Page 1 User’s Manual V1.00.00 HSG326 Wireless Hotspot Gateway...
Page 2 4IPNET, INC. Disclaimer 4IPNET, INC. does not assume any liability arising out the application or use of any products, or software described herein. Neither does it convey any license under its parent rights nor the parent rights of others.
Page 3: Table Of Contents
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Table of Contents Chapter 1. Introduction ................ 6 1.1 4ipnet Solution Overview ................ 6 1.2 Key Terms & Concepts ................8 1.3 Recommended Configuration Sequence ........... 11 1.3.1 Common Settings ............... 11 1.3.2 Advanced Settings and Application ........
Page 4 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Chapter 8. Utilities for Controller Management ........70 Administrator Account Management ..........70 Configuration Backup & Restore ............73 Firmware Upgrade ................74 Restart ..................76 Chapter 9. Reports and Logs for Monitoring ........77 System Related Status ..............
Page 5 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 1) Groups ..................164 2) Internal Authentication .............. 165 3) External Authentication ............. 168 4) On-Demand Accounts..............169 5) Schedule ................. 170 6) Policies ..................171 7) Blacklists ................. 172 8) Privilege Lists ................172 9) Additional Control ..............
Page 6: Chapter 1. Introduction
4ipnet HSG & WHG are designed for network management over almost all current network architectures, Layer 2 (Data Link Layer) and Layer 3 (Network Layer). 4ipnet HSG are suitable in Layer 2 network architecture, if you want to develop a Layer 3 network, we strongly recommend you choose 4ipnet WHG Controller series.
Page 7 ENGLISH 【Layer 2 Network in Tag Based Mode】 Layer 3 networks not only span physically under the LAN ports of 4ipnet WHG, it is also capable of reaching over different IP networks to manage remote sites with routable IP address via tunnels.
Page 8: Key Terms & Concepts
(physically connected via the WAN port), while the small network is referred as the LAN side. Local User is a type of user whose account credential is stored in the 4ipnet HSG Wireless Hotspot Gateway’s built-in database named “Local”. The 4ipnet HSG Wireless Hotspot Gateway’s “Local”...
Page 9 Service Zone is a logic partition of 4ipnet HSG Wireless Hotspot Gateway’s LAN. The concept of Service Zone is that it is a virtual gateway with customizable login portal page with its own gateway properties (such as LAN IP address, DHCP server settings, authentication options, etc.).
Page 10 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Policy, they will be governed by a default catch-all policy named ‘Global-Policy’. The Global-Policy is a base policy which will be applied to all users if not applied with another policy. The following Figure is an example that depicts the relationship between Service Zone, Group and Policy.
Page 11: Recommended Configuration Sequence
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Recommended Configuration Sequence Set up system’s Time Zone, NTP server, DNS server and WAN address  Configure LAN address range for at least one Service Zone, and enable its  authentication. Create user accounts to test the login page via wire line in the enabled Service ...
Page 12 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Customers with needs to fulfill specific applications, integration with 3 party devices, customization etc., please refer to Chapters 11 and beyond for advanced feature setup.
Page 13: Wmi
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Chapter 2. WMI 2.1. Web Management Interface The Web Management Interface (WMI) of the HSG Wireless Hotspot Gateway can be accessed through a web browser (Firefox, Chrome, and Safari recommended) of any PC connected to the LAN interface with the default IP address of 192.168.1.254.
Page 14 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH The WMI Welcome page is as shown below after a successful administrator login. NOTE 1. To logout, simply click the Logout icon on the upper right corner of the interface to return to the login screen.
Page 15: Chapter 3. Basic Network Settings
Typically, organization networks today are a combination of manageable wired and wireless LANs, sometimes even remote LANs. The main category of network topologies supported by 4ipnet HSG Wireless Hotspot Gateway is Layer 2 Topology. Layer 2 Topology This network topology aims to build a managed Local Area Network (LAN) which consists of both wired and wireless capabilities to provide network services to a limited physical area such as office building, hotel, school premises, and etc.
Page 16: Uplink (Wan) Configuration
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Layer 2 Network Design Guidelines Always connect hierarchically. If there are multiple switches in a building, use an  aggregation switch. Locate the aggregation switch close to the network core (e.g. mainframe ...
Page 17: Wan Traffic Control
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH select the connection type applicable to you. For example, if your ISP is Cable modem issuing Dynamic address, then you would select Dynamic connection. Static: Manually specifying the IP address of the WAN Port. The fields with red asterisks are required to be filled in.
Page 18: Uplink Detection & Failover
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 3.2.3. Uplink Detection & Failover Uplink Detection When the WAN interface has been configured with a valid uplink connection, administrator may specify up to three outbound sites as detection target for verifying whether the uplink service is alive or down. The controller will periodically check the uplink status.
Page 19: Downlink (Lan Side) Vlan Option
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 3.3. Downlink (LAN side) VLAN option The Downlink of HSG Wireless Hotspot Gateway is basically your managed network deployed for service. There are two types of deployment mode for networks attached to the LAN ports of the HSG Wireless Hotspot Gateway: Port-Based mode and Tag-Based mode.
Page 20: Tag-Based Service Zone
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 3.3.2. Tag-Based Service Zone Tag-Based operation mode operates under the principle that different Service Zones are identified by VLAN ID. This means that Tag-Based operation allows each physical LAN port to accept traffic for any enabled Service Zones Traffic handling will be processed internally according to the VLAN ID traffic packets carry.
Page 21: Chapter 4. User Authentication Database
When a user is associated to an authentication enabled in Service Zone, the 4ipnet HSG Wireless Hotspot Gateway checks the database to see if the submitted user ID and password combination exists, in order for the user to get network access.
Page 22 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 【Graphical illustration of authentication databases in relation to HSG Wireless Hotspot Gateway】 The configurations of authentication options for Internal and External authentication are done separately. The 2 external authentication servers (RADIUS) are customizable and can be enabled concurrently.
Page 23: Built-In Authentication Databases
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 4.2. Built-in Authentication Databases Configuration Path: Main Menu >> Users >> Internal Authentication 4.2.1. Local User Database This type of authentication method checks the local database that stores user, often the staff and credentials internally. The Local user database is designed to store static accounts which will not be deleted unless manually performed by administrator.
Page 24 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH NOTE 1. The fields with red asterisk are mandatory fields while the others are optional. 2. MAC Address field once configured will bind this particular account under the condition that it may only be granted access using the device specified.
Page 25 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH NOTE 1. The txt files generated may be inter-used by all HSG Wireless Hotspot Gateway series as the defined csv format are consistent for all models. 2. Duplicated accounts will result in upload failure and a warning message will be displayed.
Page 26: On-Demand User Database
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 4.2.2. On-Demand User Database The On-Demand user database is designed for guest user account provisioning with time or traffic volume constraints. Ideal for deployment needs of Hotels, Hotspot venues, Enterprise visitor reception, and more. The On-Demand Authentication option offers plenty of options for customization.
Page 27 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH On-Demand Account Settings General Settings for the On-Demand Account database can be configured on this page. General Settings include the customization of POS/Web tickets, Payment Gateway options, and etc. When Terminal Servers (such as the SDS200W) are deployed for account generation, remember to configure the IP and Port in Terminal Server configuration.
Page 28 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH With a set of Clickatell account Username/Password, the SMS Gateway can be configured to send SMS messages upon On-Demand account creation. The SMS service can be used for free access, paid access with payment gateway integration,...
Page 29 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH or both. Define an API ID and activate the desired billing plans. Multiple Billing Plans may be activated if needed. To prevent the SMS Gateway from being flooded by SMS queries for account generation, an Account Registration Control option is available.
Page 30 1. For more detailed information on the four major account types, please refer to Appendix D. 2. For more detailed information on Ticket Customization, please refer to the 4ipnet Application Note on Ticket Customization. On-Demand Accounts Configuration Path: Main Menu >> Users >> On-Demand Accounts After enabling the selected Billing Plans, On-Demand Accounts generation can be done on On-Demand Account Creation.
Page 31: The Guest Authentication Option
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Valid = On-Demand account in active or quota remaining Total = Valid + Out-of-Quota + Expired Besides, such valid and total number of On-Demand accounts are informed in the end of this list.
Page 32 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Step1: Setting up the Guest authentication profile. Selecting Visible helps administrators enable Guest Login Input which allows clients to access internet by entering emails. The E-mail Denial List checks the email domains for login permission, if prevention of junk mailboxes is desired. Guest...
Page 33 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Email verification ensures that the entered email is a valid email address. When this option is enabled, an activation time is allocated to the client. The client then has to activate this account within the activation time to extend his/her usage time by clicking a link in the mail sent by the mail server.
Page 34 ENGLISH Step2: Setting up the Social Media Login profile. 4ipnet WHG-series Controllers also provide a convenient method for guest authentication; Social Media Login enables client to access internet by logging in with their own Social Media Accounts, ex. Facebook, Google+, and Open ID. The detail configuration can be done with the hyperlink to Social Media Login with these application registration IDs or secrets (see 4.3.6 Social Media).
Page 35 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Step3: Implement into specific Service Zones and login pages Choose the desired Service Zone where you would like to apply the Guest authentication option - Go to Main Menu > System > Service Zone > Configure. Scroll down the page to Authentication Options.
Page 36: External Authentication Options
4.3. External Authentication Options Most organizations have already established a centralized user account servers. Consequently, 4ipnet HSG Wireless Hotspot Gateways are equipped with a variety of external authentication options so as to support account roaming and adapt to existing network. A simple illustration of using external authentication is shown below.
Page 37 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Server 2 by default is configured to use RADIUS authentication. 4ipnet HSG Wireless Hotspot Gateways support RADIUS authentication, RADIUS class mapping, and RADIUS transparent login with 802.1X. Below is the detailed configuration page of RADIUS settings. Attributes of the Primary RADIUS Server and Secondary RADIUS Server can be configured depending on service deployment.
Page 38 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH...
Page 39: Social Media
ENGLISH Another important setting field is the Class-Group Mapping on the page. It is a translation setting which maps RADIUS classes to different groups on the 4ipnet HSG Wireless Hotspot Gateway, enabling different RADIUS accounts to be incorporated into different Groups.
Page 40 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH When a user clicks the button to sign in with social media accounts, he/ she will be redirected to the social media sites for login and granting permissions. This configuration page is where how Controller to connect with social media sites.
Page 41: Chapter 5. Group Attributes & Policy Rules
ENGLISH Chapter 5. Group Attributes & Policy Rules All 4ipnet HSG Wireless Hotspot Gateway models utilize ‘Group’ and ‘Policy’ to define user accessibility and network privileges in order to set constraints on users’ behavior. Since grouping, policy setting, and service zones are intertwined with one...
Page 42 HSG326 Wireless Hotspot Gateway ENGLISH On-Demand users, Local users, may be assigned to different Groups per account. As for those who are authenticated by external servers, 4ipnet HSG Wireless Hotspot Gateways also offer Group assignment per account for RADIUS via Class- Group Mapping.
Page 43 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Group and Policy profiles are separated for more flexibility. This allows users of the same Groups to be bound with different Policies according to Group-Service Zone permission mapping settings the administrator defines. For instance, a user from group 1 may be imposed by policy 1 in service zone 1, but policy 3 when he goes to service zone 3.
Page 44: Practical Setups Of Group And Policies
HSG326 Wireless Hotspot Gateway ENGLISH Practical Setups of Group and Policies This section demonstrates with screenshots on how to practically set up the groups and policies on the WMI of the 4ipnet HSG Wireless Hotspot Gateway. Group Overview  Configuration Path: Main Menu >>...
Page 45 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Check the Status checkboxes to allow users of this Group to access the corresponding Service Zones. To configure from a Service Zone’s perspective please go to Access Permission and Authorization in Service Zone Settings.
Page 46 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Policy Settings  Configuration Path: Main Menu >> Users >> Policies >> Policy Configuration Select Policy allows administrator to choose which Policy Profile to configure. Firewall Profile is for defining service protocols, user firewall rules, and Layer 2...
Page 47 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Privilege Profile configures the On-Demand Account creation, Password change privileges and Maximum concurrent sessions. QoS Profile allows administrator to edit traffic configuration. Specific Route Profile is where the administrator may statically assign routing nodes to forward traffic to a certain destination.
Page 48 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Grouping Users  A Group is determined by authentication servers, class (RADIUS) or accounts individually (Local, On-Demand). Generally a Group is assigned to all users of an authentication option Users > Authentication > Auth Option > Group...
Page 49 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH The Policy enforcement priority is as follows: Authentication is enabled: Group-Service Zone Mapping > Global Policy  Authentication is disabled: Service Zone default Policy > Global Policy ...
Page 50: Chapter 6. Basic Service Zone Configuration
Chapter 6. Basic Service Zone Configuration The Concept of Service Zone Service Zones are virtual partitions of the physical LAN side of a 4ipnet Controller. Similar to VLANs, they can be separately managed and defined, having their own user landing pages, network interface settings, DHCP servers, authentication options, policies and security settings, and so on.
Page 51 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH which LAN port. A simple concept is displayed in the picture below. As the figure depicts, a staff of a firm is associated with a certain SSID broadcast by an access point. This SSID belongs to, let’s say, VAP with VLAN ID 15. Therefore the AP’s traffic when forwarded back to the Controller will be mapped to Service...
Page 52 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH If the setting is change to Tag-based, the correspondence of service zones and ports will be grayed out. Each Service Zone will need to be assigned a unique VLAN ID, ranging from 1 to 4096.
Page 53: Nat Mode Or Router Mode
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 6.2.2. NAT Mode or Router Mode Configuration Path: Main Menu >> System >> Service Zones >> Configure NAT is the acronym for Network Address Translation which translates private IP addresses for devices on the LAN side of a controller to routable IP before forwarding into uplink network.
Page 54: Dhcp Server Options
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. 4ipnet HSG Wireless Hotspot Gateways supports independent DHCP settings for each Service Zone profile.
Page 55: Wireless Settings
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Timeout. 4. Reserving IP addresses – A configuration list for reserving certain IP’s within the DHCP Server IP range for specific devices, for example an internal file server. 5. DHCP lease protection – This is an optional checking mechanism on the Controller when Enabled, will check to see if the lease expired IP is currently online.
Page 56 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 1. Databases Administrator can designate configured auth servers for use. Postfix will be used as auth server identifier when more than one auth server is enabled for service. 2. Portal URL The specification of a desired landing page may be configured here. When enabled, the administrator can choose to set the URL of an opened browser after users’...
Page 57 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 4. PPP dial-up authentication Point-to-Point Protocol (PPP) is a data link protocol commonly used in establishing a direct connection between two networking nodes. When this feature is enabled for service, end users may configure a dial-up connection setting with a valid username and password (support only Local and RADIUS users).
Page 58: Portal Customization
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH The IP Address Range Assignment field configures the starting IP range which PPP can assign IP addresses to dial-up virtual interfaces. The assigned interface IP address is used to route between the networks on both side of the tunnel.
Page 59 HSG326 Wireless Hotspot Gateway ENGLISH There are three customization options to choose from apart from the 4ipnet Default Page: Customize with Template, Upload Your Own, and Use External Page. 4ipnet Default: The gateway has a standard 4ipnet Default Login Page with the 4ipnet logo and Administrators can choose to enable a Service Disclaimer if needed.
Page 60 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Use External Page: The Login Page can be a defined external URL. This option requires extensive knowledge of URL parameter utilization that works together with the Message Pages and should be organized carefully. For more details on External Login Page customization, please refer to Appendix B of the User Manual.
Page 61: Chapter 7. Advance Settings For Network Environment
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Chapter 7. Advance Settings for Network Environment Network Utilities Configure Network Utility; go to: Main Menu >> Utilities >> Network Utilities The system provides network utilities to help administrators manage the network easily.
Page 62 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Item Description IPv4  Ping: It allows administrator to detect a device using IP address or Host domain name to see if it is responding.  Trace Route: It allows administrator to recover the real path of packets from the gateway to a destination using IP address or Host domain name.
Page 63: Black List
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Black List Network operators may want to limit the accessibility of certain accounts or devices from authentication or association from time to time. This section describes the ways in which user or device restrictions may be achieved.
Page 64 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH After entering the usernames in the Username blanks fields and the related information in the Remark blank fields (not required), click Apply to add the users. To remove a user from the black list, select the user and click Delete to remove that user from the black list.
Page 65: Certification
Configuration path: Main Menu >> Utilities >> Certificate 4ipnet HSG Wireless Hotspot Gateways can issue certificates in its private network. Administrator can sign certificates issues by the system’s root CA. Also, they could be used for authentication of Built-in RADIUS Server users roaming out.
Page 66 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH certificates to be uploaded. To view details of the certificate, click the corresponding "View" button. Click "Get CERT" and "Get Key" to download the certificate and public key onto your local disk. To Upload a Certificate/Private Key/Intermediate CA, click “Browse”, select the...
Page 67: Internal Root Ca
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 7.3.2 Internal Root CA The administrator can upload an Internal Root CA, or generate a root CA for private use. The created root CA certificate can be downloaded and used to sign certificates generated by the system.
Page 68: Internally Issued Certificate
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH To view details of the certificate, click the "View" button. 7.3.3 Internally Issued Certificate Internally Issued Certificates can be generated on this page. Note that an Internal Root CA needs to be created first before Internally Issued Certificates can be signed.
Page 69: Management Access
Configuration path: Main Menu >> System >> General >> Management IP Address On the 4ipnet HSG Wireless Hotspot Gateways, the administrator can grant access to the web management interface by specifying a list specific IP addresses or ranges of IP addresses, both from WAN or from LAN. For example, entering "192.168.3.1"...
Page 70: Chapter 8. Utilities For Controller Management
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Chapter 8. Utilities for Controller Management Administrator Account Management Configuration path: Main Menu >> Utilities >> Administrator Account The HSG Wireless Hotspot Gateway’s root management account is the “admin” account with full access, modification and application privilege and authority. There...
Page 71 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Step 1: Configure Password Safety Settings Password Safety can be enabled to protect the Web Management Interface from unauthorized personnel. Note that these settings are disabled by default.
Page 72 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Step 2: Configure Group Access property The Controller supports customizable administration account types, namely Super Group, Manager, On-Demand Manager or Operator. Admin is classified under Super Group, with all access and configuration authorities. Only Super Group members can generate other administrative accounts (Manager, On-Demand Manager and Operator).
Page 73: Configuration Backup & Restore
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Step 3: An Administrator Accounts List is available to display Administrator Accounts information and their statuses. Create an account by clicking “Add”, then inputting the desired account name, password and the assigned authority group.
Page 74: Firmware Upgrade
This action also has additional options to keep critical settings. Firmware Upgrade Configuration path: Main Menu >> Utilities >> System Upgrade The administrator can obtain the latest firmware from 4ipnet’s website or 4ipnet’s Support Team and upgrade the system.
Page 75 FTP server that will be used to upgrade the system. Before performing an upgrade, the system checks for version compatibility ensure system sanity. You may contact the 4ipnet Support Team regarding version compatibility. NOTE The system MUST be restarted before resetting to factory defaults after firmware upgrade.
Page 76: Restart
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Restart Configuration path: Main Menu >> Utilities >> Restart This function allows the administrator to safely restart HSG Wireless Hotspot Gateway, and the process might take several minutes to complete. Select Restart the system in Regular mode, click Apply to restart HSG Wireless Hotspot Gateway.
Page 77: Chapter 9. Reports And Logs For Monitoring
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Chapter 9. Reports and Logs for Monitoring System Related Status 9.1.1 System Summary Configuration path: Main Menu >> Status >> System Summary The system status page displays a table of contents including system firmware version, report servers configured, WAN optional settings, User log profile, system time and session control settings.
Page 78 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH...
Page 79: Network Interface
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH A selection of Reports is available when the “See Reports” button is clicked. These reports can be sorted based on interface and intervals. 9.1.2 Network Interface Configuration path: Main Menu >> Status >> Interface This section provides the details of each of the network interfaces for the administrator to inspect, including WAN1,Default, SZ1 ~ SZ4.
Page 80: Routing
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH NOTE 1. If statistics are required to be saved for long term keeping, See Report & Notification section for instructions to send and save network traffic on external servers. 9.1.3 Routing Configuration path: Main Menu >>...
Page 81 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Statistics of offered list  Valid lease counts of the Last 10 Minutes, Hours and Days are shown here. The header 1 ~ 10 are unit multipliers; for instance the number under column 2 indicates the lease count in the last 20 minutes/hours/days, the number under column 3 indicated the lease count in the last 30 minutes/hours/days and so on.
Page 82: Client Related Status
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Client Related Status 9.2.1 Online User Configuration path: Main Menu >> Status >> Monitor Users >> Online Users Users displayed on this page are the ones that are authenticated by this Controller under its managed network either LAN or remotely tunneled site.
Page 83: Associated Non Login Users
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 9.2.2 Associated Non Login Users Configuration path: Main Menu >> Status >> Monitor Users >> Non-Login Devices This page shows users that have acquired an IP address from the system’s DHCP server but have not yet been authenticated, either under the LAN or remotely tunneled site.
Page 84: Session List
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 9.2.4 Session List Configuration path: Main Menu >> Status >> Sessions This page allows the administrator to inspect sessions currently established between a client and the system. Each result displays the IP and Port values of the Source and Destination.
Page 85: Logs And Reports
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Logs and Reports 9.3.1 System Related Configuration path: Main Menu >> Status >> Logs and Reports This page displays the system’s local log and User events since system boot up. Administrators can examine the log entries of various events. However, since all these information are stored on volatile memory, they will be lost during a restart/reboot operation.
Page 86: User Events
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 9.3.2 User Events Configuration path: Main Menu >> Status >> Logs and Reports >> User Events This page is packed with all user logs and events. User logs and events can be stored up to 40 days. Displays all user related information customizable to administrator's preference.
Page 87: Reports & Notification
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 9.4 Reports & Notification Configuration path: Main Menu >> Status >> Reporting HSG Wireless Hotspot Gateway can automatically send various kinds of user and/or system related reports to configured E-mail addresses, SYSLOG Servers, or FTP...
Page 88 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH SMTP Settings: Allows the configuration of 5 recipient E-mail addresses and  necessary mail server settings where various user related logs will be sent to. SYSLOG Settings: Allows the configuration of two external SYSLOG servers ...
Page 89: Chapter 10. Hotspot Application
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Chapter 10. Hotspot Application 10.1 On-Demand Billing Plans Configuration path: Main Menu >> Users >> Internal Authentication >> On- Demand >> Billing Plans Billing plan profiles define the terms and conditions of guest internet access. Click the Billing Plan Number link to enter the configuration page of a selected Billing Plan profile.
Page 90: On-Demand Billing Plan Types
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 10.2 On-Demand Billing Plan Types 10.2.1 Usage-time with Expiration Time Users can access internet as long as account is valid with remaining quota (usable time). Users need to activate the purchased account within a given time period by logging in.
Page 91 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH...
Page 92: Usage-Time With No Expiration Time
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 10.2.2 Usage-time with No Expiration Time Users can access internet as long as account has remaining quota (usable time). Users need to activate the purchased account within a given time period by logging in.
Page 93 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH...
Page 94: Hotel Cut-Off-Time
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 10.2.3 Hotel Cut-off-time Hotel Cut-off-time is the clock time (normally check-out time) at which the On- demand account is cut off (made expired) by the system on the following day or many days later. On the account creation UI of this plan, operator can enter a Unit value which is the number of days to Cut-off-time according to customer stay time.
Page 95: Volume
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 10.2.4 Volume Users can access internet as long as account is valid with remaining quota (traffic volume). Account expires when Valid Period is used up or quota is depleted. This is ideal for small quantity applications such as sending/receiving mail, transferring a...
Page 96 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH file etc. Count down of Valid Period is continuous regardless of logging in or out.  Account Activation is the time period for which the user must execute a first login. Failure to do so in the time period set in Account Activation will result in account expiration.
Page 97: Duration-Time With Elapsed Time
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 10.2.5 Duration-time with Elapsed Time Account is activated upon account creation. Count down begins immediately after account is created and is continuous regardless of logging in or out. Account expires once the Elapsed Time is reached. This is ideal for providing internet service immediately after account creation throughout a specific period of time.
Page 98 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH  Elapsed Time is the time interval for which the account is valid for internet access (xx hrs yy mins).  Number of Devices is to define the number of allowed simultaneous logged in devices per account.
Page 99: Duration-Time With Cut-Off Time
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 10.2.6 Duration-time with Cut-off Time Cut-off Time is the clock time at which the On-Demand account is cut off (made expired) by the system on that day. For example if a shopping mall is set to close at 23:00;...
Page 100: Duration-Time With Begin-And-End Time
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 10.2.7 Duration-time with Begin-and-End Time The Begin Time and End Time of the account are defined explicitly. Count down begins immediately after account activation and expires when the End Time has...
Page 101 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH been reached. This is ideal for providing internet service throughout a specific period of time. For example during exhibition events or large conventions such as Computex where each registered participant will get an internet account valid from 8:00 AM Jun 1 to 5:00 PM Jun 5 created in batch like coupons.
Page 102: Terminal Server Setup
Overview of Network Ticket Generator SDS200W is an innovative product 4ipnet offers to facilitate the communication between 4ipnet hotspot gateway and serial POS printer. It is mainly used to have the connected printer fast-print necessary account information extracted from a...
Page 103 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Keypad Panel Overview Useful Shortcut Keys Combination Function ‘Number’ + To create and print out an On-Demand account of an Enter enabled billing plan of the uplink Hotspot gateway mainly for the user who purchased an account.
Page 104: Led Indicators
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 4ipnet gateway (HSG/WHG). FUNC + ENTER To clear what is pressed. This is used when the operator pressed a wrong button or combination. The system will also clear it automatically after five seconds.
Page 105 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Note: <TAS Mode only> 4. Fast flashing means SDS200W trying to connect to uplink device. 5. Constantly off for ten seconds means SDS200W fails to connect to uplink device after step 4. Afterwards, Status will go back to step 1.
Page 106 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH LED Panel Understanding the LED indicators There are four LED indicators on the panel : Power, Status, LAN, and WLAN from left to right. Below summarizes all indication types in different states: Amplitude...
Page 107 Including SDS200W into Your Network The following diagram illustrates a deployment example that shows how the SDS200W can be connected to the POS printer and the 4ipnet Gateway/Controller. 1. Put the devices in place. 2. Attach a SDS200W to a power adaptor provided in the package.
Page 108 Managing SDS200W on the Web Management Interface SDS200W is designed specifically to operate in conjunction with all 4ipnet Gateways/Controllers, including both HSG and WHG series. If you are not using default settings, before connecting SDS200W to your 4ipnet Gateway/Controller, some configurations steps are required.
Page 109: Serial Settings
Printing On-Demand Tickets for Your Customers Operators have two ways of printing On-Demand account tickets for their customers. One is to go onto the WMI of 4ipnet Gateway/Controller and create one (or more). See the manual of the 4ipnet Gateway/Controller you use; the other is to use SDS200W by the following two shortcut keys.
Page 110 Manual setup To connect SDS200W manually to a 4ipnet Gateway/Controller, connect the SDS200W to the 4ipnet Gateway/Controller via an Ethernet cable. Enter the When wired connection is established, the wireless connectivity will be turned off by the system automatically, meaning wireless and ...
Page 111 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH When the settings are done completely on the 4ipnet Gateway/Controller side, go to SDS200W’s WMI and check if every uplink setting matches that on the controller.
Page 112: Customizing Pos Tickets
TAS refers to an automatic connection mechanism that requires NO previous network settings. Just press the TAS button on SDS200W for three seconds, and it will automatically look for and associate to a suitable 4ipnet gateway that supports this function.
Page 113 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH - An image can be uploaded (such as your company logo) in TMB format if needed. - There are 2 Width types, 2” for PRT100 and 3” for PRT200. - Select the desired language for the configured ticket template. WHG supports English, French, German, Japanese, Spanish, Simplified Chinese, and Traditional Chinese.
Page 114 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH You may start customizing your POS ticket from the window below manually typing or by inserting parameters from the drop-down list as shown in the above example. Once this is done, you may start assigning Billing Plans and Ticket Templates for...
Page 115 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH The administrator can now select the desired Ticket Template for a specific ticket generator from the drop-down list. Applications for QR Code Log-in On-Demand Account generation with a ticket generator is a very common deployment for hotspot providers.
Page 116 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH For the utilized Billing Plan, the corresponding ticket template needs to be customized to support QR Code. 1) The width needs to be changed to 3” (default value = 2”) 2) The parameter needs to be added by typing in “$qr” on the template, or...
Page 117: Creating Accounts
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Only 4ipnet PRT200 thermal printers support the printing of QR code. Installation of a QR Code scanning App on your mobile device is required (such as  Note: QuickMark, QR Reader, Barcode Scanner).
Page 118 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH When creating custom Usernames, the Prefix and Postfix will be kept constant while the Serial Number for the accounts will have single increments. The generated accounts may be downloaded for safe keeping, or sent to printer for...
Page 119: User Self Service
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 10.6 User Self Service Credit Card via External Payment Gateway Configuration path: Main Menu >> Users >> Authentication >> On-Demand User >> External Payment Gateway HSG Wireless Hotspot Gateway supports different types of payment gateway options depending on the account types possessed by the operator, including Authorize.net, PayPal, SecurePay, WorldPay, and PeleCard.
Page 120 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Select the enabled billing plans that are allowed for end users to self purchase through the payment gateway. The service disclaimer can be customized by configuring Web Page Customization. Subsequently after the configuration of your external payment gateway, the login...
Page 121 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH purchase an account with a valid credit card. In order for users to get account info via SMS after buying a new account online, and eliminate the risk of forgetting his/her username and password at the next time of login, administrators may choose to integrate SMS gateway with the payment gateway.
Page 122 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH The account buyers can then re-send the SMS no more than the configured number. To preview your External Payment Portal, click “Configure” for Web Page Customization at the bottom of the page. Just like all customizable web pages in the system, this page also supports customization with templates, uploading html, or using an external page.
Page 123 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH When a user tries to access internet from a room, the browser will show the Login page with a list of available plans and service agreement. The Service Agreement body can be configured at the applied Service Zone’s Custom Pages settings. User may choose a billing plan, click the Confirm button and the system will display the generated account name and password.
Page 124: Chapter 11. Account Roaming
Boingo, iPass Connect etc. For more in depth support regarding compatibility and technical evaluation on your telecom operator, please contact 4ipnet support team. 11.2 WISPr for ISP Roaming Configuration path: Main Menu >>...
Page 125 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH WISPr Smart Client: Select Enable if you wish to allow customers with a roaming account from a WISPr agent (iPass, WiFi Skype, Boingo, and etc.) to access your internet. Make sure to Enable the HTTPS Protected Login field under System >>...
Page 126: Local / On-Demand Account Roaming Out
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 11.3 Local / On-Demand Account Roaming Out The built-in user account databases both Local and On-Demand of the HSG Wireless Hotspot Gateway may be used for other Controllers as their external RADIUS authentication database.
Page 127 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH After enabling the Roaming out feature for Local or On-Demand, click the RADIUS Client Device Settings hyperlink. The redirected page allows the administrator to specify the Controller IP which is allowed to behave as a RADIUS client and...
Page 128 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH NOTE 1. Please make sure that the user database postfixes are configured without conflicting with one another over the two Controllers.
Page 129: Appendix A. Installation
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Appendix A. Installation Installation Instruction Preparations Unpack the HSG Wireless Hotspot Gateway and go through the package checklist. Review the front panel and the back panel and identify each control and network interface that is described in the Hardware & Specification section.
Page 130: Appendix B. External
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Appendix B. External Pages External Page Concept Choose External Page if you desire to use an external web page for your custom pages. Simply enter the URL of your external webpage, click Preview button to check if it is reachable, take a look at how your external webpage will be displayed, then click Apply button.
Page 131 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH The diagram below explains how External Page operates using user login/logout flow as illustration: Login:...
Page 132 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Logout: The URL parameters sent by the Gateway to the external login page are as follows: Field Value Description loginurl String (URL encoded) The URL to be submitted when a user logs in.
Page 133 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH (separated by ':') client_ip IP format Client IP address ipv6_addr IPv6 format Client IPv6 address umac MAC format Client MAC address (separated by ':') session String Encrypted session information, includes: client IP address, MAC address, date, and return URL.
Page 134 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH An external page example that the user will see upon launching a browser is shown, and you can see the URL parameters sent from the system highlighted in red: External Page Design Variables This section displays all the URL parameters that are sent from the Gateway to the various external pages.
Page 135 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 2. Login Successful Page Variables: Field Value Description String User ID (postfix is included) original_uid String Original User ID utype String (LOCAL, RADIUS, Authentication server name ONDEMAND, POP3, LDAP, SIP, NT Domain) umac...
Page 136 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH WISPR-LOCATION-ID String WISPr Location-ID attribute (Only available for RADIUS user) WISPR-LOCATION-NAME String WISPr Location-Name attribute (Only available for RADIUS user) WISPR-BILLING-TIME String, format: WISPr Billing-Time attribute (Only HH:MM available for RADIUS user) session...
Page 137 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH username and password and try again. Cannot identify the policy for your account.<BR>Please contact your network administrator. User of this device (the MAC address) is not allowed to use this account.<BR>Please contact your network administrator.
Page 138: User Login
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH gwip IP format Gateway activated WAN IP address client_ip IP format Client IP address Integer Service Zone ID group Integer Group index policy Integer Policy index next_page String Leads client to URL max_uplink...
Page 139 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 2. User Logout Path: (LAN IP address or Internal Domain Name) /loginpages/logoff.shtml Input: Field Required Value Description Optional String User ID, default is taken from cookie session Optional String Encoded string which contains some...
Page 140: Change Password
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Sorry, this feature is available for On-Demand user only. Sorry, this username: XXX is not found. Sorry, this username: XXX is out of quota. Sorry, this username: XXX is expired. Sorry, this username: XXX is redeemed.
Page 141 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH User password is incorrect Invalid password format 5. Redeem (On-Demand user) Path: (LAN IP address or Internal Domain Name) /loginpages/redeemuserlogin.shtml Input: Field Required Value Description Optional String Current user ID (If not presented, user name...
Page 142 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Original user type and on demand user type do not match. Original user has not logged in. Redeem user logged in already. Had been redeemed before. User has run out of quota. Maximum allowable time has exceeded.
Page 143: Appendix C. Useful Management & Evaluation Tools
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Appendix C. Useful Management & Evaluation Tools Useful Management Tools Here are the top six open source IT management products that do a solid job of replacing the big suites from HP, IBM, CA and BMC. Each offer low-cost professional services and free software downloads.
Page 144 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Evaluation Tools Wireshark (for packet capturing and debug analysis) Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.
Page 145: Appendix D. On-Demand Account Types
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Appendix D. On-Demand Account Types There are four main types of On-Demand account type:  Usage-time (Buy quota: usable time)  Volume (Buy quota: usable traffic volume) Pre-paid concept, only deducts quota while using. Account expires when quota is depleted or account expiration time reached.
Page 146 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Volume  Users can access internet as long as account is valid with remaining quota and need to activate the purchased account within a given time period by logging in.
Page 147 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH  Account expires when Valid Period is used up or quota is depleted. Hotel Cut-off Time  Operator can set the clock time for when the account will expire.  Account automatically activates when it is created.
Page 148 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Duration Time  Users can access internet while account is within valid time interval. Count down begins once account activates and expires when Expiration Time is reached.  Duration-time accounts can be further classified into: ...
Page 149 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH • Define explicitly the Begin Time and End Time of the account. Account expires when the End Time has been reached.  Cut-off Time • Define explicitly the clock time to “Cut-off” within the day of...
Page 150 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH NOTE Since there are only 10 billing plans, if you wish to create accounts of the same type but with various quotas, this may be achieved via the Unit field. Network operator is able to multiply the quota by an integer ranging from 1 to 9 in the Unit field.
Page 151 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH...
Page 152: Appendix E. Ui Reference Index
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Appendix E. UI Reference Index After login success, it will redirect to the Main Menu page. Main Menu is the link that leads to all the configuration pages in the Web Management Interface. A screenshot of the main menu is captured below, the iconic button on the top row will redirect to configuration pages relating to its category.
Page 153: System
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH A. System System: This section relates to system configuration. It includes, General Information, WAN Configurations, LAN Ports, Service Zones, and etc. 1) General System Name: This is a mnemonic name you can give to the controller. Once ...
Page 154 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH which will be displayed on the web browser of the client in the event of internet disconnection. HTTPS Certificate: Your own network certificate may be uploaded and selected  here as site safety verification.
Page 155: Wan
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH external NTP servers. 2) WAN Physical Mode: Select the mode (Auto/1000Mbps Full/100Mbps Full/100Mbps  Half) based on your WAN connection Static: This option enables the administrator to configure a static IP address on ...
Page 156: Wan Traffic
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 3) WAN Traffic Available Bandwidth on WAN Interface: This section of the configuration  page allows the administrator to specify uplink and downlink limitations to be enforced on the servicing WAN interface. Target for Detecting Internet Connection: This section of the configuration ...
Page 157: Service Zones
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH contrast, under "Tag-Based" mode, Service Zones will be distinguished by VLAN tagging, instead of physical LAN ports. 5) Service Zones The table will list the Service Zones and related settings. Click the Service Zone Name will go to the service zone configuration page.
Page 158 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Service Zone Status: Each service zone can be enabled or disabled except for  the default service zone. Service Zone Name: The name of service zone could be input here.  Network Interface: ...
Page 159 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH the AP/switch. Clients Isolation (Tag Based): When this option is selected, unicast  transmission is prevented between any clients in the same Layer 2 subnet. Operation Mode: Contain NAT mode and Router mode. When NAT ...
Page 160 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH server when clients are assigned static IP addresses. Select Enable Built-in DHCP Server to enable the built-in DHCP server. When the built-in DHCP server is chosen, the system will act as a DHCP server and assign IP addresses to its clients.
Page 161 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH the alias IP of this Service Zone. The configurable fields are the same as DHCP Server Scope 1. Reserved IP Address List: Each service zone can reserve specific IP addresses from predefined DHCP range to prevent the system from issuing these IP addresses to downstream clients.
Page 162 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH For advance wireless configure, click VAP Configuration. Under Security tab, system support different security type, such as, Open, WEP, WPA-Personal and WPA-Enterprise. Under Advance tab, administrator can enable or disable Broadcast SSID and IAPP feature, also the Receiving RSSI Threshold can be adjusted here.
Page 163 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH be able to associate to the network unless its receiving sensitivity meets the configured threshold. Under Access Control tab, administrator can restrict the total number of clients connected to the Access Point, as well as specify particular MAC addresses that can or cannot access.
Page 164: Users
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH B. Users Users: This section relates to user authentication, authorization and accounting. It includes Groups Configuration, Internal/External Authentication Configuration, On- Demand Accounts, Policies Configuration, Privilege Lists Configuration and Additional Controls. 1) Groups The Group Overview page gives a summary of which Authentication Servers are used for the corresponding Group.
Page 165: Internal Authentication
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH To allow multiple devices to log in with the same account credentials, define the number here at “Number of devices which are allowed to login”. Multiple device login for the On-Demand authentication option can be configured at selected Billing Plans.
Page 166 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH The default Authentication for “Local” is set at Authentication Server 1. The User Postfix is used for the system to identify which authentication option will be used for the specific user account when multiple options are concurrently in use. To manipulate Local accounts, go to “Configure”...
Page 167 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH The Guest Authentication Option is not technically a user database, but rather a specially designed option to allow a user to access and surf the network without any user account or password. This feature allows the user to associate with a particular Service Zone, enter guest email or a specified string of text by guest questionnaire which may be social security number etc.
Page 168: External Authentication
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH By enabling the “Email Denial List”, some guest email addresses which are disclaimed by certain email domain names would be blocked from internet access. By enabling “Email Verification”, limited free access is provided when an activation link sent by email is clicked by the user.
Page 169: On-Demand Accounts
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 4) On-Demand Accounts Account Creation: Administrators can choose to create a single account or  multiple accounts using the "Batch Create" function. Before accounts can be created, at least one Billing Plan needs to be set up and activated. Accounts can be created with random Usernames and Passwords or created manually (up to 8 characters).
Page 170: Schedule
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Account List: All created On-Demand accounts and related information are listed  on this page. The list also allows administrators to manipulate On-Demand accounts, such as restoring/deleting accounts and Admin Redeem. 5) Schedule The Administrator gets to set different Login Hour permissions to be applied to User Groups in enabled Service Zones.
Page 171: Policies
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 6) Policies Global policy is the system's universal policy including Firewall Profile, Specific Route Profile, Schedule Profile, and Maximum Concurrent Sessions management which will be applied to all users unless the user has been regulated and applied to another policy.
Page 172: Blacklists
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Specific Route Profile: The routing rules to be applied to users under this  policy may be set here. Preferred DHCP Pool: (defined in Service Zone DHCP configurations) It may  be selected here as well.
Page 173: Additional Control
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 9) Additional Control Additional configurations are in this section. They are User Session Control, Built-in RADIUS Server Settings, Customization, Remaining Time Reminder, and MAC ACL. The administrator can control user session such as idle timeout in User Session Control.
Page 174 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH User Session Control Idle Timeout: Configure the time base without activity to deem as idle  timeout. Idle Detect Interval: The time interval for checking for whether the idle  criteria are reached. Successive accumulation of idle intervals exceeding the Idle time configure above, will induce an idle timeout action where the user will be logged out.
Page 175 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Charge Traffic to/from Host in Walled Garden List: For usage or volume  type accounts in the On-Demand user database, administrator has the option to charge or not charge visits to websites that are listed in the walled garden or walled garden ad list.
Page 176 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH can set to refresh every 10/15/20 minutes to show the updated remaining quota. MAC Access Control List MAC ACL: The administrator may configure restraining measures to MAC  address, either MAC allow or deny list.
Page 177: Network
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH C. Network Network: This section is used to configure all the network settings. 1) NAT The NAT function supports 3 types of network address translation: DMZ (Demilitarized Zone), Public Accessible Server and IP/Port Forwarding.
Page 178 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH External IP Address available. Internal and External IP Addresses are entered as a set. After the setup, accessing the WAN will be mapped to access the Internal IP Address. These settings will become effective immediately after clicking the Apply button.
Page 179: Monitor Ip
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Port & IP Forwarding This function allows the administrator to set specific sets of the IP addresses at most for redirection purpose. When the user attempts to connect to a destination IP address listed here, the connection packet will be converted and redirected to the corresponding destination.
Page 180: Walled Garden And Walled Garden Ad
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH be accessed via a hyperlink of device's IP address when the system is operated under NAT mode. 3) Walled Garden and Walled Garden Ad This function provides certain free services for users to access the websites listed here before login and authentication.
Page 181: Proxy Server
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Walled Garden Advertisements are advertisement links for clients to access before they are authenticated by the system. For example, guests without the network access right in hotels can still visit these sites free of charge.
Page 182 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH placed outside the LAN environment or in the Internet. For example, the following diagram illustrates how a proxy server of an ISP is used. Follow the following steps to complete the proxy configuration: Step 1.
Page 183 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH By enabling the built-in Proxy Server, all traffic is forwarded to the local Proxy Server on the controller. Using an External Proxy Server To specify an External Proxy Server, choose the option “External” and fill in the appropriate IP address of the Proxy Server and the utilized port.
Page 184: Local Dns Record
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH NOTE By Enabling the Proxy Server, clients are required to manually check Proxy Server Settings on client stations’ Internet Options. To apply Transparent Proxy, please use Port and IP forwarding. 5) Local DNS Record The administrator could statically assign a Domain Name to IP mappings for all clients connected to the HSG Wireless Hotspot Gateway’s LAN network.
Page 185: Ddns
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 6) DDNS Before activating this function, you must have your Dynamic DNS hostname registered with a Dynamic DNS provider. HSG WIRELESS HOTSPOT GATEWAY supports DNS function to create aliases from the dynamic IP address for the WAN port to a static domain name, allowing the administrator to easily access HSG Wireless Hotspot Gateway’s WAN.
Page 186: Utilities
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH F. Utilities Utilities: This section provides functions for modifying accounts, Backup/Restore system, Firmware upgrade, Restart service, Network utilities, and Certificate. 1) Administrator Account This can be used to create, to edit, to remove, and to check administrator account.
Page 187 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Admin has authority to change his/her own password or add more accounts to the admin list to take (some of) the management responsibility.  Password Complexity enables the admin to limit how the passwords the sub- admins use should be formed.
Page 188 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Passwords should include at least 1 form (capitalized letters/ small letters/ digits/ special characters ) Passwords should include at least 2 forms Passwords should include at least 3 forms Passwords should include at least 4 forms ...
Page 189 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Go to the Generate table to create a sub-admin and define his/her authority limits. In case the administrator forgets his/her password, by entering both email and the Elementary School Name, the account credential will be email to the assigned email address.
Page 190: Backup & Restore
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH  The admin list serves as a list for admins to track the dynamics of each management accounts, i.e., the number of the online admins and the state of each sub-admin. Please note that only the created sub-admins can be deleted. Check the boxes to ‘Lock’...
Page 191 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH be restored. Click the Backup button under General Backup to save the current system configurations to a backup file on a local disk of the management console. A backup file will keep the current system settings as well as the local user accounts.
Page 192: Certificates
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Restore System Settings: Click Browse to search for a .db database backup  file created by the controller and click Restore to restore to the same settings at the time when the backup file was saved. The option of “Keep WAN1 setting and Management IP Address List”...
Page 193 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH System Certificate  This is the certificate that identifies the system. These certificates may be used for applications such as HTTPS login, CAPWAP, and etc. The Controller has a built-in Factory Default Certificate (gateway.example.com) that cannot be removed, but allows certificates to be uploaded.
Page 194 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH A root CA certificate may also be uploaded with a matching Private Key. Internally Issued Certificates  When an Internal Root CA needs to be created, Internally Issued Certificates can be signed. The generated certificate will be listed and the certificate/key pair can be...
Page 195: Network Utilities
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH downloaded with Get Cert, Get key in View. Trusted Certificate Authorities  Apart from self signed certificate and system’s root CA, administrators can also upload other certificates signed by other CA entities or Trusted CAs into the system.
Page 196 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Item Description IPv4  Ping: It allows administrator to detect a device using IP address or Host domain name to see if it is alive or not.  Trace Route: It allows administrator to recover the real path of packets from the gateway to a destination using IP address or Host domain name.
Page 197: Restart
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Status When the administrator is executing any Network Utilities features, the status of the operation is displayed here. Result The operation result is displayed here. 5) Restart Click Restart button to restart the system. Please wait for the blinking timer to finish before accessing the system web management interface again.
Page 198: Status
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH FTP firmware upgrade is also an option. Enter the FTP server IP address, FTP server port, and the FTP account name and password, and lastly specify the complete firmware filename stored on the FTP server that will be used to upgrade the system.
Page 199 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH...
Page 200 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH...
Page 201 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH General System The system name. Firmware The present firmware Name The default name is Version version the model number. WIRELESS HOTSPOT GATEWAY System Displays for how Build Number current build Up Time long the system has number.
Page 202: Interface
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Band The band status, 2.4G, 5G or disabe Report Syslog server 1 The IP address and port number of the external Syslog Server. N/A means that it is not configured. Syslog server 2 The IP address and port number of the external Syslog Server.
Page 203 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Item Description Interface Mode Operating mode of this interface. (WAN) MAC Address The MAC address of the WAN1 port. IP Address The IPv4 address of the WAN1 port. Subnet Mask The Subnet Mask of the WAN1 port.
Page 204: Monitor Users
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 3) Monitor Users All online users/devices will be listed here. The administrator can terminate any user session by clicking the Kick Out button. Non-login users will be listed here as well. Online Users: Successfully authenticated Local Users.
Page 205: Logs & Reports
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 5) Logs & Reports This page is used to check the traffic history of the system which includes Logs such as Configuration Change Log, Local Web Log, RADIUS Server Log, System Log and UAMD Log.
Page 206 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH transactions. RADIUS Server Log: This page displays the RADIUS messages that pass through  the controller. SIP Call Usage: The log provides the login and logout activities of SIP clients  (device and soft clients) such as Start Time, Caller, Callee and Duration (seconds) System Log: This page displays system related logs for event tracing.
Page 207: Reporting
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Date, System Name, Type, Name, Unit, Price, Total Price, IP, IPv6, MAC, Pkts In, Bytes In, Pkts Out, Bytes Out, Activation Time, 1st Login Expiration Time, Account Valid Through, Remark, VLAN ID, Group, Policy, MaxDnLoad, MaxUpload, ReqDnLoad, and ReqUpload.
Page 208 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 5 represent the corresponding E-mail addresses configured in “SMTP Settings”. Click the desired E-mail address profile (1 ~ 5) and select the time interval for sending a report or log. Detail: Clicking this radio button allows the configuration of the E-mail subject ...
Page 209 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH  Sending Logs to SYSLOG The following log types can be sent to external SYSLOG servers configured in “SYSLOG Settings”: Local Users Log, On-Demand Users Log, Trial Users Log, Roaming Out Users Log, Roaming In Users Log, External User Log, Session Log, Firewall Log, Local HTTP Web Log, HTTP Web Log and DHCP Server Log.
Page 210 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH FTP Settings Page:  FTP Destination: This specifies the IP address and port number of your FTP server. If your FTP needs authentication, enter the Username and Password. The “Send Test File” button can be used to send a test log for testing your current FTP destination settings.
Page 211 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH  SMTP Server: Enter the IP address of the sender’s SMTP server.  SMTP Port: By default the port number is 25. Administrator can specify other ports if the SMTP server runs SMTP over SSL.
Page 212: Session List
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH SYSLOG Destinations: Up to two external SYSLOG servers may be configured.  Please enter the IP address and port number of the external SYSLOG server here. System Log: This controls the enabling/disabling of the SYSLOG logging ...
Page 213: Dhcp Lease
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH 8) DHCP Lease The DHCP IP lease information can be viewed on this page. Statistics of IP Offered  Valid lease counts of the Last 10 Minutes, Hours and Days are shown here. The header 1 ~ 10 are the unit multipliers.
Page 214: Routing Table
User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH DHCP Lease List  Valid IP addresses issued from the DHCP Server and related information of the client using this IP address is displayed here. 9) Routing Table The routing table lists all IPv4 Route rules. The System Route rules are shown here as well.
Page 215 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH Policy 1~n: Shows the information of the individual Policy from 1 to n.  Global Policy: Shows the information of the Global Policy.  System: Shows the information of the system administration. ...
Page 216 User’s Manual HSG326 Wireless Hotspot Gateway ENGLISH...

4IPNET HSG326 User Manual

Chapter 1. Introduction

Chapter 2 WMI

Chapter 3. Basic Network Settings

Chapter 4. User Authentication Database

Chapter 5. Group Attributes & Policy Rules

Chapter 6. Basic Service Zone Configuration

Chapter 7. Advance Settings for Network Environment

Chapter 8. Utilities for Controller Management

Chapter 9. Reports and Logs for Monitoring

Chapter 10. Hotspot Application

Chapter 11. Account Roaming

Appendix A. Installation

Appendix B. External

Appendix C. Useful Management & Evaluation Tools

Appendix D. On-Demand Account Types

Appendix E. UI Reference Index

Quick Links

Need help?

Questions and answers

Related Manuals for 4IPNET HSG326

Summary of Contents for 4IPNET HSG326

Table of Contents