Subscribe to Our Youtube Channel
Related Manuals for NetComm IAC3000
Summary of Contents for NetComm IAC3000
-
Page 1: User Guide
IAC3000 - Internet Access Controller User Guide IAC3000 User Guide www.netcomm.com.au... -
Page 2: Table Of Contents
Table of Contents Chapter 1. Before You Start ........................1 Purpose..............................1 Document Convention ..........................1 Chapter 2. System Overview ........................2 Introduction of IAC3000.........................2 System Concept ............................2 Capacity and Performance ........................3 Chapter 3. Base Installation ........................4 Hardware Installation..........................4 3.1.1 System Requirements............................4 3.1.2 Package Contents ............................4 3.1.3... - Page 3 AP Management............................90 4.3.1 AP List ................................91 4.3.2 AP Discovery ..............................96 4.3.3 Manual Configuration..........................100 4.3.4 Template Settings............................101 4.3.5 Firmware Management ..........................102 4.3.6 AP Upgrade...............................103 4.3.7 WDS Management............................104 Network Configuration ........................105 4.4.1 Network Address Translation........................106 4.4.2 Privilege List.............................108 4.4.3 Monitor IP List............................110 4.4.4 Walled Garden List / Walled Garden Ad List....................
- Page 4 Appendix C. Service Zone Deployment Example ....................164 Appendix D. Proxy Setting..........................177 Appendix E. Session Limit and Session Log......................183 Appendix F. Network Configuration on PC & User Login................185 Appendix G. Console Interface...........................201 Appendix H. Local VPN............................205 Appendix I. Customizable Pages ........................211 ..................211 Appendix J.
-
Page 5: Chapter 1. Before You Start
This manual is intended for the system or network administrators with the networking knowledge to complete the step by step instructions of this manual in order to use the IAC3000 for a better management of their network system and user data. -
Page 6: Chapter 2. System Overview
This is very useful for hotspot owners seeking to provide different customers or staff with different levels of network services. The following diagram is an example of IAC3000 set to manage the Internet and network access services at a hotspot venue. -
Page 7: Capacity And Performance
IAC3000 User Manual 2.3 Capacity and Performance Capacity and Performance IAC3000 Concurrent Users Local Accounts 1000 On-demand user Accounts 2,000 Managed Access Points (NP725) Monitored 3rd-Party Access Points VPN Termination Tunnels VPN 3DES/DES Throughput 30 Mbps... -
Page 8: Chapter 3. Base Installation
Standard 10/100BaseT network cables with RJ-45 connectors All PCs need to install the TCP/IP network protocol 3.1.2 Package Contents The standard package of IAC3000 includes: IAC3000 x 1 CD-ROM (with User Manual) x 1 DC 12V Power Adapter x 1... -
Page 9: Panel Function Descriptions
WAN1/WAN2: Two WAN ports (10 Base-T / 100Base-TX RJ-45) are available on the system. LAN1~LAN8: Client machines connect to IAC3000 via LAN ports (10 Base-T / 100Base-TX RJ-45). Note: By Default, all LAN ports are set with Port-based Default Service Zone; for Service Zone configuration, please refer to section 4.1.7. -
Page 10: Installation Steps
Ethernet cable to an administrator’s PC or a client PC, AP, or switch in managed network. The LED of the connected port should be on to indicate a proper connection. Attention: IAC3000 supports Auto Sensing MDI/MDIX. You may use either straight through or cross-over cable to connect the Ethernet Port. -
Page 11: Software Configuration
JavaScript enabled such as Internet Explorer version 6.0 and above or Firefox. There are two ways to configure the IAC3000 system: using the online Configuration Wizard or changing the settings by commands manually. The Configuration Wizard comprises of six basic steps as follows. Follow the instructions of Configuration Wizard to enter the required information step by step, save your settings, and restart IAC3000. - Page 12 After a successful login, a “Welcome to System Administration” page will appear on the screen. If ‘https’ is used instead of ‘http’ for accessing the IAC3000 web management interface, by default, the IAC3000 is not using a trusted SSL certificate (for more information, please see 4.2.5 Additional Configuration), there will be a “Certificate Error”, because the browser treats IAC3000 as an illegal website.
- Page 13 IAC3000 supports three kinds of account interface. You can log in as admin, manager or operator. The default username and password as follows. Admin: The administrator can access all area of the IAC3000. User Name: admin Password: admin Manager: The manager can access the area under User Authentication to manage the user account, but no permission to change the settings of the profiles of Firewall, Specific Route and Schedule.
- Page 14 IAC3000 User Manual Operator: The operator can only access the area of Create On-demand User to create and print out the new on- demand user accounts. User Name: operator Password: operator...
- Page 15 User Manual After a successful login to IAC3000, a web management interface with a welcome message will appear. Note: To logout, simply click the Logout icon on the upper right corner of the interface to return to the login screen.
- Page 16 IAC3000 User Manual Click Next to continue. Step 2. Choose System’s Time Zone Select a proper time zone from the drop-down list box. Click Next to continue.
- Page 17 Home Page: Enter the URL that users should be initially directed to when successfully authenticated to the network. NTP Server: Enter the URL of the external time server for IAC3000 time synchronization or use the default setting. Click Next to continue.
- Page 18 IAC3000 User Manual Enter the “IP Address”, “Subnet Mask” and “Default Gateway” “DNS Server” provided by your ISP. Click Next to continue. PPPoE Client: Set PPPoE Client’s Information Enter the “Username” and “Password” provided by the ISP. Click Next to continue.
- Page 19 IAC3000 User Manual Step 5. Add Local User Account (Optional) A new user can be added to the Local User database. To add a user here, enter the Username (e.g. test), Password (e.g. test), MAC Address (optional, to specify the valid MAC address of this user) and assign an Applied Group to this particular user (or use the default None).
- Page 20 User Manual Step 6. Save and Restart IAC Click Restart to save current settings and restart IAC3000. The Setup Wizard is now complete. Restart: When IAC3000 is restarting, a “Restarting now. Please wait for a moment.” message will appear on the screen.
- Page 21 IAC3000 User Manual Note: For an example of user login, please refer to Appendix F. Network Configuration on PC & User Login.
-
Page 22: User Login Portal Page
1. First, provided the steps in 3.1.4 and the quick set up wizard were completed, you may now connect a client’s device (for example, a PC) to the controlled port of IAC3000, and set the device to obtain an IP address automatically. - Page 23 IAC3000 User Manual...
- Page 24 IAC3000 User Manual 3. When an on-demand user login successfully, the following Login Success page will appear. There is extra information showing “Remaining usage” and a “Redeem” button on the bottom. Remaining usage: Show the remaining quota that the on-demand user can use to surf Internet.
- Page 25 IAC3000 User Manual Redeem: When the remaining credit is going to use up, the client has to pay for adding credit to the counter, and then, the client will get a new username and password. After clicking the Redeem button, a Redeem Page will appear.
-
Page 26: Chapter 4. Web Interface Configuration
IAC3000 User Manual Chapter 4. Web Interface Configuration This chapter will guide you through further detailed settings. The following table is the UI and functions of the IAC3000. System User Network OPTION Utilities Status Configuration Authentication Management Configuration Network Configuration... -
Page 27: System Configuration
IAC3000 User Manual 4.1 System Configuration This section includes the following functions: Configuration Wizard, System Information, WAN1 Configuration, WAN2 Configuration, WAN Traffic Settings, LAN Port Mapping and Service Zones. -
Page 28: Configuration Wizard
User Manual 4.1.1 Configuration Wizard There are two ways to configure the IAC3000 system: using the online Configuration Wizard or changing the settings by commands manually. The Configuration Wizard comprises of 6 basic steps, providing a simple and easy way to go through the basic setups of IAC3000 (Refer to section 3.2). -
Page 29: System Information
LAN ports. A user on client machine can use this domain name to access IAC3000 instead of its IP address. In addition, when “Use the name on the security certificate” option is checked, the system will use the CN (Common Name) value of the uploaded SSL certificate as the domain... - Page 30 Home Page: Enter the website of a Web Server to be the homepage. When users log in successfully, they will be directed to the homepage set. Usually, the homepage is set to the company’s website, such as http://www.netcomm.com.au. If the home page function is disabled, the user will be directed to the URL she/he tries to visit originally.
-
Page 31: Wan1 Configuration
IAC3000 User Manual 4.1.3 WAN1 Configuration There are 4 methods of obtaining IP address for the WAN Port: Static IP Address, Dynamic IP Address, PPPoE and PPTP Client. Static IP Address: Manually specifying the IP address of the WAN port. The red asterisks indicate required fields to be filled in. - Page 32 IAC3000 User Manual PPPoE Client: When selecting PPPoE to connect to the network, please set the “Username”, “Password”, “MTU” and “CLAMPMSS”. There is a Dial on demand function under PPPoE. If this function is enabled, a Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself.
-
Page 33: Wan2 Configuration
IAC3000 User Manual 4.1.4 WAN2 Configuration Select None to disable this WAN2 interface, or there are 3 connection types for the WAN2 port: Static IP Address, Dynamic IP Address, and PPPoE Client. None: The WAN2 Port is disabled. Static IP Address: Manually specifying the IP address of the WAN port. The red asterisks indicate required fields to be filled in. - Page 34 IAC3000 User Manual PPPoE Client: When selecting PPPoE to connect to the network, please set the “UserName” and “Password”. There is a Dial on demand function under PPPoE. If this function is enabled, Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself.
-
Page 35: Wan Traffic Settings
IAC3000 User Manual 4.1.5 WAN Traffic Settings The section is for administrators to configure the control over the entire system’s traffic though the WAN interface (WAN1 and WAN2 ports). Available Bandwidth on WAN Interface: Uplink: It specifies the maximum uplink bandwidth that can be shared by clients of the system. - Page 36 IAC3000 User Manual Warning of Internet Disconnection: When enabled, there is a text box available for the administrator to enter a reminding message. This reminding message will appear on clients' screens when Internet connection is down. An example of the reminding message can be “Sorry! The service is temporarily unavailable.”...
-
Page 37: Lan Port Mapping
User Manual 4.1.6 LAN Port Mapping IAC3000 supports multiple Service Zones in either of the two VLAN modes, Port-Based or Tag-Based, but not concurrently. In Port-Base mode, each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports. - Page 38 Select Service Zone Mode: Select a VLAN mode, either Port-Based or Tag-Based. Note: The switches deployed under IAC3000 in Port-Based mode must be Layer 2 switches only. The switch deployed under IAC3000 in Tag-Based mode must be a VLAN switch only.
- Page 39 IAC3000 User Manual Tag-Based: When the Tag-Based mode is selected, traffic from different virtual Service Zones will be distinguished by VLAN tagging, instead of by physical LAN ports. Select Tag-Based and then click Apply to activate the Tag-Based VLAN function. When a restart message screen appears, do NOT restart the system until you have completed the configuration under the Service Zones tab first.
-
Page 40: Service Zones
IAC3000 User Manual 4.1.7 Service Zones A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices. Service Zones can be set up as port-based or tag-based. For example, using a tag-based method to deploy Service Zones, by associating a unique VLAN Tag and SSID with each Service Zone, administrators can separate one physical network into different logical zones. - Page 41 IAC3000 User Manual SSID: The SSID that is associated with the Service Zone. WLAN Encryption: Data encryption method for wireless networks within the Service Zone. Applied Policy: The global policy that is applied to the Service Zone. This is for users who are not assigned to any group such as users who access the network using Walled Garden.
- Page 42 Configuration >> System Information >> Management IP Address List) to permit the administrator to access the IAC3000 admin page after the default IP address of the network interface is changed. Preferred DNS Server: The primary DNS server that is used by this Service Zone.
- Page 43 IAC3000 User Manual WINS server is applicable to this service zone. Lease Time: This is the time period that the IP addresses issued from the DHCP server are valid and available. Reserved IP Address List: Each service zone can reserve up to 40 IP addresses from predefined DHCP range to prevent the system from issuing these IP addresses to downstream clients.
- Page 44 IAC3000 User Manual Authentication Status: When enabled, users must be authenticated before they get access to the network within this Service Zone. Authentication Options: There are total seven types of authentication database (LOCAL, POP3, RADIUS, LDAP, NTDOMAIN, ONDEMAND, and SIP) that are supported by the entire system. For each Service Zone, up to six authentication options can be enabled, and one of them can be set as the default option –...
- Page 45 IAC3000 User Manual Click Configure to have further configuration or view the details. Click Enabled of the desired Group option(s) to allow the clients of the selected Group(s) to log into this Service Zone after a successful authentication. Moreover, a pre-defined Policy can be applied to any Group in this Service Zone.
- Page 46 IAC3000 User Manual All managed APs that belong to this service zone are listed here.
-
Page 47: User Authentication
IAC3000 User Manual 4.2 User Authentication This section includes the following functions: Authentication Configuration, Black List Configuration, Group Configuration, Policy Configuration and Additional Configuration. -
Page 48: Authentication Configuration
For the Authentication Settings of each Service Zone, please see 4.1.7 Service Zones. Server Name: There are several authentication options supported by IAC3000: Server 1 to Server 4, On- demand User, and SIP. Click the hyperlink of the respective Server Name to configure the authentication server. - Page 49 User Manual Authentication Server Configuration IAC3000 provides four authentication servers and one on-demand server that the administrator can apply with different policy. Click on the server name to set the configuration for that particular server. After completing and clicking Apply to save the settings, go back to the previous page to select a server to be the default server and enable or disable any server on the list.
-
Page 50: Local
IAC3000 User Manual 4.2.1.1 Local Choose “Local User” from the Authentication Method field, the button besides the pull-down menu will become “Local User Setting”. Click the button of Local User Setting for further configuration. Edit Local User List: It let the administrator view / add, and delete local user account. The Upload User button is for importing a list of user account from a text file. - Page 51 Note: Local VPN in IAC3000 is an additional secure login VPN feature for IAC3000 local users/subscribers. The software design for ‘Local VPN in IAC3000’ is tightly coupled with Active X, which is supported by Windows-platform Internet Explorer where Active X program is supported.
- Page 52 IAC3000 User Manual The uploading file must be a text file and each line should contain the following information in this specific order: Username, Password, MAC Address, Applied Group, Remark, and Enable Local VPN. No spaces are allowed between fields and commas. The MAC field can be omitted, but the trailing comma must be retained.
- Page 53 IAC3000 User Manual Del All: Click on this button to delete all the users at once and click on Delete to delete the user individually. Edit User: If editing the content of individual user account is needed, click the username of the...
- Page 54 IAC3000 User Manual Click the hyperlink RADIUS Client List to enter the Radius Client Configuration interface. Choose the desired type, Disable, Roaming Out or 802.1X, and key in the 802.1X client’s IP address and network mask and then click Apply to complete the settings.
-
Page 55: Pop3
Note: Local VPN in IAC3000 is an additional secure login VPN feature for IAC3000 local users/subscribers. The software design for ‘Local VPN in IAC3000’ is tightly coupled with Active X, which is supported by Windows-platform Internet Explorer where Active X program is supported. -
Page 56: Radius
IAC3000 User Manual Server IP: The IP address of the external POP3 Server. Port: The authentication port of the external POP3 Server. SSL Setting: The system supports POP3S. Check the check box beside to Enable SSL Connection to POP3S. 4.2.1.3... - Page 57 Note: Local VPN in IAC3000 is an additional secure login VPN feature for IAC3000 local user/subscribers. The software design for ‘Local VPN in IAC3000’ is tightly coupled with Active X, which is supported by Windows-platform Internet Explorer where Active X program is supported.
- Page 58 RADIUS server. PAP (Password Authentication Protocol) transmits passwords in plain text without encryption. CHAP (Challenge Handshake Authentication Protocol) is a more secure authentication protocol with hash encryption. Notice: If the RADIUS Server does not assign idle-timeout value, the IAC3000 will use the local idle- timeout.
-
Page 59: Ldap
Note: Local VPN in IAC3000 is an additional secure login VPN feature for IAC3000 local users/subscribers. The software design for ‘Local VPN in IAC3000’ is tightly coupled with Active X, which is supported by Windows-platform Internet Explorer where Active X program is supported. - Page 60 IAC3000 User Manual Server IP: The IP address of the external LDAP server. Port: The authentication port of the external LDAP server. Base DN: The Distinguished Name for the navigation path of LDAP account. Account Attribute: The attribute of LDAP accounts.
-
Page 61: Nt Domain
Note: Local VPN in IAC3000 is an additional secure login VPN feature for IAC3000 local users/subscribers. The software design for ‘Local VPN in IAC3000’ is tightly coupled with Active X, which is supported by Windows-platform Internet Explorer where Active X program is supported. - Page 62 IAC3000 User Manual Server IP: The IP address of the external NT Domain Server. Transparent Login: This function refers to Windows NT Domain single sign on. When Transparent Login is enabled, clients will log in to the system automatically after they have...
-
Page 63: Ondemand
IAC3000 User Manual 4.2.1.6 ONDEMAND There are some deployment scenarios (for example, at venues such as coffee shops, hotels, motels, restaurants, etc.) where retail customers or casual/walk-in visitors want to get wireless Internet access. To offer the Wi-Fi access (either for commercial use or for free), user accounts should be able to be created upon request and account tickets/receipts should also be provided. - Page 64 IAC3000 User Manual update the billing notice of the login successful page by the time interval defined here. Number of Tickets: Print one or duplicate receipts, when pressing the print button of the ticket printer which connected to serial port.
- Page 65 IAC3000 User Manual Receipt Header: There are three receipt headers supported by the system. The entered content will be printed on the receipt. These headers are optional. Receipt Footer: The entered content will be printed on the receipt. This footer is optional.
- Page 66 IAC3000 User Manual Volume: Total traffic volume (xx Mbytes), up to which on-demand users are allowed to transfer data. Cut-off: Specify an absolute clock time of a day (HH:MM; range: 00:00 ~ 23:59) when the account expires. Quota: The limit on how On-demand users are allowed to access the network.
- Page 67 IAC3000 User Manual Authorize.Net Before setting up “Authorize.Net”, it is required that the merchant owners have a valid Authorize.Net account. Please see Appendix A. Accepting Payments via Authorize.Net for more information about opening an Authorize.Net account, relevant maintenance functions, and an example for end users.
- Page 68 IAC3000 User Manual Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer. Choose Billing Plan for Authorize.Net Payment Page These 10 plans are the plans configured in Billing Plans page, and all previously enabled plans can be further enabled or disabled here, as needed.
- Page 69 IAC3000 User Manual Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content Authorize.Net Payment Page Fields Configuration Item: Check the box to show this item on the customer’s payment interface. Displayed Text: Enter what needs to be shown for this field.
- Page 70 IAC3000 User Manual information of a transaction. This field may contain any format of information. First Name: The first name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter John in the First Name field indicating this customer’s name.
- Page 71 IAC3000 User Manual PayPal Payment Page Configuration Business Account: This is the “Login ID” (email address) that is associated with the PayPal Business Account. Payment Gateway URL: This is the default website address to post all transaction data. Identity Token: This is the key used by PayPal to validate all the transactions.
- Page 72 IAC3000 User Manual Enable/Disable: Choose to enable or disable the plan. Quota: The usage time or condition of each plan. Price: The price charged for this plan. Client’s Purchasing Record/ PayPal Payment Page Remark Content Client’s Purchasing Record Starting Invoice Number: An invoice number may be provided as additional information with a transaction.
- Page 73 IAC3000 User Manual Secure Pay Payment Page Configuration Merchant ID: This is the “Login ID” that is associated with the Secure Pay Business Account. Merchant Password: This is the Merchant Password that is associated with the Secure Pay Business Account.
- Page 74 IAC3000 User Manual PayPal Payment Page Remark Content The message content will be displayed as a special notice to end customers in the page of “Rate Plan”. For example, it can describe the cautions for making a payment via Secure Pay.
- Page 75 IAC3000 User Manual Status: Show the status in enabled or disabled. Function: Press Create button for the desired plan. You can add an operator’s remark and press the Create button again. An On-demand user account will be created, and then click Printout to...
- Page 76 IAC3000 User Manual On-demand Account List All created On-demand accounts are listed and related information on is also provided. Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed.
-
Page 77: Sip
IAC3000 User Manual 4.2.1.7 The system provides SIP proxy for SIP clients (devices or soft clients) pass through NAT. After enable SIP proxy server, all SIP traffic can pass through NAT with a selective but fixed WAN interface. Administrator will be able to add up to four trusted SIP Registrars. A group can be chosen to govern SIP traffic. -
Page 78: Black List Configuration
IAC3000 User Manual 4.2.2 Black List Configuration The administrator can add, delete, or edit the black list for user access control. Each black list can include up to 40 users. Users’ accounts that appear in the black list will be denied of network access. The administrator can use the pull-down menu to select the desired black list. - Page 79 IAC3000 User Manual If removing a user from the black list is desired, select the user’s “Delete” check box and then click the Delete button to remove that user from the black list.
-
Page 80: Group Configuration
IAC3000 User’s Manual 4.2.3 Group Configuration There are 8 groups to choose from. Local users can be classified by applying Group options. A Group which is allowed to access a Service Zone can be applied with a Policy within this zone. The same Group within different Service Zones can be applied with different Policies as well as different Authentication Options. - Page 81 IAC3000 User’s Manual Voice, Video, Best-Effort and Background. Voice and Video traffic will be placed in the high priority queue. When Best-Effort or Background is selected, more bandwidth management options such as Downlink and Uplink Bandwidth will appear. Group Total Downlink: Defines the maximum bandwidth allowed to be shared by clients within this Group.
- Page 82 IAC3000 User’s Manual Zone Permission Configuration & Policy Assignment – Group X A Group can be assigned to one Service Zone or multiple Service Zones. Moreover, a Group can be applied with different Policies within different Service Zones. Remote VPN is considered as a zone, where clients log into the system via remote VPN.
- Page 83 IAC3000 User’s Manual Group Option: The name of Group options available for selection. Enabled: Select Enabled to allow clients of the enabled Groups to log in to this Service Zone under constraints of the selected Policies. Check Enabled of the respected Group to assign it/them to the Service Zone listed. For example, the above figure shows, clients in Group 1~8 can access Default Service Zone, where they are governed by Policy 1~8 respectively.
-
Page 84: Policy Configuration
User’s Manual 4.2.4 Policy Configuration IAC3000 supports multiple Policies, including one Global Policy and 12 individual Policy. Each Policy consists of access control profiles that can be configured respectively and applied to a certain Group of users. Global Policy is the system’s universal policy and applied to all clients, while other individual Policy can be selected and defined to be applied to any Service Zone. - Page 85 IAC3000 User’s Manual Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. Predefined and Custom Service Protocols: There are predefined service protocols available for firewall rules editing.
- Page 86 IAC3000 User’s Manual Rule Number: This is the rule selected “1”. Rule No. 1 has the highest priority; rule No. 2 has the second priority, and so on. Rule Name: The rule name can be changed here. Source/Destination – Interface/Zone: There are choices of ALL, WAN1, WAN2, Default, and the named Service Zones to be applied for the traffic interface.
-
Page 87: Policy 1~12
IAC3000 User’s Manual Maximum Concurrent Session for User: Include Maximum Concurrent Session for User, from 10 to Unlimited. The concurrent sessions for each user, it can be restricted by administrator. Note: For more information, please refer to Appendix E. Session Limit and Session Log. - Page 88 IAC3000 User’s Manual Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. Predefined and Custom Service Protocols: This link leads to a Service Protocols List where the administrator can defined a list of service by protocols (TCP/UDP/ICMP/IP).
- Page 89 IAC3000 User’s Manual Rule Item: This rule number of the selected rule. Rule No. 1 has the highest priority; Rule No. 2 has the second priority, and so on. Rule Name: The rule name can be changed here. Source / Destination – Interface/Zone: There are choices of ALL, WAN1, WAN2, Default and the Service Zones to be applied to the traffic interface.
- Page 90 IAC3000 User’s Manual Enable: Check Enable box to activate this function or uncheck to inactivate it. Destination / IP Address: The destination network address or IP address of the destination host. Please note that, if applicable, the system will calculate and display the appropriate value based on the combination of Network/IP Address and Subnet Mask that are just entered and applied.
-
Page 91: Additional Configuration
IAC3000 User’s Manual 4.2.5 Additional Configuration User Control: Functions under this section apply to all general users. Idle Timer: If a user has idled with no network activities, the system will automatically kick out the user. The logout timer can be set between 1~1440 minutes, and the default logout time is 10 minutes. - Page 92 IAC3000 User’s Manual Without a valid certificate, users may encounter the following problem in IE7 when they try to open the login page. Click “Continue to this website” to access the user login page. To Use Default Certificate: Click Use Default Certificate to use the default certificate and key. Click restart to validate the changes.
- Page 93 Enhance User Authentication: With this function, only the users with their MAC addresses in this list can log into IAC3000. There are 40 users maximum allowed in this MAC address list. User authentication is still required for these users. Please enter the Permit MAC Address List to fill in these MAC addresses, select Enable, and then click Apply.
-
Page 94: Ap Management
User’s Manual 4.3 AP Management IAC3000 supports to manage up to 12 NP725 access points (AP), and they can be configured in this section. This section includes the following functions: AP List, AP Discovery, Manual Configuration, Template Settings, Firmware Management, AP Upgrade and WSD Management. -
Page 95: Ap List
4.3.1 AP List All of the APs under the management of IAC3000 will be shown in the list. The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status. - Page 96 IAC3000 User’s Manual Click Apply Template to select one template to apply to the AP. Click Apply Service Zone to setup one Service Zone to the AP.
- Page 97 IAC3000 User’s Manual AP Name Click AP Name and enter the interface about related settings. There are four kinds of settings, General Settings, LAN Interface Setting, Wireless Interface Setting and Access Control Setting. Click the hyperlink to go on the configuration.
- Page 98 IAC3000 User’s Manual LAN Setting: Click LAN to enter the LAN Setting interface. Input the data of LAN including IP address, Subnet Mask and Default Gateway of AP. Wireless LAN: Click Wireless LAN to enter the Wireless interface. The data of Properties and Security need to be filled.
- Page 99 IAC3000 User’s Manual Data Rate: The default is Auto. Available range is from 1 to 54Mbps. The rate of data transmission should be set depending on the speed of the wireless network. Select from a range of transmission speed is desired or keep the default setting, Auto, to make the Access Point automatically use the fastest rate possible.
-
Page 100: Ap Discovery
4.3.2 AP Discovery Use this function to detect and manage all of the APs in the network segments. Note that IAC3000 can only manage APs that are connected to its LAN ports. Therefore, the AP discovery function is for adding locally connected APs to its management list. - Page 101 IAC3000 User’s Manual configuration. The Interface and AP Access configuration is the same as the settings mentioned above. When Background AP Discovery function is enabled, the system will scan once every 10 minutes or according to the time set by the administrator.
- Page 102 IAC3000 User’s Manual Discovered AP List: The discovered new APs will be listed here. When the system’s Service Zone is set to Tag-based mode, service zones also can be assigned here. After clicking Add, the current management page is directed to AP List, where the newly added APs will show up with a status of “configuring”. It may take a couple of minutes to see the status of the newly added AP to change from “configuring”...
- Page 103 IAC3000 User’s Manual After scanning, new APs will be listed in the Discovered AP List. Click the desired names of Service Zone for Tag-based mode. Add the selected AP to the list by checking the AP and clicking Add button.
-
Page 104: Manual Configuration
IAC3000 User’s Manual 4.3.3 Manual Configuration The AP also can be added manually even though when it is offline. Input the related data of the AP and select a Template. After clicking Add, the AP will be added to the managed list. -
Page 105: Template Settings
IAC3000 User’s Manual 4.3.4 Template Settings Template is a model that can be copied to every AP and not necessary to configure the AP individually. There are three templates provided. Click Edit to go on configuration. Before configure the template, copy the configuration mode of an AP to the template by selecting a Source AP, and without configuring the template from the beginning, administrators can also revise some settings for demand. -
Page 106: Firmware Management
IAC3000 User’s Manual 4.3.5 Firmware Management Preloaded Firmware displays the current version of the AP’s firmware. New firmware can be uploaded here to update the current firmware. To upload, click Browse to select the file and then click Upload. -
Page 107: Ap Upgrade
IAC3000 User’s Manual 4.3.6 AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware, and click Apply to upgrade firmware. -
Page 108: Wds Management
IAC3000 User’s Manual 4.3.7 WDS Management WDS Management (Wireless Distribution System) is a function used to connect APs (Access Points) wirelessly. The WDS management function of the system can help administrators to setup a WDS network topology. WDS Status: Status shows the added APs in the WDS Tree with the Security and Channel settings. The WDS could be set up more than one tree. -
Page 109: Network Configuration
IAC3000 User’s Manual 4.4 Network Configuration This section includes the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled Garden List, Walled Garden Ad List, Proxy Server Properties, Dynamic DNS, IP Mobility and VPN Configuration. -
Page 110: Network Address Translation
IAC3000 User’s Manual 4.4.1 Network Address Translation There are three parts, Demilitarized Zone, Public Accessible Server and Port and IP Redirect, that can be set. The system supports up to 40 sets of Internal IP address (LAN) to External IP address (WAN) mapping in the Static Assignments. - Page 111 IAC3000 User’s Manual Public Accessible Server This function allows the administrator to set 40 virtual servers at most, so that client devices outside the managed network can access these servers within the managed network. Different virtual servers can be configured for different sets of physical services, such as TCP and UDP services in general. Enter the “External Service Port”, “Local Server IP Address”...
-
Page 112: Privilege List
IP addresses of these workstations in this list. The “Remark” blank is not necessary to be filled in but is useful in record-keeping. IAC3000 allows 100 privilege IP addresses at most. These settings will become effective immediately after clicking Apply. - Page 113 IAC3000 User’s Manual Warning: Permitting specific MAC addresses to have network access rights without going through standard authentication process at the controlled port may cause security problems.
-
Page 114: Monitor Ip List
4.4.3 Monitor IP List IAC3000 will send out a packet periodically to monitor the connection status of the IP addresses on the list. If the monitored IP address does not respond, the system will send an e-mail to notify the administrator that such destination is not reachable. -
Page 115: Walled Garden List / Walled Garden Ad List
IAC3000 User’s Manual 4.4.4 Walled Garden List / Walled Garden Ad List This function provides some free services to the users to access websites listed here before login to the network and without being authenticated. Up to 20 addresses or domain names of the websites can be defined in this list. - Page 116 IAC3000 User’s Manual Up to 10 addresses or domain names of the websites can be entered and displayed in the subscriber login page. Click on ‘Edit’ and enter the website IP address or Domain Name, Topic and Description in the list then click Apply.
- Page 117 IAC3000 User’s Manual Caution: To use the domain name, the IAC3000 has to connect to DNS server first or this function will not work.
-
Page 118: Proxy Server Properties
Internal Proxy Server: IAC3000 has a built-in proxy server. If this function is enabled, the end users will be forced to treat IAC3000 as the proxy server regardless of the end-users’ original proxy settings. -
Page 119: Dynamic Dns
4.4.6 Dynamic DNS IAC3000 provides a convenient DNS function to translate a domain name to the IP address of WAN port that helps the administrator memorize and connect to WAN port. If the DHCP is activated at WAN port, this function will also update the newest IP address regularly to the DNS server. -
Page 120: Ip Mobility
4.4.7 IP Mobility IAC3000 supports IP PNP function. At the user end, a static IP address can be used to connect to the system. Regardless of what the IP address at the user end is, authentication can still be performed through IAC3000. -
Page 121: Vpn Configuration
POTS. VPN creates a private encrypted tunnel from the end user's computer, through the local wireless network, through the Internet, all the way to the corporate servers and database. IAC3000 provides 3 types of VPN for different network usage scenarios. Here we’ll use local VPN as an example. Local VPN Local VPN allows users to create the VPN tunnel between a user's device and IAC3000, to encrypt wired and wireless data transmission. - Page 122 Note: Local VPN in IAC3000 is an additional secure login VPN feature for IAC3000 local users/subscribers. The software design for ‘Local VPN in IAC3000’ is tightly coupled with Active X, which is supported by Windows-platform Internet Explorer where Active X program is supported.
- Page 123 IAC3000 User’s Manual transmission. Click Add A New Site Entry button to set configuration about remote VPN capable devices such as a VPN gateway. Click Add A Local Entry button to set configuration about local site. Click Add A Remote Site to enter the Remote VPN Gateway page for further configuration.
- Page 124 IAC3000 User’s Manual Click NEW to enter the screen of Remote VPN Gateway.
-
Page 125: Utilities
IAC3000 User’s Manual 4.5 Utilities This section provides four utilities to customize and maintain the system including Change Password, Backup/Restore Settings, Firmware Upgrade, Restart and Network Utilities. -
Page 126: Change Password
User’s Manual 4.5.1 Change Password IAC3000 supports three accounts with different access privileges. Choose to log in as admin, manager or operator. The default password and access privilege for each account are as follow: Admin: The administrator can access all configuration pages of the IAC3000. -
Page 127: Backup/Restore Setting
Backup current system setting: Click Backup to create a .db database backup file and save it on disk. Restore system setting: Click Browse to search for a .db system setting file that backed up from the IAC3000 and click Restore to restore settings. -
Page 128: Firmware Upgrade
User’s Manual 4.5.3 Firmware Upgrade IAC3000 device firmware upgrade is performed in this section of the web management interface. Click Browse to search for the firmware file and click Apply to process firmware upgrade. The firmware upgrade process may take a few minutes to complete and the system needs to be restarted to make the new firmware become effective. -
Page 129: Restart
This function allows the administrator to safely restart IAC3000 and the process should take about 100 seconds. Click YES to restart IAC3000; click NO to go back to the previous screen. If turning off the power is necessary, it is recommended to restart IAC3000 first and then turn off the power after completing the restart process. -
Page 130: Network Utilities
IAC3000 User’s Manual 4.5.5 Network Utilities This function allows the administrators to manage functions including Wake-on-LAN, Ping, Trace Route, and showing ARP Table by entering IP or Domain Name. Wake on LAN: It allows the system to remotely boot up a power-down computer with Wake-On-LAN feature enabled and is on the LAN side. -
Page 131: Status
IAC3000 User’s Manual 4.6 Status This section includes System Status, Interface Status, Routing Table, Current Users, Traffic History, and Notification Configuration to provide system status information and online user status. -
Page 132: System Status
IAC3000 User’s Manual 4.6.1 System Status This section provides an overview of the system for the administrator. - Page 133 The present firmware version of IAC3000 Current Firmware Version The current build number. Build The system name. The default is IAC3000 System Name Home Page The page the users are directed to after initial login success. The IP address and port number of the external Syslog Server. N/A Syslog server-Traffic History means that it is not configured.
-
Page 134: Interface Status
IAC3000 User’s Manual 4.6.2 Interface Status This section provides an overview of the interface for the administrator including WAN1, WAN2, SZ default~8. • • •... - Page 135 IAC3000 User’s Manual The description of the table is as follows. Description Item The MAC address of the WAN1 port. MAC Address The IP address of the WAN1 port. WAN1 IP Address The Subnet Mask of the WAN1 port. Subnet Mask The MAC address of the WAN2 port.
-
Page 136: Routing Table
IAC3000 User’s Manual 4.6.3 Routing Table All the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface. - Page 137 IAC3000 User’s Manual Policy 1~12: Shows the information of the individual Policy from 1 to 12. Global Policy: Shows the information of the Global Policy. System: Shows the information of the system administration. Destination: The destination IP address of the device.
-
Page 138: Current Users
IAC3000 User’s Manual 4.6.4 Current Users In this function, each online user’s information including Username, IP, MAC, Pkts In, Bytes In, Pkts Out, Bytes Out, Idle, Location and Kick Out will be shown. Administrators can force out a specific online user by clicking the hyperlink of ”Logout”... -
Page 139: Traffic History
4.6.5 Traffic History This function is used to check the history of IAC3000. The history of each day will be saved separately in the DRAM for 3 days. Sorted by time, the traffic history provides all login and logout activity of specific date. Other information includes User Name, IP address, MAC address, In-bound Packet Count, Out-bound Packet Count, In- bound Byte Count, and out-bound Byte Count. - Page 140 IAC3000 User’s Manual If the History Email has been entered under the Notification Configuration page, the system will automatically send out the history information to that email address. Traffic History As shown in the following figure, each line is a traffic history record consisting of 9 fields, Date, Type, Name, IP, MAC, Pkts In, Bytes In, Pkts Out, and Bytes Out, of user activities.
- Page 141 IAC3000 User’s Manual Monthly Network Usage of Local User The system will record the network usage of local users every month. In addition, the data will be stored locally for up to two months and can be exported as a text file in CSV format. As follows are the descriptions of fields in the usage record.
-
Page 142: Notification Configuration
User’s Manual 4.6.6 Notification Configuration IAC3000 can automatically send the notification of Monitor IP Report, Traffic History, On-demand User Log, Session Log and AP status to up to 3 particular e-mail address. The notification of AP Status is triggered by the event when a managed AP becomes unreachable while the other types of emails are sent periodically in given intervals such as 1 hour. - Page 143 IAC3000 User’s Manual SMTP: The IP address of the sender’s SMTP server. Auth Method: The system provides four authentication methods, Plain, Login, CRAM-MD5 and NTLMv1, or “None” to use none of the above. Depending on which authentication method selected, enter the Account Name, Password and Domain.
-
Page 144: Help
IAC3000 User’s Manual 4.7 Help On the screen, the Help button is on the upper right corner. Click Help to the Online Help window and then click the hyperlink of the items to get the information. - Page 145 IAC3000 User’s Manual...
-
Page 146: Appendix A. Accepting Payment Via Authorize.net
IAC3000 User’s Manual Appendix A. Accepting Payment via Authorize.Net This section is to show independent Hotspot/IAC owners how to configure related settings in order to accept credit card payments via Authorize.Net, making the Hotspot an e-commerce environment for clients to pay for and obtain... - Page 147 IAC3000 User’s Manual...
- Page 148 1. Setting Up 1.1 Open Accounts To set up IAC3000 to process credit card billing, the merchant owner will need two accounts (Internet Merchant account and Authorize.Net account). If you are looking for a merchant account or Internet payment gateway to process transactions, you can fill out the Inquiry Form on http://www.authorize.net/solutions/merchantsolutions/merchantinquiryform/.
- Page 149 “MD5 Hash Value”. Note: For detailed description, please see 4.2.1.6 ONDEMAND Authentication 1.3 Configure the Authorize.Net Merchant Account to Match the Configuration of IAC3000 Settings of the merchant account on Authorize.Net should be matched with the configuration of IAC3000: Setting Description To configure “MD5 Hash Value”, please log in Authorize.Net >>...
-
Page 150: Basic Maintenance
Authorize.Net as well as IAC3000. 2.1 Void A Transaction and Remove the On-demand Account Generated on IAC3000 Sometimes, a transaction (as well as the related user account on IAC3000) may have to be canceled before it has been settled with the bank. - Page 151 3.2 Transaction Statistics by Different Location a. To deploy more than one IAC3000, the way to distinguish transactions from different locations is to make the invoice numbers different. To change the invoice setting, please log in IAC3000. User Authentication >>...
- Page 152 IAC3000 User’s Manual b. Please log in Authorize.Net >> Click Search and Download >> Specify the transaction period (or ALL Settled, Unsettled) in “Settlement Date” section >> Go to “Transaction” section >> Enter the first part of invoice number plus an asterisk character (for example, Hotspot-A*) in the “Invoice #” text box >> Click Search >> If transaction records can be found, the number of accounts sold is the number of search results >>...
- Page 153 IAC3000 User’s Manual...
- Page 154 IAC3000 User’s Manual Step 3: Please fill out the form and Click Submit to send out this transaction. There will be a confirm dialog box. Step 4: Please confirm the data and the click OK to go on the transaction or click Cancel to revise the data or cancel this transaction.
- Page 155 IAC3000 User’s Manual...
- Page 156 IAC3000 User’s Manual Step 5: Click OK to complete the process or click Cancel to revise the data or cancel this transaction. Step 6: Click Start Internet Access to use the Internet access service. Note: The clients must fill in the correct credit card number and expiration date. Card code is the last 3 digits of the security code located on the back of your credit card.
-
Page 157: Appendix B. Accepting Payment Via Paypal
IAC3000 User’s Manual Appendix B. Accepting Payment via PayPal This section is to show independent Hotspot/IAC owners how to configure related settings in order to accept payments via PayPal, making the Hotspot an e-commerce environment for clients to pay for and obtain Internet... - Page 158 IAC3000 User’s Manual Setting Up As follows are the basic steps to open and configure a “Business Account” on PayPal. 1.1 Open An Account Step 1: Sign up for a PayPal Business Account and login. Here is a link: https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run Step 2: Edit necessary settings in “Website Payment Preferences”...
- Page 159 IAC3000 User’s Manual Settings Screenshots Auto Return (On) Return URL (Redirect Webpage) Type http://www.www.com or other URL. Payment Data Transfer (On) Block Non-encrypted Website Payment (Off) PayPal Account Optional (Off) Contact Telephone Number (Off) Click Save.
- Page 160 IAC3000 User’s Manual 1.2 Configure IAC3000 with a PayPal Business Account Please log in IAC3000: User Authentication >> Authentication Configuration >> Click the server On-demand User >> External Payment Gateway >> Click Configure >> External Payment Gateway >> Select PayPal...
- Page 161 >> Click Details of the payment listing >> Username can be found in the “Item Title” field (2) To find the password associated with a specific username, please log in IAC3000: User Authentication >> Authentication Configuration >> Click the server On-demand User >> On-demand Account List >>...
- Page 162 IAC3000 User’s Manual Note: As stated by PayPal, you can issue a full or partial refund for any reason and for 60 days after the original payment was sent. To find the on-demand account name for a specific payment, click Details of the payment listing in the activity history log >>...
- Page 163 IAC3000 User’s Manual 3.2 Search for the transaction details for a specific customer Please log in PayPal >> Click History >> Click Advanced Search >> Enter the name for a specific customer as criteria in the Search For field and Choose Last Name or First Name in the In field >> Specify the time period >>...
- Page 164 IAC3000 User’s Manual Examples of Making Payment for End Users Step 1: Click the link below the login window to pay for the service via PayPal. Step 2: Choose I agree to accept the terms of use and click Next.
- Page 165 IAC3000 User’s Manual Step 4: You will be redirected to PayPal website to complete the payment process.
- Page 166 IAC3000 User’s Manual...
- Page 167 IAC3000 User’s Manual Step 5: Click Start Internet Access to use the Internet access service. Note: Payment is accepted via PayPal. PayPal enables you to send payments securely online using PayPal account, a credit card or bank account. Clicking on Buy Now button, you will be redirected to PayPal’s site to make payment.
-
Page 168: Appendix C. Service Zone Deployment Example
In Port-Based mode, each LAN port can only serve traffic from one Service Zone. An example of network application diagram is shown as below: one Service Zone for Employees and another for Guests. Note: The switches deployed under IAC3000 in Port-Based mode must be Layer 2 switches only. Configuration Steps for Port-Based Service Zones: Step 1: Configure Service Zone 1 for Guests Assume that LAN1 is assigned to the Service Zone 1 (SZ1) for Guests. - Page 169 IAC3000 User’s Manual Check the Enable radio button of Service Zone Status to activate SZ1. Enter a name for SZ1 (e.g. “Guest”) in the Service Zone Name field. Step 3: Configure Authentication Settings for SZ1 Check the Enable radio button to enable Authentication Required for the Zone.
- Page 170 IAC3000 User’s Manual A warning message “You should restart the system to activate the changes.” will appear at the bottom of the page. Do NOT restart the system until you have completed all the configuration steps.
- Page 171 IAC3000 User’s Manual LAN1 is now configured for Guests. Step 5: Configure Service Zone 2 for Employees Assume that LAN2 is assigned to the Service Zone 2 (SZ2) for Employees. Select the Service Zones tab and click Configure of SZ2.
- Page 172 IAC3000 User’s Manual Step 7: Configure Authentication Settings for SZ2 Check the Enable radio button to enable Authentication Required for the Zone. Check the Default button and Enabled box of Server 1 to set LOCAL authentication method as default. Disable all other authentication options.
- Page 173 IAC3000 User’s Manual A warning message “You should restart the system to activate the changes.” will appear at the bottom of the page. Click the hyperlink of Restart to restart the system and activate all configurations. Step 9: Restart the System A confirmation message of “Do you want to restart the system?”...
- Page 174 IAC3000 User’s Manual Note: Please do not interrupt the system during the restarting process. Once the settings of two Service Zones are completed, the configured result will be displayed in the Service Zone Settings page: SZ1 and SZ2 are both enabled.
- Page 175 VLAN tags carried within message frames. An example of network application diagram is shown as below: one Service Zone for Employees and another for Guests. Note: The switch deployed under IAC3000 in Tag-Based mode must be a VLAN switch only.
- Page 176 IAC3000 User’s Manual Configuration Steps for Tag-Based Service Zones: The following example assumes the system is in factory default status and just powered up. Step 1: Set Tag-Based mode Click the System menu and select the LAN Port Mapping tab. Select Tag-Based mode and click Apply. A warning message “You should restart the system to activate the changes.”...
- Page 177 IAC3000 User’s Manual Step 2: Configure Service Zone 1 for Guest Select the Service Zones tab and click Configure of SZ1. Step 3: Configure Basic Settings for SZ1 Check the Enable radio button of Service Zone Status to activate SZ1.
- Page 178 IAC3000 User’s Manual changes you have made. Step 4: Configure Service Zone 2 for Employee Select the Service Zones tab and click Configure of SZ2. Step 5: Configure Authentication Settings for SZ2 Check the Enable radio button of Service Zone Status to activate SZ2.
- Page 179 IAC3000 User’s Manual Step 6: Set Policy SZ2 Select Policy 2 from the drop-down list box. Click Apply to activate the settings made so far. A warning message “You should restart the system to activate the changes.” will appear at the bottom of the page. Do NOT restart the system until you have completed all the configuration steps.
- Page 180 IAC3000 User’s Manual Step 8: AP Discovery Select AP Discovery in AP Management. Choose the AP Type, the Interface port has been selected. Select Factory Default in the section of Admin Settings Used to Discover. If selecting manually, type the range of IP address in the section.
-
Page 181: Appendix D. Proxy Setting
Appendix D. Proxy Setting Basically, a proxy server can help clients access the network resources more quickly. This section presents basic examples for configuring the proxy server settings of IAC3000. Using Internet Proxy Server The first scenario is that a proxy server is placed outside the LAN environment or in the Internet. For example, the... - Page 182 IAC3000 User’s Manual Follow the steps below to complete the proxy configuration: Step 1. Log into the system by using the admin account. Step 2. Network >> Proxy Server >> External Proxy Servers page. Add the IP address (leaving it blank means any IP address) and port number of the proxy servers into External Proxy Servers setting.
- Page 183 IAC3000 User’s Manual Caution: It is required that the proxy server setting of the clients match with the proxy server setting of the system. Otherwise, users will not be able to get the Login page for authentication via browsers and it will show an error page in the browser.
- Page 184 IAC3000 User’s Manual Using Extranet Proxy Server The second scenario is that a proxy server is placed in the Extranet (such as DMZ), which all users from the Intranet or the Internet are able to access. For example, the following diagram shows that a proxy server of an organization in the DMZ will be used.
- Page 185 IAC3000 User’s Manual Follow the following steps to complete the proxy configuration: Step 1. Log in the system by using the admin account. Step 2. Network >> Proxy Server >> External Proxy Servers page. Add the IP address and port number of the proxy server into External Proxy Servers setting.
- Page 186 IAC3000 User’s Manual Caution: It is required that the proxy server setting of the clients match with the proxy server setting of the system. Otherwise, users will not be able to get the Login page for authentication via browsers and it will be shown an error...
-
Page 187: Appendix E. Session Limit And Session Log
IAC3000 User’s Manual Appendix E. Session Limit and Session Log Session Limit To prevent ill-behaved clients or malicious software from using up the system’s connection resources, the administrator can restrict the number of concurrent sessions that a user can establish. - Page 188 IAC3000 User’s Manual An example of session log data is shown as below: 27 Jan 12:35:05 2009 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1626 DIP=203.125.164.132 DPort=80 27 Jan 12:35:05 2009 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1627 DIP=203.125.164.132 DPort=80 27 Jan 12:35:06 2009 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1628 DIP=203.125.164.142 DPort=80 27 Jan 12:35:06 2009 [New]user1@local TCP MAC=00:09:6b:cd:83:8c SIP=10.1.1.37 SPort=1629 DIP=203.125.164.142 DPort=80...
-
Page 189: Appendix F. Network Configuration On Pc & User Login
User’s Manual Appendix F. Network Configuration on PC & User Login Network Configuration on PC After IAC3000 is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup. Internet Connection Setup Windows 9x/2000 1) Choose Start >>... - Page 190 IAC3000 User’s Manual 3) Choose “I want to set up my Internet connection manually, or I want to connect through a local Area network (LAN)”, and then click Next. 4) Choose “I connect through a local area network (LAN)” and then click Next.
- Page 191 IAC3000 User’s Manual 6) Choose “No” and then click Next 7) Finally, click Finish to exit the Internet Connection Wizard. Now, the set up is completed. Windows XP 1) Choose Start >> Control Panel >> Internet Option.
- Page 192 IAC3000 User’s Manual 2) Choose the Connections tab, and then click Setup. 3) When the Welcome to the New Connection Wizard window appears, click Next. 4) Choose “Connect to the Internet” and then click Next.
- Page 193 IAC3000 User’s Manual 5) Choose “Set up my connection manually” and then click Next. 6) Choose “Connect using a broadband connection that is always on” and then click Next. 7) Finally, click Finish to exit the Connection Wizard. Now, the setup is completed.
- Page 194 With the factory default settings, during the process of starting the system, IAC3000 with DHCP function will automatically assign an appropriate IP address and related information for each PC. If the Windows operating system is not a server version, the default settings of the TCP/IP will regard the PC as a DHCP client, and this function is called “Obtain an IP address automatically”.
- Page 195 IP Address, Subnet Mask and DNS Server address provided by your ISP and the Gateway address of IAC3000. Note: If your PC has been set up completed, please inform the network administrator before proceeding to the following steps.
- Page 196 IAC3000 User’s Manual 4.2) Click on the Gateway tab. Enter the gateway address of IAC3000 in the “New gateway” field and click Add. Then, click OK. 4.3) Click on DNS Configuration tab. If the DNS Server field is empty, select “Enable DNS”...
- Page 197 4) Using DHCP: If you want to use DHCP, choose “Obtain an IP address automatically”, and then click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from IAC3000.
- Page 198 “Default gateways” column and the TCP/IP Gateway Address window will appear. 5.4) Enter the gateway address of IAC3000 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to complete the configuration.
- Page 199 IAC3000 User’s Manual Check the TCP/IP Setup of Window XP 1) Select Start >> Control Panel >> Network Connection. 2) Right click on the Local Area Connection icon and select “Properties”. 3) Click on the General tab and choose “Internet Protocol (TCP/IP)”, and then click Properties.
- Page 200 OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from IAC3000. 5) Using Specific IP Address: If you want to use a specific IP address, acquire the following...
- Page 201 5.3) Click on the IP Settings tab and click Add below the “Default gateways” column and the TCP/IP Gateway Address window will appear. 5.4) Enter the gateway address of IAC3000 in the “Gateway” field, and then click Add. After back to the IP Settings tab, click OK to finish...
- Page 202 1. Open an Internet browser and try to connect to any website (in this example, we try to connect to www.google.com). For the first time, if the IAC3000 is not using a trusted SSL certificate (for more information, please see 4.2.5 Additional Configuration), there will be a “Certificate Error”, because the browser treats IAC3000 as an illegal website.
- Page 203 User’s Manual Remaining Usage time. 3. Successful! The Login Successful page appearing means IAC3000 has been installed and configured successfully. Now, you are connected to the network and Internet! Note: When On-demand accounts are used (for example, we use d9d5@ondemand here), the system will display...
- Page 204 IAC3000 User’s Manual 4. Remaining Usage: The remaining quota of this On-demand account that the user can surf the Internet. 5. Redeem: When the remaining quota is insufficient, the user can add up the quota by purchasing an additional account. Please enter the new username and password in the Redeem Page and click ENTER button to merge the two accounts so that there will be more quota for the original account.
-
Page 205: Appendix G. Console Interface
3. Once the console port of IAC3000 is connected properly, the console main screen will appear automatically. If the screen does not appear in the terminal simulation program automatically, please try to press the arrow keys, so that the terminal simulation program will send some messages to the system, where the welcome screen or main menu should appear. - Page 206 IAC3000 User’s Manual...
- Page 207 IAC3000 User’s Manual Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems. The utilities are described as follows: Ping host (IP): By sending ICMP echo request to a specified host and wait for the response to test the network status.
- Page 208 Caution: Although it does not require a username and password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore, we recommend you to immediately change the IAC3000 Admin username and password after logging in the system for the first time. Reload factory default Choosing this option will reset the system configuration to the factory defaults.
-
Page 209: Appendix H. Local Vpn
IAC3000 User’s Manual Appendix H. Local VPN The system is equipped with IPSec VPN feature. To utilize IPSec VPN supported by Microsoft Windows XP SP2 (with patch) and Windows 2000 operating systems, the system implements IPSec VPN tunneling technology between client’s windows devices and the system itself regardless of wired or wireless network. - Page 210 IAC3000 User’s Manual During the first-time login to IAC3000, Internet Explorer will ask clients to download an ActiveX component of IPSec VPN. Once this ActiveX component is downloaded, it will run in parallel with the “Login Success Page” after the page being brought up successfully. The ActiveX component helps set up individual IPSec VPN tunnels between clients and IAC3000 and check the validity of IPSec VPN tunnels between them.
- Page 211 IAC3000 User’s Manual 2. Limitations The limitation on the client side due to ActiveX and Windows OS includes: Internet Connection Firewall of Windows XP or Windows XP SP1 is not compatible with IPSec protocol. It shall be turned off to allow IPSec packets to pass through.
- Page 212 IAC3000 User’s Manual Suggestion: Please TURN OFF Internet Connection Firewall feature or upgrade the Windows OS into Windows XP SP2. 4. ICMP and Active Mode FTP On Windows XP SP2 that is without patch KB889527, ICMP packets will be dropped from IPSec tunnel. This issue can be fixed by upgrading patch KB889527.
- Page 213 IAC3000 User’s Manual b. Terminate the Internet Explorer Task from Windows Task Manager Suggestion: Do not terminate this VPN task of Internet Explorer. c There are some cases of Windows messages by which the system will hint current user to: (1) Close the Windows Internet Explorer.
- Page 214 IAC3000 User’s Manual C:\> del VPNClient_1_5.ocx c. What can I do if unable establish IPSec connection for Windows XP SP1? ANS: Disable Windows XP firewall...
-
Page 215: Appendix I. Customizable Pages
IAC3000 User’s Manual Appendix I. Customizable Pages There are five users’ login and logout pages for each service zone that can be customized by administrators. Go to System Configuration >> Service Zone >> Service Zone Settings Configure >> Custom Pages. - Page 216 IAC3000 User’s Manual Custom Pages >> Login Page >> Uploaded Page Choose Uploaded Page and upload a login page.
- Page 217 IAC3000 User’s Manual The user-defined login page must include the following HTML codes to provide the necessary fields for user name and password. And if the user-defined login page includes an image file, the image file path in the HTML code must be the image file to be uploaded.
- Page 218 IAC3000 User’s Manual Custom Pages >> Logout Page The administrator can apply their own logout page in the menu. As the process is similar to that of the Login Page, please refer to the “Login Page >> Uploaded Page” instructions for more details.
- Page 219 IAC3000 User’s Manual Custom Pages >> Login Success Page >> Default Page Choose Default Page to use the default login success page. Custom Pages >> Login Success Page >> Template Page Choose Template Page to make a customized login success page. Click Select to pick up a color and then fill in all of the blanks.
- Page 220 IAC3000 User’s Manual Custom Pages >> Login Success Page >> External Page Choose the External Page selection and get the login success page from the specific website. In the External Page Setting, enter URL of the external login page and then click Apply. After applying the setting, the new login success page can be previewed by clicking Preview button at the bottom of this page Custom Pages >>...
- Page 221 IAC3000 User’s Manual Custom Pages>> Login Success Page for On-demand Users>> Template Page Choose Template to make a customized login success for on-demand account. Click Select to pick up a color and then fill in all of the blanks. Click Preview to see the result.
- Page 222 IAC3000 User’s Manual Custom Pages >> Login Success Pages for On-demand Users >> External Page Choose the External Page selection and get the login success page from the specific website. In the External Page Setting, enter URL of the external login page and then click Apply. After applying the setting, the new login success page can be previewed by clicking Preview button at the bottom of this page.
- Page 223 IAC3000 User’s Manual Custom Pages >> Logout Success Page >> Uploaded Page Choose Uploaded Page and get the logout success page to upload. Click the Browse button to select the file for the logout success page upload. Then click Submit to complete the upload process.
-
Page 224: Legal & Regulatory Information
(3) The power supply that is provided with this unit is only intended for use with this product. Do not use this power supply with any other product or do not use any other power supply that is not approved for use with this product by NetComm. Failure to do so may cause damage to this product, fire or result in personal injury. - Page 225 To the extent permitted by the Relevant Acts, in relation to your product and any other materials provided with the product (“the Goods”) the liability of NetComm under the Relevant Acts is limited at the option of NetComm to: Replacement of the Goods;...
- Page 226 Note: NetComm Technical Support for this product only covers the basic installation and features outlined in the Quick Start Guide. For further information regarding the advanced features of this product, please refer to the configuring sections in the User Guide or contact a Network Specialist.
Need help?
Do you have a question about the IAC3000 and is the answer not in the manual?
Questions and answers