Nomadix Access Gateway User Manual
  1. Manuals
  2. Brands
  3. Nomadix Manuals
  4. Gateway
  5. Access Gateway
  6. User manual

Nomadix Access Gateway User Manual

Access gateway
Hide thumbs Also See for Access Gateway:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual

Advertisement

Table of Contents
loading

Related Manuals for Nomadix Access Gateway

Summary of Contents for Nomadix Access Gateway

  • Page 2 CCESS ATEWAY Access Gateway Copyright © 2012 Nomadix, Inc. All Rights Reserved. This product also includes software developed by: The University of California, Berkeley and its contributors; Carnegie Mellon University, Copyright © 1998 by Carnegie Mellon University All Rights Reserved; Go Ahead Software, Inc., Copyright ©...
  • Page 3 ATEWAY Trademarks symbol, and Nomadix Service Engine™ are trademarks of Nomadix, Inc. All other trademarks and brand names are marks of their respective holders. Product Information Telephone: +1.818.597.1500 Fax: +1.818.597.1502 For technical support information, see the Appendix in this User Guide.
  • Page 4 CCESS ATEWAY CAUTION WARNING Read the instruction manual prior to operation. Risk of electric shock; do not open; no user-serviceable parts inside. ATTENTION AVERTISSEMENT Lire le mode d’emploi avant utilisation. Risque de choc electrique; ne pas ouvrir; ne pas tenter de demontre l’appareil.

  • Page 5: Table Of Contents

    Table of Contents Chapter 1: Introduction ....................1 About this Guide ........................1 Organization..........................1 Welcome to the Access Gateway....................2 Product Configuration and Licensing ................2 Key Features and Benefits ......................3 Platform Reliability......................3 Local Content and Services ....................3 Transparent Connectivity ....................
  • Page 6 Assigning the Location Information and IP Addresses ............ 42 Logging Out and Powering Down the System ................ 44 Connecting the Access Gateway to the Customer’s Network..........44 Establishing the Basic Configuration for Subscribers............. 45 Setting the DHCP Options ....................45 DHCP Options from RFC 2132 ..................
  • Page 7 CCESS ATEWAY Archiving Your Configuration Settings.................. 51 Installing the Nomadix Private MIB..................52 Chapter 3: System Administration................53 Choosing a Remote Connection....................53 Using the Web Management Interface (WMI) ..............54 Using an SNMP Manager....................54 Using a Telnet Client ....................... 55 Logging In..........................
  • Page 8 CCESS ATEWAY Setting the System Date and Time {Time}..............144 Setting up Traffic Descriptors ..................146 Setting Up URL Filtering {URL Filtering} ..............147 Selecting User Agent Filtering Settings ................. 148 Zone Migration....................... 149 Defining IPSec Tunnel Settings..................151 Network Info Menu ....................... 153 Displaying ARP Table Entries {ARP}................
  • Page 9 Adding Static Ports {Static Port-Mapping Add} ............236 Deleting Static Ports {Static Port-Mapping Delete} ............. 238 Blocking a Subscriber Interface {Subscriber Interfaces} ..........239 Updating the Access Gateway Firmware {Upgrade} ............ 239 Chapter 4: The Subscriber Interface ................. 241 Overview..........................241 Authorization and Billing......................
  • Page 10 Private Key Generation....................291 Create a Certificate Signing Request (CSR) File............294 Create a Public Key File (server.pem)................295 Setting Up Access Gateway for SSL Secure Login............298 Setting Up the Portal Page..................... 299 Mirroring Billing Records ..................... 300 Sending Billing Records ....................300...
  • Page 11 CCESS ATEWAY Chapter 6: Troubleshooting ..................305 General Hints and Tips ......................305 Management Interface Error Messages................. 306 Common Problems........................ 308 Contact Information ......................311...
  • Page 12 CCESS ATEWAY...

  • Page 13: Chapter 1: Introduction

    This User Guide provides information and procedures that will enable system administrators to install, configure, manage, and use the Access Gateway product successfully and efficiently. Use this guide to take full advantage of the Access Gateway’s functionality and features. Refer to “Product Specifications”...

  • Page 14: Welcome To The Access Gateway

    The Access Gateway also offers a unique set of security and connectivity features for deploying metro wireless 802.11 networks, including Mesh and WiMAX technologies. Access Gateway The Access Gateway yields a complete solution to a set of complex issues in the Enterprise, Public-LAN, and Residential segments. Product Configuration and Licensing All Nomadix Access Gateway products are powered by our patented and patent-pending suite of embedded software, called the Nomadix Service Engine™...

  • Page 15: Key Features And Benefits

    RS232 serial port for connecting to a Property Management System (PMS) and for system management and administration, while maintaining one billing relationship with their chosen provider. The Access Gateway enables a wide variety of network deployment options for different venue types. For example: Allows for flexible WAN Connectivity (T1/E1, Cable, xDSL, and ISDN).

  • Page 16: Transparent Connectivity

    CCESS ATEWAY Offers both pre and post authentication redirects of the user’s browser, providing  maximum flexibility in service branding. Transparent Connectivity Resolving configuration conflicts is difficult and time consuming for network users who are constantly on the move, and costly to the solution provider. In fact, most users are reluctant to make changes to their computer’s network settings and won’t even bother.

  • Page 17: Billing Enablement

    Access Control and Authentication The Access Gateway ensures that all traffic to the Internet is blocked until authentication has been completed, creating an additional level of security in the network. Also, the Access Gateway allows service providers to create their own unique “walled garden,” enabling users to access only certain predetermined Web sites before they have been authenticated.
  • Page 18 CCESS ATEWAY The Information and Control Console (ICC) contains multiple opportunities for an operator to display its branding or the branding of partners during the user’s session. As an alternative to the ICC, a simple pop-up window provides the opportunity to display a single logo.

  • Page 19: Nse Core Functionality

    ATEWAY NSE Core Functionality Powering Nomadix’ family of Access Gateways, the Nomadix Service Engine (NSE) delivers a full range of features needed to successfully deploy public access networks. These “core” features solve issues of connectivity, security, billing, and roaming in a Wi-Fi public access network.

  • Page 20: Access Control

    Secure Socket Layer (SSL)  Secure XML API  Session Rate Limiting (SRL)  Session Termination Redirect  Smart Client Support  SNMP Nomadix Private MIB  Static Port Mapping  Tri-Mode Authentication  URL Filtering  Walled Garden ...

  • Page 21: Billing Records Mirroring

    With the Nomadix ICC feature enabled, subscribers can increase or decrease their own bandwidth and pricing plans for their service dynamically.

  • Page 22: Command Line Interface

    The Command Line Interface (CLI) is a character-based user interface that can be accessed remotely or via a direct cable connection. Until your Nomadix product is up and running on the network, the CLI is the Network Administrator’s window to the system. Software upgrades can only be performed from the CLI.

  • Page 23: End User Licensee Count

     complex billing plans. Recycle existing Web page content for the centrally hosted portal page.  If you choose to use the EWS interface, Nomadix Technical Support can provide you with sample scripts. See also, “Contact Information” on page 311.

  • Page 24: Information And Control Console

    Dramatically heightens the reusability factor of costly public IP addresses.  Information and Control Console The Nomadix ICC is a HTML-based pop-up window that is presented to subscribers with their Web browser. The ICC allows subscribers to select their bandwidth and billing options quickly Introduction...

  • Page 25: Internal Web Server

    CCESS ATEWAY and efficiently from a simple pull-down menu. For credit card accounts, the ICC displays a dynamic “time” field to inform subscribers of the time remaining on their account. Information and Control Console (ICC) Additionally, the ICC contains multiple opportunities for an operator to display its branding or the branding of partners during the user’s session, as well as display advertising banners and present a choice of redirection options to their subscribers.

  • Page 26: International Language Support

    CCESS ATEWAY International Language Support The NSE allows you to define the text displayed to your users by the IWS without any HTML or ASP knowledge. The language you select determines the language encoding that the IWS instructs the browser to use. See also, Internal Web Server.

  • Page 27: Mac Filtering

    CCESS ATEWAY MAC Filtering MAC Filtering enhances Nomadix' access control technology by allowing system administrators to block malicious users based on their MAC address. Up to 50 MAC addresses can be blocked at any one time. See also, Session Rate Limiting (SRL).

  • Page 28: Radius-Driven Auto Configuration

    Once configured, this methodology can also be effectively used to centrally manage configuration profiles for all Nomadix devices in the public access network.

  • Page 29: Realm-Based Routing

    As part of Nomadix’ commitment to provide outstanding carrier-class network management capabilities to its family of public access gateways, we offer secure management through the NSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption. Establishing the IPSec tunnel not only allows for the secure management of the Nomadix Introduction...

  • Page 30: Secure Socket Layer (Ssl)

    Nomadix gateway. See also, Defining IPSec Tunnel Settings. Two subsequent events drive the secure management function of the Nomadix gateway and the devices behind it: Establishing an IPSec tunnel to a centralized IPSec termination server (for example, Nortel Contivity).

  • Page 31: Session Rate Limiting (Srl)

    XML enables solution providers to customize and enhance their product installations. This feature allows the operator to use Nomadix' popular XML API using the built-in SSL certificate functionality in the NSE so that parameters passed between the Gateway and the centralized Web server are secured via SSL.

  • Page 32: Static Port Mapping

    For example, in addition to supporting the secure browser-based Universal Access Method (UAM) via SSL, Nomadix is the only company to simultaneously support port-based authentication using IEEE 802.1x and authentication mechanisms used by Smart Clients.

  • Page 33: Web Management Interface

    CCESS ATEWAY Web Management Interface Nomadix’ Access Gateways can be managed remotely via the built-in Web Management Interface where various levels of administration can be established. See also, Using the Web Management Interface (WMI). Introduction...

  • Page 34: Optional Nse Modules

    The optional High Availability Module offers enhanced network uptime and service availability when delivering high-quality Wi-Fi service by providing Fail-Over functionality. This module allows a secondary Nomadix Access Gateway to be placed in the network that can take over if the primary device fails, ensuring Wi-Fi service remains uninterrupted.

  • Page 35: Network Architecture (Sample)

    CCESS ATEWAY Network Architecture (Sample) The Access Gateway can be deployed effectively in a variety of wireless and wired broadband environments where there are many users—usually mobile—who need high speed access to the Internet. The following example shows a potential Hospitality application:...

  • Page 36: Online Help (Webhelp)

    Windows, Macintosh, or UNIX-based platforms) using either Internet Explorer or Netscape Navigator (see note). WebHelp is useful when you have an Internet connection to the Access Gateway and you want to access information quickly and efficiently. It contains all the information you will find in this User Guide.

  • Page 37: Chapter 2: Installing The Access Gateway

    ATEWAY Installing the Access Gateway This section provides installation instructions for the hardware and software components of the Access Gateway. It also includes an overview of the management interface, some helpful hints for system administrators, a Quick Reference Guide, and procedures for the following tasks: “Unpacking the Access Gateway”...

  • Page 38: Unpacking The Access Gateway

    CCESS ATEWAY Unpacking the Access Gateway When you unpack the Access Gateway, you will find the following items in the carton: Item Access Gateway module Cable – power cord (US or European) Cable – serial, DB9 female to DB9 female (6ft length) Null Modem (NM) or DB9 female to RJ45 (6ft length) Null Modem (NM) Cable –...

  • Page 39: Installation Workflow

    When prompted, accept to the Nomadix End User License Agreement (EULA). You must accept the EULA before the AG can connect with the Nomadix License Key Server. When the key is successfully received from the server, your AG will reboot.

  • Page 40: Powering Up The System

    CCESS ATEWAY Powering Up the System Use this procedure to establish a direct cable connection between the Access Gateway and your laptop computer, and to power up the system. Place the Access Gateway on a flat and stable work surface.

  • Page 41: Logging In To The Command Line Interface

    ATEWAY Logging In to the Command Line Interface Use this procedure to initialize the system and log in to the Access Gateway’s Command Line Interface (CLI). The character-based CLI is used at initial start-up. Start a HyperTerminal™ session to connect to the Access Gateway. Use the following...
  • Page 42 CCESS ATEWAY a license key from the Nomadix License Key Server, you must accept the Nomadix End User License Agreement (EULA).. Installing the Access Gateway...

  • Page 43: The Management Interfaces (Cli And Web)

    CLI is the administrator’s window to the system. This is where you establish all the Access Gateway start-up configuration parameters, depending on the customer’s network architecture. The Access Gateway Menu is your starting point. From here, you access all the system administration items from the 5 (five) primary menus available: Configuration ...

  • Page 44: Menu Organization (Web Management Interface)

    Enter Menu Organization (Web Management Interface) When you have successfully installed and configured the Access Gateway from the CLI, you can then access the Access Gateway from its embedded Web Management Interface (WMI). The WMI is easier to use (point and click) and includes some items not found in the CLI. You can use either interface, depending on your preference.
  • Page 45 CCESS ATEWAY Note: Your browser preferences or Internet options should be set to compare loaded pages with cached pages. Installing the Access Gateway...

  • Page 46: Inputting Data - Maximum Character Lengths

    Location settings (all fields) Partner Image File Name Password (adding subscriber profiles) Port Description (finding ports by description) Redirection Frequency (in minutes) 2,147,483,647 (recommend 3600) Reservation Number Username (adding subscriber profiles) Valid SSL Certificate DNS Name Installing the Access Gateway...

  • Page 47: Online Documentation And Help

    Help system Other online documentation resources, available from our corporate Web site (www.nomadix.com), include a full PDF version of this User Guide (viewable with Acrobat™ Reader), white papers, technical notes, and business cases. The PDF version of this User Guide and associated README files are also available on the “Accessories”...

  • Page 48: Quick Reference Guide

    The CLI allows you to administer the Access Gateway’s start-up configuration settings. When establishing the start-up configuration for a new installation, you are connected to the Access Gateway via a direct serial connection (you do not have remote access capability because the Access Gateway is not yet configured or connected to a network).

  • Page 49: Assigning Login User Names And Passwords

    (Submit, Reset, Reboot, Add, Delete, etc.), but operators cannot change any system settings. When Administration Concurrency is enabled, one manager and three operators can access the Access Gateway at any one time (the default setting for this feature is “disabled”). Enter (system) at the Access Gateway Menu.

  • Page 50: Setting The Snmp Parameters (Optional)

    You must use the new login user name(s) and password(s) to access the system. Setting the SNMP Parameters (optional) You can address the Access Gateway using an SNMP client manager (for example, HP OpenView). SNMP is the standard protocol that regulates network management over the Internet.

  • Page 51: Enabling The Logging Options (Recommended)

    Trap recipient: 10.11.12.13 Reboot to enable new changes? [yes/no] y Rebooting... You can now address the Access Gateway using an SNMP client manager. Enabling the Logging Options (recommended) System logging creates log files and error messages generated at the system level. AAA logging creates activity log files for the AAA (Authentication, Authorization, and Accounting) functions.
  • Page 52 ]: enable Enable/disable RADIUS History Log [disabled ]: enable Enter RADIUS History Log Number (0-7) [0 ]: 2 Enter RADIUS History Log Filter 0: Emergency 1: Alert 2: Critical 3: Error 4: Warning 5: Notice 6: Info Installing the Access Gateway...
  • Page 53 System Report Log Number System Report Log Server IP 10.10.10.10 System Report Log Interval (in minutes) 5 Tracking Log Enabled Tracking Log Number Tracking Log Server IP 10.10.10.10 Tracking Log Save to file Disabled Tracking Name Reporting Enabled Installing the Access Gateway...

  • Page 54: Assigning The Location Information And Ip Addresses

    IP address, the subnet mask, and the default gateway IP address. All of these Access Gateway “location” parameters must be set up as part of the system’s start up configuration (otherwise the Access Gateway will not be “visible” on the network).
  • Page 55 24. Lab / Test 25. Other Please enter a number from the above list [ 1]: Select Network Interface Configuration Mode: 0 - Static 1 - DHCP Client 2 - PPPoE Client Select the Network Interface Configuration Mode [0]: Installing the Access Gateway...

  • Page 56: Logging Out And Powering Down The System

    Disconnect the serial cable between the Access Gateway and your computer. Connecting the Access Gateway to the Customer’s Network Use this procedure to connect the Access Gateway to the customer’s network (after the start up configuration parameters have been established).

  • Page 57: Establishing The Basic Configuration For Subscribers

    Most users have DHCP capability on their computer. To enable this service on the Access Gateway, you can either enable the DHCP relay (routed to an external DHCP server IP address), or you can enable the Access Gateway to act as its own DHCP Installing the Access Gateway...
  • Page 58 Enter (dhcp). By default, the Access Gateway is configured to act as its own DHCP server and the relay feature is “disabled.”. Please verify that your DHCP Server supports DHCP packets before enabling the relay. Not all devices containing DHCP servers (for example, routers) support DHCP Relay functionality.

  • Page 59: Dhcp Options From Rfc 2132

    16, 28, 32 List of one or more IP addresses 3-5, 7-11, 41-42, 44-45, 48-49, 65, 69-76 List of zero or more IP addresses List of one or more pairs of IP addresses (or 21, 33 address/mask pairs) Installing the Access Gateway...
  • Page 60 It is the administrator’s responsibility to ensure that the option codes and data entered are legitimate. The following screens illustrate adding additional DHCP options to a DHCP Pool. Installing the Access Gateway...
  • Page 61 CCESS ATEWAY Installing the Access Gateway...

  • Page 62: Setting The Dns Options

    DNS allows subscribers to enter meaningful URLs into their browsers (instead of complicated numeric IP addresses) by automatically converting the URLs into the correct IP addresses. You can assign a primary, secondary, or tertiary (third) DNS server. The Access Gateway utilizes whichever server is currently available.

  • Page 63: Archiving Your Configuration Settings

    CCESS ATEWAY Enter the host name (the DNS name of the Access Gateway). The host name must not contain any spaces. After assigning the host name, the system requests IP addresses for the primary, secondary, and tertiary DNS servers (the default for the DNS primary address is 0.0.0.2).

  • Page 64: Installing The Nomadix Private Mib

    Procedure Import the nomadix.mib file into your SNMP client manager. Connect to the Access Gateway from a node on the network that is accessible via the Access Gateway’s network port (Internet, LAN, etc.). Be sure to enable the SNMP daemon on the Access Gateway (available on the Access Gateway’s CLI or Web Management Interface, under the Configuration menu –...

  • Page 65: Chapter 3: System Administration

    Access Gateway from the Web Management Interface (WMI) viewpoint. Choosing a Remote Connection Once installed and configured for the customer’s network, the Access Gateway can be managed and administered remotely with any of the following interface options: Using the Web Management Interface (WMI) - Provides a powerful and flexible Web ...

  • Page 66: Using The Web Management Interface (Wmi)

    Using an SNMP Manager Once the SNMP communities are established, you can connect to the Access Gateway via the Internet using an SNMP client manager (for example, HP OpenView). SNMP is the standard protocol used in the Network Management (NM) system. This system contains two primary...

  • Page 67: Using A Telnet Client

    The following example shows a (partial) SNMP screen response. Using a Telnet Client There are many Telnet clients that you can use to connect with the Access Gateway. Using Telnet provides a simple terminal emulation that allows you to see and interact with the Access Gateway’s Command Line Interface (as if you were connected via the serial interface).

  • Page 68: Configuration Menu

    Defining the AAA Services {AAA} This procedure shows you how to set up the AAA (Authentication, Authorization, and Accounting) service options. AAA Services are used by the Access Gateway to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. The Access Gateway currently supports several AAA models which are discussed in “Subscriber...
  • Page 69 CCESS ATEWAY System Administration...
  • Page 70 CCESS ATEWAY System Administration...
  • Page 71 Access Gateway to accept and process XML commands from an external source. XML commands are sent over the network to the Access Gateway. The Access Gateway parses the query string, executes the commands specified by the string, and returns data to the system that initiated the command request.
  • Page 72 System administrators AAA Passthrough Port can set the Access Gateway to pass-through HTTPS traffic, in addition to standard port 80 traffic, without being redirected. When access to a non-HTTPS address (for example, a Search Engine or News site) has been requested, the subscriber is then redirected as usual.
  • Page 73 Enabling AAA Services with the Internal Web Server You are here because you want to enable the AAA Services with the Access Gateway’s Internal Web Server. The Access Gateway maintains an internal database of authorized subscribers, based on their MAC (hardware address) and user name (if enabled).
  • Page 74 Gateway and its clients by enabling the Internal Web Server (IWS) to display pages under a secure link—important when transmitting AAA information in a network. Adding SSL support to the Access Gateway requires service providers to obtain digital certificates from VeriSign™ to create HTTPS pages. Instructions for obtaining certificates are provided by Nomadix.
  • Page 75 Enabling the Smart Client option in the Access Gateway automatically supports all GIS compliant clients using the Internal Web Server. Enabling “Support for GIS Clients” under the Portal Page feature means that the Access Gateway will defer the managment of the GIS clients to the Portal Page server.
  • Page 76 Enabling AAA Services with an External Web Server You are here because you want to enable the AAA Services with an External Web Server (EWS). In the EWS mode, the Access Gateway redirects the subscriber’s login request to an external server.
  • Page 77 External Web Server After enabling the External Web Server you must enter a Secret Key. The Secret Key ensures that the response the Access Gateway gets from the EWS is valid. Enter the (The Access Gateway and the external authorization server must use Secret Key the same secret key).
  • Page 78 CCESS ATEWAY The feature is configured by selecting a signing method, the parameters to be signed, and assigning a secret key. Two signature methods are supported: HASH-CRC32  HMAC-MD5  Not all parameters that are part of the URL redirection string need to be included in the signature calculation.

  • Page 79: Establishing Secure Administration {Access Control

    Technical Support. Establishing Secure Administration {Access Control} The Access Gateway allows you to block administrator access to interfaces (Telnet, WMI and FTP, SSH and SFTP) and incorporates a master access control list that checks the source (IP address) of administrator logins. A login is permitted only to the interfaces that have not been blocked, and only if a match is made with the master “Source IP”...
  • Page 80 CCESS ATEWAY From the Web Management Interface, click on , then Configuration Access Control. Access Control screen appears. , enter a and an Configurable Ports Telnet Port HTTP Port Enable or disable administrator access to any of the following interfaces: System Administration...
  • Page 81 Do not enable the blocking of all interfaces without setting up and enabling SNMP. Enabling the blocking of all interfaces and disabling SNMP will completely block access to the Access Gateway administration interface. For assistance, contact Nomadix Technical Support. Enable or disable subscriber-side interface blocking for any of the following interfaces...

  • Page 82: Defining Automatic Configuration Settings {Auto Configuration

    Nomadix technical support. In this case, refer to “Contact Information” on page 311. Defining Automatic Configuration Settings {Auto Configuration} The Access Gateway allows you to define parameters to enable the automatic configuration of the system. See also, RADIUS-driven Auto Configuration. System Administration...
  • Page 83 As shown in the diagram below, two subsequent events drive the automatic configuration of Nomadix devices: A flow of RADIUS Authentication Request and Reply messages between the Nomadix gateway and the centralized RADIUS server that specifies the location of the meta...
  • Page 84 Administrative Steps to Enable Auto-Config for the NOC Administrator: Add NAS IP address. Add Nomadix Auto-Config VSA to the Nomadix dictionary file on the RADIUS server. Create a RADIUS profile with the configuration VSA. Create an FTP server with the configuration files.

  • Page 85: Setting Up Bandwidth Management {Bandwidth Management

    The following diagram shows a sample RADIUS configuration file, meta file and illustration of the FTP server setup. The Nomadix device will automatically initiate one reboot to enable the new settings. Configuration updates for network maintenance can be accomplished by simply enabling the Auto-Configuration option and rebooting the device (for example, using SNMP).

  • Page 86: Group Bandwidth Limit Policy

    266 for your product’s capabilities. If you made any changes to the settings on this screen, you must click the check box for (the Access Gateway must be rebooted). Reboot after changes are saved? Click on the button to save your changes and reboot the system, or click on the...

  • Page 87: Group Bandwidth Limit Policy - Operation

    CCESS ATEWAY Nomadix Name Role/Value VSA # GROUP_BW_POLICY_ID Defines the ID the for the group policy. Integer between 1 and 16777215, inclusive. GROUP_BW_MAX_UP Defines the total upstream bandwidth allowed for the group in Kilobits per second. Integer value. 0 is interpreted as unlimited.

  • Page 88: Group Bandwidth Limit Policy - Enable

    CCESS ATEWAY subscriber or group bandwidth attributes. However, in case a RADIUS Access-Accept contains both individual and group bandwidth attributes, the NSE will use the group attributes and ignore the per-subscriber attributes. The NSE can concurrently support some subscribers as part of a group and some others with limits set on a per-subscriber basis.

  • Page 89: Group Bandwidth Limit Policy - Current Table

    “carbon copy” servers. Additionally, if the primary and secondary servers are down, the Access Gateway can store up to 2,000 credit card transaction records. When a connection is re- established (with either server), the Access Gateway sends the stored information to the server—no records are lost!
  • Page 90  Secret Key  The Access Gateway and the “mirror” servers must use the same secret key. Repeat Step 4 for the secondary server (if any) and all carbon copy servers. Define the “fail-safe” provisions, including: Retransmit Method – Alternate, or do not alternate.

  • Page 91: Configuring Destination Http Redirect

    Subscribers requesting a website at that DNS will obtain a DNS response that contains a “magic” IP address (which is the same value obtained when the subscriber queries the DNS string “logout.nomadix.com”). The NSE will process HTTP requests for that “magic” IP address (configurable on the AAA page), and will reply with an HTTP redirection (which may include a number of signed redirection parameters) to a configured URL.
  • Page 92 CCESS ATEWAY User External Server  DNS query: www.example.com? portal1.myhotel.com/ * DNS response: 1.1.1.1 GET / HTTP/1.1… Magic IP Address ** Redirect Message Host:www.example.com *** OK Accept Message ** HTTP/1.0 302  RD Location:  TS=..&NO portal1.myhotel.com/details?OS=..&UI=..&MA=..&RN=..&PORT=..&SIP=..& NCE=..&SIGN=..&SIGNED=..&METHOD=.. … GET  details?OS=..& TS=..&NONCE=..&SIGN=..& UI=..&MA=..&RN=..&PORT=..&SIP=..& SIGNED=..&METHOD=.. HTTP/1.1 Host:  portal1.myhotel.com *** HTTP/1.1 200  OK … The figure above illustrates destination HTTP redirection, assuming a DNS query string for www.example.com, a magic IP address of 1.1.1.1, and a portal page URL of portal1.myhotel.com.
  • Page 93 CCESS ATEWAY After successful redirection occurs the list of signed parameters and signature  methods are passed to the portal page. HTTP/1.0 302 RD http://portal1.myhotel.com/details?OS=<Original Server>&UI=<NSE’s ID>&MA=<subscriber’s MAC>&RN=<Room name>&PORT=<VLAN>&SIP=<subscriber’s IP>&TS=<timestamp>&NONCE=<16 chars>&SIGN=<signature>& SIGNED=<list of signed parameters>& METHOD=<signature method> From the Web Management Interface, click on Configuration , then Destination HTTP...

  • Page 94: Managing The Dhcp Service Options {Dhcp

    Access Gateway, you can either enable the DHCP relay (routed to an external DHCP server IP address), or you can enable the Access Gateway to act as its own DHCP server. In both cases, DHCP functionality is necessary if you want to automatically assign IP addresses to subscribers.
  • Page 95 By default, the Access Gateway is configured to act as its own DHCP server and the relay feature is disabled. If you want the Access Gateway to act as its own DHCP server, do not enable the relay. Go directly to Step 8.
  • Page 96 DHCP Relay Agent IP The DHCP Relay Agent allows the Access Gateway to request a specific range of IP addresses from different IP pools from the DHCP Server. Leaving these fields blank forces the system to use the IP pool that contains IP addresses that are on the same subnet as the Access Gateway.
  • Page 97 CCESS ATEWAY If you want to add a new DHCP Pool, click on the button. The Add DHCP Pools screen appears: Enter a valid DHCP Server IP address for the DHCP server. Enter the DHCP Server Netmask Enter the starting and ending IP addresses for the DHCP address pool you want to use: DHCP Pool Start IP ...

  • Page 98: Enabling Dnssec Support

    Reset their previous state. The existing lease pool and lease table are deleted and the Access Gateway reboots. The Access Gateway can issue IP addresses to any DHCP enabled subscriber who enters the network.

  • Page 99: Managing The Dns Options {Dns

    DNS allows subscribers to enter meaningful URLs into their browsers (instead of complicated numeric IP addresses) by automatically converting the URLs into the correct IP addresses. You can assign a primary, secondary, or tertiary (third) DNS server. The Access Gateway utilizes whichever server is currently available.

  • Page 100: Managing The Dynamic Dns Options {Dynamic Dns

    CCESS ATEWAY Enter the (the DNS name of the Access Gateway). Host Name The host name must not contain any spaces. Enter a valid name (the Internet domain that DNS requests will utilize). Domain Enter the IP addresses for the DNS servers (located at the customer’s network operating center where DNS requests are sent).
  • Page 101 CCESS ATEWAY From the Web Management Interface, click Configuration , then Dynamic DNS . The Dynamic DNS Configuration screen appears: Check the checkbox to enable Dynamic DNS (DDNS) functionality. The default Enable setting is disabled. Enter the Provider Info Select the provider protocol from the menu.

  • Page 102: Gre Tunneling {Gre Tunneling

    . This is the IP address of the remote server. Enter the . This is the IP of the local GRE interface on the GRE Interface IP Address Access Gateway. Enter the . This is the subnet mask for the GRE connection. GRE Interface Subnet Mask...

  • Page 103: Setting The Home Page Redirection Options {Home

    If required, click on the check box for Parameter Passing Parameter passing allows the Access Gateway to track a subscriber’s initial Web request (usually their home page) and pass the information on to the solution provider. The solution provider uses this information to ensure that the subscriber can return to their home page easily.

  • Page 104: Enabling Intelligent Address Translation (Inat™)

    Our patented iNAT™ feature contains an advanced, real-time translation engine that analyzes all data packets being communicated between the private and public address domains. The Nomadix iNAT™ engine performs a defined mode of network address translation based on packet type and protocol (for example, GRE, IKE etc…).

  • Page 105: Defining Ipsec Tunnel Settings {Ipsec

    CCESS ATEWAY Defining IPSec Tunnel Settings {IPSec} From the Web Management Interface, click on , then . The IPSec Configuration IPSec Tunnel Settings screen appears: Check the checkbox to enable IPsec. Note that you will have to reboot for Enable IPsec IPsec to take effect.
  • Page 106 CCESS ATEWAY Managing IPSec Tunnel Peers You can add a new IPSec tunnel peer or modify the settings of an existing IPSec tunnel peer from the IPSec Tunnel Settings screen. Adding a new IPSec tunnel peer Click the button in the table.
  • Page 107 CCESS ATEWAY Note that the files must exist on flash first. In the section, select the following settings: IKE Channel Security Parameters s – Check the and/or checkboxes (you Acceptable Encryption Algorithm 3DES  must check at least one option). –...
  • Page 108 CCESS ATEWAY Adding a New IPSec Security Policy In the table, click the button to add an entry. The IPsec IPSec Security Policies Tunnel Security Policy Settings screen opens. Select the tunnel peer IP address for which you would like to add a security policy from menu.
  • Page 109 CCESS ATEWAY Next you will define selectors of the Security Policy. All selectors must match for the policy to be applied. Define the following selectors for the Remote End – Enter the IP address of the remote network secured by the IPSec ...
  • Page 110 CCESS ATEWAY – See Setting joint ESP and AH parameters to set parameters that pertain to both  ESP and AH policies. Setting joint ESP and AH parameters These parameters affect both ESP and AH policies. Select all the by putting a check in the ...

  • Page 111: Establishing Your Location {Location

    CCESS ATEWAY Establishing Your Location {Location} This command sets up your location and the corresponding IP addresses for the network interface, subscriber interface, subnet, and default gateway. You *must* provide your full location information. From the Web Management Interface, click on , then Configuration Location.
  • Page 112 You may lose your connection if you change the IP settings incorrectly (using invalid IP addresses). If you “misconfigure” the Access Gateway and network connectivity is lost, you can still access the Access Gateway from the Command Line Interface (CLI) via a direct serial connection. In this case, refer to: Powering Up the System “Logging In”...
  • Page 113 CCESS ATEWAY All IP addresses must be established, otherwise the Access Gateway will not be “visible” on the network. Make a selection for . This determines how the Access Network Configuration Method Gateway receives its IP address to work on the network.

  • Page 114: Managing The Log Options {Logging

    Default Gateway The default gateway is the IP address of the router that the Access Gateway uses to transmit data to the Internet. When finished, you must reboot the system for the new settings to take effect. Click on the...
  • Page 115 CCESS ATEWAY From the Web Management Interface, click on Configuration , then Logging. The Log Settings screen appears: System Administration...
  • Page 116 System Log When system logging is enabled, the standard SYSLOG protocol (UDP) is used to send all message logs generated by the Access Gateway to the specified SYSLOG server. Enter a unique number (between 0 and 7) in the field. This ID System Log Number number is assigned to the System Log Server.
  • Page 117 There are IN and OUT messages for the beginning and ending of each session. Examples: INFO [Access Gateway v2.4.113] LI : IN-->: THU JUN 23 11:43:58 2007 | testlab | S(192.168.2.4/3444), D(66.163.175.128/80), X(67.130.149.4/5004), non-proxy , 00:90:27:78:81:00, RADIUS, IPASS/0U0000 INFO [Access Gateway v2.4.113] LI : OUT-->: THU JUN 23 11:44:01 2007 | testlab |...
  • Page 118 CCESS ATEWAY PageFaults are stored in the file named “lograw.txt” in the /flash directory and is not viewable on the web management interface. Check the option to enable or disable the Subscriber Subscriber Tracking Log tracking log. Note: NTP must be enabled on the NSE for Subscriber tracking log to be enabled.

  • Page 119: Enabling Mac Authentication {Mac Authentication

    CCESS ATEWAY Check the Subscriber Tracking Log save to file option to save the syslogs locally to the NSE flash. Note: Not recommended. Check the Include User Name Reporting option to include the first 25 characters of the username in the Syslog. Check the Port Location: Include Port Reporting option and...

  • Page 120: Assigning Passthrough Addresses (Passthrough Addresses)

    Reset Assigning Passthrough Addresses (Passthrough Addresses) The Access Gateway allows up to 300 IP passthrough addresses and DNS names. This feature allows users to “pass through” the Access Gateway and access predetermined services (for example, the redirected home page) at the solution provider’s discretion, even though they may not have subscribed to the broadband Internet service.

  • Page 121: Assigning A Pms Service {Pms

    The Access Gateway can be integrated with existing Property Management Systems. For example, by integrating with a hotel’s PMS, the Access Gateway can post charges for Internet access directly to a guest’s hotel bill. In this case, the guest is billed only once. The Access Gateway outputs a call accounting record to the PMS system whenever a subscriber purchases Internet service and decides to post the charges to their room.
  • Page 122 Refer to “Contact Information” on page 311. Before you can change the PMS settings, a PMS must be connected to the Access Gateway via the serial port on the rear panel. See also, “Connecting the Access Gateway to the Customer’s Network”...
  • Page 123  Ramesys ImagInn PMS  OnQ (System 21)  Xeta Virtual XL  Nomadix offers the following standards-based interfaces, generally used to establish an interface to any of the PMS systems that are not proprietary: HOBIC-RSI  HOBIC-TSPS  HOBIC-1BT2 ...
  • Page 124 CCESS ATEWAY From the Web Management Interface, click on , then The Property Configuration PMS. Management System Settings screen appears: System Administration...
  • Page 125 You also have the following check box options (see note): Match Last Name Only  Skip First Char in Last Name  OnQ Compliant (Enable this option if you want to use Nomadix Micros POS  emulation to query & post to Hilton Corporation's OnQ PMS system). System Administration...
  • Page 126 If the “Skip First Char in Last Name” feature is enabled, the space is reserved for purposes other than the first character of the last name, so the Access Gateway will skip the first space in the last name field for name verification.

  • Page 127: Setting Up Port Locations {Port-Location

    CCESS ATEWAY Setting Up Port Locations {Port-Location} Port-Location allows you to establish the mode of operation for devices. From the Web Management Interface, click on Configuration , then Port-Location. Port-Location Settings screen appears: System Administration...
  • Page 128 System administrators can set the properties for each room from the subscriber side of the Access Gateway. The system automatically detects which port number the administrator is using and allows them to enter the fields for the room corresponding to the port they are using.
  • Page 129 CCESS ATEWAY These options enable an SNMP query to “ask” the access concentration device which card, slot, or port the information is coming from. The information can then be “sent to” and “billed by” the PMS. You must enter the (not name), IP address SNMP community...
  • Page 130 This section shows In Room Port Mapping from the subscriber side, when the In Room Port Mapping feature is enabled. Access Gateway multiple VLAN tagged systems can use the same tags and be placed on different Subscriber ports. Although it is technically possible to place two different VLAN tagged switches (one on each Subscriber side) that have the same VLAN tags designated, this configuration can cause problems.
  • Page 131 CCESS ATEWAY Enter your user name and password, then click on the button. The In Room Port Mapping screen appears: Enter the room number and a description for this room. Select the access mode you want to assign to this room: Room Free Access ...

  • Page 132: Setting Up Quality Of Service {Qos

    CCESS ATEWAY Setting up Quality of Service {QoS} The Quality of Service feature allows subscriber traffic to be classified so that it can then be acted upon by devices that support QoS prioritization or other QoS capabilities. This requires the use of 802.1q-based VLANS on the network, as it is based on 802.1p Class of Service (CoS) marking.

  • Page 133: Defining The Radius Client Settings {Radius Client

    The “Usernames” function must be enabled for a RADIUS login. See also, “Defining the AAA Services {AAA}” on page Nomadix offers an integrated RADIUS client, allowing service providers to track or bill users based on the number of connections, location of the connection, bytes sent and received, connect time, etc.
  • Page 134 (including bytes transferred, connect time, etc.). The Access Gateway's RADIUS implementation also handles vendor specific attributes (VSAs), required by WISPs that want to enable more advanced services and billing schemes, such as a per device/per month connectivity fee.
  • Page 135 CCESS ATEWAY For additional RADIUS information, see also: “Defining the RADIUS Proxy Settings {RADIUS Proxy}” on page 126  “Defining the Realm-Based Routing Settings {Realm-Based Routing}” on page 130  “RADIUS Attributes” on page 281  From the Web Management Interface, click on , then Configuration RADIUS Client.
  • Page 136 Default User Idle Timeout before the subscriber’s session times out and they must login again. The Access Gateway can reauthenticate “repeat” subscribers who return to the system within 720 hours. To enable this feature, click on the check box for...
  • Page 137 The following VSAs are used for implementation of volume- and time-based Radius termination action: VSA Name Value Termination-Action Session-Timeout Nomadix-MaxBytesDown 3000000 Nomadix-MaxBytesUp 3000000 If required, check the box for Enable Session-Terminate-End-Of-Day When Authorized (to allow business policies that want to terminate the session at midnight of every day).

  • Page 138: Defining The Radius Proxy Settings {Radius Proxy

    Enable Goodbye URL post session “goodbye” page). The “goodbye” page can be defined as a RADIUS VSA or be driven by the Access Gateway’s Internal Web Server (IWS). If required, check the box to create a link that users can go...
  • Page 139 CCESS ATEWAY From the Web Management Interface, click on Configuration , then RADIUS Proxy. RADIUS Proxy Settings screen appears: Enable or disable , as required, by clicking on the appropriate RADIUS Proxy Services check box. If you enabled RADIUS Proxy Services, you must provide the Authentication Server Port and the references.
  • Page 140 Adding an Upstream RADIUS NAS If you want to add a new Upstream RADIUS NAS (for example, an 802.11 Access Point on the subscriber side of the Access Gateway), click on the button. The Add Upstream RADIUS NAS screen appears: To make this entry the “active”...
  • Page 141 CCESS ATEWAY Place a check in the box of the Nomadix VSAs to be enforced by the Proxy for this entry The Radius VSA for Bandwidth-Up will be passed on  Enforce Bandwidth-Up VSA: to the Upstream NAS when enabled.

  • Page 142: Defining The Realm-Based Routing Settings {Realm-Based Routing

    CCESS ATEWAY The Upstream RADIUS NAS definition you just added appears in the list. You can add up to 10 definitions. Repeat Steps 5 through 11 to add more Upstream RADIUS NAS definitions, as required. To view your configured RADIUS Service Profiles and Realm Routing Policies, click on the link: Click here to see configured RADIUS service profiles and Realm Routing Policies...
  • Page 143 CCESS ATEWAY “RADIUS Attributes” on page 281  From the Web Management Interface, click on Configuration , then Realm-Based Routing. The Realm-Based Routing Settings screen appears: Define RADIUS Service Profiles RADIUS service profiles are used to direct username access requests for both plain RADIUS users and users who supply realm/domain in their username.
  • Page 144 CCESS ATEWAY To add a RADIUS Service Profile, click on the appropriate button. The Add RADIUS Service Profile screen appears: Enter a name of your choice for this service profile in the field. Unique Name Authentication This category requires input for enabling RADIUS authentication and requires you to define IP addresses, ports, and secret keys for the primary and secondary RADIUS servers (the secondary server is optional).
  • Page 145 The secret key is a valuable and necessary security measure. The Access Gateway and the RADIUS servers must use the same secret key. Repeat Steps 2 through 4 for the secondary RADIUS authentication server (if used).
  • Page 146 CCESS ATEWAY Define Tunnel Profiles Tunnel profiles can be defined when L2TP tunnel parameters are known and it is not necessary to send an access request to a RADIUS server to obtain those parameters or for accounting purposes. Create a tunnel profile for each L2TP tunnel whose parameters are known. The tunnel parameters that the profile contains are the IP address of the LNS and the tunnel password.
  • Page 147 CCESS ATEWAY The tunnel server in this case is configured to authenticate users via another RADIUS server that handles a single realm. Since it handles a single realm, no realm information is needed for users and so must be stripped. In this case, it is stripped by the NSE, but it could easily have been stripped by the tunnel server, or by the tunnel server’s RADIUS server.
  • Page 148 CCESS ATEWAY System Administration...
  • Page 149 CCESS ATEWAY The following screen shows a realm routing policy that handles suffix-based usernames using a tunnel profile. This differences in this example are that the realm name is “tcisp.com”, “Suffix match only” is enabled (the delimiter in this case is “@”), and a tunnel profile, “LNSOne”, is selected instead of a RADIUS service profile.
  • Page 150 CCESS ATEWAY The “Local hostname” field is also blank is this example which means that the NSE will use the default value of “usg_lac” during tunnel negotiation. Configure RADIUS Client The NSE RADIUS client must be setup for realm-based routing mode since realm information will be used by the NSE’s L2TP tunnel feature to determine how to handle usernames that contain realm information.

  • Page 151: Managing Smtp Redirection {Smtp

    Managing SMTP Redirection {SMTP} When SMTP redirection is enabled (for misconfigured or properly configured subscribers), the Access Gateway redirects the subscriber’s E-mail through a dedicated SMTP server, including SMTP servers which support login authentication. To the subscriber, sending and receiving E- mail is as easy as it’s always been.

  • Page 152: Managing The Snmp Communities {Snmp

    ATEWAY Managing the SNMP Communities {SNMP} You can address the Access Gateway using an SNMP client manager (for example, HP OpenView). SNMP is the standard protocol that regulates network management over the Internet. To do this, you must set up the SNMP communities and identifiers. For more information about SNMP, see “Using an SNMP Manager”...

  • Page 153: Enabling Dynamic Multiple Subnet Support (Subnets)

    Reset You can now use your SNMP client to manage the Access Gateway via the Internet. Enabling Dynamic Multiple Subnet Support (Subnets) Nomadix’ dynamic multiple subnet support allows you to create flexible and cost-effective IP pool solutions to meet the demands of complex networks in large residential and public access networks.
  • Page 154 CCESS ATEWAY From the Web Management Interface, click on , then The Public Configuration Subnets. Subnets Settings screen appears: Click on the button to add a new public subnet. The Add Public Subnets screen appears: Enter a valid IP address for this subnet in the Subnet field.

  • Page 155: Displaying Your Configuration Settings {Summary

    For additional information about the multiple subnet feature, go to “Contact Information” on page 311 for Nomadix Technical Support. Displaying Your Configuration Settings {Summary} You can display a summary listing of all your current Configuration settings. To view the summary listing, go to the Web Management Interface, click on...

  • Page 156: Setting The System Date And Time {Time

    CCESS ATEWAY The Summary of Configuration Settings screen appears (partial screen shown here): More listings ... Setting the System Date and Time {Time} This procedure shows you how to set the system date and time. System Administration...
  • Page 157 CCESS ATEWAY From the Web Management Interface, click on Configuration , then Time. The Set Date and Time screen appears: if you Select to use the local hardware time or select Internal Time External Time Server want to use NTP instead of the internal clock of the NSE If you select , enter the new date and time parameters in the relevant fields Internal Time...

  • Page 158: Setting Up Traffic Descriptors

    Time Server 1-4 correct time. The Access Gateway also allows you to enter a “Time offset from UTC.” This parameter is the Universal Coordinated Time, based on the ISO 8601 standard, and is used in conjunction with RADIUS servers (for example, if the RADIUS server is setup for a time zone that is different from the Access Gateway).

  • Page 159: Setting Up Url Filtering {Url Filtering

    Setting Up URL Filtering {URL Filtering} The Access Gateway can restrict access to specified Web sites based on URLs defined by the system administrator. URL filtering will block access to a list of sites and/or domains entered by the administrator using the following three methods: Host IP address (for example, 1.2.3.4)

  • Page 160: Selecting User Agent Filtering Settings

    (the address will be added to the displayed list). Add or remove addresses, as required. Selecting User Agent Filtering Settings The Access Gateway can ignore traffic being generated by unsubscribed user devices that are not accessing walled garden sites or an unauthenticated users.

  • Page 161: Zone Migration

    CCESS ATEWAY From the Web Management Interface, click on Configuration , then User Agent Filtering. The User Agent Filtering Settings screen appears: Enable to use the filtering capabilities for the User-Agents. User-Agent Filtering Add the names of the different User-Agents that you want to filter to the HTTP User- Agent name field.
  • Page 162 CCESS ATEWAY From the Web Management Interface, click on , then Configuration Zone Migration. Zone Migraton Settings screen appears: Select to enable the Zone Migration feature. Relogin after migration Add a new Zone In the section, new zones can be added and initially configured, using Zone-Based Migration the following parameter fields: –...

  • Page 163: Defining Ipsec Tunnel Settings

    NSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption. Establishing the IPSec tunnel not only allows for the secure management of the Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on...
  • Page 164 CCESS ATEWAY Two subsequent events drive the secure management function of the Nomadix gateway and the devices behind it: Establishing an IPSec tunnel to a centralized IPSec termination server (for example, Nortel Contivity). As part of the session establishment process, key tunnel parameters are exchanged (for example, Hash Algorithm, Security Association Lifetimes, etc.).

  • Page 165: Network Info Menu

    CCESS ATEWAY Network Info Menu Displaying ARP Table Entries {ARP} You can display a table that shows the current status of the ARP (Address Resolution Protocol) assignments. ARP is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address.

  • Page 166: Displaying The Host Table {Hosts

    CCESS ATEWAY The DAT Session Table screen appears: Click on the Delete all sessions button to clear all current subscriber sessions. Deleting DAT sessions will cause all misconfigured subscribers to lose their Internet connection for a short period of time. Displaying the Host Table {Hosts} You can display a table which lists the hosts that are currently configured.

  • Page 167: Displaying Icmp Statistics {Icmp

    CCESS ATEWAY The Host Table screen appears: Displaying ICMP Statistics {ICMP} You can display the current ICMP (Internet Control Message Protocol) statistics. ICMP is a standard Internet protocol that delivers error and control messages from hosts to message requestors. These statistics are presented as a listing which details the current status of each ICMP transmission element.
  • Page 168 CCESS ATEWAY The Network Interfaces screen appears: System Administration...

  • Page 169: Displaying The Ip Statistics {Ip

    CCESS ATEWAY Displaying the IP Statistics {IP} You can display the IP (Internet Protocol) statistics which are presented as a detailed listing of all IP elements and their current status. With IP transmissions, data is broken up into packets which are then sent over the network. By using IP addressing, Internet Protocol ensures that the data reaches its destination, even though different packets may “pass through”...

  • Page 170: Displaying The Active Ip Connections {Sockets

    CCESS ATEWAY To view the Routing Tables, go to the Web Management Interface, click on , then Network Info click on Routing. The Routing Tables screen appears: Displaying the Active IP Connections {Sockets} You can display a table which provides a detailed listing of all currently active IP (Internet Protocol) connections.

  • Page 171: Displaying The Static Port Mapping Table {Static Port-Mapping

    CCESS ATEWAY The Socket Table screen appears: Displaying the Static Port Mapping Table {Static Port-Mapping} You can display a table which provides a detailed listing of the currently active static port mapping scheme. To view the Static Port-Mapping Table, go to the Web Management Interface, click on , then click on Network Info Static Port-Mapping.

  • Page 172: Displaying Tcp Statistics {Tcp

    CCESS ATEWAY Displaying TCP Statistics {TCP} You can display the TCP (Transmission Control Protocol) statistics which are presented as a detailed listing of all TCP elements and their current status. TCP is a standard protocol that manages data transmissions across networks. To view the TCP Statistics, go to the Web Management Interface, click on Network Info , then...

  • Page 173: Displaying Udp Statistics {Udp

    CCESS ATEWAY Displaying UDP Statistics {UDP} You can display the UDP (User Datagram Protocol) statistics which are presented as a detailed listing of all UDP elements and their current status. UDP is an Internet standard transport layer protocol. It is a connectionless protocol which adds a level of reliability and multiplexing to the Internet Protocol (IP).

  • Page 174: Adding And Updating Port-Location Assignments {Add

    There may even be multiple ports assigned to a single room or location. The Access Gateway uses a port-location authorization table to manage the assigned ports and ensure accurate billing for the services used by a particular port.
  • Page 175 CCESS ATEWAY Adding a Port-Location Assignment This procedure shows you how to add a port-location assignment. If you want to update an existing assignment, go to Updating a Port-Location Assignment. From the Web Management Interface, click on Port-Location, then Add. The Add Port- Location Assignments screen appears: System Administration...
  • Page 176 CCESS ATEWAY Enter a location identifier in the Location field. Locations can be assigned as an alpha, numeric, or alpha-numeric value unless a PMS interface is used (see note). If you are using a PMS interface, ensure that the "Location" field consists only of numbers (no alpha characters or symbols).

  • Page 177: Deleting All Port-Location Assignments {Delete All

    Deleting All Port-Location Assignments {Delete All} This procedure shows you how to delete all port-location assignments. The Access Gateway displays a warning and prompts you to confirm this action before deleting all the port-locations currently assigned in the system.

  • Page 178: Deleting Port-Location Assignments By Location {Delete By Location

    Deleting Port-Location Assignments by Location {Delete by Location} This procedure shows you how to delete a port-location assignment, based on its location. The Access Gateway prompts you to confirm this action before deleting the requested port- location. If you are unsure which port-locations are currently mapped to the system, you can view a list at “Displaying the Port-Location Mappings {List}”...

  • Page 179: Deleting Port-Location Assignments By Port {Delete By Port

    Deleting Port-Location Assignments by Port {Delete by Port} This procedure shows you how to delete a port-location assignment, based on its port. The Access Gateway prompts you to confirm this action before deleting the requested port- location. If you are unsure which port-locations are currently mapped to the system, you can view a list at “Displaying the Port-Location Mappings {List}”...

  • Page 180: Finding Port-Location Assignments By Description {Find By Description

    CCESS ATEWAY From the Web Management Interface, click on , then The Export Port-Location Export. Port-Location Assignments screen appears: Click on the button to export port-location assignment to the /flash/location.txt. Export file. Finding Port-Location Assignments by Description {Find by Description} This procedure shows you how to find a port-location assignment, based on its description.

  • Page 181: Finding Port-Location Assignments By Location {Find By Location

    CCESS ATEWAY Finding Port-Location Assignments by Location {Find by Location} This procedure shows you how to find a port-location assignment, based on its location. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their description or port.

  • Page 182: Finding Port-Location Assignments By Port {Find By Port

    CCESS ATEWAY Finding Port-Location Assignments by Port {Find by Port} This procedure shows you how to find a port-location assignment, based on its port. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their description or location.

  • Page 183: Importing Port-Location Assignments {Import

    Importing Port-Location Assignments {Import} This procedure shows you how to import port-location assignments from the “location.txt” file. The location.txt file is stored in: /flash/location.txt (resident in the Access Gateway’s flash memory). If you have never exported port-location assignments (since installing the Access Gateway at this site), the location.txt is empty.
  • Page 184 CCESS ATEWAY Creating a “location.txt” File You can create your own “location.txt” file and upload the file to the Access Gateway’s flash memory at [IP address]/flash/location.txt. Use the following format when creating the file: “1”,1,00:00:00:00:00:00,0.0.0.0,0, “Room 101” The 4 (four) fields used in the format represent the standard format for port-location assignments (location, port, modem MAC address for RiverDelta, subnet, state, description).

  • Page 185: Displaying The Port-Location Mappings {List

    CCESS ATEWAY Displaying the Port-Location Mappings {List} You can display a listing of all port-locations assigned to this system. To view the listing of port-location assignments, go to the Web Management Interface, click on , then click on The List Port-Location Assignments screen appears: Network Info List.
  • Page 186 CCESS ATEWAY Adding a Subscriber Type Profile From the Web Management Interface, click on , then Subscriber Administration Add. The Add a Subscriber Profile to the Database screen appears: Choose the account type. Subscriber Define the DHCP Address Type: (only used when the IP Upsell feature Public Private is enabled, otherwise leave this set to “private”).
  • Page 187 CCESS ATEWAY In the Username field, enter a user name for this subscriber. If you entered a MAC address and you do not want to assign a user name, skip Step 9 (password). User names and passwords are case-sensitive. Having a user name and password is an optional service that subscribers may request (for example, if they are using more than one machine, or moving between locations and they want an additional level of security).
  • Page 188 CCESS ATEWAY Adding a Device Type Profile From the Web Management Interface, click on , then Subscriber Administration Add. The Add a Subscriber Profile to the Database screen appears: Choose the account type for this profile. Device If required, enable the feature.
  • Page 189 CCESS ATEWAY Select a policy from the QoS Policy menu. See “Setting up Quality of Service {QoS}” on page 120 for more information. Enable to allow the specified user to have their SMTP traffic STMP Redirection redirected by the global SMTP redirect configuration. Click on the button to add this device to the database, or click on the button if you...
  • Page 190 CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Administration Add. The Add a Subscriber Profile to the Database screen appears: Choose the type for this profile. Group Account Define the DHCP Address Type: (only used when the IP Upsell feature Public Private is enabled, otherwise leave this set to “private”).

  • Page 191: Displaying Current Subscriber Connections {Current

    CCESS ATEWAY Define the Min Upstream Bandwidth Max Upstream Bandwidth range for this subscriber (in Kbps). Define the range for this Min Downstream Bandwidth Max Downstream Bandwidth subscriber (in Kbps). Enter the for the subscriber account. Maximum users per group Select a policy from the menu.

  • Page 192: Deleting Subscriber Profiles By Mac Address {Delete By Mac

    To view individual subscribers, simply click on the linked MAC address. Deleting Subscriber Profiles by MAC Address {Delete by MAC} This procedure shows you how to delete a subscriber profile from the Access Gateway’s database of authorized subscribers, based on the profile’s MAC address.

  • Page 193: Deleting Subscriber Profiles By User Name {Delete By User

    “MAC Address” value to the 00 state. Deleting Subscriber Profiles by User Name {Delete by User} This procedure shows you how to delete a subscriber profile from the Access Gateway’s database of authorized subscribers, based on the profile’s user name.

  • Page 194: Displaying The Currently Allocated Dhcp Leases {Dhcp Leases

    , then click on Subscriber Administration DHCP Leases. To utilize this feature, your Access Gateway must be set to act as its own DHCP Server. The DHCP function cannot be set to DHCP Relay. Refer to “Managing the DHCP service options {DHCP}” on page...

  • Page 195: Finding Subscriber Profiles By Mac Address {Find By Mac

    Finding Subscriber Profiles by MAC Address {Find by MAC} This procedure shows you how to find a subscriber profile from the Access Gateway’s database of authorized subscribers, based on the profile’s MAC address. Use this procedure when you want to see the statistics corresponding to the MAC address.

  • Page 196: Listing Subscriber Profiles By Mac Address {List By Mac

    CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Administration Find by The Find a Subscriber Profile screen appears: User. In the field, enter the user name of the subscriber you want to find. Enter Username Click on the button to view this subscriber profile, or click on the button if Show...

  • Page 197: Listing Subscriber Profiles By User Name {List By User

    CCESS ATEWAY -1 indicates a subscriber added by Admin or XML useradd with no associated plans. Listing Subscriber Profiles by User Name {List by User} You can display the currently active database of authorized subscribers, based on user names. To view the list of Authorized Subscriber Profiles, go to the Web Management Interface, click Subscriber Administration , then click on List by User.

  • Page 198: Viewing Radius Proxy Accounting Logs {Radius Session History

    CCESS ATEWAY Viewing RADIUS Proxy Accounting Logs {RADIUS Session History} These settings are available under Subscriber Administration/RADIUS Session History menu. Enable Logfile checkbox When this setting is enabled any RADIUS proxy accounting messages sent or received by the RADIUS proxy application are logged into a file named “RADHIST.RAD” in the /flash directory.

  • Page 199: Displaying Current Profiles And Connections {Statistics

    (for example, free access, credit card, etc.). The total number of user profiles stored in the Access Gateway’s internal database is also shown. To view the Subscriber Statistics, go to the Web Management Interface, click on...
  • Page 200  charge. In addition to credit card billing, Property Management Systems used by hotels are also supported along with the internal data base of the Access Gateway and billing via Nomadix' secure XML API. See also, “Assigning a PMS Service {PMS}” on page 109 (see following note).
  • Page 201 CCESS ATEWAY From the Web Management Interface, click on Subscriber Interface , then Billing . The Internal Billing Options Setup screen appears: Options Review the billing plans (normal plans and X over Y plans) that are currently active. To view or edit a billing plan, simply click on the button opposite the View/Edit/Delete corresponding plan.
  • Page 202 CCESS ATEWAY The Internal Billing Options Plan Setup or Internal Billing Options XoverY Plan Setup screen appears for the billing plan (and type) you selected. System Administration...
  • Page 203 CCESS ATEWAY Sample of Internal Billing Options XoverY Plan Setup Screen Depending on the type of plan you want to set up, go to: “Setting Up a “Normal” Billing Plan” on page 192.  System Administration...
  • Page 204 (either Minute, Hour, Day, Week, or Month). One time unit is assigned to each billing plan. The Access Gateway allows you to define multiple billing plans with different time units at the same time. For example, you can define one billing plan that changes by the hour (e.g.
  • Page 205 CCESS ATEWAY Define the messages you want to present to subscribers, including: Introduction Message  Offer Message  Policy Message  Define the (Minute, Hour, Day, Week, or Month) you want to make Units of Access available to subscribers. If you want to allow free access to subscribers, you can define the following free billing options: Default Free Access Time (in days) ...

  • Page 206: Setting Up The Information And Control Console {Icc Setup

    (previous) screen. Setting Up the Information and Control Console {ICC Setup} The Nomadix ICC is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing plan options quickly and efficiently, and displays a dynamic “time”...
  • Page 207 CCESS ATEWAY (described above). The pop-up Logout Console offers the opportunity to display the elapsed/ count-down time and one logo for intra-session service branding. Featured Logout Console This procedure allows you to set up how the ICC is displayed to subscribers. For more information about the ICC, go to “Information and Control Console (ICC)”...
  • Page 208 CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Interface ICC Setup The ICC Setup screen appears: System Administration...
  • Page 209 If you enabled either of the ICC pop-up options, you can choose a unique name for the console. Simply type a meaningful name in the field. Title Define the physical location where you want the Nomadix Logout Console to appear on the subscriber’s screen. Choose one of the following options: Upper Left Corner ...
  • Page 210 When assigning images for buttons, refer to: “Pixel Sizes” on page 200. If you assign (or change) button images or banner images, the Access Gateway must be rebooted for your changes to take effect. When you have completed assigning all your redirect buttons, click on the...
  • Page 211 CCESS ATEWAY Assigning Banners From the Subscriber Console (Information and Control Console - ICC) Setup screen, click on the link. The Subscriber Console (Information and Control Configure Banners Console - ICC) Banners Setup screen appears: Click here to return to the previous screen You can display up to 5 banners, but they must be defined here.
  • Page 212 Stop Time (Optional)  If you assign (or change) button images or banner images, the Access Gateway must be rebooted for your changes to take effect. If you changed any of the Image Name definitions, click on the check box for...

  • Page 213: Defining Languages {Language Support

     Defining Languages {Language Support} The Access Gateway allows you to define the text displayed to your users by the Internal Web Server (IWS) without any HTML or ASP knowledge. The language you select here will determine the language encoding that the Access Gateway’s Internal Web Server instructs the browser to use.
  • Page 214 CCESS ATEWAY French  German  Japanese (Shift_JIS)  Spanish  Other, with drop-down menu (see note)  From the Web Management Interface, click on , then Subscriber Interface Language Support . The Language Support screen appears: Select the language you want to use (see notes). There are currently 6 (six) “pre-translated”...

  • Page 215: Enable Serving Of Local Web Pages {Local Web Server

    CCESS ATEWAY If sufficient space is available, the Access Gateway’s Internal Web Server also supports multiple languages at the same time. The following sample image shows the Web Management Interface (WMI) displayed with Asian language characters. Enable Serving of Local Web Pages {Local Web Server} Here are the quick setup instructions to enable serving of local web pages.
  • Page 216 CCESS ATEWAY The pages can now be served by referencing the URL http://nseip:1111/web/<filename> or at https://nseip:1112/web/<filename> for preauthenticated end users. The post-authentication pages and images are available at http://nseip:3111/web/ <filename> These settings are available under Subscriber Interface/Local Web Server menu. Web Page File Name This text box lets you add or remove the names of the web pages that you intend to serve to the end users.

  • Page 217: Defining The Subscriber's Login Ui {Login Ui

    CCESS ATEWAY Defining the Subscriber’s Login UI {Login UI} This procedure allows you to set up the presentation and content of the subscriber’s login User Interface (UI). System Administration...
  • Page 218 CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Interface Login UI. Subscriber Login User Interface Settings screen appears: Define the messages you want subscribers to see when they log in. Keep messages brief and to the point. Available message categories include: Service Selection Message ...
  • Page 219 Click on the check box for if you want to enable (or Enable “Remember Me” option disable) this feature. This option enables the Access Gateway to “remember” logins for a predetermined duration (see next step). The “Remember Me” option requires JavaScript to be enabled.
  • Page 220 Image File Name Partner Image File Name must reboot the Access Gateway for your changes to take effect. In this case, click on the check box for Reboot after changes are saved? The partner image (splash screen) is not the same screen that is defined by the Image File Name (IWS screen) field.

  • Page 221: Defining The Post Session User Interface (Post Session Ui)

    The Post Session UI (Goodbye Page) can be defined either as a RADIUS VSA or be driven by the Access Gateway’s Internal Web Server (IWS). Using the IWS option means that this functionality is available for other post-paid billing mechanisms (for example, post-paid PMS—if your product license supports PMS).
  • Page 222 CCESS ATEWAY Freely configurable hypertext link (in case the ISP wants to link the user back to a  sign-up/help page). Sample of Post Session UI (Goodbye Page) System Administration...
  • Page 223 CCESS ATEWAY From the Web Management Interface, click on Subscriber Interface , then Post Session The Subscriber Post Session User Interface Settings screen appears: System Administration...

  • Page 224: Defining Subscriber Ui Buttons {Subscriber Buttons

    CCESS ATEWAY Click on the check box to enable (or disable) the IWS Enable IWS Goodbye Page Goodbye Page, as required. If you enabled the IWS Goodbye Page, select your preferred display options by checking the corresponding boxes: Display IP Address ...

  • Page 225: Defining Subscriber Ui Labels {Subscriber Labels

    CCESS ATEWAY From the Web Management Interface, click on Subscriber Interface , then Subscriber The Subscriber Page -- Control Button Definitions screen appears: Buttons. Caution Enter the definitions you want for each control button in the corresponding fields. Only the Login button should be named “Login.” Do not assign this name to any other button.
  • Page 226 CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Interface Subscriber The Subscriber Page -- Field Label Definitions screen appears: Labels. Enter the definitions you want for each label in the corresponding fields. Click on the button to save your changes, or click on the button if you want Submit Reset...

  • Page 227: Defining Subscriber Error Messages {Subscriber Errors

    CCESS ATEWAY Defining Subscriber Error Messages {Subscriber Errors} This procedure allows you to define how error messages are displayed to subscribers. There are 2 (two) pages of error messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber Errors, 1 of 2.
  • Page 228 CCESS ATEWAY If you want to reset all field values to their default state, click on the button. Revert Repeat Steps 1 – 3 for page 2 of 2 (see following screen): System Administration...

  • Page 229: Defining Subscriber Messages {Subscriber Messages

    CCESS ATEWAY Defining Subscriber Messages {Subscriber Messages} This procedure allows you to define how “other” subscriber messages are displayed. There are 3 (three) pages of subscriber messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber The Subscriber Page -- Other Message Definitions, 1 of 3 screen Messages, 1 of 3.
  • Page 230 CCESS ATEWAY Enter the definitions you want for each subscriber message in the corresponding fields. Click on the button to save your changes, or click on the button if you want Submit Reset to reset all the values to their previous state. If you want to reset all field values to their default state, click on the button.
  • Page 231 CCESS ATEWAY Repeat Steps 1 – 3 for page 3 of 3 (see following screen): System Administration...

  • Page 232: System Menu

    CCESS ATEWAY System Menu Adding an ARP Table Entry {ARP Add} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting.

  • Page 233: Deleting An Arp Table Entry {Arp Delete

    CCESS ATEWAY Deleting an ARP Table Entry {ARP Delete} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting.

  • Page 234: Enabling The Bridge Mode Option {Bridge Mode

    “remove” the Access Gateway from the network without physically disconnecting the unit. You can still manage the Access Gateway when Bridge Mode is enabled, but you have no other functionality. If you enable the Bridge Mode option and then plug the Access Gateway into a network, all you need to do is assign it routable IP addresses.

  • Page 235: Exporting Configuration Settings To The Archive File {Export

    Click on the check box for to enable this feature. Bridge Mode The Access Gateway should be rebooted if this setting is changed. If you want the changes to take effect immediately, Select to "Reboot immediately after changes are saved".

  • Page 236: Importing The Factory Defaults {Factory

    CCESS ATEWAY From the Web Management Interface, click on , then The Export System Export. Configuration screen appears: Click here to view the Click here to view the “archive.txt” file “current.txt” file Click on the button to export the current authentication settings to the archive.txt file. Importing the Factory Defaults {Factory} This procedure shows you how to replace the current authentication settings with the settings that were established at the factory.

  • Page 237: Defining The Fail Over Options {Fail Over

    Many large scale networks require fail-over support for all devices in the public access network. The Fail Over Options feature allows two Nomadix Gateways to act as siblings, where one device will take up the users should the other device become disconnected from the network.

  • Page 238: Viewing The History Log {History

    Secondary will wait while not receiving messages from the Primary before it takes over. Click on the check box for Reboot after changes are saved? If you are using RADIUS, it is recommended to add both Nomadix gateways to the RADIUS server. Click on the...

  • Page 239: Establishing Icmp Blocking Parameters {Icmp

    Access Gateway. Establishing ICMP Blocking Parameters {ICMP} The Access Gateway includes the option to block all ICMP traffic from “pending” or “non authenticated” users that are destined to addresses other than those defined in the pass-through...

  • Page 240: Importing Configuration Settings From The Archive File {Import

    CCESS ATEWAY (walled garden) list. The default setting for this option is “disabled” because ICMP pass- through is a useful end-user troubleshooting feature and is also required by certain smart clients (for example, GRIC). From the Web Management Interface, click on System , then ICMP.

  • Page 241: Establishing Login Access Levels {Login

    Administrative Concurrency may be enabled to further restrict the amount of management sessions allowed at one time. When this feature is enabled, one manager and three operators can access the Access Gateway at any one time (the default is “disabled”).
  • Page 242 CCESS ATEWAY Telnet  Command Line Interface (CLI) – serial  Web Management Interface (WMI)  FTP and SFTP (no operator access allowed)  SSH Shell Access   Only managers can assign a username and password for the remote RADIUS testing login option.
  • Page 243 URL for the test page is http://<Nomadix Access Gateway IP>/radtest/testradius.htm and can be accessed from the network side of the Access Gateway. You must open a separate browser to utilize this feature. The “Framed IP” field is configurable by the user and can be set to any IP address.

  • Page 244: Defining The Mac Filtering Options {Mac Filtering

    Reset Defining the MAC Filtering Options {Mac Filtering} MAC Address filtering enhances Nomadix' access control technology by allowing System Administrators to block malicious users based on their MAC address. Up to 600 MAC addresses can be blocked at any one time (see caution).

  • Page 245: Rebooting The System {Reboot

    235. Rebooting the System {Reboot} This procedure shows you how to reboot the Access Gateway. The “reboot” procedure outlined on this page allows you to decide when to reboot (if you are making multiple changes to different menu functions and you want to reboot just one time after completing all your changes).

  • Page 246: Adding A Route {Route Add

    Adding a Route {Route Add} This procedure shows you how to add a route into the Access Gateway’s routing table. This is accomplished by establishing the route’s destination IP address, and by setting the gateway or router IP address by which the route’s destination can be reached.

  • Page 247: Deleting A Route {Route Delete

    CCESS ATEWAY Click on the button to add this route to the routing table, or click on the Reset button if you want to reset all the values to their previous state. Deleting a Route {Route Delete} This procedure shows you how to delete a route to a specific IP destination. From the Web Management Interface, click on , then The Delete...

  • Page 248: Adding Static Ports {Static Port-Mapping Add

    Access Gateway. The advantage for the network administrator is that free private IP addresses can be used to manage devices (such as Access Points) on the subscriber side of the Access Gateway without setting them up with public IP addresses.
  • Page 249 CCESS ATEWAY From the Web Management Interface, click on System , then Static Port-Mapping Add. The Add Static Port-Mapping Entries screen appears: Enter the Internal IP Address Ensure that the device with the Internal IP Address has been added to the subscriber’s table.

  • Page 250: Deleting Static Ports {Static Port-Mapping Delete

    Access Gateway. The advantage for the network administrator is that free private IP addresses can be used to manage devices (such as Access Points) on the subscriber side of the Access Gateway without setting them up with public IP addresses.

  • Page 251: Blocking A Subscriber Interface {Subscriber Interfaces

    Updating the Access Gateway Firmware {Upgrade} Upgrading the Access Gateway firmware is performed from the Access Gateway’s Command Line Interface (CLI) only. Refer to the Firmware Upgrade Procedure (separate document available from Nomadix Technical Support).
  • Page 252 CCESS ATEWAY System Administration...

  • Page 253: Chapter 4: The Subscriber Interface

    When a subscriber accesses the solution provider’s high speed network, the Access Gateway points their browser to a sign-in page. The Access Gateway then creates a database entry that automatically records the subscriber’s Media Access Control (MAC) address and integrates this address with a PMS interface for secure billing.

  • Page 254: Authorization And Billing

    ATEWAY Authorization and Billing As a gateway device, the Access Gateway enables plug-and-play access to broadband networks. Broadband network solution providers can now offer their subscribers a wide range of high speed services, including access to the Internet. Of course, a high speed Internet connection is not free –...

  • Page 255: The Aaa Structure

    (in the hotel scenario), via a mailed invoice, or directly to the subscriber’s credit card account. The following illustration shows the functional relationship between the Access Gateway’s internal modules and the external support systems. The Subscriber Interface...
  • Page 256 CCESS ATEWAY Subscriber Login Subscriber Management Internal Web Server External Web Server Internal Web Management Interface (on flash for login pages) (for login & portal pages) Authentication Internal User Database Authorization Table Internal User Database Credit Card Server PMS System Internal Accounting Log (AAA) Accounting Billing Mirror Server(s)
  • Page 257 CCESS ATEWAY The initial login page can be presented in various ways, depending on the system’s configuration. The Access Gateway supports any of the following methods and tools: Internal and external Web pages.  External “portal” page for redirection. ...

  • Page 258: Process Flow (Aaa)

    ATEWAY Process Flow (AAA) The following flowchart outlines the AAA and billing process. All actions depicted in the chart are administered and tracked by the Access Gateway. AG detects connection and verifies user against authorization table New User Existing Subscriber...

  • Page 259: Internal And External Web Servers

    English, Chinese, French, German, Japanese, and Spanish. Home Page Redirection The Access Gateway can be configured to redirect all valid subscribers to a Web portal or home page determined by the solution provider. After a specified time, from the first home page redirection (determined by the system administrator), subscribers are redirected again to the portal at the next Web page request.

  • Page 260: Subscriber Management

     Combinations of two or more subscriber management models can be used. When a subscriber connects to the network and attempts to access the Internet, the Access Gateway looks for each model in the given order above. Subscriber Management Models The system administrator establishes the subscriber management model via the Command Line Interface (CLI) or the Web Management Interface.

  • Page 261: Configuring The Subscriber Management Models

    Credit card Enable the AAA services. You have the choice of enabling the Access Gateway’s internal authorization module or using an external credit card authorization server. Internal Authorization Enabled Enter the credit card server’s URL and IP address, then enter the merchant ID you obtain from Authorize.Net.

  • Page 262: Information And Control Console (Icc)

    CCESS ATEWAY Information and Control Console (ICC) The ICC is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing options quickly and efficiently, and displays a dynamic “time” field to inform them of the time remaining on their account. The ICC also offers service providers an opportunity to display advertising banners and provide a choice of redirection options.

  • Page 263: Logout Console

    ATEWAY Logout Console The Access Gateway allows System Administrators to define a simple HTML-based pop-up window for explicit logout that can be used as an alternative to the more fully featured ICC. The pop-up Logout Console can display the elapsed/count-down time and one logo for intra- session service branding.
  • Page 264 CCESS ATEWAY The Subscriber Interface...

  • Page 265: Chapter 5: Quick Reference Guide

    Web Management Interface (WMI) Menus The following tables contain a listing and brief explanation of all menus and menu items contained in the Access Gateway’s Web Management Interface (WMI), listed as they appear on screen. Menus...

  • Page 266: Configuration Menu Items

    (IP address) of administrator logins. A login is permitted only if a match is made with the master list contained on the Nomadix Access Gateway. If a match is not made, the login is denied, even if a correct login name and password are supplied.
  • Page 267 CCESS ATEWAY Item Description Location Sets up your location and IP addresses for the network, subscriber, subnet mask, and default gateway. Logging Enables logging options for the system and AAA functions. MAC Authentication Enables MAC authentication, retry frequency, MAC address format, MAC address hex-alpha case, and RADIUS service profile.

  • Page 268: Network Info Menu Items

    CCESS ATEWAY Network Info Menu Items Item Description Displays the ARP table, including the destination IP address and the gateway MAC address. Displays the DAT session table. Hosts Displays the host table, including host names, associated IP addresses and any assigned aliases. ICMP Displays the ICMP (Internet Control Message Protocol) performance statistics.
  • Page 269 CCESS ATEWAY Items Description Export Exports specified port-location assignments to the location.txt file. Find by Description Finds a port-location assignment, based on a unique description. Find by Location Finds a port-location assignment, based on a specified location. Find by Port Finds a port-location assignment, based on a specified port.

  • Page 270: Subscriber Administration Menu Items

    CCESS ATEWAY Subscriber Administration Menu Items Items Description Adds subscriber profiles to the database. Current Displays a list of all currently connected subscribers. Delete by MAC Deletes a subscriber, based on a specific MAC address. Delete by User Deletes a subscriber, based on a specific user name. DHCP Leases Sets up the current subscriber DHCP leases.

  • Page 271: System Menu Items

    Factory Imports the factory default settings. FailOver Sets up a “sibling” Nomadix Gateway, allowing one device to take up the users should the other device become disconnected from the network. History Displays a history log of the system’s activity, including Access, Reboot and Uptime.
  • Page 272 Reboot Reboots the Nomadix Access Gateway. Route Add Adds a route into the Nomadix Access Gateway’s routing table. Route Delete Deletes a route to a specific IP destination. Session Limit Limits the number sessions any one user can take over a given time period and, if necessary, then blocks malicious users.
  • Page 273 CCESS ATEWAY Items Description FailOver Sets up a “sibling” Nomadix Gateway, allowing one device to take up the users should the other device become disconnected from the network. History Displays a history log of the system’s activity, including Access, Reboot and Uptime.

  • Page 274: Alphabetical Listing Of Menu Items (Wmi)

    CCESS ATEWAY Alphabetical Listing of Menu Items (WMI) The menu items listed here are for a fully featured Nomadix Access Gateway (with all optional modules included). Refer to “About Your Product License” on page Item DescriptionMenu AAA ........Set AAA options..............Configuration Access Control ......Enables secure administration of the Access Gateway ..Configuration...
  • Page 275 TCP........Display the TCP performance statistics ......... Network Info Time........Set the system date and time..........Configuration UDP ........Display the UDP performance statistics ........ Network Info Upgrade ........ Upgrade the Access Gateway system firmware..... System URL Filtering ....... Define URLs for filtering............Configuration Quick Reference Guide...

  • Page 276: Default (Factory) Configuration Settings

    ATEWAY Default (Factory) Configuration Settings The following table shows a partial listing of the Access Gateway’s primary default configuration settings (the settings established at manufacturing). For a complete listing of the factory default settings, refer to the factory.txt file. For more information, go to .“Importing the...
  • Page 277 CCESS ATEWAY Function Default Setting AAA Logging Disabled AAA Log Server Number AAA Log Server IP 0.0.0.0 SYSLOG (System Logging) Disabled SYSLOG Server Number SYSLOG Server IP 0.0.0.0 AAA Services Disabled Internal Authorization Enabled New Subscribers Enabled Credit Card Service Enabled Parameter Passing Disabled...

  • Page 278: Product Specifications

    CCESS ATEWAY Product Specifications AG2300 Specifications NSE M VAILABLE ODULES High Availability - Fail Over ERFORMANCE User Support: Up to 50 users concurrently Throughput: up to 20Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL 1U rack space in a 19” rack 10.00”(L) x 10.00”(D) x 1.73”(H) 254mm(L) x 254mm(D) x 44mm(H) Weight: 5.0 lbs.
  • Page 279 CCESS ATEWAY AG2300 Specifications NVIRONMENTAL Operating temperature: 5°C to 40° C Storage temperature: 0°C to 70° C Operating humidity: 20 - 90% RH non-condensing Storage humidity: 5 - 95% RH Altitude: Up to 15,000ft OMPLIANCE FCC Class A, Part 15 CE Mark CENELEC EN 55022: 1998 + A1: 2000 + A2: 2003, Class A CENELEC EN 61000-3-2:2000...
  • Page 280 CCESS ATEWAY AG2300 Specifications ETWORKING IEEE 802.3 / 3u IEEE 802.1d DHCP Server DHCP Relay RADIUS Client (MD-5, PAP, CHAP, MS-CHAPv1, v2) Quick Reference Guide...
  • Page 281 CCESS ATEWAY AG3100 Specifications NSE M VAILABLE ODULES High Availability - Fail Over Hospitality Module - Property Management Interface (PMS) ERFORMANCE User Support: Up to 200 users concurrently Throughput: up to 85Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL 1U rack space in a 19" rack 10.00”(L) x 10.00”(D) x 1.73”(H) 254mm(L) x 254mm(D) x 44mm(H) Weight: 5.0 lbs.
  • Page 282 CCESS ATEWAY AG3100 Specifications NVIRONMENTAL Operating temperature: 5°C to 40° C Storage temperature: 0°C to 70° C Operating humidity: 20 - 90% RH non-condensing Storage humidity: 5 - 95% RH Altitude: Up to 15,000ft OMPLIANCE FCC Class A, Part 15 CE Mark CENELEC EN 55022: 1998 + A1: 2000 + A2: 2003, Class A CENELEC EN 61000-3-2:2000...
  • Page 283 CCESS ATEWAY AG5500 Specifications NSE M VAILABLE ODULES High Availability - Fail Over Hospitality Module - Property Management Interface (PMS) ERFORMANCE User Support: Up to 2000 users concurrently Throughput: up to 100Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL 1U rack space in a 19” rack 16.85”(L) x 10.04”(W) x 1.73”(H) 428mm(L) x 255mm(W) x 44mm(H) Weight: 6.61 lbs...
  • Page 284 CCESS ATEWAY AG5500 Specifications NVIRONMENTAL Operating temperature: 5°C to 40° C Storage temperature: 0°C to 70° C Operating humidity: 20 - 90% RH non-condensing Storage humidity: 5 - 95% RH Altitude: Up to 15,000ft OMPLIANCE COMPLIANCE FCC Class A, Part 15 CE Mark CENELEC EN 55022: 1998 + A1: 2000 + A2: 2003, Class A CENELEC EN 61000-3-2:2000...
  • Page 285 CCESS ATEWAY AG5500 Specifications ETWORKING IEEE 802.3 / 3u IEEE 802.1d DHCP Server DHCP Relay RADIUS Client (MD-5, PAP, CHAP, MS-CHAPv1, v2) Quick Reference Guide...
  • Page 286 CCESS ATEWAY AG5600 Specifications NSE M VAILABLE ODULES High Availability - Fail Over Hospitality Module - Property Management Interface (PMS) ERFORMANCE User Support: Up to 2000 users concurrently Throughput: up to 750Mbits/s* *As defined by RFC1242, Section 3.18 HYSICAL 1U rack space in a 19” rack 17.24”(L) x 11.53”(W) x 1.73”(H) 438mm (L) x 292.0mm (W) x 44mm (H) Weight: 8.8 lbs.
  • Page 287 CCESS ATEWAY AG5600 Specifications OMPLIANCE UL (US and Canada) FCC Class A EN 55022: 2006 + A1: 2007 EN 55024: 1998 + A1: 2001 + A2: 2003 IEC 61000-4-2: 1995 +A1: 1998 + A2: 2000 IEC 61000-4-3: 2006 IEC 61000-4-4: 2004 IEC 61000-4-5: 2005 IEC 61000-4-6: 2007 IEC 61000-4-8: 1993 : A1: 2000...
  • Page 288 CCESS ATEWAY AG5600 Specifications ETWORKING IEEE 802.3/ 3u/ 3ab IEEE 802.1d DHCP Server DHCP Relay RADIUS Client (MD-5, PAP, CHAP, MS-CHAPv1, v2) Quick Reference Guide...

  • Page 289: Sample Aaa Log

    CCESS ATEWAY Sample AAA Log The following table shows a sample AAA log. This log is generated by the Access Gateway and sent to the SYSLOG server that is assigned to AAA logging. Access Type Subscriber Expi- Date Time Gateway...

  • Page 290: Sample Syslog Report

    Removed_by_administrator authorization table. Sample SYSLOG Report Syslog reports are generated by the Access Gateway and sent to the syslog server that is assigned to general error detection and reporting. 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [Access Gateway v51.4.126] DHCP: ndxDHCPInit: 0021 DHCP initialized 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [Access Gateway v51.4.126]...

  • Page 291: Sample History Log

    CCESS ATEWAY Sample History Log A history log is generated by the Access Gateway which includes the system’s activity (Access, Reboot and Uptime). More listings ... Quick Reference Guide...

  • Page 292: Keyboard Shortcuts

    CCESS ATEWAY Keyboard Shortcuts The following table shows the most common keyboard shortcuts. Action Keyboard Shortcut Cut selected data and place it on the clipboard. Ctrl + X Copy selected data to the clipboard. Ctrl + C Paste data from the clipboard into a document (at Ctrl + V the insertion point).

  • Page 293: Radius Attributes

    All subscribers attempting to gain access to the network are validated by RADIUS. When a subscriber attempts to access the service provider's network, the Access Gateway delivers a Web page to the subscriber asking for a login name and password. This information (password) is encrypted and sent across the network to the ISP's RADIUS server.

  • Page 294: Authentication-Request

    CCESS ATEWAY The Nomadix Access Gateway RADIUS functionality can be broken down into the following categories: Authentication-Request  Authentication-Reply (Accept)  Accounting-Request  Selected Detailed Descriptions  Nomadix Vendor Specific Attributes  Authentication-Request Username  Password  Service-Type  NAS-Port (port number) ...

  • Page 295: Accounting-Request

    CCESS ATEWAY Class  Session-Timeout  Idle-Timeout  EAP-Packet (used for 802.1x)  Message-Authenticator (used for 802.1x)  Acct-Interim-Interval  Nomadix VSAs:  Nomadix-Bw-Up  Nomadix-Bw-Down  Nomadix-URL-Redirection  Nomadix-IP-Upsell  Nomadix-MaxBytesUp  Nomadix-MaxBytesDown  Nomadix-Net-VLAN  Nomadix-Session-Terminate-End-Of-Day  Nomadix-Subnet ...

  • Page 296: Selected Detailed Descriptions

    Access-Request and the Accounting-Request. Session Timeout There is currently no default session timeout that you can set in the Access Gateway Web Management Interface (WMI). If the Radius server does not send a Session-Timeout, the Access Gateway will set the subscriber expiration time to 0, which means access forever.

  • Page 297: Nomadix Vendor Specific Attributes

    Radius Accounting Interim message for the specific subscriber. If this attribute is not present or equal to 0, no Interim message is sent. The precision is 2 minutes. The Access Gateway will not send Interim messages more frequently than every 2 minutes.
  • Page 298 CCESS ATEWAY Nomadix-Bw-Down This attribute value (in Kbps) restricts the speed at which downloads are performed. Nomadix-URL-Redirection This attribute allows the administrator to redirect the user to a page of the administrators choice each time the user logs in. Nomadix-IP-Upsell This attribute allows the user to receive a public address from a DHCP pool when the Access Gateway has the IP-Upsell feature enabled.

  • Page 299: Setting Up The Ssl Feature

    CCESS ATEWAY Setting Up the SSL Feature This section describes how to set up the Access Gateway’s SSL feature. Prerequisites You should be a business that is qualified to obtain an SSL secure server ID from  different Certificate Authorities (CAs), such as VeriSign. The Certificate Authority sets this qualification criterion.

  • Page 300: Installing Cygwin And Openssl On A Pc

    CCESS ATEWAY Installing Cygwin and OpenSSL on a PC The example in this document is based on downloading the software with Netscape 4.75. The procedure starts from the Cygwin Net Release Setup Program screen: Click on the Next button. The following screen appears: Click on the button to display the next setup screen.
  • Page 301 CCESS ATEWAY Click on the Next button to display the next setup screen. Click on the button to display the next setup screen. Next Click on the Next button to display the next setup screen. Quick Reference Guide...
  • Page 302 Select a location and click on the button. Next For the purposes of this document, Nomadix used: ftp://planetmirror.com. In the following screens, please skip all packages except “cygwin” and “openssl,” then click on the Next when you are done. At the time of this writing, there are more than 70 packages to install. Please ensure that you “skip”...

  • Page 303: Private Key Generation

    CCESS ATEWAY Click on the Next button to start the “download” process. Wait for the download process to complete. Click on the button to start the “install” process. Wait for the install process to complete. Next There will be a pop-up dialog to inform you that the installation process is completed. At the pop-up dialog, click on the button.
  • Page 304 CCESS ATEWAY Run the “command” prompt from Windows, then click on the button. Go to the c:\cygwin\bin\ directory and run the following command: >openssl genrsa -rand file1:file2:file3:file4:file5 1024 > cakey.pem The following table provides an explanation of the command elements: Quick Reference Guide...
  • Page 305 However, if you are saving them as different names, you must change the names back to “cakey.pem” when trying to FTP to the Access Gateway. Do not include “-des3” option to keep the private key in an unencrypted form.

  • Page 306: Create A Certificate Signing Request (Csr) File

    CCESS ATEWAY Here is the output of cakey.pem: Create a Certificate Signing Request (CSR) File Run the following command to generate the certificate signing request: >openssl req -new -key cakey.pem > server.csr Quick Reference Guide...

  • Page 307: Create A Public Key File (Server.pem)

    The “Common Name” is the name used in the Access Gateway->AAA->SSL Certificate Domain Name. The Common Name in the Public Key must match the SSL Certificate Domain Name in the Web Management Interface of the Access Gateway (refer to the Access Gateway setup information later in this document).
  • Page 308 CCESS ATEWAY This is the procedure to get a 40-bit encryption or 128-bit Public Key from VeriSign. With IE or Netscape, go to www.verisign.com/products/site/index.html. Select for Secure Site Service. Quick Reference Guide...
  • Page 309 Some older versions of popular browsers only support 40-bit or 56-bit encryption. Since it impossible to forecast the browsers that may be used in a visitor-based network, Nomadix recommends implementing a 40-bit Public Key. During the process, VeriSign will ask for your business information and verification. There are several ways to proof the existence of your business.

  • Page 310: Setting Up Access Gateway For Ssl Secure Login

    You have now finished the process of obtaining a public key. Setting Up Access Gateway for SSL Secure Login FTP the “cakey.pem” and “server.pem” files into the Access Gateway platform's flash directory. FTP to the Access Gateway by Netscape: ftp://username:password@[Access Gateway Network IP]/flash Drag and drop the “cakey.pem”...

  • Page 311: Setting Up The Portal Page

    CCESS ATEWAY Setting Up the Portal Page System administrators can create login button(s) on the Portal Page, and can setup “http” links for regular logins, secure logins, or both. When subscribers enter the Portal Page, they can then choose either a regular login or a secure login. To setup the Portal Page, add the following: For Regular Logins: http://Access Gateway_ip:1111/usg/login?OS=http://after_login_finished_page.html For Secure Logins:...

  • Page 312: Mirroring Billing Records

    ATEWAY Mirroring Billing Records Multiple Access Gateway units can send copies of credit card billing records to a number of external servers that have been previously defined by system administrators. The Access Gateway assumes control of billing transmissions and saving billing records. By effectively “mirroring”...

  • Page 313: Xml Interface

    XML Interface XML for the External Server The Access Gateway sends a string of XML commands according to specifications. HTTP headers are added to the XML packets that are built, as the billing “mirroring” information is Content-length has also been sent to the external server in HTTP compliant XML format.
  • Page 314 The Access Gateway accepts a single line of XML text in the specified format. The XML string is a command sent by the External Server to the Access Gateway product. In this case, the acknowledgement received from the External Server forms the command. The Access...
  • Page 315 RESULT_VALUE:OK or ERROR IP:Standard IP format (123.123.123.123) ERROR_CODE1 for OK, or any other number Please contact Nomadix Technical Support for the complete XML DTD. Refer to “Contact Information” on page 311. For more information about Billing Records Mirroring, see also: “Billing Records Mirroring”...
  • Page 316 CCESS ATEWAY Quick Reference Guide...

  • Page 317: Chapter 6: Troubleshooting

     General Hints and Tips The Access Gateway is both a hardware device and a powerful software utility. As a hardware computing device, the Access Gateway requires careful handling. It should be positioned in a dust-free and temperature-controlled environment. Never block the unit’s ventilation holes, and do not stack with other equipment (unless correctly mounted in a rack).

  • Page 318: Management Interface Error Messages

    CCESS ATEWAY Management Interface Error Messages The following table contains the error messages associated with the Management Interface (CLI and Web). All messages are listed alphabetically. Error Message Cause AAA must be enabled before adding a You are attempting to add a subscriber profile subscriber to the profile database.
  • Page 319 When upgrading the software, the system FTP a valid boot image to the flash. needs the new boot image file. You must FTP the file from NOMADIX™ to your local hard drive. Warning: no DHCP services are available to This message is displayed because you have subscribers.

  • Page 320: Common Problems

    CCESS ATEWAY Common Problems If you are having problems, you may find the answers here. Problem Possible Cause Solution When using the internal AAA The internal AAA login server Enable communications with login Web server, you cannot communicates with Authorize.Net on port 1111. communicate with Authorize.Net on a specified Authorize.Net.
  • Page 321 (if different). DNS is misconfigured in the Check the DNS settings (host, Access Gateway. domain, and the primary, secondary, and tertiary DNS). Troubleshooting...
  • Page 322 CCESS ATEWAY This page intentionally left blank. Troubleshooting...

  • Page 323: Contact Information

    (if the problem is related to the Access Gateway). Additionally, you should check with your network documentation to verify that the network components are functioning correctly.
  • Page 324 CCESS ATEWAY This page intentionally left blank.

  • Page 325: Glossary Of Terms

    10/100 Ethernet See Ethernet. (Authentication, Authorization, and Accounting) A combination of commands used by Nomadix Gateways to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. When a subscriber logs into the system, their unique MAC address is placed into an authorization table. The system then authenticates the subscriber’s MAC address and billing information before allowing them to access the Internet and make online...
  • Page 326 (ACKnowledgment) If all the transmitted data is present and correct, the receiving device sends an ACK signal, which acts as a request for the next data packet. Adaptive Configuration Technology A Nomadix, Inc. patented technology that enables Dynamic Address Translation. See also, DAT. ad-hoc mode 802.11x networking framework in which devices or stations communicate directly with each other, without the use of an Access Point (AP).
  • Page 327 (permanent) IP addresses, or subscribers that do not have DHCP functionality on their computers. DAT is a Nomadix, Inc. patented technology that allows all users to obtain network access, regardless of their computer’s network settings. See also, DHCP.
  • Page 328 CCESS ATEWAY Dynamic IP Address A temporary IP address that is assigned by the DHCP server to a device. Devices retain dynamic IP addresses only for the duration of their networking session. When a device disconnects from the network, the IP address is recaptured by the DHCP server and becomes available for reassignment to another device.
  • Page 329 For example, if a user in California accesses a computer in New York, the computer in New York is considered the host. (Home Page Redirection) Nomadix Gateways enable solution providers to redirect subscribers to a “portal” home page of their choice. This allows the solution provider to generate online advertising revenues and increase business Home Page.
  • Page 330 In particular, the IEEE 802 standards for Local Area Networks are widely followed. iNAT™ (Intelligent Network Address Translation) Nomadix’ iNAT™ feature creates an intelligent mapping of IP addresses and their associated tunnels allowing multiple tunnels to be established to the same server—creating a...
  • Page 331 Whenever a subscriber logs on, your Nomadix Gateway automatically translates their computer’s network settings to provide them with seamless access to the broadband network. Subscribers no longer need to alter their computer’s settings. See also,...
  • Page 332 Misconfigured User A Nomadix, Inc. term used to describe users who have IP address configurations that are different from the current network. For example, if the current network is 123.45.67.89 but the user’s IP address is 10.10.10.15, then this user is considered to be “misconfigured.”...
  • Page 333 CCESS ATEWAY Packet Switching Network Refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at its destination, they are recompiled into the original message.
  • Page 334 CCESS ATEWAY Protocol A standard process consisting of a set of rules and conditions that regulates data transmissions between computing devices. Some examples of protocols include HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), TCP/IP (Transmission Control Protocol/Internet Protocol), and POP (Post Office Protocol). All these protocols are responsible for regulating the transmission of their specific data file types.
  • Page 335 Normally, a solution provider is offering a solution that isn’t readily available on the open market. For example, NOMADIX™ is a solution provider to its customers (broadband network service providers), and those customers are solution providers to their end users (network subscribers).
  • Page 336 CCESS ATEWAY Subnet Address The subnet portion of an IP address that is dedicated to the subnet. In a subnetted network, the host portion of an IP IP Address address is split into a subnet portion and a host portion using an address (subnet) mask. See also, Subnet.
  • Page 337 CCESS ATEWAY Tunneling A technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsoft's PPTP technology enables organizations to use the Internet to transmit data across a Virtual Private Network (VPN). It does TCP/IP this by embedding its own network protocol within the TCP/IP packets carried by the Internet.
  • Page 338 HTML. For example, XML supports links that point to multiple documents, as opposed to HTML links, which can reference just one destination each. For all Nomadix Gateways, XML is used by the subscriber management module for port location and user administration. Enabling the XML interface allows your Nomadix Gateway to accept and process XML commands from an external source.
  • Page 339 ARP tables connections adding entries choosing deleting entries types of authentication 5, connectivity authorization 56, contacting NOMADIX and billing Copyright auto configuration Credit Card bandwidth management 8, basic configuration DAT 4, billing DAT sessions process data...
  • Page 340 External Web Server 11, time formats inputting data in-room port mapping factory settings Installation importing powering up the Access Gateway fail over options workflow firmware interfaces updating Internal Web Server foreign language support 14, 201, Internal Web server...
  • Page 341 Portal Page messages portal page redirect Port-based billing policies 60, installing enabling Mirroring billing records Port-Location menu multi-level administration 15, post session user interface multiple subnets powering down powering up the Access Gateway Authentication Network Access Identifier Echo Request...
  • Page 342 Public Key File SMTP redirection SNMP communities SNMP manager Quick Reference Guide SNMP parameters Configuration menu SNMP support default configuration settings SNMPv2c Nomadix MIB Main page sockets Network Info menu Port-Location menu SSL 18, product specifications setting up Subscriber Administration menu...
  • Page 343 CCESS ATEWAY subscriber interfaces Telnet client blocking time Subscriber Login Trademarks Subscriber Management transparent connectivity configuration transparent proxy models Tri-Mode subscriber messages troubleshooting subscriber profiles common problems adding error messages deleting all expired hints and tips deleting by MAC deleting by user displaying 186, UDP statistics finding by MAC...
  • Page 344 CCESS ATEWAY...

This manual is also suitable for:

Ag5600Ag 3100Ag 5500Ag 2300

Table of Contents