4IPNET, INC. Disclaimer 4IPNET, INC. does not assume any liability arising out the application or use of any products, or software described herein. Neither does it convey any license under its parent rights not the parent rights of others.
Page 3
CE. And if you are in Taiwan, please read the Chinese statements under NCC. In addition, it is important for all to read the following Safety Information first. Safety Information All models of OWL800, OWL2000, and HSG800 have been evaluated to, and conforms to the product safety specifications of EN:60950:2001+A11:2004. Caution: This product was qualified under test conditions that included the use of the power supplying equipment.
Page 4
ENGLISH FCC Regulatory Information (for US) FCC Certification OWL800, HSG800 and OWL2000 use the same circuitry and housing except the billing and bandwidth management. The operate in the 2.4 GHz and 5.725 - 5.85 bands. They devices are evaluated and certified according to FCC Rules Part 15 subpart C under one granted FCC-ID: VZ9090001.
This declaration is only valid for configurations (combinations of software, firmware, and hardware) provided and supported by 4ipnet Inc. The use of software or firmware not provided and supported by 4ipnet Inc. may result in the equipment no longer being compliant with the regulatory requirements.
This manual is intended for using by system integrators, professional field engineers and network administrators to help them set up OWL800 for their network deployment. It contains step by step procedures and pictures to guide users with basic network system knowledge to complete the installation.
Page 10
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Return to system Home page. Logout the system. Apply all configurations. Clear all configurations and not to activate them. Clear settings entered by clicking this button. The red asterisk indicates information in this field is compulsory.
(* an optional feature). The metal sealed OWL800 is weatherproof. Coming with a mounting kit, it can be mounded on a pole or on wall. This Quick Installation Guide provides instructions and reference material for getting started with OWL800 (as well as the other two models).
Upper Panel This picture represents ANT 1 ~ ANT 4 connectors from right to left when OWL800 chassis (with Mylar) is faced up. Each of the two radio module (CM9) inside has two antenna connectors for antenna diversity. The required antenna is antenna ANT1 and antenna ANT2.
ENGLISH 3.1.3 Hardware Installation Please follow the steps mentioned below to complete the hardware of OWL800 for configuration. 1. Connect antennas to the required ANT1 and ANT3, which lead to the “Main” contacts of the two radio cards. 2. (Optional) Connect antennas to the required ANT3 and ANT4, which lead to the “Aux” contacts of the two radio cards.
3.2.1 Instruction of Web Management Interface OWL800 provides the web management interface for configuration. OWL800 is a multi-mode system which can be configured as either an access point (AP/Relay Mode with RF1 in AP), a relay (AP/Relay Mode with RF1 in WDS), or a gateway that clients can associate on it based on your needs.
Setup Wizard section is used as the example to illustrate this procedure. Step 1: Connect a client’s PC to OWL800 via any one of the LAN Ports. The IP address will be assigned to the PC automatically via DHCP.
After completing hardware installation, the administrator can configure the OWL800 via web browsers. If the IP address of the administrator’s PC is within the same subnet as OWL800’s, then assigning a static IP address within the same subnet as OWL800’s to the administrator’s PC is needed in order to get Administrator Login Page.
Page 22
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH AP Mode To logout, simply click the Logout icon on the upper right corner of the web management interface to return to the Administrator Login Page. Note: By default, the system is in AP/Relay mode. Therefore, the administrator must login to the system in AP/Relay mode at the first time and then be able to switch the system to the desired mode afterwards.
Page 23
<Gateway Mode> If the IP address of the administrator’s PC is not assigned via DHCP within the same subnet as OWL800’s, then a static IP address assigned to the administrator’s computer within the same subnet as OWL800’s is needed. The following IP address is listed as an example: IP Address: 192.168.1.10...
AP Mode When OWL800 is set in AP/Relay mode, it is a layer2 IP device like a normal AP. No IP sharing (NAT) and routing feature are support. When OWL is set in Gateway mode, it is a layer3 IP device. Like an AP router, OWL800 in the gateway mode support IP sharing (NAT).
Page 26
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Gateway Mode AP Mode Check VAP Profile Settings Click on the AP menu item. 2) Select VAP Configuration from submenu item. 3) Administrator can enable or disable specific VAP from the drop down list of “Profile Name”.
Page 27
Select preferred Channel for the wireless connection. For example, select channel code 149. Note: Depending on your country, the list of allowed channels is different. For example, the OWL800 shipped to US market allow one to select the 5 channels for the WDS within the range of 5.725-5.850 only.
Page 28
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Gateway & AP Mode Configure WDS Settings 1) Click on the WDS menu item. 2) Select WDS Configuration submenu item. 3) Setting WDS link parameters By default, WDS profiles are disabled. First, choose the WDS Profile; enable WDS; supply peer’s MAC address and security type.
4. Menu Configuration (AP & Gateway Mode) This chapter illustrates the detailed configurable settings of OWL800. The following table is the UI and functions supported by OWL800. In the web management interface, there are three main interface areas: Main Menu, Submenu and Working Area.
Page 30
Introduction: OWL800 has equipped a friendly Web graphical user interface for users and system administrators to configure parameters easily and remotely. The recommended web browsers are IE 6.0(TM), Firefox 2.0(TM) and the above. OWL800 provides the web management interface for easier configuration. After completing hardware installation, the administrator can configure the OWL800 through web browsers with JavaScript enabled, such as Mozilla Firefox 2.0 or Internet Explorer version 6.0 and the above.
Page 34
Fields “Name”, “Description” and “Location” are used for mnemonic purpose. It is recommended to have different values for each AP. Time settings allow you to set OWL800’s system time manually or have it synchronized automatically with NTP server. When NTP server is used, NTP server1 must be filled. If FQDN (full qualified domain name) is used, the DNS server setting must also be activated.
Page 35
Time: There are two options of setting system time 1) NTP enabled: By enabling NTP server, OWL800 can synchronize its system time with the NTP server automatically. While this method is selected, at least one NTP server's IP address should be provided.
Page 38
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Mode: Determine the way to obtain the IP address, by DHCP or Static. Static setting: Static setting is to set these parameters manually. Basic parameters such as IP address, subnet mask, and gateway are needed.
Page 39
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH AP Mode Gateway Mode PPPOE: When selecting PPPoE to connect to the network, please set the “Username”, “Password”, “MTU” and “CLAMP MSS”. There is a Dial on demand function under PPPoE. If this function is enabled, a Maximum Idle Time can be set.
Page 40
(Full qualified domain name), ensure at least one of these DNS (Domain Name Service) server’s IP is correct. Layer 2 STP: It depends on the configuration of the OWL800 including wired and wireless settings. When it is configured to bridge several networks, STP needs to be enabled.
Page 42
Server IP Address. Syslog Configuration: By enabling this service, specify a remote Syslog server which could accept system log messages from OWL800 remotely. By reading the Syslog message in the remote server, review activities of all installed OWL800s in the network.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.1.4 VLAN Overview VLAN is to separate one physical network into different logical zones. VLAN overview is a summary table tells you each VLAN’s current status. There are up to 9 tab-based VLANS to enable. Each VLAN is associated to one policy;...
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.1.5 VLAN Configuration Gateway Mode VLAN: This section is where to configure each VLAN. There are 9 VLANs (VLAN0~8). Remark: Text remark about this VLAN. VLAN Tag: each VLAN is identified by different tags carried within message frames. The number that is mapped to the selected VLAN.
Page 46
Network Interface: IP address and Subnet Mask of this VLAN. DHCP Server: Enable DHCP: Make OWL800 your DHCP server. Domain Name: Domain Name looks like “domain.com” that is a better memorable term to IP address. Client looks up a website by entering its domain name or its IP address.
Page 47
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Reserved IP Address list: Reserved IP Address is a static IP address reserved for a special client by his MAC address. Allowed Authentication Method and Applied Policy: Local: Select a policy and apply to local authentication.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.1.6 Walled Garden The Walled Garden supported by the system provides free surfing areas for clients to access before they are authenticated by the system. IP addresses or domain names of the websites can be defined in this list. Clients without network access right can still have a chance to experience the actual network service free of charge.
ENGLISH 4.1.7 Mode OWL800 supports 4 Radio modules; RF1 and RF2 are included in the original package. RF3 and RF4 are optional. From the software perspective, there are modes of two layers; “System Mode” and “Radio module Mode”. AP Mode...
The overall status is collected in this page, including enable/disable state, security type, MAC state, and advanced settings. OWL800 has 8 VAPs; each has its own settings. In the table, please click on each setting item to have detailed configuration of these VAPs respectively.
Page 52
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH State: The hyperlink showing enable or disable connects to the screen of VAP Configuration. Gateway & AP Mode Security Type: The hyperlink showing security type connects to the screen of Security Settings.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.2.2 General Gateway & AP Mode Band: The operating wireless frequency band of the device’s AP module. Choose among frequency band Disable, 802.11b, 802.11g or mixed mode 802.11b+802.11g. (Note: 802.11 a band is only allowed for the second radio, which serves as WDS for bridge/backhaul.)
4.2.3 VAP Configuration Gateway & AP Mode To enable each VAP in the OWL800, the administrator has to configure each VAP individual manually. The settings of each VAP are collected as its profile. VAP: Enable or disabled virtual AP settings.
ENGLISH 4.2.4 Security The OWL800 supports various user authentication and data encryption in each VAP's profile. Thus the administrators can depend on the need to provide different service levels to clients. The security type includes the items on the drop-down menu of security type: None: No authentication required.
WMM: To decide which data streams are most important and assign them a higher traffic priority, we may enable this feature. It is default disabled. IAPP: To provide a better roaming capability for the stations among APs nearby the OWL800, we can enable this item. Its default disabled.
ENGLISH 4.2.6 Access Control The OWL800 supports various methods of authenticate clients from using wireless LAN. The default policy is unlimited connections without any authentication required. To restrict the station number of wireless connections, just change the Maximum number of stations to a desired number. For example, while the number of station is set to 20, only 20 stations are allowed to connect to this VAP.
Page 62
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH MAC ACL Allow List When the policy is set to Allow List, all wireless connection to the VAP will be denied except for those allowed MAC addresses listed. For each allowed MAC address, the administrator can still enable or disabled the rule applied to the specified one.
ENGLISH 4.3 WDS OWL800 has equipped with Wireless Distribution System interfaces, and each interface can establish up to 4 WDS links to other WDS peers. In WDS configuration, each WDS-link setting is collected into one profile. This section provides information in the following functions: WDS Link Overview, WDS Interface Settings, WDS Link Settings, and WDS Discovery.
To use WDS discovery, both ends must equipped with this feature containing shared secret. For example, the remote one is also an OWL800. Each WDS interface has its own RF (Radio Frequency) settings; normally, valid combination of RF parameters configuration would like the following table.
For each WDS link profile, the administrators need to remote peer's MAC address and the authentication method for establishing connection to the peer. Gateway & AP Mode WDS Profile: Total 8 profiles included in the OWL800 device, pull the drop-down menu to select one WDS profile to configure. WDS: Enable or Disable the specified WDS link.
Gateway & AP Mode OWL800 provides easy-to-use peer discovery feature, the WDS discovery, which both ends must have the same 'shared secret'. Please refer to WDS RF settings for the shared secret. The remote peer must also have the same 'Scan' feature equipped.
Client Device Settings. 4.4.1 Local Local user database is built locally in OWL800. To add new user accounts, enter specific information (User Name, Password, MAC Address, and Remark) and click Add. All created accounts are displayed in the User List.
Page 69
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Multiple Login: When enabled, the same Local user account can be used for login by multiple users at the same time. 802.1X Authentication: When enabled, Local user database will be used as internal RADIUS database for 802.1X-enabled LAN devices, such as AP and switch.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.4.2 RADIUS The system supports user authentication against external RADIUS servers. It functions as a RADIUS authenticator for external RADIUS servers. To enable the RADIUS authentication, enter the related information for the primary RADIUS server and/or the secondary RADIUS server (not required).
Page 72
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Postfix: It is a string used by the system to distinguish which database/server will be used for authentication when a user enters the user name to log in. For example, when the Postfix is configured as “radius1”, user1@radius1 will tell the system to use this RADIUS server.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.4.3 On-demand There are some deployment scenarios (for example, at venues such as coffee shops, hotels, restaurants, etc.) where retail customers or casual visitors want to get wireless Internet access. To offer the Wi-Fi access (either for commercial use or for free), user accounts should be able to be created upon request and account tickets/receipts should also be provided.
Page 74
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Receipt Header: There are two receipt headers supported by the system. The entered content will be printed on the receipt. These headers are optional. SSID: The administrator can enter the defined wireless SSID in this field and it will be printed on the receipt for guest users’...
Page 76
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH On-demand Account Creation: When at least one plan is enabled, the administrator can generate On-demand user accounts here. Gateway Mode On-demand Account List: All created On-demand accounts are listed and related information on is also provided.
Page 77
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Username: The login name of the instant account.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.4.4 Policy The system supports multiple control Policies, including the Global Policy and individual Policy (1 ~ 16). Each Policy consists of access control profiles that can be configured respectively and applied to users.
Page 79
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Policy 1 ~ Policy 16: Gateway Mode >> Individual Policy Firewall Profile: Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules. Specific Route Profile: The default gateway of WAN1, WAN2, or a desired IP address can be defined in a policy.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.4.5 Firewall Firewall rules in the Global Policy or individual Policy (1 ~ 16) can be defined to filter the traffic that travels through the system. When a packet matches the specified Source, Destination, and Protocol, the corresponding Action (Pass or Block) will be taken.
Page 81
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH subnet - 192.168.2.xxx. Protocol: The specific service protocol for the filtering rule - ALL, TCP/UDP, TCP, UDP, ICMP, and IP. Action: Pass is to allow the packet to pass; Block is to block the packet from passing.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.4.6 Route Static routing rules in the Global Policy or individual Policy (1 ~ 24) can be defined to specifically route the traffic that travels through the system. When no rule is defined, all traffic will go through the system’s default gateway (WAN interface).
Page 83
ENGLISH 4.4.7 802.1X OWL800 supports 802.1X authentication. In the Supplicant <-> Authenticator <-> Authentication Server architecture, The system will only allow 802.1X-enabled devices (Authenticator) to send 802.1X authentication request to internal or external RADIUS server. For more information, please see Appendix B. 802.1X Support.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.5 Utilities This section provides information on four utilities used for customizing and maintaining the system, including Change Password, Import & Export, Backup & Restore, System Upgrade, Reboot, Scan and Upload Certificate.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.5.2 Import & Export Gateway Mode Import Local User: Click Browser button to select the file for uploaded user account and then click Import to execute the process. Export Local User: Click Export button to create all build-in user account information and click Open or Save to view or save the user’s file.
4.5.3 Backup & Restore This function is used to backup and to restore the OWL800 settings. The OWL800 can also be restored to the factory default settings using this function. It can be used to duplicate settings to other access points (backup settings and then restore in another AP).
ENGLISH 4.5.4 System Upgrade OWL800 provides Web firmware upload/upgrade feature. While the new firmware is obtained, it has to put locally in the administrator’s computer. The users can easily download the latest firmware from the website and upgrade the system. To upgrade the system firmware, click Browse button to choose the new firmware file and then click Apply button to execute the process.
ENGLISH 4.5.5 Reboot This function allows the administrator to restart the OWL800 safely. The process should take about three minutes. Click Reboot button to restart the system. Please wait for the blinking timer to finish before accessing the system web management interface again.
4.5.6 Scan OWL800 provides this Scan feature for users to figure out the wireless status from the view of VAPs. It probes the WLAN and retrieves the information from clients. Thus, while compare scan result to the VAPs settings, it can avoid unexpected conflict in settings and tune the corresponding parameters.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.5.7 Upload Certificate Gateway & AP Mode The administrator can upload new private key and customer certification, external certificate issued by public or private authority. Click the first Browse button to select the Private Key or Certificate. Click the second Browse button to select the file for the certificate upload.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.6 Status This section provides information on the following functions: System Overview, WDS List, Antennas, Associated Clients, Event Log, Online Users and User Log. 4.6.1 Overview The section provides an overview of the system status for the administrator. System's overall status, for individual setting and status, please check them in each configuration page.
Page 93
The description of the table is as the following: Description Item The present firmware version of OWL800 Firmware Version The system name. The default is OWL800 System Name The network time server that the system is set to Device Time align.
“Auxiliary” connector. The “Main” connector must be connected with an antenna. The “Auxiliary” is optionally connected to an antenna. The above picture represents ANT 1 ~ ANT 4 connectors from right to left when OWL800 chassis (with Mylar) is faced up.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.6.5 Event Log Gateway & AP Mode Event log provides the system activities records and monitor the system status by checking this log. In the log, normally, each line represent an event record; And in each line, there are fields such as Date, Time, Name or Status.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.6.6 Online Users All online users’ information can be obtained by using this function. These include User name, IP Address, MAC Address, Idle Time, and Action. The administrator can use this function to force a specific online user to log out, or terminate any user session by clicking the hyperlink of Action.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH 4.6.7 User Log This function is used to check the history of the system and it will be kept up to 3 days. All records are sorted by date and listed accordingly. Please note that these records are stored on the volatile memory and will be lost if the system is powered off.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Appendix A. Session Limit and Session Log Session Limit To prevent ill-behaved clients or malicious software from using up system’s connection resources, administrators will have to restrict the number of concurrent sessions that a client can establish.
Page 101
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH The following table shows the fields of a session log record. Field Description Date and Time The date and time that the session is established Session Type [New]: This is the newly established session.
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Appendix B. 802.1X Support What is IEEE 802.1X ? The 802.1X-2001 standard states: "Port-based network access control makes use of the physical access characteristics of IEEE 802 LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases which the authentication and authorization fails.
Page 103
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Example #1: OWL800 is configured in the way that Local user database acts like an internal RADIUS server. 192.168.1.254 192.168.1.64 hq-user1@hq-radius 802.1X Authentication Gateway Mode (EAP-Request) Supplicant Authenticator Internal RADIUS (Local Database)
Page 105
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Configuration Steps: Step 1: Configure the external RADIUS server Enable the Extensible Authentication Protocol and enter the information of the RADIUS server in the RADIUS page. Step 2: Specify the 802.1X Client Device (Authenticator) The system will only allow this 802.1X-enabled client device (AP) to send 802.1X authentication request...
Page 106
Step 3: Configure the RADIUS server setting of the AP (Authenticator) Example #3 : Local Database of OWL800 acts like an external RADIUS server for remote gateway to service “Roaming Out” users. Note: In this example, the AP is not enabled as 802.1X Authenticator; therefore, the “Roaming Out User” will be authenticated via web-based login page, instead of 802.1X client window.
Page 107
User’s Manual OWL800 / OWL2000 / HSG800 ENGLISH Configuration Steps: Step 1: Enable Local database for use of Roaming Out User When Account Roaming Out in Local User Setting is enabled, Local database will act like an internal RADIUS server.