1. Manuals
  2. Brands
  3. Nomadix Manuals
  4. Gateway
  5. HotSpot
  6. User manual

Nomadix HotSpot User Manual

Gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual

Advertisement

Table of Contents
loading

Related Manuals for Nomadix HotSpot

Summary of Contents for Nomadix HotSpot

  • Page 2 HotSpot Gateway Copyright © 2005 Nomadix, Inc. All Rights Reserved. This product also includes software developed by: The University of California, Berkeley and its contributors; Carnegie Mellon University, Copyright © 1998 by Carnegie Mellon University All Rights Reserved; Go Ahead Software, Inc., Copyright ©...
  • Page 3 ATEWAY Trademarks symbol, , and Nomadix Service Engine™ are trademarks of Nomadix, Inc. All other trademarks and brand names are marks of their respective holders. Patent Information Covered by one or more of the following U.S. and foreign patents: US6,789,110,...
  • Page 4 ATEWAY NOTIFICATIONS This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
  • Page 5 ATEWAY CAUTION WARNING Read the instruction manual prior to operation. Risk of electric shock; do not open; no user- serviceable parts inside. ATTENTION AVERTISSEMENT Lire le mode d’emploi avant utilisation. Risque de choc electrique; ne pas ouvrir; ne pas tenter de demontre l’appareil. ACHTUNG Lesen Sie das Handbuch bevor Sie das Gerät in WARNUNG...
  • Page 6 ATEWAY This page intentionally left blank.

  • Page 7: Table Of Contents

    Table of Contents Introduction ......................1 About this User’s Guide ..................... 1 Organization ....................... 1 Welcome to the Nomadix HotSpot Gateway ............. 2 Product Configuration and Licensing..............3 Key Features and Benefits..................4 Platform Reliability ..................... 4 Local Content and Services................. 5 Transparent Connectivity..................
  • Page 8 Secure XML API....................19 Session Rate Limiting (SRL) ................20 Session Termination Redirect ................20 Smart Client Support..................20 SNMP Nomadix Private MIB ................20 Tri-Mode Authentication..................21 URL Filtering ..................... 21 Walled Garden ....................21 Web Management Interface ................21 Optional NSE Modules .....................
  • Page 9 ATEWAY Archiving Your Configuration Settings ..............56 Installing the Nomadix Private MIB ................ 56 Chapter 2: System Administration..............57 Choosing a Remote Connection ................57 Using the Web Management Interface (WMI) ..........58 Using an SNMP Manager ................. 59 Using a Telnet Client..................59 Logging In ........................
  • Page 10 ATEWAY Enabling Dynamic Multiple Subnet Support (Subnets) ........130 Displaying Your Configuration Settings {Summary}........132 Setting the System Date and Time {Time}............133 Setting Up URL Filtering {URL Filtering} ............135 Enabling Secure Management {VPN Tunnel} ..........136 Network Info Menu ....................138 Displaying ARP Table Entries {ARP}..............
  • Page 11 ATEWAY Viewing RADIUS Proxy Accounting History {RADIUS Session History}..178 Displaying Current Profiles and Connections {Statistics} ......179 Subscriber Interface Menu ..................180 Defining the Billing Options {Billing Options}..........180 Duration-based Billing Plans ..............180 Setting Up a “Normal” Billing Plan............185 Setting Up an X over Y Billing Plan ............
  • Page 12 Authentication-Request ..................277 Authentication-Reply (Accept) ................. 278 Accounting-Request ..................279 Selected Detailed Descriptions ................ 280 Nomadix Vendor Specific Attributes ..............282 Setting Up the SSL Feature ..................283 Prerequisites ....................283 Obtain a Private Key File (cakey.pem)............284 Installing Cygwin and OpenSSL on a PC ............285 Private Key Generation ...................
  • Page 13 ATEWAY Setting Up the Portal Page................299 Mirroring Billing Records ..................300 Sending Billing Records .................. 300 XML Interface ....................301 XML for the External Server..............301 HSG to External Server: ................301 Example of a Negative Acknowledgement: ..........303 Format for each Field:................
  • Page 14 ATEWAY This page intentionally left blank. viii Table of Contents...

  • Page 15: Introduction

    Nomadix, Inc. directly. Appendix B: Addendum. The Addendum provides information and procedures that will enable system administrators to configure and use the specific features introduced in the 1.3 Maintenance, 1.3 M+ and 1.4 releases for the Nomadix HotSpot Gateway (HSG). Introduction...

  • Page 16: Welcome To The Nomadix Hotspot Gateway

    User’s Guide. Welcome to the Nomadix HotSpot Gateway The Nomadix HotSpot Gateway (HSG) is a freestanding, fully featured network appliance that enables public access service providers to offer broadband Internet connectivity to their customers.

  • Page 17: Product Configuration And Licensing

    ATEWAY Product Configuration and Licensing All Nomadix Access Gateway products, including the HSG, are powered by our patented and patent-pending suite of embedded software, called the Nomadix Service Engine™ (NSE). The HSG employs our NSE core software package with the option to purchase additional modules to expand the product’s functionality.

  • Page 18: Key Features And Benefits

    ATEWAY Key Features and Benefits The HSG addresses the specific needs of the public access HotSpot, making it an excellent choice for mid-sized venue deployments. The HSG supports up to 50 simultaneous users, with the option to purchase two additional 50 count upgrades of 50 users per upgrade for a maximum of 150 simultaneous users.

  • Page 19: Local Content And Services

    Web site to securely sign up for service or log in if they have a pre- existing account. Allows the provider or HotSpot owner to present their customers with local services or have the user sign up for service at zero expense.

  • Page 20: Billing Enablement

    The HSG ensures that all traffic to the Internet is blocked until authentication has been completed, creating an additional level of security in the network. Also, allows HotSpot operators to create their own unique “walled garden,” enabling users to access only certain predetermined Web sites before they have been authenticated.

  • Page 21: Security

    Session Rate Limiting (SRL) feature, and MAC filtering for improved network reliability. 5-Step Service Branding A network enabled with the Nomadix HSG (or any other Nomadix Access Gateway) offers a 5-Step service branding methodology for public access operators and their partners, comprising: Initial Flash Page branding.

  • Page 22: Nse Core Functionality

    ATEWAY NSE Core Functionality Powering Nomadix’ family of Access Gateways, the Nomadix Service Engine (NSE) delivers a full range of features needed to successfully deploy Wi-Fi public access networks. These “core” features solve issues of connectivity, security, billing, and roaming in a Wi-Fi public access network.

  • Page 23: Access Control

    With the Nomadix Information and Control Console (ICC) feature enabled, subscribers can increase or decrease their own bandwidth dynamically (by the minute, or on an hourly, daily, weekly, or monthly basis), and also adjust the pricing plan for their service (see graphic).

  • Page 24: Bridge Mode

    The Command Line Interface (CLI) is a character-based user interface that can be accessed remotely or via a direct cable connection. Until your Nomadix product is up and running on the network, the CLI is the Network Administrator’s window to the system.

  • Page 25: End User Licensee Count

    Take advantage of the comprehensive Nomadix XML API to implement more complex billing plans. Recycle existing Web page content for the centrally hosted portal page. If you choose to use the EWS interface, Nomadix Technical Support can provide you with sample scripts. See also, “Contact Information” on page 312.

  • Page 26: Inat

    ATEWAY iNAT™ Nomadix invented a new way of intelligently supporting multiple VPN connections to the same termination at the same time (iNAT™), thus solving a key problem of many public access networks. Nomadix’ patent-pending iNAT™ (intelligent Network Address Translation) feature contains an advanced, real-time translation engine that analyzes all data packets being communicated between the private address realm and the public address realm.

  • Page 27: Information And Control Console

    When providers or HotSpot owners do not want to develop their own content, the IWS is the answer. A banner at the top of each IWS page is configurable and contains the customer's company logo or any other image file they desire.

  • Page 28: International Language Support

    ATEWAY International Language Support The NSE allows you to define the text displayed to your users by the IWS without any HTML or ASP knowledge. The language you select determines the language encoding that the IWS instructs the browser to use. See also, “Internal Web Server”...

  • Page 29: Mac Filtering

    ATEWAY MAC Filtering MAC Filtering enhances Nomadix' access control technology by allowing system administrators to block malicious users based on their MAC address. Up to 50 MAC addresses can be blocked at any one time. See also, “Session Rate Limiting (SRL)”...

  • Page 30: Port Mapping

    Optionally, the RADIUS authentication process and FTP download can be secured by sending the traffic through a peer-to-peer IPSec tunnel established by the Nomadix gateway and terminated at the NOC (Network Operations Center). See also, “Secure...

  • Page 31: Radius Proxy

    ATEWAY RADIUS Proxy The RADIUS Proxy feature relays authentication and accounting packets between the parties performing the authentication process. Different realms can be set up to directly channel RADIUS messages to the various RADIUS servers. This functionality can be effectively deployed to: Support a wholesale WISP model directly from the edge without the need for any centralized AAA proxy infrastructure.

  • Page 32: Secure Management

    Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on the subscriber side of the Nomadix gateway. See also, “Enabling Secure Management {VPN Tunnel}”...

  • Page 33: Secure Socket Layer (Ssl)

    XML enables solution providers to customize and enhance their product installations. This feature allows the operator to use Nomadix' popular XML API using the built-in SSL certificate functionality in the NSE so that parameters passed between the Gateway and the centralized Web server are secured via SSL.

  • Page 34: Session Rate Limiting (Srl)

    Adjungo Networks, Boingo Wireless, GRIC and iPass. SNMP Nomadix Private MIB Nomadix’ Access Gateways can be easily managed over the Internet with an SNMP client manager (for example, HP OpenView or Castle Rock). To take advantage of the functionality provided with Nomadix’ private MIB...

  • Page 35: Tri-Mode Authentication

    For example, in addition to supporting the secure browser-based Universal Access Method (UAM) via SSL, Nomadix is the only company to simultaneously support port-based authentication using IEEE 802.1x and authentication mechanisms used by Smart Clients.

  • Page 36: Optional Nse Modules

    Your product license may not support this feature. The optional Wholesale Roaming Module provides advanced NAI (Network Access Identifier) routing capabilities, enabling multiple service providers to share a HotSpot location, further supporting a Wi-Fi wholesale model. This functionality allows users to interact only with their chosen provider in a seamless and transparent manner.

  • Page 37: Optional Standalone Applications

    ATEWAY Optional Standalone Applications The following supplemental applications—delivered on a separate CD-ROM—are available from Nomadix: Meeting Room Scheduler (MRS) If you have purchased the NSE’s optional Hospitality Module, our Meeting Room Scheduler (MRS) application can further enhance your product’s integration into the hospitality environment.

  • Page 38: Network Architecture (Sample)

    ATEWAY Network Architecture (Sample) Introduction...

  • Page 39: Product Specifications

    ATEWAY Product Specifications Specifications ERFORMANCE User Support: 50 users concurrently, with option to expand (up to 150 users) Throughput: 75Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL Dimensions: 1U, free standing 8.66 (W) x 10.00 (D) x 1.75 (H) inches 220 (W) x 254 (D) x 44 (H) mm Weight: 4.05 pounds (1.84 Kg)

  • Page 40: Online Help (Webhelp)

    ATEWAY Specifications LED I NDICATORS ACT/LINK and 10/100 for each Ethernet port Power ETWORK ANAGEMENT Multi-Level Administration Controls Access Control Lists Web Administration UI SNMP XML API CLI via Telnet and Serial Port Online Help (WebHelp) The HSG incorporates an online Help system called “WebHelp” which is accessible through the Web Management Interface (when a remote Internet connection is established following a successful installation).

  • Page 41: Notes, Cautions, And Warnings

    ATEWAY Notes, Cautions, and Warnings The following symbols are used throughout this User’s Guide: This symbol is used for general notes and additional information that may be useful to you. This symbol is used for cautions and warnings. Cautions and warnings provide important information to eliminate the risk of a system malfunction or possible damage.
  • Page 42 ATEWAY This page intentionally left blank. Introduction...

  • Page 43: Chapter 1: Installing The Hsg

    Logging Out and Powering Down the System Connecting the HSG to the Customer’s Network Establishing the Basic Configuration for Subscribers Archiving Your Configuration Settings Installing the Nomadix Private MIB See also “Installation Workflow” on page 31.. Once you have installed your HSG and established the configuration settings, you should write the settings to an archive file.

  • Page 44: Unpacking The Hsg

    DB9 female-to-female serial connector/cable (6 ft. length), for establishing a direct serial connection with the HSG. “Accessories” CD-ROM (containing this User’s Guide, README file, NOMADIX Enterprise MIB file, and any other useful accessories. Quick Start Guide End User License Agreement (EULA)

  • Page 45: Installation Workflow

    When prompted, accept to the Nomadix End User License Agreement (EULA). You must accept the EULA before the HSG can connect with the Nomadix License Key Server. When the key is successfully received from the server, your HSG will reboot. You can now power down and connect the HSG to the customer’s network.

  • Page 46: Powering Up The System

    ATEWAY Powering Up the System Use this procedure to establish a direct cable connection between the HSG and your laptop computer, and to power up the system. Place the HSG on a flat and stable work surface. Connect the power cord. Connect the DB9 female-to-female serial cable (6 ft.

  • Page 47: Logging In To The Command Line Interface

    HSG’s management interface successfully. If this is an initial installation which requires the HSG to receive a license key from the Nomadix License Key Server, you must accept the Nomadix End User License Agreement (EULA).
  • Page 48 ATEWAY Installing the HSG...

  • Page 49: The Management Interfaces (Cli And Web)

    ATEWAY The Management Interfaces (CLI and Web) The HSG supports various methods for managing the system remotely. These include, an embedded graphical Web Management Interface (WMI), an SNMP client, or Telnet. However, until the unit is installed and running, system management is performed from the HSG’s embedded CLI via a direct serial cable connection.

  • Page 50: Menu Organization (Web Management Interface)

    ATEWAY Menu Organization (Web Management Interface) When you have successfully installed and configured the HSG from the CLI, you can then access the HSG from its embedded Web Management Interface (WMI). The WMI is easier to use (point and click) and includes some items not found in the CLI. You can use either interface, depending on your preference.
  • Page 51 ATEWAY Note: Your browser preferences or Internet options should be set to compare loaded pages with cached pages. Installing the HSG...

  • Page 52: Inputting Data - Maximum Character Lengths

    ATEWAY Inputting Data – Maximum Character Lengths The following table details the maximum allowable character lengths when inputting data: Data Field Max. Characters All Messages (billing options) All Messages (subscriber error messages) All Messages (subscriber login UI) All Messages (subscriber “other” messages) Description of Service (billing options Plan) Home Page URL Host Name and Domain Name (DNS settings)

  • Page 53: Online Documentation And Help

    Help system Other online documentation resources, available from our corporate Web site (www.nomadix.com), include a full PDF version of this User’s Guide (viewable with Acrobat™ Reader, version 4.0 or higher), white papers, technical notes, and business cases. The PDF version of this User’s Guide and associated README files are also available on the “Accessories”...

  • Page 54: Quick Reference Guide

    ATEWAY Quick Reference Guide This manual contains a “Quick Reference Guide” on page 257 which provides information to help you navigate and use the management interfaces (CLI and Web) quickly and efficiently. It also contains the product specifications, a listing of the factory default settings, sample log reports, listings of commands (by menu and alphabetical), HyperTerminal settings, and some common keyboard shortcuts.
  • Page 55 ATEWAY Assigning the Location Information and IP Addresses: Assigning the Network Interface IP Address – This is the public IP address that allows administrators and subscribers to see the HSG on the network. Use this address when you need to make a network connection with the HSG.

  • Page 56: Assigning Login User Names And Passwords

    ATEWAY Assigning Login User Names and Passwords When you initially powered up the HSG and logged in to the Management Interface, the default login user name and password you used was “admin.” The HSG allows you to define 2 concurrent access levels to differentiate between managers and operators, where managers are permitted read/write access and operators are restricted to read access only.

  • Page 57: Setting The Snmp Parameters (Optional)

    Sample Screen Response Configuration>sn Enable the SNMP Daemon? [Yes]: Enter new system contact: newname@domainname.com [Nomadix, Westlake Village, CA] Enter new system location: Office, Westlake Village, CA Enter read/get community[public ]: Enter write/set community[private]: Enter IP of trap recipient[0.0.0.0 ]: 10.11.12.13...

  • Page 58: Enabling The Logging Options (Recommended)

    ATEWAY Enabling the Logging Options (recommended) System logging creates log files and error messages generated at the system level. AAA logging creates activity log files for the AAA (Authentication, Authorization, and Accounting) functions. You can enable either of these options. Although the AAA and billing logs can go to the same server, we recommend that they have their own unique server ID number assigned (between 0 and 7).
  • Page 59 ATEWAY Enter system server IP [0.0.0.0]: 8.9.10.11 Enable/disable system log savefile [disabled]: enable Enable/disable AAA logging [disabled]: enable Enter AAA number (0-7) [0]: Enter AAA log filter Enter AAA server IP [0.0.0.0]: 9.10.11.12 Enable/disable log save to file [disabled]: enable Enable/disable RADIUS History log [disabled]: enable...
  • Page 60 ATEWAY System Report log Save to file Disabled Tracking logging Enabled Tracking log number Tracking log server IP 8.9.10.11 Tracking log Save to file Disabled Installing the HSG...

  • Page 61: Assigning The Location Information And Ip Addresses

    IP address (the default is 10.0.0.11). The IP addresses from subscribers that are on a subnet different from the HSG (for example, misconfigured) are translated by Nomadix’ Dynamic Address Translation (DAT) patented technology to the Subscriber IP Address Enter a valid subscriber interface IP address.
  • Page 62 ATEWAY Enter a valid subnet mask. After assigning the subnet mask, the system displays the current default gateway IP address (the factory default is 10.0.0.1). This is the IP address of the router that the HSG uses to transmit data to the Internet. Enter a valid default gateway IP address.
  • Page 63 ATEWAY 25. Other Please enter a number from the above list [ 1]: Select Network Interface Configuration Mode: 0 - Static 1 - DHCP Client 2 - PPPoE Client Select the Network Interface Configuration Mode: [0]: Enter network interface IP Enter subnet mask Enter default gateway IP Please enter your ISO country code...

  • Page 64: Logging Out And Powering Down The System

    ATEWAY Logging Out and Powering Down the System Use this procedure to log out and power down the HSG. Enter (logout) at the HSG Menu. Your serial session closes automatically. Sample Screen Response HSG >l Serial session 1 closing Turn off the HSG and disconnect the power cord. Disconnect the serial cable between the HSG and your computer.

  • Page 65: Connecting The Hsg To The Customer's Network

    ATEWAY Connecting the HSG to the Customer’s Network Use this procedure to connect the HSG to the customer’s network (after the start up configuration parameters have been established). Choose an appropriate physical location that allows a minimum clearance of 4cm either side of the unit (for adequate airflow).

  • Page 66: Establishing The Basic Configuration For Subscribers

    ATEWAY Establishing the Basic Configuration for Subscribers When you have successfully established the start up configuration and installed the unit onto the customer’s network, connect to the HSG via Telnet. You must now set up the basic configuration parameters for subscribers, including: Setting the DHCP Options –...
  • Page 67 ATEWAY When assigning a DHCP Relay Agent IP address for the DHCP Relay, ensure that the IP address you use does not conflict with devices on the network side of the HSG. Although you cannot enable the DHCP relay and the DHCP service at the same time, it is possible to “disable”...

  • Page 68: Setting The Dns Options

    Enter (dns) at the Configuration menu. The system displays the current domain (the default is “nomadix”). Enter a valid domain name (the Internet domain that DNS requests will utilize). Enter the host name (the DNS name of the HSG). The host name must not contain any spaces.
  • Page 69 ATEWAY You must now reboot the system for your settings to take effect. Enter (yes) to reboot the HSG. Sample Screen Response Configuration>dn Enter domain [domainname ]: newdomainname Enter host name <no spaces>[dnshostname]: newhostname Enter primary DNS[0.0.0.2 ]: 20.21.22.23 Enter secondary DNS[0.0.0.0 ]: 21.22.23.24 Enter tertiary DNS[0.0.0.0 ]: 22.23.24.25...

  • Page 70: Archiving Your Configuration Settings

    Installing the Nomadix Private MIB The Nomadix Private MIB is supplied on the “Accessories” CD-ROM, delivered with your HSG. After importing the nomadix.mib file from the CD-ROM you will be able to view and manage SNMP objects on your HSG.

  • Page 71: Chapter 2: System Administration

    ATEWAY System Administration This chapter provides all the instructions and procedures necessary for system administrators to manage the HSG on the customer’s network (after a successful installation). The system administration procedures in this chapter are organized as they are listed under their respective Web Management Interface (WMI) menus: Configuration Menu Network Info Menu...

  • Page 72: Using The Web Management Interface (Wmi)

    ATEWAY Using the Web Management Interface (WMI) The Web Management Interface (WMI) is a “graphical” version of the Command Line Interface, comprised of HTML files. The HTML files are embedded in the HSG and are dynamically linked to the system’s functional command sets. You can access the WMI from any Web browser.

  • Page 73: Using An Snmp Manager

    Management Information Base (MIB). SNMP enables managers and agents to communicate with each other for the purpose of accessing these MIBs and retrieving data. See also, “Installing the Nomadix Private MIB” on page The following example shows a (partial) SNMP screen response. Using a Telnet Client There are many Telnet clients that you can use to connect with the HSG.

  • Page 74: Logging In

    About Your Product License Some features included in this chapter will not be available to you unless you have purchased the appropriate product license from Nomadix. In this case, the following statement will appear either immediately below the section heading or when the feature is mentioned in the body text.
  • Page 75 ATEWAY The Authentication, Authorization, and Accounting Settings screen appears: System Administration...
  • Page 76 ATEWAY Continued... Enable or disable . If you enable AAA Services, go to Step 3, AAA Services otherwise this feature is disabled and you can exit the procedure. Enable or disable the , as required. XML Interface XML (eXtensible Markup Language) is used by the HSG’s subscriber management module for port location and user administration.
  • Page 77 ATEWAY Enable or disable Print Billing Command , as required. This feature enables NSE to support Driverless Print servers. If this feature is enabled, you must enable the XML interface and enter the IP address for the XML interface (Step 3 and Step 4).
  • Page 78 ATEWAY If AAA passthrough is enabled, enter the corresponding port number. The port number must be different than 80, 2111, 1111, or 1112. Enable or disable the feature, as required. 802.1x Authentication Support Both AAA and RADIUS Authentication must be enabled for 802.1x Authentication support.

  • Page 79: Enabling Aaa Services With The Internal Web Server

    ATEWAY Depending on which authorization mode you choose, go to the following sub- sections in this procedure: Enabling AAA Services with the Internal Web Server – The IWS is “flashed” into the system’s memory and the subscriber’s login page is served directly from the HSG.
  • Page 80 Adding SSL support to the HSG requires service providers to obtain digital certificates from VeriSign™ to create HTTPS pages. Instructions for obtaining certificates are provided by Nomadix. To enable SSL Support, your HSG’s flash must include the server.pem, cakey.pem, and cacert.pem certificate files (the “cacert.pem” file is provided with your HSG).
  • Page 81 ATEWAY If you want to designate a portal page, you must enable the Portal Page feature, otherwise leave this feature disabled. The Portal Page IP or DNS address are added to the IP passthrough list automatically. If you enabled the Portal Page feature, provide the following supporting information: Portal Page URL Parameter Passing (enabled or disabled)
  • Page 82 The HSG is configured to use either Authorize.net or Chainfusion (selected from a pull-down menu). You will need to open a merchant account with Authorize.net, Chainfusion or Datacenter (Luxembourg) before this feature can be used. Please contact Nomadix Technical Support for assistance. Refer to “Contact Information” on page 312.

  • Page 83: Enabling Aaa Services With An External Web Server

    ATEWAY You can assign a session idle timeout parameter for subscribers (see following note). To assign an idle timeout, simply enter a numeric value (in seconds) in the box (the default is 1200). Subscriber Idle Timeout Subscriber Idle Timeout does not apply to RADIUS subscribers. If you enabled or disabled SSL Support on this screen, you must click the check box for (the HSG must be rebooted every...

  • Page 84: Establishing Secure Administration {Access Control

    ATEWAY Establishing Secure Administration {Access Control} The HSG allows you to block administrator access to interfaces (Telnet, WMI and FTP) and incorporates a master access control list that checks the source (IP address) of administrator logins. A login is permitted only to the interfaces that have not been blocked, and only if a match is made with the master “Source IP”...
  • Page 85 Do not enable the blocking of all interfaces without setting up and enabling SNMP. Enabling the blocking of all interfaces and disabling SNMP will completely block access to the HSG administration interface. For assistance, contact Nomadix Technical Support. Click the check box for...
  • Page 86 ATEWAY Click on the button to remove the IP address (or range of IP addresses) Remove from the list. If you enabled Access Control and have “locked yourself out,” of the system (for example, because you’ve forgotten your password), you must establish a local serial connection with the CLI to disable the Access Control feature, or change the range of allowed IP addresses to access the management interfaces.

  • Page 87: Defining Automatic Configuration Settings {Auto Configuration

    ATEWAY Defining Automatic Configuration Settings {Auto Configuration} The HSG allows you to define parameters to enable the automatic configuration of the system. See also, “RADIUS-driven Auto Configuration” on page From the Web Management Interface, click on Configuration , then Auto Configuration.

  • Page 88: Enabling Auto Configuration

    Nomadix devices: A flow of RADIUS Authentication Request and Reply messages between the Nomadix gateway and the centralized RADIUS server that specifies the location of the meta configuration file (containing a listing of the individual configuration files and their download frequency status) are downloaded from an FTP server into the flash of the Nomadix device.
  • Page 89 Setup Username and Password for RADIUS Authentication. Administrative Steps to Enable Auto-Config for the NOC Administrator Add NAS IP address. Add Nomadix Auto-Config VSA to the Nomadix dictionary file on the RADIUS server. Create a RADIUS profile with the configuration VSA.
  • Page 90 ATEWAY The Nomadix device will automatically initiate one reboot to enable the new settings. Configuration updates for network maintenance can be accomplished by simply enabling the Auto-Configuration option and rebooting the device (for example, using SNMP). See also, “Defining Automatic Configuration Settings {Auto Configuration}”...

  • Page 91: Setting Up Bandwidth Management {Bandwidth Management

    ATEWAY Setting Up Bandwidth Management {Bandwidth Management} The HSG allows system administrators to manage the bandwidth for subscribers, defined in Kbps (Kilobits per seconds) for both upstream and downstream data transmissions. With the ICC feature enabled, subscribers can increase or decrease their own bandwidth dynamically (by the minute, or on an hourly, daily, weekly, or monthly basis), and also adjust the pricing plan for their service.

  • Page 92: Establishing Billing Records "Mirroring" {Bill Record Mirroring

    ATEWAY Establishing Billing Records “Mirroring” {Bill Record Mirroring} The Bill Record Mirroring feature contained in the Credit Card and Hospitality optional modules is optional. Your product license may not support this feature. The HSG can send copies of credit card transaction to external servers that have been previously defined by system administrators.
  • Page 93 ATEWAY If you want to enable the billing records “mirroring” functionality for credit card transactions (and you have purchased the appropriate product license), click on the check box for Enable/Disable Mirroring. Enter the property identification code in the field. Property ID Enter the communication parameters for the primary server that is to be used for mirroring, including: Primary IP...

  • Page 94: Managing The Dhcp Service Options {Dhcp

    ATEWAY Managing the DHCP Service Options {DHCP} When a device connects to the network, the DHCP server assigns it a “dynamic” IP address for the duration of the session. Most users have DHCP capability on their computer. To enable this service on the HSG, you can either enable the DHCP relay (routed to an external DHCP server IP address), or you can enable the HSG to act as its own DHCP server.
  • Page 95 ATEWAY Nomadix’ patented Dynamic Address Translation (DAT) functionality is automatically configured to facilitate “plug-and-play” access to subscribers who are misconfigured with static (permanent) IP addresses, or subscribers that do not have DHCP capability on their computers. DAT allows all users to obtain network access, regardless of their computer’s network settings.
  • Page 96 ATEWAY If required, enable the feature. IP Upsell System administrators can set two different DHCP pools for the same physical LAN. When DHCP subscribers select a service plan with a public pool address, the HSG associates their MAC address with their public IP address for the duration of the service level agreement.
  • Page 97 ATEWAY Enter the DHCP Server Netmask Enter the starting and ending IP addresses for the DHCP address pool you want to use: DHCP Pool Start IP DHCP Pool Stop IP Enter the DHCP Lease Minutes Select , as required. Public Pool Private Pool A “public”...

  • Page 98: Managing The Dns Options {Dns

    ATEWAY Managing the DNS Options {DNS} DNS allows subscribers to enter meaningful URLs into their browsers (instead of complicated numeric IP addresses) by automatically converting the URLs into the correct IP addresses. You can assign a primary, secondary, or tertiary (third) DNS server.
  • Page 99 ATEWAY Enter the IP addresses for the DNS servers (located at the customer’s network operating center where DNS requests are sent). Servers include: Primary DNS Server Secondary DNS Server Tertiary DNS Sever The secondary and tertiary DNS servers are only utilized if the primary DNS server is unavailable.

  • Page 100: Configuring Dynamic Dns {Dynamic Dns

    ATEWAY Configuring Dynamic DNS {Dynamic DNS} These settings can be accessed under the following menus: WMI Configuration Go to Configuration->Dynamic DNS CLI Configuration Go to Configuration->dyndns Go to Configuration->dyndns->configure for configurations SNMP Configuration Go to ag->dyndns (enterprises.3309.1.3.50) for DDNS configuration branch System Administration...
  • Page 101 ATEWAY Enable Checkbox This is the checkbox to enable or disable the Dynamic DNS functionality Provider Information This is to specify provider details. Currently only dyndns.org is supported. Protocol the vendor supports. Server and Port to which the client sends updates to the DDNS server. Account Information The Host Name is the DDNS name mapped to the client IP address;...

  • Page 102: Gre Tunneling {Gre Tunneling

    ATEWAY GRE Tunneling {Gre Tunneling} Use the following procedure to set the GRE Tunneling options. From the Web Management Interface, click , then Configuration Gre Tuneling The GRE Tuneling screen appears: Click the checkbox for GRE Tunneling to enable this feature. Enter the VPN Concentrator IP Address.

  • Page 103: Setting The Home Page Redirection Options {Home Page Redirect

    ATEWAY Setting the Home Page Redirection Options {Home Page Redirect} This procedure shows you how to redirect the subscriber’s browser to a specified home page. Subscribers may also be redirected to a page specified by the solution provider, without any interaction with the credit card authentication process. You must configure DNS if you want to enter meaningful URLs instead of numeric IP addresses into any of the HSG’s configuration screens.
  • Page 104 ATEWAY If required, click on the check box for Parameter Passing Parameter passing allows the HSG to track a subscriber’s initial Web request (usually their home page) and pass the information on to the solution provider. The solution provider uses this information to ensure that the subscriber can return to their home page easily.

  • Page 105: Enabling Intelligent Address Translation (Inat)

    Our patent-pending iNAT™ feature contains an advanced, real-time translation engine that analyzes all data packets being communicated between the private and public address domains. The Nomadix iNAT engine performs a defined mode of network address translation based on packet type and protocol (for example, GRE, IKE etc…).

  • Page 106: Defining Ipsec Tunnel Settings {Ipsec

    ATEWAY Defining IPSec Tunnel Settings {IPSec} From the Web Management Interface, click on Configuration, then IPSec (You can also access IPSec from the CLI by going to Configuration->IPSec to configure settings, and Network Info->IPSec to view IPSec Tunnel status.) The IPSEC Tunnel Settings screen appears: To enable this feature, click on the Enable IPSEC check box.

  • Page 107: Ipsec Tunnel Peers

    ATEWAY IPSec Tunnel Peers System Administration...
  • Page 108 ATEWAY Tunnel Peer IP address of peer Peer Authentication Method Choice of Pre-shared key or X.509 certificates Enter the Pre-shared Key in the Shared Key text field if Pre-shared Key is selected Enter the filename of the private and public certificates if X.509 is selected. Note: files must exist on flash first.

  • Page 109: Ipsec Tunnel Security Policies

    ATEWAY IPSec Tunnel Security Policies System Administration...
  • Page 110 ATEWAY Tunnel Peer Address Select a Peer IP Address from the pull-down menu with which this security association is to be established. Must select a Peer if the policy is using ESP or AH. Able to select ‘none’ only if policy is a discard or bypass policy Traffic Selector Protocol To select a specific protocol via pull-down menu or protocol number...
  • Page 111 ATEWAY Security Parameters Choice of Discard, Bypass, ESP, or AH. Discard/Bypass => a select direction type ESP only => select all acceptable encryption algorithms ESP/AH => select all acceptable authentication algorithms Perfect Forward Secrecy Strength Maximum Lifetime Maximum Life size Automatic renewal Perfect Forward Secrecy checkbox - When selected, it enables PFS.

  • Page 112: Establishing Your Location {Location

    ATEWAY Establishing Your Location {Location} This command sets up your location and the corresponding IP addresses for the network interface, subscriber interface, subnet, and default gateway. You *must* provide your full location information. From the Web Management Interface, click on , then Configuration Location.
  • Page 113 ATEWAY Enter your location information in the following fields: Company Name Address (Line 1 and Line 2) City, State, Zip, and Country E-mail Address ISO Country Code Phone Country Code Calling Area Code Select the area type that most resembles your location from the drop down list. Enter a Network SSID/Zone.
  • Page 114 ATEWAY The network interface and subscriber interface addresses must be on the same subnet. Enter a valid IP address in the Subnet Mask field. The subnet mask defines the number of IP addresses that are available on the routed subnet where the HSG is located. Enter a valid default gateway IP address in the field.

  • Page 115: Managing The System And Billing Log Options {Logging

    ATEWAY Managing the Log Options {Logging} System logging creates log files and error messages generated at the system level. AAA logging creates activity log files for the AAA (Authorization, Authentication, and Accounting) functions. You can enable either of these options. Although the AAA and billing logs can go to the same server, we recommend that they have their own unique server ID number assigned (between 0 and 7).
  • Page 116 ATEWAY System Administration...
  • Page 117 ATEWAY If required, click on the check box for System Log to enable system logging. When system logging is enabled, the standard SYSLOG protocol (UDP) is used to send all message logs generated by the HSG to the specified SYSLOG server. Enter a unique number (between 0 and 7) in the System Log Number field.
  • Page 118 ATEWAY Subscriber Tracking Log Enabling this checkbox enables the Subscriber Tracking log. Use this to track the network usage of specific Subscribers on the network by receiving a syslog of every Session that is opened by each subscriber. Each new DAT session that is created for subscribers is logged in these syslogs.
  • Page 119 ATEWAY PageFaults are stored in the file named “lograw.txt” in the /flash directory and is not viewable on the web management interface. Click on the button to save your changes, or click on the button if you Submit Reset want to reset all the values to their previous state. When logging is enabled, log files and error messages are sent to these servers for future retrieval.

  • Page 120: Enabling The Meeting Room Scheduler {Meeting Room Scheduler

    Reset you want to reset all the values to their previous state. For detailed information about installing, configuring, and using the NOMADIX™ Meeting Room Scheduler application, refer to the following documentation: Meeting Room Scheduler User’s Guide (P/N 200-1007-001) Click on the...

  • Page 121: Assigning Passthrough Addresses {Passthrough Addresses

    ATEWAY Assigning Passthrough Addresses {Passthrough Addresses} The HSG allows up to 300 IP passthrough addresses and DNS names. This feature allows users to “pass through” the HSG and access predetermined services (for example, the redirected home page) at the solution provider’s discretion, even though they may not have subscribed to the broadband Internet service.
  • Page 122 IP/DNS Name you want to add or remove from the system. The system only accepts route DNS names (for example, www.nomadix.com). Do not include protocol, port, or path information. If adding this pass-through, click on the button, otherwise click on Remove to delete this pass-through from the list.

  • Page 123: Setting Up Port Locations {Port-Location

    ATEWAY Setting Up Port Locations {Port-Location} Port-Location allows you to establish the mode of operation for devices. From the Web Management Interface, click on , then Configuration Port- Location. The Port-Location Settings screen appears: System Administration...
  • Page 124 ATEWAY System administrators can set the properties for each room from the subscriber side of the HSG. The system automatically detects which port number the administrator is using and allows them to enter the fields for the room corresponding to the port they are using. If required, click on the check box for to enable this In Room Port Mapping...
  • Page 125 ATEWAY If you are using an access concentration device that cannot handle VLAN IDs, select one of the available Access Concentrator Query options: The devices in the following list must be assigned an IP address on the same subnet as the HSG. You must remove “old” concentrator types before entering new ones.
  • Page 126 ATEWAY Tut Systems RFC1493 Systems From the Cascading Support screen, you can return to the main Port-Location Settings screen at any time by pressing the button. Back Click on the button to save your changes, or click on the button if you Submit Reset want to reset all the values to their previous state.

  • Page 127: In Room Port Mapping

    ATEWAY In Room Port Mapping This section shows In Room Port Mapping from the subscriber side, when the In Room Port Mapping feature is enabled. HSG multiple VLAN tagged systems can use the same tags and be placed on different Subscriber ports. Although it is technically possible to place two different VLAN tagged switches (one on each Subscriber side) that have the same VLAN tags designated, this configuration can cause problems.
  • Page 128 ATEWAY Enter your user name and password, then click on the button. The In Room Port Mapping screen appears: Enter the room number and a description for this room. Select the access mode you want to assign to this room: Room Free Access Room For Charge Room Blocked...

  • Page 129: Defining The Radius Client Settings {Radius Client

    “Defining the AAA Services {AAA}” on page Nomadix offers an integrated RADIUS client, allowing service providers to track or bill users based on the number of connections, location of the connection, bytes sent and received, connect time, etc. The customer database can exist in a central RADIUS server, along with associated attributes for each user.
  • Page 130 ATEWAY From the Web Management Interface, click on , then Configuration RADIUS Client. The RADIUS Client Settings screen appears: Under the Server Selection options, choose the Routing Mode Disabled (to disable RADIUS authentication) Realm-Based (for Realm routing) Fixed (for routing to predefined RADIUS servers) Select the from the pull-down menu.

  • Page 131: Miscellaneous Options

    ATEWAY Miscellaneous Options In the “Miscellaneous Options” category, Enter a value for the time (in seconds) in the field. This value determines how much “idle” Default User Idle Timeout time elapses before the subscriber’s session times out and they must login again. The HSG can reauthenticate “repeat”...

  • Page 132: Defining The Radius Proxy Settings {Radius Proxy

    ATEWAY Defining the RADIUS Proxy Settings {RADIUS Proxy} A RADIUS Proxy allows the NSE to relay authentication and accounting packets between the parties performing the authentication process. Different realms can be set up to directly channel RADIUS messages to the various RADIUS servers. For additional RADIUS information, see also: “Defining the RADIUS Client Settings {RADIUS Client}”...

  • Page 133: Adding An Upstream Radius Nas

    ATEWAY Enable or disable RADIUS Proxy Services , as required, by clicking on the appropriate check box. If you enabled RADIUS Proxy Services, you must provide the Authentication Server Port and the references. Accounting Server Port Click on the button to save your changes, or click on the button if Submit Reset...
  • Page 134 ATEWAY Select the from the pull-down menu (see note). Default RADIUS Service Profile RADIUS requests originating from this Upstream NAS will be routed via the specified profile if it cannot be routed based on realm. Leave this field blank if default routing is not desired. Click on the button to add this Upstream RADIUS NAS definition, then click on the...

  • Page 135: Defining The Realm-Based Routing Settings {Realm-Based Routing

    ATEWAY Defining the Realm-Based Routing Settings {Realm-Based Routing} Use this procedure when setting up RADIUS Service Profiles (up to 10) and Realm- based Routing Policies (up to 50). For additional RADIUS information, see also: “Defining the RADIUS Client Settings {RADIUS Client}” on page 115.

  • Page 136: Adding A Radius Service Profile

    ATEWAY See also: “Adding a RADIUS Service Profile” on page 122 “Adding a Realm Routing Policy” on page 125 Adding a RADIUS Service Profile To add a RADIUS Service Profile, click on the appropriate button. The Add RADIUS Service Profile screen appears: Enter a name of your choice for this service profile in the field.
  • Page 137 ATEWAY Authentication This category requires input for enabling RADIUS authentication and requires you to define IP addresses, ports, and secret keys for the primary and secondary RADIUS servers (the secondary server is optional). Enable or disable the RADIUS Authentication Service, as required, by clicking on the check box.
  • Page 138 ATEWAY Retransmission Options This category requires you to define the data retransmission method (failover or round-robin), the retransmission frequency, and how many retransmissions the system should attempt. Select the (Failover or Round Robin). Retransmission Method Enter a value for the time (in seconds) in the field.

  • Page 139: Adding A Realm Routing Policy

    ATEWAY Adding a Realm Routing Policy Your product license may not support this feature. To add a RADIUS Service Profile, click on the appropriate button on the Realm-Based Routing Settings screen. The Add Realm Routing Policy screen appears: To make this entry the “active” entry, click on the Entry Active check box.
  • Page 140 ATEWAY Select the required from the pull-down menu. RADIUS Service Profile Click on the check box if you want to remove the Strip off routing information routing information. Click on the button to add this Realm Routing Policy. When you have completed the definition of your Realm Routing Policy, you can return to the previous screen (Realm-Based Routing Settings) by clicking on the link.

  • Page 141: Managing Smtp Redirection {Smtp

    ATEWAY Managing SMTP Redirection {SMTP} When SMTP redirection is enabled (for misconfigured or properly configured subscribers), the HSG redirects the subscriber’s E-mail through a dedicated SMTP server, including SMTP servers which support login authentication. To the subscriber, sending and receiving E-mail is as easy as it’s always been. This function is transparent to subscribers.

  • Page 142: Managing The Snmp Communities {Snmp

    ATEWAY Managing the SNMP Communities {SNMP} You can address the HSG using an SNMP client manager (for example, HP OpenView). SNMP is the standard protocol that regulates network management over the Internet. To do this, you must set up the SNMP communities and identifiers. For more information about SNMP, see “Using an SNMP Manager”...
  • Page 143 ATEWAY Enter the SNMP parameters (communities and identifiers), including: System Contact System Location Get (Read) Community Set (Write) Community Trap Community Trap Recipient IP Your SNMP manager needs this information to enable network management over the Internet. When finished, you must reboot the system for the new settings to take effect. Click on the check box for to reboot the Reboot after changes are saved?

  • Page 144: Enabling Dynamic Multiple Subnet Support (Subnets)

    ATEWAY Enabling Dynamic Multiple Subnet Support (Subnets) Nomadix’ dynamic multiple subnet support allows you to create flexible and cost- effective IP pool solutions to meet the demands of complex networks in large residential and public access networks. For example: Establish a maximum of 15 different DHCP pools for routable IP addresses at the same time.
  • Page 145 (Public Subnets Settings). To edit the “Current Public DHCP Subnets” table, go to “Managing the DHCP Service Options {DHCP}” on page For additional information about the multiple subnet feature, go to “Contact Information” on page 312 for Nomadix Technical Support. System Administration...

  • Page 146: Displaying Your Configuration Settings {Summary

    ATEWAY Displaying Your Configuration Settings {Summary} You can display a summary listing of all your current Configuration settings. To view the summary listing, go to the Web Management Interface, click on , then click on Configuration Summary. The Summary of Configuration Settings screen appears (partial screen shown here): li ti System Administration...

  • Page 147: Setting The System Date And Time {Time

    ATEWAY Setting the System Date and Time {Time} This procedure shows you how to set the system date and time. From the Web Management Interface, click on , then Configuration Time. The Set Date and Time screen appears: If required, enter the new date and time parameters in the relevant fields: Year (####) Month (1-12) Day (1-31)
  • Page 148 ATEWAY If required, enter UTC offset values for in the appropriate Hours Minutes fields and define whether this time is plus or minus from the pull-down menu. When finished, click on the button to save your changes, or click on the Submit button if you want to reset all the values to their previous state.

  • Page 149: Setting Up Url Filtering {Url Filtering

    ATEWAY Setting Up URL Filtering {URL Filtering} The HSG can restrict access to specified Web sites based on URLs defined by the system administrator. URL filtering will block access to a list of sites and/or domains entered by the administrator using the following three methods: Host IP address (for example, 1.2.3.4) Host DNS name (for example, www.yahoo.com) DNS domain name (for example, *.yahoo.com, meaning all sites under the...

  • Page 150: Enabling Secure Management {Vpn Tunnel

    Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on the subscriber side of the Nomadix gateway. The advantage of using IPSec is that all types of management traffic are supported,...
  • Page 151 ATEWAY Two subsequent events drive the secure management function of the Nomadix gateway and the devices behind it: Establishing an IPSec tunnel to a centralized IPSec termination server (for example, Nortel Contivity). As part of the session establishment process, key tunnel parameters are exchanged (for example, Hash Algorithm, Security Association Lifetimes, etc.).

  • Page 152: Network Info Menu

    ATEWAY Network Info Menu Displaying ARP Table Entries {ARP} You can display a table that shows the current status of the ARP (Address Resolution Protocol) assignments. ARP is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting.

  • Page 153: Displaying Dat Sessions {Dat

    ATEWAY Displaying DAT Sessions {DAT} The HSG provides “plug-and-play” access to subscribers who are misconfigured with static (permanent) IP addresses, or subscribers that do not have DHCP functionality on their computers. Dynamic Address Translation (DAT) allows all users to obtain network access, regardless of their computer’s network settings.

  • Page 154: Displaying The Host Table {Hosts

    ATEWAY Displaying the Host Table {Hosts} You can display a table which lists the hosts that are currently configured. This table includes the assigned host names, their corresponding IP addresses, and any aliases that may be assigned to each host. Hosts provide services to other computers that are linked to it by a network.

  • Page 155: Displaying Icmp Statistics {Icmp

    ATEWAY Displaying ICMP Statistics {ICMP} You can display the current ICMP (Internet Control Message Protocol) statistics. ICMP is a standard Internet protocol that delivers error and control messages from hosts to message requestors. These statistics are presented as a listing which details the current status of each ICMP transmission element.

  • Page 156: Displaying The Network Interfaces {Interfaces

    ATEWAY Displaying the Network Interfaces {Interfaces} You can display the network interfaces which are presented as a detailed listing of all interface communication elements and their current status. To view the Network Interfaces, go to the Web Management Interface, click on , then click on Network Info Interfaces.

  • Page 157: Displaying The Ip Statistics {Ip

    ATEWAY Displaying the IP Statistics {IP} You can display the IP (Internet Protocol) statistics which are presented as a detailed listing of all IP elements and their current status. With IP transmissions, data is broken up into packets which are then sent over the network. By using IP addressing, Internet Protocol ensures that the data reaches its destination, even though different packets may “pass through”...

  • Page 158: Displaying The Routing Tables {Routing

    ATEWAY Displaying the Routing Tables {Routing} You can display the current Routing Tables, including any dynamically generated routes, unreachable routes, or wildcard routes. To view the Routing Tables, go to the Web Management Interface, click on Network Info , then click on Routing.

  • Page 159: Displaying The Active Ip Connections {Sockets

    ATEWAY Displaying the Active IP Connections {Sockets} You can display a table which provides a detailed listing of all currently active IP (Internet Protocol) connections. To view the Socket Table, go to the Web Management Interface, click on Network , then click on Info Sockets.

  • Page 160: Displaying The Static Port Mapping Table {Static Port-Mapping

    ATEWAY Displaying the Static Port Mapping Table {Static Port-Mapping} You can display a table which provides a detailed listing of the currently active static port mapping scheme. To view the Static Port-Mapping Table, go to the Web Management Interface, click on , then click on Network Info Static Port-Mapping.

  • Page 161: Displaying Tcp Statistics {Tcp

    ATEWAY Displaying TCP Statistics {TCP} You can display the TCP (Transmission Control Protocol) statistics which are presented as a detailed listing of all TCP elements and their current status. TCP is a standard protocol that manages data transmissions across networks. To view the TCP Statistics, go to the Web Management Interface, click on Network , then click on...

  • Page 162: Displaying Udp Statistics {Udp

    ATEWAY Displaying UDP Statistics {UDP} You can display the UDP (User Datagram Protocol) statistics which are presented as a detailed listing of all UDP elements and their current status. UDP is an Internet standard transport layer protocol. It is a connectionless protocol which adds a level of reliability and multiplexing to the Internet Protocol (IP).

  • Page 163: Port-Location Menu

    ATEWAY Port-Location Menu The Port Location capabilities on the NSE have been enhanced. It is now possible to define a policy on a port. The billing methods (RADIUS, Credit Card, L2TP Tunneling) and the billing plans available on each port can now be individually configured.

  • Page 164: Adding And Updating Port-Location Assignments {Add

    ATEWAY Adding and Updating Port-Location Assignments {Add} Port-locations can be assigned at any level (for example, a specific room in a hotel or apartment building, a floor number, wing, or building). There may even be multiple ports assigned to a single room or location. The HSG uses a port-location authorization table to manage the assigned ports and ensure accurate billing for the services used by a particular port.
  • Page 165 ATEWAY Enter a location identifier in the Location field. Locations can be assigned as an alpha, numeric, or alpha-numeric value. All alpha characters (used for locations and descriptions) are case- sensitive. In the field, enter the port (the VLAN ID when using 802.1Q 2-way). Port In the field, enter a meaningful description for this port-location...

  • Page 166: Updating A Port-Location Assignment

    ATEWAY Tunneling for a port is enabled only if Tunneling is globally enabled AND the per-port enable Tunneling parameter is set. Click on the button to save your changes (the message: Entry added or appears), or click on the button if you want to updated in the location file Reset reset all the values to their previous state.

  • Page 167: Deleting All Port-Location Assignments {Delete All

    ATEWAY Deleting All Port-Location Assignments {Delete All} This procedure shows you how to delete all port-location assignments. The HSG displays a warning and prompts you to confirm this action before deleting all the port-locations currently assigned in the system. From the Web Management Interface, click on , then Port-Location Delete All.

  • Page 168: Deleting Port-Location Assignments By Location {Delete By Location

    ATEWAY Deleting Port-Location Assignments by Location {Delete by Location} This procedure shows you how to delete a port-location assignment, based on its location. The HSG prompts you to confirm this action before deleting the requested port-location. If you are unsure which port-locations are currently mapped to the system, you can view a list at “Displaying the Port-Location Mappings {List}”...

  • Page 169: Deleting Port-Location Assignments By Port {Delete By Port

    ATEWAY Deleting Port-Location Assignments by Port {Delete by Port} This procedure shows you how to delete a port-location assignment, based on its port. The HSG prompts you to confirm this action before deleting the requested port- location. If you are unsure which port-locations are currently mapped to the system, you can view a list at “Displaying the Port-Location Mappings {List}”...

  • Page 170: Exporting Port-Location Assignments {Export

    ATEWAY Exporting Port-Location Assignments {Export} This procedure shows you how to export your current port-location assignments to the “location.txt” file. The location.txt file is stored in: /flash/location.txt (resident in the HSG’s flash memory). Exporting your current port-location assignments to the HSG’s flash memory will overwrite the existing location.txt file.

  • Page 171: Finding Port-Location Assignments By Description {Find By Description

    ATEWAY Finding Port-Location Assignments by Description {Find by Description} This procedure shows you how to find a port-location assignment, based on its description. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their location or port. From the Web Management Interface, click on Port-Location , then...
  • Page 172 ATEWAY The requested port-location is displayed: Active link to “Port” processing screen System Administration...

  • Page 173: Finding Port-Location Assignments By Location {Find By Location

    ATEWAY Finding Port-Location Assignments by Location {Find by Location} This procedure shows you how to find a port-location assignment, based on its location. This procedure is useful if you want to review the details of a specific port- location. You can also find port-locations based on their description or port. From the Web Management Interface, click on , then Port-Location...
  • Page 174 ATEWAY The requested port-location is displayed: Active link to “Port” processing screen System Administration...

  • Page 175: Finding Port-Location Assignments By Port {Find By Port

    ATEWAY Finding Port-Location Assignments by Port {Find by Port} This procedure shows you how to find a port-location assignment, based on its location. This procedure is useful if you want to review the details of a specific port- location. You can also find port-locations based on their description or location. From the Web Management Interface, click on , then Port-Location...

  • Page 176: Importing Port-Location Assignments {Import

    ATEWAY Importing Port-Location Assignments {Import} This procedure shows you how to import port-location assignments from the “location.txt” file. The location.txt file is stored in: /flash/location.txt (resident in the HSG’s flash memory). If you have never exported port-location assignments (since installing the HSG at this site), the location.txt is empty.

  • Page 177: Viewing The "Location.txt" File

    ATEWAY Viewing the “location.txt” File You can click on the “View location.txt” link if you want to view the current contents of the file. System Administration...

  • Page 178: Creating A "Location.txt" File

    ATEWAY Creating a “location.txt” File You can create your own “location.txt” file and upload the file to the HSG’s flash memory at [IP address]/flash/location.txt. Use the following format when creating the file: “1”,1,00:00:00:00:00:00,0.0.0.0,0, “Room 101” The 4 (four) fields used in the format represent the standard format for port-location assignments (location, port, modem MAC address for RiverDelta, subnet, state, description).

  • Page 179: Displaying The Port-Location Mappings {List

    ATEWAY Displaying the Port-Location Mappings {List} You can display a listing of all port-locations assigned to this system. To view the listing of port-location assignments, go to the Web Management Interface, click on Network Info , then click on List. The List Port-Location Assignments screen appears: System Administration...

  • Page 180: Subscriber Administration Menu

    ATEWAY Subscriber Administration Menu Adding Subscriber Profiles {Add} AAA Services must be enabled before you can add a subscriber profile into the HSG’s internal authorization database. Refer to, “Defining the AAA Services {AAA}” on page This procedure shows you how to add subscriber profiles into a table of authorized users.
  • Page 181 ATEWAY From the Web Management Interface, click on Subscriber Administration , then The Add a Subscriber Profile to the Database screen appears: Add. Choose for this profile. Subscriber Device Define the DHCP Address Type: (only used when the IP Public Private Upsell feature is enabled, otherwise leave this set to “private”).
  • Page 182 ATEWAY Enter the of the subscriber. IP Address Enter a valid address for this subscriber. Subnet In the field, enter a user name for this subscriber. If you entered a Username MAC address and you do not want to assign a user name, skip Step 9 (password). User names and passwords are case-sensitive.

  • Page 183: Displaying Current Subscriber Connections {Current

    ATEWAY Displaying Current Subscriber Connections {Current} You can display a listing of all the subscribers currently connected to the system. The list includes the MAC addresses of the subscribers, their active state, the individual expiration times, port numbers (if assigned), and the number of bytes that have been passed from the subscriber to the Internet.

  • Page 184: Deleting Subscriber Profiles By Mac Address {Delete By Mac

    ATEWAY Deleting Subscriber Profiles by MAC Address {Delete by MAC} This procedure shows you how to delete a subscriber profile from the HSG’s database of authorized subscribers, based on the profile’s MAC address. To see a current listing of the subscriber database, sorted by MAC addresses, go to “Listing Subscriber Profiles by MAC Address {List by MAC}”...

  • Page 185: Deleting Subscriber Profiles By User Name {Delete By User

    ATEWAY Deleting Subscriber Profiles by User Name {Delete by User} This procedure shows you how to delete a subscriber profile from the HSG’s database of authorized subscribers, based on the profile’s user name. To see a current listing of the subscriber database, sorted by user name, go to “Listing Subscriber Profiles by User Name {List by User}”...

  • Page 186: Displaying The Currently Allocated Dhcp Leases {Dhcp Leases

    ATEWAY Displaying the Currently Allocated DHCP Leases {DHCP Leases} You can display a listing of the DHCP (Dynamic Host Configuration Protocol) leases that are currently active on the system’s DHCP server. DHCP is a standard method for assigning IP addresses automatically to network devices. DHCP leases define the amount of time that subscribers can utilize the system’s DHCP service.

  • Page 187: Deleting All Expired Subscriber Profiles {Expired

    ATEWAY Deleting All Expired Subscriber Profiles {Expired} This procedure shows you how to delete all expired subscriber profiles from the HSG’s database of authorized subscribers. Use this procedure when you want to “clean up” the subscriber database. From the Web Management Interface, click on , then Subscriber Administration The Remove Expired Profiles screen appears:...

  • Page 188: Finding Subscriber Profiles By Mac Address {Find By Mac

    ATEWAY Finding Subscriber Profiles by MAC Address {Find by MAC} This procedure shows you how to find a subscriber profile from the HSG’s database of authorized subscribers, based on the profile’s MAC address. Use this procedure when you want to see the statistics corresponding to the MAC address. Statistics include user name and password (if any) and the access time remaining for this subscriber.

  • Page 189: Finding Subscriber Profiles By User Name {Find By User

    ATEWAY Finding Subscriber Profiles by User Name {Find by User} This procedure shows you how to find a subscriber profile from the HSG’s database of authorized subscribers, based on the profile’s user name. Use this procedure when you want to see the statistics corresponding to the user name. Statistics include the subscriber’s MAC address and the access time remaining for this subscriber.

  • Page 190: Listing Subscriber Profiles By Mac Address {List By Mac

    ATEWAY Listing Subscriber Profiles by MAC Address {List by MAC} You can display the currently active database of authorized subscribers, based on MAC addresses. To view the list of Authorized Subscriber Profiles, go to the Web Management Interface, click on , then click on Subscriber Administration List by MAC.

  • Page 191: Listing Subscriber Profiles By User Name {List By User

    ATEWAY Listing Subscriber Profiles by User Name {List by User} You can display the currently active database of authorized subscribers, based on user names. You can display the currently active database of authorized subscribers, based on their user names. To view the list of Authorized Subscriber Profiles, go to the Web Management Interface, click on , then click on Subscriber Administration...

  • Page 192: Viewing Radius Proxy Accounting History {Radius Session History

    ATEWAY Viewing RADIUS Proxy Accounting History {RADIUS Session History} These settings are available under Subscriber Administration/RADIUS Session History menu. Enable Logfile checkbox When this setting is enabled any RADIUS proxy accounting messages sent or received by the RADIUS proxy application are logged into a file named “RADHIST.RAD”...

  • Page 193: Displaying Current Profiles And Connections {Statistics

    ATEWAY Displaying Current Profiles and Connections {Statistics} You can view the total number of profiles and connections currently stored in the HSG’s database of authorized subscribers. The displayed list includes the number of subscribers currently in the database (Current Table) and a numerical breakdown of how the subscribers can utilize the system (for example, free access, credit card, etc.).

  • Page 194: Subscriber Interface Menu

    ATEWAY Subscriber Interface Menu Defining the Billing Options {Billing Options} You can define various billing options for use with the Internal Web Server (IWS), based on: Setting Up a “Normal” Billing Plan, including pricing and bandwidth. Duration-based Billing Plans Setting Up an X over Y Billing Plan Messages displayed to subscribers, including an Introduction Message, Offer Message and Policy Message Billing schemes (units of access)
  • Page 195 ATEWAY System Administration...
  • Page 196 ATEWAY Review the billing plans (normal plans and X over Y plans) that are currently active. To view or edit a billing plan, simply click on the View/Edit/Delete button opposite the corresponding plan. The Internal Billing Options Plan Setup or Internal Billing Options XoverY Plan Setup screen appears for the billing plan (and type) you selected (see next page for sample of X over Y plan setup screen).
  • Page 197 ATEWAY System Administration...
  • Page 198 ATEWAY Sample of Internal Billing Options XoverY Plan Setup Screen System Administration...

  • Page 199: Setting Up A "Normal" Billing Plan

    ATEWAY Depending on the type of plan you want to set up, go to: “Setting Up a “Normal” Billing Plan” on page 185. “Setting Up an X over Y Billing Plan” on page 187. Setting Up a “Normal” Billing Plan If required, click on the check box to enable (make active) this billing Enable...
  • Page 200 ATEWAY Define the messages you want to present to subscribers, including: Introduction Message Offer Message Policy Message Define the Units of Access (Minute, Hour, Day, Week, or Month) you want to make available to subscribers. If you want to allow free access to subscribers, you can define the following free billing options: Default Free Access Time (in days) Maximum Subscriber Lifetime (in days)

  • Page 201: Setting Up An X Over Y Billing Plan

    ATEWAY Setting Up an X over Y Billing Plan If required, click on the Enable check box to enable (make active) this billing plan. Define a “label” for this billing plan in the field. Label Each plan must have a unique label, different from other plans. Enter a description for this billing plan in the field.

  • Page 202: Setting Up The Information And Control Console {Icc Setup

    ATEWAY Setting Up the Information and Control Console {ICC Setup} The Nomadix Information and Control Console (ICC) is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing plan options quickly and efficiently, and displays a dynamic “time” field to inform them of the time remaining on their account.
  • Page 203 ATEWAY The ICC Setup screen appears: System Administration...
  • Page 204 If you enabled either of the ICC pop-up options, you can choose a unique name for the console. Simply type a meaningful name in the field. Title Define the physical location where you want the Nomadix Logout Console to appear on the subscriber’s screen. Choose one of the following options: Upper Left Corner...

  • Page 205: Assigning Buttons

    ATEWAY Assigning Buttons When assigning the redirect buttons that will appear in the ICC, you can define (large button) and up to 8 smaller buttons ( ISP Logo Button Button 2 through Button 9 ), with the following parameters: Name/Text – The name of the button and the mouse-over text. The mouse- over text is the text that appears in the ICC’s Message Bar when your mouse pointer “rolls”...

  • Page 206: Assigning Banners

    ATEWAY Assigning Banners From the Subscriber Console (Information and Control Console - ICC) Setup screen, click on the Configure Banners link. The Subscriber Console (Information and Control Console - ICC) Banners Setup screen appears: Click here to return to the previous screen You can display up to 5 banners, but they must be defined here.
  • Page 207 ATEWAY Define the parameters for your banner(s): Name/Text Target URL Image Name (see following note) Duration (secs) Start Time (Optional) Stop Time (Optional) If you assign (or change) button images or banner images, the HSG must be rebooted for your changes to take effect. If you changed any of the Image Name definitions, click on the check box for Reboot after changes are saved? (to reboot the HSG).

  • Page 208: Pixel Sizes

    ATEWAY Pixel Sizes Use the following parameters when defining images for buttons and banners: Banners – 373 pixels (width) x 32 pixels (height) ISP Button – 98 pixels (width) x 26 pixels (height) Small buttons – 45 pixels (width) x 26 pixels (height) Banner (373 x 32 pixels) Small Buttons...

  • Page 209: Defining Languages {Language Support

    ATEWAY Defining Languages {Language Support} The HSG allows you to define the text displayed to your users by the Internal Web Server (IWS) without any HTML or ASP knowledge. The language you select here will determine the language encoding that the HSG’s Internal Web Server instructs the browser to use.
  • Page 210 ATEWAY Select the language you want to use (see notes). There are currently 6 (six) “pre-translated” language options. If you want to have the ICC pre-translated into Japanese and enter and display Japanese characters on the Web Management Interface and the subscriber’s portal page, choose the Japanese (Shift_JIS) option.

  • Page 211: Enabling Local Web Serving {Local Web Server

    ATEWAY Enabling Local Web Serving {Local Web Server} Here are the quick setup instructions to enable serving of local web pages. Upload the required pages and images to the /flash/web directory using FTP. Total file size of all pages and images cannot exceed 200 KB. File names should be labeled using the 8.3 format.
  • Page 212 ATEWAY Web Page File Name This text box lets you add or remove the names of the web pages that you intend to serve to the end users. Note: The name of the web page has to be added in order for it to be served to the end users.

  • Page 213: Defining The Subscriber's Login Ui {Login Ui

    ATEWAY Defining the Subscriber’s Login UI {Login UI} This procedure allows you to set up the presentation and content of the subscriber’s login User Interface (UI). From the Web Management Interface, click on Subscriber Interface , then Login The Subscriber Login User Interface Settings screen appears: System Administration...
  • Page 214 ATEWAY System Administration...
  • Page 215 ATEWAY Define the messages you want subscribers to see when they log in. Keep messages brief and to the point. Available message categories include: Service Selection Message Existing Username Message New Username Message Contact Message PMS Username Message (PMS is not available with the AG 2100) If any of your devices do not support Java™...
  • Page 216 ATEWAY Take care when mixing font and background colors. You may want to experiment before establishing these settings to ensure that your chosen color scheme is both presentable and readable to subscribers (see notes). You must reboot the HSG for the “Image File Name” or “Partner Image File Name”...

  • Page 217: Subscriber Login Screen (Sample)

    ATEWAY Subscriber Login Screen (Sample) The following sample shows a subscriber login screen: System Administration...

  • Page 218: Defining The Post Session User Interface (Post Session Ui)

    ATEWAY Defining the Post Session User Interface (Post Session UI) The Post Session UI (Goodbye Page) can be defined either as a RADIUS VSA or be driven by the HSG’s Internal Web Server (IWS). Using the IWS option means that this functionality is available for other post-paid billing mechanisms.
  • Page 219 ATEWAY From the Web Management Interface, click on Subscriber Interface , then Post Session UI. The Subscriber Post Session User Interface Settings screen appears: System Administration...
  • Page 220 ATEWAY Click on the check box to enable (or disable) the Enable IWS Goodbye Page IWS Goodbye Page, as required. If you enabled the IWS Goodbye Page, select your preferred display options by checking the corresponding boxes: Display IP Address Display Authen Type Display Start Time Display Stop Time...

  • Page 221: Defining Subscriber Ui Buttons {Subscriber Buttons

    ATEWAY Defining Subscriber UI Buttons {Subscriber Buttons} This procedure allows you to define how each of the control buttons are displayed to subscribers. From the Web Management Interface, click on Subscriber Interface , then The Subscriber Page -- Control Button Definitions screen Subscriber Buttons.

  • Page 222: Defining Subscriber Ui Labels {Subscriber Labels

    ATEWAY Defining Subscriber UI Labels {Subscriber Labels} This procedure allows you to define how the user interface (UI) field labels are displayed to subscribers. From the Web Management Interface, click on , then Subscriber Interface Subscriber Labels. The Subscriber Page -- Field Label Definitions screen appears: System Administration...
  • Page 223 ATEWAY Enter the definitions you want for each label in the corresponding fields. Click on the button to save your changes, or click on the button if Submit Reset you want to reset all the values to their previous state. If you want to reset all field values to their default state, click on the Revert button.

  • Page 224: Defining Subscriber Error Messages {Subscriber Errors

    ATEWAY Defining Subscriber Error Messages {Subscriber Errors} This procedure allows you to define how error messages are displayed to subscribers. There are 2 (two) pages of error messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber Errors, 1 of 2.
  • Page 225 ATEWAY Enter the definitions you want for each error message in the corresponding fields. Click on the button to save your changes, or click on the button if Submit Reset you want to reset all the values to their previous state. If you want to reset all field values to their default state, click on the Revert button.

  • Page 226: Defining Subscriber Messages {Subscriber Messages

    ATEWAY Defining Subscriber Messages {Subscriber Messages} This procedure allows you to define how “other” subscriber messages are displayed. There are 3 (three) pages of subscriber messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber Messages, 1 of 3. System Administration...
  • Page 227 ATEWAY The Subscriber Page -- Other Message Definitions, 1 of 3 screen appears: System Administration...
  • Page 228 ATEWAY Enter the definitions you want for each subscriber message in the corresponding fields. Click on the button to save your changes, or click on the button if Submit Reset you want to reset all the values to their previous state. If you want to reset all field values to their default state, click on the Revert button.
  • Page 229 ATEWAY Repeat Steps 1 – 3 for page 3 of 3 (see following screen): System Administration...

  • Page 230: System Menu

    ATEWAY System Menu Adding an ARP Table Entry {ARP Add} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting. This procedure shows you how to add an ARP table entry.

  • Page 231: Deleting An Arp Table Entry {Arp Delete

    ATEWAY Deleting an ARP Table Entry {ARP Delete} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting. This procedure shows you how to delete an ARP table entry.

  • Page 232: Enabling The Bridge Mode Option {Bridge Mode

    ATEWAY Enabling the Bridge Mode Option {Bridge Mode} Bridge Mode allows complete and unconditional access to devices on the subscriber side of the HSG. When the Bridge Mode option is enabled, the HSG is effectively transparent to the network in which it is located, allowing clusters of switches (especially Cisco Systems switch clusters) to be managed using the STP (Spanning Tree Protocol), or any other algorithm/protocol.

  • Page 233: Exporting Configuration Settings To The Archive File {Export

    ATEWAY Exporting Configuration Settings to the Archive File {Export} This procedure shows you how to export the current system configuration settings to an archive file for future retrieval. This function is useful if you want to change the configuration settings and you are unsure of the effect that the changes will have. You can restore the archived system configuration settings at any time with the import function.

  • Page 234: Importing The Factory Defaults {Factory

    ATEWAY Importing the Factory Defaults {Factory} This procedure shows you how to replace the current configuration settings with the settings that were established at the factory. If you restore the factory default configuration settings, you will no longer be able to access the HSG remotely. However, you always have the option of using the “import”...

  • Page 235: Defining The Fail Over Options {Fail Over

    Many large scale networks require fail-over support for all devices in the public access network. The HSG allows two Nomadix Gateways to act as siblings, where one device will take up the users should the other device become disconnected from the network.
  • Page 236 ATEWAY Click on the check box for Reboot after changes are saved? If you are using RADIUS, it is recommended to add both Nomadix gateways to the RADIUS server. Click on the button to save your changes, or click on the...

  • Page 237: Viewing The History Log {History

    ATEWAY Viewing the History Log {History} You can view a history log of the system’s Access, Reboot, and Uptime activities. The history log contains up to 500 entries. Over 500 entries and each new log item removes the oldest entry in the list. The latest entry is always at the top of the list. To view the history log, go to the Web Management Interface and click on System then...
  • Page 238 ATEWAY The “Access and reboot History” log fields include: Message – Administrator / Operator action. Login – User name of the Administrator / Operator. IP – Source IP address (see note). The source IP displayed may be the source IP of a NAT router instead of the client of the person accessing the HSG.

  • Page 239: Establishing Icmp Blocking Parameters {Icmp

    ATEWAY Establishing ICMP Blocking Parameters {ICMP} The HSG includes the option to block all ICMP traffic from “pending” or “non authenticated” users that are destined to addresses other than those defined in the pass-through (walled garden) list. The default setting for this option is “disabled” since ICMP pass-through is a useful end-user troubleshooting feature and also required by certain smart clients (for example, GRIC).

  • Page 240: Importing Configuration Settings From The Archive File {Import

    ATEWAY Importing Configuration Settings from the Archive File {Import} This procedure shows you how to restore the system configuration settings from an archive file (previously created with the export function). The archived configuration settings you want to restore may not contain valid IP addresses.

  • Page 241: Establishing Login Access Levels {Login

    ATEWAY Establishing Login Access Levels {Login} This procedure shows you how to assign differentiated access levels for operators and managers at login. The HSG allows you to define 2 concurrent access levels to differentiate between managers and operators, where managers are permitted read/write access and operators are restricted to read access only.
  • Page 242 ATEWAY The Login Name and Password screen appears: Click on the check box for Administration Concurrency if you want to assign concurrent Manager and Operator logins. In the field, enter a login name for this manager. Manager Login Login names and passwords are case-sensitive. Use login names and passwords that are easy to remember (up to 11 characters, any character type).
  • Page 243 ATEWAY In the Confirm Password field, enter the password again to confirm it. If you forget your password, you will need to contact technical support. See also, “Appendix A: Technical Support” on page 311. If you enabled Administration Concurrency, repeat steps 3 to 5 for an operator login.

  • Page 244: Defining The Mac Filtering Options {Mac Filtering

    ATEWAY Defining the MAC Filtering Options {Mac Filtering} MAC Address filtering enhances Nomadix' access control technology by allowing System Administrators to block malicious users based on their MAC address. Up to 50 MAC addresses can be blocked at any one time (see caution).

  • Page 245: Rebooting The System {Reboot

    ATEWAY Rebooting the System {Reboot} This procedure shows you how to reboot the HSG. The “reboot” procedure outlined on this page allows you to decide when to reboot (if you are making multiple changes to different menu functions and you want to reboot just one time after completing all your changes).

  • Page 246: Adding A Route {Route Add

    ATEWAY Adding a Route {Route Add} This procedure shows you how to add a route into the HSG’s routing table. This is accomplished by establishing the route’s destination IP address, and by setting the gateway or router IP address by which the route’s destination can be reached. From the Web Management Interface, click on , then System...

  • Page 247: Deleting A Route {Route Delete

    ATEWAY Deleting a Route {Route Delete} This procedure shows you how to delete a route to a specific IP destination. From the Web Management Interface, click on , then System Route Delete. The Delete Static Routes screen appears: Enter the address of the route you want to delete from the routing Destination IP table.

  • Page 248: Establishing Session Rate Limiting {Session Limit

    ATEWAY Establishing Session Rate Limiting {Session Limit} Session Rate Limiting (SRL) significantly reduces the risk of “Denial of Service” attacks by allowing administrators to limit the number of DAT sessions any one user can take over a given time period and, if necessary, then block malicious users. From the Web Management Interface, click on , then System...

  • Page 249: Adding Static Ports {Static Port-Mapping Add

    ATEWAY Adding Static Ports {Static Port-Mapping Add} Static Port-Mapping allows the network administrator to setup a port mapping scheme that forwards packets received on a specific port to a particular static IP (typically private and mis-configured) and port number on the subscriber side of the HSG.
  • Page 250 ATEWAY Enter the reference. Internal Port Enter a valid MAC Address Enter the External IP Address The External IP address field will default to the IP address of the HSG. Enter the reference. External Port Optional: Enter the . Leave this field set to zero if you want Remote IP Address to connect to the internal device from any network-side workstation.

  • Page 251: Deleting Static Ports {Static Port-Mapping Delete

    ATEWAY Deleting Static Ports {Static Port-Mapping Delete} Static Port-Mapping allows the network administrator to setup a port mapping scheme that forwards packets received on a specific port to a particular static IP (typically private and mis-configured) and port number on the subscriber side of the HSG.

  • Page 252: Changing The Function Of The Serial Port {Serial

    ATEWAY Changing the Function of the Serial Port {Serial} PMS is not available with the AG 2100. You can change the function of the serial port, switching between a Property Management System (PMS) and simple serial functionality (for accessing the system’s Command Line Interface).

  • Page 253: Blocking A Subscriber Interface {Subscriber Interfaces

    Updating the HSG Firmware {Upgrade} Upgrading the HSG firmware is performed from the HSG’s Command Line Interface (CLI) only. Refer to the Firmware Upgrade Procedure (separate document available from Nomadix Technical Support). System Administration...
  • Page 254 ATEWAY This page intentionally left blank. System Administration...
  • Page 255 ATEWAY System Administration...
  • Page 256 ATEWAY System Administration...
  • Page 257 ATEWAY System Administration...
  • Page 258 ATEWAY This page intentionally left blank. System Administration...

  • Page 259: Chapter 3: The Subscriber Interface

    ATEWAY The Subscriber Interface This chapter provides an overview of the HSG’s Subscriber Interface and sections outlining the authorization and billing processes, subscriber management modles, and the Information and Control Console (ICC). Overview The Subscriber Interface is the window to the solution provider’s Web site, and much more than that.

  • Page 260: Authorization And Billing

    ATEWAY Authorization and Billing As a gateway device, the HSG enables plug-and-play access to broadband networks. Broadband network solution providers can now offer their subscribers a wide range of high speed services, including access to the Internet. Of course, a high speed Internet connection is not free –...
  • Page 261 ATEWAY Subscriber Launch browser Enter credit card details Network access Billing mirror server Authorize this subscriber External server bank account Solution Provider The Subscriber Interface...

  • Page 262: The Aaa Structure

    ATEWAY The AAA Structure The HSG’s Authentication, Authorization, and Accounting (AAA) module enables the solution provider to provision, track, and bill new or returning subscribers. This includes: Allowing the solution provider (for example, a hotel) to bill its guests for the high speed network services it provides, track usage on the network, and deny service to those guests who have not paid.
  • Page 263 ATEWAY The Authentication module is responsible for ensuring that when subscribers log in to the system they are correctly identified. It can identify subscribers in many different ways. For example: Based on their hardware (MAC) address. By validating their user name and password. By looking up subscribers on a local (flash) database.

  • Page 264: Process Flow (Aaa)

    ATEWAY Process Flow (AAA) The following flowchart outlines the AAA and billing process. All actions depicted in the chart are administered and tracked by the HSG. HSG detects connection and verifies user against authorization table New User Existing Subscriber Login Page Specify lease time Lease time required, and...

  • Page 265: Internal And External Web Servers

    ATEWAY Internal and External Web Servers The HSG supports both internal and external Web servers which act as a login interface between subscribers and the solution provider’s network, including the Internet. The internal Web server is “flashed” into the system’s memory and the login page is served directly from the HSG.

  • Page 266: Subscriber Management

    ATEWAY Subscriber Management The HSG provides several subscriber management models, including: Free access (for example, no AAA functionality) MAC address Port-Location ID (for example, by room or unit number) User name and password Credit card Combinations of two or more subscriber management models can be used. When a subscriber connects to the network and attempts to access the Internet, the HSG looks for each model in the given order above.
  • Page 267 ATEWAY Model What You Need To Do Free access Disable the AAA services. MAC address Enable the AAA services and add a subscriber profile to the database for each MAC address you want to enable. User Name and Enable the AAA services and Usernames. Add a Password subscriber profile to the database for each user name and password you want to enable.

  • Page 268: Information And Control Console (Icc)

    ATEWAY Information and Control Console (ICC) The Information and Control Console (ICC) is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing options quickly and efficiently, and displays a dynamic “time” field to inform them of the time remaining on their account.

  • Page 269: Logout Console

    ATEWAY Logout Console The HSG allows System Administrators to define a simple HTML-based pop-up window for explicit logout that can be used as an alternative to the more fully featured ICC. The pop-up Logout Console can display the elapsed/count-down time and one logo for intra-session service branding.
  • Page 270 ATEWAY This page intentionally left blank. The Subscriber Interface...

  • Page 271: Chapter 4: Quick Reference Guide

    ATEWAY Quick Reference Guide This chapter contains product reference information, organized by topic. Use this chapter to locate the information you need quickly and efficiently. Web Management Interface (WMI) Menus The following tables contain a listing and brief explanation of all menus and menu items contained in the HSG’s Web Management Interface (WMI), listed as they appear on screen.

  • Page 272: Configuration Menu Items

    ATEWAY Configuration Menu Items Item Description Establishes the AAA service options. Access Control To enable secure administration of the product, the HSG incorporates a master access control list that checks the source (IP address) of administrator logins. A login is permitted only if a match is made with the master list contained on the HSG.
  • Page 273 ATEWAY Item Description Location Sets up your location and IP addresses for the network, subscriber, subnet mask, and default gateway. Logging Enables logging options for the system and AAA functions. Meeting Room Scheduler Allows subscribers to reserve conference rooms and pay for their Internet access in advance.

  • Page 274: Network Info Menu Items

    ATEWAY Network Info Menu Items Item Description Displays the ARP table, including the destination IP address and the gateway MAC address. Displays the DAT session table. Hosts Displays the host table, including host names, associated IP addresses and any assigned aliases. ICMP Displays the ICMP (Internet Control Message Protocol) performance statistics.

  • Page 275: Port-Location Menu Items

    ATEWAY Port-Location Menu Items Items Description Adds or updates port-location assignments. Delete All Deletes all port-location assignments. Use this command with caution. Delete by Location Deletes port-location assignments, based on a specified location. Delete by Port Deletes port-location assignments, based on a specified port (VLAN tag).

  • Page 276: Subscriber Administration Menu Items

    ATEWAY Subscriber Administration Menu Items Items Description Adds subscriber profiles to the database. Current Displays a list of all currently connected subscribers. Delete by MAC Deletes a subscriber, based on a specific MAC address. Delete by User Deletes a subscriber, based on a specific user name. DHCP Leases Sets up the current subscriber DHCP leases.

  • Page 277: Subscriber Interface Menu Items

    ATEWAY Subscriber Interface Menu Items Items Description Billing Options Establishes the various billing plans and rates (schemes), including messages and appearance. ICC Setup Sets up the Information and Control Console (ICC) for subscribers. Language Support Defines the language to be displayed on the Web Management Interface and the subscriber’s portal page.

  • Page 278: System Menu Items

    Factory Imports the factory default settings. FailOver Sets up a “sibling” Nomadix Gateway, allowing one device to take up the users should the other device become disconnected from the network. History Displays a history log of the system’s activity, including Access, Reboot and Uptime.
  • Page 279 AG 2100.) Subscriber Interfaces Blocks subscriber interfaces. Syslog Displays syslog history. System Utilization Displays system utilization information. Upgrade Obtain the latest Firmware Upgrade Procedure from Nomadix Technical Support. User Settings Blocks IPPROTO traffic from misconfigured subscribers. Quick Reference Guide...

  • Page 280: Alphabetical Listing Of Menu Items (Wmi)

    Export ............Export port-location assignments to file ..........Port-Location Factory............Import the factory default configuration settings ..........System FailOver............. Sets up a “sibling” Nomadix Gateway ..............System Find by Description ........Find port-location assignments by description......... Port-Location Find by Location ........Find port-location assignments by location ..........Port-Location Find by MAC ..........
  • Page 281 ATEWAY Realm-Based Routing ....... Sets up service profiles and realm-based routing policies ....... Configuration Reboot ............Reboot the operating system ................System Route Add ..........Add a route to the routing table ................System Route Delete..........Delete a route from the routing table ..............System Routing............

  • Page 282: Default (Factory) Configuration Settings

    10.0.0.10 Subscriber IP 10.0.0.11 Subnet Mask 255.255.255.0 Default Gateway IP 10.0.0.1 DHCP Client Enabled Admin IP 172.30.30.172 Domain nomadix. Host Name Primary DNS 0.0.0.2 Secondary DNS 0.0.0.0 Tertiary DNS 0.0.0.0 DHCP Relay Disabled External DHCP Server IP 0.0.0.0 DHCP Relay Agent IP 0.0.0.0...
  • Page 283 ATEWAY Function Default Setting AAA Logging Disabled AAA Log Server Number AAA Log Server IP 0.0.0.0 SYSLOG (System Logging) Disabled SYSLOG Server Number SYSLOG Server IP 0.0.0.0 AAA Services Disabled Internal Authorization Enabled New Subscribers Enabled Credit Card Service Enabled Parameter Passing Disabled Usernames...

  • Page 284: Product Specifications

    ATEWAY Product Specifications Specifications ERFORMANCE User Support: 50 users concurrently, with option to expand (up to 150 users) Throughput: 75Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL Dimensions: 1U, free standing 8.66 (W) x 10.00 (D) x 1.75 (H) inches 220 (W) x 254 (D) x 44 (H) mm Weight: 4.05 pounds (1.84 Kg)
  • Page 285 ATEWAY Specifications LED I NDICATORS ACT/LINK and 10/100 for each Ethernet port Power ETWORK ANAGEMENT Multi-Level Administration Controls Access Control Lists Web Administration UI SNMP XML API CLI via Telnet and Serial Port Quick Reference Guide...

  • Page 286: Sample Aaa Log

    ATEWAY Sample AAA Log The following table shows a sample AAA log. This log is generated by the HSG and sent to the SYSLOG server that is assigned to AAA logging. Expira Type Subscriber MAC Date Time Log Code Log Message tion Name of Data...
  • Page 287 ATEWAY Message Definitions (AAA Log) The six basic messages are defined as follows: Message Definition AAA_Authentication Successful Subscriber profile was successfully added to the HSG authorization table after being authenticated by the credit card server. AAA_Authentication Subscriber profile was not added to the HSG Unsuccessful_Error authorization table because the credit card server did not recognize the transaction.

  • Page 288: Sample Syslog Report

    ATEWAY Sample SYSLOG Report Syslog reports are generated by the HSG and sent to the syslog server that is assigned to general error detection and reporting. 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [HSG v2.3.006] DHCP: ndxDHCPInit: 0021 DHCP initialized 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [HSG v2.3.006] CLISRD: 0206 Setting COM1 to 9600 baud 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [HSG v2.3.006] CLISRD: Starting CLI on the serial port...

  • Page 289: Keyboard Shortcuts

    ATEWAY Keyboard Shortcuts The following table shows the most common keyboard shortcuts. Action Keyboard Shortcut Cut selected data and place it on the clipboard. Ctrl + X Copy selected data to the clipboard. Ctrl + C Paste data from the clipboard into a document (at the Ctrl + V insertion point).

  • Page 290: Radius Attributes

    ATEWAY RADIUS Attributes RADIUS (Remote Authentication Dial-In User Service) was originally created to allow remote authentication to the dial-in networks of corporations and dial-up ISPs. It is defined and standardized by the IETF (Internet Engineering Task Force) and several RADIUS server packages exist in both the public domain and for commercial sale.

  • Page 291: Authentication-Request

    ATEWAY The Nomadix HSG RADIUS functionality can be broken down into the following categories: Authentication-Request Authentication-Reply (Accept) Accounting-Request Selected Detailed Descriptions Nomadix Vendor Specific Attributes Authentication-Request Username Password Service-Type NAS-Port (port number) NAS-Identifier Framed-IP Address NAS-IP Address NAS-Port-Type Acct-Session-ID Log-Off-URL EAP-Packet (used for 802.1x)

  • Page 292: Authentication-Reply (Accept)

    ATEWAY Authentication-Reply (Accept) Reply-Message Reject-Message State (used/tested for 802.1x) Class Session-Timeout Idle-Timeout EAP-Packet (used for 802.1x) Message-Authenticator (used for 802.1x) Acct-Interim-Interval Nomadix VSAs: Nomadix-Bw-Up Nomadix-Bw-Down Nomadix-URL-Redirection Nomadix-IP-Upsell Nomadix-MaxBytesUp Nomadix-MaxBytesDown Nomadix-Net-VLAN Nomadix-Session-Terminate-End-Of-Day Nomadix-Subnet Nomadix-Expiration Quick Reference Guide...

  • Page 293: Accounting-Request

    ATEWAY Accounting-Request Username Acct-Status-Type (Start/Stop/Update) Acct-Session-ID Acct-Output-Octets Acct-Input-Octets Acct-Output-Packets Acct-Input-Packets Class Nomadix VSAs: Nomadix-Subnet Nomadix-URL-Redirection Nomadix-IP-Upsell Acct-Session-Time (Stop) Terminate-Cause (Stop) NAS ID NAS-IP Address NAS-Port-Type NAS-Port Framed-IP Address Acct-Delay-Time Called-Station-ID Calling-Station-ID Quick Reference Guide...

  • Page 294: Selected Detailed Descriptions

    ATEWAY Selected Detailed Descriptions Acct-Session-ID The Acct-Session-ID is created when the RADIUS authentication request is built. It is transmitted in both the Access-Request and the Accounting-Request. Session Timeout There is currently no default session timeout that you can set in the HSG Web Management Interface (WMI).
  • Page 295 Acct-Input-Packets: number of packets received by subscriber. Upon a reboot, these 2 attributes are saved in currfile.dat the same way as for Acct- Input-Octets and Acct-Input-Octets. If you plan to implement RADIUS, go to “Contact Information” on page 312 for Nomadix Technical Support. Quick Reference Guide...

  • Page 296: Nomadix Vendor Specific Attributes

    ATEWAY Nomadix Vendor Specific Attributes Nomadix-Bw-Up This attribute value (in Kbps) restricts the speed at which uploads are performed. Nomadix-Bw-Down This attribute value (in Kbps) restricts the speed at which downloads are performed. Nomadix-URL-Redirection This attribute allows the administrator to redirect the user to a page of the administrators choice each time the user logs in.

  • Page 297: Setting Up The Ssl Feature

    We recommend that you use VeriSign (all instructions in this document are based on obtaining a key from VeriSign). Please contact Nomadix Technical Support if you want to use a different Certificate Authority. For Nomadix technical support, go to “Contact Information”...

  • Page 298: Obtain A Private Key File (Cakey.pem)

    VeriSign). These files are put in as file1:file2:file3:file4:file5 in the key generation command. Downloading Cygwin There are several sources for obtaining “Cygwin” to install OpenSSL. One popular source is: http://sources.redhat.com/cygwin/. Nomadix used Cygwin version 1.3.2 for generating this section of the User’s Guide. Quick Reference Guide...

  • Page 299: Installing Cygwin And Openssl On A Pc

    ATEWAY Installing Cygwin and OpenSSL on a PC The example in this document is based on downloading the software with Netscape 4.75. The procedure starts from the Cygwin Net Release Setup Program screen: Click on the button. Next The following screen appears: Quick Reference Guide...
  • Page 300 ATEWAY Click on the button to display the next setup screen. Next Click on the button to display the next setup screen. Next Click on the button to display the next setup screen. Next Quick Reference Guide...
  • Page 301 Select a location and click on the button. Next For the purposes of this document, Nomadix used: ftp:// planetmirror.com. In the following screens, please skip all packages except “cygwin” and “openssl,” then click on the Next when you are done.
  • Page 302 ATEWAY Click on the Next button to start the “download” process. Wait for the download process to complete. Quick Reference Guide...
  • Page 303 ATEWAY Click on the Next button to start the “install” process. Wait for the install process to complete. There will be a pop-up dialog to inform you that the installation process is completed. At the pop-up dialog, click on the button.

  • Page 304: Private Key Generation

    ATEWAY Private Key Generation Create a directory from Root and put 5 random files, , and a.dat b.dat c.dat d.dat (see note) into the C:\cygwin\bin\ directory (or the directory where you installed e.dat openssl.exe). These random files can be any file type, such as Word, Excel, etc. Change the files to .dat files (shown above).
  • Page 305 ATEWAY openssl “openssl” command. genrsa A parameter for “openssl” to generate an RSA key. Rand A parameter for “openssl” to generate a random number from the files list. file1:file2…:file5 These five large random files are residing on the workstation (large compressed log files recommended by VeriSign).
  • Page 306 ATEWAY Here is the output of cakey.pem: Quick Reference Guide...

  • Page 307: Create A Certificate Signing Request (Csr) File

    ATEWAY Create a Certificate Signing Request (CSR) File Run the following command to generate the certificate signing request: >openssl req -new -key cakey.pem > server.csr The following table provides an explanation of the command elements: openssl “openssl” command A parameter for creating a request Defining a “new”...
  • Page 308 ATEWAY Here is the output of server.csr: Quick Reference Guide...

  • Page 309: Create A Public Key File (Server.pem)

    ATEWAY Create a Public Key File (server.pem) VeriSign Purchasing Process The signing process varies by Certificate Authority. Generally, you will need to send a Certificate Signing Request to the Certificate Authority (CA) and the CA will create a public key base on the certificate request. This is the procedure to get a 40-bit encryption or 128-bit Public Key from VeriSign.
  • Page 310 Some older versions of popular browsers only support 40-bit or 56-bit encryption. Since it impossible to forecast the browsers that may be used in a visitor-based network, Nomadix recommends implementing a 40-bit Public Key. During the process, VeriSign will ask for your business information and verification.
  • Page 311 ATEWAY CSR Submission to VeriSign Please select “Apache Freeware” to submit the CSR to VeriSign. The Certificate Signing Request is in the server.csr (created in the previous step). Open server.csr and copy and paste all data into the edit box. Select the purchase method and summit the required contact information.
  • Page 312 ATEWAY The file, “server.pem” will look like this: You have now finished the process of obtaining a public key. Quick Reference Guide...

  • Page 313: Setting Up Hsg For Ssl Secure Login

    ATEWAY Setting Up HSG for SSL Secure Login FTP the “cakey.pem” and “server.pem” files into the HSG platform's flash directory. FTP to the HSG by Netscape: ftp://username:password@[HSG Network IP]/ flash. Drag and drop the “cakey.pem” and “server.pem” files into the directory. Change settings in the WMI.

  • Page 314: Mirroring Billing Records

    ATEWAY Mirroring Billing Records Multiple HSG units can send copies of credit card billing records to a number of external servers that have been previously defined by system administrators. The HSG assumes control of billing transmissions and saving billing records. By effectively “mirroring”...

  • Page 315: Xml Interface

    ATEWAY XML Interface XML for the External Server The HSG sends a string of XML commands according to specifications. HTTP headers are added to the XML packets that are built, as the billing “mirroring” Content- information is sent to the external server in HTTP compliant XML format. length has also been added to the HTTP post.
  • Page 316 ATEWAY The packet after the HTTP headers added looks like this: XML to HSG The HSG uses USG commands for XML strings. The HSG accepts a single line of XML text in the specified format. The XML string is a command sent by the External Server to the HSG product. In this case, the acknowledgement received from the External Server forms the command.

  • Page 317: Example Of A Negative Acknowledgement

    Format for each Field: RESULT_VALUE:OK or ERROR IP:Standard IP format (123.123.123.123) ERROR_CODE1 for OK, or any other number Please contact Nomadix Technical Support for the complete XML DTD. Refer to “Contact Information” on page 312. For more information about Billing Records Mirroring, see also: “Establishing Billing Records “Mirroring”...
  • Page 318 ATEWAY This page intentionally left blank. Quick Reference Guide...

  • Page 319: Chapter 5: Troubleshooting

    ATEWAY Troubleshooting This chapter provides information to help you resolve common hardware and software problems. It also contains a list of known error messages associated with the Management Interface. General Hints and Tips Management Interface Error Messages Common Problems General Hints and Tips The HSG is both a hardware device and a powerful software utility.

  • Page 320: Management Interface Error Messages

    ATEWAY Management Interface Error Messages The following table contains the error messages associated with the Management Interface (CLI and Web). All messages are listed alphabetically.. Error Message Cause AAA must be enabled before adding a You are attempting to add a subscriber subscriber to the profile database.
  • Page 321 When upgrading the software, the system must FTP a valid boot image to the flash. needs the new boot image file. You must FTP the file from NOMADIX™ to your local hard drive. Warning: no DHCP services are available This message is displayed because you to subscribers.

  • Page 322: Common Problems

    ATEWAY Common Problems If you are having problems, you may find the answers here. An updated version of this list can be found at: http://www.nomadix.com/techsup. Problem Possible Cause Solution When using the internal The internal AAA login Enable communications AAA login Web server, server communicates with Authorize.Net on port...
  • Page 323 ATEWAY Problem Possible Cause Solution When a subscriber logs in Home page redirection is Enable home page for the first time, their not enabled in the HSG. redirection. browser is not redirected The home page URL was Re-enter the correct URL. to the specified home entered into the HSG page.
  • Page 324 ATEWAY This page intentionally left blank. Troubleshooting...

  • Page 325: Appendix A: Technical Support

    If you cannot resolve the problem with your documentation resources, try connecting to our corporate Web site. We may have new information posted here that addresses your issues. www.nomadix.com If you are still having problems, our friendly and experienced technical support team is always ready to assist you.

  • Page 326: Contact Information

    ATEWAY Contact Information You can contact us by Email, fax, telephone, or regular mail. Telephone ++1.818.575.2590 E-mail support@nomadix.com Address Nomadix, Inc. 1100 Business Center Circle, Suite 100 Newbury Park, CA 91320 USA Attn: Technical Support ++1818-597-1502 Appendix A: Technical Support...

  • Page 327: Appendix B: Addendum

    This Addendum provides information and procedures that will enable system administrators to configure and use the specific features introduced in the 1.3 Maintenance, 1.3 M+ and 1.4 releases for the Nomadix HotSpot Gateway (HSG). The features covered are 1.3M and 1.3M+ Features:...
  • Page 328 ATEWAY Appendix B: Addendum...
  • Page 329 ATEWAY Appendix B: Addendum...
  • Page 330 ATEWAY PPPoE Service Name This is the Service-Name TAG. The maximum allowed length is 31 characters. PPP Keep Alive Echo Request Interval in seconds Setting this to 0 will disable echo requests from the NSE. The default value for this parameter is 30 seconds. Maximum Missed Responses allowed This is the number of echo-requests that can be allowed to go without a response before the NSE determines that the PPP link is down.

  • Page 331: L2Tp Tunneling

    ATEWAY L2TP Tunneling Define RADIUS Service Profiles Please note: RADIUS service profiles are used to direct username access requests for both plain RADIUS users and users who supply realm/domain in their username. Certain RADIUS servers can only be set to interpret tunnel profiles in either prefix or suffix-mode so a minimum of two RADIUS servers are required if both prefix and suffix-based usernames are to be handled.
  • Page 332 ATEWAY Appendix B: Addendum...

  • Page 333: Define Tunnel Profiles

    ATEWAY Define Tunnel Profiles Tunnel profiles can be defined when L2TP tunnel parameters are known and it is not necessary to send an access request to a RADIUS server to obtain those parameters or for accounting purposes. Create a tunnel profile for each L2TP tunnel whose parameters are known. The tunnel parameters that the profile contains are the IP address of the LNS and the tunnel password.

  • Page 334: Define Realm Routing Policies

    ATEWAY Define Realm Routing Policies Realm routing policies are used to determine how supplied username/password input is used to authenticate users. Create a realm routing policy for each realm that will be handled. The realm routing policy will reference either a RADIUS service profile or a tunnel profile.
  • Page 335 ATEWAY See next figure for a realm routing policy that handles suffix-based usernames using a tunnel profile. The differences in this example are the realm name is “tcisp.com”, “Suffix match only” is enabled (the delimiter in this case is “@”), and a tunnel profile, “LNS-One”, is selected instead of a RADIUS service profile.
  • Page 336 ATEWAY As before, the username passed to the tunnel server will have realm information stripped since the checkbox for “Strip off routing information when sending to tunnel server” is checked. This checkbox may be unchecked if it is necessary for usernames to contain realm information for user authentication.

  • Page 337: Configure Radius Client

    ATEWAY Configure RADIUS Client The HSG RADIUS client must be setup for realm-based routing mode since realm information will be used by the HSG’s L2TP tunnel feature to determine how to handle usernames that contain realm information. See next figure for an example of setting the routing mode to handle realm-based usernames.

  • Page 338: Local Syslog And Syslog Filters

    ATEWAY Local Syslog and Syslog Filters These settings can be accessed under the Configuration/Logging menu. Appendix B: Addendum...
  • Page 339 ATEWAY Log Filter Setting: The syslogs can be filtered at 7 levels as shown above. Setting the level to a number disables any syslogs above that filter setting. For e.g. setting the filter to 2:Critical only generates 0:Emergency, 1:Alert and 2:Critical level syslogs. All other syslogs are not generated.
  • Page 340 ATEWAY PageFaults are stored in the file named “lograw.txt” in the /flash directory and is not viewable on the web management interface. Appendix B: Addendum...

  • Page 341: Glossary Of Terms

    10/100 Ethernet See Ethernet. (Authentication, Authorization, and Accounting) A combination of commands used by Nomadix Gateways to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. When a subscriber logs into the system, their unique MAC address is placed into an authorization table. The system then authenticates the subscriber’s MAC address and billing information before allowing them to...
  • Page 342 (ACKnowledgment) If all the transmitted data is present and correct, the receiving device sends an ACK signal, which acts as a request for the next data packet. Adaptive Configuration Technology A Nomadix, Inc. patented technology that enables Dynamic Address Translation. See also, DAT. ad-hoc mode 802.11x networking framework in which devices or stations communicate directly with each other, without the use of an Access Point (AP).
  • Page 343 (permanent) IP addresses, or subscribers that do not have DHCP functionality on their computers. DAT is a Nomadix, Inc. patented technology that allows all users to obtain network access, regardless of their computer’s network settings. See also, DHCP.
  • Page 344 ATEWAY more bits in the pattern are damaged during transmission, the original data can be recovered due to the redundancy of the transmission. DTIM (Delivery Traffic Indication Message) A message included in data packets that can increase wireless efficiency. Dynamic IP Address A temporary IP address that is assigned by the DHCP server to a device.
  • Page 345 ATEWAY FHSS (Frequency Hopping Spread Spectrum) One of two types of spread spectrum radio—the other being Direct-Sequence Spread Spectrum (DSSS). FHSS is a transmission technology used in WLAN transmissions where the data signal is modulated with a narrowband carrier signal that "hops" in a random but predictable sequence from frequency to frequency as a function of time over a wide band of frequencies.
  • Page 346 ATEWAY (Home Page Redirection) Nomadix Gateways enable solution providers to redirect subscribers to a “portal” home page of their choice. This allows the solution provider to generate online advertising revenues and Home Page. increase business exposure. See also, HTML (HyperText Markup Language) The programming language used to create hypertext documents for use on the Internet.
  • Page 347 Whenever a subscriber logs on, your Nomadix Gateway automatically translates their computer’s network settings to provide them with seamless access to the broadband network. Subscribers no longer...
  • Page 348 SNMP agent with a properly defined MIB. See also, SNMP. Misconfigured User A Nomadix, Inc. term used to describe users who have IP address configurations that are different from the current network. For example, if the current network is 123.45.67.89 but the user’s IP address is 10.10.10.15, then this user is considered to be “misconfigured.”...
  • Page 349 ATEWAY OSPF (Open Shortest Path First) This routing protocol was developed for IP networks based on the shortest path first or link-state algorithm. Routers use link-state algorithms to send routing information to all nodes on a network by calculating the shortest path to each node based on a topography of the Internet constructed by each node.
  • Page 350 ATEWAY PPTP (Point-to-Point Tunneling Protocol) Developed jointly by Microsoft Corporation, U.S. Robotics, and several remote access vendor companies, known collectively as the PPTP Forum, PPTP is a new technology used for creating Virtual Private Networks (VPNs). Because the Internet is essentially an open network, PPTP is used to ensure that messages transmitted from one VPN node to another are secure.
  • Page 351 Normally, a solution provider is offering a solution that isn’t readily available on the open market. For example, NOMADIX™ is a solution provider to its customers (broadband network service providers), and those customers are solution providers to their end users (network subscribers).
  • Page 352 ATEWAY Static IP Address An IP address that is assigned to a computing device permanently (or until the user changes it manually), unlike a dynamic IP address which is assigned to a device temporarily by the DHCP server. See also, DHCP, IP Address Dynamic IP...
  • Page 353 ATEWAY Throughput The net data transfer rate between an information source and its destination, using the maximum packet size without loss. Throughput is expressed as Megabits per second (Mbps), defined by RFC1242, Section 3.17. See also, Forwarding Rate, Mbps, Packet, Packet Switching Network, pps, and RFC.
  • Page 354 ATEWAY (Transport Layer Security) A protocol that guarantees privacy and data integrity between client/server applications communicating over the Internet. The TLS protocol is made up of two layers: TLS Record Protocol Layered on top of a reliable transport protocol, such as TCP, it ensures that the connection is private by using symmetric data encryption and ensures that the connection is reliable.
  • Page 355 (Wireless Local Area Network) Also referred to as LAWN. A type of local-area network that uses high- frequency radio waves rather than wires to communicate between nodes. See also, Node. (Web Management Interface) The browser-based system administrators interface for all Nomadix Gateways.
  • Page 356 Enabling the XML interface allows your Nomadix Gateway to accept and process XML commands from an external source. XML commands are appended to a URL in the form of an encoded query string. Nomadix Gateways parse the query string, executes the commands specified by the string, and return data to the system that initiated the command request.

  • Page 357: Index

    6, 9, connections access levels choosing accounting types of archiving connectivity ARP tables contacting NOMADIX adding entries Credit Card Module deleting entries authentication 6, authorization 60, and billing DAT 5, auto configuration DAT sessions data...
  • Page 358 ATEWAY Internal Web Server Internal Web server factory settings international language support 14, 195, importing Introduction fail over options manual organization firmware welcome updating IP connections foreign language support 14, 195, IP statistics IP upsell IPSec glossary of terms IKE channel security Goodbye page tunnel peers tunnel security policies...
  • Page 359 ATEWAY logout console deleting by port exporting finding by description finding by location MAC filtering 15, finding by port Management Information Base importing installing mapping management interfaces updating port locations port mapping 16, 113, Meeting Room Scheduler 23, in-room port mapping menu organization portal page redirect menus...
  • Page 360 SMTP redirection current connections SNMP communities summary report SNMP manager support SNMP parameters administration SNMP support technical SNMPv2c Nomadix MIB user sockets Syslog History Log Filter setting up Save file start up configuration SYSLOG report static port mapping 16,...
  • Page 361 ATEWAY error messages hints and tips UDP statistics UI buttons UI labels unpacking the HSG updating firmware URL filtering VPN tunneling warnings Web Management Interface menu organization workflow XML API XML interface Index...
  • Page 362 ATEWAY This page intentionally left blank. Index...

Table of Contents