LevelOne AMG-2000 User Manual
  1. Manuals
  2. Brands
  3. LevelOne Manuals
  4. Gateway
  5. AMG-2000
  6. User manual
LevelOne AMG-2000 User Manual

LevelOne AMG-2000 User Manual

Ap management gateway
Hide thumbs Also See for AMG-2000:
Table of Contents

Advertisement

Quick Links

Download this manual
AMG-2000
AP Management Gateway

User Manual

V1.01-1027

Advertisement

Table of Contents
loading

Related Manuals for LevelOne AMG-2000

Summary of Contents for LevelOne AMG-2000

  • Page 1: User Manual

    AMG-2000 AP Management Gateway User Manual V1.01-1027...

  • Page 2: Table Of Contents

    Table of Contents BEFORE YOU START............................1 1.1................................1 REFACE 1.2..........................1 OCUMENT ONVENTION SYSTEM OVERVIEW ............................2 2.1...............................2 NTRODUCTION 2.2............................3 YSTEM ONCEPT 2.3...............................4 PECIFICATION 2.1.1 Hardware Specification ...........................4 2.1.2 Technical Specification..........................4 BASE INSTALLATION ............................7 3.1..........................7 ARDWARE NSTALLATION 3.1.1.
  • Page 3 4.3.4. Template Settings ..........................98 4.3.5. Firmware Management........................100 4.3.6. AP Upgrade ............................101 4.4.........................102 ETWORK ONFIGURATION 4.4.1. Network Address Translation ......................102 4.4.2. Privilege List ...........................105 4.4.3. Monitor IP List ..........................106 4.4.4. Walled Garden List .........................108 4.4.5. Proxy Server Properties........................109 4.4.6. Dynamic DNS ..........................110 4.4.7.

  • Page 4: Before You Start

    This manual is intended for the system or network administrators with the networking knowledge to complete the step by step instructions of this manual in order to use the AMG-2000 for a better management of network system and user data.

  • Page 5: System Overview

    Introduction 2.1. AMG-2000 is a network access controller, dedicatedly designed for small to medium-sized network deployment and management, making it an ideal solution for easily creating and extending WLANs in SMB offices. With its user management features, administrators will be able to manage the whole process of wireless network access. In addition, Access Point (AP) management functions allow administrators to discover, configure, upgrade, and monitor all managed APs from a single secured interface, and from there, gain full control of entire wireless network.

  • Page 6: System Concept

    SSL encrypted web interface. This interface is compatible to most desktop devices and palm computers. The following figure is an example of AMG-2000 set to control a part of the company’s intranet. The whole managed network includes the cable network users and the wireless network users.

  • Page 7: Specification

    Specification 2.3. 2.1.1 Hardware Specification General Form Factor: Mini-desktop Dimensions (W x D x H): 235 mm x 161.9 mm x 37.6 mm Weight: 1Kg Operating Temperature: 0 ~ 40°C Storage Temperature: 20 ~ 70°C Power: 100~240 VAC, 50/60 Hz Ethernet Interfaces: 7 x Fast Ethernet (10/100 Mbps) Connectors &...
  • Page 8 Supports DoS attack protection Supports user Black List Allows user identity plus MAC address authentication for local accounts User Management Supports up to 120 concurrent users Provides 500 local accounts Provides 2000 on-demand accounts Simultaneous support for multiple authentication methods (Local and On-demand accounts, POP3(S), LDAP, RADIUS, NT Domain) Role-based and policy-based access control (per-role assignments based on Firewall policies, Routing, Login Schedule, Bandwidth)
  • Page 9 Enables session expiration control for on-demand accounts by time (hour) and data volume (MB) Provides billing report on screen for on-demand accounts Detailed per-user traffic history based on time and data volume for both local and on-demand accounts Traffic history report in an automatic email to administrator System Administration Multi-lingual, web-based management UI SSH remote management...

  • Page 10: Base Installation

    3.1.1. System Requirements Standard 10/100BaseT including five network cables with RJ-45 connectors All PCs need to install the TCP/IP network protocol 3.1.2. Package Contents The standard package of AMG-2000 includes: AMG-2000 x 1 CD-ROM x 1 Quick Installation Guide x 1...

  • Page 11: Panel Function Descriptions

    3.1.3. Panel Function Descriptions Front Panel Rear Panel...

  • Page 12: Installation Steps

    Attention: Usually a straight-through cable could be applied when the AMG-2000 connects to an Access Point which supports automatic crossover. If after the AP hardware resets, the AMG-2000 could not be able to connect to the AP while connecting with a straight-through cable, the user have to pull out and plug-in the straight-through cable again.

  • Page 13: Software Configuration

    There are two ways to configure the system: using Configuration Wizard or change the setting by demands manually. The Configuration Wizard provides a simple and easy way to guide you through the setup of AMG-2000 (for the AP configuration, you have to set it up in administrator interface). You just need to follow the procedures and instructions given by the Wizard to enter the required information step by step.
  • Page 14 User Name: operator Password: operator After successfully logging into AMG-2000, you can enter the web management interface and see the welcome screen. There is a Logout button on the upper right corner to log out the system when finished.
  • Page 15 Then, run the configuration wizard to help you complete the configuration. Click System Configuration to the System Configuration homepage. Click the System Configuration from the top menu and the homepage of System Configuration will appear. Then, click on Configuration Wizard and click the Run Wizard button to start the wizard. Configuration Wizard First of all, you will see a welcome screen to briefly introduce the 6 steps.
  • Page 16 Home Page: Enter the URL that users should be directed to when successfully authenticated or use the default. NTP Server: Enter the IP address or domain name of external time server for AMG-2000 time synchronization or use the default. DNS Server: Enter an IP address of DNS Server. Contact your network administrator if you are not sure of the DNS IP Address.
  • Page 17 Dynamic IP Address If this option is selected, AMG-2000 will obtain IP settings from external DHCP server on network connected by WAN1 automatically. Click Next to continue. Static IP Address: Set WAN Port’s Static IP Address Enter the “IP Address”, “Subnet Mask” and “Default Gateway”...
  • Page 18 Local User: Add User A new user can be added to the local user data base. To add a user here, enter the Username (e.g. test), Password (e.g. test), MAC (optional, to specify the valid MAC address of this user) and assign it a policy (or use the default).
  • Page 19 When NT Domain is selected, enter the information for “Server IP Address”, and enable/disable “Transparent Login” (used to login AMG-2000 automatically when login to NT domain. This option normally requires extra configuration to work, we suggest you NOT to enable it at initial configuration).
  • Page 20 Setup Wizard. During AMG-2000 restart, a “Restarting now. Please wait for a while.” message will appear on the screen. Please do not interrupt AMG-2000 until the message has disappeared. This indicates that a complete and successful restart process has finished.

  • Page 21: User Login Portal Page

    To login from the login portal page via the LAN1~LAN4 port, the user have to be identified the user name and password. The administrator also can verify the correctness of the configuration steps of AMG-2000. 1. First, connect a user-end device (for example, a PC) to one of the LAN1~LAN4 port of the AMG-2000, and set the device to obtain IP address automatically.
  • Page 22 4. If you are an on-demand user, you can enter the username and password in the “User Login Page” and then click the Remaining button to know the remaining time or data quota of the account. 5. When an on-demand user logs in successfully, the following Login Successfully screen will appear and it is a little different from the normal user’s login successfully screen.

  • Page 23: Web Interface Configuration

    Web Interface Configuration This chapter will guide you through further detailed settings. The following table is the UI and functions of the AMG-2000. System User Network OPTION Utilities Status Configuration Authentication Management Configuration Network Configuration Authentication Change AP List Address...

  • Page 24: System Configuration

    System Configuration 4.1. This section includes the following functions: Configuration Wizard, System Information, WAN1 Configuration, WAN2 & Failover, LAN1~4 Configuration and Private LAN Configuration. 4.1.1. Configuration Wizard Please refer to 3.2.2 User Login Portal Page for the detail description of Configuration Wizard.

  • Page 25: System Information

    4.1.2. System Information Most of the major system information about AMG-2000 can be set here. Please refer to the following description for each field: System Name: Set the system’s name or use the default. Device Name: FQDN (Fully-Qualified Domain Name). This is the domain name of the AMG-2000 as seen on client machines connected on LAN ports.

  • Page 26: Wan1 Configuration

    For example, 10.2.3.0/24 means that as long as you are within the IP address range of 10.2.3.0/24, you can reach the administration page of AMG-2000. If the IP range bit number is omitted, 32 is used which specify a single IP address.
  • Page 27 Static IP Address: Manually specifying the IP address of the WAN1 port. The red asterisk marks indicate required fields and have to be filled. IP address: the IP address of the WAN1 port. Subnet Mask: the subnet mask of the network WAN1 port connects to. Default Gateway: a gateway of the network WAN1 port connects to.
  • Page 28 PPTP Client: Set WAN1 port to connect to external PPTP server to establish PPTP VPN tunnel. You can select Static to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically. The fields with red mark are required. Please fill in these fields. There is a Dial on demand function under PPTP. If this function is enabled, you can set a Maximum Idle Time.

  • Page 29: Wan2 & Failover

    4.1.4. WAN2 & Failover Except select None to disable this function, there are 2 connection types for the WAN2 port: Static IP Address and Dynamic IP Address. And you can enter up to three URLs and check “Warning of Internet Disconnection” to work with the WAN Failover function.
  • Page 30 If WAN Failover function is enabled, when WAN1 connection fails, the traffic will be routed to WAN2 automatically. If Failback to WAN1 when possible function is enabled, when WAN1 connection is recovered , the routed traffic will be back to WAN1. Dynamic IP Address: Select this when WAN2 Port can obtain IP address automatically, such as a DHCP Server available from WAN2 Port.

  • Page 31: Lan1~4 Configuration

    For Dynamic IP Address, WAN Failover and Fallback to WAN1 when possible also can be enabled like as the function for Static IP Address. 4.1.5. LAN1~4 Configuration Clients access the network through LAN1~4 ports must log in for authentication first. In this section, you can set the related configuration for LAN1~4 ports and DHCP server.
  • Page 32 Operation Mode: Choose one of the two modes, NAT mode and Router mode, by the requirements. IP Address: Enter the desired IP address for the LAN1~LAN4 port. Subnet Mask: Enter the desired subnet mask for the LAN1~LAN4 port. DHCP Server Configuration There are three methods to set the DHCP server: Disable DHCP Server, Enable DHCP Server and Enable DHCP Relay.
  • Page 33 Domain Name: Enter the domain name. WINS Server IP: Enter the IP address of WINS server. Lease Time: Choose the time to change the DHCP. Reserved IP Address List: For reserved IP address settings in detail, please click the hyperlink of Reserved IP Address.

  • Page 34: Private Lan Configuration

    4.1.6. Private LAN Configuration To access the network through the private LAN port doesn’t have to authenticate before logging in. In this section, you can set the related configuration for the private LAN port and DHCP server. Private LAN Operation Mode: Choose one of the two modes, NAT mode and Router mode, by the requirements. IP Address: Enter the desired IP address for the private port.
  • Page 35 DHCP Scope: Enter the “Start IP Address” and the “End IP Address” of this DHCP block. These fields define the IP address range that will be assigned to the Private LAN clients. Preferred DNS Server: The primary DNS server for the DHCP. Alternate DNS Server: The substitute DNS server for the DHCP.
  • Page 36 3. Enable DHCP Relay: If you want to enable this function, you must specify other DHCP Server IP address. See the following figure.

  • Page 37: User Authentication

    User Authentication 4.2. This section includes the following functions: Authentication Configuration, Black List Configuration, Policy Configuration and Additional Configuration. 4.2.1. Authentication Configuration This function is to configure the settings for authentication server and on-demand user authentication. The system provides 3 servers and one on-demand server that the administrator can apply with different policy. Click on the server name to set the related configurations for that particular server.
  • Page 38 Server Name: Set a name for the server using numbers (0 to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed. Sever Status: The status shows that the server is enabled or disabled.
  • Page 39 On-demand User: This is for the customer’s need in a store environment. When the customers need to use wireless Internet in the store, they have to get a printed receipt with username and password from the store to log in the system for wireless access. There are 2000 On-demand User accounts available. Server Status: The status shows that the server is enabled or disabled.
  • Page 40 Users List: Click to enter the On-demand Users List screen. In the On-demand Users List, detailed information will be documented here. By default, the On-demand user database is empty. Search: Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search.
  • Page 41 Type: Set the billing rule by “Volume” (the maximum volume allowed is 9999999 Mbyte) or “Time” (the maximum time allowed is 999 hours and 59 minutes). Expired Info: This is the duration of time that the user needs to activate the account after the generation of the account.
  • Page 42 Report All: Click this to get a complete report including all the on-demand records. This report shows the total expenses and individual accounting of each plan for all plans available. Search: Select a time period to get a period report. The report tells the total expenses and individual accounting of each plan for all plans available for that period of time.
  • Page 43 Click the hyperlink to get in for further configuration. Edit Local User List: Click this to enter the “Local User List” screen and click the individual Username to edit that account. Add User: Click Add User to enter the Add User interface. Fill in the necessary information such as “Username”, “Password”, “MAC”...
  • Page 44 Upload User: Click this to enter the Upload User interface. Click the Browse button to select the text file for the user account upload. Then click Submit to complete the upload process. The uploading file should be a text file and the format of each line is "ID, Password, MAC, Policy, Remark"...
  • Page 45 must be no spaces between the fields and commas. The MAC field could be omitted but the trailing comma must be retained. The Group field indicates policy number to use. When adding user accounts by uploading a file, the existing accounts in the embedded database will not be replaced by new ones. Download User: Click this to enter the Users List page and the system will directly show a list of all created user accounts.
  • Page 46 Refresh: Click this to renew the user list. Search: Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Del All: This will delete all the users at once.
  • Page 47 Radius Roaming Out / 802.1x Authentication: Enable the two function separately and the hyperlink of Radius Client List. Click the hyperlink of Radius Client List to enter the Radius Client Configuration page. Choose the desired type, Disable, Roaming Out or 802.1x and key in the related data and then click Apply to complete the settings.
  • Page 48 Click the hyperlink for further configuration. Enter the related information for the primary server and/or the secondary server (the secondary server is not required). The blanks with red asterisks are necessary information. These settings will become effective immediately after clicking the Apply button. Server IP: Enter the IP address/domain name given by your ISP.
  • Page 49 Authentication Method – Radius Choose “Radius” in the Authentication Method field, the hyperlink beside the pull-down menu will become “Radius Setting” and there is a hyperlink of “Edit Policy Mapping” shows beside Policy. Click the hyperlink for further configuration. The Radius server sets the external authentication for user accounts.
  • Page 50 ID will be sent to RADIUS server for authentication. NASID: Enter a line of characters, for example “meeting-room”, for identifying AMG-2000 itself to the RADIUS server. Please use numbers (0 to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.), and all other letters are not allowed.
  • Page 51 Click the hyperlink of Edit Policy Mapping for further configuration. In Class Attribute filed, enter the class attribute according to the setting of Radius server and assign a policy. The class attribute could be a character string using numbers (0 to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.), all other letters are not allowed.
  • Page 52 Server IP: Enter the IP address or domain name of the LDAP server. Port: Enter the Port of the LDAP server, and the default value is 389. Base DN: Enter the distinguished name of the LDAP server. Account Attribute: Enter the account attribute of the LDAP server. Authentication Method –...

  • Page 53: Black List Configuration

    Server IP address: Enter the server IP address of the domain controller. Transparent Login: If the function is enabled, when users log into the Windows domain, they will log into AMG-2000 automatically. 4.2.2. Black List Configuration The administrator can add, delete, or edit the black list for user access control. Each black list can include 40 users at most.
  • Page 54 If the administrator wants to remove a user from the black list, just select the user’s “Delete” check box and then click the Delete button to remove that user from the black list.

  • Page 55: Policy Configuration

    4.2.3. Policy Configuration There are 8 policies and one Global Policy in Policy Configuration. Except Global Policy, each Policy has three profiles, Firewall Profile, Specific Route Profile, and Schedule Profile as well as Total Bandwidth, Individual Maximum Bandwidth and Individual Request Bandwidth setting for that policy. Policy 1~8 Select Policy: Select Policy 1 ~ Policy 8..
  • Page 56 Rule Item: This is the rule that you have selected. Rule Name: The rule name can be changed here. The rule name can be set to easily identify, for example: “from file server”, “HTTP request” or “to web”, etc. Enable this Rule: After checking this function, the rule will be enabled. Action: There are two options, Block and Pass.
  • Page 57 Private LAN. Source/Destination IP: Enter the source and destination IP addresses. Source/Destination Subnet Mask: Enter the source and destination subnet masks. Source/Destination Start/End Port: Enter the range of source and destination ports. Specific Route Profile Click the hyperlink of Setting for Specific Route Profile, the Specific Route Profile list will appear. Profile Name: The profile name can be changed here.
  • Page 58 after clicking the Apply button. Total Bandwidth Choose one bandwidth limit for that particular policy.
  • Page 59 Individual Maximum Bandwidth: Choose a bandwidth for the maximum bandwidth of an individual user.
  • Page 60 Individual Request Bandwidth: Choose a bandwidth for the minimum bandwidth of an individual user. Global Policy Select Policy: Select Global to set the Firewall Profile and Specific Route Profile.
  • Page 61 Firewall Profile: Click the hyperlink of Setting for Firewall Profile, the Firewall Profiles list will appear. Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings. The rule status will show on the list. Check “Active” to enable that rule. Rule Item: This is the rule that you have selected.
  • Page 62 Source MAC Address: The MAC address of the source IP address. This is for specific MAC address filter. Source/Destination Interface: There are four interfaces to choose, ALL, WAN1, WAN2, LAN1~4 and Private LAN. Source/Destination IP: Enter the source and destination IP addresses. Source/Destination Subnet Mask: Enter the source and destination subnet masks.

  • Page 63: Additional Configuration

    4.2.4. Additional Configuration User Control: Functions under this section applies for all general users. Idle Timer: If a user has been idled with no network activities, the system will automatically kick out the user. The logout timer can be set in the range of 1~1440 minutes, and the default logout time is 10 minutes. Multiple Login: When enabled, a user can log in from different computers with the same account.
  • Page 64 Click Use Default Certificate to use the default certificate and key. 2. Login Page: The administrator can use the default login page or get the customized login page by setting the template page, uploading the page or downloading from the specific website. After finishing the setting, you can click Preview to see the login page.
  • Page 65 b. Choose Template Page to make a customized login page here. Click Select to pick up a color and then fill in all of the blanks. You can click Preview to see the result first.
  • Page 66 c. Choose Uploaded Page and you can get the login page by uploading. Click the Browse button to select the file for the login page upload. Then click Submit to complete the upload process. After the upload process is completed, the new login page can be previewed by clicking Preview button at the bottom.
  • Page 67 Delete to delete the file. In AMG-2000, the end user first gets a login page when she/he opens its web browser right after associating with an access point. However, in some situations, the hotspot owners or MIS staff may want to display “terms of use”...
  • Page 68 the disclaimer, and the green part can be modified freely by administrators to suit the situation better. Now the default is set to “I disagree” with the disclaimer. Administrators can change the purple part to set “agree” as the default or set no default. These codes should be saved in local storage with a name followed by .html, such as login_with_disclaimer.html.
  • Page 69 strRtn+=str.charCodeAt(i); if (i) strRtn+="a"; return strRtn; function DecodeCookie(str) var strArr; var strRtn=""; strArr=str.split("a"); for(var i=strArr.length-1;i>=0;i--) strRtn+=String.fromCharCode(eval(strArr[i])); return strRtn; function MM_swapImgRestore() { //v3.0 var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; function MM_preloadImages() { //v3.0 var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image;...
  • Page 70 function init(form) id = getCookie("username"); if(id!="" && id!=null) form.myusername.value = id; disclaimer.style.display=''; login.style.display='none'; function Before_Submit(form) if(form.myusername.value == "") alert("Please enter username."); form.myusername.focus(); form.myusername.select(); disableButton=false; return false; if(form.mypassword.value == "") alert("Please enter password."); form.mypassword.focus(); form.mypassword.select(); disableButton=false; return false; if(disableButton==true) alert("The system is now logging you in, please wait a moment."); return false;...
  • Page 71 disableButton=true; return true; return true; function reminder_onclick(form) Reminder.myusername.value = form.myusername.value; Reminder.mypassword.value = form.mypassword.value; Reminder.submit(); function cancel_onclick(form) form.reset(); function check_agree(form) if(form.selection[1].checked == true) alert("You disagree with the disclaimer, therefore you will NOT be able to log in."); return false; disclaimer.style.display='none'; login.style.display=''; return true;...
  • Page 72 <table name="disclaimer" id="disclaimer" width="460" height="430" border="0" align="center" background="../images/agreement.gif"> <tr> <td height="50" align="center" valign="middle"><div align="center" class="style5">Service Disclaimer</div></td> </tr> <tr> <td height="260" align="center" valign="middle"><table width="370" height="260" border="0" align="center"> <tr> <td> <textarea name="textarea" cols="50" rows="15" align="center" readonly> We may collect and store the following personal information: e-mail address, physical contact information, credit card numbers and transactional information based on your activities on the Internet service provided by us.
  • Page 73 personal information. If your personal information will be used contrary to this policy, you will receive prior notice.) Without limiting the above, in an effort to respect your privacy and our ability to keep the community free from bad actors, we will not otherwise disclose your personal information to law enforcement, other government officials, or other third parties without a subpoena, court order or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss or to report suspected illegal activity.
  • Page 74 </table></td> </tr> <tr> <td height="20">&nbsp;</td> </tr> </table> <div align="center"> <table name="login" id="login" width="497" height="328" border="0" align="center" cellpadding="2" cellspacing="0" background="../images/userlogin.gif"> <tr> <td height="146" colspan="2">&nbsp;</td> </tr> <tr> <td width="43%" height="53">&nbsp;</td> <td><input type="text" name="myusername" size="20"></td> </tr> <tr> <td height="42">&nbsp;</td> <td><input type="password" name="mypassword" size="20"></td> </tr>...
  • Page 75 <table> <tr> <td width="100%"> <font color="#808080" size="2"><script language="JavaScript">if( creditcardenable == "Enabled" ) document.write("<a href=\"../loginpages/credit_agree.shtml\">Click here to purchase by Credit Card Online.<a>");</script></font> </td> </tr> </table> </div> </form> <form action="reminder.shtml" method="post" name="Reminder"> <input type=hidden name=myusername value=""> <input type=hidden name=mypassword value=""> </form> <br> <div align="center">...
  • Page 76 If the page is successfully loaded, an upload success page will show up. “Preview” can be clicked to see the uploaded page. If user checks “I agree” and clicks Next, then he/she is prompted to fill in the login name and password.
  • Page 77 If user checks “I disagree” and clicks Next, a window will pop up to tell user that he/she cannot log in. d. Choose the External Page selection and you can get the login page from the specific website. Enter the website address in the “External Page Setting”...
  • Page 78 After applying the setting, the new login page can be previewed by clicking Preview button at the bottom of this page. Please not that: is needed in your HTML code to make sure the page works correctly. 3. Logout Page: The users can apply their own logout page here. The process is similar to that of Logout Page.
  • Page 79 code that the user can enter the username and password. After the upload is completed, the user-defined login user interface can be previewed by clicking Preview at the bottom of this page. If want to restore the factory default setting of the logout interface, click the “Use Default Page” button. 4.
  • Page 80 b. Choose Template Page to make a customized login success page here. Click Select to pick up a color and then fill in all of the blanks. You can click Preview to see the result first. c. Choose Uploaded Page and you can get the login success page by uploading. Click the Browse button to select the file for the login success page upload.
  • Page 81 button at the bottom. Then, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K.
  • Page 82 a. Choose Default Page to use the default login success page for on-demand. b. Choose Template Page to make a customized login success page for on-demand here. Click Select to pick up a color and then fill in all of the blanks. You can click Preview to see the result first. c.
  • Page 83 Browse button to select the file for the login success page for on-demand upload. Then click Submit to complete the upload process. After the upload process is completed, the new l login success page for on-demand can be previewed by clicking Preview button at the bottom.
  • Page 84 d. Choose the External Page selection and you can get the login success page for on-demand e from the specific website. Enter the website address in the “External Page Setting” field and then click Apply. After applying the setting, the new login success page for on-demand can be previewed by clicking Preview button at the bottom of this page.
  • Page 85 b. Choose Template Page to make a customized logout success page here. Click Select to pick up a color and then fill in all of the blanks. You can click Preview to see the result first. c. Choose Uploaded Page and you can get the logout success page by uploading. Click the Browse button to select the file for the logout success page upload.
  • Page 86 button at the bottom. Then, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K.
  • Page 87 Enhance User Authentication: With this function, only the users with their MAC addresses in this list can log into AMG-2000. There will only be 40 users allowed in this MAC address list. User authentication is still required for these users. Please enter the Permit MAC Address List to fill in these MAC addresses, select Enable, and then click Apply.

  • Page 88: Ap Management

    4.3.1. AP List All of the AP under the management of AMG-2000 will be shown in the list. The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status.
  • Page 89 Click Apply Template to select one template to apply to the AP.
  • Page 90 AP Name Click AP Name and enter the interface about related settings. There four kinds of settings, General Settings, LAN Interface Setting, Wireless Interface Setting and Access Control Setting. Click the hyperlink to go on the configuration. General Setting: Click Setting to enter the General Setting interface. You can revise the AP Name, Admin Password and Remark.
  • Page 91 LAN Interface Setting: Click LAN to enter the LAN Settings page. Input the data of LAN including IP Address, Subnet Mask and Default Gateway of the AP. Wireless Interface Setting: Click Wireless LAN to enter the Wireless Interface Setting page. The data of Properties and Security need to be filled in.
  • Page 92 example, 1 to 11 channels are suitable for the North America area. Transmission Mode: There are 3 modes to select, 802.11b (2.4G, 1~11Mbps), 802.11g (2.4G, 54Mbps) and Mix mode (b and g). Transmission Rate: The default is Auto. Available range is from 1 to 54Mbps. The rate of data transmission should be set depending on the speed of your wireless network.
  • Page 93 be read. Select Authentication Type (Open System, Shared Key or Both), Key Length (64 bits or 128 bits), Key Index (Key1~Key4) and then input the Key. Check 802.1x Authentication to enable this function and enter the related data, if necessary. WPA: WPA is Wi-Fi’s encryption method that protects unauthorized network access by verifying network users through a server.
  • Page 94 WPA2: Wi-Fi Protected Access version 2. The follow on security method to WPA for Wi-Fi networks that provides stronger data protection and network access control. Select 802.1x or WPA-PSK security type and enter the related information below. WPA2 only can use AES encryption type. WPA Mixed: If you want to use TKIP and AES encryption type at the same time, you can choose this security type.
  • Page 95 Access Control Setting: In this function, when the status is “Enabled”, only these clients which MAC addresses are listed in the list can be allowed to connect AMG-2000. When “Disabled” is selected, all clients can connect AMG-2000. The default is Disabled.
  • Page 96 System Status: The table shows the information about AP Name, AP Status and Last Reporting Time. LAN Status: The table shows the information about IP Address, Subnet Mask and Gateway. Wireless LAN Status: The table shows all of the related wireless information. Access Control Status: The table shows the status of MAC of clients under the control of the AP.
  • Page 97 Associated Client Status: The table shows the clients connecting to the AP and the related information of the client.

  • Page 98: Ap Discovery

    4.3.2. AP Discovery Use this function to detect and manage all of the APs in the network segments. To discover AP manually, please fill in the required data. Interface: Check Private LAN or/and LAN1~4 and enter the Base IP and Pool Size (the discovered APs will be configured to use IP address among the pool).
  • Page 99 When the matched AP is discovered, it will show up in the list below and be given a new IP address as you set (ex: 192.168.2.2). Check the Add box to add the AP and it will be listed to the AP list. Click Configuring to go on the related configuration.
  • Page 100 The Interface and AP Access configuration is the same as the settings mentioned above. For the Auto-Discovery Status, when you enable this function, the system will scan once every 10 minutes or the time you set. If any AP is discovered and “Auto-Add AP” enabled, it will be assigned an available IP from the IP pool set within the interfaces and applied with the selected template.

  • Page 101: Manual Configuration

    4.3.3. Manual Configuration The AP also can be added manually. Input the related data of the AP and select a Template. Then click ADD, the AP will be added to the managed list. 4.3.4. Template Settings Template is a model that you can copy it to every AP and not necessary to configure the AP individually. There are three templates provided and click Edit to go on configuration.
  • Page 102 After entering the interface, you can revise the configuration for demand and change administrator’s password. About other function settings, please refer to 4.3.1 AP List.

  • Page 103: Firmware Management

    4.3.5. Firmware Management In this function, you can upload the AP’s firmware and also can download the present firmware to the local or delete...

  • Page 104: Ap Upgrade

    4.3.6. AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware, and then click Apply to upgrade firmware.

  • Page 105: Network Configuration

    Network Configuration 4.4. This section includes the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled Garden List, Proxy Server Properties, Dynamic DNS and IP Mobility.. 4.4.1. Network Address Translation There are three parts, DMZ, Public Accessible Server and Port and IP Redirect, need to be set. DMZ (Demilitarized Zone) DMZ allows administrators to define mandatory external to internal IP mapping, hence a user on WAN side network can access the private machine via the external IP (similar to DMZ usage in firewall product).
  • Page 106 This function allows the administrator to set 40 virtual servers at most, so that the computers not belonging to the managed network can access the servers in the managed network via WAN port IP of AMG-2000. Please enter the “External Service Port”, “Local Server IP Address” and “Local Server Port”. According to the different services provided, the network service can use the TCP protocol or the UDP protocol.
  • Page 107 Port and IP Redirect This function allows the administrator to set 40 sets of the IP addresses at most for redirection purpose. When the user attempts to connect to a destination IP address listed here, the connection packet will be converted and redirected to the corresponding destination.

  • Page 108: Privilege List

    IP addresses of these workstations in this list. The “Remark” blank is not necessary but is useful to keep track. AMG-2000 allows 100 privilege IP addresses at most. These settings will become effective immediately after clicking Apply.

  • Page 109: Monitor Ip List

    4.4.3. Monitor IP List AMG-2000 will send out a packet periodically to monitor the connection status of the IP addresses on the list. If the monitored IP address does not respond, the system will send an e-mail to notify the administrator that such destination is not reachable.
  • Page 110 Click Monitor to monitor the IP addresses listed in the Monitor IP List. The Monitor IP result page shown as below will appear. In the Result column, green light means the IP address is alive and reachable. On the other hand, red light means the IP address is not reachable now.

  • Page 111: Walled Garden List

    Please enter the website IP Address or Domain Name in the list and these settings will become effective immediately after clicking Apply. Caution: To use the domain name, the AMG-2000 has to connect to DNS server first or this function will not work.

  • Page 112: Proxy Server Properties

    Internal Proxy Server: AMG-2000 has a built-in proxy server. If this function is enabled, the end users will be forced to treat AMG-2000 as the proxy server regardless of the end-users’ original proxy settings.

  • Page 113: Dynamic Dns

    4.4.6. Dynamic DNS AMG-2000 provides a convenient DNS function to translate a domain name to the IP address of WAN port that helps the administrator memorize and connect to WAN port. If the DHCP is activated at WAN port, this function will also update the newest IP address regularly to the DNS server.

  • Page 114: Utilities

    Backup/Restore Settings, Firmware Upgrade and Restart. 4.5.1. Change Password AMG-2000 supports three accounts with different access privileges. You can log in as admin, manager or operator. The default password and access privilege for each account are as follow: Admin: The administrator can access all configuration pages of the AMG-2000.
  • Page 115 Caution: If the administrator’s password is lost, the administrator’s password still can be changed through the text mode management interface on the serial port, console/printer port.

  • Page 116: Backup/Restore Settings

    4.5.2. Backup/Restore Settings This function is used to backup/restore the AMG-2000 settings. Also, AMG-2000 can be restored to the factory default settings here. Backup current system settings: Click Backup to create a .db database backup file and save it on disk.

  • Page 117: Firmware Upgrade

    This function allows the administrator to safely restart AMG-2000 and the process should take about 100 seconds. Click YES to restart AMG-2000; click NO to go back to the previous screen. If you need to turn off the power, we recommend you to restart AMG-2000 first and then turn off the power after completing the restart process.

  • Page 118: Status

    Status 4.6. This section includes System Status, Interface Status, Current Users, Traffic History, and Notification Configuration to provide system status information and online user status. 4.6.1. System Status This section provides an overview of the system for the administrator.
  • Page 119 The description of the table is as follows: Description Item The present firmware version of AMG-2000 Current Firmware Version The system name. The default is AP Management System Name Gateway The page the users are directed to after initial login Home Page success.

  • Page 120: Interface Status

    The up to three email addresses that the traffic history, Email To monitor IP report, on-demand user log, or AP status will be sent to. NTP Server The network time server that the system is set to align. Time Date Time The system time is shown as the local time.
  • Page 121 Description Item The MAC address of the WAN1 port. MAC Address The IP address of the WAN1 port. WAN1 IP Address The Subnet Mask of the WAN1 port. Subnet Mask The MAC address of the WAN2 port. MAC Address The IP address of the WAN2 port. WAN2 IP Address The Subnet Mask of the WAN2 port.

  • Page 122: Current Users

    Click the Source AP to get the information of all associated client of the source AP. 4.6.4. Traffic History This function is used to check the history of AMG-2000. The history of each day will be saved separately in the DRAM for 3 days.
  • Page 123 Caution: Since the history is saved in the DRAM, if you need to restart the system and also keep the history, then please manually copy and save the information before restarting. If the History Email has been entered under the Notification Configuration page, then the system will automatically send out the history information to that email address.

  • Page 124: Notify Configuration

    Pkts In, Pkts Out and Message, of user activities. 4.6.5. Notify Configuration AMG-2000 can automatically send the notification of Monitor IP Report, Traffic History, On-demand User Log and AP Status to up to 3 particular e-mail addresses. Enter the related information and select the desired items and...
  • Page 125 Send To: You can set up to 3 e-mail addresses to receive the notification. These are the receivers’ e-mail addresses. There are four kinds of notification to selection -- Monitor IP Report, Traffic History, On-demand User Log and AP Status, check which notification you want to receive. Interval: The time interval to send the e-mail report.
  • Page 126 Syslog Configuration: Enter the IPs and Ports of the Syslog server to receive system events including Traffic History and On-demand User Log.

  • Page 127: Help

    Help 4.7. On the screen, the Help button is on the upper right corner. Click Help to the Online Help window and then click the hyperlink of the items to get the information.

  • Page 128: Appendix A -- Console Interface

    Enter key to make selection or confirm what you enter. 3. Once the console port of AMG-2000 is connected properly, the console main screen will appear automatically. If the screen does not appear in the terminal simulation program automatically, please try to press the arrow keys, so that the terminal simulation program will send some messages to the system and the welcome screen or the main menu should appear.
  • Page 129 Set device into “safe mode”: If administrator is unable to use Web Management Interface via the browser for the system failed inexplicitly. Administrator can choose this utility and set AMG-2000 into safe mode, then administrator can management this device with browser again.
  • Page 130 Caution: Although it does not require a username and password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore, we recommend you to immediately change the AMG-2000 Admin username and password after logging in the system for the first time. Reload factory default Choosing this option will reset the system configuration to the factory defaults.

  • Page 131: Appendix B -- Network Configuration On Pc

    Appendix B -- Network Configuration on PC After AMG-2000 is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup. Internet Connection Setup If the Internet Connection of this client PC has been configured as use local area network already, you can skip this setup.
  • Page 132 4. Choose “I connect through a local area network (LAN)” and click Next. 5. DO NOT choose any option in the following LAN window for Internet configuration, and just click Next. 6. Choose “No”, and click Next 7. Finally, click Finish to exit the Internet Connection Wizard.
  • Page 133 Windows XP 2. Choose Start > Control Panel > Internet Option. 3. Choose the “Connections” label, and then click Setup. 4. Click Next when Welcome to the New Connection Wizard screen appears. 5. Choose “Connect to the Internet” and then click Next.
  • Page 134 6. Choose “Set up my connection manually” and then click Next. 7. Choose “Connect using a broadband connection that is always on” and then click Next. 8. Finally, click Finish to exit the Connection Wizard. Now, you have completed the setup.
  • Page 135 IP address automatically. Windows 95/98/2000/XP configures IP setup to “Obtain an IP address automatically” in default settings. If you want to check the TCP/IP setup or use a static IP to connect to AMG-2000 LAN port, please follow the following steps: Check the TCP/IP Setup of Window 9x/ME 1.
  • Page 136 “IP Address” and “Subnet Mask” on the “IP Address” label and then click Choose “Gateway” label and enter the gateway address of AMG-2000 in the “New gateway:” and then click Add and OK. Choose “DNS Configuration” label. If the DNS...
  • Page 137 PC to make sure an IP address is obtained from AMG-2000. 4-2. Using Specific IP Address: If you want to use specific IP address, you have to ask the network administrator for the information of the AMG-2000: IP address, Subnet Mask, New gateway and DNS...
  • Page 138 3-1. Using DHCP: If want to use DHCP, please choose “Obtain an IP address automatically” and click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from AMG-2000.
  • Page 139 3-2. Using Specific IP Address: If want to use specific IP address, you have to ask the network administrator for the information of the AMG-2000: IP address, Subnet Mask, New gateway and DNS server address. Please choose “Use the following IP address”...

  • Page 140: Appendix C - Windows Server 2000/2003 Ad

    2000/2003 sever and please make sure you have enabled the Active directory Service on the Windows Server. When the AMG-2000 is set up, Windows Server should be also ready by the MIS in your company. Then, you can add new user and group under the OU.
  • Page 141 Enter the Password and enter it again for confirmation. The password must be six characters or more. Depend on the request to check the four selections below. .Then, click the Next. The new user, ccc, is created successfully under the OU.
  • Page 142 Right-click on ccc to view the properties. ccc→ Properties. Click the Account label and you will see the account information about ccc. Then, you can get the information to fill in the fields of LDAP Server. For example, Server IP: www.2k3lab.idv.tw; Port: 389; Base DN: ou=OU,dc=2k3lab,dc=idv,dc=tw;...
  • Page 143 could be CN or uid.

  • Page 144: Appendix D - Proxy Setting For Hotspot

    Appendix D - Proxy Setting for Hotspot HotSpot is a place such as coffee shops, hotels, or other public areas where provide Wi-Fi service for mobility users. HotSpot is usually implemented without complex network architecture and using some proxy server which provide by Internet Service Providers.
  • Page 145 Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will appear. Add your ISP’s proxy Server IP and Port into External Proxy Server Setting.
  • Page 146 Enable Built-in Proxy Server in Internal Proxy Server Setting. Click Apply to save the settings.

  • Page 147: Appendix E - Proxy Setting For Enterprises

    Appendix E - Proxy Setting for Enterprises Enterprises usually isolate their Intranet and Internet by using a complex network architecture. Many enterprises have their own proxy servers which are usually at intranet or DMZ under the firewall protection. Internet Desktop Router Gateway Core Switch...
  • Page 148 Click the Proxy Server Properties from left menu and the homepage of the Proxy Server Properties will appear. Add your proxy Server IP and Port into External Proxy Server Setting.
  • Page 149 Disable Built-in Proxy Server in Internal Proxy Server Setting.
  • Page 150 Click Apply to save the settings. Warning:If your proxy server is down, it will make the user authentication operation abnormal. When users open the browser, the login page won’t appear because the proxy server is down. Please make sure your proxy server is always available.

  • Page 151: Appendix E - Glossary

    Appendix E - Glossary 802.11 standard A family of wireless Local Area Network specifications. The 802.11b standard in particular is seeing widespread acceptance and deployment in corporate campuses as well as commercial facilities such as airports and coffee shops that want to offer wireless networking service to their patrons. 802.11a An IEEE specification for wireless networking that operates in the 5 GHz frequency range (5.725 GHz to 5.850 GHz) with a maximum of 54 Mbps data transfer rate.
  • Page 152 802.3ad 802.3ad is an IEEE standard for bonding or aggregating multiple Ethernet ports into one virtual interface (also known as trunking). The aggregated ports appear as a single IP address to your computer and applications. This means no application changes are required. The advantages of aggregation are that the virtual interface provides increased bandwidth by merging the bandwidth of the individual ports.
  • Page 153 100Kbps and above are commonly thought of as broadband. Browser A browser is an application program that provides a way to look at and interact with all the information on the World Wide Web. Cable Modem A kind of converter used to connect a computer to a cable TV service that provides Internet access. Most cable modems have an Ethernet out-cable that attaches to the user's Wi-Fi gateway.
  • Page 154 run more than one DHCP server on your network, you will experience network errors, such as conflicting IP addresses. Diversity Antenna A type of antenna system that uses two antennas to maximize reception and transmission quality and reduce interference. Demilitarized Zone. A computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an distrusted external network, such as the public Internet.
  • Page 155 Encryption key An alphanumeric (letters and/or numbers) series that enables data to be encrypted and then decrypted so it can be safely shared among members of a network. WEP uses an encryption key that automatically encrypts outgoing wireless data. On the receiving side, the same encryption key enables the computer to automatically decrypt the information so it can be read.
  • Page 156 Half Duplex Data transmission that can occur in two directions over a single line, but only one direction at a time. Hardware The physical aspect of computers, telecommunications, and other information technology devices. Hotspot A place where you can access Wi-Fi service. This can be for free or for a fee. HotSpots can be inside a coffee shop, airport lounge, train station, convention center, hotel or any other public meeting area.
  • Page 157 has been deployed widely to implement Virtual Private Networks (VPNs). IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload.
  • Page 158 802.11 radios that have had their MAC addresses added to that network's MAC table will be able to get onto the network. Mbps Megabits Per Second. One million bits per second; a unit of measurement for data transmission. Network Address Translation. A network capability that enables a houseful of computers to dynamically share a single incoming IP address from a dial-up, cable or xDSL connection.
  • Page 159 such as a single DSL line, wireless device or cable modem. All the users over the Ethernet share a common connection, so the Ethernet principles supporting multiple users in a LAN combine with the principles of PPP, which apply to serial connections. PPTP Point-to-Point Tunneling Protocol.
  • Page 160 A device that forwards data packets from one local area network (LAN) or wide area network (WAN) to another. Based on routing tables and routing protocols, routers can read the network address in each transmitted frame and make a decision on how to send it via the most efficient route based on traffic load, line costs, speed, bad connections, etc.
  • Page 161 strong authentication and secure communications over insecure channels. It is a replacement for rlogin, rsh, rcp, and rdist. SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. An attacker who has managed to take over a network can only force ssh to disconnect. He or she cannot play back the traffic or hijack the connection when encryption is enabled.
  • Page 162 The underlying technology behind the Internet and communications between computers in a network. The first part, TCP, is the transport part, which matches the size of the messages on either end and guarantees that the correct message has been received. The IP part is the user's computer address on a network. Every computer in a TCP/IP network has its own IP address that is either dynamically assigned at startup or permanently assigned.
  • Page 163 Schools are increasingly using the walled garden approach in creating browsing environments in their networks. Students have access to only limited Web sites, and teachers need a password in order to leave the walled garden and browse the Internet in its entirety. The term walled garden also commonly refers to the content that wireless devices such as mobile phones have access to if the content provided by the wireless carrier is limited.

Table of Contents