Page 2 HotSpot Gateway Copyright © 2003 Nomadix, Inc. All Rights Reserved. This product also includes software developed by: The University of California, Berkeley and its contributors; Carnegie Mellon University, Copyright © 1998 by Carnegie Mellon University All Rights Reserved; Go Ahead Software, Inc., Copyright © 1999 Go Ahead Software, Inc.
Page 3: Product Information
Trademarks symbol, , HotSpot Gateway™, HSG™ and Nomadix Service Engine™ are trademarks of Nomadix, Inc. All other trademarks and brand names are marks of their respective holders. Product Information Telephone: +1.818.597.1500 Fax: +1.818.597.1502 For technical support information, see the Appendix in this User’s Guide.
Page 4 Nomadix, Inc. makes no warranty, either express or implied, including but not limited to any implied warranties of merchantability and fitness for a particular purpose, regarding the product described herein. In no event shall Nomadix, Inc. be liable to anyone for special, collateral, incidental, or consequential damages in connection with or arising from the use of Nomadix, Inc.
Page 5: Table Of Contents
Table of Contents Introduction ......................9 About this User’s Guide ..................... 9 Organization........................ 9 Welcome to the Nomadix HotSpot Gateway............10 Product Configuration and Licensing ............... 10 Key Features and Benefits ..................11 Platform Reliability ................... 11 Local Content and Services ................11 Transparent Connectivity ..................
Page 6 Secure XML API ....................25 Session Rate Limiting (SRL) ................25 Session Termination Redirect ................25 Smart Client Support ..................25 SNMP Nomadix Private MIB................26 Tri-Mode Authentication ................... 26 URL Filtering ....................26 Walled Garden....................27 Web Management Interface................27 Optional NSE Modules .....................
Page 7 Setting the DHCP Options................. 52 Setting the DNS Options ..................54 Archiving Your Configuration Settings..............55 Installing the Nomadix Private MIB................. 56 Chapter 2: System Administration ..............57 Choosing a Remote Connection ................57 Using the Web Management Interface (WMI)........... 58 Using an SNMP Manager..................
Page 8 ™ ATEWAY Setting the System Date and Time {Time} ............115 Setting Up URL Filtering {URL Filtering}............116 Enabling Secure Management {VPN Tunnel} ..........117 Network Info Menu ....................120 Displaying ARP Table Entries {ARP} ............. 120 Displaying DAT Sessions {DAT}..............120 Displaying the Host Table {Hosts}..............
Page 9 ™ ATEWAY Duration-based Billing Plans..............150 Setting Up a “Normal” Billing Plan ............154 Setting Up an X over Y Billing Plan ............155 Setting Up the Information and Control Console {ICC Setup} ....... 157 Assigning Buttons ..................160 Assigning Banners..................161 Pixel Sizes ....................
Page 10 Authentication-Request..................232 Authentication-Reply (Accept)................. 232 Accounting-Request ..................233 Selected Detailed Descriptions................ 234 Nomadix Vendor Specific Attributes..............235 Setting Up the SSL Feature ..................236 Prerequisites ....................236 Obtain a Private Key File (cakey.pem) ............237 Installing Cygwin and OpenSSL on a PC............237 Private Key Generation ...................
Page 11 ™ ATEWAY Chapter 5: Troubleshooting................253 General Hints and Tips ................... 253 Management Interface Error Messages ..............254 Common Problems ....................256 Appendix: Technical Support................. 259 Contact Information ....................259 Glossary of Terms ....................261 Index ........................277 Table of Contents...
Page 12 ™ ATEWAY This page intentionally blank viii Table of Contents...
Page 13: Introduction
Interface. This chapter provides an overview and sample scenario for the HSG’s subscriber interface. It also includes an outline of the authorization and billing processes utilized by the system, and the Nomadix Information and Control Console. Chapter 4 – Quick Reference Guide.
Page 14: Welcome To The Nomadix Hotspot Gateway
Nomadix HotSpot Gateway (HSG) Product Configuration and Licensing All Nomadix Access Gateway products, including the HSG, are powered by our patented and patent-pending suite of embedded software, called the Nomadix Service Engine™ (NSE). The HSG employs our NSE core software package with the option to purchase additional modules to expand the product’s functionality.
Page 15: Key Features And Benefits
™ ATEWAY Key Features and Benefits The HSG addresses the specific needs of the Public-access HotSpot, making it an excellent choice for mid-sized venue deployments. The HSG supports up to 50 simultaneous users, with the option to purchase two additional 50 count upgrades of 50 users per upgrade for a maximum of 150 simultaneous users.
Page 16: Transparent Connectivity
™ ATEWAY Transparent Connectivity Resolving configuration conflicts is difficult and time consuming for network users who are constantly on the move, and costly to the solution provider. In fact, most users are reluctant to make changes to their computer’s network settings and won’t even bother.
Page 17: Access Control And Authentication
VPN passthrough to be tested against diverse VPN termination servers from companies such as Cisco, Checkpoint, Nortel and Microsoft. Nomadix’ iNAT feature allows multiple tunnels to be established to the same VPN server, creating a seamless connection for all users at the Public-access location.
Page 18: Nse Core Functionality
™ ATEWAY NSE Core Functionality Powering Nomadix’ family of Access Gateways, the Nomadix Service Engine (NSE) delivers a full range of features needed to successfully deploy Wi-Fi Public-access networks. These “core” features solve issues of connectivity, security, billing, and roaming in a Wi-Fi Public-access network.
Page 19: Access Control
With the Nomadix Information and Control Console (ICC) feature enabled, subscribers can increase or decrease their own bandwidth dynamically (by the minute, or on an hourly, daily, weekly, or monthly basis), and also adjust the pricing plan for their service (see graphic).
Page 20: Bridge Mode
The Command Line Interface (CLI) is a character-based user interface that can be accessed remotely or via a direct cable connection. Until your Nomadix product is up and running on the network, the CLI is the Network Administrator’s window to the system.
Page 21: End User Licensee Count
Take advantage of the comprehensive Nomadix XML API to implement more complex billing plans. Recycle existing Web page content for the centrally hosted portal page. If you choose to use the EWS interface, Nomadix Technical Support can provide you with sample scripts. See also, “Contact Information” on page 259.
Page 22: Inat
™ ATEWAY iNAT™ Nomadix invented a new way of intelligently supporting multiple VPN connections to the same termination at the same time (iNAT™), thus solving a key problem of many Public-access networks. Nomadix’ patent-pending iNAT™ (intelligent Network Address Translation) feature contains an advanced, real-time translation engine that analyzes all data packets being communicated between the private address realm and the public address realm.
Page 23: Information And Control Console
ATEWAY Information and Control Console The Nomadix Information and Control Console (ICC) is a HTML-based pop-up window that is presented to subscribers with their Web browser. The ICC allows subscribers to select their bandwidth and billing options quickly and efficiently from a simple pull-down menu.
Page 24: International Language Support
™ ATEWAY International Language Support The NSE allows you to define the text displayed to your users by the IWS without any HTML or ASP knowledge. The language you select determines the language encoding that the IWS instructs the browser to use. See also, “Internal Web Server”...
Page 25: Mac Filtering
™ ATEWAY MAC Filtering MAC Filtering enhances Nomadix' access control technology by allowing system administrators to block malicious users based on their MAC address. Up to 50 MAC addresses can be blocked at any one time. See also, “Session Rate Limiting (SRL)” on...
Page 26: Port Mapping
Optionally, the RADIUS authentication process and FTP download can be secured by sending the traffic through a peer-to-peer IPSec tunnel established by the Nomadix gateway and terminated at the NOC (Network Operations Center). See also, “Secure...
Page 27: Radius Proxy
™ ATEWAY RADIUS Proxy The RADIUS Proxy feature relays authentication and accounting packets between the parties performing the authentication process. Different realms can be set up to directly channel RADIUS messages to the various RADIUS servers. This functionality can be effectively deployed to: Support a wholesale WISP model directly from the edge without the need for any centralized AAA proxy infrastructure.
Page 28: Secure Socket Layer (Ssl)
Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on the subscriber side of the Nomadix gateway. See also, “Enabling Secure Management {VPN Tunnel}”...
Page 29: Secure Xml Api
XML enables solution providers to customize and enhance their product installations. This feature allows the operator to use Nomadix' popular XML API using the built-in SSL certificate functionality in the NSE so that parameters passed between the Gateway and the centralized Web server are secured via SSL.
Page 30: Snmp Nomadix Private Mib
™ ATEWAY SNMP Nomadix Private MIB Nomadix’ Access Gateways can be easily managed over the Internet with an SNMP client manager (for example, HP OpenView or Castle Rock). To take advantage of the functionality provided with Nomadix’ private MIB (Management Information Base), simply import the file from the nomadix.mib...
Page 31: Walled Garden
“Walled Garden” within the Internet where unauthenticated users can be granted or denied access to sites of your choosing. Web Management Interface Nomadix’ Access Gateways can be managed remotely via the built-in Web Management Interface where various levels of administration can be established. See also, “Using the Web Management Interface (WMI)”...
Page 32: Optional Nse Modules
The NSE outputs a call accounting record to the PMS system whenever a subscriber purchases Internet service and decides to post the charges to their room. Nomadix’ Access Gateways are equipped with a dedicated PMS port to facilitate connectivity with a customer’s Property Management System.
Page 33: Credit Card Module
The optional High Availability Module offers enhanced network uptime and service availability when delivering high-quality Wi-Fi service by providing Fail-Over functionality. This module allows a secondary Nomadix Access Gateway to be placed in the network that can take over if the primary device fails, ensuring Wi-Fi service remains uninterrupted.
Page 34: Optional Standalone Applications
Hotel desk clerks can now effectively schedule meetings and collect payments directly. Centralized Management System (CMS) The Centralized Management System (CMS) application allows system administrators to upgrade the firmware for all Nomadix Access Gateways on their customer’s network from a centralized user interface. Introduction...
Page 35: Network Architecture (Sample)
™ ATEWAY Network Architecture (Sample) Introduction...
Page 36: Product Specifications
™ ATEWAY Product Specifications Specifications ERFORMANCE User Support: 50 users concurrently, with option to expand (up to 150 users) Throughput: 75Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL Dimensions: 1U, free standing 8.66 (W) x 10.00 (D) x 1.75 (H) inches 220 (W) x 254 (D) x 44 (H) mm Weight: 4.05 pounds (1.84 Kg)
Page 37 ™ ATEWAY Specifications LED I NDICATORS ACT/LINK and 10/100 for each Ethernet port Power ETWORK ANAGEMENT Multi-Level Administration Controls Access Control Lists Web Administration UI SNMP XML API CLI via Telnet and Serial Port Introduction...
Page 38: Online Help (Webhelp)
™ ATEWAY Online Help (WebHelp) The HSG incorporates an online Help system called “WebHelp” which is accessible through the Web Management Interface (when a remote Internet connection is established following a successful installation). WebHelp can be viewed on any platform (for example, Windows, Macintosh, or UNIX-based platforms) using either Internet Explorer or Netscape Navigator (see note).
Page 39: Chapter 1: Installing The Hsg
Connecting the HSG to the customer’s network. Establishing the basic configuration for subscribers. Archiving your configuration settings. Installing the Nomadix Private MIB. Once you have installed your HSG and established the configuration settings, you should write the settings to an archive file. If you ever experience problems with the system, your archived settings can be restored at any time.
Page 40: Unpacking The Hsg
DB9 female-to-female serial connector/cable (6 ft. length), for establishing a direct serial connection with the HSG. “Accessories” CD-ROM (containing this User’s Guide, README file, NOMADIX Enterprise MIB file, and any other useful accessories. Quick Start Guide End User License Agreement (EULA)
Page 41: Installation Workflow
When prompted, accept to the Nomadix End User License Agreement (EULA). You must accept the EULA before the HSG can connect with the Nomadix License Key Server. When the key is successfully received from the server, your HSG will reboot. You can now power down and connect the HSG to the customer’s network.
Page 42: Powering Up The System
™ ATEWAY Powering Up the System Use this procedure to establish a direct cable connection between the HSG and your laptop computer, and to power up the system. Place the HSG on a flat and stable work surface. Connect the power cord. Connect the DB9 female-to-female serial cable (6 ft.
Page 43: Logging In To The Command Line Interface
HSG’s management interface successfully. If this is an initial installation which requires the HSG to receive a license key from the Nomadix License Key Server, you must accept the Nomadix End User License Agreement (EULA).
Page 44: The Management Interfaces (Cli And Web)
™ ATEWAY The Management Interfaces (CLI and Web) The HSG supports various methods for managing the system remotely. These include, an embedded graphical Web Management Interface (WMI), an SNMP client, or Telnet. However, until the unit is installed and running, system management is performed from the HSG’s embedded CLI via a direct serial cable connection.
Page 45: Menu Organization (Web Management Interface)
™ ATEWAY Menu Organization (Web Management Interface) When you have successfully installed and configured the HSG from the CLI, you can then access the HSG from its embedded Web Management Interface (WMI). The WMI is easier to use (point and click) and includes some items not found in the CLI. You can use either interface, depending on your preference.
Page 46: Inputting Data - Maximum Character Lengths
™ ATEWAY Inputting Data – Maximum Character Lengths The following table details the maximum allowable character lengths when inputting data: Data Field Max. Characters All Messages (billing options) All Messages (subscriber error messages) All Messages (subscriber login UI) All Messages (subscriber “other” messages) Description of Service (billing options Plan) Home Page URL Host Name and Domain Name (DNS settings)
Page 47: Online Documentation And Help
Help system Other online documentation resources, available from our corporate Web site (www.nomadix.com), include a full PDF version of this User’s Guide (viewable with Acrobat™ Reader, version 4.0 or higher), white papers, technical notes, and business cases. The PDF version of this User’s Guide and associated README files are also available on the “Accessories”...
Page 48: Establishing The Start Up Configuration
™ ATEWAY Establishing the Start Up Configuration The CLI allows you to administer the HSG’s start-up configuration settings. When establishing the start-up configuration for a new installation, you are connected to the HSG via a direct serial connection (you do not have remote access capability because the HSG is not yet configured or connected to a network).
Page 49: Assigning Login User Names And Passwords
™ ATEWAY Assigning Login User Names and Passwords When you initially powered up the HSG and logged in to the Management Interface, the default login user name and password you used was “admin.” The HSG allows you to define 2 concurrent access levels to differentiate between managers and operators, where managers are permitted read/write access and operators are restricted to read access only.
Page 50: Setting The Snmp Parameters (Optional)
(yes) to reboot your HSG. AMPLE CREEN ESPONSE Configuration>sn Enable the SNMP Daemon? [Yes]: Enter new system contact: newname@domainname.com [Nomadix, Westlake Village, CA] Enter new system location: Office, Westlake Village, CA Enter read/get community [public Enter write/set community [private Enter IP of trap recipient [0.0.0.0...
Page 51: Enabling The Logging Options (Recommended)
™ ATEWAY Enabling the Logging Options (recommended) System logging creates log files and error messages generated at the system level. AAA logging creates activity log files for the AAA (Authentication, Authorization, and Accounting) functions. You can enable either of these options. Although the AAA and billing logs can go to the same server, we recommend that they have their own unique server ID number assigned (between 0 and 7).
Page 52: Assigning The Location Information And Ip Addresses
IP address (the default is 10.0.0.11). The IP addresses from subscribers that are on a subnet different from the HSG (for example, misconfigured) are translated by Nomadix’ Dynamic Address Translation (DAT) patented technology to the Subscriber IP Address Enter a valid subscriber interface IP address.
Page 53 ™ ATEWAY Enter a valid subnet mask. After assigning the subnet mask, the system displays the current default gateway IP address (the factory default is 10.0.0.1). This is the IP address of the router that the HSG uses to transmit data to the Internet. Enter a valid default gateway IP address.
Page 54: Logging Out And Powering Down The System
™ ATEWAY Your new settings are displayed and the HSG reboots. When the system restarts, the Telnet interface is enabled (based on your new configuration settings which are saved to the HSG’s on-board flash memory). The start up configuration is now complete; however, before connecting the HSG to the customer’s network, you must power down the system.
Page 55: Connecting The Hsg To The Customer's Network
™ ATEWAY Connecting the HSG to the Customer’s Network Use this procedure to connect the HSG to the customer’s network (after the start up configuration parameters have been established). Choose an appropriate physical location that allows a minimum clearance of 4cm either side of the unit (for adequate airflow).
Page 56: Establishing The Basic Configuration For Subscribers
™ ATEWAY Establishing the Basic Configuration for Subscribers When you have successfully established the start up configuration and installed the unit onto the customer’s network, connect to the HSG via Telnet. You must now set up the basic configuration parameters for subscribers, including: Setting the DHCP Options –...
Page 57 ™ ATEWAY When assigning a DHCP Relay Agent IP address for the DHCP Relay, ensure that the IP address you use does not conflict with devices on the network side of the HSG. Although you cannot enable the DHCP relay and the DHCP service at the same time, it is possible to “disable”...
Page 58: Setting The Dns Options
Enter (dns) at the Configuration menu. The system displays the current domain (the default is “nomadix”). Enter a valid domain name (the Internet domain that DNS requests will utilize). Enter the host name (the DNS name of the HSG). The host name must not contain any spaces.
Page 59: Archiving Your Configuration Settings
™ ATEWAY You must now reboot the system for your settings to take effect. Enter (yes) to reboot the HSG. AMPLE CREEN ESPONSE Configuration>dn Enter domain [domainname ]: newdomainname Enter host name <no spaces> [dnshostname ]: newhostname Enter primary DNS [0.0.0.2 ]: 20.21.22.23 Enter secondary DNS...
Page 60: Installing The Nomadix Private Mib
Installing the Nomadix Private MIB The Nomadix Private MIB is supplied on the “Accessories” CD-ROM, delivered with your HSG. After importing the nomadix.mib file from the CD-ROM you will be able to view and manage SNMP objects on your HSG.
Page 61: Chapter 2: System Administration
™ ATEWAY System Administration This chapter provides all the instructions and procedures necessary for system administrators to manage the HSG on the customer’s network (after a successful installation). The system administration procedures in this chapter are organized as they are listed under their respective Web Management Interface (WMI) menus (Configuration, Network Info, Port-Location, Subscriber Administration, Subscriber Interface, and System).
Page 62: Using The Web Management Interface (Wmi)
™ ATEWAY Using the Web Management Interface (WMI) The Web Management Interface (WMI) is a “graphical” version of the Command Line Interface, comprised of HTML files. The HTML files are embedded in the HSG and are dynamically linked to the system’s functional command sets. You can access the WMI from any Web browser.
Page 63: Using A Telnet Client
About Your Product License Some features included in this chapter will not be available to you unless you have purchased the appropriate product license from Nomadix. In this case, the following statement will appear either immediately below the section heading or when the feature is mentioned in the body text: Your product license may not support this feature.
Page 64: Configuration Menu
™ ATEWAY Configuration Menu Defining the AAA Services {AAA} This procedure shows you how to set up the AAA (Authentication, Authorization, and Accounting) service options. AAA Services are used by the HSG to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. The HSG currently supports several AAA models which are discussed in “Subscriber Management”...
Page 65 ™ ATEWAY ... AAA screen image continued: Enable or disable AAA Services If you enable AAA Services, go to Step 3, otherwise this feature is disabled and you can exit the procedure. Enable or disable the , as required. XML Interface XML (eXtensible Markup Language) is used by the HSG’s subscriber management module for port location and user administration.
Page 66 ™ ATEWAY Enable or disable , as required. If this feature is enabled, Print Billing Command you must enable the XML interface and enter the IP address for the XML interface (Step 3 and Step 4). Enable or disable the feature, as required.
Page 67: Enabling Aaa Services With The Internal Web Server
™ ATEWAY Enabling AAA Services with the Internal Web Server You are here because you want to enable the AAA Services with the HSG’s Internal Web Server. The HSG maintains an internal database of authorized subscribers, based on their MAC (hardware address) and user name (if enabled). By referring to its database record, also known as an authorization table, the HSG instantly recognizes new subscribers on the network.
Page 68 Adding SSL support to the HSG requires service providers to obtain digital certificates from VeriSign™ to create HTTPS pages. Instructions for obtaining certificates are provided by Nomadix. To enable SSL Support, your HSG’s flash must include the server.pem, cakey.pem, and cacert.pem certificate files (the “cacert.pem” file is provided with your HSG).
Page 69 The HSG is configured to use either Authorize.net or Chainfusion (selected from a pull-down menu). You will need to open a merchant account with Authorize.net, Chainfusion or Datacenter (Luxembourg) before this feature can be used. Please contact Nomadix Technical Support for assistance. Refer to “Contact Information” on page 259.
Page 70: Enabling Aaa Services With An External Web Server
™ ATEWAY Enable or disable , as required (if enabled, your license key Smart Client Support must support this feature). You can assign a session idle timeout parameter for subscribers (see following note). To assign an idle timeout, simply enter a numeric value (in seconds) in the box (the default is 1200).
Page 71: Establishing Secure Administration {Access Control
™ ATEWAY Establishing Secure Administration {Access Control} The HSG allows you to block administrator access to interfaces (Telnet, WMI and FTP) and incorporates a master access control list that checks the source (IP address) of administrator logins. A login is permitted only to the interfaces that have not been blocked, and only if a match is made with the master “Source IP”...
Page 72 Access Control feature, or change the range of allowed IP addresses to access the management interfaces. If you have changed the serial port to act as a PMS interface, please contact Nomadix technical support. In this case, refer to “Contact Information” on page 259.
Page 73: Defining Automatic Configuration Settings {Auto Configuration
™ ATEWAY Defining Automatic Configuration Settings {Auto Configuration} The HSG allows you to define parameters to enable the automatic configuration of the system. See also, “RADIUS-driven Auto Configuration” on page From the Web Management Interface, click on , then Configuration Auto Configuration.
Page 74: Enabling Auto Configuration
Nomadix devices: A flow of RADIUS Authentication Request and Reply messages between the Nomadix gateway and the centralized RADIUS server that specifies the location of the meta configuration file (containing a listing of the individual configuration files and their download frequency status) are downloaded from an FTP server into the flash of the Nomadix device.
Page 75 The following diagram shows a sample RADIUS configuration file, meta file and illustration of the FTP server setup. The Nomadix device will automatically initiate one reboot to enable the new settings. Configuration updates for network maintenance can be accomplished by simply enabling the Auto-Configuration option and rebooting the device (for example, using SNMP).
Page 76: Setting Up Bandwidth Management {Bandwidth Management
™ ATEWAY Setting Up Bandwidth Management {Bandwidth Management} The HSG allows system administrators to manage the bandwidth for subscribers, defined in Kbps (Kilobits per seconds) for both upstream and downstream data transmissions. With the ICC feature enabled, subscribers can increase or decrease their own bandwidth dynamically (by the minute, or on an hourly, daily, weekly, or monthly basis), and also adjust the pricing plan for their service.
Page 77: Establishing Billing Records "Mirroring" {Bill Record Mirroring
™ ATEWAY Establishing Billing Records “Mirroring” {Bill Record Mirroring} The Bill Record Mirroring feature contained in the Credit Card and Hospitality optional modules is optional. Your product license may not support this feature. The HSG can send copies of credit card transaction and PMS billing records to external servers that have been previously defined by system administrators.
Page 78 ™ ATEWAY If you want to enable the billing records “mirroring” functionality for credit card transactions (and you have purchased the appropriate product license), click on the check box for Enable CC/PMS Mirroring. Enter the property identification code in the field.
Page 79: Enabling Centralized Management (Centralized Management)
The Centralized Management screen appears: If you want to enable the Centralized Management functionality (and you have purchased and installed the Nomadix CMS application), click on the check box Centralized Management. Enter the IP address of the machine where you installed the CMS application in field.
Page 80: Managing The Dhcp Service Options {Dhcp
™ ATEWAY Managing the DHCP Service Options {DHCP} When a device connects to the network, the DHCP server assigns it a “dynamic” IP address for the duration of the session. Most users have DHCP capability on their computer. To enable this service on the HSG, you can either enable the DHCP relay (routed to an external DHCP server IP address), or you can enable the HSG to act as its own DHCP server.
Page 81 ™ ATEWAY Nomadix’ patented Dynamic Address Translation (DAT) functionality is automatically configured to facilitate “plug-and-play” access to subscribers who are misconfigured with static (permanent) IP addresses, or subscribers that do not have DHCP capability on their computers. DAT allows all users to obtain network access, regardless of their computer’s network settings.
Page 82 ™ ATEWAY System administrators can set two different DHCP pools for the same physical LAN. When DHCP subscribers select a service plan with a public pool address, the HSG associates their MAC address with their public IP address for the duration of the service level agreement.
Page 83 ™ ATEWAY Enter the starting and ending IP addresses for the DHCP address pool you want to use: DHCP Pool Start IP DHCP Pool Stop IP Enter the DHCP Lease Minutes Select , as required. Public Pool Private Pool A “public” IP address will not be translated by DAT. If required, make this an and/or the by checking the...
Page 84: Managing The Dns Options {Dns
™ ATEWAY Managing the DNS Options {DNS} DNS allows subscribers to enter meaningful URLs into their browsers (instead of complicated numeric IP addresses) by automatically converting the URLs into the correct IP addresses. You can assign a primary, secondary, or tertiary (third) DNS server.
Page 85 ™ ATEWAY Enter the IP addresses for the DNS servers (located at the customer’s network operating center where DNS requests are sent). Servers include: Primary DNS Server Secondary DNS Server Tertiary DNS Sever The secondary and tertiary DNS servers are only utilized if the primary DNS server is unavailable.
Page 86: Setting The Home Page Redirection Options {Home Page Redirect
™ ATEWAY Setting the Home Page Redirection Options {Home Page Redirect} This procedure shows you how to redirect the subscriber’s browser to a specified home page. Subscribers may also be redirected to a page specified by the solution provider, without any interaction with the credit card authentication process. You must configure DNS if you want to enter meaningful URLs instead of numeric IP addresses into any of the HSG’s configuration screens.
Page 87: Enabling Intelligent Address Translation (Inat)
Our patent-pending iNAT™ feature contains an advanced, real-time translation engine that analyzes all data packets being communicated between the private and public address domains. The Nomadix iNAT engine performs a defined mode of network address translation based on packet type and protocol (for example, GRE, IKE etc…).
Page 88: Establishing Your Location {Location
™ ATEWAY Establishing Your Location {Location} This command sets up your location and the corresponding IP addresses for the network interface, subscriber interface, subnet, and default gateway. You *must* provide your full location information. From the Web Management Interface, click on , then Configuration Location.
Page 89 Subscriber IP Address The IP addresses from subscribers that are on a subnet different from the HSG (for example, misconfigured) are translated by Nomadix’ Dynamic Address Translation (DAT) patented technology to the Subscriber IP Address The subscriber interface acts as a multifunctional “translator.” For example, if a subscriber’s computer is setup statically for a network with...
Page 90: Managing The System And Billing Log Options {Logging
™ ATEWAY When finished, you must reboot the system for the new settings to take effect. Click on the check box for to reboot the Reboot after changes are saved? system after saving your changes. Click on the button to save your changes and reboot the system, or click Submit on the button if you want to reset all the values to their previous state.
Page 91: Enabling The Meeting Room Scheduler {Meeting Room Scheduler
Reset you want to reset all the values to their previous state. For detailed information about installing, configuring, and using the NOMADIX™ Meeting Room Scheduler application, refer to the following documentation: Meeting Room Scheduler User’s Guide (P/N 200-1007-001) Click on the...
Page 92: Assigning Passthrough Addresses (Passthrough Addresses)
IP/DNS Name you want to add or remove from the system. The system only accepts route DNS names (for example, www.nomadix.com). Do not include protocol, port, or path information. If adding this pass-through, click on the button, otherwise click on Remove to delete this pass-through from the list.
Page 93: Assigning A Pms Service {Pms
(or alternatively use low-cost wired access concentration equipment) that either do not support port-ID or do so in a proprietary format that Nomadix does not currently support—and still be able to bill directly to the room. Supported PMS interfaces include:...
Page 94 ™ ATEWAY From the Web Management Interface, click on , then Configuration PMS. The Property Management System Settings screen appears: System Administration...
Page 95 You also have the following check box options (see note): Match Last Name Only Skip First Char in Last Name (Enable this option if you want to use Nomadix OnQ Compliant Micros POS emulation to query & post to Hilton Corporation's OnQ PMS system).
Page 96 Reset state. Based on the HOBIC interface standards, Nomadix, Inc. has also certified interoperability with a number of other PMS and call accounting solutions such as Ramesys’ ImagInn, Xeta Virtual XL, and Hilton’s proprietary standard OnQ.
Page 97: Setting Up Port Locations {Port-Location
™ ATEWAY Setting Up Port Locations {Port-Location} Port-Location allows you to establish the mode of operation for devices. From the Web Management Interface, click on , then Configuration Port- Location. The Port-Location Settings screen appears: System Administration...
Page 98 ™ ATEWAY System administrators can set the properties for each room from the subscriber side of the HSG. The system automatically detects which port number the administrator is using and allows them to enter the fields for the room corresponding to the port they are using. If required, click on the check box for to enable this In Room Port Mapping...
Page 99 ™ ATEWAY If you are using an access concentration device that cannot handle VLAN IDs, select one of the available Access Concentrator Query options: The devices in the following list must be assigned an IP address on the same subnet as the HSG. You must remove “old” concentrator types before entering new ones.
Page 100: In Room Port Mapping
™ ATEWAY From the Cascading Support screen, you can return to the main Port-Location Settings screen at any time by pressing the button. Back Click on the button to save your changes, or click on the button if Submit Reset you want to reset all the values to their previous state.
Page 101 ™ ATEWAY Enter your user name and password, then click on the button. The In Room Port Mapping screen appears: Enter the room number and a description for this room. Select the access mode you want to assign to this room: Room Free Access Room For Charge Room Blocked...
Page 102: Defining The Radius Client Settings {Radius Client
“Defining the AAA Services {AAA}” on page Nomadix offers an integrated RADIUS client, allowing service providers to track or bill users based on the number of connections, location of the connection, bytes sent and received, connect time, etc. The customer database can exist in a central RADIUS server, along with associated attributes for each user.
Page 103 ™ ATEWAY From the Web Management Interface, click on , then Configuration RADIUS Client. The RADIUS Client Settings screen appears: Under the Server Selection options, choose the Routing Mode (to disable RADIUS authentication) Disabled (for Realm routing) Realm-Based (for routing to predefined RADIUS servers) Fixed Select the from the pull-down menu.
Page 104: Miscellaneous Options
™ ATEWAY Miscellaneous Options In the “Miscellaneous Options” category, Enter a value for the time (in seconds) in the field. This value determines how much “idle” Default User Idle Timeout time elapses before the subscriber’s session times out and they must login again. The HSG can reauthenticate “repeat”...
Page 105: Defining The Radius Proxy Settings {Radius Proxy
™ ATEWAY Defining the RADIUS Proxy Settings {RADIUS Proxy} A RADIUS Proxy allows the NSE to relay authentication and accounting packets between the parties performing the authentication process. Different realms can be set up to directly channel RADIUS messages to the various RADIUS servers. For additional RADIUS information, see also: “Defining the RADIUS Client Settings {RADIUS Client}”...
Page 106: Adding An Upstream Radius Nas
™ ATEWAY Click on the button to save your changes, or click on the button if Submit Reset you want to reset all the values to their previous state. Adding an Upstream RADIUS NAS If you want to add a new Upstream RADIUS NAS (for example, an 802.11 Access Point on the subscriber side of the HSG)., click on the button.
Page 107 ™ ATEWAY Click on the button to add this Upstream RADIUS NAS definition, then click on the link to return to the Back to Main RADIUS Proxy Settings page RADIUS Proxy Settings screen. The Upstream RADIUS NAS definition you just added appears in the list. You can add up to 10 definitions.
Page 108: Defining The Radius Routing Settings {Radius Routing
™ ATEWAY Defining the RADIUS Routing Settings {RADIUS Routing} Use this procedure when setting up RADIUS Service Profiles (up to 10) and Realm- based Routing Policies (up to 50). For additional RADIUS information, see also: “Defining the RADIUS Client Settings {RADIUS Client}” on page “Defining the RADIUS Proxy Settings {RADIUS Proxy}”...
Page 109: Adding A Radius Service Profile
™ ATEWAY Adding a RADIUS Service Profile To add a RADIUS Service Profile, click on the appropriate button. The Add RADIUS Service Profile screen appears: Enter a name of your choice for this service profile in the field. Unique Name Authentication This category requires input for enabling RADIUS authentication and requires you to define IP addresses, ports, and secret keys for the primary and secondary RADIUS...
Page 110 ™ ATEWAY Enter the authorization port in the field for the primary RADIUS Port authentication server. This is the port the system uses when authorizing subscribers. Enter a secret key in the field for the primary RADIUS Secret Key authentication server. During the authentication process, the server and client exchange secret keys.
Page 111: Adding A Realm Routing Policy
™ ATEWAY Enter a numeric value in the (per server) field to Retransmission Attempts define how many times the system attempts to transmit the data. Click on the button to add this RADIUS Service Profile. When you have completed the definition of your RADIUS Service Profile, you can return to the previous screen (RADIUS Routing Settings) by clicking on the link.
Page 112 ™ ATEWAY To define a specific realm, choose the option and enter the Specific Realm destination in the field. Alternatively, you can choose the Realm Name Wildcard option, then define your search options: match Prefix match only Suffix match only Match either Select the required from the pull-down menu.
Page 113 ™ ATEWAY The Realm Routing Policy you just created is added to the list. Your new RADIUS Service Profiles are added to this list Your new Realm Routing Policies are added to this list System Administration...
Page 114: Managing Smtp Redirection {Smtp
™ ATEWAY Managing SMTP Redirection {SMTP} When SMTP redirection is enabled (for misconfigured or properly configured subscribers), the HSG redirects the subscriber’s E-mail through a dedicated SMTP server, including SMTP servers which support login authentication. To the subscriber, sending and receiving E-mail is as easy as it’s always been. This function is transparent to subscribers.
Page 115: Managing The Snmp Communities {Snmp
™ ATEWAY Managing the SNMP Communities {SNMP} You can address the HSG using an SNMP client manager (for example, HP OpenView). SNMP is the standard protocol that regulates network management over the Internet. To do this, you must set up the SNMP communities and identifiers. For more information about SNMP, see “Using an SNMP Manager”...
Page 116: Enabling Dynamic Multiple Subnet Support (Subnets)
You can now use your SNMP client to manage the HSG via the Internet. Enabling Dynamic Multiple Subnet Support (Subnets) Nomadix’ dynamic multiple subnet support allows you to create flexible and cost- effective IP pool solutions to meet the demands of complex networks in large residential and public access networks.
Page 117 (Public Subnets Settings). To edit the “Current Public DHCP Subnets” table, go to “Managing the DHCP Service Options {DHCP}” on page For additional information about the multiple subnet feature, go to “Contact Information” on page 259 for Nomadix Technical Support. System Administration...
Page 118: Displaying Your Configuration Settings {Summary
™ ATEWAY Displaying Your Configuration Settings {Summary} You can display a summary listing of all your current Configuration settings. To view the summary listing, go to the Web Management Interface, click on , then click on Configuration Summary. The Summary of Configuration Settings screen appears (partial screen shown here): More listings ...
Page 119: Setting The System Date And Time {Time
™ ATEWAY Setting the System Date and Time {Time} This procedure shows you how to set the system date and time. From the Web Management Interface, click on , then Configuration Time. The Set Date and Time screen appears: If required, enter the new date and time parameters in the relevant fields: Year (####) Month (1-12) Day (1-31)
Page 120: Setting Up Url Filtering {Url Filtering
™ ATEWAY Setting Up URL Filtering {URL Filtering} The HSG can restrict access to specified Web sites based on URLs defined by the system administrator. URL filtering will block access to a list of sites and/or domains entered by the administrator using the following three methods: Host IP address (for example, 1.2.3.4) Host DNS name (for example, www.yahoo.com) DNS domain name (for example, *.yahoo.com, meaning all sites under the...
Page 121: Enabling Secure Management {Vpn Tunnel
Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on the subscriber side of the Nomadix gateway. The advantage of using IPSec is that all types of management traffic are supported,...
Page 122 ™ ATEWAY Two subsequent events drive the secure management function of the Nomadix gateway and the devices behind it: Establishing an IPSec tunnel to a centralized IPSec termination server (for example, Nortel Contivity). As part of the session establishment process, key tunnel parameters are exchanged (for example, Hash Algorithm, Security Association Lifetimes, etc.).
Page 123 ™ ATEWAY From the Web Management Interface, click on , then Configuration VPN Tunnel. The IPSEC Tunnel Settings screen appears: To enable this feature, click on the check box. Enable IPSEC If you enabled IPSec, enter the in the corresponding field. Shared Key To enable the configuration, click on the appropriate...
Page 124: Network Info Menu
™ ATEWAY Network Info Menu Displaying ARP Table Entries {ARP} You can display a table that shows the current status of the ARP (Address Resolution Protocol) assignments. ARP is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address.
Page 125: Displaying The Host Table {Hosts
™ ATEWAY Displaying the Host Table {Hosts} You can display a table which lists the hosts that are currently configured. This table includes the assigned host names, their corresponding IP addresses, and any aliases that may be assigned to each host. Hosts provide services to other computers that are linked to it by a network.
Page 126: Displaying The Network Interfaces {Interfaces
™ ATEWAY Displaying the Network Interfaces {Interfaces} You can display the network interfaces which are presented as a detailed listing of all interface communication elements and their current status. To view the Network Interfaces, go to the Web Management Interface, click on , then click on Network Info Interfaces.
Page 127: Displaying The Ip Statistics {Ip
™ ATEWAY Displaying the IP Statistics {IP} You can display the IP (Internet Protocol) statistics which are presented as a detailed listing of all IP elements and their current status. With IP transmissions, data is broken up into packets which are then sent over the network. By using IP addressing, Internet Protocol ensures that the data reaches its destination, even though different packets may “pass through”...
Page 128: Displaying The Routing Tables {Routing
™ ATEWAY Displaying the Routing Tables {Routing} You can display the current Routing Tables, including any dynamically generated routes, unreachable routes, or wildcard routes. To view the Routing Tables, go to the Web Management Interface, click on Network , then click on Info Routing.
Page 129: Displaying The Active Ip Connections {Sockets
™ ATEWAY Displaying the Active IP Connections {Sockets} You can display a table which provides a detailed listing of all currently active IP (Internet Protocol) connections. To view the Socket Table, go to the Web Management Interface, click on Network , then click on Info Sockets.
Page 130: Displaying Tcp Statistics {Tcp
™ ATEWAY Displaying TCP Statistics {TCP} You can display the TCP (Transmission Control Protocol) statistics which are presented as a detailed listing of all TCP elements and their current status. TCP is a standard protocol that manages data transmissions across networks. To view the TCP Statistics, go to the Web Management Interface, click on Network , then click on...
Page 131: Displaying Udp Statistics {Udp
™ ATEWAY Displaying UDP Statistics {UDP} You can display the UDP (User Datagram Protocol) statistics which are presented as a detailed listing of all UDP elements and their current status. UDP is an Internet standard transport layer protocol. It is a connectionless protocol which adds a level of reliability and multiplexing to the Internet Protocol (IP).
Page 132: Port-Location Menu
™ ATEWAY Port-Location Menu Adding and Updating Port-Location Assignments {Add} Port-locations can be assigned at any level (for example, a specific room in a hotel or apartment building, a floor number, wing, or building). There may even be multiple ports assigned to a single room or location. The HSG uses a port-location authorization table to manage the assigned ports and ensure accurate billing for the services used by a particular port.
Page 133: Updating A Port-Location Assignment
™ ATEWAY Enter a location identifier in the field. Locations can be assigned as an Location alpha, numeric, or alpha-numeric value unless a PMS interface is used (see notes). If you are using a PMS interface, ensure that the “Location” field consists only of numbers (no alpha characters or symbols).
Page 134: Deleting All Port-Location Assignments {Delete All
™ ATEWAY Deleting All Port-Location Assignments {Delete All} This procedure shows you how to delete all port-location assignments. The HSG displays a warning and prompts you to confirm this action before deleting all the port- locations currently assigned in the system. From the Web Management Interface, click on , then Port-Location...
Page 135: Deleting Port-Location Assignments By Port {Delete By Port
™ ATEWAY In the field, enter the location of the port-location assignment you want Location to delete. Locations are case-sensitive. Click on the button to delete the specified port-location assignment, or Delete click on the button if you want to reset the “location” value to its blank Reset state.
Page 136: Exporting Port-Location Assignments {Export
™ ATEWAY Exporting Port-Location Assignments {Export} This procedure shows you how to export your current port-location assignments to the “location.txt” file. The location.txt file is stored in: /flash/location.txt (resident in the HSG’s flash memory). Exporting your current port-location assignments to the HSG’s flash memory will overwrite the existing location.txt file.
Page 137: Finding Port-Location Assignments By Description {Find By Description
™ ATEWAY Finding Port-Location Assignments by Description {Find by Description} This procedure shows you how to find a port-location assignment, based on its description. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their location or port. From the Web Management Interface, click on , then Port-Location...
Page 138: Finding Port-Location Assignments By Location {Find By Location
™ ATEWAY Finding Port-Location Assignments by Location {Find by Location} This procedure shows you how to find a port-location assignment, based on its location. This procedure is useful if you want to review the details of a specific port- location. You can also find port-locations based on their description or port. From the Web Management Interface, click on , then Port-Location...
Page 139: Finding Port-Location Assignments By Port {Find By Port
™ ATEWAY Finding Port-Location Assignments by Port {Find by Port} This procedure shows you how to find a port-location assignment, based on its location. This procedure is useful if you want to review the details of a specific port- location. You can also find port-locations based on their description or location. From the Web Management Interface, click on , then Port-Location...
Page 140: Importing Port-Location Assignments {Import
™ ATEWAY Importing Port-Location Assignments {Import} This procedure shows you how to import port-location assignments from the “location.txt” file. The location.txt file is stored in: /flash/location.txt (resident in the HSG’s flash memory). If you have never exported port-location assignments (since installing the HSG at this site), the location.txt is empty.
Page 141: Viewing The "Location.txt" File
™ ATEWAY Viewing the “location.txt” File You can click on the “View location.txt” link if you want to view the current contents of the file. Creating a “location.txt” File You can create your own “location.txt” file and upload the file to the HSG’s flash memory at [IP address]/flash/location.txt.
Page 142: Displaying The Port-Location Mappings {List
™ ATEWAY Displaying the Port-Location Mappings {List} You can display a listing of all port-locations assigned to this system. To view the listing of port-location assignments, go to the Web Management Interface, click on , then click on Network Info List.
Page 143: Subscriber Administration Menu
™ ATEWAY Subscriber Administration Menu Adding Subscriber Profiles {Add} AAA Services must be enabled before you can add a subscriber profile into the HSG’s internal authorization database. Refer to, “Defining the AAA Services {AAA}” on page This procedure shows you how to add subscriber profiles into a table of authorized users.
Page 144 ™ ATEWAY Choose for this profile. Subscriber Device Define the DHCP Address Type: (only used when the IP Public Private Upsell feature is enabled, otherwise leave this set to “private”). Leave the field blank. 802.1Q Device Port Enter a valid for the subscriber.
Page 145: Displaying Current Subscriber Connections {Current
™ ATEWAY Displaying Current Subscriber Connections {Current} You can display a listing of all the subscribers currently connected to the system. The list includes the MAC addresses of the subscribers, their active state, the individual expiration times, port numbers (if assigned), and the number of bytes that have been passed from the subscriber to the Internet.
Page 146: Deleting Subscriber Profiles By Mac Address {Delete By Mac
™ ATEWAY Deleting Subscriber Profiles by MAC Address {Delete by MAC} This procedure shows you how to delete a subscriber profile from the HSG’s database of authorized subscribers, based on the profile’s MAC address. To see a current listing of the subscriber database, sorted by MAC addresses, go to “Listing Subscriber Profiles by MAC Address {List by MAC}”...
Page 147: Deleting Subscriber Profiles By User Name {Delete By User
™ ATEWAY Deleting Subscriber Profiles by User Name {Delete by User} This procedure shows you how to delete a subscriber profile from the HSG’s database of authorized subscribers, based on the profile’s user name. To see a current listing of the subscriber database, sorted by user name, go to “Listing Subscriber Profiles by User Name {List by User}”...
Page 148: Displaying The Currently Allocated Dhcp Leases {Dhcp Leases
™ ATEWAY Displaying the Currently Allocated DHCP Leases {DHCP Leases} You can display a listing of the DHCP (Dynamic Host Configuration Protocol) leases that are currently active on the system’s DHCP server. DHCP is a standard method for assigning IP addresses automatically to network devices. DHCP leases define the amount of time that subscribers can utilize the system’s DHCP service.
Page 149: Finding Subscriber Profiles By Mac Address {Find By Mac
™ ATEWAY Finding Subscriber Profiles by MAC Address {Find by MAC} This procedure shows you how to find a subscriber profile from the HSG’s database of authorized subscribers, based on the profile’s MAC address. Use this procedure when you want to see the statistics corresponding to the MAC address. Statistics include user name and password (if any) and the access time remaining for this subscriber.
Page 150: Finding Subscriber Profiles By User Name {Find By User
™ ATEWAY Finding Subscriber Profiles by User Name {Find by User} This procedure shows you how to find a subscriber profile from the HSG’s database of authorized subscribers, based on the profile’s user name. Use this procedure when you want to see the statistics corresponding to the user name. Statistics include the subscriber’s MAC address and the access time remaining for this subscriber.
Page 151: Listing Subscriber Profiles By Mac Address {List By Mac
™ ATEWAY Listing Subscriber Profiles by MAC Address {List by MAC} You can display the currently active database of authorized subscribers, based on MAC addresses. To view the list of Authorized Subscriber Profiles, go to the Web Management Interface, click on , then click on Subscriber Administration List by MAC.
Page 152: Listing Subscriber Profiles By User Name {List By User
™ ATEWAY Listing Subscriber Profiles by User Name {List by User} You can display the currently active database of authorized subscribers, based on user names. You can display the currently active database of authorized subscribers, based on their user names. To view the list of Authorized Subscriber Profiles, go to the Web Management Interface, click on , then click on...
Page 153: Displaying Current Profiles And Connections {Statistics
™ ATEWAY Displaying Current Profiles and Connections {Statistics} You can view the total number of profiles and connections currently stored in the HSG’s database of authorized subscribers. The displayed list includes the number of subscribers currently in the database (Current Table) and a numerical breakdown of how the subscribers can utilize the system (for example, free access, credit card, etc.).
Page 154: Subscriber Interface Menu
Plan C: 1 week, 1Mbit/s downstream, 1Mbit/s upstream, public IP address, $99 charge. In addition to credit card billing, Property Management Systems used by hotels are also supported along with the internal data base of the HSG and billing via Nomadix' secure XML API. See also, “Assigning a PMS Service {PMS}”...
Page 155 ™ ATEWAY From the Web Management Interface, click on , then Subscriber Interface Billing Options The Internal Billing Options Setup screen appears: System Administration...
Page 156 ™ ATEWAY Review the billing plans (normal plans and X over Y plans) that are currently active. To view or edit a billing plan, simply click on the button View/Edit/Delete opposite the corresponding plan. The Internal Billing Options Plan Setup or Internal Billing Options XoverY Plan Setup screen appears for the billing plan (and type) you selected (see next page for sample of X over Y plan setup screen).
Page 157 ™ ATEWAY Sample of Internal Billing Options XoverY Plan Setup Screen System Administration...
Page 158: Setting Up A "Normal" Billing Plan
™ ATEWAY Depending on the type of plan you want to set up, go to: “Setting Up a “Normal” Billing Plan” on page 154. “Setting Up an X over Y Billing Plan” on page 155. Setting Up a “Normal” Billing Plan If required, click on the check box to enable (make active) this billing Enable...
Page 159: Setting Up An X Over Y Billing Plan
™ ATEWAY Repeat Steps 2 through 11 for each billing plan. You can enable (make active) any or all of the available billing plans. Define the messages you want to present to subscribers, including: Introduction Message Offer Message Policy Message Define the (Minute, Hour, Day, Week, or Month) you want to Units of Access...
Page 160 ™ ATEWAY Define the “time unit” for the plan validity value you entered in Step 7. The time unit can be defined as either , or Week Month Define the (to network) and (to subscribers) bandwidth range for this Down billing plan.
Page 161: Setting Up The Information And Control Console {Icc Setup
ATEWAY Setting Up the Information and Control Console {ICC Setup} The Nomadix Information and Control Console (ICC) is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing plan options quickly and efficiently, and displays a dynamic “time” field to inform them of the time remaining on their account.
Page 162 ™ ATEWAY From the Web Management Interface, click on , then Subscriber Interface Setup The ICC Setup screen appears: System Administration...
Page 163 If you enabled either of the ICC pop-up options, you can choose a unique name for the console. Simply type a meaningful name in the field. Title Define the physical location where you want the Nomadix Logout Console to appear on the subscriber’s screen. Choose one of the following options: Upper Left Corner...
Page 164: Assigning Buttons
™ ATEWAY Assigning Buttons When assigning the redirect buttons that will appear in the ICC, you can define (large button) and up to 8 smaller buttons ( ISP Logo Button Button 2 through ), with the following parameters: Button 9 –...
Page 165: Assigning Banners
™ ATEWAY Assigning Banners From the Subscriber Console (Information and Control Console - ICC) Setup screen, click on the link. Configure Banners The Subscriber Console (Information and Control Console - ICC) Banners Setup screen appears: Click here to return to the previous screen You can display up to 5 banners, but they must be defined here.
Page 166 ™ ATEWAY Define the parameters for your banner(s): Name/Text Target URL (see following note) Image Name Duration (secs) Start Time (Optional) Stop Time (Optional) If you assign (or change) button images or banner images, the HSG must be rebooted for your changes to take effect. If you changed any of the Image Name definitions, click on the check box for (to reboot the HSG).
Page 167: Pixel Sizes
™ ATEWAY Pixel Sizes Use the following parameters when defining images for buttons and banners: Banners – 373 pixels (width) x 32 pixels (height) ISP Button – 98 pixels (width) x 26 pixels (height) Small buttons – 45 pixels (width) x 26 pixels (height) Banner (373 x 32 pixels) Small Buttons...
Page 168: Defining Languages {Language Support
™ ATEWAY Defining Languages {Language Support} The HSG allows you to define the text displayed to your users by the Internal Web Server (IWS) without any HTML or ASP knowledge. The language you select here will determine the language encoding that the HSG’s Internal Web Server instructs the browser to use.
Page 169 ™ ATEWAY Select the language you want to use (see notes). There are currently 6 (six) “pre-translated” language options. If you want to have the ICC pre-translated into Japanese and enter and display Japanese characters on the Web Management Interface and the subscriber’s portal page, choose the Japanese (Shift_JIS) option.
Page 170: Defining The Subscriber's Login Ui {Login Ui
™ ATEWAY Defining the Subscriber’s Login UI {Login UI} This procedure allows you to set up the presentation and content of the subscriber’s login User Interface (UI). From the Web Management Interface, click on , then Subscriber Interface Login The Subscriber Login User Interface Settings screen appears: System Administration...
Page 171 ™ ATEWAY Define the messages you want subscribers to see when they log in. Keep messages brief and to the point. Available message categories include: Service Selection Message Existing Username Message New Username Message Contact Message PMS Username Message If any of your devices do not support Java™ scripts, you have the option of disabling the HSG’s JavaScript™...
Page 172 ™ ATEWAY Take care when mixing font and background colors. You may want to experiment before establishing these settings to ensure that your chosen color scheme is both presentable and readable to subscribers (see notes). You must reboot the HSG for the “Image File Name” or “Partner Image File Name”...
Page 173: Subscriber Login Screen (Sample)
™ ATEWAY Subscriber Login Screen (Sample) The following sample shows a subscriber login screen: System Administration...
Page 174: Defining The Post Session User Interface (Post Session Ui)
™ ATEWAY Defining the Post Session User Interface (Post Session UI) The Post Session UI (Goodbye Page) can be defined either as a RADIUS VSA or be driven by the HSG’s Internal Web Server (IWS). Using the IWS option means that this functionality is available for other post-paid billing mechanisms (for example, post-paid PMS—if your product license supports PMS).
Page 175 ™ ATEWAY From the Web Management Interface, click on , then Subscriber Interface Post Session UI. The Subscriber Post Session User Interface Settings screen appears: System Administration...
Page 176 ™ ATEWAY Click on the check box to enable (or disable) the Enable IWS Goodbye Page IWS Goodbye Page, as required. If you enabled the IWS Goodbye Page, select your preferred display options by checking the corresponding boxes: Display IP Address Display Authen Type Display Start Time Display Stop Time...
Page 177 ™ ATEWAY Defining Subscriber UI Buttons {Subscriber Buttons} This procedure allows you to define how each of the control buttons are displayed to subscribers. From the Web Management Interface, click on , then Subscriber Interface Subscriber Buttons. The Subscriber Page -- Control Button Definitions screen appears: Caution Only the button should be named “Login.”...
Page 178: Defining Subscriber Ui Labels {Subscriber Labels
™ ATEWAY Defining Subscriber UI Labels {Subscriber Labels} This procedure allows you to define how the user interface (UI) field labels are displayed to subscribers. From the Web Management Interface, click on , then Subscriber Interface Subscriber Labels. The Subscriber Page -- Field Label Definitions screen appears: System Administration...
Page 179 ™ ATEWAY Enter the definitions you want for each label in the corresponding fields. Click on the button to save your changes, or click on the button if Submit Reset you want to reset all the values to their previous state. If you want to reset all field values to their default state, click on the Revert button.
Page 180: Defining Subscriber Error Messages {Subscriber Errors
™ ATEWAY Defining Subscriber Error Messages {Subscriber Errors} This procedure allows you to define how error messages are displayed to subscribers. There are 2 (two) pages of error messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber Errors, 1 of 2.
Page 181 ™ ATEWAY Enter the definitions you want for each error message in the corresponding fields. Click on the button to save your changes, or click on the button if Submit Reset you want to reset all the values to their previous state. If you want to reset all field values to their default state, click on the Revert button.
Page 182: Defining Subscriber Messages {Subscriber Messages
™ ATEWAY Defining Subscriber Messages {Subscriber Messages} This procedure allows you to define how “other” subscriber messages are displayed. There are 3 (three) pages of subscriber messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber Messages, 1 of 3. The Subscriber Page -- Other Message Definitions, 1 of 3 screen appears: System Administration...
Page 183 ™ ATEWAY Enter the definitions you want for each subscriber message in the corresponding fields. Click on the button to save your changes, or click on the button if Submit Reset you want to reset all the values to their previous state. If you want to reset all field values to their default state, click on the Revert button.
Page 184 ™ ATEWAY Repeat Steps 1 – 3 for page 3 of 3 (see following screen): System Administration...
Page 185: System Menu
™ ATEWAY System Menu Adding an ARP Table Entry {ARP Add} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting. This procedure shows you how to add an ARP table entry.
Page 186: Deleting An Arp Table Entry {Arp Delete
™ ATEWAY Deleting an ARP Table Entry {ARP Delete} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting. This procedure shows you how to delete an ARP table entry.
Page 187: Enabling The Bridge Mode Option {Bridge Mode
™ ATEWAY Enabling the Bridge Mode Option {Bridge Mode} Bridge Mode allows complete and unconditional access to devices on the subscriber side of the HSG. When the Bridge Mode option is enabled, the HSG is effectively transparent to the network in which it is located, allowing clusters of switches (especially Cisco Systems switch clusters) to be managed using the STP (Spanning Tree Protocol), or any other algorithm/protocol.
Page 188: Exporting Configuration Settings To The Archive File {Export
™ ATEWAY Exporting Configuration Settings to the Archive File {Export} This procedure shows you how to export the current system configuration settings to an archive file for future retrieval. This function is useful if you want to change the configuration settings and you are unsure of the effect that the changes will have. You can restore the archived system configuration settings at any time with the import function.
Page 189: Importing The Factory Defaults {Factory
™ ATEWAY Importing the Factory Defaults {Factory} This procedure shows you how to replace the current configuration settings with the settings that were established at the factory. If you restore the factory default configuration settings, you will no longer be able to access the HSG remotely. However, you always have the option of using the “import”...
Page 190: Defining The Fail Over Options {Fail Over
Many large scale networks require fail-over support for all devices in the Public- access network. The HSG allows two Nomadix Gateways to act as siblings, where one device will take up the users should the other device become disconnected from the network.
Page 191: Viewing The History Log {History
™ ATEWAY Viewing the History Log {History} You can view a history log of the system’s Access, Reboot, and Uptime activities. The history log contains up to 500 entries. Over 500 entries and each new log item removes the oldest entry in the list. The latest entry is always at the top of the list. To view the history log, go to the Web Management Interface and click on System then...
Page 192: Establishing Icmp Blocking Parameters {Icmp
™ ATEWAY Establishing ICMP Blocking Parameters {ICMP} The HSG includes the option to block all ICMP traffic from “pending” or “non authenticated” users that are destined to addresses other than those defined in the pass-through (walled garden) list. The default setting for this option is “disabled” since ICMP pass-through is a useful end-user troubleshooting feature and also required by certain smart clients (for example, GRIC).
Page 193: Importing Configuration Settings From The Archive File {Import
™ ATEWAY Importing Configuration Settings from the Archive File {Import} This procedure shows you how to restore the system configuration settings from an archive file (previously created with the export function). The archived configuration settings you want to restore may not contain valid IP addresses.
Page 194: Establishing Login Access Levels {Login
™ ATEWAY Establishing Login Access Levels {Login} This procedure shows you how to assign differentiated access levels for operators and managers at login. The HSG allows you to define 2 concurrent access levels to differentiate between managers and operators, where managers are permitted read/write access and operators are restricted to read access only.
Page 195 ™ ATEWAY Click on the check box for if you want to assign Administration Concurrency concurrent Manager and Operator logins. In the field, enter a login name for this manager. Manager Login Login names and passwords are case-sensitive. Use login names and passwords that are easy to remember (up to 11 characters, any character type).
Page 196: Defining The Mac Filtering Options {Mac Filtering
Defining the MAC Filtering Options {Mac Filtering} MAC Address filtering enhances Nomadix' access control technology by allowing System Administrators to block malicious users based on their MAC address. Up to 50 MAC addresses can be blocked at any one time (see caution).
Page 197: Rebooting The System {Reboot
™ ATEWAY Rebooting the System {Reboot} This procedure shows you how to reboot the HSG. The “reboot” procedure outlined on this page allows you to decide when to reboot (if you are making multiple changes to different menu functions and you want to reboot just one time after completing all your changes).
Page 198: Adding A Route {Route Add
™ ATEWAY Adding a Route {Route Add} This procedure shows you how to add a route into the HSG’s routing table. This is accomplished by establishing the route’s destination IP address, and by setting the gateway or router IP address by which the route’s destination can be reached. From the Web Management Interface, click on , then System...
Page 199: Deleting A Route {Route Delete
™ ATEWAY Deleting a Route {Route Delete} This procedure shows you how to delete a route to a specific IP destination. From the Web Management Interface, click on , then System Route Delete. The Delete Static Routes screen appears: Enter the address of the route you want to delete from the routing Destination IP table.
Page 200: Establishing Session Rate Limiting {Session Limit
™ ATEWAY Establishing Session Rate Limiting {Session Limit} Session Rate Limiting (SRL) significantly reduces the risk of “Denial of Service” attacks by allowing administrators to limit the number of DAT sessions any one user can take over a given time period and, if necessary, then block malicious users. From the Web Management Interface, click on , then System...
Page 201: Adding Static Ports {Static Port-Mapping Add
™ ATEWAY Adding Static Ports {Static Port-Mapping Add} Static Port-Mapping allows the network administrator to setup a port mapping scheme that forwards packets received on a specific port to a particular static IP (typically private and mis-configured) and port number on the subscriber side of the HSG.
Page 202 ™ ATEWAY Enter the reference. Internal Port Enter a valid MAC Address Enter the External IP Address The External IP address field will default to the IP address of the HSG. Enter the reference. External Port Optional: Enter the . Leave this field set to zero if you want Remote IP Address to connect to the internal device from any network-side workstation.
Page 203: Deleting Static Ports {Static Port-Mapping Delete
™ ATEWAY Deleting Static Ports {Static Port-Mapping Delete} Static Port-Mapping allows the network administrator to setup a port mapping scheme that forwards packets received on a specific port to a particular static IP (typically private and mis-configured) and port number on the subscriber side of the HSG.
Page 204: Changing The Function Of The Serial Port (Serial)
™ ATEWAY Changing the Function of the Serial Port (Serial) You can change the function of the serial port, switching between a Property Management System (PMS) and simple serial functionality (for accessing the system’s Command Line Interface). From the Web Management Interface, click on , then System Serial.
Page 205: Blocking A Subscriber Interface {Subscriber Interfaces
Updating the HSG Firmware {Upgrade} Upgrading the HSG firmware is performed from the HSG’s Command Line Interface (CLI) only. Refer to the Firmware Upgrade Procedure (separate document available from Nomadix Technical Support). System Administration...
Page 206 ™ ATEWAY Notes Use this page for your notes. System Administration...
Page 207: Chapter 3: The Subscriber Interface
™ ATEWAY The Subscriber Interface This chapter provides an overview of the HSG’s Subscriber Interface and sections outlining the authorization and billing processes, subscriber management modles, and the Information and Control Console (ICC). Overview The Subscriber Interface is the window to the solution provider’s Web site, and much more than that.
Page 208: Authorization And Billing
™ ATEWAY Authorization and Billing As a gateway device, the HSG enables plug-and-play access to broadband networks. Broadband network solution providers can now offer their subscribers a wide range of high speed services, including access to the Internet. Of course, a high speed Internet connection is not free –...
Page 209: The Aaa Structure
™ ATEWAY The AAA Structure The HSG’s Authentication, Authorization, and Accounting (AAA) module enables the solution provider to provision, track, and bill new or returning subscribers. This includes: Allowing the solution provider (for example, a hotel) to bill its guests for the high speed network services it provides, track usage on the network, and deny service to those guests who have not paid.
Page 210 ™ ATEWAY The Authentication module is responsible for ensuring that when subscribers log in to the system they are correctly identified. It can identify subscribers in many different ways. For example: Based on their hardware (MAC) address. By validating their user name and password. By looking up subscribers on a local (flash) database.
Page 211: Process Flow (Aaa)
™ ATEWAY Process Flow (AAA) The following flowchart outlines the AAA and billing process. All actions depicted in the chart are administered and tracked by the HSG. HSG detects connection and verifies user against authorization table New User Existing Subscriber Login Page Specify lease time Lease time...
Page 212: Internal And External Web Servers
™ ATEWAY Internal and External Web Servers The HSG supports both internal and external Web servers which act as a login interface between subscribers and the solution provider’s network, including the Internet. The internal Web server is “flashed” into the system’s memory and the login page is served directly from the HSG.
Page 213: Subscriber Management Models
™ ATEWAY Subscriber Management Models The system administrator establishes the subscriber management model via the Command Line Interface (CLI) or the Web Management Interface. These models can be changed while the HSG is running (without rebooting or interrupting the service). Free Access –...
Page 214: Configuring The Subscriber Management Models
™ ATEWAY Configuring the Subscriber Management Models Model What You Need To Do Free access Disable the AAA services. MAC address Enable the AAA services and add a subscriber profile to the database for each MAC address you want to enable. User Name and Password Enable the AAA services and Usernames.
Page 215: Information And Control Console (Icc)
™ ATEWAY Information and Control Console (ICC) The Information and Control Console (ICC) is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing options quickly and efficiently, and displays a dynamic “time” field to inform them of the time remaining on their account.
Page 216: Logout Console
™ ATEWAY Logout Console The HSG allows System Administrators to define a simple HTML-based pop-up window for explicit logout that can be used as an alternative to the more fully featured ICC. The pop-up Logout Console can display the elapsed/count-down time and one logo for intra-session service branding.
Page 217: Chapter 4: Quick Reference Guide
™ ATEWAY Quick Reference Guide This chapter contains product reference information, organized by topic. Use this chapter to locate the information you need quickly and efficiently. Web Management Interface (WMI) Menus The following tables contain a listing and brief explanation of all menus and menu items contained in the HSG’s Web Management Interface (WMI), listed as they appear on screen.
Page 218: Configuration Menu Items
Configures the HSG to send copies of billing records to external servers. Centralized Management The NOMADIX™ Centralized Management System (CMS) application allows system administrators to upgrade the firmware for all HSG products on their customer’s network from a centralized user interface.
Page 219 ™ ATEWAY Item Description iNAT Enables Intelligent Address Translation for Transparent VPN Access. Location Sets up your location and IP addresses for the network, subscriber, subnet mask, and default gateway. Logging Enables logging options for the system and AAA functions. Meeting Room Scheduler Allows subscribers to reserve conference rooms and pay for their Internet access in advance.
Page 220: Network Info Menu Items
™ ATEWAY Network Info Menu Items Item Description Displays the ARP table, including the destination IP address and the gateway MAC address. Displays the DAT session table. Hosts Displays the host table, including host names, associated IP addresses and any assigned aliases. ICMP Displays the ICMP (Internet Control Message Protocol) performance statistics.
Page 221: Port-Location Menu Items
™ ATEWAY Port-Location Menu Items Items Description Adds or updates port-location assignments. Delete All Deletes all port-location assignments. Use this command with caution. Delete by Location Deletes port-location assignments, based on a specified location. Delete by Port Deletes port-location assignments, based on a specified port (VLAN tag).
Page 222: Subscriber Administration Menu Items
™ ATEWAY Subscriber Administration Menu Items Items Description Adds subscriber profiles to the database. Current Displays a list of all currently connected subscribers. Delete by MAC Deletes a subscriber, based on a specific MAC address. Delete by User Deletes a subscriber, based on a specific user name. DHCP Leases Sets up the current subscriber DHCP leases.
Page 223: Subscriber Interface Menu Items
™ ATEWAY Subscriber Interface Menu Items Items Description Billing Options Establishes the various billing plans and rates (schemes), including messages and appearance. ICC Setup Sets up the Information and Control Console (ICC) for subscribers. Language Support Defines the language to be displayed on the Web Management Interface and the subscriber’s portal page.
Page 224: System Menu Items
Factory Imports the factory default settings. allowing one FailOver Sets up a “sibling” Nomadix Gateway, device to take up the users should the other device become disconnected from the network. History Displays a history log of the system’s activity, including Access, Reboot and Uptime.
Page 225 Subscriber Interfaces Serial Toggles the serial port between the system’s CLI and a Property Management System (PMS). Upgrade Unless you are using the NOMADIX™ Centralized Management System (CMS), obtain the latest Firmware Upgrade Procedure from Nomadix Technical Support. Quick Reference Guide...
Page 226: Alphabetical Listing Of Menu Items (Wmi)
Export........Export port-location assignments to file ......Port-Location Factory ......... Import the factory default configuration settings ....System FailOver ....... Sets up a “sibling” Nomadix Gateway ....... System Find by Description....Find port-location assignments by description....Port-Location Find by Location ....Find port-location assignments by location......Port-Location Find by MAC .......
Page 227 ™ ATEWAY Alphabetical Listing (continued) Item Description Menu Interfaces......Display performance statistics for interfaces ..... Network Info IP .......... Display IP performance statistics ........Network Info Language Support ....Define different languages ..........Subscriber I’face List ........Display the room file ............Port-Location List by MAC ......
Page 228: Default (Factory) Configuration Settings
10.0.0.10 Subscriber IP 10.0.0.11 Subnet Mask 255.255.255.0 Default Gateway IP 10.0.0.1 DHCP Client Enabled Admin IP 172.30.30.172 Domain nomadix. Host Name Primary DNS 0.0.0.2 Secondary DNS 0.0.0.0 Tertiary DNS 0.0.0.0 DHCP Relay Disabled External DHCP Server IP 0.0.0.0 DHCP Relay Agent IP 0.0.0.0...
Page 229 ™ ATEWAY Function Default Setting AAA Services Disabled Internal Authorization Enabled New Subscribers Enabled Credit Card Service Enabled Parameter Passing Disabled Usernames Enabled Disabled DNS Redirection Enabled SMTP Redirection Disabled SMTP Server IP 0.0.0.0 SNMP Disabled SNMP Get Community public SNMP Set Community private SNMP Trap IP...
Page 230: Product Specifications
™ ATEWAY Product Specifications Specifications ERFORMANCE User Support: 50 users concurrently, with option to expand (up to 150 users) Throughput: 75Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL Dimensions: 1U, free standing 8.66 (W) x 10.00 (D) x 1.75 (H) inches 220 (W) x 254 (D) x 44 (H) mm Weight: 4.05 pounds (1.84 Kg)
Page 231 ™ ATEWAY Specifications LED I NDICATORS ACT/LINK and 10/100 for each Ethernet port Power ETWORK ANAGEMENT Multi-Level Administration Controls Access Control Lists Web Administration UI SNMP XML API CLI via Telnet and Serial Port Quick Reference Guide...
Page 232: Sample Aaa Log
Time Log Code Log Message tion Name of Data Address Time 18:23:10 nomad237 INFO HSG_AAA: AAA_Authentication Successful 00:00:0E:32:2C:BC 2 hrs .nomadix 4207 1 min .com 18:23:26 nomad237 INFO HSG_AAA: AAA_Authentication Successful 00:10:5A:61:40:FF 12 hrs .nomadix 4207 0 min .com 18:21:53...
Page 233: Sample Syslog Report
™ ATEWAY Sample SYSLOG Report Syslog reports are generated by the HSG and sent to the syslog server that is assigned to general error detection and reporting. 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [HSG v2.3.006] DHCP: ndxDHCPInit: 0021 DHCP initialized 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [HSG v2.3.006] CLISRD: 0206 Setting COM1 to 9600 baud 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [HSG v2.3.006] CLISRD: Starting CLI on the serial port...
Page 234: Keyboard Shortcuts
™ ATEWAY Keyboard Shortcuts The following table shows the most common keyboard shortcuts. Action Keyboard Shortcut Cut selected data and place it on the clipboard. Ctrl + X Copy selected data to the clipboard. Ctrl + C Paste data from the clipboard into a document (at the Ctrl + V insertion point).
Page 235: Radius Attributes
RADIUS server can tell the HSG what upstream and downstream bandwidth the subscriber should receive. If RADIUS cannot authenticate the subscriber, it will instruct the NAS to deny access to the network. The Nomadix HSG RADIUS functionality can be broken down into the following categories: Authentication-Request...
Page 236: Authentication-Request
Authentication-Reply (Accept) Reply-Message Reject-Message State (used/tested for 802.1x) Class Session-Timeout Idle-Timeout EAP-Packet (used for 802.1x) Message-Authenticator (used for 802.1x) Acct-Interim-Interval Nomadix VSAs: - Nomadix-Bw-Up - Nomadix-Bw-Down - Nomadix-URL-Redirection - Nomadix-IP-Upsell - Nomadix-MaxBytesUp - Nomadix-MaxBytesDown - Nomadix-Net-VLAN - Nomadix-Session-Terminate-End-Of-Day - Nomadix-Subnet...
Page 237: Accounting-Request
™ ATEWAY Accounting-Request Username Acct-Status-Type (Start/Stop/Update) Acct-Session-ID Acct-Output-Octets Acct-Input-Octets Acct-Output-Packets Acct-Input-Packets Class Nomadix VSAs: - Nomadix-Subnet - Nomadix-URL-Redirection - Nomadix-IP-Upsell Acct-Session-Time (Stop) Terminate-Cause (Stop) NAS ID NAS-IP Address NAS-Port-Type NAS-Port Framed-IP Address Acct-Delay-Time Called-Station-ID Calling-Station-ID Quick Reference Guide...
Page 238: Selected Detailed Descriptions
™ ATEWAY Selected Detailed Descriptions Acct-Session-ID The Acct-Session-ID is created when the RADIUS authentication request is built. It is transmitted in both the Access-Request and the Accounting-Request. Session Timeout There is currently no default session timeout that you can set in the HSG Web Management Interface (WMI).
Page 239: Nomadix Vendor Specific Attributes
Upon a reboot, these 2 attributes are saved in currfile.dat the same way as for Acct- Input-Octets and Acct-Input-Octets. If you plan to implement RADIUS, go to “Contact Information” on page 259 for Nomadix Technical Support. Nomadix Vendor Specific Attributes Nomadix-Bw-Up This attribute value (in Kbps) restricts the speed at which uploads are performed. Nomadix-Bw-Down This attribute value (in Kbps) restricts the speed at which downloads are performed.
Page 240: Setting Up The Ssl Feature
You must purchase the SSL feature which is enabled through a license key from Nomadix. If you did not purchase the SSL feature, the SSL option in the HSG™ platform's Web Management Interface (WMI) will still be present, but you will not able to enable the feature.
Page 241: Obtain A Private Key File (Cakey.pem)
Downloading Cygwin There are several sources for obtaining “Cygwin” to install OpenSSL. One popular source is: http://sources.redhat.com/cygwin/. Nomadix used Cygwin version 1.3.2 for generating this section of the User’s Guide. Installing Cygwin and OpenSSL on a PC The example in this document is based on downloading the software with Netscape 4.75.
Page 242 ™ ATEWAY The following screen appears: Click on the button to display the next setup screen. Next Click on the button to display the next setup screen. Next Quick Reference Guide...
Page 243 Next Click on the button to display the next setup screen. Next Select a location and click on the button. Next For the purposes of this document, Nomadix used: ftp://planetmirror.com. Quick Reference Guide...
Page 244 ™ ATEWAY In the following screens, please skip all packages except “cygwin” and “openssl,” then click on the Next when you are done. At the time of this writing, there are more than 70 packages to install. Please ensure that you “skip” all of them except the two packages mentioned above.
Page 245: Private Key Generation
™ ATEWAY Click on the button to start the “download” process. Wait for the download Next process to complete. Click on the button to start the “install” process. Wait for the install process to Next complete. There will be a pop-up dialog to inform you that the installation process is completed. At the pop-up dialog, click on the button.
Page 246 ™ ATEWAY Run the “command” prompt from Windows, then click on the button. Go to the c:\cygwin\bin\ directory and run the following command: >openssl genrsa -rand file1:file2:file3:file4:file5 1024 > cakey.pem The following table provides an explanation of the command elements: openssl “openssl”...
Page 247 ™ ATEWAY Because there is a parameter buffer size limitation of the “openssl” command, the argument length should not have more than 80 characters. If you are creating multiple keys, please output them into different directories and save them as different names. However, if you are saving them as different names, you must change the names back to “cakey.pem”...
Page 248: Create A Certificate Signing Request (Csr) File
™ ATEWAY Create a Certificate Signing Request (CSR) File Run the following command to generate the certificate signing request: >openssl req -new -key cakey.pem > server.csr The following table provides an explanation of the command elements: openssl “openssl” command A parameter for creating a request Defining a “new”...
Page 249: Create A Public Key File (Server.pem)
™ ATEWAY Here is the output of server.csr: Create a Public Key File (server.pem) VeriSign Purchasing Process The signing process varies by Certificate Authority. Generally, you will need to send a Certificate Signing Request to the Certificate Authority (CA) and the CA will create a public key base on the certificate request.
Page 250 Some older versions of popular browsers only support 40-bit or 56-bit encryption. Since it impossible to forecast the browsers that may be used in a visitor-based network, Nomadix recommends implementing a 40-bit Public Key. During the process, VeriSign will ask for your business information and verification.
Page 251 ™ ATEWAY CSR Submission to VeriSign Please select “Apache Freeware” to submit the CSR to VeriSign. The Certificate Signing Request is in the server.csr (created in the previous step). Open server.csr and copy and paste all data into the edit box. Select the purchase method and summit the required contact information.
Page 252: Setting Up Hsg™ For Ssl Secure Login
™ ATEWAY The file, “server.pem” will look like this: You have now finished the process of obtaining a public key. Setting Up HSG™ for SSL Secure Login FTP the “cakey.pem” and “server.pem” files into the HSG platform's flash directory. FTP to the HSG™ by Netscape: ftp://username:password@HSG_Network_IP/flash/. Drag and drop the “cakey.pem”...
Page 253: Setting Up The Portal Page
™ ATEWAY Setting Up the Portal Page System administrators can create login button(s) on the Portal Page, and can setup “http” links for regular logins, secure logins, or both. When subscribers enter the Portal Page, they can then choose either a regular login or a secure login. To setup the Portal Page, add the following: For Regular Logins: http://usg_ip:1111/usg/login?OS=http://after_login_finished_page.html...
Page 254: Sending Billing Records
™ ATEWAY Sending Billing Records When there is a message (billing record) in the message queue, the system “wakes up” and performs the following tasks: Stores the billing record in the flash Create an XML packet, based on the new billing record Send the billing record to the carbon copy server(s) Transmit the data currently stored in the flash, based on the specified retransmission method (round-robin: A-B-A-B, or fail-over: A-A-B-B)
Page 255 ™ ATEWAY Format for each field: REC_NUM: 00923 (numbers only, no alpha characters) HSG_ID: 00020b PROPERTY_ID: Any regular string DATE: 03/30/2001 (mm/dd/yyyy) TIME: 23:41:38 (24 hour format) ROOM_NUM: Any regular string AMOUNT: 234.34 TRANS_TYPE: PMS or CC SIGNATURE: Encrypted signature for authentication RESULT_VALUE: OK or ERROR Standard IP address format (123.123.123.123)
Page 256 OK or ERROR Standard IP format (123.123.123.123) ERROR_CODE 1 for OK, or any other number Please contact Nomadix Technical Support for the complete XML DTD. Refer to “Contact Information” on page 259. For more information about Billing Records Mirroring, see also: “Billing Records Mirroring”...
Page 257: Chapter 5: Troubleshooting
™ ATEWAY Troubleshooting This chapter provides information to help you resolve common hardware and software problems. It also contains a list of known error messages associated with the Management Interface. General Hints and Tips The HSG is both a hardware device and a powerful software utility. As a hardware computing device, the HSG requires careful handling.
Page 258: Management Interface Error Messages
™ ATEWAY Management Interface Error Messages The following table contains the error messages associated with the Management Interface (CLI and Web). All messages are listed alphabetically. Error Message Cause AAA must be enabled before adding a You are attempting to add a subscriber subscriber to the profile database.
Page 259 When upgrading the software, the system must FTP a valid boot image to the flash. needs the new boot image file. You must FTP the file from NOMADIX™ to your local hard drive. Warning: no DHCP services are available This message is displayed because you to subscribers.
Page 260: Common Problems
™ ATEWAY Common Problems If you are having problems, you may find the answers here. An updated version of this list can be found at: http://www.nomadix.com/techsup. Problem Possible Cause Solution When using the internal The internal AAA login Enable communications...
Page 261 ™ ATEWAY Problem Possible Cause Solution When a subscriber logs in Home page redirection is Enable home page for the first time, their not enabled in the HSG. redirection. browser is not redirected to The home page URL was Re-enter the correct URL. the specified home page.
Page 262 ™ ATEWAY Notes Use this page for your notes. Troubleshooting...
Page 263: Appendix: Technical Support
The serial number is located on the bottom panel of your HSG. Contact Information You can contact us by Email, fax, telephone, or regular mail. Telephone E-mail ++1.818.575.2590 support@nomadix.com Address Nomadix, Inc. ++1.818.597.1502 31355 Agoura Road Westlake Village, CA 91361 Attn: Technical Support Technical Support...
Page 264 ™ ATEWAY Notes Use this page for your notes. Technical Support...
Page 265: Glossary Of Terms
10/100 Ethernet See Ethernet. (Authentication, Authorization, and Accounting) A combination of commands used by Nomadix Gateways to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. When a subscriber logs into the system, their unique MAC address is placed into an authorization table. The system then authenticates the subscriber’s MAC address and billing information before allowing them to...
Page 266 (ACKnowledgment) If all the transmitted data is present and correct, the receiving device sends an ACK signal, which acts as a request for the next data packet. Adaptive Configuration Technology A Nomadix, Inc. patented technology that enables Dynamic Address Translation. See also, DAT. ad-hoc mode 802.11x networking framework in which devices or stations communicate directly with each other, without the use of an Access Point (AP).
Page 267 (permanent) IP addresses, or subscribers that do not have DHCP functionality on their computers. DAT is a Nomadix, Inc. patented technology that allows all users to obtain network access, regardless of their computer’s network settings. See also, DHCP.
Page 268 ™ ATEWAY DTIM (Delivery Traffic Indication Message) A message included in data packets that can increase wireless efficiency. Dynamic IP Address A temporary IP address that is assigned by the DHCP server to a device. Devices retain dynamic IP addresses only for the duration of their networking session. When a device disconnects from the network, the IP address is recaptured by the DHCP server and becomes available for reassignment to another device.
Page 269 ™ ATEWAY FHSS (Frequency Hopping Spread Spectrum) One of two types of spread spectrum radio—the other being Direct- Sequence Spread Spectrum (DSSS). FHSS is a transmission technology used in WLAN transmissions where the data signal is modulated with a narrowband carrier signal that "hops" in a random but predictable sequence from frequency to frequency as a function of time over a wide band of frequencies.
Page 270 ™ ATEWAY (Home Page Redirection) Nomadix Gateways enable solution providers to redirect subscribers to a “portal” home page of their choice. This allows the solution provider to generate online advertising revenues and increase business exposure. See also, Home Page. HTML (HyperText Markup Language) The programming language used to create hypertext documents for use on the Internet.
Page 271 Whenever a subscriber logs on, your Nomadix Gateway automatically translates their computer’s network settings to provide them with seamless access to the broadband network. Subscribers no longer need to alter their computer’s settings.
Page 272 SNMP agent with a properly defined MIB. See also, SNMP. Misconfigured User A Nomadix, Inc. term used to describe users who have IP address configurations that are different from the current network. For example, if the current network is 123.45.67.89 but the user’s IP address is 10.10.10.15, then this user is considered to be “misconfigured.”...
Page 273 ™ ATEWAY OSPF (Open Shortest Path First) This routing protocol was developed for IP networks based on the shortest path first or link-state algorithm. Routers use link-state algorithms to send routing information to all nodes on a network by calculating the shortest path to each node based on a topography of the Internet constructed by each node.
Page 274 ™ ATEWAY PPTP (Point-to-Point Tunneling Protocol) Developed jointly by Microsoft Corporation, U.S. Robotics, and several remote access vendor companies, known collectively as the PPTP Forum, PPTP is a new technology used for creating Virtual Private Networks (VPNs). Because the Internet is essentially an open network, PPTP is used to ensure that messages transmitted from one VPN node to another are secure.
Page 275 Normally, a solution provider is offering a solution that isn’t readily available on the open market. For example, NOMADIX™ is a solution provider to its customers (broadband network service providers), and those customers are solution providers to their end users (network subscribers).
Page 276 ™ ATEWAY (Spanning Tree Protocol) A link management protocol that is part of the IEEE 802.1 standard for media access control bridges. Using the spanning tree algorithm, STP provides path redundancy while preventing undesirable loops in a network that are created by multiple active paths between stations. Loops occur when there are alternate routes between hosts.
Page 277 ™ ATEWAY (Transport Layer Security) A protocol that guarantees privacy and data integrity between client/server applications communicating over the Internet. The TLS protocol is made up of two layers: TLS Record Protocol Layered on top of a reliable transport protocol, such as TCP, it ensures that the connection is private by using symmetric data encryption and ensures that the connection is reliable.
Page 278 (Wireless Local Area Network) Also referred to as LAWN. A type of local-area network that uses high- frequency radio waves rather than wires to communicate between nodes. See also, Node. (Web Management Interface) The browser-based system administrators interface for all Nomadix Gateways.
Page 279 HTML. For example, XML supports links that point to multiple documents, as opposed to HTML links, which can reference just one destination each. For all Nomadix Gateways, XML is used by the subscriber management module for port location and user administration.
Page 280 ™ ATEWAY Notes Use this page for your notes. Glossary of Terms...
Page 281: Index
ARP tables choosing adding entries types of deleting entries connectivity authentication 13, contacting NOMADIX authorization 60, Credit Card Module and billing auto configuration DAT 12, DAT sessions bandwidth management 15, data basic configuration inputting...
Page 282 ™ ATEWAY Installation exporting configuration settings powering up the HSG External Web Server 17, unpacking the HSG workflow interfaces Internal Web Server factory settings Internal Web server importing international language support 20, 164, fail over options Introduction firmware manual organization updating welcome foreign language support 20, 164,...
Page 283 ™ ATEWAY installing finding by description management interfaces finding by location finding by port importing Meeting Room Scheduler 30, mapping menu organization updating menus port locations alphabetical listing port mapping 22, 96, messages in-room port mapping portal page redirect installing Port-Location menu MRS 30, post session user interface...
Page 284 SMTP redirection summary report SNMP communities support SNMP manager administration SNMP parameters technical SNMP support user SNMPv2c Nomadix MIB SYSLOG report sockets System Administration menu System menu setting up start up configuration static port mapping 22, TCP statistics static ports...
Page 285 ™ ATEWAY URL filtering VPN tunneling warnings Web Management Interface menu organization workflow XML API XML interface Index...
Page 286 ™ ATEWAY This page intentionally blank Index...

Nomadix HotSpot Gateway HSG User Manual

Chapter 1: Installing the HSG

Chapter 2: System Administration

Chapter 3: The Subscriber Interface

Chapter 4: Quick Reference Guide

Chapter 5: Troubleshooting

Appendix: Technical Support

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Nomadix HotSpot Gateway HSG

Summary of Contents for Nomadix HotSpot Gateway HSG