ZyXEL Communications UAG4100 User Manual
Unified access gateway
Hide thumbs
Also See for UAG4100:
- User manual (451 pages) ,
- Application note (67 pages) ,
- Support notes (60 pages)
Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications UAG4100
Summary of Contents for ZyXEL Communications UAG4100
- Page 1 UAG4100 Unified Access Gateway Version 4.01 Edition 1, 08/2014 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://172.16.0.1 (LAN1) http://172.17.0.1 (LAN2) User Name www.zyxel.com admin Password 1234 Copyright © 2014 ZyXEL Communications Corporation...
- Page 2 The CLI Reference Guide explains how to use the Command-Line Interface (CLI) to configure the UAG. Note: It is recommended you use the Web Configurator to configure the UAG. • Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information. UAG4100 User’s Guide...
-
Page 3: Table Of Contents
Firewall ..............................238 Billing ..............................252 Printer Manager ............................269 Free Time ..............................276 SMS ..............................280 Bandwidth Management ........................282 User/Group ............................292 AP Profile ..............................306 Addresses .............................321 Services ..............................326 Schedules .............................331 AAA Server ............................335 Authentication Method ..........................340 Certificates ............................343 ISP Accounts ............................359 UAG4100 User’s Guide... - Page 4 Contents Overview System ..............................362 Log and Report .............................403 File Manager ............................418 Diagnostics ............................429 Packet Flow Explore ..........................437 Reboot ..............................445 Shutdown ..............................446 Troubleshooting ............................447 UAG4100 User’s Guide...
-
Page 5: Table Of Contents
3.6 Generate a Free Guest Account .......................41 Chapter 4 Installation Setup Wizard ........................44 4.1 Welcome Screen ..........................44 4.2 Internet Settings ..........................44 4.2.1 Internet Settings: Ethernet ......................45 4.2.2 Internet Settings: PPPoE ......................46 4.2.3 Internet Settings: PPTP ......................48 4.3 Wireless Settings ..........................49 UAG4100 User’s Guide... - Page 6 7.3 The Interface Status Screen ......................77 7.4 The Traffic Statistics Screen ......................79 7.5 The Session Monitor Screen ......................81 7.6 The DDNS Status Screen .........................83 7.7 The IP/MAC Binding Monitor Screen ....................84 7.8 The Login Users Screen ........................85 UAG4100 User’s Guide...
- Page 7 10.1.2 What You Need to Know ...................... 112 10.2 Port Role Screen ........................... 114 10.3 Ethernet Summary Screen ......................115 10.3.1 Ethernet Edit ........................117 10.3.2 Object References .......................123 10.3.3 Add/Edit DHCP Extended Options ..................124 10.4 PPP Interfaces ..........................126 10.4.1 PPP Interface Summary ......................126 UAG4100 User’s Guide...
- Page 8 13.1.1 What You Can Do in this Chapter ..................170 13.1.2 What You Need to Know ......................170 13.2 The Zone Screen ..........................171 13.2.1 Zone Edit ..........................172 Chapter 14 DDNS..............................174 14.1 DDNS Overview ..........................174 14.1.1 What You Can Do in this Chapter ..................174 UAG4100 User’s Guide...
- Page 9 18.2 The SMTP Redirect Screen ......................196 18.2.1 The SMTP Redirect Edit Screen ..................197 Chapter 19 ALG ..............................199 19.1 ALG Overview ..........................199 19.1.1 What You Can Do in this Chapter ..................199 19.1.2 What You Need to Know ......................199 UAG4100 User’s Guide...
- Page 10 23.1.1 What You Can Do in this Chapter ..................217 23.2 IPnP Screen ..........................218 Chapter 24 Web Authentication ..........................219 24.1 Overview ............................219 24.1.1 What You Can Do in this Chapter ..................219 24.1.2 What You Need to Know ......................220 UAG4100 User’s Guide...
- Page 11 26.5 The Payment Service General Screen ..................264 26.5.1 The Payment Service Custom Service Screen ..............266 Chapter 27 Printer Manager ..........................269 27.1 Overview ............................269 27.1.1 What You Can Do in this Chapter ..................269 27.2 The General Screen ........................269 27.3 The Printout Configuration Screen ....................271 UAG4100 User’s Guide...
- Page 12 31.3 User Group Summary Screen .......................298 31.3.1 Group Add/Edit Screen ......................298 31.4 The User/Group Setting Screen ....................299 31.4.1 Default User Settings Edit Screens ..................302 31.4.2 User Aware Login Example ....................303 31.5 User /Group Technical Reference ....................304 Chapter 32 AP Profile............................306 UAG4100 User’s Guide...
- Page 13 35.1.1 What You Can Do in this Chapter ..................331 35.1.2 What You Need to Know ......................331 35.2 The Schedule Summary Screen ....................332 35.2.1 The One-Time Schedule Add/Edit Screen ................333 35.2.2 The Recurring Schedule Add/Edit Screen ................334 Chapter 36 AAA Server............................335 UAG4100 User’s Guide...
- Page 14 39.2 ISP Account Summary ........................359 39.2.1 ISP Account Edit .........................360 Chapter 40 System ...............................362 40.1 Overview ............................362 40.1.1 What You Can Do in this Chapter ..................362 40.2 Host Name ............................363 40.3 USB Storage ..........................363 40.4 Date and Time ..........................364 UAG4100 User’s Guide...
- Page 15 40.11.1 Supported MIBs .........................399 40.11.2 SNMP Traps ........................400 40.11.3 Configuring SNMP ......................400 40.12 Language ...........................402 Chapter 41 Log and Report ..........................403 41.1 Overview ............................403 41.1.1 What You Can Do In this Chapter ..................403 41.2 Email Daily Report ........................403 UAG4100 User’s Guide...
- Page 16 44.1.1 What You Can Do in this Chapter ..................437 44.2 The Routing Status Screen ......................437 44.3 The SNAT Status Screen ......................441 Chapter 45 Reboot ...............................445 45.1 Overview ............................445 45.1.1 What You Need To Know .....................445 45.2 The Reboot Screen ........................445 Chapter 46 Shutdown............................446 UAG4100 User’s Guide...
- Page 17 46.1.1 What You Need To Know .....................446 46.2 The Shutdown Screen ........................446 Chapter 47 Troubleshooting..........................447 47.1 Resetting the UAG ........................453 47.2 Getting More Troubleshooting Help ....................454 Appendix A Customer Support ......................455 Appendix B Legal Information......................461 Index ..............................467 UAG4100 User’s Guide...
-
Page 18: Introduction
The default configurations for zones, interfaces, and ports are as follows. References to interfaces may be generic rather than the specific name used in your model. For example, this guide may use “the WAN interface” rather than “P1”. UAG4100 User’s Guide... -
Page 19: Management Overview
You can manage the UAG in the following ways. Web Configurator The Web Configurator allows easy UAG setup and management using an Internet browser. This User’s Guide provides information about the Web Configurator. Figure 2 Managing the UAG: Web Configurator UAG4100 User’s Guide... -
Page 20: Web Configurator
The Login screen appears. Type the user name (default: “admin”) and password (default: “1234”). Click Login. If you logged in using the default user name and password, the Update Admin Info screen appears. Otherwise, the dashboard appears. UAG4100 User’s Guide... -
Page 21: Web Configurator Screens Overview
See the Command Reference Guide for information about the commands. Click this to open a popup window that displays the CLI commands sent by the Web Configurator to the UAG. About Click About to display basic information about the UAG. UAG4100 User’s Guide... - Page 22 This shows the date (yyyy-mm-dd) and time (hh:mm:ss) when the firmware is released. Click this to close the screen. Site Map Click Site MAP to see an overview of links to the Web Configurator screens. Click a screen’s link to go to that screen. Figure 5 Site Map UAG4100 User’s Guide...
- Page 23 Click Cancel to close the screen. CLI Messages Click CLI to look at the CLI commands sent by the Web Configurator. Open the pop-up window and then click some menus in the web configurator to dislay the corresponding commands. UAG4100 User’s Guide...
-
Page 24: Navigation Panel
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. See Chapter 6 on page 64 for details on the dashboard. UAG4100 User’s Guide... -
Page 25: Monitor Menu
Table 6 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION Quick Setup Quickly configure WAN interfaces. Licensing Registration Registration Register the device and activate trial services. Service View the licensed service status and upgrade licensed services. UAG4100 User’s Guide... - Page 26 Create walled garden links that display in the login screen. Adverstisement Enable and set advertisement links. Firewall Firewall Create and manage level-3 traffic rules. Session Limit Limit the number of concurrent client NAT/firewall sessions. Billing General Configure the general billing settings, such as the accounting method. UAG4100 User’s Guide...
- Page 27 Service Control Configure HTTP, HTTPS, and general authentication. Login Page Configure how the login and access user screens look. Configure SSH server and SSH service settings. TELNET Configure telnet server settings for the UAG. Configure FTP server settings. UAG4100 User’s Guide...
-
Page 28: Tables And Lists
Click the down arrow next to a column heading for more options about how to display the entries. The options available vary depending on the type of fields in the column. Here are some examples of what you can do: UAG4100 User’s Guide... - Page 29 Figure 12 Moving Columns Use the icons and fields at the bottom of the table to navigate to different pages of entries and control how many entries display at a time. Figure 13 Navigating Pages of Table Entries UAG4100 User’s Guide...
- Page 30 In some lists you can also use the [Shift] or [Ctrl] key to select multiple entries, and then use the arrow button to move them to the other list. UAG4100 User’s Guide...
-
Page 31: Stopping The Uag
Figure 15 Working with Lists 1.5 Stopping the UAG Always use Maintenance > Shutdown > Shutdown or the shutdown command before you turn off the UAG or remove the power. Not doing so can cause the firmware to become corrupt. UAG4100 User’s Guide... -
Page 32: Hardware Installation And Connection
Make sure the screws are fastened well enough to hold the weight of the UAG with the connection cables. Align the holes on the back of the UAG with the screws on the wall. Hang the UAG on the screws. UAG4100 User’s Guide... -
Page 33: Front Panel
Chapter 2 Hardware Installation and Connection Figure 16 Wall Mounting Example 2.2 Front Panel This section introduces the UAG’s front panel. Figure 17 UAG Front Panel UAG4100 User’s Guide... -
Page 34: Front Panel Leds
There is no connection on this port. 2.3 Rear Panel The following figure shows the rear panel of the UAG. The rear panel contains a console port, a power switch and a connector for the power receptacle and four antennas. UAG4100 User’s Guide... - Page 35 • No flow control Connect the male 9-pin end of the RS-232 console cable to the console port of the UAG. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. UAG4100 User’s Guide...
-
Page 36: Printer Deployment
Section 1.4 on page 20 on how to access the web configurator. Enter your Internet access information to set up a Internet connection. See Chapter 4 on page 44 for detailed information on how to use the setup wizard. UAG4100 User’s Guide... -
Page 37: Allow The Uag To Monitor And Manage The Printer
Go to the Dashboard of the UAG web configurator. Open the DHCP Table to find the IP address that is assigned to the printer’s MAC address. Make sure the IP address is reserved for the printer. Write down the printer’s IP address. UAG4100 User’s Guide... - Page 38 Go to the Configuration > Printer Manager screen. Click Add in the Printer List to create a new entry for your printer. After the printer’s IP address is added to the printer list, select the Enable Printer Manager checkbox and then click Apply. UAG4100 User’s Guide...
-
Page 39: Turn On Web Authentication On The Uag
Apply in the the Configuration > Printer Manager screen. 3.5 Turn on Web Authentication on the UAG With web authentication, users need to log in through a designated web page before they can access the network(s). Go to the Configuration > Web Authentication screen. UAG4100 User’s Guide... - Page 40 Click Add to create a new web authentication policy. The Auth. Policy Add screen displays. Set Authentication to required and select Force User Authentication to redirect all HTTP traffic to the default login page. Click OK to save your changes. UAG4100 User’s Guide...
-
Page 41: Generate A Free Guest Account
Select the Enable Free Time checkbox to turn on this feature. Click Apply. Whenever a user tries to access a web page, he/she will be redirect to the default login page. Click the link on the login page to get a free guest account. UAG4100 User’s Guide... - Page 42 A Welcome screen displays. Select the free time service. Click OK to generate and show the account information on the web page. Now you can use this account to access the Internet through the UAG for free. UAG4100 User’s Guide...
- Page 43 Chapter 3 Printer Deployment UAG4100 User’s Guide...
-
Page 44: Installation Setup Wizard
• Click Go to Dashboard to skip the installation setup wizard or click Next to start configuring for Internet access. 4.2 Internet Settings Use this screen to set the WAN interface’s type of encapsulation and method of IP address assignment. UAG4100 User’s Guide... -
Page 45: Internet Settings: Ethernet
This screen is read-only if you set the previous screen’s IP Address Assignment field to Auto and click Next. Use this screen to configure your IP address settings. Note: Enter the Internet access information exactly as given to you by your ISP. UAG4100 User’s Guide... -
Page 46: Internet Settings: Pppoe
DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. 4.2.2 Internet Settings: PPPoE Note: Enter the Internet access information exactly as given to you by your ISP. UAG4100 User’s Guide... - Page 47 • Zone: This is the security zone to which this interface and Internet connection will belong. • IP Address: Enter your (static) public IP address. Auto displays if you selected Auto as the IP Address Assignment in the previous screen. UAG4100 User’s Guide...
-
Page 48: Internet Settings: Pptp
• CHAP/PAP - Your UAG accepts either CHAP or PAP when requested by the remote node. • CHAP - Your UAG accepts CHAP only. • PAP - Your UAG accepts PAP only. • MSCHAP - Your UAG accepts MSCHAP only. • MSCHAP-V2 - Your UAG accepts MSCHAP-V2 only. UAG4100 User’s Guide... -
Page 49: Wireless Settings
DDNS and the time server. Leave the field as 0.0.0.0 if you do not want to configure DNS servers. 4.3 Wireless Settings Use this screen to turn on or turn off the local AP (the UAG’s built-in wireless LAN module). UAG4100 User’s Guide... -
Page 50: Wireless And Radio Settings
Use this screen to configure the wireless and wireless security settings when you turn on the local The screen varies depending on the security mode you selected. Figure 25 Wireless Settings: Security Mode: WPA2 Wireless Settings • SSID - Enter a descriptive name of up to 32 printable characters for the wireless LAN. UAG4100 User’s Guide... -
Page 51: Web Authentication Settings
Device Registration screen. To block all network traffic or traffic received on a specific interface, use the Configuration > Web Authentication screens (Section 24.2 on page 220) to configure a new policy. UAG4100 User’s Guide... -
Page 52: Printer Settings
If you enable the web authentication feature, attach a statement printer and select Yes to have the UAG generate dynamic guest accounts. Otherwise, select No and click Next to go to the Free Time screen with which you can allow the UAG to create free guest accounts. Figure 27 Printer Settings UAG4100 User’s Guide... -
Page 53: Printer List And Printout Settings
• IPv4 Address - This shows the IP address of the printer. • MAC - This shows the MAC address of the printer. Printout • Specify how many copies of subscriber statements you want to print. 4.6 Billing Settings Use this screen to configure the general billing settings. UAG4100 User’s Guide... -
Page 54: Billing Profile
• Tax - Select this option to charge sales tax for the account. Enter the tax rate (a 6% sales tax is entered as 6). 4.6.1 Billing Profile Use this screen to configure the billing profiles that defines the maximum Internet access time and charge per time unit. UAG4100 User’s Guide... -
Page 55: Account Generator Settings
Use this screen to select the pre-defined billing profiles that the UAG can use to automatically create dynamic guest accounts. Each button represents a billing profile that defines maximum Internet access time and charge per time unit. UAG4100 User’s Guide... -
Page 56: Free Time Settings
• Free Time Period - Select the duration of time period for which the free time account is allowed to access the Internet. • Reset Time - Select the time in 24-hour format at which the new free time account is allowed to access the Internet. UAG4100 User’s Guide... -
Page 57: Device Registration
UAG’s serial number and LAN MAC address to register it if you have not already done so. Note: You must be connected to the Internet to register. Use the Registration > Service screen to update your service subscription status. Figure 33 Registration UAG4100 User’s Guide... -
Page 58: Quick Setup Wizards
5.2 WAN Interface Quick Setup Click WAN Interface in the main Quick Setup screen to open the WAN Interface Quick Setup Wizard Welcome screen. Use these screens to configure an interface to connect to the Internet. Click Next. UAG4100 User’s Guide... -
Page 59: Choose An Ethernet Interface
WAN Type Selection: Select the type of encapsulation this connection is to use. Choose Ethernet when the WAN port is used as a regular Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection according to the information from your ISP. UAG4100 User’s Guide... -
Page 60: Configure Wan Ip Settings
Ethernet and set the IP Address Assignment to Auto. If you set the IP Address Assignment to Static and/or select PPTP or PPPoE, enter the Internet access information exactly as your ISP gave it to you. UAG4100 User’s Guide... - Page 61 Type the password associated with the user name above. Use up to 64 ASCII characters except the [] and ?. This field can be blank. Retype to Type your password again for confirmation. Confirm Nailed-Up Select Nailed-Up if you do not want the connection to time out. UAG4100 User’s Guide...
-
Page 62: Quick Setup Interface Wizard: Summary
DNS server (in the order you specify here) to resolve domain names for DDNS and the time server. Back Click Back to return to the previous screen. Next Click Next to continue. 5.2.5 Quick Setup Interface Wizard: Summary This screen displays the WAN interface’s settings. UAG4100 User’s Guide... - Page 63 This field only appears for an Ethernet interface. It displays the IP address of the gateway. Address First DNS Server If the IP Address Assignment is Static, these fields display the DNS server IP address(es). Second DNS Server Close Click Close to exit the wizard. UAG4100 User’s Guide...
-
Page 64: Dashboard
The dashboard displays general device information, system status, system resource usage, licensed service status, and interface status in widgets that you can re-arrange to suit your needs. You can also collapse, refresh, and close individual widgets. UAG4100 User’s Guide... - Page 65 Widget Settings Use this link to open or close widgets by selecting/clearing the associated checkbox. Up Arrow (B) Click this to collapse a widget. It then becomes a down arrow. Click it again to enlarge the widget again. UAG4100 User’s Guide...
- Page 66 Click the icon to open the screen where you can configure the UAG’s date and time. DHCP Table Click this to look at the IP addresses currently assigned to the UAG’s DHCP clients and the IP addresses reserved for specific MAC addresses. See Section 6.2.4 on page UAG4100 User’s Guide...
- Page 67 Assignment Static - This interface has a static IP address. DHCP Client - This Ethernet interface gets its IP address from a DHCP server. Dynamic - This PPP interface gets its IP address from a DHCP server. UAG4100 User’s Guide...
- Page 68 This section displays a summary for all connected wireless APs. Click the link to go to the AP information > AP List screen. Online This displays the number of currently connected management APs. Management Offline This displays the number of currently offline managed APs. Management UAG4100 User’s Guide...
-
Page 69: The Cpu Usage Screen
This field displays the destination address (if any) in the packet that generated the log. 6.2.1 The CPU Usage Screen Use this screen to look at a chart of the UAG’s recent CPU usage. To access this screen, click CPU Usage in the dashboard. Figure 42 Dashboard > CPU Usage UAG4100 User’s Guide... -
Page 70: The Memory Usage Screen
Click this to update the information in the window right away. 6.2.3 The Active Sessions Screen Use this screen to look at a chart of the UAG’s recent traffic session usage. To access this screen, click Show Active Sessions in the dashboard. UAG4100 User’s Guide... -
Page 71: The Dhcp Table Screen
Use this screen to look at the IP addresses currently assigned to DHCP clients and the IP addresses reserved for specific MAC addresses. To access this screen, click DHCP Table in System Status in the dashboard. Figure 45 Dashboard > DHCP Table UAG4100 User’s Guide... -
Page 72: The Number Of Login Users Screen
Use this screen to look at a list of the users currently logged into the UAG. Users who close their browsers without logging out are still shown as logged in here. To access this screen, click Number of Login Users in System Status in the dashboard. Figure 46 Dashboard > Number of Login Users UAG4100 User’s Guide... - Page 73 (external user), this field will show its external-group information when you move your mouse over it. If the external user matches two external-group objects, both external-group object names will be shown. Force Logout Click this icon to end a user’s session. UAG4100 User’s Guide...
-
Page 74: Monitor
• Use the Station Info > Station List screen (see Section 7.14 on page 95) to view statistics pertaining to the connected stations (or “wireless clients”). • Use the Printer Status screen (see Section 7.15 on page 96) to view information about the connected statement printers. UAG4100 User’s Guide... -
Page 75: The Port Statistics Screen
Poll Interval and clicking Set Interval. Switch to Click this to display the port statistics as a line graph. Graphic View This field displays the port’s number in the list. Port This field displays the physical port number. UAG4100 User’s Guide... -
Page 76: The Port Statistics Graph Screen
Use this screen to look at a line graph of packet statistics for each physical port. To access this screen, click Port Statistics in the Status screen and then the Switch to Graphic View Button. Figure 48 Monitor > System Status > Port Statistics > Switch to Graphic View UAG4100 User’s Guide... -
Page 77: The Interface Status Screen
7.3 The Interface Status Screen This screen lists all of the UAG’s interfaces and gives packet statistics for them. Click Monitor > System Status > Interface Status to access this screen. Figure 49 Monitor > System Status > Interface Status UAG4100 User’s Guide... - Page 78 Ethernet interfaces. Name This field displays the name of each interface. If there is a Expand icon (plus-sign) next to the name, click this to look at the statistics for virtual interfaces on top of this interface. UAG4100 User’s Guide...
-
Page 79: The Traffic Statistics Screen
You use the Traffic Statistics screen to tell the UAG when to start and when to stop collecting information for these reports. You cannot schedule data collection; you have to start and stop it manually in the Traffic Statistics screen. UAG4100 User’s Guide... - Page 80 This field indicates whether the IP address or user is sending or receiving traffic. RX From- traffic is coming from the IP address or user to the UAG. Tx To - traffic is going from the UAG to the IP address or user. UAG4100 User’s Guide...
-
Page 81: The Session Monitor Screen
7.5 The Session Monitor Screen The Session Monitor screen displays information about all established sessions that pass through the UAG for debugging or statistical analysis. It is not possible to manage sessions in this screen. The following information is displayed. UAG4100 User’s Guide... - Page 82 The User, Service, Source Address, and Destination Address fields display if you view all sessions. Select your desired filter criteria and click the Search button to filter the list of sessions. UAG4100 User’s Guide...
-
Page 83: The Ddns Status Screen
This field displays the length of the active session in seconds. 7.6 The DDNS Status Screen The DDNS Status screen shows the status of the UAG’s DDNS domain names. Click Monitor > System Status > DDNS Status to open the following screen. UAG4100 User’s Guide... -
Page 84: The Ip/Mac Binding Monitor Screen
MAC binding enabled and have ever established a session with the UAG. Devices that have never established a session with the UAG do not display in the list. Figure 53 Monitor > System Status > IP/MAC Binding UAG4100 User’s Guide... -
Page 85: The Login Users Screen
This field displays the user name of each user who is currently logged in to the UAG. Reauth Lease T. This field displays the amount of reauthentication time remaining and the amount of lease time remaining for each user. See Chapter 31 on page 292. UAG4100 User’s Guide... -
Page 86: The Upnp Port Status Screen
Use this screen to look at the NAT port mapping rules that UPnP creates on the UAG. To access this screen, click Monitor > System Status > UPnP Port Status. Figure 55 Monitor > System Status > UPnP Port Status UAG4100 User’s Guide... -
Page 87: The Usb Storage Screen
Click this button to update the information in the screen. 7.10 The USB Storage Screen This screen displays information about a connected USB storage device. Click Monitor > System Status > USB Storage to display this screen. Figure 56 Monitor > System Status > USB Storage UAG4100 User’s Guide... -
Page 88: The Dynamic Guest Screen
(see Section 26.3.1 on page 256 for more information). A dynamic guest account has a dynamically-created user name and password. Guest users can log in with the dynamic guest accounts when connecting to an SSID UAG4100 User’s Guide... - Page 89 This field displays the method of payment for each account. Phone Num This field displays the mobile phone number for the account. User Role This field displays the role of the account. Refresh Click this button to update the information in the screen. UAG4100 User’s Guide...
-
Page 90: The Ap List Screen
This visually displays the AP’s connection status with icons. For details on the different Status states, see the next table. Registration This indicates whether the AP is registered with the managed AP list. IP Address This displays the AP’s IP address. MAC Address This displays the AP’s MAC address. UAG4100 User’s Guide... - Page 91 This AP has a runtime management VLAN ID setting that conflicts with the VLAN ID setting on the Access Controller (the UAG). • A setting the UAG assigns to this AP does not match the AP’s capability. UAG4100 User’s Guide...
-
Page 92: Station Count Of Ap
Station Count The y-axis represents the number of connected stations. The x-axis shows the time over which a station was connected. Last Update This field displays the date and time the information in the window was last updated. UAG4100 User’s Guide... -
Page 93: The Radio List Screen
This displays the total number of packets transmitted by the radio. Rx FCS Error This indicates the number of received packet errors accrued by the radio. Count Tx Retry Count This indicates the number of times the radio has attempted to re-transmit packets. UAG4100 User’s Guide... -
Page 94: Ap Mode Radio Information
24 hours. To access this window, select an entry and click the More Information button in the Radio List screen. Figure 61 Monitor > Wireless > AP Information > Radio List > AP Mode Radio Information UAG4100 User’s Guide... -
Page 95: The Station List Screen
7.14 The Station List Screen Use this screen to view statistics pertaining to the associated stations (or “wireless clients”). Click Monitor > Wireless > Station Info to access this screen. Figure 62 Monitor > Wireless > Station List UAG4100 User’s Guide... -
Page 96: The Printer Status Screen
Click this to refresh the items displayed on this page. 7.15 The Printer Status Screen This screen displays information about the connected statement printer, such as SP350E. Click Monitor > Printer Status to display this screen. Figure 63 Monitor > Printer Status UAG4100 User’s Guide... -
Page 97: The Vpn 1-1 Mapping Status Screen
This screen displays the status of the active users to which the UAG applied a VPN 1-1 mapping rule. Click Monitor > VPN 1-1 Mapping to open the following screen. Figure 64 Monitor > VPN 1-1 Mapping UAG4100 User’s Guide... -
Page 98: Vpn 1-1 Mapping Statistics
This field displays how many times the UAG applied the rule to a user successfully or Peak Usage failed to apply the rule to a user. This also shows the maximum number of times the UAG has applied the rule to a user successfully. UAG4100 User’s Guide... -
Page 99: The Log Screen
Events that generate an alert (as well as a log message) display in red. Regular logs display in black. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 66 Monitor > Log UAG4100 User’s Guide... - Page 100 Message field if log consolidation is turned on (see Log Consolidation in Table 198 on page 409). and multiple entries were aggregated to generate into this one. UAG4100 User’s Guide...
-
Page 101: View Ap Log
7.17.1 View AP Log Use this screen to view the UAG’s current wireless AP log messages. Click Monitor > Log > View AP Log to access this screen. Figure 67 Monitor > Log > View AP Log UAG4100 User’s Guide... - Page 102 Click this to clear the log on the specified AP. This field is a sequential value, and it is not associated with a specific log message. Time This indicates the time that the log messages was created or recorded on the AP. UAG4100 User’s Guide...
-
Page 103: Dynamic Users Log
Click this button to update the information in the screen. Clear Log Click this button to delete the log messages for invalid accounts. This is the index number of the dynamic guest account in the list. Status This field displays whether an account expires or not. UAG4100 User’s Guide... - Page 104 Charge This field displays the total cost of the account. Payment Info This field displays the method of payment for each account. Phone Num This field displays the telephone number for the user account. UAG4100 User’s Guide...
-
Page 105: Registration
NWA5123-NI). You can increase this by subscribing to additional licenses. As of this writing, each license upgrade allows an additional 8 remote managed APs while the maximum number of remote managed APs a single UAG can support is 16. UAG4100 User’s Guide... -
Page 106: Registration Screen
The following table describes the labels in this screen. Table 44 Configuration > Licensing > Registration > Service LABEL DESCRIPTION License Status This is the entry’s position in the list. Service This lists the services that are available on the UAG. UAG4100 User’s Guide... - Page 107 UAG at the same time or how many managed APs the UAG can support with your current license. Service License Refresh Click this button to renew service license information (such as the registration status and expiration day). UAG4100 User’s Guide...
-
Page 108: Wireless
UAG. 9.2 Controller Screen Use this screen to set how the UAG allows new APs to connect to the network. Click Configuration > Wireless > Controller to access this screen. Figure 71 Configuration > Wireless > Controller UAG4100 User’s Guide... -
Page 109: Ap Management Screen
Select an AP and click this button to force it to restart. This field is a sequential value, and it is not associated with any entry. IP Address This field displays the IP address of the AP. MAC Address This field displays the MAC address of the AP. UAG4100 User’s Guide... -
Page 110: Edit Ap List
Each field is described in the following table. Table 47 Configuration > Wireless > AP Management > Edit AP List LABEL DESCRIPTION Create new Object Use this menu to create a new Radio Profile object to associate with this AP. Configuration UAG4100 User’s Guide... - Page 111 Select this option to treat this VLAN ID as a VLAN created on the UAG and not one assigned to it from outside the network. Click OK to save your changes back to the UAG. Cancel Click Cancel to close the window with changes unsaved. UAG4100 User’s Guide...
-
Page 112: Interfaces
• An interface is bound to a physical port or another interface. • Many interfaces can share the same physical port. • An interface belongs to at most one zone. • Many interfaces can belong to the same zone. UAG4100 User’s Guide... -
Page 113: Types Of Interfaces
Ethernet interface wan1 are called wan1:1, wan1:2, and so on. Virtual interfaces created on VLAN interface vlan2 are called vlan2:1, vlan2:2, and so on. You cannot specify the number after the colon(:) in the UAG4100 User’s Guide... -
Page 114: Relationships Between Interfaces
Role screen to set the UAG’s flexible ports as part of the lan1 or lan2 interfaces. This creates a hardware connection between the physical ports at the layer-2 (data link, MAC address) level. This provides wire-speed throughput but no security. UAG4100 User’s Guide... -
Page 115: Ethernet Summary Screen
Unlike other types of interfaces, you cannot create new Ethernet interfaces nor can you delete any of them. If an Ethernet interface does not have any physical ports assigned to it (see Section 10.2 on page 114), the Ethernet interface is effectively removed from the UAG, but you can still configure it. UAG4100 User’s Guide... - Page 116 (STATIC) or dynamically assigned (DHCP). IP addresses are always static in virtual interfaces. Mask This field displays the interface’s subnet mask in dot decimal notation. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 117: Ethernet Edit
UAG automatically updates every rule or setting that uses the object whenever the interface’s IP address settings change. For example, if you change the LAN’s IP address, the UAG automatically updates the corresponding interface- based, LAN subnet address object. UAG4100 User’s Guide... - Page 118 Chapter 10 Interfaces Figure 76 Configuration > Network > Interface > Ethernet > Edit (External Type) UAG4100 User’s Guide...
- Page 119 Chapter 10 Interfaces Figure 77 Configuration > Network > Interface > Ethernet > Edit (Internal Type) UAG4100 User’s Guide...
- Page 120 Allowed values are 0 - 1048576. Ingress This is reserved for future use. Bandwidth Enter the maximum amount of traffic, in kilobits per second, the UAG can receive from the network through the interface. Allowed values are 0 - 1048576. UAG4100 User’s Guide...
- Page 121 If this field is blank, the Pool Size must also be blank. In this case, the UAG can assign every IP address allowed by the interface’s IP address and subnet mask, except for the first address (network address), last address (broadcast address) and the interface’s IP address. UAG4100 User’s Guide...
- Page 122 Static DHCP Configure a list of static IP addresses the UAG assigns to computers connected to the Table interface. Otherwise, the UAG assigns an IP address dynamically using the interface’s IP Pool Start Address and Pool Size. UAG4100 User’s Guide...
-
Page 123: Object References
When a configuration screen includes an Object Reference icon, select a configuration object and click Object Reference to open the Object Reference screen. This screen displays which configuration settings reference the selected object. The fields shown vary with the type of object. Figure 78 Object References UAG4100 User’s Guide... -
Page 124: Add/Edit Dhcp Extended Options
16 characters (“a-z”, “A-Z, “0-9”, “-”, and “_”) with no spaces allowed. The first character must be alphabetical (a-z, A-Z). Code This field displays the code number of the selected DHCP option. If you selected User Defined in the Option field, enter a number for the option. This field is mandatory. UAG4100 User’s Guide... - Page 125 Vendor-Identifying Vendor Class option A DHCP client may use this option to unambiguously identify the vendor that manufactured the hardware on which the client is running, the software in use, or an industry consortium to which the vendor belongs. UAG4100 User’s Guide...
-
Page 126: Ppp Interfaces
255.255.255.255. In addition, the UAG always treats the ISP as a gateway. 10.4.1 PPP Interface Summary This screen lists every PPPoE/PPTP interface. To access this screen, click Configuration > Network > Interface > PPP. UAG4100 User’s Guide... - Page 127 This field displays the interface on the top of which the PPPoE/PPTP interface is. Account Profile This field displays the ISP account used by this PPPoE/PPTP interface. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 128: Ppp Interface Add Or Edit
Note: You have to set up an ISP account before you create a PPPoE/PPTP interface. This screen lets you configure a PPPoE or PPTP interface. To access this screen, click the Add icon or select an entry in the PPP interface summary screen and click the Edit icon. UAG4100 User’s Guide... - Page 129 Chapter 10 Interfaces Figure 82 Configuration > Network > Interface > PPP > Add UAG4100 User’s Guide...
- Page 130 Select this if this interface is a DHCP client. In this case, the DHCP server configures the Automatically IP address automatically. The subnet mask and gateway are always defined automatically in PPPoE/PPTP interfaces. Use Fixed IP Select this if you want to specify the IP address manually. Address UAG4100 User’s Guide...
- Page 131 Click WAN_TRUNK to go to a screen where you can configure the interface as part of a WAN_TRUNK WAN trunk for load balancing. Policy Route Click Policy Route to go to the screen where you can manually configure a policy route to associate traffic with this interface. UAG4100 User’s Guide...
-
Page 132: Vlan Interfaces
VLAN also has a unique identification number (ID). The ID is a 12-bit value that is stored in the MAC header. The VLANs are connected to switches, and the switches are connected to the router. (If one switch has enough connections for the entire network, the network does not need switches A and B.) UAG4100 User’s Guide... -
Page 133: Vlan Interface Summary Screen
They can provide DHCP services, and they can verify the gateway is available. 10.5.1 VLAN Interface Summary Screen This screen lists every VLAN interface and virtual interface created on top of VLAN interfaces. To access this screen, click Configuration > Network > Interface > VLAN. UAG4100 User’s Guide... -
Page 134: Vlan Interface Add/Edit
Click Reset to return the screen to its last-saved settings. 10.5.2 VLAN Interface Add/Edit This screen lets you configure IP address assignment, interface bandwidth parameters, DHCP settings, and connectivity check for each VLAN interface. To access this screen, click the Add icon UAG4100 User’s Guide... - Page 135 Chapter 10 Interfaces or select an entry in the VLAN summary screen and click the Edit icon. The following screen appears. Figure 86 Configuration > Network > Interface > VLAN > Edit UAG4100 User’s Guide...
- Page 136 Enter the priority of the gateway (if any) on this interface. The UAG decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the UAG uses the one that was configured first. Interface Parameters UAG4100 User’s Guide...
- Page 137 Enter the IP address of a DHCP server for the network. Relay Server 2 This field is optional. Enter the IP address of another DHCP server for the network. These fields appear if the UAG is a DHCP Server. UAG4100 User’s Guide...
- Page 138 MAC addresses for this VLAN. This stops anyone else from manually using a bound IP address on another device connected to this interface. Use this to make use only the intended users get to use specific IP addresses. UAG4100 User’s Guide...
-
Page 139: Bridge Interfaces
This section introduces bridges and bridge interfaces and then explains the screens for bridge interfaces. Bridge Overview A bridge creates a connection between two or more network segments at the layer-2 (MAC address) level. In the following example, bridge X connects four network segments. UAG4100 User’s Guide... -
Page 140: Bridge Interface Overview
(250.250.250.0/23) between lan1 and vlan1. Table 61 Example: Routing Table Before and After Bridge Interface br0 Is Created IP ADDRESS(ES) DESTINATION IP ADDRESS(ES) DESTINATION 210.210.210.0/24 lan1 221.221.221.0/24 vlan0 210.211.1.0/24 lan1:1 230.230.230.192/26 wan1 221.221.221.0/24 vlan0 250.250.250.0/23 222.222.222.0/24 vlan1 230.230.230.192/26 wan1 UAG4100 User’s Guide... -
Page 141: Bridge Interface Summary
This field displays the Ethernet interfaces and VLAN interfaces in the bridge interface. It is blank for virtual interfaces. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide... -
Page 142: Bridge Interface Add/Edit
To access this screen, click the Add icon, or select an entry in the Bridge summary screen and click the Edit icon. The following screen appears. Figure 88 Configuration > Network > Interface > Bridge > Add UAG4100 User’s Guide... - Page 143 Enter the IP address of the gateway. The UAG sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the interface. UAG4100 User’s Guide...
- Page 144 Custom Defined - enter a static IP address. Server From ISP - select the DNS server that another interface received from its DHCP server. Device - the DHCP clients use the IP address of this interface and the UAG works as a DNS relay. UAG4100 User’s Guide...
- Page 145 UAG stops routing to the gateway. The UAG resumes routing to the gateway the first time the gateway passes the connectivity check. UAG4100 User’s Guide...
-
Page 146: Virtual Interfaces
MTU. The virtual interface uses the same MTU that the underlying interface uses. Unlike other interfaces, virtual interfaces do not provide DHCP services, and they do not verify that the gateway is available. UAG4100 User’s Guide... -
Page 147: Virtual Interfaces Add/Edit
UAG uses the one that was configured first. Interface Parameters Egress Enter the maximum amount of traffic, in kilobits per second, the UAG can send through Bandwidth the interface to the network. Allowed values are 0 - 1048576. UAG4100 User’s Guide... -
Page 148: Interface Technical Reference
DHCP clients. You have to assign the IP address and subnet mask manually. In general, the IP address and subnet mask of each interface should not overlap, though it is possible for this to happen with DHCP clients. UAG4100 User’s Guide... - Page 149 IP address, subnet mask, gateway, and available network information to the DHCP client. When the DHCP client leaves the network, the DHCP servers can assign its IP address to another DHCP client. At the time of writing, the UAG does not support ingress bandwidth management. UAG4100 User’s Guide...
- Page 150 IP address. In this way WINS is similar to DNS, although WINS does not use a hierarchy (unlike DNS). A network can have more than one WINS server. Samba can also serve as a WINS server. UAG4100 User’s Guide...
- Page 151 The first one runs on TCP port 1723. It is used to start and manage the second one. The second one uses Generic Routing Encapsulation (GRE, RFC 2890) to transfer information between the computers. PPTP is convenient and easy-to-use, but you have to make sure that firewalls support both PPTP sessions. UAG4100 User’s Guide...
-
Page 152: Trunks
ISP. The UAG balances the WAN traffic load between the connections. If one interface's connection goes down, the UAG can automatically send its traffic through another interface. You can also use trunks with policy routing to send specific traffic types through the best WAN interface for that type of traffic. UAG4100 User’s Guide... - Page 153 A queue is given an amount of bandwidth irrespective of the incoming traffic on that interface. This queue then moves to the back of the list. The next queue is In the load balancing section, a session may refer to normal connection-oriented, UDP or SNMP2 traffic. UAG4100 User’s Guide...
- Page 154 In this example figure, the upper threshold of the first interface is set to 800K. The UAG sends network traffic of new sessions that exceed this limit to the secondary WAN interface. Figure 93 Spillover Algorithm Example UAG4100 User’s Guide...
-
Page 155: The Trunk Summary Screen
SNAT settings for traffic it routes from internal interfaces to external interfaces. Default Trunk Select whether the UAG is to use the default system WAN trunk or one of the user Selection configured WAN trunks as the default trunk for routing traffic from internal interfaces to external interfaces. UAG4100 User’s Guide... -
Page 156: Configuring A User-Defined Trunk
Click Configuration > Network > Interface > Trunk, in the User Configuration table click the Add (or Edit) icon to open the following screen. Use this screen to create or edit a WAN trunk entry. Figure 95 Configuration > Network > Interface > Trunk > Add (or Edit) UAG4100 User’s Guide... - Page 157 This field displays with the least load first load balancing algorithm. It displays the maximum number of kilobits of data the UAG is to allow to come in through the interface per second. Note: You can configure the bandwidth of an interface in the corresponding interface edit screen. UAG4100 User’s Guide...
-
Page 158: Configuring The System Default Trunk
Note: The available bandwidth is allocated to each member interface equally and is not allowed to be changed for the default trunk. Figure 96 Configuration > Network > Interface > Trunk > Edit (System Default) UAG4100 User’s Guide... - Page 159 The UAG uses the group member interfaces in the order that they are listed. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
-
Page 160: Policy And Static Routes
Traditionally, routing is based on the destination address only and the UAG takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. UAG4100 User’s Guide... - Page 161 In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going. UAG4100 User’s Guide...
-
Page 162: Policy Route Screen
The actions that can be taken include: • Routing the packet to a different gateway, outgoing interface, or trunk. IPPR follows the existing packet filtering facility of RAS in style and in implementation. Figure 98 Configuration > Network > Routing > Policy Route UAG4100 User’s Guide... - Page 163 Next-Hop This is the next hop to which packets are directed. It helps forward packets to their destinations and can be a router, outgoing interface or trunk. UAG4100 User’s Guide...
-
Page 164: Policy Route Edit Screen
Click Configuration > Network > Routing to open the Policy Route screen. Then click the Add or Edit icon in the Configuration section. The Add Policy Route or Policy Route Edit screen opens. Use this screen to configure or edit a policy route. UAG4100 User’s Guide... - Page 165 Select a user name or user group from which the packets are sent. Incoming Select where the packets are coming from; any, an interface, or the UAG itself (Device). For an interface, you also need to select the individual interface. UAG4100 User’s Guide...
- Page 166 UAG send traffic that matches the policy route through the specified interface. Auto-Disable This field displays when you select Interface or Trunk in the Type field. Select this to have the UAG automatically disable this policy route when the next hop’s connection is down. DSCP Marking UAG4100 User’s Guide...
-
Page 167: Ip Static Route Screen
Click Configuration > Network > Routing > Static Route to open the Static Route screen. This screen displays the configured static routes. Configure static routes to be able to propagate the routing information to other routers. Figure 100 Configuration > Network > Routing > Static Route UAG4100 User’s Guide... -
Page 168: Static Route Add/Edit Screen
Select the radio button and enter the IP address of the next-hop gateway. The gateway is a router or switch on the same segment as your UAG's interface(s). The gateway helps forward packets to their destinations. Interface Select the radio button and a predefined interface through which the traffic is sent. UAG4100 User’s Guide... -
Page 169: Policy Routing Technical Reference
CLASS 3 CLASS 4 Low Drop Precedence AF11 (10) AF21 (18) AF31 (26) AF41 (34) Medium Drop Precedence AF12 (12) AF22 (20) AF32 (28) AF42 (36) High Drop Precedence AF13 (14) AF23 (22) AF33 (30) AF43 (38) UAG4100 User’s Guide... -
Page 170: Zones
171) to manage the UAG’s zones. 13.1.2 What You Need to Know Effects of Zones on Different Types of Traffic Zones effectively divide traffic into three types--intra-zone traffic, inter-zone traffic, and extra-zone traffic--which are affected differently by zone-based security and policy settings. UAG4100 User’s Guide... -
Page 171: The Zone Screen
The Zone screen provides a summary of all zones. In addition, this screen allows you to add, edit, and remove zones. To access this screen, click Configuration > Network > Zone. Figure 103 Configuration > Network > Zone UAG4100 User’s Guide... -
Page 172: Zone Edit
The Zone Edit screen allows you to add or edit a zone. To access this screen, go to the Zone screen (see Section 13.2 on page 171), and click the Add icon or an Edit icon. Figure 104 Network > Zone > Add UAG4100 User’s Guide... - Page 173 Member lists the interfaces that belong to the zone. Select any interfaces that you want to remove from the zone, and click the left arrow button to remove them. Click OK to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
-
Page 174: Ddns
Note: Record your DDNS account’s user name, password, and domain name to use to configure the UAG. After, you configure the UAG, it automatically sends updated IP addresses to the DDNS service provider, which helps redirect traffic accordingly. UAG4100 User’s Guide... -
Page 175: The Ddns Screen
- The IP address comes from the specified interface. auto detected -The DDNS server checks the source IP address of the packets from the UAG for the IP address to use for the domain name. custom - The IP address is static. UAG4100 User’s Guide... -
Page 176: The Dynamic Dns Add/Edit Screen
Table 81 Configuration > Network > DDNS > Add LABEL DESCRIPTION Show Advanced Click this button to display a greater or lesser number of configuration fields. Settings / Hide Advanced Settings Enable DDNS Select this check box to use this DDNS entry. Profile UAG4100 User’s Guide... - Page 177 Primary Binding Interface settings is not available. Interface Select the interface to use for updating the IP address mapped to the domain name. Select any to let the domain name be used with any interface. Select None to not use a backup address. UAG4100 User’s Guide...
- Page 178 DynDNS server delivers the mail to you. See www.dyndns.org for more information about this service. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
-
Page 179: Nat
You can also create new NAT rules and edit or delete existing ones. 15.1.2 What You Need to Know NAT is also known as virtual server, port forwarding, or port translation. Finding Out More • See Section 15.3 on page 184 for technical background information related to these screens. UAG4100 User’s Guide... -
Page 180: The Nat Screen
Mapped Port This field displays the new destination port(s) for the packet. This field is blank if there is no restriction on the original destination port. UAG4100 User’s Guide... -
Page 181: The Nat Add/Edit Screen
Table 83 Configuration > Network > NAT > Add LABEL DESCRIPTION Create new Object Use to configure any new settings objects that you need to use in this screen. Enable Rule Use this option to turn the NAT rule on or off. UAG4100 User’s Guide... - Page 182 This field displays for Many 1:1 NAT. Select to which translated destination IP address Subnet/Range subnet or IP address range this NAT rule forwards packets. The original and mapped IP address subnets or ranges must have the same number of IP addresses. UAG4100 User’s Guide...
- Page 183 Click OK to save your changes back to the UAG. Cancel Click Cancel to return to the NAT summary screen without creating the NAT rule (if it is new) or saving any changes (if it already exists). UAG4100 User’s Guide...
-
Page 184: Nat Technical Reference
The LAN user’s computer then sends traffic to IP address 1.1.1.1. NAT loopback uses the IP address of the UAG’s lan1 interface (172.16.0.1) as the source address of the traffic going from the LAN users to the LAN SMTP server. UAG4100 User’s Guide... - Page 185 NAT, the source would not match the original destination address which would cause the LAN user’s computer to shut down the session. Figure 112 LAN to LAN Return Traffic Source 172.16.0.21 Source 1.1.1.1 SMTP SMTP 172.16.0.89 172.16.0.21 UAG4100 User’s Guide...
-
Page 186: Vpn 1-1 Mapping
16.1.2 What You Need to Know VPN 1-1 Mapping, Firewall and Policy Route With VPN 1-1 mapping, the relevant packet flow for traffic from the matched user is: UAG4100 User’s Guide... -
Page 187: The Vpn 1-1 Mapping General Screen
The following table describes the labels in this screen. Table 84 Configuration > Network > VPN 1-1 Mapping LABEL DESCRIPTION Enable VPN 1-1 Select this option to enable VPN 1-1 mapping on the UAG. Mapping Click this to create a new entry. UAG4100 User’s Guide... -
Page 188: The Vpn 1-1 Mapping Edit Screen
Click Network > VPN 1-1 Mapping to open the VPN 1-1 Mapping > General screen. Then click the Add or Edit icon to open the VPN 1-1 Mapping Add/Edit Policy screen where you can configure the rule. Figure 115 Network > VPN 1-1 Mapping > Add UAG4100 User’s Guide... -
Page 189: The Vpn 1-1 Mapping Profile Screen
Web Configurator and click Configuration > Network > VPN 1-1 Mapping > Profile. The following screen appears, providing a summary of the existing IP address pool profiles. Figure 116 Configuration > Network > VPN 1-1 Mapping > Profile UAG4100 User’s Guide... - Page 190 This field displays the name of the interface the profile is set to use. Select the interface through which the UAG sends traffic from the matched users. Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 191: Http Redirect
A proxy server helps client devices make indirect requests to access the Internet or outside network resources/services. A proxy server can act as a firewall or an ALG (application layer gateway) between the private network and the Internet or other networks. It also keeps hackers from knowing internal IP addresses. UAG4100 User’s Guide... -
Page 192: The Http Redirect Screen
To configure redirection of a HTTP request to a proxy server, click Configuration > Network > HTTP Redirect. This screen displays the summary of the HTTP redirect rules. Note: You can configure up to one HTTP redirect rule for each (incoming) interface. UAG4100 User’s Guide... -
Page 193: The Http Redirect Edit Screen
Click Network > HTTP Redirect to open the HTTP Redirect screen. Then click the Add or Edit icon to open the HTTP Redirect Edit screen where you can configure the rule. Figure 119 Network > HTTP Redirect > Edit UAG4100 User’s Guide... - Page 194 Enter the IP address of the proxy server. Port Enter the port number that the proxy server uses. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
-
Page 195: Smtp Redirect
E-mail clients (also called e-mail applications) then use mail server protocols such as POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) to retrieve e-mail. E-mail clients also generally use SMTP to send messages to a mail UAG4100 User’s Guide... -
Page 196: The Smtp Redirect Screen
To configure redirection of a SMTP message to a SMTP server, click Configuration > Network > SMTP Redirect. This screen displays the summary of the SMTP redirect rules. Note: You can configure up to one SMTP redirect rule for each (incoming) interface. UAG4100 User’s Guide... -
Page 197: The Smtp Redirect Edit Screen
18.2.1 The SMTP Redirect Edit Screen Click Network > SMTP Redirect to open the SMTP Redirect screen. Then click the Add or Edit icon to open the SMTP Redirect Edit screen where you can configure the rule. UAG4100 User’s Guide... - Page 198 Object if you need to configure a new one. Select any if the rule is effective for every source. SMTP Server Enter the IP address of the SMTP server. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
-
Page 199: Alg
When the active interface’s connection fails, the client needs to re-initialize the connection through the second interface (that was set to passive) in order to have the connection go through the second interface. UAG4100 User’s Guide... -
Page 200: Before You Begin
If you are also using FTP on an additional TCP port number, enter it here. Signaling Port for Transformations Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide... -
Page 201: Upnp
• Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the NAT chapter for more information on NAT. UAG4100 User’s Guide... -
Page 202: Cautions With Upnp
Disable UPnP if this is not your intention. 20.3 UPnP Screen Use this screen to enable UPnP and NAT-PMP on your UAG. Click Configuration > Network > UPnP to display the screen shown next. Figure 124 Configuration > Network > UPnP UAG4100 User’s Guide... -
Page 203: Technical Reference
Make sure the computer is connected to a LAN port of the UAG. Turn on your computer and the UAG. 20.4.1.1 Auto-discover Your UPnP-enabled Network Device Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. Right-click the icon and select Properties. UAG4100 User’s Guide... - Page 204 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 126 Internet Connection Properties You may edit or delete the port mappings or click Add to manually add port mappings. Figure 127 Internet Connection Properties: Advanced Settings UAG4100 User’s Guide...
-
Page 205: Web Configurator Easy Access
UAG first. This comes helpful if you do not know the IP address of the UAG. Follow the steps below to access the web configurator. Click Start and then Control Panel. Double-click Network Connections. UAG4100 User’s Guide... - Page 206 Right-click on the icon for your UAG and select Invoke. The web configurator login screen displays. Figure 132 Network Connections: My Network Places Right-click on the icon for your UAG and select Properties. A properties window displays with basic information about the UAG. UAG4100 User’s Guide...
- Page 207 Chapter 20 UPnP Figure 133 Network Connections: My Network Places: Properties: Example UAG4100 User’s Guide...
-
Page 208: Ip/Mac Binding
(Section 21.3 on page 211) to configure ranges of IP addresses to which the UAG does not apply IP/MAC binding. 21.1.2 What You Need to Know DHCP IP/MAC address bindings are based on the UAG’s dynamic and static DHCP entries. UAG4100 User’s Guide... -
Page 209: Ip/Mac Binding Summary
Click Apply to save your changes back to the UAG. 21.2.1 IP/MAC Binding Edit Click Configuration > Network > IP/MAC Binding > Edit to open the IP/MAC Binding Edit screen. Use this screen to configure an interface’s IP to MAC address binding settings. UAG4100 User’s Guide... - Page 210 This is the MAC address of the device to which the UAG assigns the entry’s IP address. Description This helps identify the entry. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide...
-
Page 211: Static Dhcp Edit
Click Configuration > Network > IP/MAC Binding > Exempt List to open the IP/MAC Binding Exempt List screen. Use this screen to configure ranges of IP addresses to which the UAG does not apply IP/MAC binding. Figure 138 Configuration > Network > IP/MAC Binding > Exempt List UAG4100 User’s Guide... - Page 212 Enter the first IP address in a range of IP addresses for which the UAG does not apply IP/MAC binding. End IP Enter the last IP address in a range of IP addresses for which the UAG does not apply IP/MAC binding. Apply Click Apply to save your changes back to the UAG. UAG4100 User’s Guide...
-
Page 213: Layer 2 Isolation
(C), server (B), wireless client (A) and the Internet. Figure 139 Layer-2 Isolation Application 22.1.1 What You Can Do in this Chapter • Use the General screen (Section 22.2 on page 214) to enable layer-2 isolation on the UAG and the internal interface(s). UAG4100 User’s Guide... -
Page 214: Layer-2 Isolation General Screen
Click Reset to return the screen to its last-saved settings. 22.3 White List IP addresses that are not listed in the white list are blocked from communicating with other devices in the layer-2-isolation-enabled internal interface(s) except for broadcast packets. UAG4100 User’s Guide... -
Page 215: Add/Edit White List Rule
Note: You can configure up to 100 white list rules on the UAG. Note: You need to know the IP address of each connected device that you want to allow to be accessed by other devices when layer-2 isolation is enabled. UAG4100 User’s Guide... - Page 216 Specify a description for the IP address associated with this rule. Enter up to 60 characters, spaces and underscores allowed. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
-
Page 217: Ipnp
UAG are not in the same subnet. Figure 143 IPnP Application 23.1.1 What You Can Do in this Chapter Use the IP screen (Section 23.2 on page 218) to enable IPnP on the UAG and the internal interface(s). UAG4100 User’s Guide... -
Page 218: Ipnp Screen
Member list. To remove an interface, select the name(s) in the Member list and click the left arrow button. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide... -
Page 219: Web Authentication
(Section 24.3 on page 233) to enable and create walled garden links that display in the login screen. • Use the Configuration > Web Authentication > Advertisement screens (Section 24.4 on page 236) to enable and set advertisement links. UAG4100 User’s Guide... -
Page 220: What You Need To Know
The Web Authentication screen displays the web portal settings and web authentication policies you have configured on the UAG. The screen differs depending on what you select in the Authentication field. Click Configuration > Web Authentication to display the screen. UAG4100 User’s Guide... - Page 221 Chapter 24 Web Authentication Figure 146 Configuration > Web Authentication (Web Portal) UAG4100 User’s Guide...
- Page 222 Chapter 24 Web Authentication Figure 147 Configuration > Web Authentication (User Agreement) UAG4100 User’s Guide...
- Page 223 The Internet Information Server (IIS) is the web server on which the web portal files are installed. Session URL Specify the session page’s URL; for example, http://IIS server IP Address/session.html. The Internet Information Server (IIS) is the web server on which the web portal files are installed. UAG4100 User’s Guide...
- Page 224 If you leave this field blank, the UAG will use the welcome page of internal user agreement file. Download Click this to download an example external user agreement file for your reference. The following fields are available if you set Authentication to Web Portal or User Agreement. UAG4100 User’s Guide...
- Page 225 This displays the source address object to which this policy applies. Destination This displays the destination address object to which this policy applies. Schedule This field displays the schedule object that dictates when the policy applies. none means the policy is active at all times if enabled. UAG4100 User’s Guide...
-
Page 226: Creating/Editing An Authentication Policy
Select this check box to activate the authentication policy. This field is available for user- configured policies. Description Enter a descriptive name of up to 60 printable ASCII characters for the policy. Spaces are allowed. This field is available for user-configured policies. UAG4100 User’s Guide... -
Page 227: Set Up User Accounts
Click Configuration > Object > User/Group > User. Click the Add icon. Enter the same user name that is used in the RADIUS server, and set the User Type to ext-user because this user account is authenticated by an external server. Click OK. UAG4100 User’s Guide... - Page 228 Member list. This example only has one member in this group, so click OK. Of course you could add more members later. Figure 151 Configuration > Object > User/Group > Group > Add Repeat this process to set up the remaining user groups. UAG4100 User’s Guide...
- Page 229 Figure 152 Configuration > Object > AAA Server > RADIUS > Add Click Configuration > Object > Auth. Method. Double-click the default entry. Click the Add icon. Select group radius because the UAG should use the specified RADIUS server for authentication. Click OK. UAG4100 User’s Guide...
- Page 230 Chapter 24 Web Authentication Figure 153 Configuration > Object > Auth. method > Edit Click Configuration > Web Authentication. In the Web Authentication screen, select Web Portal to enable web authentication and click Apply. Figure 154 Configuration > Web Authentication UAG4100 User’s Guide...
- Page 231 Membership Attribute field to the attribute that the UAG is to check to determine to which group a user belongs. This example uses Class. This attribute’s value is called a group identifier; it determines to which group a user belongs. In this example the values are Finance, Engineer, Sales, and Boss. UAG4100 User’s Guide...
- Page 232 > Object > User/Group > User. Click the Add icon. Enter a user name and set the User Type to ext-group-user. In the Group Identifier field, enter Finance, Engineer, Sales, or Boss and set the Associated AAA Server Object to radius. UAG4100 User’s Guide...
-
Page 233: Walled Garden Screen
Use this screen to configure walled garden web addresses for web sites that all users are allowed to access without logging in. The web site link(s) then displays in the user login screen. Click Configuration > Web Authentication > Walled Garden to display the screen. Figure 158 Configuration > Web Authentication > Walled Garden UAG4100 User’s Guide... -
Page 234: Adding/Editing A Walled Garden Url
Garden Summary section to open the Add/Edit Walled Garden URL screen. Use this screen to configure a walled garden web site address entry. Note: You can configure up to 20 walled garden URL links. Figure 159 Configuration > Web Authentication > Walled Garden > Add/Edit UAG4100 User’s Guide... -
Page 235: Walled Garden Login Example
Click Cancel to exit this screen without saving. 24.3.2 Walled Garden Login Example The following figure shows the user login screen with two walled garden links. The links are named WalledGardenLink1 through 2 for demonstration purposes. Figure 160 Walled Garden Login Example UAG4100 User’s Guide... -
Page 236: Advertisement Screen
This field displays the descriptive name of web site. This field displays the address of web site. Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide... -
Page 237: Adding/Editing An Advertisement Url
Preview Click this button to open the specified web site in a new frame. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving. UAG4100 User’s Guide... -
Page 238: Firewall
Zones A zone is a group of interfaces. Group the UAG’s interfaces into different zones based on your needs. You can configure firewall rules for data passing between zones or even between interfaces. UAG4100 User’s Guide... - Page 239 The global firewall rules are the only firewall rules that apply to an interface that is not included in a zone. The from any rules apply to traffic coming from the interface and the to any rules apply to traffic going to the interface. UAG4100 User’s Guide...
-
Page 240: The Firewall Screen
UAG to the LAN. The following steps and figure describe such a scenario. A computer on the LAN1 initiates a connection by sending a SYN packet to a receiving server on the WAN. The UAG reroutes the packet to gateway A, which is in Subnet 2. UAG4100 User’s Guide... -
Page 241: Configuring The Firewall Screen
NAT entry that sends WAN traffic to a LAN IP address, when you configure a corresponding firewall rule to allow the traffic, you need to set the LAN IP address as the destination. • The ordering of your rules is very important as rules are applied in sequence. UAG4100 User’s Guide... - Page 242 To any displays all the firewall rules for traffic coming from the selected From Zone. From any to any displays all of the firewall rules. To Device rules are for traffic that is destined for the UAG and control which computers can manage the UAG. UAG4100 User’s Guide...
-
Page 243: The Firewall Add/Edit Screen
Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. 25.2.2 The Firewall Add/Edit Screen In the Firewall screen, click the Edit or Add icon to display the Firewall Rule Edit screen. UAG4100 User’s Guide... - Page 244 Select an IPv4 address or address group to apply an IPv4 rule to traffic going to it. Select any to apply an IPv4 rule to all traffic going to IPv4 addresses. Service Select a service or service group from the drop-down list box. UAG4100 User’s Guide...
-
Page 245: The Session Control Screen
Use this screen to limit the number of concurrent NAT/firewall sessions a client can use. You can apply a default limit for all users and individual limits for specific users, addresses, or both. The individual limit takes priority if you apply both. Figure 167 Configuration > Firewall > Session Limit UAG4100 User’s Guide... -
Page 246: The Session Limit Add/Edit Screen
Click Configuration > Firewall > Session Limit and the Add or Edit icon to display the Firewall Session Limit Edit screen. Use this screen to configure rules that define a session limit for specific users or addresses. UAG4100 User’s Guide... -
Page 247: Firewall Rule Configuration Example
172.16.1.10 through 172.16.1.15 (Dest_1) on the LAN. Click Configuration > Firewall. In the summary of firewall rules click Add to configure a new first entry. The sequence (priority) of the rules is important since they are applied in order. UAG4100 User’s Guide... - Page 248 Select From WAN and To LAN and enter a name for the firewall rule. Select Dest_1 for the Destination and Doom as the Service. Enter a description and configure the rest of the screen as follows. Click OK when you are done. UAG4100 User’s Guide...
-
Page 249: Firewall Rule Example Applications
To do this, you would configure a LAN to WAN firewall rule that blocks IRC traffic from any source IP address from going to any destination address. You do not need to specify a schedule since you need the firewall rule to always be in effect. The following figure shows the results of this rule. UAG4100 User’s Guide... - Page 250 CEO’s computer (172.16.1.7 for example) to go to any destination address. You do not need to specify a schedule since you want the firewall rule to always be in effect. The following figure shows the results of your two custom rules. UAG4100 User’s Guide...
- Page 251 The rule for the CEO must come before the rule that blocks all LAN1 to WAN IRC traffic. If the rule that blocks all LAN1 to WAN IRC traffic came first, the CEO’s IRC traffic would match that rule and the UAG would drop it and not check any other firewall rules. UAG4100 User’s Guide...
-
Page 252: Billing
He starts using the Internet for the first 20 minutes and then disconnects his Internet access to go to a 20-minute meeting. After the meeting, he only has 20 minutes left on his account. UAG4100 User’s Guide... -
Page 253: The General Screen
Unused account Enter the number and select a time unit from the drop-down list box to specify how long to will be deleted wait before the UAG deletes an account that has not been used. after the time: UAG4100 User’s Guide... -
Page 254: The Billing Profile Screen
26.3 The Billing Profile Screen Use this screen to configure the billing profiles that defines the maximum Internet access time and charge per time unit. Click Configuration > Billing > Billing Profile to open the following screen. UAG4100 User’s Guide... - Page 255 This field displays how much data in both directions (Total) or upstream data (Upload) and downstream data (Download) can be transmitted through the WAN interface before the account expires. Bandwidth (U/D) This field displays the maximum upstream (Upload) and downstream (Download) bandwidth allowed for the user account in kilobits per second. UAG4100 User’s Guide...
-
Page 256: The Account Generator Screen
Click Configuration > Billing > Billing Profile and then the Preview button to open this screen. You can also open this screen by logging into the Web Configurator with the guest-manager account. Figure 178 Account Generator UAG4100 User’s Guide... - Page 257 The following figure shows an example SMS message with account information. The SMS screen displays only when you enable SMS in the Configuration > SMS screen. You can enter the user’s UAG4100 User’s Guide...
- Page 258 Chapter 26 Billing mobile phone number and click Send SMS to send the account information in an SMS text message to the user’s mobile phone. Click Cancel to close this window when you are finished viewing it. UAG4100 User’s Guide...
-
Page 259: The Account Redeem Screen
Click Cancel to close this window when you are finished viewing it. 26.3.2 The Account Redeem Screen The Account Redeem screen allows you to send SMS messages for certain accounts. Click the Account Redeem tab in the Account Generator screen to open this screen. UAG4100 User’s Guide... - Page 260 Charge This field displays the total cost of the account. Payment Info This field displays the method of payment for each account. Phone Num This field displays the mobile phone number for the account. UAG4100 User’s Guide...
-
Page 261: The Billing Profile Add/Edit Screen
The first character must be a letter. Price Define each profile’s price, up to 999999.99, per time unit. Time Period Set the duration of the billing period (minute, hour, or day). When this period expires, the user’s access will be stopped. UAG4100 User’s Guide... -
Page 262: The Discount Screen
(fewer units purchased) and lower rates per unit at higher levels (more units purchased). Click Configuration > Billing > Discount to open the following screen. Note: The discount price plan does not apply to users who purchase access time online with a credit card. UAG4100 User’s Guide... - Page 263 Price This field displays the price per time unit for each level. Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 264: The Discount Add/Edit Screen
Internet. You must register with the supported credit card service before you can configure the UAG to handle credit card transactions. Click Configuration > Billing > Payment Service to open the following screen. UAG4100 User’s Guide... - Page 265 Enter the ID token provided to you by PayPal after successfully applying for your PayPal account. Payment Enter the address of the PayPal gateway provided to you by PayPal after applying for your Gateway PayPal account. Account Delivery Method UAG4100 User’s Guide...
-
Page 266: The Payment Service Custom Service Screen
Use this screen to customize the online payment service pages that displays after an unauthorized user click the link in the Web Configurator login screen to purchase access time. Click Configuration > Billing > Payment Service > Custom Service to open the following screen. UAG4100 User’s Guide... - Page 267 Chapter 26 Billing Figure 184 Configuration > Billing > Payment Service > Custom Service UAG4100 User’s Guide...
- Page 268 Enter a note to display when you set the UAG to send account information via SMS text Message messages. Use up to 1024 printable ASCII characters. Spaces are allowed. Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 269: Printer Manager
271) to customize the account printout. 27.2 The General Screen Use this screen to configure a printer list and allow the UAG to monitor the printer status. Click Configuration > Printer Manager > General to open the following screen. UAG4100 User’s Guide... - Page 270 Select how many copies of subscriber statements you want to print (1 is the default). Copies Printer List Use this section to add the printer(s) that can be managed by the UAG. Click this to create a new entry. UAG4100 User’s Guide...
-
Page 271: The Printout Configuration Screen
Click this button to return the screen to its last-saved settings. 27.3 The Printout Configuration Screen Use this screen to customize the account printout. Click Configuration > Printer Manager > Printout Configuration to open the following screen. Figure 186 Configuration > Printer Manager > Printout Configuration UAG4100 User’s Guide... -
Page 272: Reports Overview
Note: You must press the key combination on the SP350E within five seconds to print. Table 126 Report Printing Key Combinations REPORT TYPE KEY COMBINATION Daily Account Summary A B C A A Monthly Account Summary A B C B A UAG4100 User’s Guide... -
Page 273: Daily Account Summary
For example, if you press the monthly account key combination on 2013/05/17 at 20:00:00, the monthly account report includes the accounts created from 2013/05/ 01 at 00:00:01 to 2013/05/17 at 19:59:59. Key combination: A B C B A The following figure shows an example. UAG4100 User’s Guide... -
Page 274: Account Report Notes
(up to 2000 entries total). 27.3.6 System Status This report shows the current system information such as the host name and WAN IP address. Key combination: A B C C A The following figure shows an example. UAG4100 User’s Guide... - Page 275 This field displays the end of the continuous addresses in the IP address pool. CPUS This field displays the UAG’s recent CPU usage. MEMS This field displays the UAG’s recent memory usage. DKST This field displays what percentage of the UAG’s onboard flash memory is currently being used. UAG4100 User’s Guide...
-
Page 276: Free Time
Internet surfing during the specified time period. 28.2 The Free Time Screen Use this screen to enable and configure the free time settings. Click Configuration > Free Time to open the following screen. Figure 190 Configuration > Free Time UAG4100 User’s Guide... - Page 277 Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. The following figure shows an example login screen with a link to create a free guest account. UAG4100 User’s Guide...
- Page 278 You can still click the link to get a free account. If SMS is enabled on the UAG, you have to enter your mobile phone number before clicking OK to get a free guest account. UAG4100 User’s Guide...
- Page 279 Chapter 28 Free Time The guest account information then displays in the screen and/or is sent to the configured mobile phone number. UAG4100 User’s Guide...
-
Page 280: Sms
Click Configuration > SMS to open the following screen. Figure 191 Configuration > SMS The following table describes the labels in this screen. Table 129 Configuration > SMS LABEL DESCRIPTION General Settings Enable SMS Select the check box to turn on the SMS service. UAG4100 User’s Guide... - Page 281 Type the Password associated with the user name. Retype to Type your password again for confirmation. Confirm Apply Click this button to save your changes to the UAG. Reset Click this button to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 282: Bandwidth Management
In the following example, you configure a Per-user bandwidth management rule for billing-users to limit outgoing traffic to 300 kbs. Then all billing-users (A, B and C) can send 300 kbps of traffic. UAG4100 User’s Guide... - Page 283 • Outbound traffic goes from a LAN1 device to a WAN device. Bandwidth management is applied before sending the packets out a WAN interface on the UAG. • Inbound traffic comes back from the WAN device to the LAN1 device. Bandwidth management is applied before sending the traffic out a LAN1 interface. UAG4100 User’s Guide...
- Page 284 • Then lower-priority traffic gets bandwidth. • The UAG uses a fairness-based (round-robin) scheduler to divide bandwidth among traffic flows with the same priority. • The UAG automatically treats traffic with bandwidth management disabled as priority 7 (the lowest priority). UAG4100 User’s Guide...
- Page 285 (800 kbps), leaving only 200 kbps for server B. Table 131 Priority Effect POLICY CONFIGURED RATE MAX. B. U. PRIORITY ACTUAL RATE 800 kbps 800 kbps 1000 kbps 200 kbps UAG4100 User’s Guide...
-
Page 286: The Bandwidth Management Screen
The default bandwidth management policy is the one with the priority of “default”. It is the last policy the UAG checks if traffic does not match any other bandwidth management policies you have configured. You cannot remove, activate, deactivate or move the default bandwidth management policy. UAG4100 User’s Guide... - Page 287 This is the destination interface of the traffic to which this policy applies. Interface Source This is the source address or address group for whom this policy applies. If any displays, the policy is effective for every source. UAG4100 User’s Guide...
-
Page 288: The Bandwidth Management Add/Edit Screen
The Configuration > BWM Add/Edit screen allows you to create a new condition or edit an existing one. To access this screen, go to the Configuration > BWM screen (see Section 30.2 on page 286), and click either the Add icon or an Edit icon. UAG4100 User’s Guide... - Page 289 Chapter 30 Bandwidth Management Figure 196 Configuration > BWM > Edit (For the Default Policy) Configuration > BWM > Add/Edit Figure 197 UAG4100 User’s Guide...
- Page 290 “af” identifies one of four classes and one of three drop preferences. See Section 12.4 on page 169 for more details. Select preserve to have the UAG keep the packets’ original DSCP value. Select default to have the UAG set the DSCP value of the packets to 0. UAG4100 User’s Guide...
- Page 291 Select whether to have the UAG generate a log (log), log and alert (log alert) or not (no) for packets that match the policy. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
-
Page 292: User/Group
WWW, TELNET, SSH, Console Perform basic diagnostics (CLI) Access Users ext-user External user account ext-group-user External group user account guest-manager Create dynamic guest accounts pre-subscriber Access network services Web Authentication Portal dynamic-guest Access network services Web Authentication Portal UAG4100 User’s Guide... - Page 293 UAG4100 User’s Guide...
-
Page 294: User Summary Screen
31.2 User Summary Screen The User screen provides a summary of all user accounts. To access this screen, login to the Web Configurator, and click Configuration > Object > User/Group. UAG4100 User’s Guide... -
Page 295: User Add/Edit Screen
- this user has access to the UAG’s services but cannot look at the configuration. Description This field displays the description for each user. 31.2.1 User Add/Edit Screen The User Add/Edit screen allows you to create a new user account or edit an existing one. UAG4100 User’s Guide... - Page 296 • zyxel To access this screen, go to the User screen (see Section 31.2 on page 294), and click either the Add icon or an Edit icon. Figure 199 Configuration > User/Group > User > Add UAG4100 User’s Guide...
- Page 297 UAG in one session before the user has to log in again. You can specify 1 to 1440 minutes. You can enter 0 to make the number of minutes unlimited. Unlike Lease Time, the user has no opportunity to renew the session without logging out. UAG4100 User’s Guide...
-
Page 298: User Group Summary Screen
The Group Add/Edit screen allows you to create a new user group or edit an existing one. To access this screen, go to the Group screen (see Section 31.3 on page 298), and click either the Add icon or an Edit icon. UAG4100 User’s Guide... -
Page 299: The User/Group Setting Screen
UAG. You can also use this screen to specify when users must log in to the UAG before it routes traffic for them. To access this screen, login to the Web Configurator, and click Configuration > Object > User/ Group > Setting. UAG4100 User’s Guide... - Page 300 Edit Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings. This field is a sequential value, and it is not associated with a specific entry. UAG4100 User’s Guide...
- Page 301 IP addresses. Maximum number per This field is effective when Limit number of simultaneous logons for access account access account is checked. Type the maximum number of simultaneous logins by each access user. UAG4100 User’s Guide...
-
Page 302: Default User Settings Edit Screens
To access this screen, go to the Configuration > Object > User/Group > Setting screen (see Section 31.4 on page 299), and select one of the Default Settings section’s entry and click the Edit icons. Figure 203 Configuration > Object > User/Group > Setting > Edit UAG4100 User’s Guide... -
Page 303: User Aware Login Example
31.4.2 User Aware Login Example Access users cannot use the Web Configurator to browse the configuration of the UAG. Instead, after access users log into the UAG, the following screen appears. Figure 204 Web Configurator for Non-Admin Users UAG4100 User’s Guide... -
Page 304: User /Group Technical Reference
Lease Time. Possible Values: 1-1440 (minutes). reauthTime Reauthentication Time. Possible Values: 1-1440 (minutes). The following example shows you how you might set up user attributes in RADIUS servers. Figure 205 RADIUS Example: Keywords for User Attributes type=user;leaseTime=222;reauthTime=222 UAG4100 User’s Guide... - Page 305 Web Configurator, to create the accounts. Extract the user names from the RADIUS server, and create a shell script that creates the user accounts. See Chapter 42 on page 418 for more information about shell scripts. UAG4100 User’s Guide...
-
Page 306: Ap Profile
The SSID (Service Set IDentifier) is the name that identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. In other words, it is the name of the wireless network that clients use to connect to it. UAG4100 User’s Guide... -
Page 307: Radio Screen
To access this screen click Configuration > Object > AP Profile. Note: You can have a maximum of 32 radio profiles on the UAG. Figure 206 Configuration > Object > AP Profile > Radio UAG4100 User’s Guide... - Page 308 WLAN of the mangaed AP (to which the radio profile is applied) is active at all times if the profile is enabled. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 309: Add/Edit Radio Profile
This screen allows you to create a new radio profile or edit an existing one. To access this screen, click the Add button or select a radio profile from the list and click the Edit button. Figure 207 Configuration > Object > AP Profile > Add/Edit Radio Profile UAG4100 User’s Guide... - Page 310 Message Protocol Data Unit (MPDU) aggregation collects Ethernet frames along with their 802.11n headers and wraps them in a 802.11n MAC header. This method is useful for increasing bandwidth throughput in environments that are prone to high error rates. UAG4100 User’s Guide...
- Page 311 Select the check box and set a minimum client signal strength for connecting to the AP. -20 dBm is the strongest signal you can require and -76 is the weakest. Clear the check box to not require wireless clients to have a minimum signal strength to connect to the AP. UAG4100 User’s Guide...
-
Page 312: Ssid Screen
(such as the WiFi adapter in a laptop), and is displayed as the wireless network name when a person makes a connection to it. To access this screen click Configuration > Object > AP Profile > SSID. UAG4100 User’s Guide... - Page 313 This field indicates the QoS type associated with the SSID profile. MAC Filtering This field indicates which (if any) MAC Filter Profile is associated with the SSID profile. Profile VLAN ID This field indicates the VLAN ID associated with the SSID profile. UAG4100 User’s Guide...
-
Page 314: Add/Edit Ssid Profile
MAC filtering allows you to limit the wireless clients connecting to your network through a particular SSID by wireless client MAC addresses. Any clients that have MAC addresses not in the MAC filtering profile of allowed addresses are denied connections. The disable setting means no MAC filtering is used. UAG4100 User’s Guide... -
Page 315: Security List
This screen allows you to manage wireless security configurations that can be used by your SSIDs. Wireless security is implemented strictly between the AP broadcasting the SSID and the stations that are connected to it. To access this screen click Configuration > Object > AP Profile > SSID > Security List. UAG4100 User’s Guide... - Page 316 This field is a sequential value, and it is not associated with a specific profile. Profile Name This field indicates the name assigned to the security profile. Security Mode This field indicates this profile’s security mode (if any). UAG4100 User’s Guide...
-
Page 317: Add/Edit Security Profile
Enter up to 31 alphanumeric characters for the profile name. This name is only visible in the Web Configurator and is only for management purposes. Spaces and underscores are allowed. Security Mode Select a security mode from the list: wep, wpa, wpa2, or wpa2-mix. UAG4100 User’s Guide... - Page 318 WEP encryption protocol to further secure. Not all wireless clients may support this. • aes - This is the Advanced Encryption Standard encryption method. It is a more recent development over TKIP and considerably more robust. Not all wireless clients may support this. UAG4100 User’s Guide...
-
Page 319: Mac Filter List
This field is a sequential value, and it is not associated with a specific profile. Profile Name This field indicates the name assigned to the MAC filtering profile. Filter Action This field indicates this profile’s filter action (if any). UAG4100 User’s Guide... -
Page 320: Add/Edit Mac Filter Profile
This field displays a description for the MAC address associated with this profile. You can click the description to make it editable. Enter up to 60 characters, spaces and underscores allowed. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide... -
Page 321: Addresses
The Address screen provides a summary of all addresses in the UAG. To access this screen, click Configuration > Object > Address > Address. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. UAG4100 User’s Guide... -
Page 322: Address Add/Edit Screen
To access this screen, go to the Address screen (see Section 33.2 on page 321), and click either the Add icon or an Edit icon in the Configuration section. Figure 215 IPv4 Address Configuration > Add/Edit UAG4100 User’s Guide... -
Page 323: Address Group Summary Screen
Configuration > Object > Address > Address Group. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 216 Configuration > Object > Address > Address Group UAG4100 User’s Guide... -
Page 324: Address Group Add/Edit Screen
To access this screen, go to the Address Group screen (see Section 33.3 on page 323), and click either the Add icon or an Edit icon in the Configuration section. Figure 217 Address Group Configuration > Add UAG4100 User’s Guide... - Page 325 Move any members you do not want included to the Available list. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
-
Page 326: Services
For example, ICMP is used to send the response if a computer cannot be reached. Another use is ping. ICMP does not guarantee delivery, but networks often treat ICMP messages differently, sometimes looking at the message itself to decide where to send it. UAG4100 User’s Guide... -
Page 327: The Service Summary Screen
To access this screen, log in to the Web Configurator, and click Configuration > Object > Service > Service. Click a column’s heading cell to sort the table entries by that column’s criteria. Click the heading cell again to reverse the sort order. Figure 218 Configuration > Object > Service > Service UAG4100 User’s Guide... -
Page 328: The Service Add/Edit Screen
Number Enter the number of the next-level protocol (IP protocol). Allowed values are 1 - 255. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide... -
Page 329: The Service Group Summary Screen
The Service Group Add/Edit screen allows you to create a new service group or edit an existing one. To access this screen, go to the Service Group screen (see Section 34.3 on page 329), and click either the Add icon or an Edit icon. UAG4100 User’s Guide... - Page 330 Move any members you do not want included to the Available list. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide...
-
Page 331: Schedules
Recurring schedules are useful for defining the workday and off-work hours. Finding Out More • See Section 40.4 on page 364 for information about the UAG’s current date and time. UAG4100 User’s Guide... -
Page 332: The Schedule Summary Screen
This field displays the name of the schedule, which is used to refer to the schedule. Start Time This field displays the time at which the schedule begins. Stop Time This field displays the time at which the schedule ends. UAG4100 User’s Guide... -
Page 333: The One-Time Schedule Add/Edit Screen
Specify the hour and minute when the schedule ends. • Hour - 0 - 23 • Minute - 0 - 59 Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide... -
Page 334: The Recurring Schedule Add/Edit Screen
Minute - 0 - 59 Weekly Week Days Select each day of the week the recurring schedule is effective. Click OK to save your changes back to the UAG. Cancel Click Cancel to exit this screen without saving your changes. UAG4100 User’s Guide... -
Page 335: Aaa Server
The following lists the types of authentication server the UAG supports. • Local user database The UAG uses the built-in local user database to authenticate administrative users logging into the UAG’s Web Configurator or network access users logging into the network through the UAG. UAG4100 User’s Guide... -
Page 336: Radius Server Summary
Click Configuration > Object > AAA Server > RADIUS to display the RADIUS screen. Click the Add icon or an Edit icon to display the following screen. Use this screen to create a new RADIUS entry or edit an existing one. UAG4100 User’s Guide... - Page 337 Authentication Server Settings Server Address Enter the address of the RADIUS authentication server. Authentication Specify the port number on the RADIUS server to which the UAG sends authentication Port requests. Enter a number between 1 and 65535. UAG4100 User’s Guide...
- Page 338 NAS Identifier If the RADIUS server requires the UAG to provide the Network Access Server identifier attribute with a specific value, enter it here. Case-sensitive Select this if the server checks the case of the usernames. User Names UAG4100 User’s Guide...
- Page 339 “RD”, and “management”. Then you could also create a ext-group-user user object for each group. One with “sales” as the group identifier, another for “RD” and a third for “management”. Click OK to save the changes. Cancel Click Cancel to discard the changes. UAG4100 User’s Guide...
-
Page 340: Authentication Method
37.2 Authentication Method Objects Click Configuration > Object > Auth. Method to display the screen as shown. Note: You can create up to four authentication method objects. Figure 228 Configuration > Object > Auth. Method UAG4100 User’s Guide... -
Page 341: Creating An Authentication Method Object
Note: You can NOT select two server objects of the same type. Click OK to save the settings or click Cancel to discard all changes and return to the previous screen. UAG4100 User’s Guide... - Page 342 UAG does not continue the search on the second authentication server when you enter the username and password that doesn’t match the one on the first authentication server. Click OK to save the changes. Cancel Click Cancel to discard the changes. UAG4100 User’s Guide...
-
Page 343: Certificates
Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the message, no-one can have altered it (because they cannot re-sign the message with Tim’s private key). UAG4100 User’s Guide... - Page 344 The UAG currently allows the importation of a PKS#7 file that contains a single certificate. • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form. UAG4100 User’s Guide...
-
Page 345: Verifying A Certificate
Make sure that the certificate has a “.cer” or “.crt” file name extension. Figure 230 Remote Host Certificates Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 231 Certificate Details UAG4100 User’s Guide... -
Page 346: The My Certificates Screen
This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name. UAG4100 User’s Guide... -
Page 347: The My Certificates Add Screen
Click Configuration > Object > Certificate > My Certificates and then the Add icon to open the My Certificates Add screen. Use this screen to have the UAG create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. UAG4100 User’s Guide... - Page 348 @ symbol, periods and the underscore. Organizational Unit Identify the organizational unit or department to which the certificate owner belongs. You can use up to 31 characters. You can use alphanumeric characters, the hyphen and the underscore. UAG4100 User’s Guide...
-
Page 349: The My Certificates Edit Screen
38.2.2 The My Certificates Edit Screen Click Configuration > Object > Certificate > My Certificates and then the Edit icon to open the My Certificate Edit screen. You can use this screen to view in-depth certificate information and change the certificate’s name. UAG4100 User’s Guide... - Page 350 The UAG does not trust the certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked. Refresh Click Refresh to display the certification path. UAG4100 User’s Guide...
- Page 351 You can copy and paste a certificate into an e-mail to send to friends or colleagues or you can copy and paste a certificate into a text editor and save the file on a management computer for later distribution (via floppy disk for example). UAG4100 User’s Guide...
-
Page 352: The My Certificates Import Screen
The certificate you import replaces the corresponding request in the My Certificates screen. You must remove any spaces from the certificate’s filename before you can import it. Figure 235 Configuration > Object > Certificate > My Certificates > Import UAG4100 User’s Guide... -
Page 353: The Trusted Certificates Screen
To remove an entry, select it and click Remove. The UAG confirms you want to remove it before doing so. Subsequent certificates move up by one when you take this action. UAG4100 User’s Guide... -
Page 354: The Trusted Certificates Edit Screen
Trusted Certificates Edit screen. Use this screen to view in-depth information about the certificate, change the certificate’s name and set whether or not you want the UAG to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. UAG4100 User’s Guide... - Page 355 Chapter 38 Certificates Figure 237 Configuration > Object > Certificate > Trusted Certificates > Edit UAG4100 User’s Guide...
- Page 356 Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the UAG uses RSA encryption) and the length of the key set in bits (1024 bits for example). UAG4100 User’s Guide...
-
Page 357: The Trusted Certificates Import Screen
Trusted Certificates Import screen. Follow the instructions in this screen to save a trusted certificate to the UAG. Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 238 Configuration > Object > Certificate > Trusted Certificates > Import UAG4100 User’s Guide... - Page 358 You cannot import a certificate with the same name as a certificate that is already in the UAG. Browse Click Browse to find the certificate file you want to upload. Click OK to save the certificate on the UAG. Cancel Click Cancel to quit and return to the previous screen. UAG4100 User’s Guide...
-
Page 359: Isp Accounts
To remove an entry, select it and click Remove. The UAG confirms you want to remove it before doing so. Object Reference Select an entry and click Object Reference to open a screen that shows which settings use the entry. See Section 10.3.2 on page 123 for an example. UAG4100 User’s Guide... -
Page 360: Isp Account Edit
This field is read-only if you are editing an existing account. Select the protocol used by the ISP account. Options are: pppoe - This ISP account uses the PPPoE protocol. pptp - This ISP account uses the PPTP protocol. UAG4100 User’s Guide... - Page 361 ISP Account Edit screen. Cancel Click Cancel to return to the ISP Account screen without creating the profile (if it is new) or saving any changes to the profile (if it already exists). UAG4100 User’s Guide...
-
Page 362: System
IP addresses the access can come. • The Language screen (Section 40.12 on page 402) sets the user interface language for the UAG’s Web Configurator screens. Note: See each section for related background information and term definitions. UAG4100 User’s Guide... -
Page 363: Host Name
Note: Only connect one USB device. It must allow writing (it cannot be read-only) and use the FAT16, FAT32, EXT2, or EXT3 file system. Click Configuration > System > USB Storage to open the screen as shown next. UAG4100 User’s Guide... -
Page 364: Date And Time
To change your UAG’s time based on your local time zone and date, click Configuration > System > Date/Time. The screen displays as shown. You can manually set the UAG’s time and date or have the UAG get the date and time from a time server. UAG4100 User’s Guide... - Page 365 This field displays the last updated date from the time server or the last date configured (yyyy-mm-dd) manually. When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. UAG4100 User’s Guide...
- Page 366 For example, if you set this field to 3.5, a log occurred at 6 P.M. in local official time will appear as if it had occurred at 10:30 P.M. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 367: Pre-Defined Ntp Time Servers List
Enter the UAG’s date in the New Date field. Under Time Zone Setup, select your Time Zone from the list. As an option you can select the Enable Daylight Saving check box to adjust the UAG clock for daylight savings. Click Apply. UAG4100 User’s Guide... -
Page 368: Console Port Speed
The Console Port Speed applies to a console port connection using terminal emulation software and NOT the Console in the UAG Web Configurator Status screen. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide... -
Page 369: Dns Overview
DDNS and the time server. You can also configure the UAG to accept or discard DNS queries. Use the Network > Interface screens to configure the DNS server information that the UAG sends to the specified DHCP client devices. Figure 246 Configuration > System > DNS UAG4100 User’s Guide... - Page 370 This is the domain name where the mail is destined for. IP/FQDN This is the IP address or Fully-Qualified Domain Name (FQDN) of a mail server that handles the mail for the domain specified in the field above. UAG4100 User’s Guide...
-
Page 371: Address Record
A PTR (pointer) record is also called a reverse record or a reverse lookup record. It is a mapping of an IP address to a domain name. 40.6.5 Adding an Address/PTR Record Click the Add icon in the Address/PTR Record table to add an address/PTR record. UAG4100 User’s Guide... -
Page 372: Domain Zone Forwarder
For example, zyxel.com.tw is the domain zone for the www.zyxel.com.tw fully qualified domain name. 40.6.7 Adding a Domain Zone Forwarder Click the Add icon in the Domain Zone Forwarder table to add a domain zone forwarder record. UAG4100 User’s Guide... -
Page 373: Mx Record
Each host or domain can have only one MX record, that is, one domain is mapping to one host. 40.6.9 Adding a MX Record Click the Add icon in the MX Record table to add a MX record. UAG4100 User’s Guide... -
Page 374: Adding A Dns Service Control Rule
Select a predefined zone on which a DNS query to the UAG is allowed or denied. Action Select Accept to have the UAG allow the DNS queries from the specified computer. Select Deny to have the UAG reject the DNS queries from the specified computer. UAG4100 User’s Guide... -
Page 375: Www Overview
You can change the timeout settings in the User/Group screens. 40.7.3 HTTPS You can set the UAG to use HTTP or HTTPS (HTTPS adds security) for Web Configurator sessions. Specify which zones allow Web Configurator access and from which IP address the access can come. UAG4100 User’s Guide... -
Page 376: Configuring Www Service Control
Note: Admin Service Control deals with management access (to the Web Configurator). User Service Control deals with user access to the UAG (logging into a web portal to access the Internet for example). UAG4100 User’s Guide... - Page 377 The HTTPS server listens on port 443 by default. If you change the HTTPS server port to a different number on the UAG, for example 8443, then you must notify people who need to access the UAG Web Configurator to use “https://UAG IP Address:8443” as the URL. UAG4100 User’s Guide...
- Page 378 UAG (to log into a web portal to access the Internet for example). You can also specify the IP addresses from which the users can access the UAG. Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry. UAG4100 User’s Guide...
-
Page 379: Service Control Rules
40.7.5 Service Control Rules Click Add or Edit in the Service Control table in a WWW, SSH, Telnet, FTP or SNMP screen to add a service control rule. Figure 253 Configuration > System > Service Control Rule > Edit UAG4100 User’s Guide... -
Page 380: Customizing The Www Login Page
Web Configurator login screen. You can also customize the page that displays after an access user logs into the Web Configurator to access network services like the Internet. See Chapter 31 on page 292 for more on access user accounts. UAG4100 User’s Guide... - Page 381 Chapter 40 System Figure 254 Configuration > System > WWW > Login Page The following figures identify the parts you can customize in the login and access pages. UAG4100 User’s Guide...
- Page 382 • Click Color to display a screen of web-safe colors from which to choose. • Enter the name of the desired color. • Enter a pound sign (#) followed by the six-digit hexadecimal number that represents the desired color. For example, use “#000000” for black. UAG4100 User’s Guide...
- Page 383 Browse to locate it. The picture’s size cannot be over 438 x 337 pixels. Note: Use a GIF, JPG, or PNG of 100 kilobytes or less. To use a color, select Color and specify the color. UAG4100 User’s Guide...
-
Page 384: Https Example
Click Technical Details if you want to verify more information about the certificate from the UAG. Select I Understand the Risks and then click Add Exception to add the UAG to the security exception list. Click Confirm Security Exception. UAG4100 User’s Guide... - Page 385 40.7.7.4 Login Screen After you accept the certificate, the UAG login screen appears. The lock displayed in the bottom of the browser status bar denotes a secure connection. UAG4100 User’s Guide...
- Page 386 The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). 40.7.7.5.1 Installing the CA’s Certificate Double click the CA’s trusted certificate to produce a screen similar to the one shown next. UAG4100 User’s Guide...
- Page 387 You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment. Double-click the personal certificate given to you by the CA to produce a screen similar to the one shown next Click Next to begin the wizard. UAG4100 User’s Guide...
- Page 388 The file name and path of the certificate you double-clicked should automatically appear in the File name text box. Click Browse if you wish to import a different certificate. Figure 264 Personal Certificate Import Wizard 2 Enter the password given to you by the CA. UAG4100 User’s Guide...
- Page 389 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. Figure 266 Personal Certificate Import Wizard 4 Click Finish to complete the wizard and begin the import process. UAG4100 User’s Guide...
- Page 390 When Authenticate Client Certificates is selected on the UAG, the following screen asks you to select a personal certificate to send to the UAG. This screen displays even if you only have a single certificate as in the example. UAG4100 User’s Guide...
-
Page 391: Ssh
SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. In the following figure, computer A on the Internet uses SSH to securely connect to the WAN port of the UAG for a management session. UAG4100 User’s Guide... -
Page 392: How Ssh Works
The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer. Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. UAG4100 User’s Guide... -
Page 393: Ssh Implementation On The Uag
IP address(es) in the Service Control table to access the UAG CLI using this service. Version 1 Select the check box to have the UAG use both SSH version 1 and version 2 protocols. If you clear the check box, the UAG uses only SSH version 2 protocol. UAG4100 User’s Guide... -
Page 394: Secure Telnet Using Ssh Examples
Launch the SSH client and specify the connection information (IP address, port number) for the UAG. Configure the SSH client to accept connection using SSH version 1. A window displays prompting you to store the host key in you computer. Click Yes to continue. UAG4100 User’s Guide... - Page 395 The authenticity of host '172.16.0.1 (172.16.0.1)' can't be established. RSA1 key fingerprint is 21:6c:07:25:7e:f4:75:80:ec:af:bd:d4:3d:80:53:d1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.0.1' (RSA1) to the list of known hosts. Administrator@172.16.0.1's password: The CLI screen displays next. UAG4100 User’s Guide...
-
Page 396: Telnet
To change an entry’s position in the numbered list, select the method and click Move to display a field to type a number for where you want to put it and press [ENTER] to move the rule to the number that you typed. UAG4100 User’s Guide... -
Page 397: Ftp
Use this screen to specify from which zones FTP can be used to access the UAG. You can also specify from which IP addresses the access can come. Figure 279 Configuration > System > FTP UAG4100 User’s Guide... -
Page 398: Snmp
Your UAG supports SNMP agent functionality, which allows a manager station to manage and monitor the UAG through the network. The UAG supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. UAG4100 User’s Guide... -
Page 399: Supported Mibs
MIBs (private.mib and enterprise.mib) to collect information about CPU and memory usage. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. You can download the UAG’s MIBs from www.zyxel.com. UAG4100 User’s Guide... -
Page 400: Snmp Traps
Use this screen to configure your SNMP settings, including from which zones SNMP can be used to access the UAG. You can also specify from which IP addresses the access can come. Figure 281 Configuration > System > SNMP UAG4100 User’s Guide... - Page 401 This displays whether the computer with the IP address specified above can access the UAG zone(s) configured in the Zone field (Accept) or not (Deny). Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide...
-
Page 402: Language
Select a display language for the UAG’s Web Configurator screens. You also need to open a new browser session to display the screens in the new language. Apply Click Apply to save your changes back to the UAG. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide... -
Page 403: Log And Report
Note: Data collection may decrease the UAG’s traffic throughput rate. Click Configuration > Log & Report > Email Daily Report to display the following screen. Configure this screen to have the UAG e-mail you system statistics every day. UAG4100 User’s Guide... - Page 404 Chapter 41 Log and Report Figure 283 Configuration > Log & Report > Email Daily Report UAG4100 User’s Guide...
-
Page 405: Log Settings Screens
MONITOR > Log screen. Use the e-mail profiles to mail log messages to the specific destinations. You can also have the UAG store system logs on a connected USB storage device. The other four logs are stored on specified syslog servers. UAG4100 User’s Guide... -
Page 406: Log Settings Summary
To turn off an entry, select it and click Inactivate. This field is a sequential value, and it is not associated with a specific log. Status This icon is lit when the entry is active and dimmed when the entry is inactive. UAG4100 User’s Guide... -
Page 407: Edit System Log Settings
The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen (see Section 41.3.1 on page 406), and click the system log Edit icon. UAG4100 User’s Guide... - Page 408 Chapter 41 Log and Report Figure 285 Configuration > Log & Report > Log Settings > Edit (System Log) UAG4100 User’s Guide...
- Page 409 Using the System Log drop-down list to disable all logs overrides your e-mail server 1 settings. enable normal logs (green check mark) - e-mail log messages for all categories to e-mail server 1. enable alert logs (red exclamation point) - e-mail alerts for all categories to e-mail server 1. UAG4100 User’s Guide...
-
Page 410: Edit Log On Usb Storage Setting
The Edit Log on USB Storage Setting screen controls the detailed settings for saving logs to a connected USB storage device. Go to the Log Setting Summary screen (see Section 41.3.1 on page 406), and click the USB storage Edit icon. UAG4100 User’s Guide... - Page 411 (yellow check mark) - send the remote server log messages, alerts, and debugging information for all log categories. This field is a sequential value, and it is not associated with a specific entry. UAG4100 User’s Guide...
-
Page 412: Edit Remote Server Log Settings
The Log Settings Edit screen controls the detailed settings for each log in the remote server (syslog). Go to the Log Settings Summary screen (see Section 41.3.1 on page 406), and click a remote server Edit icon. UAG4100 User’s Guide... - Page 413 Chapter 41 Log and Report Figure 287 Configuration > Log & Report > Log Settings > Edit (Remote Server) UAG4100 User’s Guide...
-
Page 414: Log Category Settings Screen
(for example, where and how often log information is e-mailed or remote server names). To access this screen, go to the Log Settings Summary screen (see Section 41.3.1 on page 406), and click the Log Category Settings button. UAG4100 User’s Guide... - Page 415 This screen provides a different view and a different way of indicating which messages are included in each log and each alert. Please see Section 41.3.2 on page 407, where this process is discussed. (The Default category includes debugging messages generated by open source software.) UAG4100 User’s Guide...
- Page 416 Log Category This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software. UAG4100 User’s Guide...
- Page 417 (yellow check mark) - log regular information, alerts, and debugging information from this category Click this to save your changes and return to the previous screen. Cancel Click this to return to the previous screen without saving your changes. UAG4100 User’s Guide...
-
Page 418: File Manager
When you apply a configuration file, the UAG uses the factory default settings for any features that the configuration file does not include. When you run a shell script, the UAG only applies the commands that it contains. Other settings do not change. UAG4100 User’s Guide... -
Page 419: Comments In Configuration Files Or Shell Scripts
Your configuration files or shell scripts can use “exit” or a command line consisting of a single “!” to have the UAG exit sub command mode. Note: “exit” or “!'” must follow sub commands if it is to make the UAG exit sub command mode. UAG4100 User’s Guide... -
Page 420: The Configuration File Screen
Once your UAG is configured and functioning properly, it is highly recommended that you back up your configuration file before making further configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. UAG4100 User’s Guide... - Page 421 The UAG still generates a log for any errors. Figure 290 Maintenance > File Manager > Configuration File Do not turn off the UAG while configuration file upload is in progress. UAG4100 User’s Guide...
- Page 422 Specify a name for the duplicate configuration file. Use up to 25 characters (including a-zA- Z0-9;‘~!@#$%^&()_+[]{}’,.=-). Click OK to save the duplicate or click Cancel to close the screen without saving a duplicate of the configuration file. UAG4100 User’s Guide...
- Page 423 This column displays the number for each configuration file entry. This field is a sequential value, and it is not associated with a specific address. The total number of configuration files that you can save depends on the sizes of the configuration files and the available flash storage space. UAG4100 User’s Guide...
-
Page 424: The Firmware Package Screen
Find the firmware package at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, “UAG.bin”. The firmware update can take up to five minutes. Do not turn off or reset the UAG while the firmware update is in progress! UAG4100 User’s Guide... - Page 425 Figure 296 Network Temporarily Disconnected After five minutes, log in again and check your new firmware version in the Dashboard screen. If the upload was not successful, the following message appears in the status bar at the bottom of the screen. UAG4100 User’s Guide...
-
Page 426: The Shell Script Screen
Note: You should include write commands in your scripts. If you do not use the write command, the changes will be lost when the UAG restarts. You could use multiple write commands in a long script. Figure 298 Maintenance > File Manager > Shell Script UAG4100 User’s Guide... - Page 427 This column displays the label that identifies a shell script file. Size This column displays the size (in KB) of a shell script file. Last This column displays the date and time that the individual shell script files were last changed or Modified saved. UAG4100 User’s Guide...
- Page 428 Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .zysh file you want to upload. Upload Click Upload to begin the upload process. This process may take up to several minutes. UAG4100 User’s Guide...
-
Page 429: Diagnostics
The Diagnostic screen provides an easy way for you to generate a file containing the UAG’s configuration and diagnostic information. You may need to send this file to customer support for troubleshooting. Click Maintenance > Diagnostics to open the Diagnostic screen. Figure 301 Maintenance > Diagnostics UAG4100 User’s Guide... -
Page 430: The Diagnostics Files Screen
File Name This column displays the label that identifies the file. Size This column displays the size (in bytes) of a file. Last Modified This column displays the date and time that the individual files were saved. UAG4100 User’s Guide... -
Page 431: The Packet Capture Screen
Click Maintenance > Diagnostics > Packet Capture to open the packet capture screen. Note: New capture files overwrite existing files of the same name. Change the File Suffix field’s setting to avoid this. Figure 303 Maintenance > Diagnostics > Packet Capture UAG4100 User’s Guide... - Page 432 Set a time limit in seconds for the capture. The UAG stops the capture and generates the capture file when either this period of time has passed or the file reaches the size specified in the File Size field. 0 means there is no time limit. UAG4100 User’s Guide...
-
Page 433: The Packet Capture Files Screen
You can download the files to your computer where you can study them using a packet analyzer (also known as a network or protocol analyzer) such as Wireshark. Figure 304 Maintenance > Diagnostics > Packet Capture > Files UAG4100 User’s Guide... -
Page 434: Core Dump Screen
(if ready) device if the process terminates abnormally (crashes). If you clear this option the UAG only saves Apply Click Apply to save the changes. Reset Click Reset to return the screen to its last-saved settings. UAG4100 User’s Guide... -
Page 435: Core Dump Files Screen
43.5 The System Log Screen Click Maintenance > Diagnostics > System Log to open the system log files screen. This screen lists the files of system logs stored on a connected USB storage device. The files are in comma UAG4100 User’s Guide... - Page 436 File Name This column displays the label that identifies the file. Size This column displays the size (in bytes) of a file. Last Modified This column displays the date and time that the individual files were saved. UAG4100 User’s Guide...
-
Page 437: Packet Flow Explore
• use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command. Note: Once a packet matches the criteria of a routing rule, the UAG takes the corresponding action and does not perform any further flow checking. UAG4100 User’s Guide... - Page 438 Figure 308 Maintenance > Packet Flow Explore > Routing Status (Direct Route) Figure 309 Maintenance > Packet Flow Explore > Routing Status (Policy Route) Figure 310 Maintenance > Packet Flow Explore > Routing Status (VPN 1-1 Mapping Route) UAG4100 User’s Guide...
- Page 439 Figure 311 Maintenance > Packet Flow Explore > Routing Status (1-1 SNAT) Figure 312 Maintenance > Packet Flow Explore > Routing Status (Default WAN Trunk) Figure 313 Maintenance > Packet Flow Explore > Routing Status (Main Route) UAG4100 User’s Guide...
- Page 440 This is the original destination IP address(es). any means any IP address. Outgoing This is the name of an interface which transmits packets out of the UAG. Gateway This is the IP address of the gateway in the same network of the outgoing interface. UAG4100 User’s Guide...
-
Page 441: The Snat Status Screen
• use policy routes to control 1-1 NAT by using the policy control-virtual-server-rules activate command. Note: Once a packet matches the criteria of an SNAT rule, the UAG takes the corresponding action and does not perform any further flow checking. UAG4100 User’s Guide... - Page 442 Figure 314 Maintenance > Packet Flow Explore > SNAT Status (Policy Route SNAT) Figure 315 Maintenance > Packet Flow Explore > SNAT Status (VPN 1-1 Mapping Route) Figure 316 Maintenance > Packet Flow Explore > SNAT Status (1-1 SNAT) UAG4100 User’s Guide...
- Page 443 The following fields are available if you click VPN 1-1 Mapping SNAT in the SNAT Flow section. This field is a sequential value, and it is not associated with any entry. Source This is the original source IP address(es). UAG4100 User’s Guide...
- Page 444 This indicates which source IP address the SNAT rule uses finally. For example, Outgoing Interface IP means that the UAG uses the IP address of the outgoing interface as the source IP address for the matched packets it sends out through this rule. UAG4100 User’s Guide...
-
Page 445: Reboot
Click the Reboot button to restart the UAG. Wait a few minutes until the login screen appears. If the login screen does not appear, type the IP address of the device in your Web browser. You can also use the CLI command reboot to restart the UAG. UAG4100 User’s Guide... -
Page 446: Shutdown
Click the Shutdown button to shut down the UAG. Wait for the device to shut down before you manually turn off or remove the power. It does not turn off the power. You can also use the CLI command shutdown to shutdown the UAG. UAG4100 User’s Guide... -
Page 447: Troubleshooting
VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow control and 115200 bps port speed. I cannot access the Internet. • Check the UAG’s connection to the Ethernet jack with Internet access. Make sure the Internet gateway device (such as a DSL modem) is working properly. UAG4100 User’s Guide... - Page 448 You cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN interface if the underlying interface is a member of a bridge. You also cannot add an Ethernet interface or VLAN interface to a bridge if the member interface has a virtual interface or PPP interface on top of it. UAG4100 User’s Guide...
- Page 449 • You may need to configure the DDNS entry’s IP Address setting to Auto if the interface has a dynamic IP address or there are one or more NAT routers between the UAG and the DDNS server. UAG4100 User’s Guide...
- Page 450 (This is related to AAA servers and authentication methods, which are discussed in Chapter 36 on page 335 Chapter 37 on page 340, respectively.) UAG4100 User’s Guide...
- Page 451 UAG. Note: Be careful not to convert a binary file to text during the transfer process. It is easy for this to occur since many programs use text files by default. UAG4100 User’s Guide...
- Page 452 You could use multiple write commands in a long script. Note: “exit” or “!'” must follow sub commands if it is to make the UAG exit sub command mode. Chapter 42 on page 418 for more on configuration files and shell scripts. UAG4100 User’s Guide...
-
Page 453: Resetting The Uag
Make sure the SYS LED is on and not blinking. Press the RESET button and hold it until the SYS LED begins to blink. (This usually takes about five seconds.) Release the RESET button, and wait for the UAG to restart. UAG4100 User’s Guide... -
Page 454: Getting More Troubleshooting Help
Chapter 47 Troubleshooting You should be able to access the UAG using the default settings. 47.2 Getting More Troubleshooting Help Search for support information for your model at www.zyxel.com for more troubleshooting suggestions. UAG4100 User’s Guide... -
Page 455: Appendix A Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •... - Page 456 • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de Belarus • ZyXEL BY • http://www.zyxel.by...
- Page 457 Appendix A Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications •...
- Page 458 • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
- Page 459 • http://www.zyxel.com/ec/es/ Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ UAG4100 User’s Guide...
- Page 460 Appendix A Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za UAG4100 User’s Guide...
-
Page 461: Appendix B Legal Information
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. -
Page 462: Zyxel Limited Warranty
(ii) De plus, les utilisateurs devraient aussi être avisés que les utilisateurs de radars de haute puissance sont désignés utilisateurs principaux (c.-à-d., qu’ils ont la priorité) pour les bandes 5250-5350 MHz et 5650-5850 MHz et que ces radars pourraient causer du brouillage et/ou des dommages aux dispositifs LAN-EL. UAG4100 User’s Guide... -
Page 463: Regulatory Information
Erklærer herved ZyXEL at dette utstyret er I samsvar med de grunnleggende kravene og andre relevante bestemmelser I direktiv 1999/5/EF. [Romanian] Prin prezenta, ZyXEL declară că acest echipament este în conformitate cu cerinţele esenţiale şi alte prevederi relevante ale Directivei 1999/5/EC. UAG4100 User’s Guide... - Page 464 2. The regulatory limits for maximum output power are specified in EIRP. The EIRP level (in dBm) of a device can be calculated by adding the gain of the antenna used(specified in dBi) to the output power available at the connector (specified in dBm). UAG4100 User’s Guide...
-
Page 465: Safety Warnings
Lo smaltimento abusivo del prodotto da parte del detentore comporta l’applicazione delle sanzioni amministrative previste dalla normativa vigente." UAG4100 User’s Guide... - Page 466 Appendix B Legal Information Environmental Product Declaration UAG4100 User’s Guide...
-
Page 467: Index
68, 70, 81 asymmetrical routes allowing through the firewall port 337, 338 vs virtual interfaces address groups authentication and firewall server and FTP authentication method objects and SNMP UAG4100 User’s Guide... - Page 468 Certificate Authority (CA) configuration files see certificates at restart backing up Certificate Revocation List (CRL) downloading certificates downloading with FTP advantages of editing and CA how applied and FTP lastgood.conf 421, 424 and HTTPS managing and SSH UAG4100 User’s Guide...
- Page 469 Ethernet interfaces device access and routing protocols troubleshooting basic characteristics DHCP 149, 363 virtual and DNS servers exceptional services and domain name and interfaces Extended Service Set IDentification client list ext-user pool troubleshooting static DHCP UAG4100 User’s Guide...
- Page 470 424, 425 avoiding warning messages uploading with FTP example firmware upload vs HTTP troubleshooting with Internet Explorer flash usage with Netscape Navigator forcing login HyperText Transfer Protocol over Secure Socket Layer, see HTTPS FQDN free guest account UAG4100 User’s Guide...
- Page 471 Internet access layer-2 isolation troubleshooting 447, 450 example Internet Control Message Protocol, see ICMP Internet Explorer LDAP IP policy routing, see policy routes and users port IP protocols 337, 338 and service objects least load first load balancing UAG4100 User’s Guide...
- Page 472 122, 138, 145, 150 and VLAN NetBIOS Ethernet interface Name Server, see NBNS. range Netscape Navigator management access Network Address Translation, see NAT troubleshooting Network Time Protocol (NTP) Management Information Base (MIB) No-IP memory usage 68, 70 UAG4100 User’s Guide...
- Page 473 166, 287, 290 and service objects and SMTP redirect and trunks 152, 166 and user groups 165, 166, 287, 290 161, 283 and users 165, 166, 287, 290 Quick Start Guide and VPN 1-1 mapping benefits UAG4100 User’s Guide...
- Page 474 68, 70 2890 (GRE) shell script Rivest, Shamir and Adleman public-key algorithm troubleshooting (RSA) shell scripts round robin and users routing downloading troubleshooting editing how applied routing protocols managing and Ethernet interfaces syntax 349, 351, 356 UAG4100 User’s Guide...
- Page 475 Telnet to-Device firewall how connection is established and NAT versions and remote management with Linux and service control with Microsoft Windows global rules see also firewall traffic statistics stac compression Transmission Control Protocol, see TCP startup-config.conf UAG4100 User’s Guide...
- Page 476 165, 166, 287, 290 and RADIUS and service control and shell scripts attributes for Ext-User attributes for RADIUS messages attributes in AAA servers port numbers currently logged in 67, 72 Universal Plug and Play UAG4100 User’s Guide...
- Page 477 ALG and interfaces VPN 1-1 mapping and SNMP and firewall and SSH and policy routes and Telnet example and WWW introduction extra-zone traffic packet flow inter-zone traffic pool profile intra-zone traffic VRPT (Vantage Report) types of traffic UAG4100 User’s Guide...