LevelOne AMG-2001 User Manual
  1. Manuals
  2. Brands
  3. LevelOne Manuals
  4. Gateway
  5. AMG-2001
  6. User manual
LevelOne AMG-2001 User Manual

LevelOne AMG-2001 User Manual

Access and ap management gateway
Hide thumbs Also See for AMG-2001:
Table of Contents

Advertisement

Quick Links

Download this manual
User's Manual
AMG-2001
Access and AP Management Gateway
AMG-2001
Access and AP Management Gateway
User's Manual
V1.0

Advertisement

Table of Contents
loading

Related Manuals for LevelOne AMG-2001

Summary of Contents for LevelOne AMG-2001

  • Page 1 User’s Manual AMG-2001 Access and AP Management Gateway AMG-2001 Access and AP Management Gateway User’s Manual V1.0...

  • Page 2: Table Of Contents

    Front Panel ............................9 2.3.2 Real Panel .............................9 Preparation before the Installation ..................10 Hardware Installation .......................11 Accessing Web Management Interface................13 Placing AMG-2001 in a Network Environment ........15 Network Requirement ......................15 Setting up WAN1 Ports ......................15 3.2.1 Static IP...............................16 3.2.2 DHCP (Dynamic IP).........................17 3.2.3...
  • Page 3 User’s Manual AMG-2001 Access and AP Management Gateway AP Security ...........................77 Change managed AP settings ....................78 AP Operations from AP List ....................81 5.7.1 Reboot, Enable, Disable and Delete the AP................81 5.7.2 Apply Template ..........................82 5.7.3 Change Service Zone ........................83 5.7.4 AP Background Discovery......................84...
  • Page 4 User’s Manual AMG-2001 Access and AP Management Gateway 9.10 Network Utility ..........................138 9.10.1 Wake-on-LAN ..........................139 9.10.2 Ping ..............................139 9.10.3 Trace Route ............................139 9.10.4 Show ARP Table..........................139 9.11 Monitor IP Link..........................140 9.12 Console Interface........................141 System Status and Reports................144 10.1 View the status .........................144 10.1.1...
  • Page 5 If you would like a copy of the GPL or other open source code in this software on a physical CD medium, LevelOne (Digital Data Communications) offers to mail this CD to you upon request, for a price of US$9.99 plus the cost of shipping.

  • Page 6: Before You Start

    1. Before You Start 1.1 Preface This AMG-2001 User Manual is for WLAN service providers or network administrators to set up a network environment using the AMG-2001 system. It contains step-by-step procedures and graphic examples to guide MIS staff or individuals with basic network system knowledge to complete the installation.

  • Page 7: Package Checklist

    User’s Manual AMG-2001 Access and AP Management Gateway 1.3 Package Checklist The standard package of AMG-2001 includes: AMG-2001 x 1 CD-ROM (with User’s Manual and QIG) x 1 Quick Installation Guide (QIG) x 1 Console Cable x 1 Ethernet Cable x 1...

  • Page 8: System Overview And Getting Start

    AP management interface. 2.1.1 Key Features Like other AMG Series products, AMG-2001 is designed to be a multi-service network access controller for enterprise or campus environment; it is also deployed as a hotspot subscriber gateway often. It is a pre-integrated multi-function network appliance, providing the following key features: Standard based user authentications, including Web-based login and 802.1x (RADIUS)

  • Page 9: Who Uses Amg-2001

    With its billing plan and payment features, WISPs and hospitalities (such as hotels, conventions) will find AMG-2001 is an instant revenue generator without requiring hefty equipment investment or long term outsourcing service supports. AMG Series products are most affordable, best price-performance appliances, comparing to the similar equipments in the fields of Network Access Controllers, Wireless Controllers, Clientless VPN Gateway or Hotspot Subscriber Gateway.

  • Page 10: System Concept

    WAN/DNS address changes for simple deployments. Gateway is a network node where a small network attaches to a bigger network. AMG-2001 is a kind of gateway in a network environment; hence it has those features a typical gateway has, such as NAT, DHCP, DMZ, Firewall and etc.
  • Page 11 Service Zone is a logic partition of AMG-2001’s LAN network. The concept of Service Zone is similar to the concept of virtual LAN (VLAN), which can be used to group the network traffic or network services for clients on the same VLAN segment, regardless of the clients’...
  • Page 12 User’s Manual AMG-2001 Access and AP Management Gateway A Service Zone may or may not require client authentication, depending on how the administrator sets it up. If a Service Zone requires user authentication, the client will be prompted for the login in first before using the network services, no matter the client is connecting to its SSID wirelessly or a switch port via wired line,.
  • Page 13 Imagine the network administrator may wish to set different privileges and bandwidth limits for staff, students, and guests; he could use several Service Zones of AMG-2001 – one for staff, one for students, and one for the guests. He also uses one zone for some shared servers in the diagram.

  • Page 14: Hardware Description

    LED Indicators: There are four kinds of LED, Power, Status, WAN and LAN, to indicate different status of the system. WAN1/WAN2: Two WAN ports (10 Base-T / 100Base-TX RJ-45) are connected to a network. LAN1~LAN8: Client machines connect to AMG-2001 via 8 LAN ports (10 Base-T / 100Base-TX RJ-45). 2.3.2 Real Panel Reset: Press this button to restart the system Console: The system can be configured via a serial console port.

  • Page 15: Preparation Before The Installation

    4) Prepare a PC with Web browser for accessing the Web Management Interface. 5) Identify an upstream device to plug in AMG-2001 in your network, such as ADSL, CABLE modem or other edge devices. Collect the DNS server address provided by your ISP.

  • Page 16: Hardware Installation

    3) Connect an Ethernet cable to one of the LAN1~LAN8 Ports on the front panel. Per your needs, connect the other end of the Ethernet cable to an administrator PC for configuring the AMG-2001 system, an AP for extending wireless coverage, a switch for connecting more wired clients, or a client PC.
  • Page 17 Figure 3 below is a simple network diagram for the initial installation and configuration. Start with this simple network topology to set up AMG-2001 for the first time; it helps to plan a more sophisticated network topology to suits your specific application needs later.

  • Page 18: Accessing Web Management Interface

    Make sure you have set DHCP in TCP/IP of your PC to get an IP address dynamically. Next, enter the gateway IP address of AMG-2001 at the address field. The default gateway IP address from LAN Port is“https://192.168.1.254” (“https” is used for a secured connection).
  • Page 19 User’s Manual AMG-2001 Access and AP Management Gateway The administrator login page will appear. Enter “admin”, the default username, and “admin”, the default password, in the UserName and Password fields. Click LOGIN to log in. Caution: If your PC is connecting to the Mgmt port, and you can’t get the Administrator’s login screen, the reasons may be: (1) The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the Mgmt...

  • Page 20: Placing Amg-2001 In A Network Environment

    Environment 3.1 Network Requirement Typically, in a network environment, AMG-2001 plays the role of a gateway. On a gateway device, a network port leading upstream to the Internet or the backbone network is called a ‘WAN port’ or an uplink port, while a network port used for branching out to the service the clients downstream is referred as ‘LAN port’.

  • Page 21: Static Ip

    When the ISP assigns you static IP address, or for other reason, your network requires you to use a fixed IP address, then you (as the administrator of AMG-2001) will manually enter the fixed IP address as AMG-2001’s WAN address.

  • Page 22: Dhcp (Dynamic Ip)

    3.2.2 DHCP (Dynamic IP) When the ISP issues dynamic IP addresses or there is a DHCP server upstream for issuing dynamic IP addresses, then you (as the administrator of AMG-2001) can configure AMG-2001 to receive an IP address dynamically as AMG-2001’s WAN1 address.

  • Page 23: Pppoe

    User’s Manual AMG-2001 Access and AP Management Gateway 3.2.3 PPPoE If the ISP requires you use PPPoE Dialup connection, then the ISP will issue you an account with a password. You would need to enter the account credential in the WAN configuration page for dialing up to the ISP.

  • Page 24: Pptp

    Although not a popular method, PPTP protocol for dialup connections is adapted by some ISPs (in European Countries). AMG-2001 offers the PPTP dialup feature for the rare cases. Your PPTP ISP will issue you an account with a password as well as the PPTP server address.

  • Page 25: Configuring Wan2 Ports (Optional)

    Access and AP Management Gateway 3.3 Configuring WAN2 Ports (optional) AMG-2001 also supports a second WAN port, called WAN2. The second port is for connecting to a second feeding pipe upstream. When WAN1 is connected to an ISP and WAN2 is connected to another ISP, the network is referred as ‘dual ISP homing’, or ‘having dual homed Internet feed’.
  • Page 26 User’s Manual AMG-2001 Access and AP Management Gateway Static: Manually specifying the IP address of the WAN port. The red asterisks indicate required fields to be filled in. IP Address: the IP address of the WAN2 port. Subnet Mask: the subnet mask of the network WAN2 port connects to.
  • Page 27 User’s Manual AMG-2001 Access and AP Management Gateway PPPoE: When selecting PPPoE to connect to the network, please set the “User Name”, “Password”. MTU: Short for Maximum Transmission Unit of a PPPoE frame. The PPPoE protocol allows an Ethernet frame’s size to be up to 1492 bytes, but some ISP’s network equipments may support a smaller frame size of than 1492 bytes.

  • Page 28: Other Wan Traffic Settings

    User’s Manual AMG-2001 Access and AP Management Gateway 3.4 Other WAN Traffic Settings It is a good idea to have two Internet feeds to the system, especial from two different ISP; it adds the service reliability to your clients by turning on WAN-Failover feature. When one feed is out-of-service, the other feed automatically picks up the responsibly of serving the clients under the feed that goes outage.

  • Page 29: Wan Failover

    Configure WAN Failover: Go to: System >> WAN Traffic. Enable WAN Failover: Normally AMG-2001 uses WAN1 as it primary WAN interface. When WAN Failover is enabled and WAN2 is available, WAN1's traffic will be routed to WAN2 when WAN1 connection is down. On the other hand, a Service Zone’s policy could also use WAN2 as its interface;...

  • Page 30: Load Balance

    User’s Manual AMG-2001 Access and AP Management Gateway 3.4.2 Load Balance Configure Load Balance Go to: System >> WAN Traffic. Enable Load Balancing: Outbound load balancing is supported by the system. When enabled, the system will allocate traffic between WAN1 and WAN2 dynamically according to designed algorithms based on the weight ratio.

  • Page 31: Internet Connection Detection

    User’s Manual AMG-2001 Access and AP Management Gateway 3.4.3 Internet Connection Detection The system will periodically check to see if the Internet (uplink) connection is down by seeing if it can get responses from three target sites. The administrator can specify the three target sites: Go to: System >>...

  • Page 32: Wan Bandwidth Control

    User’s Manual AMG-2001 Access and AP Management Gateway 3.4.4 WAN Bandwidth Control The section is for administrators to configure the control over the entire system’s traffic though the WAN interface (WAN1 and WAN2 ports). To configure WAN Bandwidth Limit Go to: System >> WAN Traffic.

  • Page 33: Lan Partition -- Service Zone

    User’s Manual AMG-2001 Access and AP Management Gateway 3.5 LAN Partition -- Service Zone Configure Service Zone, go to: System >> Service Zones. A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices.
  • Page 34 User’s Manual AMG-2001 Access and AP Management Gateway Tag-Base Service Zone Name: Mnemonic name of the Service Zone. LAN Port Mapping (Port Base only): Choose which port is mapped to which Service Zone. VLAN Tag (Tag Base only): The VLAN tag number that is mapped to the Service Zone.

  • Page 35: Planning Your Internal Network

    In Port-Based mode, each LAN port can only serve traffic from one Service Zone. An example of network application diagram is shown as below: one Service Zone for Employees and one for Guests. Caution: The switches deployed under AMG-2001 in Port-Based mode must be Layer 2 switches only.
  • Page 36 Service Zone. So you need a VLAN switch or VLAN AP to take care the VLAN tags carried within the message frames. An example of network application diagram is shown as below: more than two Service Zones for different departments. Caution: The switch deployed under AMG-2001 in Tag-Based mode must be a VLAN switch only.

  • Page 37: Configure Service Zone Network

    User’s Manual AMG-2001 Access and AP Management Gateway 3.5.2 Configure Service Zone network Configure Service Zone, go to: System >> Service Zones. Service Zone Status: Each service zone can be enabled or disabled except for the default service zone. Service Zone Name: The name of service zone could be input here.
  • Page 38 Note: please change the Management IP Address List accordingly (at System Configuration>> System Information >> Management IP Address List) to permit the administrator to access the AMG-2001 admin page after the default IP address of the network interface is changed.

  • Page 39: Tag Base And Port Base

    Configure Tag Base or Port Base, go to: System >> LAN Port Mapping. AMG-2001 supports multiple Service Zones in either of the two VLAN modes, Port-Based or Tag-Based, but not concurrently. In Port-Base mode, each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports.
  • Page 40 Select Service Zone Mode: Select a VLAN mode, either Port-Based or Tag-Based. Caution: The switches deployed under AMG-2001 in Port-Based mode must be Layer2 Switches only. The switch deployed under AMG-2001 in Tag-Based mode must be a VLAN switch only.
  • Page 41 User’s Manual AMG-2001 Access and AP Management Gateway Port-Based: When Port-Based mode is selected; traffic from different virtual Service Zones will be distinguished by physical LAN ports. Each LAN port can be mapped to one Service Zone in the form of a many-to-one mapping between ports and Service Zones.
  • Page 42 User’s Manual AMG-2001 Access and AP Management Gateway...

  • Page 43: User Authentication And Grouping

    NTDOMAIN). In addition, there are two optional servers, On-demand User and SIP, which also can be selected by the system. Auth Option: There are several authentication options supported by AMG-2001: Server 1 to Server 4, On-demand User, and SIP. Click the hyperlink of the respective Server Name to configure the authentication server.
  • Page 44 User’s Manual AMG-2001 Access and AP Management Gateway Authentication Option Configuration Click on the server name to set the configuration for that particular server. After completing and clicking Apply to save the settings, go back to the previous page to select a server to be the default server and enable or disable any server in each service zone.

  • Page 45: Local

    User’s Manual AMG-2001 Access and AP Management Gateway 4.1.1 Local Choose “Local” from the Authentication Database field. Click the button Configure for further configuration. Local User List: It let the administrator to view, add or delete local user account. The Upload User button is for importing a list of user account from a text file.
  • Page 46 User’s Manual AMG-2001 Access and AP Management Gateway Add User: Click this button to enter into the Adding User(s) to the List interface. Fill in the necessary information such as “Username”, “Password”, “MAC Address”, and “Remark”. Select a desired Group to classify local users. Check to enable Local VPN in the Enable Local VPN column.
  • Page 47 User’s Manual AMG-2001 Access and AP Management Gateway Edit User: If editing the content of individual user account is needed, click the username of the desired user account to enter the User Profile Interface for that particular user, and then modify or add any desired information such as Username, Password, MAC Address (optional), Applied Group (optional), Enable Local VPN (optional) and Remark (optional).

  • Page 48: Pop3

    User’s Manual AMG-2001 Access and AP Management Gateway 4.1.2 POP3 Choose “POP3” from the Authentication Database field. Except Local authentication, the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database. Click the button of Configure for further configuration. Enter the information for the primary server and/or the secondary server (the secondary server is not required).

  • Page 49: Radius

    User’s Manual AMG-2001 Access and AP Management Gateway 4.1.3 RADIUS Choose “RADIUS” from the Authentication Database field. Except Local authentication, the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database. Click the button of Configure for further configuration. The RADIUS server sets the external authentication for user accounts.

  • Page 50: Ldap

    User’s Manual AMG-2001 Access and AP Management Gateway 4.1.4 LDAP Choose “LDAP” from the Authentication Database field. Except Local authentication, the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database. Click the button Configure for further configuration. Enter the information for the primary server and/or the secondary server (the secondary server is not required).
  • Page 51 User’s Manual AMG-2001 Access and AP Management Gateway Server: The IP address of the external LDAP server. Port: The authentication port of the external LDAP server. Service Protocol: The transferring type of service protocol for LDAP authentication with 3 types available: LDAP, LDAPS, and LDAP+StartTLS.

  • Page 52: Nt Domain

    User’s Manual AMG-2001 Access and AP Management Gateway 4.1.5 NT Domain Choose “NT Domain” from the Authentication Database field. Except Local authentication, the Local VPN option in other authentication option only can be enabled or disabled for the entire Authentication Database.

  • Page 53: On-Demand Users

    User’s Manual AMG-2001 Access and AP Management Gateway 4.1.6 On-Demand Users On-demand User Server Configuration: The administrator can enable and configure this authentication method to create on-demand user accounts. This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment.
  • Page 54 User’s Manual AMG-2001 Access and AP Management Gateway Ticket Customization On-demand account ticket can be customized here and previewed on the screen. Receipt Header: There are 3 receipt headers supported by the system. The entered content will be printed on the receipt. These headers are optional.
  • Page 55 User’s Manual AMG-2001 Access and AP Management Gateway Billing Plans Administrators can configure several billing plans. Click Edit button to enter the page of Editing Billing Plan. Click Apply to save the plan. Go back to the screen of Billing Plans, check the Enable checkbox or click Select all button, and then click Apply, the plan(s) will be activated.
  • Page 56 User’s Manual AMG-2001 Access and AP Management Gateway Cut-off: Cut-off Time is the time of day at which the on-demand account is cut off (made expired) by the system on that day. Unit is the day periods of this Cut-off billing plan. Please...
  • Page 57 User’s Manual AMG-2001 Access and AP Management Gateway Volume: Volume is the maximum Mbytes at which the on-demand account could be used by the system. Quota is the total Mbytes (1~2000), during which On-demand users are allowed to access the network.
  • Page 58 User’s Manual AMG-2001 Access and AP Management Gateway Duration-time with Absolute Expiration Time: The scenario of this type is that a client goes to an exhibition and purchases an on-demand account. The exhibition is from 09:00 02/Jun/2009 ~ 18:00 07/Jun/2009. This account will be activated since 09:00 02/Jun/2009 and ok to use during the exhibition period, and will be expired after a configured time such as 18:00 07/Jun/2009.
  • Page 59 User’s Manual AMG-2001 Access and AP Management Gateway Note: If no Billing plan is enabled, accounts cannot be created by clicking Create button. Please goes back to Billing Plans to active at least one Billing plan by clicking Edit button and Apply the setting to activate the plan.
  • Page 60 User’s Manual AMG-2001 Access and AP Management Gateway...
  • Page 61 User’s Manual AMG-2001 Access and AP Management Gateway On-demand Account Batch Creation After at least one plan is enabled, the administrator can generate multiple on-demand user accounts once by batch creation. Click this to enter the On-demand Account Batch Creation. Enter the desired number of accounts of enabled plans to create a batch of on-demand accounts together.
  • Page 62 User’s Manual AMG-2001 Access and AP Management Gateway On-demand Account List All created On-demand accounts are listed and related information on is also provided. Search: Enter a keyword of a username, External ID, or reference, to be searched in the text filed and click this button to perform the search.
  • Page 63 User’s Manual AMG-2001 Access and AP Management Gateway Redeem On-demand Accounts For Usage-time accounts, when the remaining quota is insufficient or if they are almost out of quota, they can use redeem function to extend their quota. After the user has got, or bought, a new account, they just need to click the Redeem button in the login success page to enter Redeem Page, input the new account Username and Password and then click Submit.

  • Page 64: Users Group

    User’s Manual AMG-2001 Access and AP Management Gateway 4.2 Users Group Configure Users Group, go to: Users >> Group. There are 8 groups for divide users. A Group which can be allowed to access a Service Zone or not; and it also can be applied with a Policy within a Service Zone.

  • Page 65: Assign Users To A Group

    User’s Manual AMG-2001 Access and AP Management Gateway 4.2.1 Assign users to a Group Configure users to a Group, go to: Users >> Authentication. This section shows how to group users, how to rule each grouped user with different policy as he moves...
  • Page 66 User’s Manual AMG-2001 Access and AP Management Gateway In this example, Group 1 users are allowed to access the internet in 5 places; Service Zone 0,1,4,6, and 8. They must follow policy 1 at Service Zone 1, 6 and 8. They are ruled by Policy 3 at Service Zone 1 and by Policy 8 at Service Zone 4.

  • Page 67: Permission In Service Zone

    User’s Manual AMG-2001 Access and AP Management Gateway 4.2.2 Permission in Service Zone Configure Permission in Service Zone, go to: Users >> Group. A Group can be allowed to access one Service Zone or multiple Service Zones. Moreover, a Group can be applied different Policies within different Service Zones.
  • Page 68 User’s Manual AMG-2001 Access and AP Management Gateway Group Option: The name of Group options available for selection. Enabled: Select Enabled to allow clients of the enabled Groups to log in to this Service Zone under constraints of the selected Policies.
  • Page 69 User’s Manual AMG-2001 Access and AP Management Gateway At Service Zone 1, Group 1 user is ruled by Policy 3. Group 2 is by Policy 9 and Group 3 is by Policy 11. Other Groups are not enabled to access Service Zone 1.

  • Page 70: User Login

    An Example of User Login Normally, users will be authenticated before they get network access through AMG-2001. This section presents the basic authentication flow for end users. Please make sure that the AMG-2001 is configured properly and network related settings are done.
  • Page 71 User’s Manual AMG-2001 Access and AP Management Gateway 2. Enter the username and password (for example, we use a local user account: test@local here) and then click Submit button. If the Remember Me check box is checked, the browser will remember this user’s name and password so that he/she can just click Submit next time he/she wants to login.

  • Page 72: Default Authentication

    User’s Manual AMG-2001 Access and AP Management Gateway 4.3.1 Default Authentication In each Service Zone, there are different types of authentication database (LOCAL, POP3, RADIUS, LDAP, NTDOMAIN, ONDEMAND, and SIP) that are supported by the entire system. There are up to six authentication options can be enabled, and one of them can be set as the Default Authentication–...

  • Page 73: Disable Authentication In Service Zone

    User’s Manual AMG-2001 Access and AP Management Gateway 4.3.3 Disable Authentication in Service Zone Configure Authentication in Service Zone, go to: System >> Service Zones. Authentication Required For the Zone: When it is disabled, users will not need to authenticate before they get access to the network within this Service Zone.

  • Page 74: Managing Wireless Network

    5. Managing Wireless Network 5.1 AMG-2001 with Multiple Type of AP Beside the LAN ports in AMG-2001, you can connect AP to AMG-2001 to extend the network coverage. AMG-2001 manages WAB-3003 (108M 11g Outdoor PoE AP), WAP-3101 (108M 11g PoE Wireless Access Point), WAP-6002 (150M N Wireless Access Point), WAP-6011 (300M N_Max Wireless Access Point).

  • Page 75: Configure Ap Template

    User’s Manual AMG-2001 Access and AP Management Gateway 5.2 Configure AP Template Configure AP Template, go to: Access Points >> Templates. Template is a model that can be copied to every AP and not necessary to configure the AP individually.
  • Page 76 User’s Manual AMG-2001 Access and AP Management Gateway General Setting: In this section, revise the Subnet Mask and Default Gateway here if desired. Configure the NTP Servers and Time Zone. Besides, it can enable SYSLOG server to receive the log from AP and enable SNMP read/write ability.
  • Page 77 User’s Manual AMG-2001 Access and AP Management Gateway Wireless: SSID Broadcast: Select this option to enable the SSID to broadcast in your network. When configuring the network, it is suggested to enable this function but disable it when the configuration is complete. With this enabled, someone could easily obtain the SSID information with the site survey software and get unauthorized access to a private network.

  • Page 78: Discovery Ap

    After AP template configuration is finish, use this function to detect and manage all of the APs in the network segments. Note that AMG-2001 can only manage APs that are connected to its LAN ports. Therefore, the AP discovery function is for adding locally connected APs to its management list. The administrator must know the local IP addresses of the APs he/she wishes to discover.
  • Page 79 User’s Manual AMG-2001 Access and AP Management Gateway Discovery Results: The discovered new APs will be listed here. When the system’s Service Zone is set to Tag-based mode, service zones also can be assigned here. After clicking Add, the current management page is directed to AP List, where the newly added APs will show up with a status of “configuring”.

  • Page 80: Ap With Service Zone

    User’s Manual AMG-2001 Access and AP Management Gateway 5.4 AP with Service Zone Configure AP with Service Zone, go to: System >> Service Zones. Service Zone Settings – Assigned IP Address for AP Management Under port-based service zone, each service zone can designate an IP segment for IP address assignment to the managed AP when the newly discovered AP is added into the service zone.
  • Page 81 User’s Manual AMG-2001 Access and AP Management Gateway Service Zone Settings – Access Control for Service Zone All managed APs (VAP) that belong to this service zone have same ACL table. When the status is Allowed, only these clients whose MAC addresses are listed in this list can be allowed to connect to the AP;...

  • Page 82: Ap Security

    User’s Manual AMG-2001 Access and AP Management Gateway 5.5 AP Security Configure AP Security, go to: System >> Service Zones. Security: For each service zone, administrators can set up the wireless security profile, including Authentication and Encryption. Authentication: Including Open System, Share Key, WPA, WPA2 or WPA/WPA2 Mixed.

  • Page 83: Change Managed Ap Settings

    Configure AP settings in AP List, go to: Access Points >> List. All of the APs under the management of AMG-2001 will be shown in the list. The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status.
  • Page 84 User’s Manual AMG-2001 Access and AP Management Gateway General Setting: Click the link to enter the General Setting interface. Firmware information also can be observed here. LAN Setting: Click the link to enter the LAN Setting interface. Input the data of LAN including IP address, Subnet Mask and Default Gateway of AP.
  • Page 85 User’s Manual AMG-2001 Access and AP Management Gateway Status After clicking the hyperlink in the Status column, there are two areas of information shown: AP Status Summary and AP Status Details. AP Status Summary includes AP Name, AP Type, LAN Interface MAC address, Wireless Interface MAC address, Report Time, SSID, and Number of Associated Clients.

  • Page 86: Ap Operations From Ap List

    User’s Manual AMG-2001 Access and AP Management Gateway 5.7 AP Operations from AP List Configure AP List, go to: Access Points >> List. 5.7.1 Reboot, Enable, Disable and Delete the AP Select any AP by the check the checkbox and then click the button below to Reboot, Enable, Disable...

  • Page 87: Apply Template

    User’s Manual AMG-2001 Access and AP Management Gateway 5.7.2 Apply Template Select any AP by check the checkbox and then click Apply Template; select one template to apply to the AP.

  • Page 88: Change Service Zone

    User’s Manual AMG-2001 Access and AP Management Gateway 5.7.3 Change Service Zone Select any AP by the check the checkbox and then click Apply Service Zone to select which Service Zones this AP associates to. For example, if SZ3 and SZ5 are selected for this AP, then these two Service Zones will be available under this AP.

  • Page 89: Ap Background Discovery

    User’s Manual AMG-2001 Access and AP Management Gateway 5.7.4 AP Background Discovery Configure AP Background Discovery, go to: AP Management >> Discovery. Background AP Discovery: Click Configure to enter Background AP Discovery interface and go on related configuration. The configuration is the same as AP Discovery. When Background AP Discovery function is enabled, the system will scan once every 10 minutes or according to the time set by the administrator.
  • Page 90 User’s Manual AMG-2001 Access and AP Management Gateway Caution: The scanning process may take a long time if the IP range assigned to scan is too wide.

  • Page 91: Manually Add Ap

    User’s Manual AMG-2001 Access and AP Management Gateway 5.7.5 Manually add AP Configure AP adding by Manually, go to: Access Points >> Adding. The AP also can be added manually even though when it is offline. Input the related data of the AP and select a Template.

  • Page 92: Firmware Management And Upgrade

    User’s Manual AMG-2001 Access and AP Management Gateway 5.7.6 Firmware management and upgrade Configure Firmware management, go to: Access Points >> Firmware. Firmware Upload displays the current version of the AP’s firmware. New firmware can be uploaded here to update the current firmware. To upload, click Browse to select the file and then click Upload.

  • Page 93: Policies And Access Control

    User’s Manual AMG-2001 Access and AP Management Gateway 6. Policies and Access Control 6.1 Black List Configure Black List, go to: Users >> Black List. The administrator can add, delete, or edit the black list for user access control. Each black list can include up to 40 users.
  • Page 94 User’s Manual AMG-2001 Access and AP Management Gateway After the Black List is setup completed. You can select the Black List in each Authentication Server to let it to become effective.

  • Page 95: Mac Address Control

    Configure MAC Address Control, go to: Users >> Additional Control >> MAC ACL. MAC ACL: With this function, only the users with their MAC addresses in this list can login to AMG-2001. There are 200 users maximum allowed in this MAC address list. User authentication is still required for these users.

  • Page 96: Policy

    6.3 Policy Configure Policy, go to: Users >> Policy. AMG-2001 supports multiple Policies, including one Global Policy and 12 individual Policy. Each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users. Global Policy is the system’s universal policy and applied to all clients, while other individual Policy can be selected and defined to be applied to any Service Zone.
  • Page 97 User’s Manual AMG-2001 Access and AP Management Gateway Select Policy: Select Global to set the Firewall Profile, Specific Route Profile and Maximum Concurrent Session. Firewall Profile: Global policy and each policy have a firewall service list and a set of firewall profile which is composed of firewall rules.

  • Page 98: Firewall

    User’s Manual AMG-2001 Access and AP Management Gateway 6.3.1 Firewall Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules.
  • Page 99 User’s Manual AMG-2001 Access and AP Management Gateway If the Protocol Type is ICMP, it will need to define Type and Code. If the Protocol Type is IP, it will need to define Protocol Number. 2. Rules After the custom protocol is defined or just use the Predefined Service Protocols, you will need to enable the Firewall Rule to apply these protocols.
  • Page 100 User’s Manual AMG-2001 Access and AP Management Gateway Selecting the Filter Rule Number 1 as an example: Rule Number: This is the rule selected “1”. Rule No. 1 has the highest priority; rule No. 2 has the second priority, and so on.

  • Page 101: Routing

    User’s Manual AMG-2001 Access and AP Management Gateway 6.3.2 Routing Specific Route Profile: Click the button of Setting for Specific Route Profile, the Specific Route Profile list will appear. 1. Specific Route Specific Route Profile: The Specific Route is use to control clients to access some specific IP segment by the specified gateway.

  • Page 102: Default Gateway

    User’s Manual AMG-2001 Access and AP Management Gateway 2. Default Gateway Default Gateway: The default gateway of WAN1, WAN2, or a desired IP address can be defined in each Policy except Global Policy. When Specific Default Route is enabled, all clients applied with this Policy will access the Internet through this default gateway.

  • Page 103: Schedule

    User’s Manual AMG-2001 Access and AP Management Gateway 6.3.3 Schedule Schedule Profile: Click Setting of Schedule Profile to enter the configuration page. Select Enable to show the Permitted Login Hours list. This function is used to limit the time when clients can log in.

  • Page 104: Sessions Limit

    User’s Manual AMG-2001 Access and AP Management Gateway 6.3.4 Sessions Limit To prevent ill-behaved clients or malicious software from using up the system’s connection resources, the administrator can restrict the number of concurrent sessions that a user can establish. The maximum number of concurrent sessions (TCP and UDP) for each user can be specified in the Global policy, which applies to authenticated users, users on a non-authenticated port, privileged users, and clients in DMZ zones.

  • Page 105: Qos Traffic Class And Bandwidth Control

    User’s Manual AMG-2001 Access and AP Management Gateway 6.4 QoS Traffic Class and Bandwidth Control Configure QoS, go to: Users >> Group. QoS Profile: Set parameters for traffic classification. Traffic Class: A Traffic Class can be chosen for a Group of users. There are four traffic classes: Voice, Video, Best-Effort and Background.

  • Page 106: Users' Login And Logout

    User’s Manual AMG-2001 Access and AP Management Gateway 7. Users’ Login and Logout 7.1 Before User Login 7.1.1 Login with SSL Configure HTTPS, go to: System >> General. HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering.

  • Page 107: Internal Domain Name With Certificate

    Configure Internal Domain Name, go to: System >> General. Internal Domain Name is the domain name of the AMG-2001 as seen on client machines connected under service zone. It must conform to FQDN (Fully-Qualified Domain Name) standard. A user on client machine can use this domain name to access AMG-2001 instead of its IP address.
  • Page 108 User’s Manual AMG-2001 Access and AP Management Gateway Click “Continue to this website” to access the user login page. To Use Default Certificate: Click Use Default Certificate to use the default certificate and key. Click restart to validate the changes.

  • Page 109: Administrator Contact Information

    User’s Manual AMG-2001 Access and AP Management Gateway 7.1.3 Administrator Contact Information Configure Administrator Contact Information, go to: System >> General. Administrator Contact Information will appear in the user Login Fail window. When the user login fail with duplicate IP address or MAC address, system will show this contact information to the user by the...

  • Page 110: Walled Garden

    User’s Manual AMG-2001 Access and AP Management Gateway 7.1.4 Walled Garden Configure Walled Garden, go to: Network >> Walled Garden. This function provides certain free services for users to access the websites listed here before login and authentication. Up to 20 addresses or domain names of the websites can be defined in this list. Users without the network access right can still have a chance to experience the actual network service free of charge.

  • Page 111: Walled Garden Ad List

    User’s Manual AMG-2001 Access and AP Management Gateway 7.1.5 Walled Garden AD List Configure Walled Garden AD List, go to: Network >> Walled Garden AD List. This function provides advertisement web pages for users to access free advertisement websites listed before login and authentication.
  • Page 112 User’s Manual AMG-2001 Access and AP Management Gateway...

  • Page 113: Mail Message

    User’s Manual AMG-2001 Access and AP Management Gateway 7.1.6 Mail Message Configure Mail Message, go to: System >> Service Zones. When enabled, the system will automatically send an email to users if they attempt to send/receive their emails using POP3 email program (for example, Microsoft Outlook) before they are authenticated.

  • Page 114: After User Login

    User’s Manual AMG-2001 Access and AP Management Gateway 7.2 After User Login 7.2.1 Browse which Home Page after login success Configure Portal URL, go to: System >> General. If enable this function, enter the URL of a Web server as the homepage. Once logged in successfully, users will be directed to this homepage, such as http://www.google.com, regardless of the original...

  • Page 115: Idle Timer

    User’s Manual AMG-2001 Access and AP Management Gateway 7.2.2 Idle Timer Configure Idle Timer, go to: Users >> Additional Configuration. If a user has idled with no network activities, the system will automatically kick out the user. The logout timer can be set between 1~1440 minutes, and the default idle time is 10 minutes.

  • Page 116: Multiple Login

    User’s Manual AMG-2001 Access and AP Management Gateway 7.2.3 Multiple Login Configure Multiple Login, go to: Users >> Additional Configuration. When enabled, a user can log in from different computers with the same account. (This function doesn’t support On-demand users and RADIUS authentication.) 7.2.4 DoS Attacker Denial Time...

  • Page 117: Local Users Change Password Privilege

    User’s Manual AMG-2001 Access and AP Management Gateway 7.2.5 Local Users Change Password Privilege Configure Local Users Change Password Privilege, go to: Users >> Group. Privilege Profile: Change Password Change Password Privilege: When Change Password Privilege is enabled, the authenticated local users within this Group are allowed to change their password via the Login Success Page.

  • Page 118: On-Demand Account Creation Privilege

    User’s Manual AMG-2001 Access and AP Management Gateway 7.2.6 On-demand Account Creation Privilege Configure On-demand Account Creation Privilege, go to: Users >> Group. Privilege Profile: On-demand Account Creation When On-demand Account Creation Privilege is enabled, the authenticated users within this Group are allowed to create On-demand account via the Login Success Page.
  • Page 119 User’s Manual AMG-2001 Access and AP Management Gateway Caution: This function is not for On-demand User. On-demand users can not create another On-demand user.

  • Page 120: Proxy Server

    Configure Proxy Server, go to: Network >> Proxy Server. Basically, a proxy server can help clients access the network resources more quickly. This section presents basic examples for configuring the proxy server settings of AMG-2001. Using Internet Proxy Server The first scenario is that a proxy server is placed outside the LAN environment or in the Internet. For example, the following diagram shows that a proxy server of an ISP will be used.
  • Page 121 User’s Manual AMG-2001 Access and AP Management Gateway Step 3. Make sure that the proxy server settings match with at least one of the proxy server setting of the system – for example, in this case, 203.125.142.1:3128 matches with blank:3128.
  • Page 122 User’s Manual AMG-2001 Access and AP Management Gateway Caution: It is required that the proxy server setting of the clients match with the proxy server setting of the system. Otherwise, users will not be able to get the Login page for authentication via browsers and it will show an error page in the browser.
  • Page 123 User’s Manual AMG-2001 Access and AP Management Gateway Using Extranet Proxy Server The second scenario is that a proxy server is placed in the Extranet (such as DMZ), which all users from the Intranet or the Internet are able to access. For example, the following diagram shows that a proxy server of an organization in the DMZ will be used.
  • Page 124 User’s Manual AMG-2001 Access and AP Management Gateway Caution: It is required that the proxy server setting of the clients match with the proxy server setting of the system. Otherwise, users will not be able to get the Login page for authentication via browsers...

  • Page 125: Networking Features Of A Gateway

    User’s Manual AMG-2001 Access and AP Management Gateway 8. Networking Features of a Gateway 8.1 DMZ Configure DMZ, go to: Network >> NAT >> DMZ (Demilitarized Zone). The system supports Internal IP address (LAN) to External IP address (WAN) mapping in the Static Assignments.

  • Page 126: Virtual Server

    User’s Manual AMG-2001 Access and AP Management Gateway 8.2 Virtual Server Configure Virtual Server, go to: Network >> NAT >> Public Accessible Server. This function allows the administrator to set virtual servers, so that client devices outside the managed network can access these servers within the managed network. Different virtual servers can be configured for different sets of physical services, such as TCP and UDP services in general.

  • Page 127: Privilege List

    User’s Manual AMG-2001 Access and AP Management Gateway 8.3 Privilege List Configure Privilege List, go to: Network >> Privilege. Setup the Privilege IP Address List and Privilege MAC Address List. The clients in the list can access the network without any login.

  • Page 128: Privilege Ip

    IP addresses of these workstations in the “Granted Access by IP Address”. The “Remark” field is not necessary but is useful to keep track. AMG-2001 allows privilege IP addresses at most. These settings will become effective immediately after clicking Apply.

  • Page 129: Privilege Mac

    In addition to the IP address, the MAC address of the workstations that need to access the network without authentication can also be set in the “Granted Access by MAC Address”. AMG-2001 allows privilege MAC addresses. When manually creating the list, enter the MAC address (the format is xx:xx:xx:xx:xx:xx) as well as the remark (not necessary).

  • Page 130: Ip Plug And Play

    Configure IP Plug and Play, go to: Network >> Client Mobility AMG-2001 supports IP PNP function. User can login and access network with any IP address setting. At the user end, a static IP address can be used to connect to the system. Regardless of what the IP...

  • Page 131: Dynamic Domain Name Service

    Before activating this function, you must have your Dynamic DNS hostname registered with a Dynamic DNS provider. AMG-2001 supports DNS function to alias the dynamic IP address for the WAN port to a static domain name, allowing the administrator to easily access AMG-2001’s WAN. If the dynamic DHCP is activated at the WAN port, it will update the IP address of the DNS server periodically.

  • Page 132: Port And Ip Redirect

    User’s Manual AMG-2001 Access and AP Management Gateway 8.6 Port and IP Redirect Configure Port and IP Redirect, go to: Network >> NAT >> Port and IP Forwarding. This function allows the administrator to set the IP addresses for redirection purpose. When the user attempts to connect to a destination IP address listed here, the connection packet will be converted and redirected to the corresponding destination.

  • Page 133: System Management And Utilities

    User’s Manual AMG-2001 Access and AP Management Gateway 9. System Management and Utilities 9.1 System Time Configure System Time, go to: System >> General. 9.1.1 NTP NTP (Network Time Protocol) communication protocol can be used to synchronize the system time with remote time server.

  • Page 134: Management Ip

    User’s Manual AMG-2001 Access and AP Management Gateway 9.2 Management IP Configure Management IP, go to: System >> General. Only PCs within this IP range on the list are allowed to access the system's web management interface. For example, 10.2.3.0/24 means that as long as an administrator is using a computer with the IP address range of 10.2.3.0/24, he or she can access the web management page.

  • Page 135: Access History Ip

    Configure Access History IP, go to: System >> General. Specify an IP address of the administrator’s computer or a billing system to get billing history information of AMG-2001 with the predefined URLs. The file name format is “yyyy-mm-dd”. An example is provided as follows: Traffic History:https://10.2.3.213/status/history/2005-02-17...

  • Page 136: Snmp

    User’s Manual AMG-2001 Access and AP Management Gateway 9.4 SNMP Configure SNMP, go to: System >> General. If this function is enabled, the SNMP Management IP and the Community can be assigned to access the SNMP Configuration List of the system.

  • Page 137: Three-Level Administration

    Access and AP Management Gateway 9.5 Three-Level Administration AMG-2001 supports three kinds of account interface. You can log in as admin, manager or operator. The default usernames and passwords show as follows: Admin: The administrator can access all configuration pages of AMG-2001.
  • Page 138 User’s Manual AMG-2001 Access and AP Management Gateway Operator: The operator can only access the configuration page of Create On-demand User to create new on-demand user accounts and print out the on-demand user account receipts. User Name: operator Password: operator...

  • Page 139: Change Password

    Configure Change Password, go to: Utilities >> Password Change. There are three levels of authorities: admin, manager or operator. The default usernames and passwords are as follows: Admin: The administrator can access all configuration pages of AMG-2001. User Name: admin Password: admin...

  • Page 140: Backup / Restore And Reset To Factory Default

    Backup System Settings: Click Backup to create a .db database backup file and save it on disk. Restore System Settings: Click Browse to search for a .db database backup file created by AMG-2001 and click Restore to restore to the same settings at the time when the backup file was saved.

  • Page 141: Firmware Upgrade

    User’s Manual AMG-2001 Access and AP Management Gateway 9.8 Firmware Upgrade Configure Firmware Upgrade, go to: Utilities >> System Upgrade. The administrator can download the latest firmware from website and upgrade the system here. Click Browse to search for the firmware file and click Apply for the firmware upgrade. It might take a few minutes before the upgrade process completes and the system needs to be restarted afterwards to activate the new firmware.

  • Page 142: Restart

    Click YES to restart AMG-2001; click NO to go back to the previous screen. If the power needs to be turned off, it is highly recommended to restart AMG-2001 first and then turn off the power after completing the restart process.

  • Page 143: Network Utility

    User’s Manual AMG-2001 Access and AP Management Gateway 9.10 Network Utility Configure Network Utility, go to: Utilities >> Network Utilities. System provide some network utilities to allow administrators to use, the functions including Wake-on-LAN, Ping, Trace Route by entering IP or Domain Name and showing ARP Table.

  • Page 144: Wake-On-Lan

    User’s Manual AMG-2001 Access and AP Management Gateway 9.10.1 Wake-on-LAN It allows the system to remotely boot up a power-down computer with Wake-On-LAN feature enabled in its BIOS and it is connect to any service zone. Enter the MAC Address of the desired device and click Wake Up button.

  • Page 145: Monitor Ip Link

    Configure Monitor IP Link, go to: Network >> Monitor IP. AMG-2001 will send out a packet periodically to monitor the connection status of the IP addresses on the list. On each monitored item with a WEB server running, administrators may add a link for the easy access by entering the IP, select the Protocol to http or https and then click Create.

  • Page 146: Console Interface

    Enter key to make selection or confirm what you enter. 3. Once the console port of AMG-2001 is connected properly, the console main screen will appear automatically. If the screen does not appear in the terminal simulation program automatically, please try to press the arrow keys, so that the terminal simulation program will send some messages to the system, where the welcome screen or main menu should appear.
  • Page 147 User’s Manual AMG-2001 Access and AP Management Gateway Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems. The utilities are described as follows: Ping host (IP): By sending ICMP echo request to a specified host and wait for the response to test the network status.
  • Page 148 Although it does not require a username and password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore, we recommend you to immediately change the AMG-2001 Admin username and password after logging in the system for the first time. Reload factory default Choosing this option will reset the system configuration to the factory defaults.

  • Page 149: System Status And Reports

    User’s Manual AMG-2001 Access and AP Management Gateway 10. System Status and Reports 10.1 View the status This section includes System, Interface, Hardware, Routing Table, Online Users, User Logs, and E-mail & SYSLOG to provide system status information and online user status.

  • Page 150: System Status

    User’s Manual AMG-2001 Access and AP Management Gateway 10.1.1 System Status View System Status, go to: Status >> System. This section provides an overview of the system for the administrator.
  • Page 151 The present firmware version of AMG-2001 Firmware Version The current build number. Build The system name. The default is AMG-2001 System Name Homepage Redirect URL The page the users are directed to after initial login success. The IP address and port number of the external Syslog Server. N/A Syslog server- System Log means that it is not configured.

  • Page 152: Interface Status

    User’s Manual AMG-2001 Access and AP Management Gateway 10.1.2 Interface Status View Interface Status, go to: Status >> Interface. This section provides an overview of the interface for the administrator including WAN1, WAN2, SZ Default and SZ1 ~ SZ8. •...
  • Page 153 User’s Manual AMG-2001 Access and AP Management Gateway The description of the above-mentioned table is as follows: Description Item The MAC address of the WAN1 port. MAC Address The IP address of the WAN1 port. WAN1 IP Address The Subnet Mask of the WAN1 port.

  • Page 154: Hardware Information

    User’s Manual AMG-2001 Access and AP Management Gateway 10.1.3 Hardware Information View Hardware Information, go to: Status >> Hardware. It will show the current CPU and Memory usage of the system.

  • Page 155: Routing Table

    User’s Manual AMG-2001 Access and AP Management Gateway 10.1.4 Routing Table View Routing Table, go to: Status >> Routing Table. All the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface.

  • Page 156: Online Users

    User’s Manual AMG-2001 Access and AP Management Gateway 10.1.5 Online Users View Online Users, go to: Status >> Online Users. In this page, each online user’s information including Username, IP Address, MAC Address, Pkts In, Bytes In, Pkts Out, Bytes Out, Idle, Access From and Kick Out will be shown. Administrators can force out a specific online user by clicking the hyperlink of Kick Out and check the user access AP status by clicking the hyperlink of the AP name for Access From.

  • Page 157: User Logs

    View User Logs, go to: Status >> User Logs. This page is used to check the traffic history of AMG-2001. The history of each day will be saved separately in the DRAM for at least 3 days (72 full hours). The system also keeps a cumulated record of the traffic data generated by each user in the latest 2 calendar months.
  • Page 158 User’s Manual AMG-2001 Access and AP Management Gateway Users Log All activities occur on the system within the nearest 72 hours are recorded; in date and time order. As shown in the following figure, each line is a traffic history record consisting of 9 fields, Date, Type, Name, IP, MAC, Pkts In, Bytes In, Pkts Out and Bytes Out of the user activities.
  • Page 159 User’s Manual AMG-2001 Access and AP Management Gateway SIP Call Usage Log The log provides the login and logout activities of SIP clients (device and soft clients), such as Start Time, Caller, Callee and Duration (seconds).

  • Page 160: Local User Monthly Network Usage

    User’s Manual AMG-2001 Access and AP Management Gateway 10.1.7 Local User Monthly Network Usage View Local User Monthly Network Usage, go to: Status >> User Logs. Monthly Network Usage of Local User The system keeps a cumulated record of the traffic data generated by each Local user in the latest 2 calendar months.

  • Page 161: Notification

    10.2 Notification Configure Notification, go to: Status >> E-mail & SYSLOG. AMG-2001 can automatically send the notification of Monitor IP Report, Users Log, On-demand Users Log, Session Log and AP Status Change to up to 3 particular e-mail addresses. The notification of AP Status is triggered by the event when a managed AP becomes unreachable while the other types of emails are sent periodically in given intervals such as 1 hour.

  • Page 162: E-Mail

    User’s Manual AMG-2001 Access and AP Management Gateway 10.2.1 E-Mail Notification E-mail Settings: Receiver Email Address(es): Up to 3 e-mail address can be set up to receive the notification. These are the receiver’s e-mail addresses. There are four kinds of notification to selection -- Monitor IP Report, Users Log, On-demand Users Log and AP Status Change, and check which type of notification to be sent.

  • Page 163: Syslog

    User’s Manual AMG-2001 Access and AP Management Gateway 10.2.2 SYSLOG SYSLOG Server Settings: There are 3 types of Syslog supported: System Log, On-demand User Log, Session Log and Hardware Log. Enter the IP address and Port number to specify which and from where the report should be sent to.

  • Page 164: Virtual Private Network (Vpn)

    User’s Manual AMG-2001 Access and AP Management Gateway 11. Virtual Private Network (VPN) 11.1 Local VPN Configure Local VPN, go to: Users >> Authentication. The system is equipped with IPSec VPN feature. To utilize IPSec VPN supported by Microsoft Windows XP SP2 (with patch) and Windows 2000 operating systems, the system implements IPSec VPN tunneling technology between client’s windows devices and the system itself regardless of wired or...
  • Page 165 Programs tab and click Manage add-ons button to enter the Manage add-ons dialogue box, where you can see VPNClient.ipsec is enabled. During the first-time login to AMG-2001 with Local VPN, Internet Explorer will ask clients to download an ActiveX component of IPSec VPN. Once this ActiveX component is downloaded, it will run in parallel with the “Login Success Page”...
  • Page 166 To ensure that the built-in IPSec VPN tunnel is always alive, unless clients decide to close the session and to disconnect from AMG-2001, the following conditions or behaviors, which may cause the Internet Explorer to stop the ActiveX, should be avoided.
  • Page 167 User’s Manual AMG-2001 Access and AP Management Gateway (3) Execution of instructions given by the following Windows messages: Close the Windows Internet Explorer. Click Logout on Login Success page. Click Back or Refresh of the same Internet Explorer browser page.
  • Page 168 User’s Manual AMG-2001 Access and AP Management Gateway • FAQ (1) How to clean IPSec client? ANS: Open a command prompt window and type the commands as follows. C:\> cd %windir%\system32 C:\> Clean_IPSEC.bat C:\> cd %windir%\system32 C:\> ipsec2k.exe stop (2) How to remove ActiveX component in client’s computer? ANS: ①...

  • Page 169: Remote Vpn

    AMG-2001 support Remote VPN for user login to system from remote area. After the user is login to system from the outside network of WAN, the user will feel that it is look like login to AMG-2001 under the service zone locally. They also can be applied Policy and are controlled by system to access the network.

  • Page 170: Site-To-Site Vpn

    AMG-2001 support Site-to-Site VPN for more than 2 AMG-2001 create VPN tunnel to each other over the WAN network. For example, if there are 2 AMG-2001, you can create a VPN tunnel to let a subnet of one AMG-2001 to access the subnet of another AMG-2001.
  • Page 171 User’s Manual AMG-2001 Access and AP Management Gateway And then create a Local Site with subnet for mapping to the remote site. Such as “192.168.11.0/24” of AMG-2001_A >> “192.168.111.0/24” of AMG-2001_B, after the tunnel is created, the users within these two subnets can reach each other.

  • Page 172: Customization Of Portal

    User’s Manual AMG-2001 Access and AP Management Gateway 12. Customization of Portal Pages 12.1 Customizable Pages Configure Customizable Pages, go to: System >> Service Zones. There are several users’ login and logout pages for each service zone that can be customized by administrators.

  • Page 173: Loading A Customized Login Page

    User’s Manual AMG-2001 Access and AP Management Gateway 12.2 Loading a Customized Login Page The administrator can use the default login page or get the customized login page by setting the template page, uploading the page or downloading from a designated website. After finishing the setting, click Preview to see the login page.
  • Page 174 User’s Manual AMG-2001 Access and AP Management Gateway Custom Pages >> Login Page >> Uploaded Page Choose Uploaded Page and upload a login page. The user-defined login page must include the following HTML codes to provide the necessary fields for user name and password.
  • Page 175 User’s Manual AMG-2001 Access and AP Management Gateway And if the user-defined login page includes an image file, the image file path in the HTML code must be the image file to be uploaded. Remote VPN : <img src=images/xx.jpg”> Default Service Zone: <img src=images0/xx.jpg”>...
  • Page 176 User’s Manual AMG-2001 Access and AP Management Gateway Custom Pages >> Login Pages >> External Page Choose the External Page selection and get the login page from a designated website. In the External Page Setting, enter the URL of the external login page and then click Apply.

  • Page 177: Load A Customized Logout Page

    User’s Manual AMG-2001 Access and AP Management Gateway 12.3 Load a Customized Logout Page Custom Pages >> Logout Page The administrator can apply their own logout page in the menu. As the process is similar to that of the Login Page, please refer to the “Login Page >> Uploaded Page” instructions for more details.

  • Page 178: Payment Gateways

    User’s Manual AMG-2001 Access and AP Management Gateway 13. Payment Gateways 13.1 Payments via Authorize.Net Configure Payments via Authorize.Net, go to: Users >> Authentication >> On-demand>> External Payment Gateway>> Authorize.Net. Before setting up “Authorize.Net”, it is required that the merchant owners have a valid Authorize.Net account.
  • Page 179 User’s Manual AMG-2001 Access and AP Management Gateway Service Disclaimer Content/ Choose Billing Plan for Authorize.Net Payment Page/Client’s Purchasing Record Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer.
  • Page 180 User’s Manual AMG-2001 Access and AP Management Gateway Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content Authorize.Net Payment Page Fields Configuration Item: Check the box to show this item on the customer’s payment interface. Displayed Text: Enter what needs to be shown for this field.
  • Page 181 User’s Manual AMG-2001 Access and AP Management Gateway of the card). E-mail: An email address may be provided along with the billing information of a transaction. This is the customer’s email address and should contain an @ symbol. Customer ID: This is an internal identifier for a customer that may be associated with the billing information of a transaction.

  • Page 182: Payments Via Paypal

    User’s Manual AMG-2001 Access and AP Management Gateway 13.2 Payments via PayPal Configure Payments via PayPal, go to: User >> Authentication >> On-demand>> External Payment Gateway>> PayPal. Before setting up “PayPal”, it is required that the hotspot owners have a valid PayPal “Business Account”.
  • Page 183 User’s Manual AMG-2001 Access and AP Management Gateway Service Disclaimer Content / Billing Configuration for Payment Page Service Disclaimer Content: View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here.
  • Page 184 User’s Manual AMG-2001 Access and AP Management Gateway PayPal Payment Page Remark Content: The message content will be displayed as a special notice to end customers in the page of “Rate Plan”. For example, it can describe the cautions for making a payment via PayPal.

  • Page 185: Payments Via Securepay

    User’s Manual AMG-2001 Access and AP Management Gateway 13.3 Payments via SecurePay Configure Payments via SecurePay, go to: Users >> Authentication >> On-demand>> External Payment Gateway >> SecurePay. Before setting up “SecurePay”, it is required that the hotspot owners have a valid SecurePay...
  • Page 186 User’s Manual AMG-2001 Access and AP Management Gateway Payment Page Configuration Merchant ID: The ID that is associated with the Business Account. Password: This is the key used by Secure Pay to validate all the transactions. Payment Gateway URL: The default website address to post all transaction data.

  • Page 187: Payments Via World Pay

    User’s Manual AMG-2001 Access and AP Management Gateway 13.4 Payments via World Pay Configure Payments via WorldPay, go to: Users >> Authentication >> On-demand User >> External Payment Gateway >> WorldPay. WorldPay Payment Page Configuration Installation ID: The ID of being associated with the Business Account.
  • Page 188 User’s Manual AMG-2001 Access and AP Management Gateway These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled. SecurePay Payment Page Remark Content The message content will be displayed as a special notice to end customers.
  • Page 189 User’s Manual AMG-2001 Access and AP Management Gateway STEP ⑥ . Check the Enable the Shopper Response. STEP ⑦ . Select the Save Changes button STEP ⑧ . Input Installation ID and Payment Gateway URL in gateway UI. Installation ID: 2009test URL : https://select.wp3.rbsworldpay.com/wcc/purchase...

  • Page 190: Additional Applications

    User’s Manual AMG-2001 Access and AP Management Gateway 14. Additional Applications 14.1 Upload / Download Local Users Accounts Configure Upload / Download Local Users Accounts, go to: Users >> Authentication >> Local-Server1~4 >> Configure >> Local User List. Upload User: Click Upload User to enter the Upload User from File interface. Click the Browse button to select the text file for uploading user accounts, then click Upload to complete the upload process.
  • Page 191 User’s Manual AMG-2001 Access and AP Management Gateway...

  • Page 192: Backup And Restore On-Demand Users Accounts

    User’s Manual AMG-2001 Access and AP Management Gateway 14.2 Backup and Restore On-demand Users Accounts Configure Backup / Restore On-demand Users Accounts, go to: Users >> Authentication >> On-demand User >> On-demand Account List. Backup Current Accounts: Use this function to create a .txt file with all current user account information and then save it on disk.

  • Page 193: Pop3 Login With Complete Name Format

    User’s Manual AMG-2001 Access and AP Management Gateway 14.3 POP3 login with complete name format Configure POP3 login with complete name format, go to: Users >> Authentication >> POP3-Server1~4 >> Configure. For POP3 authentication, there have an option to send the complete username with postfix or username only.

  • Page 194: Radius Advance Settings

    User’s Manual AMG-2001 Access and AP Management Gateway 14.4 RADIUS Advance settings Configure RADIUS Advance settings, go to: Users >> Authentication >> RADIUS-Server1~4 >> Configure. Complete Name vs. Only ID For RADIUS authentication, there have an option to send the complete username with postfix or username only.

  • Page 195: Ldap Advance Settings - Attribute-Group Mapping

    User’s Manual AMG-2001 Access and AP Management Gateway 14.5 LDAP Advance settings - Attribute-Group Mapping Configure LDAP - Attribute-Group Mapping, go to: Users >> Authentication>> LDAP-Server1~4 >> Configure. This function is to assign a Group to a LDAP attribute sent from the LDAP server. When the clients classified by LDAP attributes log into the system via the LDAP server, each client will be mapped to its assigned Group.

  • Page 196: Nt Transparent Login

    Domain first, and then they will be assigned the access right in this domain. On the other hand, user also need to login to AMG-2001 to get the network access right. So user must login twice for network access right and domain resource access right.

  • Page 197: Roaming Out

    Configure Roaming Out, go to: Users >> Authentication >> Local-Server1~4 >> Configure >> Local User List >> Roaming Out & 802.1X Client Device Settings. In sometime, AMG-2001 can act as a RADIUS server for Roaming Out from other system. The Local User database will act as the RADIUS user database.

  • Page 198: Sip Proxy

    SIP (Session Initiation Protocol) is a protocol for making real-time calls over IP network. Currently, most of the SIP extensions address audio communication. AMG-2001 can act like a SIP Proxy Server, it forwards end point’ requests and responses. In other words, SIP Proxy server needs to log in the trusted registrar to verify identities of 2 clients.
  • Page 199 User’s Manual AMG-2001 Access and AP Management Gateway SIP: SIP authentication supports 4 Trusted SIP Registrar. IP Address: The IP address of the Trusted SIP Registrar. Remark: The administrator can enter extra information in this field for remark. Group: A Group option can be applied to the clients who login with SIP Authentication. Be noted that the specific route of the applied Policy for the selected Group cannot conflict with the assigned WAN interface for SIP authentication.

  • Page 200: Appendix A. Network Configuration On Pc & User Login

    Access and AP Management Gateway Appendix A. Network Configuration on PC & User Login Network Configuration on PC After AMG-2001 is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup. Internet Connection Setup Windows 9x/2000 1) Choose Start >>...
  • Page 201 User’s Manual AMG-2001 Access and AP Management Gateway 3) Choose “I want to set up my Internet connection manually, or I want to connect through a local Area network (LAN)”, and then click Next. 4) Choose “I connect through a local area network (LAN)”...
  • Page 202 User’s Manual AMG-2001 Access and AP Management Gateway 6) Choose “No” and then click Next 7) Finally, click Finish to exit the Internet Connection Wizard. Now, the set up is completed. Windows XP 1) Choose Start >> Control Panel >>...
  • Page 203 User’s Manual AMG-2001 Access and AP Management Gateway 2) Choose the Connections tab, and then click Setup. 3) When Welcome Connection Wizard window appears, click Next. 4) Choose “Connect to the Internet” and then click Next.
  • Page 204 User’s Manual AMG-2001 Access and AP Management Gateway 5) Choose “Set connection manually” and then click Next. 6) Choose “Connect using a broadband connection that is always on” and then click Next. 7) Finally, click Finish to exit the Connection...
  • Page 205 With the factory default settings, during the process of starting the system, AMG-2001 with DHCP function will automatically assign an appropriate IP address and related information for each PC. If the Windows operating system is not a server version, the default settings of the TCP/IP will regard the PC as a DHCP client, and this function is called “Obtain an IP address automatically”.
  • Page 206 4) Using Specific IP Address: If you want to use a specific IP address, acquire the following information from the network administrator: the IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of AMG-2001. Caution: If your PC has been set up completely, please inform the network administrator before proceeding to the following steps.
  • Page 207 User’s Manual AMG-2001 Access and AP Management Gateway 4.2) Click on the Gateway tab. Enter the gateway address of AMG-2001 in the “New gateway” field and click Add. Then, click OK. 4.3) Click on DNS Configuration tab. If the DNS Server field is empty, select “Enable DNS”...
  • Page 208 DHCP or a specific IP address. 4) Using DHCP: If you want to use DHCP, choose “Obtain address automatically”, and then click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from AMG-2001.
  • Page 209 5) Using Specific IP Address: If you want to use a specific IP address, acquire the following information from the network administrator: the IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of AMG-2001. If your PC has been set up completely, please inform the network administrator before proceeding to the following steps.
  • Page 210 User’s Manual AMG-2001 Access and AP Management Gateway 5.4) Enter the gateway address of AMG-2001 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to complete the configuration. Check the TCP/IP Setup of Window XP 1) Select Start >>...
  • Page 211 IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of AMG-2001. Caution: If your PC has been set up completely, please inform the network administrator before proceeding to...
  • Page 212 5.3) Click on the IP Settings tab and click Add below the “Default gateways” column TCP/IP Gateway Address window will appear. 5.4) Enter the gateway address of AMG-2001 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to finish the configuration.

  • Page 213: Appendix B. Policy Priority (Global Policy, Service Zone Policy, Authentication Policy And User Policy)

    Appendix B. Policy Priority (Global Policy, Service Zone Policy, Authentication Policy and User Policy) AMG-2001 supports multiple Policies, including one Global Policy and 24 individual Policy can be assign to different Group. Global Policy is the system’s universal policy and applied to all clients, while other individual Policy can be selected and defined to be applied to any Service Zone.

  • Page 214: Appendix C. Monitoring 3Rd Party Ap

    If you are using 3 party AP, you can use Monitor IP function to monitor the AP connection status. Because AMG-2001 can not manage these APs, Monitor IP is a better way to monitor the AP connection status. AMG-2001 will send out a packet periodically to monitor the connection status of the IP addresses on the list.

  • Page 215: Appendix D. Radius Accounting

    User’s Manual AMG-2001 Access and AP Management Gateway Appendix D. RADIUS Accounting This section is trying to organize the basic configuration with RADIUS server to work with VSA. The aim is trying to control the maximum usage (upload; download or upload + download traffic) of clients in each session.
  • Page 216 User’s Manual AMG-2001 Access and AP Management Gateway If the amount of traffic is larger than 4 GB, then the attribute of “XXXX-4GB” is for the carry. For example, if the amount is 5 GB, you must set “None-Byte-Amount = 1048576” and “None-Byte-Amount-4GB = 1”.
  • Page 217 User’s Manual AMG-2001 Access and AP Management Gateway 2.3. Step 3 Edit Profile Select the Advanced Tag Add a new attribute Add a new Vendor-specific attribute...
  • Page 218 User’s Manual AMG-2001 Access and AP Management Gateway 2.4. Step 4 Add a new attribute under Vendor-specific Set “Vendor Code = 22426” Set it conforms to the RADIUS RFC Configure Attribute Set “Vendor-assigned attribute number = 10” Set “Attribute format = Hexadecimal”...
  • Page 219 User’s Manual AMG-2001 Access and AP Management Gateway 2.5. Step 5 Confirm the Vendor-specific Attribute has been added success 2.6. Step 6 Follow the same steps to create other Vendor-specific Attribute as you need.
  • Page 220 User’s Manual AMG-2001 Access and AP Management Gateway 3. VSA configuration in RADIUS server (FreeRADIUS) This section will guide you through a VSA configuration using the operating system “Fedora” FreeRADIUS version 1.0.5. Before getting start, open the shell of RADIUS server, for example, use Putty to access the Linux Host: 3.1.
  • Page 221 User’s Manual AMG-2001 Access and AP Management Gateway 3.3. Step 3 Create a file “dictionary.none” under the “freeradius” folder. 3.4. Step 4 Edit and save the content of the file “dictionary.none” as the following: Administrator also can add other attributes as the table stated in Section 2 with same format.
  • Page 222 User’s Manual AMG-2001 Access and AP Management Gateway 3.7. Step 7 Open the “radius” database. 3.8. Step 8 Insert VSA into RADIUS respond. In this example, the maximum download and upload in bytes for group03 users is 1MBytes. 3.9. Step 9...

  • Page 223: Appendix E. Net Retriever And Port Mapping

    User’s Manual AMG-2001 Access and AP Management Gateway Appendix E. Net Retriever and Port Mapping This section is trying to introduce the configuration of Net Retriever with VLAN Port Mapping. Net Retriever is a "middleware" that communicates with the popular High Speed Internet Access (HSIA) hardware and Front Office System (FOS) software to provide a seamless integration of the two.
  • Page 224 User’s Manual AMG-2001 Access and AP Management Gateway Secret: The secret key between Guest Service Device and Net Retriever for challenge and response (MD5 Hash) to test the link. It should contain one or more lowercase letters, uppercase letters, numbers and symbols. It also should be between 8 ~ 16 characters.
  • Page 225 User’s Manual AMG-2001 Access and AP Management Gateway Now, let us begin to configure the Port Mapping. There are three main group of setting: Create Batch, Change All Room State and Create One. You can create the Room Mapping by a batch processing that if you want to create a contiguously VLAN Tag and Room number.
  • Page 226 User’s Manual AMG-2001 Access and AP Management Gateway After you had created the VLAN Tag and Room number mapping, you can change all of the Room State in the same Service Zone. Port Location Mapping Setup – Change All Room State Default Room State: The default state of the rooms, it may be: Charge, Free or Block.
  • Page 227 User’s Manual AMG-2001 Access and AP Management Gateway 3. Check or modify the VLAN Port (Room) Mapping If you want to check the room mapping information or you want to change any setting of the room mapping. Configure Port Location Mapping List, go to: System >>Port Location Mapping.
  • Page 228 User’s Manual AMG-2001 Access and AP Management Gateway 4. View the Event Login After all of the configuration has completed. User may try to login from the “Charge” room. Connect the user’s notebook (laptop) to the Ethernet port of this room. Enable DHCP client in this notebook (laptop).
  • Page 229 User’s Manual AMG-2001 Access and AP Management Gateway...

Table of Contents