they can manually associate to the SSID of Private zone.
  • Page 30 Fragment Threshold: Enter a value between 256 and 2346. The default is 2346. A packet size larger than this threshold will be fragmented (sent with several pieces instead of one chunk) before transmission. A smaller value results in smaller frames but allows a larger number of frames in transmission.
  • Page 31 will be sent from the VAP. RTS Threshold: Enter a value between 1 and 2346. RTS (Request to Send) Threshold determines the packet size at which the system issues a request to send (RTS) before sending the frame to prevent the hidden node problem. The RTS mechanism will be activated if the data size exceeds the value provided.

  • Page 32: Zone Wireless Security

    4.3 Zone Wireless Security Configure Zone Wireless Security, go to: System >> Zone Configuration, click Configure of Private zone or click Configure of Public zone. After the above configurations are finish, setup the wireless security is very important to protect your wireless network.
  • Page 33 802.1X:  Dynamic WEP: For 802.1X security type, Dynamic WEP is always enabled to  automatically generate WEP keys for encryption. WEP Key Length: Select from 64-bit or 128-bit key length.  Re-keying Period: The time interval for the dynamic WEP key to be updated; the time ...

  • Page 34: Who Can Access The Network

    LOCAL database while the other two servers uses external RADIUS database. In addition, another server called On-demand can be configured for temporary user authentication. Auth Database: There are four different authentication options in WHG-1000 that uses ...

  • Page 35: Local

    5.1.1 Local Click the button Configure of Local for further configuration. Local User List: It let the administrator to view, add or delete local user account. The Upload  User button is for importing a list of user account from a text file. The Download User button is for exporting all local user accounts into a text file.
  • Page 36 Search: Enter a keyword of a username or remark to be searched in the text filed and click this  button to perform the search. All usernames matching the keyword will be listed. Del All: Click on this button to delete all the users at once or click on Delete hyperlink to ...
  • Page 37 Edit User: If editing the content of individual user account is needed, click the username of the  desired user account in Local User List to enter the User Profile Interface for that particular user, and then modify or add any desired information such as Username, Password, MAC Address (optional), Applied Policy (optional) and Remark (optional).

  • Page 38: Radius

    5.1.2 RADIUS There are two RADIUS authentication database for configuration. Click the button Configure of any one of RADIUS servers for further configuration. The RADIUS server sets the external authentication for user accounts. Enter the information for the primary server and/or the secondary server (the secondary server is not mandatory).
  • Page 39 NAS Port Type: Indicates the type of physical port the network access server is using to  authenticate the user. System will send this value to the external RADIUS server, if the external RADIUS server needs this. Class-Policy Mapping: This function is to assign a Policy to a RADIUS class attribute sent ...

  • Page 40: On-Demand Users

    5.1.3 On-Demand Users On-demand User Server Configuration: The administrator can configure this authentication method to create on-demand user accounts. This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment. Major functions include accounts creation, users monitoring list, billing plan and external payment gateway support.
  • Page 41 Receipt Header: There are 3 receipt headers supported by the system. The entered content  will be printed on the receipt. These headers are optional. Receipt Footer: There are 3 receipt footers supported by the system. The entered content will ...
  • Page 42 Plan: The number of the specific plan.  Type: This is the type of the plan, based on which it defines how the account can be used  including Usage-time, Volume, Hotel Cut-off and Duration-time. Quota: The limit on how On-demand users are allowed to access the network. ...
  • Page 43 On-demand Account Creation After at least one billing plan is enabled, the administrator can generate single on-demand user accounts here. Click this to enter the On-demand Account Creation page. Click on the Create button of the desired plan to create an on-demand account. The username and password of to be created on-demand account is configurable.
  • Page 44 network. For Time users, it is the total time. For Volume users, it is the total amount of traffic. Price: For each plan, this is the unit price charged for an account.  Status: Show the status in enabled or disabled. ...
  • Page 45 Plan: The number of a specific plan.  Account Type: Show account type of the plan in Usage-time, Duration-time or Hotel Cut-off.  Quota: The total time amount, interval or traffic volume on how On-demand users are allowed  to access the network. Price: For each plan, this is the unit price charged for an account.
  • Page 46 Status: The status of the account.  Normal: the account is not currently in use and has not exceed the quota limit. Online: the account is currently in use. Expired: the account is not valid any more, even if there is remaining quota left. Out of Quota: the account has exceeded the quota limit.
  • Page 47 Note: Duration-time and Hotel Cut-off type do not support redeem function.

  • Page 48: User Login

    5.2 User Login 5.2.1 Default Authentication There are different types of authentication database (LOCAL, RADIUS and ONDEMAND) that are supported by the system. Only Public Zone can set authentication. A postfix is used to inform the system which authentication option to be used for authenticating an account (e.g.

  • Page 49: An Example Of User Login

    1. Open an Internet browser and try to connect to any website (in this example, we try to connect to www.google.com). For the first time, if the WHG-1000 is not using a trusted SSL certificate, there will be a “Certificate Error”, because the browser treats WHG-1000 as an illegal website.
  • Page 50 3. Successful! The Login Success Page means you are connected to the network and Internet now!

  • Page 51: Restrain The Users

    Restrain the Users 6.1 Black List Configure Black List, go to: Users >> Black List. The administrator can add, delete, or edit the black list for user access control. Users‟ accounts that appear in the black list will be denied of network access. The administrator can use the pull-down menu to select the desired black list.
  • Page 52 After entering the usernames in the “Username” field and the related information in the “Remark” blank (not required), click Apply to add the users. If removing a user from the black list is desired, select the user‟s “Delete” check box and then click the Delete button to remove that user from the black list.

  • Page 53: Mac Address Control

    MAC ACL: With this function, only the users with their MAC addresses in this list can login to WHG-1000. There are 40 users maximum allowed in this MAC address list. User authentication is still required for these users. Click Edit to enter the MAC Address Control list. Fill in these MAC addresses, select Enable, and then click Apply.

  • Page 54: Policy

    6.3 Policy Configure Policy, go to: Users >> Policy. WHG-1000 supports multiple Policies, including one Global Policy and 5 individual Policy. Global Policy is the system‟s universal policy and applied to all clients unless they are bounded by another policy. Individual Policy can be defined and applied to different authentication server. The client login with this authentication server will be bound by the corresponding Policy, if for a authentication server no policy is applied, it‟s users will be governed by the Global Policy.
  • Page 55 Select Policy: Select the desired policy profile to configure.  Firewall Profile: Each Policy has a firewall service list and a set of firewall profile consisting of  firewall rules. Specific Route Profile: The default gateway of a desired IP address can be defined in a policy. ...

  • Page 56: Firewall

    6.3.1 Firewall Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. 1) Predefined Protocols Predefined and Custom Service Protocols: There are predefined service protocols available for firewall rules editing.
  • Page 57 If the Protocol Type is ICMP, it will need to define Type and Code. If the Protocol Type is IP, it will need to define Protocol Number. 2) Firewall Rules After the custom protocol is defined or just use the Predefined Service Protocols, you will need to enable the Firewall Rule to apply these protocols.
  • Page 58 Selecting the Filter Rule Number 1 as an example: Rule Number: This is the rule selected “1”. Rule No. 1 has the highest priority; rule No. 2 has the second priority, and so on. Rule Name: The rule name can be changed here. Source/Destination –...

  • Page 59: Routing

    6.3.2 Routing  Specific Route Profile: Click the button of Setting for Specific Route Profile, the Specific Route Profile list will appear. 1) Specific Route  Specific Route Profile: The Specific Default Route is use to control clients to access some specific IP segment by the specified gateway.
  • Page 60 2) Default Gateway  Default Gateway: The default gateway of a desired IP address can be defined in each Policy except Global Policy. When Specific Default Route is enabled, all clients applied with this Policy will access the Internet through this default gateway. Enable: Check Enable box to activate this function or uncheck to inactivate it.

  • Page 61: Schedule

    6.3.3 Schedule  Schedule Profile: Click Setting of Schedule Profile to enter the configuration page. Select Enable to show the Permitted Login Hours list. This function is used to limit the time when clients can log in. Check the desired time slots checkbox and click Apply to save the settings. These settings will become effective immediately after clicking Apply.

  • Page 62: Qos Profile

    6.3.4 QoS Profile For certain applications or users that need stable bandwidth or traffic priority, Policy 1 to 5 allows defining the QoS profile for the users governed by this Policy. Traffic Class: A Traffic Class can be chosen for a Group of users. There are four traffic classes: ...

  • Page 63: Session Limit

    6.3.5 Session Limit To prevent ill-behaved clients or malicious software from taking up the system‟s connection resources, the administrator can restrict the number of concurrent sessions that a user can establish. The maximum number of concurrent sessions including TCP and UDP for each user can be ...

  • Page 64: Access Network Without Authentication

    Access Network without Authentication 7.1 DMZ Configure DMZ, go to: Network >> Network Address Translation >> DMZ (Demilitarized Zone). There are 20 sets of static Internal IP Address and External IP Address available. Enter Internal and External IP Address as a set. After the setup, accessing the External IP address listed in DMZ will be mapped to accessing the corresponding Internal IP Address.

  • Page 65: Virtual Server

    7.2 Virtual Server Configure Virtual Server, go to: Network >> Network Address Translation >> Public Accessible Server. This function allows the administrator to set 20 virtual servers at most, so that client devices outside the managed network can access these servers within the managed network. Different virtual servers can be configured for different sets of physical services, such as TCP and UDP services in general.

  • Page 66: Privilege List

    7.3 Privilege List Configure Privilege List, go to: Network >> Privilege Setup the Privilege IP Address List and Privilege MAC Address List. The clients accessing the internet via IP addresses and/or networking devices in the list can access the network without any authentication.

  • Page 67: Privilege Ip

    IP addresses of these workstations in the “Granted Access by IP Address”. The “Remark” field is not necessary but is useful to keep track. WHG-1000 allows 100 privilege IP addresses at most. These settings will become effective immediately after clicking Apply.

  • Page 68: Privilege Mac

    “Granted Access by MAC Address”. WHG-1000 allows 100 privilege MAC addresses at most. When manually creating the list, enter the MAC address (the format is xx:xx:xx:xx:xx:xx) as well as the remark (not necessary).

  • Page 69: Disable Authentication In Public Zone

    7.4 Disable Authentication in Public Zone Configure Disable Authentication in Public Zone, go to: System >> Zones Configuration, click Configure in Public Zone. Authentication Required For the Zone: When it is disabled, users will not need to  authenticate before they get access to the network within Public Zone.

  • Page 70: User Login And Logout

    User Login and Logout 8.1 Before User Login 8.1.1 Login with SSL Configure HTTPS, go to: System >> General. HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sub-layer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server.

  • Page 71: Internal Domain Name With Certificate

    Configure Internal Domain Name, go to: System >> General. Internal Domain Name is the domain name of the WHG-1000 as seen on client machines connected under zone. It must conform to FQDN (Fully-Qualified Domain Name) standard. A user on client machine can use this domain name to access WHG-1000 instead of its IP address.
  • Page 72 Click “Continue to this website” to access the user login page. Use Default Certificate: Click Use Default Certificate to use the default certificate and key. Click restart to validate the changes.

  • Page 73: Walled Garden

    8.1.3 Walled Garden Configure Walled Garden, go to: Network >> Walled Garden. This function provides certain free services for users to access the websites listed here before login and authentication. Up to 20 addresses or domain names of the websites can be defined in this list. Users without the network access right can still have a chance to experience the actual network service free of charge.

  • Page 74: Walled Garden Ad List

    8.1.4 Walled Garden AD List Configure Walled Garden AD List, go to: Network >> Walled Garden AD List. This function provides advertisement links to web pages for users to access free of charge before login and authentication. Advertisement hyperlinks are displayed on the user‟s login page. Clients who click on it will be redirected to the listed advertisement websites.

  • Page 75: After User Login

    8.2 After User Login 8.2.1 Portal URL after successful login Configure Portal URL after a successful user login, go to: System >> General. When this function is enabled, enter the URL of a Web server as the Portal page. Once logged in successfully, users will be directed to this URL, such as http://www.google.com, regardless of the original homepage set in their browsers.

  • Page 76: Idle Timer

    8.2.2 Idle Timer Configure Idle Timer, go to: Users >> Additional Control. If a user has idled with no network activities, the system will automatically kick out the user. The logout timer can be set between 1~1440 minutes, and the default idle time is 10 minutes.

  • Page 77: Multiple Login

    8.2.3 Multiple Login Configure Multiple Login, go to: Users >> Additional Control. When enabled, a user can log in from different computers with the same account. (This function doesn‟t support On-demand users and RADIUS authentication.)

  • Page 78: Networking Features Of A Gateway

    9.1 IP Plug and Play Configure IP Plug and Play, go to: Network >> Client Mobility. WHG-1000 supports IP PNP function. User can login and access network with any IP address setting. This function is disabled in default settings. When IP PNP is enabled, at the user end, a static IP address can be used to connect to the system.

  • Page 79: Dynamic Domain Name Service (Ddns)

    Before activating this function, you must have your Dynamic DNS hostname registered with a Dynamic DNS provider. WHG-1000 supports DNS function to alias the dynamic IP address for the WAN port to a static domain name, allowing the administrator to easily access WHG-1000‟s WAN. If the dynamic DHCP is activated at the WAN port, it will update the IP address of the DNS server periodically.

  • Page 80: Port And Ip Redirect

    9.3 Port and IP Redirect Configure Port and IP Redirect, go to: Network >> NAT >> Port and IP Redirect. This function allows the administrator to set 40 sets of the IP addresses at most for redirection purpose. When the user attempts to connect to a destination IP address listed here, the connection packet will be converted and redirected to the corresponding destination.

  • Page 81: System Management And Utilities

    10 System Management and Utilities 10.1 System Time Configure System Time, go to: System >> General. NTP (Network Time Protocol) communication protocol can be used to synchronize the system time with remote time server. Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically (Universal Time is Greenwich Mean Time, GMT).

  • Page 82: Management Ip

    10.2 Management IP Configure Management IP, go to: System >> General. Only PCs within the Management IP range on the list are allowed to access the system's web management interface. For example, 10.2.3.0/24 means that as long as an administrator is using a computer with the IP address range of 10.2.3.0/24, he or she can access the web management page.

  • Page 83: User Log Access Ip Address

    Configure User Log Access IP History, go to: System >> General. Specify an IP address of the administrator‟s computer or a billing system to get billing history information of WHG-1000 with the predefined URLs. The file name format is “yyyy-mm-dd”. An example is provided as follows: Traffic History:https://10.2.3.213/status/history/2005-02-17...

  • Page 84: Snmp

    10.4 SNMP Configure SNMP, go to: System >> General. WHG-1000 supports SNMP v1/v2c. If this function is enabled, the SNMP Management IP and the Community string can be assigned for SNMP access to the system.

  • Page 85: Three-Level Administration

    10.5 Three-Level Administration WHG-1000 supports three kinds of account interface. You can log in as admin, manager or operator. The default usernames and passwords show as follows: Admin: The administrator can access all configuration pages of WHG-1000. Username: admin Password: admin After a successful login to WHG-1000, a web management interface with a Home manual will appear.
  • Page 86 Manager: The manager can only access the configuration pages under User Authentication to manage the user accounts. User Name: manager Password: manager Operator: The operator can only access the configuration page of Create On-demand User to create new on-demand user accounts and print out the on-demand user account receipts. User Name: operator Password: operator Note:...

  • Page 87: Change Password

    Configure Change Password, go to: Utilities >> Password Change. There are three levels of authorities: admin, manager or operator. The default usernames and passwords are as follows: Admin: The administrator can access all configuration pages of WHG-1000. User Name: admin Password: admin Manager: The manager can only access the configuration pages under User Authentication to manage the user accounts.
  • Page 88 Caution: If the administrator’s password is lost, the administrator’s password still can be changed through the text mode management interface via the serial console port.

  • Page 89: Backup / Restore And Reset To Factory

    Restore System Settings: Click Browse to search for a .db database backup file created by  WHG-1000 and click Restore to restore to the same settings at the time when the backup file was saved. Reset to Factory Default: Click Reset to load the factory default settings of WHG-1000.

  • Page 90: Firmware Upgrade

    10.8 Firmware Upgrade Configure Firmware Upgrade, go to: Utilities >> System Upgrade. The administrator can download the latest firmware from website and upgrade the system here. Select the latest firmware and Browse button, then click Apply, the system will upload the file and restart to perform the upgrade process.

  • Page 91: Restart

    Do NOT power off the power during system restart as this might damage the system. If the power needs to be turned off, it is highly recommended to restart WHG-1000 first and then turn off the power after completing the restart process.

  • Page 92: Network Utility

    10.10 Network Utility Configure Network Utility, go to: Utilities >> Network Utilities. System provide some network utilities to allow administrators to use. Wake-on-LAN is for waking up remote devices that supports Wake-on-LAN feature by entering the MAC address of the target device and then press Wake Up button. Ping is to see whether a destination host is reachable and alive by entering the destination host‟s domain name or IP address and then press Ping button.

  • Page 93: Trace Route

    10.10.3 Trace Route It allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name. 10.10.4 Show ARP Table It allows administrator to view the IP-to-Physical address translation tables used by address resolution protocol (ARP).

  • Page 94: Monitor Ip Link

    Configure Monitor IP Link, go to: Network >> Monitor IP. WHG-1000 will send out a packet periodically to monitor the connection status of the IP addresses on the list. On each monitored item with a WEB server running, administrators may add a link for the easy access by entering the IP, select the Protocol to http or https and then click Create.

  • Page 95: Console Interface

    Via the console port, administrators can enter the console interface for handling problems and situations occurred during operation. 1. In order to connect to the console port of WHG-1000, a console, modem cable and a terminal simulation program, such as the Hyper Terminal are needed.
  • Page 96 Display interface settings: It displays the information of each network interface setting  including the MAC address, IP address, and Netmask. Display the routing table: The internal routing table of the system is displayed, which  may help to confirm the Static Route settings. Display ARP table: The internal ARP table of the system is displayed.
  • Page 97 Although it does not require a username and password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore, we recommend you to immediately change the WHG-1000 Admin username and password after logging in the system for the first time. Reload factory default ...

  • Page 98: System Status And Reports

    11 System Status and Reports 11.1 View the Status This section includes System, Interface, Routing Table, Online Users, User Log and E-mail & SYSLOG to provide system status information and online user status. 11.1.1 System Status View System Status, go to: Status >> System. This section provides an overview of the system for the administrator.
  • Page 99 Description Item The present firmware version of WHG-1000 Firmware Version The system name. The default is WHG-1000 System Name Portal URL The page the users are directed to after initial login success. The IP address and port number of the external SYSLOG Server.

  • Page 100: Interface Status

    11.1.2 Interface Status View Interface Status, go to: Status >> Interface. This section provides an overview of the interface for the administrator including WAN, Zone Wireless General Settings, Zone - Private and Zone - Public.
  • Page 101 The description of the above-mentioned table is as follows: Description Item The MAC address of the WAN port. MAC Address The IP address of the WAN port. IP Address Subnet Mask The Subnet Mask of the WAN port. The total accumulated packets in/out through this WAN port since Packets Out/In the gateway boots up.

  • Page 102: Routing Table

    11.1.3 Routing Table View System Status, go to: Status >> Routing Table. All the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface. Policy 1~5: Shows the information of the individual Policy from 1 to 5. ...

  • Page 103: Current Users

    11.1.4 Current Users View Current Users, go to: Status >> Online Users. In this page, each online user‟s information including Username, IP Address, MAC Address, Pkts In, Bytes In, Pkts Out, Bytes Out, Idle and Kick Out will be shown. Administrators can force out a specific online user by clicking the hyperlink of Kick Out.

  • Page 104: User Log

    View User Log, go to: Status >> User Log. This page is used to check the traffic history of WHG-1000. The history of each day will be saved separately in the DRAM for at least 3 days (72 full hours). The system also keeps a cumulated record of the traffic data generated by each user in the last 2 calendar months.
  • Page 105 Expiration Time, and Remark, of on-demand user activities. Roaming Out User Log  Each line is a roaming out traffic history record consisting of 14 fields, Date, Type, Name, NSID, NASIP, NASPort, UserMAC, SessionID, SessionTime, Bytes in, Bytes Out, Pkts In, Pkts Out and Message, of user activities.

  • Page 106: Local User Monthly Network

    11.1.6 Local User Monthly Network View Local User Monthly Network Usage, go to: Status >> User Log. Monthly Network Usage of Local User  The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months.

  • Page 107: Notification

    Configure Notification, go to: Status >> E-mail & SYSLOG. WHG-1000 can automatically send the notification of Monitor IP Report, Users Log and Session Log to up to 3 particular e-mail addresses. A trial email is provided by the system for validation.

  • Page 108: E-Mail

    11.2.1 E-Mail Configure Notification, go to: Status >> E-mail & SYSLOG. Notification E-mail Settings:   Receiver Email Address (es): Up to 3 e-mail address can be set up to receive the notification. These are the receiver‟s e-mail addresses. There are four kinds of notification to selection -- Monitor IP Report, Users Log, On-demand Users Log and Session Log, and check which type of notification to be sent.

  • Page 109: Syslog

    11.2.2 SYSLOG SYSLOG Server Settings: There are 3 types of SYSLOG supported: System Log, On-demand  User Log, and Session Log. Enter the IP address and Port number to specify which and from where the report should be sent to. Note: When the number of a user‟s session (TCP and UDP) reaches the session limit specified in the policy, a record will be logged to this SYSLOG server.

  • Page 110: Ftp

    11.2.3 FTP FTP Server Settings:  FTP Server Settings  Session Log: Log each connection created by users and track the source IP/Port and destination IP/Port. Session Log will be sent to the FTP server automatically during every defined interval in Session Log email notification.

  • Page 111: Event Log

    11.2.4 Event Log Event Log: The Event Log provides the system activities records. The administrator can monitor the system status by checking this log. In the log, normally, each line represents an event record which includes these fields: Date/Time: The time & date when the event happened ...

  • Page 112: Advanced Applications

    12 Advanced Applications 12.1 Upload/Download Local Users Accounts To Upload / Download Local Users Accounts, go to: Users >> Authentication, click Configure button of Local. Or click Quick Links >> Local User Management from system Home page. Upload User: Click Upload User to enter the Upload User from File interface. Click the ...
  • Page 113 then save it on disk.

  • Page 114: Radius Advanced Settings

    12.2 RADIUS Advanced Settings Configure RADIUS Advanced Settings, go to: Users >> Authentication. Click Configure of RADIUS. Complete vs. Only ID  For RADIUS authentication, there is an option to send the complete username with postfix or username only. Username Format: When Complete option is checked, both the username and postfix will be transferred to the RADIUS server for authentication.

  • Page 115: Roaming Out

    Configure local user Roaming Out, go to: Users >> Authentication, click configure of Local. Under certain configurations, WHG-1000 can act as a RADIUS server for Roaming Out local user logged from other system. The Local User database will act as the RADIUS user database.

  • Page 116: Customizable

    12.4 Customizable Pages Configure Custom Pages, go to: System >> Zone Configuration, click Configure in Public zone. There are several user login and logout pages that can be customized by the administrator. You can select Template Page or External Page. Template Page: ...
  • Page 117 Page for client to login with username and password. External Page:  Choose the External Page option if you wish to use user pages located on a designated website. Click the button of Configure for each custom pages and enter the URL of its‟ corresponding external login page and then click Apply.

  • Page 118: Appendix A. Network Configuration On Pc & User Login

    Appendix A. Network Configuration on PC & User Login  Network Configuration on PC After WHG-1000 is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup. Internet Connection Setup  Windows 9x/2000 ...
  • Page 119 3) Choose “I want to set up my Internet connection manually, or I want to connect through a local Area network (LAN)”, and then click Next. 4) Choose “I connect through a local area network (LAN)” and then click Next. 5) DO NOT choose any option in the following LAN window for Internet configuration, and just click Next.
  • Page 120 6) Choose “No” and then click Next 7) Finally, click Finish to exit the Internet Connection Wizard. Now, the set up is completed. Windows XP  1) Choose Start >> Control Panel >> Internet Option.
  • Page 121 2) Choose the Connections tab, and then click Setup. 3) When the Welcome to the New Connection Wizard window appears, click Next. 4) Choose “Connect to the Internet” and then click Next.
  • Page 122 5) Choose “Set up my connection manually” and then click Next. 6) Choose “Connect using a broadband connection that is always on” and then click Next. 7) Finally, click Finish to exit the Connection Wizard. Now, the setup is completed.
  • Page 123 With the factory default settings, during the process of starting the system, WHG-1000 with DHCP function will automatically assign an appropriate IP address and related information for each PC. If the Windows operating system is not a server version, the default settings of the TCP/IP will regard the PC as a DHCP client, and this function is called “Obtain an IP address automatically”.
  • Page 124 4) Using Specific IP Address: If you want to use a specific IP address, acquire the following information from the network administrator: the IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG-1000. Caution: If your PC has been set up completely, please inform the network administrator before proceeding to the following steps.
  • Page 125 4.2) Click on the Gateway tab. Enter the gateway address of WHG-1000 in the “New gateway” field and click Add. Then, click OK. 4.3) Click on DNS Configuration tab. If the DNS Server field is empty, select “Enable DNS” and enter DNS Server address.
  • Page 126 4) Using DHCP: If you want to use DHCP, choose “Obtain an IP address automatically”, and then click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from WHG-1000.
  • Page 127 5) Using Specific IP Address: If you want to use a specific IP address, acquire the following information from the network administrator: the IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG-1000. Caution: If your PC has been set up completely, please inform the network administrator before proceeding to the following steps.
  • Page 128 5.4) Enter the gateway address of WHG-1000 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to complete the configuration. Check the TCP/IP Setup of Window XP  1) Select Start >> Control Panel >>...
  • Page 129 IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of WHG-1000. Caution: If your PC has been set up completely, please inform the network administrator before proceeding to...
  • Page 130 Add below the “Default gateways” column and the TCP/IP Gateway Address window will appear. 5.4) Enter the gateway address of WHG-1000 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to finish the configuration.

  • Page 131: Appendix B. Policy Priority

    Policy Priority  Global Policy, Authentication Policy and User Policy WHG-1000 supports multiple Policies, including one Global Policy and 5 individual Policy can be assign to different Authentication Server. Global Policy is the system‟s universal policy and applied to all clients, while other individual Policy can be selected and defined to be applied to any Authentication Server.

  • Page 132: Appendix C. Wds Management

    Appendix C. WDS Management The Public Zone of WHG-1000 supports up to 2 WDS links. WDS (Wireless Distribution System) is a function used to connect APs (Access Points) wirelessly to extend wireless coverage. The WDS management function of the system can help administrators to setup two WDS links.

  • Page 133: Appendix D. Radius Accounting

    RADIUS configuration; in this example; the Vendor ID is “21920”. “Attribute Number” and “Attribute Value” can then be designed to provide additional control over RADIUS. Attribute Name Attribute Attribute Value Number WHG-1000-Byte-Amount To be defined by administrator for different user group WHG-1000-MaxByteIn To be defined by administrator for different user group...
  • Page 134 If the amount of traffics is larger than 4 GB, the attributes of “XXXX-4GB” will be used. For example, if the amount is 5 GB, the following settings should be set: “WHG-1000-Byte-Amount = 1048576” and “WHG-1000-Byte-Amount-4GB = 1”. On the other hand, when the administrator fills in all attributes, the user will be kicked out from system if any condition is reached.
  • Page 135 Step 3 Click Edit Profile and select the Advanced Tag. Click Add to add a new Vendor-specific attribute.
  • Page 136 Step 4 Add a new attribute under Vendor-specific Set “Vendor Code = 21920”. Check Yes to conform to the RADIUS RFC. Click Configure Attribute to proceed. Set “Vendor-assigned attribute number = 10” Select “Attribute format = Hexadecimal” Set “Attribute Value = 1000000” Step 5 Confirm whether the Vendor-specific Attribute has been added successfully...
  • Page 137 Step 6 Follow the same steps to create other Vendor-specific Attribute if needed.
  • Page 138 Verify whether there are already users in RADIUS Server.  Verify whether there are already Groups and assigned users belonging to these Groups in RADIUS Server. Step 2 Log in the Linux host of the RADIUS server. Step 3 Create a file “dictionary.WHG-1000” under the “freeradius” folder.
  • Page 139 Step 4 Edit and save the contents of the file “dictionary.WHG-1000” as follows: Administrator can also add other attributes as the table stated in Section 2 with the same format. Step 5 Edit the file “dictionary” under the folder “freeradius”.
  • Page 140 Step 6 To include “dictionary.WHG-1000” in the dictionary of RADIUS server, insert it in an incremental position as follows. Step 7 Open the “radius” database. Step 8 Insert VSA into RADIUS response. In this example, the maximum download and upload traffics in...
  • Page 141 Step 9 Restart RADIUS daemon to get your settings activated.

  • Page 142: Appendix E. On-Demand Account Types & Billing Plan

    Appendix E. On-demand Account types & Billing Plan This section explains the parameters as well as the different account types provided when editing billing plans in On-demand authentication. Usage-time with Expiration Time: Can access internet as long as account valid with remaining quota (usable time).
  • Page 143 Usage-time with No Expiration Time: Can access internet as long as account has remaining quota (usable time). Need to activate the purchased account within a given time period by logging in for the first time. Ideal for short term usage. For example in coffee shops, airport terminals etc.
  • Page 145 Hotel Cut-off-time: Hotel Cut-off-time is the clock time (normally check-out time) at  which the on-demand account is cut off (made expired) by the system on the following day or many days later. On the account creation UI of this plan, operator can enter a Unit value which is the number of days to Cut-off-time according to customer stay time.
  • Page 146 Volume: Can access internet as long as account valid with remaining quota (traffic volume). Account expires when Valid Period has been used up or quota depleted. Ideal for small quantity applications such as sending/receiving mail, transferring a file etc. Count down of Valid Period is continuous regardless of logging in or out.
  • Page 147 Duration-time with Elapsed Time: Account activated upon the account creation time. Count down begins immediately after account created and is continuous regardless of logging in or out. Account expires once the Elapsed Time has been reached. Ideal for...
  • Page 148 providing internet service immediately after account creation throughout a specific period of time. Begin Time is the time that the account will be activated for use. It is set to account  creation time. Elapsed Time is the time interval for which the account is valid for internet access (xx ...
  • Page 149 plan to create ticket set to be Cut-off on 23:00. If an account of this kind is created after the Cut-off Time, the account will automatically expire. Begin Time is the time that the account will be activated for use. It is set to account ...
  • Page 150 period of time. For example during exhibition events or large conventions such as Computex where each registered participant will get an internet account valid from 8:00 AM Jun 1 to 5:00 PM Jun 5 created in batch like coupons. Begin Time is the time that the account will be activated for use, defined explicitly by ...

  • Page 151: Appendix F. External Payment Gateways

    Appendix F. External Payment Gateways This section is to show independent Hotspot owners how to configure related settings in order to accept payments via Authorize.net, PayPal, SecurePay or WorlPay, making the Hotspot an e-commerce environment for end users to pay for and obtain Internet access with credit cards. 1.
  • Page 152  Service Disclaimer Content/ Choose Billing Plan for Authorize.Net Payment Page/Client’s Purchasing Record Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer. Choose Billing Plan for Authorize.Net Payment Page These 10 plans are the plans configured in Billing Plans page, and all previously enabled plans can be further enabled or disabled here, as needed.
  • Page 153  Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content Authorize.Net Payment Page Fields Configuration Item: Check the box to show this item on the customer‟s payment interface. Displayed Text: Enter what needs to be shown for this field. Required: Check the box to indicate this item as a required field.
  • Page 154 E-mail: An email address may be provided along with the billing information of a transaction. This is the customer‟s email address and should contain an @ symbol. Customer ID: This is an internal identifier for a customer that may be associated with the billing information of a transaction.

  • Page 155: Payments Via Paypal

    2. Payments via PayPal Configure Payments via PayPal, go to: User >> Authentication >> On-demand User >> External Payment Gateway >> PayPal. Before setting up “PayPal”, it is required that the hotspot owners have a valid PayPal “Business Account”. After opening a PayPal Business Account, the hotspot owners should find the “Identity Token” of this PayPal account to continue “PayPal Payment Page Configuration”.
  • Page 156  Service Disclaimer Content / Choose Billing Plan for PayPal Payment Page Service Disclaimer Content: View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here. Choose Billing Plan for PayPal Payment Page: These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled.

  • Page 157: Payments Via Securepay

    3. Payments via SecurePay Configure Payments via SecurePay, go to: Users >> Authentication >> On-demand User>> External Payment Gateway >> SecurePay. Before setting up “SecurePay”, it is required that the hotspot owners have a valid SecurePay “Merchant Account” from its official website.
  • Page 158  SecurePay Page Configuration Merchant ID: The ID that is associated with the Merchant Account. Merchant Password: This is the key used by Secure Pay to validate all the transactions. Payment Gateway URL: The default website address to post all transaction data. Verify SSL Certificate: This is to help protect the system from accessing a website other than Secure Pay.

  • Page 159: Payments Via World Pay

    4. Payments via World Pay Configure Payments via WorldPay, go to: Users >> Authentication >> On-demand User >> External Payment Gateway >> WorldPay.  WorldPay Payment Configuration WorldPayInstallation ID: The ID of the associated Merchant Account. Payment Gateway URL: The default website of posting all transaction data. Currency: The currency to be used for the payment transactions.
  • Page 160 View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here.  WorldPay Billing Configuration These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled.
  • Page 161 STEP④. Check the Enable Payment Response checkbox. STEP⑤. Enter the Payment Response URL. URL : <wpdisplay item=MC_callback>  STEP⑥. Check the Enable the Shopper Response.
  • Page 162 STEP⑦. Select the Save Changes button STEP⑧. Input Installation ID and Payment Gateway URL in gateway UI. Installation ID: 2009test  URL : https://select.wp3.rbsworldpay.com/wcc/purchase  Note: The WAN IP of gateway must be real IP. P/N: V10020100618...

Table of Contents