1. Manuals
  2. Brands
  3. PheeNet Manuals
  4. Gateway
  5. WMS-308N
  6. User manual

PheeNet WMS-308N User Manual

Network access control gateway / controller
Hide thumbs Also See for WMS-308N:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
Network Access Control
Gateway / Controller
User's Manual Ver.1.0.0
WMS-308N

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the WMS-308N and is the answer not in the manual?

Questions and answers

Related Manuals for PheeNet WMS-308N

Summary of Contents for PheeNet WMS-308N

  • Page 1 Network Access Control Gateway / Controller User's Manual Ver.1.0.0 WMS-308N...

  • Page 2: Table Of Contents

    3.2.2 Quick Configuration ........................19   3.2.3 Access Internet ......................... 22   Chapter 4. Web Interface Configuration ..................23 Connect WMS-308N to the external Network ..................24   4.1.1 Network Requirement ....................... 24   4.1.2 Configure WAN Port ......................... 24  ...
  • Page 3 4.3.2.3 Configure On-Demand ....................59   4.3.2.3.1 Create Billing Plans ..................60   4.3.2.3.2 Create On-Demand Users ................62   4.3.2.3.3 Configure External Payment Gateway ............. 65   4.3.2.3.4 Configure Thermal Printer ................68   4.3.2.3.5 Billing Plan Report ................... 73  ...
  • Page 4 Appendix F. Example of AP Device Connection With VLAN ..........147 Appendix G. Use Template to setup Managed APs..............150 Appendix H. Use Auto Recovery To Setup Managed AP............153...
  • Page 5 The WMS-308N is a full-featured Network Access Control Gateway / Controller that aggregates up to 120 access points (APs), built-in 5000 local accounts/ on-demand accounts and delivers centralized control and security for wireless deployments. The WMS-308N is designed for applications in which a compact, cost-effective”all-in-one” networking solution is required.
  • Page 6 The WMS-308N – applies to public access network such as WiFi-Hotspot, network management guest access, hospitality deployments – which requires reliability, efficiency, and security. It combines an IP Router / Firewall, Multi-WAN / QoS enforcement and Access Controller for use in wireless environments.
  • Page 7 WMS-308N Network Access Control Gateway User's Manual Access Point Management and Support WMS-308N Network Access Gateway / Controller Support Max: 120 Access Points per Controller Max: 500 wireless client per Controller Provide Local Account : 5000 AP Management – Control - Monitoring Centralized AP Management AP Group management –maintain a set of setting templates that simplify the task to assign the...

  • Page 8: Wireless Security

    WMS-308N Network Access Control Gateway User's Manual AP User Statistic – Maintain all wireless clients connection history and depict statics in diagrams Support Monitor IP on third-party APs System alarms and status reports on managed APs Topology Monitor-list monitored device; periodically updates devices’ status...

  • Page 9: User Management

    APs Service Domain Integrating with WAP-854NP/ WAP-954GP and other PheeNet products to have Service Domain feature and each Service Domain can have its own settings: The network is divided into maximum of 8 groups, each defined by VLAN Tag...

  • Page 10: Dual Wan

    WMS-308N Network Access Control Gateway User's Manual Authentication Authentication : single sign-on (SSO) client with authentication integrated into the local authentication environment through local/domain, LDAP, RADIUS, POP3, MAC authentication Customizable Login and Logout Portal Pages Customizable Advertisement Links on Login Portal Page User authentication with UAM (Universal Access Method), 802.1X/EAPoLAN, MAC address...

  • Page 11: System Administration

    WMS-308N Network Access Control Gateway User's Manual Multiple Domain Support By Traffic Bandwidth Management by individual and distribution on different network(Service Domain) WAN Connection Detection Firewall Built-in DoS attack protection Inspection Full stateful packet filter Access Control List Multiple Domain Support Active Firewall Session –...

  • Page 12: Network Management

    WMS-308N Network Access Control Gateway User's Manual Network Management Event Syslog Status monitoring of on-line users IP-based monitoring of network devices Interface connection status Support Syslog for diagnosing and troubleshooting User traffic history logging User’s session log can be sent to Syslog server...

  • Page 13: Specification

    WMS-308N Network Access Control Gateway User's Manual WMS-308N Hardware Specifications Base Platform 32-bit , MIPS24K Processor CPU Clock Speed 680 MHz Serial Port 1 (DB-9) USB Port 1 ( Optional 3G interface radio with major brands – ODM only) Reset Switch Built-in...
  • Page 14 4. WAN1/WAN2 : Two WAN ports are available on the system. LED Green ON indicates 10/100-Mbps link is established on the port. LED Amber ON indicates 1000-Mbps link is established on the port. 5. LAN : Clients devices connect to WMS-308N via LAN ports...
  • Page 15 WMS-308N Network Access Control Gateway User's Manual Rear Panel 1. Power SOCKET (12V DC) : Attach the power socket here.

  • Page 16: Installations

    3. Connect WMS-308N to your network device. Connect one end of the Ethernet cable to LAN port of WMS-308N on the front panel. Connect the other end of cable to a PC for configuring the system. The LAN LED indicator should be ON to indicate a proper connection.

  • Page 17: Hardware Installation

    1. Once the hardware installation is done, set DHCP in TCP/IP of the administrator's PC to get an IP address automatically. Connect the PC to the LAN port of WMS-308N. An IP address will be assigned to the PC automatically via the WMS-308N.
  • Page 18 You can login as root, admin or operator. The default username and password as follows. Root : The administrator can access all area of the WMS-308N Username : root Password : default admin : The admin can access the area under Service Domain, Wireless and Advanced setting (Please see Appendix B.)

  • Page 19: Configuration Steps

    WMS-308N provides wireless and wired network service with authentication required for clients in Service Domain. Clients in the each Service Domain are isolated with each other. WMS-308N supports 8 Service Domains, Domain- 0 to Domain-7. Administrator can select authentication type on each Service Domain. If Authentication Required is enabled, the clients are required to get authenticated successfully before access the Internet.
  • Page 20 WMS-308N Network Access Control Gateway User's Manual Step 3 : Choose System's Time Click System -> Time Server, the Time Server Setup page will appear. Select the appropriate setting and Click Save button. Before Hotspot service active, make sure the Local Time is correctly.
  • Page 21 WMS-308N Network Access Control Gateway User's Manual Select Local Radius for Service Domain0's Authentication Type. Click Save button. Step 5 : Add Local Radius Accounts Click Service Domain -> Authentication -> Local Radius Accounts, the Local Radius Accounts Management page will appear.

  • Page 22: Quick Configuration

    (e.g. AP00) and get associated with this ESSID. 2. The client device will obtain an IP address automatically via DHCP from WMS-308N. Open a web browser on a client device, access any URL, and then the Domain0's User Login Page will appear.
  • Page 23 WMS-308N Network Access Control Gateway User's Manual WMS-308N provides functions as stated below where they can be configured via a user-friendly web based interface. OPTION System Service Domain AP Management Advanced Utilities Status Service Domain Device Discovery Profile Setting Overview...
  • Page 24 WMS-308N Network Access Control Gateway User's Manual Basically, in general network environment, the main role of WMS-308N is a Gateway. It manages the entire network from internal network to Internet. Then, the first step is to prepare an Internet connection from your ISP and connect it to the WAN or WAN2 port of WMS-308N.
  • Page 25 IP Address do not assigned from DHCP server, the system need manual connect to DHCP server. Hostname : The Hostname of the WAN port PPPoE : This configuration type is applicable when the WMS-308N is connected to a network with the presence of a PPPoE server.
  • Page 26 WMS-308N Network Access Control Gateway User's Manual based dial-up connections or Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) connections. 128-bit key (strong) and 40-bit key (standard) MPPE encryption schemes are supported. MPPE provides data security for the PPTP connection that is between the VPN client and the VPN server.
  • Page 27 WAN1 automatically. Connection Detect : The connect detect sets the WMS-308N Device to continuously ping a user defined IP address (it can be the Internet gateway for example). If it is unable to ping under the user defined constraints, the WMS-308N device will change Primary WAN interface to secondary WAN interface automatically.
  • Page 28 WMS-308N Network Access Control Gateway User's Manual Service : By default, it's “Disable”. To “Enable” to activate this function. IP Address To Ping : specify an IP address of the target host which will be monitored Ping Interval : specify time interval (in seconds) between the ICMP “echo requests” are sent. Default is 60 seconds.
  • Page 29 Service Provider: Select the correct Service Provider from the drop-down list, here included are dyndns, dhs, ods and tzo embedded in the WMS-308N. Hostname: This field represents the Host Name you register to Dynamic-DNS service and expect to export to the world.
  • Page 30 WMS-308N Network Access Control Gateway User's Manual Here is the instruction for how to setup the local LAN/VLAN IP Address and Netmask. Please click on System -> LAN , the LAN List should be appear. This page shows information of LAN's/VLAN's settings.

  • Page 31: Access Internet

    WMS-308N Network Access Control Gateway User's Manual IP Setup : VLAN Tag(ID) : Virtual LAN, the system supports 7 tagged VLAN port (VLAN1 ~ VLAN7). The valid values are from 1 to 4094. The default VLAN1's tag ~ VLAN7's tag are from 101 to 107 Some system and VLAN switch do not support VLAN tag 1 IP Address : The IP address of the LAN/VLAN port;...
  • Page 32 WMS-308N Network Access Control Gateway User's Manual default is 512 Kbit/s Total Max. Download : The Total Max. Download is in the range of 0~102400 Kbit/s, 0 indicates unlimited, default is 512 Kbit/s Individual Bandwidth : Set each users Individual Upload/Download. Below depicts an example for Individual Bandwidth, set Group Upload or Download to 6 Mbps and Individual Upload or Download to 3 Mbps, if one user access Internet, the maximum upload or download is 3 Mbps;...
  • Page 33 WMS-308N Network Access Control Gateway User's Manual • Group Upload : The Group Upload is in the range of 0~102400 Kbit/s, 0 indicates unlimited, default is 512 Kbit/s • Group Download : The Group Download is in the range of 0~102400 Kbit/s, 0 indicates unlimited, default is 512 Kbit/s Guest Service : By default, it's “Disable”.
  • Page 34 WMS-308N Network Access Control Gateway User's Manual Port : Indicate the system's RJ-45 interface port. By default; it's enabled. To disable to unactivated LAN's or VLAN's port. PVID : Port VID, Select desired default VLAN ID on the respective port, all untagged packets arriving at the device are tagged with the port PVID.
  • Page 35 WMS-308N Network Access Control Gateway User's Manual Static Lease : If you want a computer or device to always have the same IP address assigned, you can create a static lease. The system will assign the IP address only to that computer or device. There are maximum 50 rules allowed in this list.
  • Page 36 WMS-308N Network Access Control Gateway User's Manual System time can be configured via this page where manual setting and NTP server configuration are both supported. Please click on System -> Time Server and follow the below setting. System Time : Denote the current time of the system.
  • Page 37 WMS-308N Network Access Control Gateway User's Manual The administrator can later obtain the geographical location of the system via the information configured here. The administrator also can change system password and configure system login methods. Please click System -> Management and follow the below settings.
  • Page 38 LAN's subnet.  Ping Watchdog : The ping watchdog sets the WMS-308N Device to continuously ping a user defined IP address (it can be the Internet gateway for example). If it is unable to ping under the user defined constraints, the WMS-308N device will automatically reboot.
  • Page 39 Change these settings as described here and click Save button to save your changes. Click Reboot button to activate your changes Without a valid certificate, users may encounter the following problem in IE8 when they try to access WMS-308N's GUI (https://192.168.2.254). There will be a “Certificate Error”, because the browser treats WMS-308N as an illegal website.
  • Page 40 WMS-308N Network Access Control Gateway User's Manual SNMP is an application-layer protocol that provides a message of format for communication between SNMP managers and agents. By enabling SNMP function, the administrator can obtain the system information remotely. Please click on System -> SNMP Setup and follow the below setting.
  • Page 41 WMS-308N Network Access Control Gateway User's Manual Current settings on the system can be backed up, or previous backed up settings can be restored as well as resetting the system back to factory default can be performed via this page. Please click on Utilities -> Profile Setting and follow the below setting.

  • Page 42: Firmware Upgrade

    WMS-308N Network Access Control Gateway User's Manual The administrator can download the latest firmware from website and upgrade the system here. It might take a few minutes before the upgrade process completes and the system needs to be restarted to activate the new firmware.

  • Page 43: Network Utility

    Times : By default, it’s 5 and the range is from 1 to 60. It indicates number of connectivity test. Traceroute : Allows tracing the hops from the WMS-308N device to a selected outgoing IP address. It should be used for the finding the route taken by ICMP packets across the network to the destination host. The test is...

  • Page 44: Usb Storage Setup

    WMS-308N Network Access Control Gateway User's Manual This function allows administrator to setup USB storage device for save more e-map, custom portal login page and managed AP's profile. Please click on Utilities → USB Storage Setup and follow the below setting.

  • Page 45: Format Database

    WMS-308N Network Access Control Gateway User's Manual This function allows administrator to format system's database. Click Format button to proceed and take around three minutes to complete. 1. Do not interrupt during format database including power on/off as this may damage system.

  • Page 46: Reboot

    WMS-308N Network Access Control Gateway User's Manual This function allows administrator to restart system with existing or most current settings when changes are made. Click Reboot button to proceed and take around three minutes to complete. Please click on Utilities →...
  • Page 47 WMS-308N Network Access Control Gateway User's Manual WMS-308N supports 8 Service Domain, administrator can quickly setup via this page. LAN Port : The bonding interface for the respective Service Domain Auth Type : The authentication type for the respective Service Domain. There are Six types : Pregenereated Ticket.

  • Page 48: Configure Service Domain

    WMS-308N Network Access Control Gateway User's Manual Administrator can configure Service Domain with different authentication service type, specified outgoing traffic, IP PnP service, guest free service, idle time , redirect URL, scheduling authentication service and customization login page. Click on Service Domain -> tools icon or Service Domain -> Service Domain# to enter Service Domain Setup page.
  • Page 49 Scheduling setting is on Time Policy page. IP PnP Service : IP Plug and Play, the WMS-308N supports IP PnP for the respective Server Domain. At the user end, a static IP address can be used to connect the system. Regardless of what the IP address at the user end is, authentication can still be performed through WMS-308N.
  • Page 50 WMS-308N Network Access Control Gateway User's Manual Custom Pages : Configure Custom pages for this Service Domain. Administrator can select Template Page or Upload Customize Page. Template Page : Choose Template Page to make a customized login page. Click select to pick up a color and then fill in all of the banks.
  • Page 51 WMS-308N Network Access Control Gateway User's Manual Example for Upload Page : Here the codes are supplied. Please note that the part is for the login feature(can't not modified), the green part can be modified freely by administrators. <meta name="apple-mobile-web-app-capable" content="yes"...
  • Page 52 WMS-308N Network Access Control Gateway User's Manual width: 100px; margin: 5px; padding: 5px; background: #fff; font-size: 14px; font-weight: bold; .ad a{ text-decoration: none; color: red; .ad:hover, .ad a:hover, ad a:active{ background: #333333; color: blue;...

  • Page 53: Authentication Management

    If authentication does not selected, the clients can access Internet without authentication. The WMS-308N supports multiple login for one accounts and administrator can configure alias name of the respective authentication type on login page. Please click on Service Domain -> Authentication ->...
  • Page 54 WMS-308N Network Access Control Gateway User's Manual This section is for administrators to pregenerated authentication tickets for entire external Network. There are four types of policy ticket can be generated (One Time, Multiple Times, Volume and Unlimited Until End Time).
  • Page 55 WMS-308N Network Access Control Gateway User's Manual 527040 minutes, default is 60 minutes); or enter the volume quota for Volume policy ( the maximum volume allowed is 102400 MB, default is 10 MB) Effective Starting Time : Specify desired effective starting time for this tickets database Effective Ending Time : Specify desired effective ending time for this tickets database.
  • Page 56 WMS-308N Network Access Control Gateway User's Manual Below depicts an example for information of Pregenerated tickets databases when you click Info option Ticket Information : Show the ticket information in this database File ID : Denote the identity number of the database...
  • Page 57 Export Tickets : There are three methods to backup your information of ticket databases Export BIN : The administrator can backup ticket database or copy to other WMS-308N. Click Export button, the ticket databases (FileID_passcode.bin) will be download from system. Below depicts an example for exporting tickets database.
  • Page 58 WMS-308N Network Access Control Gateway User's Manual Tickets List : Show all tickets in this database File ID : Denote the identity number of the database Code : User can used Passcode of ticket for access Internet Type/Quota : Denote the billing type and service quota on this ticket Status : Denote the status of ticket.
  • Page 59 WMS-308N Network Access Control Gateway User's Manual Administrators can enable and configure this authentication method to provide clients access in a Hotspot environment. Major functions include billing plans creation, accounts creation, accounts monitoring list, thermal printer support, billing report statistics, and external payment gateway support. There are three method to generate on-demand accounts : Generate by Manual, Print from Thermal Printer, Generate after Online Payments.
  • Page 60 WMS-308N Network Access Control Gateway User's Manual Click on Service Domain → Authentication → On-Demand and click Edit option on Billing Plans List, the Billing Plan Setup page will appear. Billing Plan Setup Service : By default, it's “Disable”. To “Enable” to activate this billing plan.
  • Page 61 WMS-308N Network Access Control Gateway User's Manual Effective Starting Time : Specify desired effective starting time for this billing plan. Effective Ending Time : Specify desired effective ending time for this billing plan. Display Item Option : Select desired display item for ticket Change these settings as described here and click Save button to save your changes.
  • Page 62 WMS-308N Network Access Control Gateway User's Manual After configuring billing plans, administrator can create and delete on-demand users on this section. Click Info button on Billing Plans List page to enter the On-Demand Information page. In the On-Demand Information page.
  • Page 63 WMS-308N Network Access Control Gateway User's Manual Click Add Accounts button, the create page will appear as below. Click Cancel button to close window. Click Create button to add new account for this billing plan. Below depicts an example for creating ticket.
  • Page 64 WMS-308N Network Access Control Gateway User's Manual Tickets per day : Show the bar chart of quantity of the ticket in this billing plan Tickets List : Show tickets information Plan : Denote the billing plan on this ticket Code : User can used Passcode of ticket for access Internet Type/Quota : Denote the billing type and service quota on this ticket Status : Denote the current status on this ticket.
  • Page 65 WMS-308N Network Access Control Gateway User's Manual This section is for merchants to set up an external payment gateway to accept payments in order to provide access service to end customers who wish to pay for the service on-line. Select Paypal to enable External Payment Gateway. Before setting up “PayPal”, it is required that the merchant owners have a valid PayPal “API Username”, “API Password”.
  • Page 66 WMS-308N Network Access Control Gateway User's Manual Type/Quota : Denote the billing type and quota of billing plan Price : Denote the price charged of billing plan Information : Click this button to view accounts information for PayPal. Payment Gateway Information : Show current ticket's invoice number.
  • Page 67 WMS-308N Network Access Control Gateway User's Manual Open Time : Denote the time of the first time used on this ticket Start Time : Denote effective starting time on this ticket End Time : Denote effective ending time on this ticket Last Login : Denote the last login time on this ticket Price : Denote the price of the charged on this ticket.

  • Page 68: Configure Thermal Printer

    WMS-308N Network Access Control Gateway User's Manual WMS-308N can generate ticket of on-demand users manually or automatically from Thermal Printer. Please click on Service Domain -> Authentication -> On-Demand -> Thermal Printer Setup to enter the Thermal Printer List page. In the Thermal Printer List page. Administrator may configure Thermal Printer setting and generate tickets manually and delete tickets.
  • Page 69 WMS-308N Network Access Control Gateway User's Manual Thermal Printer Setup : Service : By default, it's “Disable”. To “Enable” to activate this function. IP Address : Enter the IP address of SR-120X serial server Command Port : Enter the command port of SR-120X serial server COM Port : Select the COM port of SR-120X serial server to connect to thermal printer Balance Date : Enter balance date for statement printing from thermal printer.
  • Page 70 WMS-308N Network Access Control Gateway User's Manual After configuring thermal printer general setting, administrator must select specified billing plan for this thermal printer Change these settings as described here and click Save button to save your changes. Click Reboot button to activate your changes.
  • Page 71 WMS-308N Network Access Control Gateway User's Manual Statistic : Show on-demand users statistic information for this billing plan Ticket Qty : Denote ticket's quantity in this Thermal Printer. Used Ticket Qty : Denote used ticket's quantity in this Thermal Printer.
  • Page 72 WMS-308N Network Access Control Gateway User's Manual Delete : This will delete the ticket individually. When administrator click Delete button, the alert message will appear as below. Click Refresh button to renew this page. On this List, it only shows all of generated tickets from Thermal Printer.

  • Page 73: Billing Plan Report

    WMS-308N Network Access Control Gateway User's Manual Click on Service Domain -> Authentication -> On-Demand to enter the Billing Plans Report page. Administrator can get a complete report or a report of a particular period. Search Create Time Range On-Demand Type :There are four type can be selected : ALL, Manually Create, Payment Gateway and Thermal Printer.

  • Page 74: Ticket Customization

    WMS-308N Network Access Control Gateway User's Manual Click on Service Domain -> Authentication -> On-Demand to enter the Ticket Customization page. Administrator can edit text on printed ticket on this page. 4-32 characters supported on these text setting field. Change these settings as described here and click Save button to save your changes. Click Preview button to preview ticket in the Billing Plan 0.
  • Page 75 WMS-308N Network Access Control Gateway User's Manual WMS-308N provide Local Radius server authentication. Please click on Service Domain -> Authentication -> Remote Radius Server, the page of Remote Radius Server Setup will appear. Administrator can add accounts by manual or import accounts file.
  • Page 76 WMS-308N Network Access Control Gateway User's Manual Local RADIUS Accounts List : Delete : Select the specified group and click Delete button to remove accounts of the specified group. Import Accounts File : Select the specified group on Group option and click Select File button to select the text file for uploading the accounts of the specified group.
  • Page 77 WMS-308N Network Access Control Gateway User's Manual Search : Enter a keyword to be searched in the text field and all matching the keyword will be listed. Username : Denote the username of account on local RADIUS authentication MAC Address : Denote the MAC address of account on local RADIUS authentication...
  • Page 78 WMS-308N Network Access Control Gateway User's Manual WMS-308N provide remote Radius server authentication. Please click on Service Domain -> Authentication -> Remote Radius Server, the page of Remote Radius Server Setup will appear Service : By default, it's “Disable”. To “Enable” to activate this function.

  • Page 79: Configure Ldap Server

    WMS-308N Network Access Control Gateway User's Manual WMS-308N provide remote LDAP server authentication. Up to 10 remote LDAP server can be configured. Please click on Service Domain → Authentication → LDAP, the page of LDAP Server Setup will appear Click Edit option to configure LDAP server on the LDAP Server List.

  • Page 80: Configure Pop3 Server

    WMS-308N Network Access Control Gateway User's Manual The system supports authentication by an external POP3 authentication server. Up to 8 POP3 server can be configured. Please click on Service Domain → Authentication → POP3, the page of POP3 Server Setup will appear.
  • Page 81 This function provides local device can access Internet without authentication. If there are some workstations belonging WMS-308N that need to access to network without authentication, enter the IP or MAC address of these workstations in this list. Up to 50 rules can be defined in this list. Please click on Service Domain → Privilege IP/MAC Address, the page of Privilege IP/MAC Address Setup will appear.
  • Page 82 WMS-308N Network Access Control Gateway User's Manual This function provides certain free services or advertisement web pages for users to access the websites listed before login and authentication. Up to 20 rules can be defined in this list. User without the network access right can still have a chance to experience the actual network service free of charge.
  • Page 83 WMS-308N Network Access Control Gateway User's Manual...
  • Page 84 WMS-308N Network Access Control Gateway User's Manual WMS-308N can automatically send the notification of Traffic Log, On-Demand Log, Session Log, Monitor AP Report and AP Status to 3 particular E-mail addresses. The notification of AP Status is triggered by the event when a managed APs becomes unreachable during “Auto Download Profile Interval”...
  • Page 85 WMS-308N Network Access Control Gateway User's Manual SMTP Auth : Some SMTP server need authentication username and password for sending E-mail. The system provides authentication for sender's SMTP server Username : The sender's authentication username for STMP server Password: The sender's authentication password for STMP server Notification E-mail Setup : Receiver E-mail Address (es) : Up to 3 E-mail address can be set up to receive the notification.
  • Page 86 WMS-308N Network Access Control Gateway User's Manual Date : Denote the current event's date and time Auth Type : There will shows 7 types of authentication : Pregenerated, On-Demand, Local Users(Local RADIUS Users), Remote RADIUS, LDAP, POP3 and Guest. Status : There will show 10 types of status as below :...
  • Page 87 WMS-308N Network Access Control Gateway User's Manual Date : Denote the current event's date and time Location : Denote the current device's location Status : There will show 10 types of status as below : LOGIN : Denote the user login to the hotspot service...
  • Page 88 WMS-308N Network Access Control Gateway User's Manual Plan : Denote the current user's billing plan Payment Type : Denote the current payment type, there were show Cash or PayPal Cost : Denote the current service charge Session Log : The system can recored connection details of each user accessing the Internet and sent out to a specified Syslog Server or E-Mail based on defined interval time.
  • Page 89 WMS-308N Network Access Control Gateway User's Manual The administrator can view status of all online users on each Service Domain. Please click on Service Domain -> Online Users, the page of Online Users will appear. Below depicts an example for Online User Information. There provided information of Passocde, IP Address, MAC Address, Login Time, Packets In/Out and Bytes In/Out.
  • Page 90 WMS-308N Network Access Control Gateway User's Manual The WMS-308N can record authentication traffic history or On-Demand event and the system will automatically send out the history information via notification service(See Notification page). The history of each day will be saved separately in the DRAM for 3 days and sorted by time, the traffic provides all login and logout activity of specific date.
  • Page 91 WMS-308N Network Access Control Gateway User's Manual Status : There will show 10 types of status as below : LOGIN : Denote the user login to the hotspot service LOGOUT : Denote the user logout to the hotspot service IDLE TIMEOUT : Denote the user idle time is over timeout setting of Service Domain, the system will...
  • Page 92 WMS-308N Network Access Control Gateway User's Manual ADD OD ACCOUNT : Denote the system add user account on On-Demand service DELETE OD ACCOUNT : Denote the system remove user account on on-demand service Passcode/Username : Denote the user's passcode or username.

  • Page 93: Ap Group Status

    WMS-308N Network Access Control Gateway User's Manual WMS-308N supports to manage up to 120 managed access points (AP), WLAN users are connected to the network via the managed APs, and they can be configured in this section. This section include the following functions : Device Discovery, Profile Management, Batch Setup Management, Group Setup Management, Traffic Monitor, AP Group Status, Rogue AP Detection, Notification and Website Monitor.
  • Page 94 WMS-308N Network Access Control Gateway User's Manual Version, F/W Date, Mode and LAN Setting, or display error message “Error:401 Unauthorized” on System Message field. Enter the correct password on the respective managed AP, and click Get Info button to get information on the respective managed AP, or click Save&Reboot AP button to change password of the respective...
  • Page 95 WMS-308N Network Access Control Gateway User's Manual Click Discover button, the system will rescan managed AP. To support switch discovery, the WAP-954GP need use firmware version 2.0.16 or higher; the WAP- 854NP need use firmware version 1.1.5 or higher; the CPE-2010G / CPE-2000GN-1 need use firmware...
  • Page 96 WMS-308N Network Access Control Gateway User's Manual After administrator import profile of the respective managed AP, the each managed AP's profile will saved in the database of switch and listed status on AP Profile Management page. Up to 120 managed APs can be imported to system.
  • Page 97 WMS-308N Network Access Control Gateway User's Manual Last Update Time : Denote the last update time of the respective managed AP. Actions : Click an action button to perform the appropriate action. Copy To Template : Click “Copy” button to save profile of the desired managed AP to template database.
  • Page 98 WMS-308N Network Access Control Gateway User's Manual Load From Upload File : Select desired profile from local PC. Auto Recovery : Click “Recovery” button to upload profile to new or unlist managed AP, the AP Profile Auto Recovery page will appear.
  • Page 99 WMS-308N Network Access Control Gateway User's Manual WMS-308N supports batch configuration of the managed APs, for automatically assigning IP addresses from a range of IP addresses to the selected managed APs; for configuring wireless general and security settings to the selected managed APs;...
  • Page 100 Time Server Setup : Specify correct Time zone setting for selected managed APs. The default NTP Server is switch's LAN IP address. The local time of managed APs will follow WMS-308N's local time. Wireless Basic Setup : Specify Band, Channel and Tx power for selected managed APs.
  • Page 101 WMS-308N Network Access Control Gateway User's Manual VAP Setup : Specify ESSID and Security Type for selected managed APs. If you configure VAP setting for WLO-15814N/WLO-15802N, you need select in VAP Setup(WLO-158xx Series) option Firmware Upgrade Via TFTP : Enter TFTP Server IP address and firmware file, and then click “Apply AP”...
  • Page 102 WMS-308N Network Access Control Gateway User's Manual Administrator specify managed APs in the same group, and locate managed APs on the specified map. The switch supports automatically channel assignment and power setting for managed APs, real time wireless clients limitation in the same group managed APs.
  • Page 103 WMS-308N Network Access Control Gateway User's Manual Figure 4-3 Dynamic Channel and Tx Power Allocation Flow Chart Maximum Clients Control : By default, it's “Disable”. To Enable to activated maximum wireless clients limitation in the group, the system will automatically assign maximum clients limitation for group managed...
  • Page 104 WMS-308N Network Access Control Gateway User's Manual Rx Threshold : Rx Threshold is in the range of 0~120400 and set in unit of KBps. The default value is 10240 KBps. Specify desired receive bandwidth for wireless clients limitation in the same group of each managed AP.
  • Page 105 WMS-308N Network Access Control Gateway User's Manual You also can add specify MAC address form Group Online Users page(Please see section 4.4.6). When these services enabled, the switch will automatically control channel, txpower, maximum clients and MAC filter during every “Sync Interval” (Please see section 4.4.2).
  • Page 106 WMS-308N Network Access Control Gateway User's Manual Total Used Space : Denote the current used storage space, the total storage is 1MB for uploading e-map. Once you click the Edit link, the Map Setup page will appear. You can change Map Name and Scale Unit.
  • Page 107 WMS-308N Network Access Control Gateway User's Manual Double click on managed APs icon, the basic management setting page will appear. Specify desired System Name, Description, Location, HTTP Port and Telnet Port, then click “Save & Reboot” button to activate your...
  • Page 108 WMS-308N Network Access Control Gateway User's Manual This section provides visual graph of network traffic and online users on real time. Please click on AP Management → Traffic Monitor, the Traffic Monitor page will appear. Auto Refresh Interval : The interval is bigger than 10 and set in unit of seconds. The default value is 10 minutes.
  • Page 109 WMS-308N Network Access Control Gateway User's Manual IP Address : Denote the IP address of the AP. MAC Address : Denote the MAC address of the AP. F/W Version : Denote the firmware version of the AP. System Up Time : Denote the system up time of the AP.
  • Page 110 WMS-308N Network Access Control Gateway User's Manual This section provides detailed informations of group on Location, Online Users and Device Syslog can be reviewed via this page. Please click on AP Management → Group Status, the Group Status page will appear.
  • Page 111 WMS-308N Network Access Control Gateway User's Manual Refresh : Click this button to reload the page IP Address : Display the IP address of the AP that the client is connected to. ESSID : Display the ESSID of the AP that the client is connected to.

  • Page 112: Rogue Ap Detection

    WMS-308N Network Access Control Gateway User's Manual Wireless networks extend wired networks and increase worker productivity and access to information. However, an unauthorized wireless network presents an additional layer of security concerns. Less thought is put into port security on wired networks, and wireless networks are an easy extension to wired networks.
  • Page 113 WMS-308N Network Access Control Gateway User's Manual Ad-hoc Nodes : Click this option, the system will find out the Ad-hoc rogue AP within the signal coverage of the managed Aps Uncontrolled AP connected to intranet : Click this option, the system will find out the intranet rogue AP...

  • Page 114: Website Monitor

    User's Manual WMS-308N will send out a packet periodically to monitor the connection status of the IP addresses on the list. If the monitored IP address does not respond, the system will send an e-mail to notify the administrator that such destination is not reachable.
  • Page 115 WMS-308N Network Access Control Gateway User's Manual Administrator can define time policy for Service Domain, IP Filtering, MAC Filtering and Virtual Server. There are 10 policy can be defined. Please click on Advance -> Time Policy to enter Time Policy Setup page.

  • Page 116: Ip Filter

    WMS-308N Network Access Control Gateway User's Manual The administrator can setting IP Filter via this page, Please click on Advance -> IP Filter and follow the below setting. Source Address/Mask : Enter the desired source IP address and netmask; the mask must be a plain number, i.e.

  • Page 117: Mac Filter

    WMS-308N Network Access Control Gateway User's Manual The administrator can setting MAC Filter via this page, Please click on Advance -> MAC Filter and follow the below setting. Action : Select the desired access control rule; the options are “Only Deny List MAC”, or “Disable”.
  • Page 118 WMS-308N Network Access Control Gateway User's Manual A certain area in the network can be exposed to the Internet in a limited and controlled way for on-line game or video conferencing via this page. Please ensure the internal port to be used is not occupied by other applications.
  • Page 119 WMS-308N Network Access Control Gateway User's Manual The administrator can add, delete and edit blacklist for uses access. If the system want to deny uses access to specified website, enter the IP address, URL or Keyword of these websites in this list. Up to 20 rules can be defined in this list.
  • Page 120 WMS-308N Network Access Control Gateway User's Manual Local Port : Specify local port(LAN port) range required for this rule Destination Port : Specify destination port range required for this rule. Service Domain : Select specified Service Domain for this rule.
  • Page 121 WMS-308N Network Access Control Gateway User's Manual The Demilitarized zone (DMZ) can be enabled and used as a place where services can be placed such as Web Servers, Proxy Servers, and E-mail Servers such that these services can still serve the local network and are at the same time isolated from it for additional security.

  • Page 122: Ip Routing

    WMS-308N Network Access Control Gateway User's Manual The IP Routing Settings allows you to configure routing feature in the gateway. The system supports RIP(Routing Information Protocol ) and OSPF(Open Shortest Path First) dynamic routing and allows you to manually configure static network routes.
  • Page 123 WMS-308N Network Access Control Gateway User's Manual Change these settings as described here and click Save button to save your changes. Click Reboot button to activate your changes. Routing Rules : Service : Click Enable to activated static routing. Destination Net/Mask : Specify desired destination IP network address with format of A.B.C.D/M Via : Select a next hop of Gateway or Interface to the destination IP network.
  • Page 124 WMS-308N Network Access Control Gateway User's Manual Detailed information on System, Network, DHCP Clients and Service Domain can be reviewed via this page. System Information : Display the information of the system. Networking Information : Display the information of the network.
  • Page 125 Route Information : Select “Route Information” on the drop-down list to display route table. WMS-308N could be used as a L2 or L3 device. It doesn’t support dynamic routing protocols such as RIP or OSPF. Static routes to specific hosts, networks or default gateway are set up automatically according to the IP configuration of system's interfaces.
  • Page 126 WMS-308N Network Access Control Gateway User's Manual ARP Table Information : Select “ARP Table Information” on the drop-down list to display ARP table. ARP associates each IP address to a unique hardware address (MAC) of a device. It is important to have a unique...

  • Page 127: Event Log

    WMS-308N Network Access Control Gateway User's Manual The Event log displays system events when system is up and running. Also, it becomes very useful as a troubleshooting tool when issues are experienced in system. Time : The date and time when the event occurred.
  • Page 128 WMS-308N Network Access Control Gateway User's Manual Table A Web GUI Valid Characters Block Field Valid Characters VLAN Tag 1-4094 LAN/VLAN Setup IP Address A.B.C.D IP Format IP Netmask 128.0.0.0 ~ 255.255.255.252 IP Gateway A.B.C.D IP Format Total Max. Upload/Download...
  • Page 129 WMS-308N Network Access Control Gateway User's Manual Table A Web GUI Valid Characters (continued) Block Field Valid Characters DDNS Hostname Length : Up to 32 0-9, A-Z, a-z @ - _ . User Name Length : Up to 32 0-9, A-Z, a-z ~ ! @ # $ % ^ * ( ) _ + - { } | : <...
  • Page 130 WMS-308N Network Access Control Gateway User's Manual Table A Web GUI Valid Characters (continued) Block Field Valid Characters IPv6 WAN1 Primary/ Secondary DNS n:n:n:n:n:n:n:n IPv6 Format IPv6 Address n:n:n:n:n:n:n:n IPv6 Format Subnet Prefix Length 0~128; default is 64 Default Gateway...
  • Page 131 WMS-308N Network Access Control Gateway User's Manual Block Field Valid Characters Guest Count Limit 1~100; default is 5 Guest Time 1~720; default is 10 Table A Web GUI Valid Characters (continued) Block Field Valid Characters Authentication Service Name Length : 1-32 characters...
  • Page 132 WMS-308N Network Access Control Gateway User's Manual Table A Web GUI Valid Characters (continued) Block Field Valid Characters Local RADIUS Group Length : 4-16 0-9, A-Z, a-z ~ ! @ # $ % ^ * ( ) _ + - { } | : < > ? [ ] / ; ` . =...
  • Page 133 WMS-308N Network Access Control Gateway User's Manual Table A Web GUI Valid Characters (continued) Block Field Valid Characters Notification Sender From E-mail Format SMTP Server A.B.C.D IP Format or Domain Port 1-65535, default is 25 Username Length : 1-64 0-9, A-Z, a-z ~ ! @ # $ % ^ * ( ) _ + - { } | : <...
  • Page 134 WMS-308N Network Access Control Gateway User's Manual There are three system management accounts for maintaining the system; namely, the root, admin and operator accounts are with different levels of privileges. The root manager account is empowered with full privilege to Read &...
  • Page 135 WMS-308N Network Access Control Gateway User's Manual...
  • Page 136 WMS-308N Network Access Control Gateway User's Manual This section is to show independent Hotspot owners how to configure related settings in order to accept payments via PayPal, making the Hotspot an e-commerce environment for end users to pay for and obtain Internet access using their PayPal accounts or credit cards.
  • Page 137 WMS-308N Network Access Control Gateway User's Manual Step 2 : Edit NECESSARY settings in “API Access” Please click on Profile -> API Access in the Account Information.
  • Page 138 WMS-308N Network Access Control Gateway User's Manual After click API Access on Account Information, the API Access setting will appear. Click “Request API credentials” in Option 2 – Request API credentials to create your own API username and password. Select Request API signature and click “Agree and Submit” button to generate API username, API password,...
  • Page 139 WMS-308N Network Access Control Gateway User's Manual The API Username, API Password and Signature will generated. Click “Done” button to finish process.
  • Page 140 WMS-308N Network Access Control Gateway User's Manual Step 1 : Click the link below the login window to pay for the service by credit card via PayPal. Step 2 : Select service package and Click Buy Now button to send out this transaction. There will be a connecting...
  • Page 141 WMS-308N Network Access Control Gateway User's Manual Step 3 : You will be redirected to PayPal website to complete the payment process. You can pay service fee via Paypal account or use your credit card (Click “continue checkout” hyperlinks) Step 4 : After login Paypal The payment information will appear. Click Pay Now button to get passcode.
  • Page 142 WMS-308N Network Access Control Gateway User's Manual Step 5 : After clicking Pay Now button, the process of paying confirm will appear. Please don't close this window. Step 6 : After paying confirm, the system will create Passcode for end users login. Click Login button to enter Login page.
  • Page 143 WMS-308N Network Access Control Gateway User's Manual Step 1 : Click on Service Domain -> Authentication -> On-Demand -> Payment Gateway Setup, and then click Information button on the Billing Plan Setup List to enter Payment Gateway Information page. Click on selected...
  • Page 144 WMS-308N Network Access Control Gateway User's Manual Step 3 : View the transaction detail and click “Issue a refund”.
  • Page 145 WMS-308N Network Access Control Gateway User's Manual Step 4 : Click Continue button to next page. Step 5 : Click Issue Refund button to refund this payment.
  • Page 146 WMS-308N Network Access Control Gateway User's Manual Step 6 : Go My Account, and verify Transaction Details.
  • Page 147 The WAP-954GP connect to WMS-308N's LAN1 port and create three VAPs with different VLAN tag(101, 102, and 103), and the wireless clients can connect Internet via WAP-954GP with different authentication. The WAP-854NP connect to WMS-308N's LAN4 port and set VAP0 without VLAN tag, the wireless clients can connect Internet via WAP-854NP with Pregenereaged Tickets authentication.
  • Page 148 WMS-308N Network Access Control Gateway User's Manual Step 1 : Verify WAN and System's Time. Step 2 : Configure Service Domain, set Domain 1 to On-Demand authentication, Domain 2 to Pregenerate Tickets authentication, Domain 3 to Local Users authentication. Step 3 : Configure VLAN on VLAN 1 ~ VLAN3 Setup page, set VLAN1's tag to 101, VLAN2's tag to 102 and VLAN3's tag to 103.
  • Page 149 WMS-308N Network Access Control Gateway User's Manual Step 5 : Configure Port Setup on LAN Setup page, enable Port 4 and set Port 4's PVID to VLAN2(102). Step 6 : Reboot System Step 7 : Verify Wireless clients can connect WAP-954GP and WAP-854NP with correct authentication type...
  • Page 150 WMS-308N Network Access Control Gateway User's Manual The system supports LAN setting, Time setting, Wireless Basic setting, Wireless Security setting and Firmware Upgrade, if administrator want to configure more managed APs with same settings, such as Time Server, HTTP Port, Wireless Advanced Setup …...
  • Page 151 WMS-308N Network Access Control Gateway User's Manual Step 3 : Import profile of the respective managed AP Select all managed AP Click Import to database button to import the profile setting to database Step 4 : Configure WAP-854NP-A managed AP, set VAP0's ESSID to “WAP-854NP-A”. The Status of WAP-854NP- -A should display “...
  • Page 152 WMS-308N Network Access Control Gateway User's Manual Select “Load From Template Profile” in Restore Type setting field Select “WAP-854NP-Template” in the Template Profile List, then click Restore button Step 7 : Verify WAP-854NP-B and WAP-854NP-C settings. The VAP0's ESSID will be “WAP-854NP-A”. All settings...
  • Page 153 WMS-308N supports centralized management of each AP. When the system has failed AP, the administrator needs to replace the AP, and set the same as before. Using WMS-308N to quickly configure new AP, the new AP's setting will be the same as before. Below depicts an example for “Auto Recovery” function.
  • Page 154 WMS-308N Network Access Control Gateway User's Manual Step 5 : The WAP-854NP-D(00:1A:50:00:87:31) will display on the Available Recovery AP List and the status show “Available Use”. Step 6 : Select WAP-854NP-D and click “Recovery” button, then the WAP-854NP-D will reboot.

Table of Contents