RayTalk RA-696 User Manual

Hot spot wi-fi access point mimo hot spot ap single radio 2,4ghz up to 300mbps (2tx2r ) & multi wireless network access control, aaa authentication, authorization, accounting

page of 152

/ 152
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

RA-696

Hot Spot Wi-Fi Access Point

MiMo Hot Spot AP Single Radio 2,4GHz up to 300Mbps (2Tx2R ) &

Multi Wireless Network Access Control, AAA Authentication,

Authorization, Accounting

USER MANUAL

Table of Contents

Need help?

Do you have a question about the RA-696 and is the answer not in the manual?

Questions and answers

Summary of Contents for RayTalk RA-696

Page 1 RA-696 Hot Spot Wi-Fi Access Point MiMo Hot Spot AP Single Radio 2,4GHz up to 300Mbps (2Tx2R ) & Multi Wireless Network Access Control, AAA Authentication, Authorization, Accounting USER MANUAL...
Page 2: Declaration Of Conformity
R&TTE Directive 1999/5/EC. The technical construction file as required by the Conformity Assessment procedure is kept at the address of applicant. The product RayTalk RA-696 has been tested and found to comply with the stated standards which are required by the article 6.4 of the R&TTE Directive of 99/5/EEC.
Page 3: Copyright Statement
All documents and related graphics are provided "as is" without warranty of any kind and are subject to change without notice. The entire risk arising out of their use remains with the recipient. In no event shall RayTalk Industries be liable for any direct, consequential, incidental, special, punitive or damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information).
Page 4 RoHS Compliant Restriction of Hazardous Substances Directive 2002/95/CE RayTalk confirms that the RayTalk products RA-696 is in conformity with the directive 2002/95/CE dated 2003/01/27, usually called RoHS directive, concerning the limitation of dangerous substances for electric and electronics appliances since July 1, 2006.
Page 5: Table Of Contents
Package Checklist ............................ 6 2 System Overview and Getting Started ........................ 7 2.1 Introduction of the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 ............ 7 2.2 System Concept ............................... 7 2.3 The MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 Hardware Overview ......... 8 2.4 System Requirement .......................... 1 1 2.5 Installation Steps ............................ 1 1 2.6 Access Web Management Interface ...................... 1 0 3 Incorporate MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696to the Network .......... 1 1 ...
Page 6 5.1.3 On‐Demand User .......................... 4 4 5.1.4 Free Authentication .......................... 5 3 5.2 User Login .............................. 5 4 5.2.1 Default Authentication .......................... 5 4 5.2.2 Login with Postfix .......................... 5 4 5.2.3 An Example of User Login ........................ 5 4 6 Restrain the Users .............................. 5 5 6.1 Black List .............................. 5 5 6.2 Group ................................ ...
Page 7 10 System Management and Utilities ........................ 8 9 10.1 System Time .............................. 8 9 10.2 Management IP Address List ......................... 9 0 10.3 IP Address for Accessing User Log ......................... 9 0 10.4 SNMP ................................ 9 1 10.5 Administration ............................... 9 2 10.6 Change Admin Passwords .......................... 9 5 10.7 Backup / Restore and Reset to the Factory Default .................. 9 6 10.8 Firmware Upgrade ............................ 9 7 10.9 ...
Page 8 4. Payments via World Pay .......................... 1 59 Appendix F. Portal Page Customization ........................ 1 62 How External Pages Operate ........................... 1 63 Appendix G. Terminal Server Setup .......................... 1 66 Overview of Network Ticket Generator ........................ 1 66 Including RT‐TO696RF into Your Network....................... 1 68 Managing RT‐TO696RF on the Web Management Interface .................. 1 69 Setting Up RT‐TO696RF with the POS Printer ...................... 1 70 Setting up RT‐TO696RF with the RayTalk Hot Spot Wi‐Fi Access Point or Internet Subscriber Gateway .... 1 70 Terminal Auto Setup (TAS – Only available on RT‐TO696RF) .................. 1 71 ...
Page 9: Before You Start
Before You Start Preface This manual is for WLAN service providers or network administrators to set up a network environment using the Hot Spot Access Point Wi‐Fi RayTalk RA‐696. It contains step‐by‐step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation. Document Conventions Represents essential steps, actions, or messages that should not be ignored. Caution: Note: Contains related information that corresponds to a topic. Indicates that clicking this button will apply all of your settings. ...
Page 10: System Overview And Getting Started
Introduction of the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 The Hot Spot Access Point Wi‐Fi RayTalk RA‐696 is a feature‐rich Wireless Hotspot Gateway, targeting realities that want to provide single‐point wireless Internet access service. The RayTalk RA‐696 is a perfect choice for beginners to run hotspot businesses. It does not cost much compared to buying a pile of equipment, nor does it take the skills of an expert to glue multiple applications out of multiple freeware. Feature‐packed for hotspot operation, the RayTalk RA‐696 comes with built‐in 802.11 ...
Page 11: The Mimo Hot Spot Access Point Wi-Fi Raytalk Ra-696 Hardware Overview
The MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 Hardware Overview Rear Panel 1 Antenna connector Reverse SMA connectors for attaching antenna as shown in above figure. 2 WAN For attaching an Ethernet cable to an uplink service. 3 LAN 1‐ 4 ports Attach Ethernet cables here for connecting to the wired local network. 4 USB 2.0 port Reserved for future use. Attach the serial cable here to access console interface. 5 Console port 6 Attach the power adapter here. 5V 2 A Press once to restart the system; Press and hold for more than 5 seconds to 7 Reset button reset to factory default. ...
Page 12 Front Panel 1 Quick button Press this button to quick‐print an account generated from billing plan 1. 2 WES button Press and hold over 5 seconds to initiate Master Mode for the WES process. Press and release to initiate Slave Mode for the WES process. 3 Power LED On indicates power on. 4 Status LED On indicates the system ready. 5 ...
Page 13 Rear Panel Power Jack Socket for the power adaptor. 1 12V 2A 2 Restart / Reset Press once to restart the system; Press and hold for more than 5 seconds to reset to factory default. 3 WES Button (A / B) WDS Easy Setup. Press the button to build up a WDS link with another peer. 4 WDS links can be set up per RF card. 6 indicators that displays the states of 6 various functions or progresses. The 4 LED Indicators numbers are explained on the leftmost side of the rear panel. 5 WAN For attaching an Ethernet cable to an uplink service. The ports for connections with LAN side devices. 6 LAN Ports 1 ‐ 2 7 Console Port To access RayTalk RA‐696 via the console interface. ...
Page 14: System Requirement
Now, the hardware installation is completed. Caution: Please use only the power adapter supplied with the RAYTALK RA‐696 package. Using a different power adapter may cause damage to this system. Caution: To verify the wired connection between the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 and your switch/router/hub. ...
Page 15: Access Web Management Interface
2.6 Access Web Management Interface The MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 supports Web Management Interface (WMI) configuration. Upon the completion of hardware installation, the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 can be configured via web browsers with JavaScript enabled such as Internet Explorer version 6.0 and above or Firefox. Default LAN interface IP address: Private Zone with IP 192.168.10.254, no authentication is required for users. Public Zone with IP 192.168.11.254, by default authentication is required for users. Note: The instructions below are illustrated with the administrator PC connected to LAN1. To access the web management interface, connect a PC to LAN1 Port, and then launch a browser. Make sure you have set DHCP in TCP/IP of your PC to ”Obtain an IP address automatically”. The default gateway IP address is the default gateway IP address of Private Zone: “192.168.10.254”. Next, enter the gateway IP address of the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 at the address field. The default gateway IP address of LAN1 Port is“https://192.168.11.254” (“https” is used for a secured connection). The administrator login page will appear. Enter “admin”, the default username, and “admin”, the default password, in the User Name and Password fields. Click LOGIN to log in. After a successful login, a “Home” page with four main buttons will appear on the screen. ...
Page 16: Incorporate Mimo Hot Spot Access Point Wi-Fi Raytalk Ra-696To The Network
Caution: If you can’t get to the login screen, the reasons may be: (1) The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the LAN port; (2) The IP address and the default gateway are not under the same network segment. Please set your PC with a static IP address such as 192.168.10.xx in your network and then try it again. Incorporate MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐ 696to the Network 3.1 Network Requirement In the general network environment, the main role of the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 is to manage all the network access from internal network to Internet. Thus, the first step is to prepare an Internet connection from your ISP (Internet Service Provider) and connect it to the WAN port of the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696. 3.2 Configure WAN Port There are 3 connection types for the WAN Port: Static, Dynamic and PPPoE. These connection types are enough to support most ISPs. Now, let us discuss how to configure the WAN port. Go to: System >> WAN. The parameters related to each connection method are described in the following pages. 3.2.1 Static IP Static: Manually specifying the IP address of the WAN Port. The fields with red asterisks are mandatory.  IP Address: The IP address of the WAN port.  Subnet Mask: The subnet mask of the WAN port.  Default Gateway: The gateway of the WAN port.  Preferred DNS Server: The primary DNS Server of the system.  Alternate DNS Server: The substitute DNS Server of the system. This is an optional field. ...
Page 17: Dynamic
3.2.2 Dynamic Dynamic: It is only applicable for the network environment where the DHCP server is available upstream of the system. Click the Renew button to get an IP address automatically. 3.2.3 PPPoE PPPoE: When selecting PPPoE to connect to the network, please set the "Username", "Password", "MTU" and "Clamp MSS". There is a Dialon demand function under PPPoE. If this function is enabled, a Maximum Idle Time slot will be available for inputting a value.When the idle time is reached, the system will automatically disconnect itself. ...
Page 18: Pptp
3.2.4 PPTP PPTP: Although not a popular method, PPTP protocol for dialup connections is adapted by some ISPs (in European Countries). Your PPTP ISP will issue you an account with a password as well as the PPTP server address. 3.3 Internet Connection Detection To configure Internet Connection Detection, go to: System >> WAN Traffic. Internet Connection Detection: When this function is enabled, system will try to access these IP/Domain addresses, if system can reach these IP/Domain addresses, it means that the outbound Internet connection is in normal state. On the other hand, there is a textbox available for the administrator to enter a message reminder. This reminder will appear on clients’ screens when Internet connection is down. ...
Page 19: Wan Bandwidth Control
To configure a Zone, go to: System >> Service Zones. A Zone is a logical network area that covers wired or wireless networks, or both of them. By associating it with a unique ESSID of a Zone, wireless network is divided into different logical zones. Clients attempting to access the resources within a Zone will be controlled based on the access control profile of that Zone, such as authentication, security features, wireless encryption methods, traffic control, etc. There are two Zones that can be utilized by the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 – Private Zone and Public Zone, as shown in the table below. Private Zone means clients are not required to be authenticated before using the network service. However, clients in Public Zone are required to obtain authentication before using the service.  Service Zone Name: Mnemonic name of the Zone. ...
Page 20: Port Role Assignment
3.5.1 Port Role Assignment The MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 supports two zones, Private and Public. In the Private Zone, authentication is not required to access the network, whether it is via wired and wireless connection. In the Public Zone, the “Authentication Required for Zone” option is enabled by default, so clients have to be authenticated successfully before surfing the Internet. The Zone and Port mappings are shown below, LAN1, LAN2 maps to Private Zone and LAN3, LAN4 to Public Zone respectively. Note: System’s WMI can also be accesses via WAN port as long as the administrator uses an IP address listed on the Management IP ...
Page 21  Related information needed for setting up the DHCP Server is listed here. DHCP Server: To further configure the DHCP Server, click the button Configure. Please note that when “Enable DHCP Relay” is enabled, the IP address of clients will be assigned by an external DHCP server. The system will only relay DHCP information from the external DHCP server to downstream clients of this zone.  Start IP Address / End IP Address: A range of IP addresses that the built‐in DHCP server will assign to clients. Note: please change the Management IP Address List accordingly (at System >> General >> Management IP Address List) to permit the administrator to access the RAYTALK RA‐696 admin page after the default IP address of the network interface is changed.  Preferred DNS Server: The primary DNS server that is used by this Zone.  Alternate DNS Server: The substitute DNS server that is used by this Zone.  Domain Name: Enter the domain name for this zone.  WINS Server: The IP address of the WINS (Windows Internet Naming Service) server if WINS server is applicable to this ...
Page 22: Let Your Network Be A Wireless Network
Let Your Network Be a Wireless Network 4.1 System Wireless General Settings To configure System’s Wireless General Settings, go to: System >> Service Zones. Click the button Configure for Private zone for further configuration. Wireless General Settings:  Band: There are 4 modes to select, 802.11b (2.4G, 1~11Mbps), 802.11g (2.4G, 54Mbps), 802.11b+g, and 802.11g+n. Otherwise the administrator could enable the ‘Pure 11n’ to only utilize the 11n band.  Short Preamble: The length of the CRC (Cyclic Redundancy Check) block for communication between the Access Point and roaming wireless adapters. Select Enable for Short Preamble or Disable for Long Preamble.  Short Guard Interval (802.11g+n only): The guard interval is the space between symbols (characters) being transmitted to eliminate inter‐symbol interference. With 802.11n, short guard interval is half of what it is used to be to increase throughput. Select Enable to use Short Guard Interval or Disable to use normal Guard Interval.  Channel Width (802.11g+n only): For 802.11n, doubling channel bandwidth to 40 MHz is supported to enhance throughput. ...
Page 23: Zone Wireless Settings
(RTS) before sending the frame to prevent hidden node problems. The RTS mechanism will be activated if the data size exceeds the value provided. A lower RTS Threshold setting can be useful in areas where many client devices are associating with the RAYTALK RA‐696 or in areas where the clients are far apart and can detect only the RAYTALK RA‐696 but not each other. The default value is set at 2346. Fragment Threshold: Enter a value between 256 and 2346. The default value is 2346. Packet size larger than this ...
Page 24 Beacon Interval: The entered amount of time indicates how often the beacon signal will be sent from the VAP. The default value is set at 100 ms. RTS Threshold: Enter a value between 1 and 2346. RTS (Request to Send) Threshold determines the packet size at which the system issues a request to send (RTS) before sending the frame to prevent the hidden node problem. The RTS mechanism will be activated if the data size exceeds the value provided. A lower RTS Threshold setting can be useful in areas where many client devices are associating with the RAYTALK RA‐696 or in areas where the clients are far apart and can detect only the RAYTALK RA‐696 but not each other. The default value is set at 2346. ...
Page 25 Fragment Threshold: Enter a value between 256 and 2346. The default value is 2346. A packet size larger than this threshold will be fragmented (sent with several pieces instead of one chunk) before transmission. A smaller value results in smaller frames but allows a larger number of frames in transmission. A lower Fragment Threshold setting can be useful in areas where communication is poor or disturbed by a serious amount of radio interference. ...
Page 26: Zone Wireless Security
4.3 Zone Wireless Security To configure Zone Wireless Security, go to: System >> Service Zones, click Configure for Private zone or click Configure for Public zone. After the above configurations are finished, setting up the wireless security is very important to protect your wireless network.  Security: For each zone, administrators can set up the wireless security profile, it includes WEP and WPA‐PSK.  WEP:  802.11 Authentication: Select from Open System or Shared Key.  WEP Key Length: Select from 64‐bit, 128‐bit, 152‐bit key length.  WEP Key Format: Select from ASCII or Hex format for the WEP key.  WEP Key Index: Select a key index from 1~4. The WEP key index is a number that specifies which WEP key will be used for the encryption of wireless frames during data transmission.  WEP Keys: Provide the pre‐defined WEP key value; the system supports up to 4 sets of WEP keys.  WPA‐PSK:  Cipher Suite: Select an encryption method from TKIP (WPA), AES (WAP2), or Mixed.  Pre‐shared Key / Pass‐phrase: Enter the key value for the pre‐shared key or pass‐phrase.  Group Key Update Period: The time interval for the Group Key to be renewed; the time unit is in seconds. ...
Page 27: Wireless Layer 2 Firewall
4.4 Wireless Layer 2 firewall Go to Network >> Layer 2 Firewall The system provides an additional security feature, Layer2 Firewall, in addition to the standard wireless security. Layer2 Firewall offers a firewall function that is tailored specifically for Layer2 traffic, providing another choice of shield against possible security threats coming from/going to WLAN (AP interfaces); hence, besides firewall policies configured in Policies, this extra security feature will assist to mitigate possible security breach. This section provides information in the following functions: Generic Firewall Rules, Predefined and Custom Service Protocols and Advanced. 4.4.1 Generic Firewall Rules You can choose to enable or disable the wireless Generic Firewall. This section provides an overview of firewall rules for the system’s wireless interface; 6 default rules with up to a total 20 firewall rules are available for configuration. ...
Page 28 From the overview table, each rule is designated with the following field;  No.: The numbering will decide the priority of which the system will carry out the available firewall rules in the tables.  Active: Checking this field will mark the rule as active which means this rule will be enforced.  Action: Block denotes a block rule; PASS denotes a pass rule.  Rule Name: This is the denominated name of the rule.  EtherType: It denotes the type of traffic subjected to this rule.  Remark: It shows the additional reference information of this rule.  Operation: 4 actions are available; Edit denotes to edit the rule details, Move to denotes to move the rule to a specified rule number, Insert Before denotes to insert a rule before the current rule, and Delete denotes to delete the rule. ...
Page 29  Destination: MAC Address/Mask indicates the destination MAC; IP Address/Mask indicates the destination IP address (when EtherType is IPv4); ARP IP/MAC & MASK indicate the ARP payload fields (when EtherType is ARP). When the configurations are made; please click Apply to let the firewall rule take effort. >>To insert a specific rule, Inserting Before in Operation column of firewall list will lead to the following page for detailed configuration with a rule ID for the rule currently being inserted. >>To move a specific rule, Move to in Operation column of firewall rules will lead to the following page for reordering confirmation. Click OK to save the changes made. Please make sure all the desired rules are checked as Active and click the Apply button below on the overview page. ...
Page 30 ...
Page 31: Predefined And Custom Service Protocols
4.4.2 Predefined and Custom Service Protocols The administrator can add or delete firewall service protocols here; the services on this list will become available drop‐down options to choose from in firewall rule (when EtherType is IPv4). The first 27 entries are default services and the administrator can add any extra desired services. These 27 default firewall services cannot be deleted but can be disabled. ...
Page 32: Advanced
4.4.3 Advanced Advanced Firewall Settings can be enabled to supplement the firewall rules, providing extra security enhancement against DHCP and ARP traffics traversing the available interfaces of the system.  DHCP Snooping: When enabled, DHCP packets will be validated against possible threats like DHCP starvation attack. In addition, the Trusted DHCP List (IP/MAC) can be used to specify legitimate DHCP servers to prevent rouge DHCP server.  ARP Inspection: When enabled, ARP packets will be validated against ARP spoofing. Force DHCP option when enabled, the AP only learns MAC/IP pair information through DHCP packets. Since devices configured with static IP address does not send DHCP traffic, any client with static IP address will be blocked from internet access unless its MAC/IP pair is listed and enabled on the Static List. Broadcast can be enabled to let other AP (with L2 firewall feature) learn the trusted MAC/IP pairs to issue ARP requests. Static List can be used to add MAC or MAC/IP pairs of devices that are trusted to issue ARP request. Other network nodes can still send their ARP requests; however, if their IP appears on the static list (with different MAC), their ARP requests will be dropped to prevent eavesdropping. If any settings are made, please click Apply to save the configuration before leaving this page. ...
Page 33: Who Can Access The Network
 Authentication Settings: There are four different authentication options in MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 that use databases: LOCAL, RADIUS1, RADIUS2, ONDEMAND and FREE. Local and On‐demand are built in databases with user credentials stored locally, and RADIUS is one of the most common external authentication databases. FREE is an access option that allows users to access networks with any specified identity token on the login page. Click on the Authentication Options to configure. ...
Page 34: Local
5.1.1 Local Click the button Configure for Local for further configuration.  Local User List: It allows the administrator to view, add or delete local user accounts. The Upload User button is for importing a list of user accounts from a text file. The Download User button is for exporting all local user accounts into a text file. Clicking the hyperlink of a user account leads to a page for configuration. Add User: Click this button to enter the Adding User(s) to the List interface. Fill in the necessary information such as “Username”, “Password”, “MAC Address”, “Remark” and login “Schedule”. Select a desired Group to classify local users. Click ...
Page 35  Search: Enter a keyword of a username or remark to be searched in the text file and click this button to perform the search. All usernames matching the keyword will be listed.  Del All: Click this button to delete all the users at once or click Delete (hyperlinked) to delete a specific user individually. Edit User: If in need of editing, click the desired user account on Local User List to enter the User Profile Interface for that particular user, and then modify or add information such as Username, Password, MAC Address (optional), Applied Group (optional) and Remark (optional). ...
Page 36 Date can be selected. Click Apply to complete the modification. Authentication Additional C ontrol Ma in Menu > Users > Authentication > Option > Local > local User List > Editing User Editing Existing User Data ...
Page 37: Radius
5.1.2 RADIUS There are two RADIUS authentication databases for configuration. Click Configure for any one of RADIUS servers for further configuration. The RADIUS server sets the external authentication for user accounts. Enter the information concerning the primary server and/or the secondary server (the secondary server is not mandatory). The fields with red asterisks are necessary information. These settings will become effective immediately after clicking Apply. ...
Page 38 ...
Page 39 NAS Port Type: Indicates the type of physical port the network access server is using to authenticate the user. System will send this value to the external RADIUS server, if the external RADIUS server needs this. Account Delay Time: This attribute adds flexibility for the RAYTALK RA‐696 to process accounting requests in the time specified. Default is set at 0. Service Type: This attribute indicates the type of service the user has requested or the type of service to be ...
Page 40  Primary / Secondary RADIUS Server Authentication Server: Enter the domain name or IP address of your RADIUS Server. Authentication Port: Enter the Port number used for authentication. Accounting Port: Enter the Port number used for accounting. Authentication Secret Key: Secret Key used for authentication. Accounting Service: Enable / Disable RADIUS accounting. Accounting Server: Enter the domain name or IP of your accounting server Authentication Protocol: Select Challenge‐Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP). Accounting Secret Key: The key between the RADIUS server and the gateway to test the authenticity of the link. ...
Page 41: On-Demand User
5.1.3 On‐Demand User On‐demand User Server Configuration: The administrator can configure this authentication method to create on‐demand user accounts. This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment. Major functions include accounts creation, users monitoring list, billing plan and external payment gateway support. ...
Page 42  Terminal Server: Terminal Server Configuration is a list of serial‐to‐Ethernet devices that communicate with the system only; there is no need to go online or go through authentication process. Enter the device IP and the port number into the respective fields.  Account Roaming Out: When Account Roaming Out is enabled, a link will be available to define the client device authorized to roam by entering the IP address, Subnet Mask, and Secret Key. Ticket Customization 2) On‐demand account ticket can be customized here and previewed on the screen.  Currency: Select the desired currency unit for charged internet access.  WLAN ESSID: The entered name will be the ESSID of the Public Zone. ...
Page 43  Wireless Key: The wireless key configured in Public Zone Settings will be shown.  Receipt Header(Optional): There are 3 receipt headers supported by the system. The entered content will be printed on the receipt.  Receipt Footer(Optional): There are 3 receipt footers supported by the system. The entered content will be printed on the receipt.  Remark: Enter additional information that will appear at the bottom of the receipt.  Background Image: You can choose to customize the ticket by uploading your own background image for the ticket, or choose none. Click Edit to select the image file and then click Upload. The background image file size limit is 100 Kbytes. No limit for the dimensions of the image is set, but a 460x480 image is recommended. ...
Page 44 Billing Plans 4) Administrators can configure several billing plans. Click the Edit button to enter the page of Editing Billing Plan. Configure billing plans with desired account type, expiration date, price, etc. Click Apply to save the plan. Go back to the screen of Billing Plans, check the Enable checkbox or click Select all , and then click Apply, the plan(s) will be activated.  Plan: The number of the specific plan.  Type: This is the type of plan, based on which it defines how the account can be used including Usage‐time, Volume, Hotel Cut‐off and Duration‐time.  Quota: The limit on how On‐demand users are allowed to access the network.  Price: The unit price charged for buying an account from this billing plan.  Enable: Check the checkbox to activate the plan.  Group: Users under this billing plan will be classified under this group. The default value is Group 1.  Function: Click the Edit button to add one billing plan. For detailed information regarding on‐demand accounts and billing plan configuration, please refer to Appendix E, On‐demand Account types & Billing Plan. ...
Page 45 On‐demand Account Creation 6) After at least one billing plan is enabled, the administrator can generate single on‐demand user accounts here. Click this to enter the On‐demand Account Creation page. Click Create from the desired plan to create an on‐demand account. The username and password of to‐be‐created on‐demand account is configurable. Select Manual created in Username/Password Creation and administrator can enter a desired username and password for the on‐demand account. In addition, an External ID such as student’s school ID can be entered together with account creation. After the account is created, you can click Printout to print a receipt which will contain the on‐demand user’s information, including the username and password. Moreover, you can click Send to POS to print a receipt by a POS device. Note: If no Billing plan is enabled, accounts cannot be created by clicking Create. Please go back to Billing Plans to activate at least one Billing plan by clicking Edit and Apply the setting to activate the plan. The printer used by Print is a pre‐configured printer connected to the administrator’s computer. ...
Page 46 On‐demand Account Batch Creation 7) After at least one billing plan is enabled, the administrator can generate multiple on‐demand user accounts at once with batch creation. For potential hotspot operators who may wish to pre‐generate guest accounts for sale, On‐demand feature has a batch create functionality which allows the administrator or operator with access authority to On‐demand page, to create multiple accounts for an enabled billing plan in batch, and send them to POS printer for generating physical ticket printout for sale. ...
Page 47  Account Type: Show account type of the plan in Usage‐time, Duration‐time or Hotel Cut‐off.  Quota: The total amount of time, interval or traffic volume for On‐demand users to access the network.  Numbers: The desired number of accounts to be created from the plan.  Username/Password Creation: Usernames and passwords can be created randomly by system or self‐created by administrator.  Username: To manually create a username, the Prefix and Postfix can be chosen. The serial number increases at single increments when batch accounts are created.  Password: Passwords are customizable and can be created randomly by system or self‐created by administrator.  Valid Period: Shows when the account will expire.  Total Price: For each plan, this is the unit price charged for an account. ...
Page 48 On‐demand Account Creation by Quick Button 8) The Quick Button located on the front panel of RAYTALK RA696 is a quick On‐demand account generation button. This button is designed to create On‐demand accounts without the need to enter WMI. There should be a serial POS printer like RT‐TP5x5 which is directly connected to the console port of RAYTALK RA696. When the administrator has properly connected a RT‐TP5x5 printer to the console port, pressing this button will generate an On‐ demand account using billing plan no.1 and print out the account credentials via the POS printer. Please note that the corresponding billing plan no. for this Quick Print button is always billing plan 1. Should the network administrator wish to configure different account types for generation, please modify billing plan no.1. *Only supports normal font for ticket customization. On‐demand Account List 9) All created On‐demand accounts are listed and related information is also provided.  Search: Enter a keyword of a username, External ID, or reference, to be searched in the text file and click this button to perform the search. All usernames, External ID, or reference, matching the keyword will be listed. ...
Page 49 Redeem On‐demand Accounts 10) For Usage‐time accounts, when the remaining quota is insufficient or if they are running out of quota, they can use the redeem function to extend their quota. After the user has got, or bought a new account, they just need to click the Redeem button in the login success page to enter Redeem Page, input the new account Username and Password and then click Enter. This new account’s quota will be extended to the original account. However, the Redeem function can only be used with the same billing type, i.e. Volume accounts can only be redeemed with another Volume account and so on. Note: The maximum quota is 364dys 23hrs 59mins 59secs” even after redemption. If the redeemed amount exceeds this number, the system will automatically reject the redemption process. Duration‐time and Hotel Cut‐off type do not support redemption function. ...
Page 50: Free Authentication
5.1.4 Free Authentication When the Free Authentication option is Enabled, users will have an option of logging in with an email address without authentication. This can be activated under Service Zone Settings configurations. The constraints can be set specifically with the mapped Group profile. MAC addresses will be checked to avoid malicious use of free access. When Trial Account is Enabled, Administrator can choose to set the Usage Time and Refresh Time. The server remembers the MAC address of the user. Hence the user can only get a new Free authentication account after the refresh time has been reached. ...
Page 51: User Login
For each authentication option, set a postfix that is easy to distinguish (e.g. Local) users according to different authentication servers. The acceptable characters are numbers (0~9), alphabet (a~z or A~Z), dash (‐), underline (_) and dot (.) within a maximum of 40 characters. All other characters are not allowed. Beside the users managed by Default Authentication, all the other ones with different servers should log into the system with usernames containing postfixes to identify which authentication option they belong to. The postfix can be set for each Authentication database by clicking the Auth Option. 5.2.3 An Example of User Login Normally, users will be authenticated before they get network access through MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696. This section presents the basic authentication process of end users. Please make sure that the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 is configured properly and the network related settings are done. 1. Connect a client PC to Public Zone of MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696. Open an Internet browser and try to connect to any website (in this example, we try to connect to www.google.com). a) The default user login page will appear in the browser. 2. Enter the username and password (for example, we use a local user account: test@local here) and then click Login. If the Remember Me checkbox is checked, the browser will store the username and the password on the current computer in order to automatically login to the system at the next login. Then, click the Login button. The Remaining button on the User Login Page is for on‐demand users only; this is where they can check their Remaining quota. 3. Successful! The Login Success Page indicates that you are connected to the network and the Internet now! ...
Page 52: Restrain The Users
Restrain the Users 6.1 Black List To configure Black List, go to: Users >> Black List. The administrator can add, delete, or edit the black list for user access control. User accounts that appear on the black list will be denied of network access. The administrator can use the pull‐down menu to select the desired black list.  Select Black List: There are 5 black list profiles available for utilization.  Name: Set the black list name and it will show on the pull‐down menu above.  Add User(s): Click the Add User(s) button to add users to the selected black list. After entering the usernames in the “Username” field and the related information in the “Remark” blank (not required), click Apply to add the users. If a user needs to be removed from the black list, click the user’s “Delete” button and or use click Del All button to remove all users from the black list. ...
Page 53: Group
6.2 Group To configure Group, go to: Users >> Group. Users on the RAYTALK RA‐696 can be classified into different groups, which can be assigned different Policies and Schedules. The RAYTALK RA‐696 supports up to 5 user Groups. When the type of authentication database is RADIUS, the Class‐Group Mapping function will be available to allow the administrator to assign a Group for a RADIUS class attribute; therefore, a Group will be mapped to a user of a RADIUS class ...
Page 54  Select Policy: Select a desired policy profile to configure.  Firewall Profile: Global policy and policy 1 ~ 5 all have a firewall service list and a set of firewall profiles which is composed of firewall rules.  Specific Route Profile: When Specific Routes are configured here, all clients applied with this policy will access the specific destination through these gateway settings.  Specific IPv6 Route Profile: The routing rules to be applied to users using IPv6 under this policy may be configured here.  Privilege Profile: Enable or Disable Users’ privilege to change password. Administrator can set the maximum sessions per user here. Policy 1 ~ Policy 5 ...
Page 55: Schedule
6.3.1 Schedule > Schedule Profile: Click User >> Schedule to enter the configuration page and shows the Permitted Login Hours list. This function is used to limit the time when clients can log in. Check the desired time‐slot checkboxes and click Apply to save the settings. These settings will become effective immediately after clicking Apply. Administrator can also choose to Enable or Disable Auto logout when a user exceeds the permitted login hours. Up to 5 profiles can be configured. ...
Page 56: Firewall
6.3.2 Firewall Firewall Profile: Click User >> Firewall and the Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. Up to 5 profiles can be configured. 1) Predefined and Custom Service Protocols Predefined and Custom Service Protocols: There are predefined service protocols available for firewall rule editing. The administrator is able to add new custom service protocols by clicking Add, and delete the added protocols individually or with Select All followed by Delete operation. Caution: The Predefined Service Protocols cannot be deleted. ...
Page 57 If the Protocol Type is ICMP, the Type and Code needs to be defined. If the Protocol Type is IP, the Protocol Number needs to be defined. 2) User Firewall Rules After the custom protocol is defined(or just use the Predefined Service Protocols), you will need to enable the Firewall Rule to apply these protocols. Firewall Rules for IPv6 is also supported.  Firewall Rules: Click Rule No. to edit individual rules and click Apply to save the settings. The rule status will be shown on the list. Check the “Active” checkbox and click Apply to enable the rule. Rule No.1 has the highest priority; Rule No.2 has the second priority and so on. Each firewall rule is defined by Source, Destination and Pass/Block action. Optionally, a Firewall Rule Schedule can be set to specify when the firewall rule is enforced. It ...
Page 58 Rule Number: This is the rule selected “1”. Rule No. 1 has the highest priority; rule No. 2 has the second priority, and so on. Rule Name: The rule name can be changed here. Source/Destination – Interface/Zone: There are choices of ALL, WAN, Public and Private to be applied for the traffic interface. Source/Destination – IP Address/Domain Name: Enter the source and destination IP addresses. Domain Name filtering is supported but Domain Host filtering is not. Source/Destination – Subnet Mask: Select the source and destination subnet masks. Source‐ MAC Address: The MAC Address of the source IP address. This is for specific MAC address filtering. Service Protocol: These are defined protocols on the service protocols list to be selected. Schedule: When schedule is selected, clients assigned with this policy are applied the firewall rule only within the time checked. There are three options, Always, Recurring and One Time. Recurring is set with the hours within a week. Action for Matched Packets: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit packets passing. ...
Page 59: Qos Profile
6.3.3 QoS Profile Up to 5 QoS profiles can be configured for certain applications or users that need stable bandwidth or traffic priority. Bandwidth Control can only be Enabled when Bandwidth limits on WAN has been Enabled. > Traffic Class: Traffic Class can be chosen for users on IPv4 or IPv6. Default DSCP (Differentiated Services Code Point) can be added and edited to determine traffic class. Default DSCP includes: Network Control 0x30, Telephony 0x2E, Signaling 0x28, Multi‐media Conferencing 0x26, Real‐Time Interactive 0x20, Multi‐media Streaming 0x1A, Broadcast Video 0x18, Low‐ latency Data 0x12, OAM 0x10, High‐Throughput Data 0x0A, Standard 0x00, Low Priority Data 0x08. ...
Page 60: Routing
6.3.4 Routing Specific Route Profile: Click User >> Specific Route for the Specific Route Profile, the ‘Specific Route Profile’ list will appear. 1) Specific Route Specific Route Profile: The Specific Default Route is used to control clients to access some specific IP segment by the specified gateway. Specific Routing can be set up for the Global Policy and up to 5 profiles can be configured. Destination / IP Address: The destination network address or IP address of the destination host. Please note that, if applicable, the system will calculate and display the appropriate value based on the combination of Network/IP Address and Subnet Mask that have just been entered and applied. Destination / Subnet Netmask: The subnet mask of the destination network. Select 255.255.255.255(/32) if the destination is a single host. ...
Page 61 2) Default Gateway Default Gateway: The default gateway of a desired IP address can be defined in each Policy except Global Policy. When Specific Default Route is enabled, all clients applied with this Policy will access the Internet through this default gateway. Enable: Check Enable box to activate this function or uncheck to deactivate it. Default Gateway IP Address: You may need to fill in the IP address of the default gateway. ...
Page 62: User Privilege
6.3.5 User Privilege Administrator can choose to allow users to change their Password. And to prevent ill‐behaved clients or malicious software from taking up the system’s connection resources, the administrator can restrict the number of concurrent sessions that a user can establish. > The maximum number of concurrent sessions including TCP and UDP for each user can be specified in the Global policy, which applies to authenticated users, users on a non‐authenticated port, privileged users, and clients in DMZ zones. Also, this can be specified in the other policies to apply to the authenticated users. > When the number of a user’s sessions reach the session limit (a choice of Unlimited, 10, 25, 50, 100, 200, 350, 500, 750 and 1000), the user will be implicitly suspended upon receipt of any new connection request. In this case, a record will be logged to a SYSLOG server. Since this basic protection mechanism may not be able to protect the system from all malicious DoS attacks, it is strongly recommended to ...
Page 63: Access Network Without Authentication
Access Network without Authentication 7.1 DMZ To configure DMZ, go to: Network >> Network Address Translation >> DMZ (Demilitarized Zone). There are 40 sets of static Internal IP Address and External IP Address available. Enter Internal and External IP Address as a set. After the setup, accessing the External IP address listed in DMZ will be mapped to accessing the corresponding Internal IP Address. These settings will become effective immediately after clicking the Apply button. The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface (WAN) that will change dynamically if WAN Interface is Dynamic. When Automatic WAN IP Assignments is enabled, the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN interface. ...
Page 64: Virtual Server
7.2 Virtual Server To configure Virtual Server, go to: Network >> Network Address Translation >> Public Accessible Server. This function allows the administrator to set 40 virtual servers at most, so that client devices outside the managed network can access these servers within the managed network. Different virtual servers can be configured for different sets of physical services, such as TCP and UDP services in general. Enter the “External Service Port”, “Local Server IP Address” and “Local Server Port”. Select “TCP” or “UDP” for the service type. In the Enable column, check the desired server to enable. These settings will become effective immediately after clicking the Apply button. ...
Page 65: Privilege List
7.3 Privilege List To configure the Privilege List, go to: Network >> Privilege Setup the Privilege IP Address List, Privilege MAC Address List and the Privilege IPv6 Address List. The clients accessing the internet via IP addresses and/or networking devices on the list can access the network without any authentication. ...
Page 66 7.3.1 Privilege IP Privilege IP Address List To configure Privilege IP Address List, go to: Network >> Privilege >> IP Address List. If there are workstations inside the managed network that need to access the network without authentication, enter the IP addresses of these workstations in “Granted Access by IP Address”. The “Remark” field is not necessary but is convenient for keeping track. The RAYTALK RA‐696 allows 100 privilege IP addresses at most. These settings will become effective immediately after clicking Apply. ...
Page 67: Privilege Mac
7.3.2 Privilege MAC Privilege MAC Address List In addition to the Privilege IP List, MAC address List allows the MAC address of the workstations that need to access the network without authentication to be set in “Granted Access by MAC Address”. The RAYTALK RA‐696 allows 100 privilege MAC addresses at most. When manually creating the list, enter the MAC address (the format is xx:xx:xx:xx:xx:xx) as well as the remark (optional). These settings will be effective immediately after clicking Apply. Caution: Permitting specific MAC addresses to have network access rights without going through standard authentication process under Public zone may cause security problems. 7.3.3 Privilege IPv6 Privilege IPv6 Address List In addition to the Privilege IP List, MAC address List, the privilege IPv6 List allows the IPv6 address of the workstations that need to access the network without authentication to be set in “Granted Access by IPv6 Address”. The RAYTALK RA‐696 allows 100 privilege IPv6 addresses at most. When manually creating the list, enter the IPv6 address (the format is xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx) as well as the ...
Page 68: Disable Authentication In Public Zone
7.4 Disable Authentication in Public Zone To disable Authentication in Public Zone, go to: System >> Service Zones, click Configure in Public Zone. Authentication Required For the Zone: When it is disabled, users will not need to authenticate before they get access to the network within Public Zone. ...
Page 69: User Login And Logout
User Login and Logout 8.1 Before Login 8.1.1 Login with SSL To configure HTTPS, go to: System >> General. HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The HTTPS Protected Login function makes the client’s login more secure. Enable it to activate https (encryption) or disable it to activate http (non encryption) login page. ...
Page 70: Internal Domain Name With Certificate
8.1.2 Internal Domain Name with Certificate To configure Internal Domain Name, go to: System >> General. Internal Domain Name is the domain name of the RAYTALK RA‐696 seen on client machines connected under zone. It must conform to FQDN (Fully‐Qualified Domain Name) standard. A user on client machine can use this domain name to access the RAYTALK RA‐696 instead of its IP address. In addition, when “Use the name on the security certificate” option is checked, the system will use the CN (Common Name) value of the uploaded SSL certificate as the domain name. To Configure Certificate, go to: Utilities >> Certificate and choose Upload Certificate from the scroll down menu. Certificate: A data record used for authenticating network entities such as a server or a client. A certificate contains X.509 information pieces about its owner (called the subject) and the signing Certificate Authority (called the issuer), plus the owner's public key and the signature made by the CA. Network entities verify these signatures using CA certificates. You can apply for a SSL certificate at CAs such as VeriSign. If you already have a SSL Certificate, please Click Browse to select the file and upload it. Click Apply to complete the upload process. If you do not have a valid SSL Certificate, use the system default certificate. ...
Page 71 Without a valid certificate, users may encounter the following warning when trying to open the login page. Click “Continue to this website” to access the user login page. ...
Page 72: Walled Garden
8.1.3 Walled Garden To configure Walled Garden, go to: Network >> Walled Garden. This function provides certain free services for users to access the websites listed here before login and authentication. Up to 20 addresses or domain names of the websites can be defined on this list. Users without the network access right can still have a chance to experience the actual network service free of charge. Enter the IP Address or Domain Name (of the website) on the list and click Apply to save the settings. ...
Page 73: Walled Garden
8.1.4 Walled Garden AD To configure Walled Garden AD List, go to: Network >> Walled Garden AD. This function provides advertisement links to web pages for users to access free of charge before login and authentication. Advertisement hyperlinks are displayed on the user’s login page. Clients who click on it will be redirected to the listed advertisement websites. ...
Page 74: After Login
8.2 After Login 8.2.1 Portal URL after successful login To configure Portal URL after a successful user login, go to: System >> General. When this function is enabled, enter the URL of a Web server as the Portal page. Once logged in successfully, users will be directed to this URL, such as http://www.google.com, regardless of the original homepage set in their browsers. When this function is set to None, after users logged in successfully, users will be directed to the original homepage set in their browsers. ...
Page 75: Idle Timer
8.2.2 Idle Timer To configure Idle Timer, go to: Users >> Additional Control. If a user has idled with no network activities, the system will automatically kick the user out. The logout timer can be set between 1~1440 minutes, and the default idle time is 10 minutes. ...
Page 76: Multiple Login
8.2.3 Multiple Login To configure Multiple Login, go to: Users >> Additional Control. When enabled, a user can log in from different computers with the same account (this function doesn’t support On‐demand users.) ...
Page 77: Networking Features Of A Gateway
Networking Features of a Gateway 9.1 IP Plug and Play To configure IP Plug and Play, go to: Network >> Client Mobility. The RAYTALK RA‐696 supports IP PNP function. A user can log in and access network with any IP address setting. This function is disabled in default settings. When IP PNP is enabled, at the user end, a static IP address can be used to connect to the system. Regardless of what the IP address at the user end is using, authentication can still be performed through the RAYTALK RA‐696. ...
Page 78: Dynamic Domain Name Service (Ddns)
9.2 Dynamic Domain Name Service (DDNS) To configure Dynamic Domain Name Service, go to: Network >> DDNS. Before activating this function, you must have your Dynamic DNS hostname registered with a Dynamic DNS provider. The MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696 supports DNS function to alias the dynamic IP address for the WAN port to a static domain name, allowing the administrator to easily access the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696’s WAN. If the dynamic DHCP is activated at the WAN port, it will update the IP address of the DNS server periodically. These settings will become effective immediately after clicking Apply.  DDNS: Enable or disable this function.  Provider: Select the DNS provider.  Host name: The IP address/domain name of the WAN port.  Username/E‐mail: The register ID (username or e‐mail) for the DNS provider.  Password/Key: The register password for the DNS provider. Note: To apply for free Dynamic DNS service, you may go to http://www.dyndns.com/services/dns/dyndns/howto.html. ...
Page 79: Port And Ip Forwarding
9.3 Port and IP Forwarding To configure Port and IP Forwarding, go to: Network >> NAT >> Port and IP Forwarding. This function allows the administrator to set at most 40 sets of IP addresses for redirection purposes. When the user attempts to connect to a destination IP address listed here, the connection packet will be converted and redirected to the corresponding destination. Please enter the “IP Address” and “Port” of Destination, and the “IP Address” and “Port” of Translated to Destination. Select “TCP” or “UDP” for the service’s type. These settings will become effective immediately after clicking Apply. ...
Page 80: System Management And Utilities
10 System Management and Utilities 10.1 System Time To configure System Time, go to: System >> General. NTP (Network Time Protocol) communication protocol can be used to synchronize the system time with remote time server. Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically (Universal Time is Greenwich Mean Time, GMT). Manual setup is another option to set up the system time, if you choose to set up the system time manually, please enter the Year, Month, Day, the current time and click Apply to activate the changes. NTP Server Mode: When Enabled, Access Points and devices in the Local Area Network of the gateway would be able to use the gateway as a NTP Server for time reference. Note: When system cannot sync the time with NTP server, all clients will not be allowed to log in to system. Also on‐demand accounts cannot be created. ...
Page 81: Management Ip Address List
10.2 Management IP Address List To configure the Management IP Address List, go to: System >> General. Only PCs within the Management IP range on the list are allowed to access the system's web management interface. The default value is “0.0.0.0/0.0.0.0”. It means that the WMI can be accessed by any IP address, for security consideration; please change this value before the system provides service. 10.3 IP Address for Accessing User Log To configure User Log Access IP History, go to: System >> General. Specify an IP address of the administrator’s computer or a billing system to get billing history information of the RAYTALK RA‐696 with the predefined URLs. The file name format is “yyyy‐mm‐dd”. ...
Page 82: Snmp
10.4 SNMP To configure SNMP, go to: System>> General. The RAYTALK RA‐696 supports SNMP v1/v2c. If this function is enabled, the SNMP Management IP and the Community string can be assigned for SNMP management applications to access the system. ...
Page 83: Administration
10.5 Administration The RAYTALK RA‐696 supports customizable administration account types, namely Super Group, Manager, On‐Demand Manager or Operator. The default predetermined group of the Administrator is Super group, and the username and password are as follows: Admin: The administrator can access all configuration pages of the RAYTALK RA‐696. Username: admin Password: admin After a successful login to the RAYTALK RA‐696 , a web management interface with a Home manual will appear. Admin is classified under Super Group, with all access and configuration authorities. Super Group members can generate other administrative accounts (Manager, OnDemand Manager and Operator) and configure Password Safety and Group Permission Settings. ...
Page 84 Password Safety Settings: Password rules and requirements can be configured here to facilitate additional security. The following parameters can be configured: Password Complexity, Admin Login Retry Times, Password Expire, and Admin Login Reuse Times. There are three other default Administrative Account groups with predetermined permission settings, and these permission settings can be customized. ...
Page 85 Manager: The manager can only access the configuration pages under User Authentication to manage the user accounts. Operator: The operator can only access the configuration page of Create On‐demand User to create new on‐demand user accounts and print out the on‐demand user account receipts. OnDemand Manager: The OnDemand Manager can only access the application programming interface and generate on‐demand user accounts from the API. There are three additional custom groups for administrators to customize permission settings. Note: To logout, simply click the Logout icon on the upper right corner of the interface to return to the login screen. ...
Page 86: Change Admin Passwords
10.6 Change Admin Passwords To configure Admin passwords, go to: Utilities >> Administrator Account. There are four predetermined levels of authority: Super Group, Manager, Operator, and On‐Demand Manager. The usernames and passwords can be configured at: Utilities >> Administrator Account. Clicking on the hyperlink of the Name allows the administrator to change passwords. The administrator can change the passwords here. Click Admin name on the Admin List, Enter original and new password and click Apply to activate the new password. Note: Only admin has the authority to change password. Caution: If the administrator’s password is lost, the administrator’s password still can be changed through the text mode management interface via the serial console port. ...
Page 87: Backup / Restore And Reset To The Factory Default
10.7 Backup / Restore and Reset to the Factory Default To configure Backup / Restore and Reset to Factory Default, go to: Utilities >> Backup & Restore. This function is used to backup/restore the RAYTALK RA‐696 settings. Also, the RAYTALK RA‐696 can be restored to the factory default settings here.  Backup System Settings: Click Backup to create a .db database backup file and save it on disk.  Restore System Settings: Click Browse to search for a .db database backup file created by the RAYTALK RA‐696 and click Restore to restore to the same settings at the time when the backup file was saved.  Reset to Factory Default: Click Reset to load the factory default settings of the RAYTALK RA‐696. ...
Page 88: Firmware Upgrade
10.8 Firmware Upgrade To configure Firmware Upgrade, go to: Utilities >> System Upgrade. The administrator can download the latest firmware from the website and upgrade the system here. Select the latest firmware with Browse button, then click Apply, the system will upload the file and restart to perform the upgrade process. The firmware upgrade process can also be done via FTP. It might take a few minutes before the upgrade process completes and the new firmware’s WMI interface appears. ...
Page 89: Restart
10.9 Restart To perform system restart, go to: Utilities >> Restart. This function allows the administrator to safely restart the RAYTALK RA‐696, and the process takes approximately three minutes. Reason for restarting the system can be entered for record purposes. Click YES to restart the RAYTALK RA‐696; click NO to go back to the previous screen. Do NOT power off during system restart as this might damage the system. If the power needs to be turned off, it is highly recommended to restart the RAYTALK RA‐696 first and then turn off the power after completing the restart process. Caution: The connection of all online users to the system will be disconnected when system is in the process of restarting. ...
Page 90: Network Utility
10.10 Network Utility To configure Network Utility, go to: Utilities >> Network Utilities. System provides some network utilities for administrators. Both IPv4 and IPv6 are supported. Wake‐on‐LAN is for waking up remote devices that supports Wake‐on‐LAN feature by entering the MAC address of the target device and then press Wake Up button. Ping is to see whether a destination host is reachable and alive by entering the destination host’s domain name or IP address and then press Ping button. Trace Route displays the actual route taken to reach the destination host. Entering the destination host’s domain name or IP address and then press Start button to see the route. ARP Table is for displaying ARP information stored on the system. 10.10.1 Wake‐on‐LAN This allows the system to remotely boot up a power‐down computer connected to a LAN port with Wake‐On‐LAN feature enabled in its BIOS. Enter the MAC Address of the desired device and click Wake Up to execute this function. ...
Page 91: Monitor Ip Link
10.11 Monitor IP Link To configure Monitor IP Link, go to: Network >> Monitor IP. The RAYTALK RA‐696 will send out a packet periodically to monitor the connection status of the IP addresses on the list. On each monitored item with a WEB server running, administrators may add a link for easy access by entering the IP, selecting the Protocol to http or https and then clicking Create. After clicking Create, the IP address will become a hyperlink, and administrators can easily access the host remotely by clicking the hyperlink. Click the Delete button to remove the hyperlink if needed. ...
Page 92: Console Interface
10.12 Console Interface Via the console port, administrators can enter the console interface to handle problems and situations occurred during operation. 1. In order to connect to the console port of the RAYTALK RA‐696, a console, modem cable, and a terminal simulation program, such as the Hyper Terminal are needed. 2. If a Hyper Terminal is used, please set the parameters as 9600, 8, None, 1, None. Caution: The main console is a menu‐driven text interface with dialog boxes. Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter. 3. Once the console port of the RAYTALK RA‐696 is connected properly, the console main screen will appear automatically. If the screen does not appear in the terminal simulation program automatically, please try to press the arrow keys so that the terminal simulation program will send some messages to the system, and the welcome screen or main menu should appear. If the welcome screen or main menu of the console still does not pop up, please check the connection of the cables and the ...
Page 93  Ping host (IP): By sending ICMP echo request to a specified host and waiting for the response to test the network status.  Trace routing path: Trace and inquire the routing path to a specific target.  Display interface settings: It displays the information of each network interface setting including the MAC address, IP address, and Netmask.  Display the routing table: The internal routing table of the system is displayed, which may help to confirm the Static Route settings.  Display ARP table: The internal ARP table of the system is displayed.  Sniff on interface: This is used to confirm if data packets are passing through the interface.  Display system up time: The system life time (time for system being turned on) is displayed.  Check service status: Check and display the status of the system.  Set device into “safe mode”: This is used if the administrator is unable to use Web Management Interface via browser ...
Page 94  Change admin password Besides supporting the use of console management interface through the connection of null modem, the system also supports the SSH online connection for the setup. When using a null modem to connect to the system console, we do not need to enter administrator’s password to enter the console management interface. The username and password is needed instead when connecting the system by SSH. The username is “admin” and the default password is also “admin”, which is the same as for the web management interface. Password can also be changed here. If administrators forget their password and are unable to log in to the management interface from the web or the remote end of the SSH, they can still use the null modem to connect to the console management interface and set the administrator’s password again. Caution: Although it does not require a username and password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore, we recommend you to immediately change the RAYTALK RA‐696 Admin username and password after your first login to the system.  Reload factory default Choosing this option will reset the system configuration to factory defaults.  Restart the RAYTALK RA‐696 Choosing this option will restart the RAYTALK RA‐696. ...
Page 95: System Status And Reports
11 System Status and Reports 11.1 Viewing the Status This section includes System, Interface, Routing Table, Current Users, Session List, User Logs, Logs, DHCP Lease and Report & Notification to provide system status information and online user status. 11.1.1 System Status To view System Status, go to: Status >> System. This section provides an overview of the system for the administrator. ...
Page 96 The description of the above‐mentioned table is as follows: Description Item The total time system has operated Up Time The present firmware version of the RAYTALK RA‐696 Firmware Version The present build number of the firmware Build The system name. The default is Wireless Hotspot Access Point System Name Portal URL The page users are directed to after initial login success The IP address and port number of the external SYSLOG Server. N/A SYSLOG server‐ System Log means that it is not configured The IP address and port number of the external SYSLOG Server. N/A SYSLOG server‐ On‐demand Users Log means that it is not configured Proxy Server Shows status of built‐in Proxy Server Shows whether the status for the connection at WAN is normal or abnormal Warning of Internet Disconnection (Internet Connection Detection) and all online users are allowed/disallowed to log in the network Shows status of option to enable or disabled system info retrieval via SNMP SNMP protocol User Log ...
Page 97: Interface Status
11.1.2 Interface Status To view Interface Status, go to: Status>> Interface. This section provides an overview of the interface for the administrator including WAN, Zone‐Private and Zone‐Public. The description of the table is as follows: Description Item Mode Shows WAN interface settings: Static, Dynamic, PPPoE or PPTP The MAC address of the WAN port MAC Address The IP address of the WAN port IP Address WAN Subnet Mask The Subnet Mask of the WAN port The IPv6 address of WAN port if applicable IPv6 Address IPv6 Prefix The IPv6 prefix if applicable ...
Page 98: Routing Table
11.1.3 Routing Table To view System Status, go to: Status >> Routing Table. All the Policy Routing rules and Global Policy Routing rules for both IPv4 and IPv6 will be listed here. It will also show the System Routing rules specified by each interface. The following depicts an image for the IPv4 Routing Table.  Policy 1~5: Shows the information of the individual Policy from 1 to 5.  Global Policy: Shows the information on the Global Policy.  System: Shows the information on the system administration. > Destination: The Destination IP address. > Subnet Mask: The Subnet Mask of the IP address range. > Gateway: The Gateway IP address of the interface. > Interface: Including WAN, Private and Public. ...
Page 99: Current Users
Non‐Login Devices shows users that have acquired an IP address from the system’s DHCP server but have not yet been authenticated, either under the LAN or remotely tunneled site. This feature is designed for administrators to keep track of systems’ resources from being exhausted. The list shows the client’s MAC Address, IP Address and associated VLAN ID, as well as the Service Zone. The On‐demand Roaming Out User List shows the users that are authenticated by other gateways using this RayTalk RA‐696’s On‐demand database as RADIUS database. ...
Page 100: Session List
11.1.5 Session List This page allows the administrator to inspect sessions currently established between a client and the system. Each result displays the IP and Port values of the Source and Destination. You may define the filter conditions and display only the results you desire. 11.1.6 User Log To view User Log, go to: Status >> User Log. This page is used to check the traffic history of the RayTalk RA‐696. The history of each day will be saved separately in the RAM memory for at least 3 days (72 full hours). The system also keeps a cumulated record of the traffic data generated by each user in the last 2 calendar months. ...
Page 101 Caution: Since the history is saved in the RAM memory, if you need to restart the system at the same time, please keep the history, manually by copying and saving the traffic history information before restarting. ...
Page 102 If the Receiver E‐mail Address(es) has been entered under the Notification Settings page, the system will automatically send out these history information to that specified email address.  Users Log All user activities on the system within 72 hours excluding other user logs such as On‐demand user log are recorded; in date and time order. Each line is a traffic history record consisting of 17 fields, including Date, Type, Name, IP, IPv6, MAC, Pkts In, Bytes In, Pkts Out, Bytes Out, and other information of the user activities.  On‐demand User Log Each line is a on‐demand user log record consisting of 25 fields, Date, System Name, Type, Name, IP, MAC, Pkts In, Bytes In, Pkts Out, Bytes Out, Activation Time, 1st Login Expiration Time, Remark, and other information, of On‐demand user activities are included.  Roaming Out User Log Each line is a roaming out traffic history record consisting of 14 fields, Date, Type, Name, NSID, NASIP, NASPort, UserMAC, SessionID, SessionTime, Bytes in, Bytes Out, Pkts In, Pkts Out and Message, of user activities. ...
Page 103: Local User Monthly Network Usage Report
11.1.7 Local User Monthly Network Usage Report To view Local User Monthly Network Usage, go to: Status >> User Log.  Monthly Network Usage of Local User The system keeps a cumulated record of the traffic data generated by each Local user in the last 2 calendar months. Each line in the ‘Monthly Network Usage of Local User’ record (hyperlinked) consists of 6 fields, Username, Connection Time Usage, Packets In, Bytes In, Packets Out and Bytes Out of user activities. o Username: Username of the local user account. o Connection Time Usage: The total time used by the user. o Pkts In/ Pkts Out: The total number of packets received and sent by the user. o Bytes In/ Bytes Out: The total number of bytes received and sent by the user. > Download Monthly Network Usage of Local User: Click the Download button for outputting the report manually to a local database. A warning message will then appear. Click Save to download the record into .txt format. ...
Page 104: System Related Logs
11.1.8 System Related Logs To configure System related logs, go to: Status >> Logs. This page displays the system’s local log information since system boot up. Administrators can examine the log entries of various events. However, since all these information are stored on volatile memory, they will be lost during a restart/reboot operation. Therefore if the log information needs to be documented, the administrator will need to make back up manually. ‐ System Log This page displays system related logs for event tracing. ‐ Web Log This page shows which of the web pages have been accessed on the RayTalk RA‐696’s built‐in web server. ‐ UAMD Log This page displays the UAM related information output from the UAM daemon. ‐ RADIUS Server Log This page displays the RADIUS messages that pass through the MiMo Hot Spot Access Point Wi‐Fi RayTalk RA‐696. ‐ On‐demand Billing Report Log This page displays a summary of On‐demand account transactions. ...
Page 105: Dhcp Lease
11.1.9 DHCP Lease To configure DHCP Lease related logs, go to: Status >> DHCP Lease. The DHCP IP lease statistics can be viewed after clicking on Show Statistics List in this page. ‐ Statistics of offered list Valid lease counts of the Last 10 Minutes, Hours and Days are shown here. The header 1 ~ 10 are the unit multipliers. For instance the number under column 2 indicates the lease count in the last 20 minutes/hours/days, the number under column 3 indicated the lease count in the last 30 minutes/hours/days and so on. ‐ Statistics of expired list IP leased to clients that have expired in the Last 10 Minutes, Hours and Days are shown here. The header 1 ~ 10 are the unit multipliers. For instance the number under column 2 indicates the expired count in the last 20 minutes/hours/days, the number under column 3 indicates the expired count in the last 30 minutes/hours/days and so on. ‐ DHCP Lease List Valid IP addresses issued from the DHCP Server and related information of the client using this IP address is displayed here. ...
Page 106: Notification
11.2 Notification To configure Notification, go to: Status >> Report & Notification. The RAYTALK RA‐696 can automatically send the notifications of Monitor IP Report, Users Log, On‐demand User Log, Roaming Out Users Log, Roaming In Users Log, Firewall Log, Session Log and On‐demand User Billing Report to up to 5 particular e‐mail addresses. A trial email is provided by the system for validation. Secondly, the system supports recording of Users Log, On‐demand Users Log, Roaming Out Users Log, Roaming In Users Log, Session Log, Firewall Log, and Local HTTP Web Log, HTTP Web Log and DHCP Server Log via external SYSLOG servers. Thirdly, Users Log, On‐demand Users Log, Roaming Out Users Log, Roaming In Users Log, Session Log, On‐demand User Billing Report, Local HTTP Web Log, HTTP Web Log, WMI Configuration Log, DHCP Lease Log and Traffic Report can also be configured to be sent to an external FTP server. In addition, the Event Log section on WMI displays clients associate and disassociate messages. ...
Page 107: E-Mail
11.2.1 E‐Mail  SMTP Settings: > Receiver Email Address (es): Up to 5 e‐mail addresses can be set up to receive the notification. There are eight kinds of notification for selection ‐‐ Monitor IP Report, Users Log, On‐demand Users Log, Roaming Out Users Log, Roaming In Users Log, Session Log, Firewall Log, and On‐demand Billing Report, check the selection box to choose the type of notification to be sent. > Sender Email Address: The e‐mail address of the administrator in charge of monitoring. This will show up as the sender’s e‐mail. > SMTP Server: The IP address of the sender’s SMTP server. > SMTP over SSL: Enable or Disable SMTP over SSL for additional security > SMTP Authentication: The system provides four authentication methods, Plain, Login, CRAM‐MD5 and NTLMv1, or “None” to use none of the above. Depending on which authentication method is selected, enter the Account Name, Password and Domain. NTLMv1 is not currently available for general use. Plain and CRAM‐MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms. Only Plain and Login can use the UNIX login password. Netscape uses Plain. Outlook and Outlook express use Login as default, although they can be set to use NTLMv1. Pegasus uses CRAM‐MD5 or Login however the method to be used cannot be configured.  Notification E‐mail Settings: ...
Page 108: Syslog
11.2.2 SYSLOG  SYSLOG Server Settings: There are 9 types of SYSLOG supported: Users Log, On‐demand Users Log, Roaming Out Users Log, Roaming In Users Log, Session Log, Firewall Log, Local HTTP Web Log, HTTP Web Log and DHCP Server Log. Enter the IP address and Port number to specify the SYSLOG server where the report should be sent to. Except for System Log, each supported log may be assigned Tag information as well as SYSLOG standard attributes Severity to meet the filtering requirements on the SYSLOG Server. HTTP Web Log can further select which Service Zone Web interface information to log. For each type of log information, whenever an incident occurs and data is updated, the updated log will be immediately sent to the configured SYSLOG server. ...
Page 109: Ftp
Anonymous: Check option “Yes” if the FTP server does not need ID credentials, otherwise check option > “No” and fill in the necessary Username and Password. FTP Setting Test: To test if the FTP settings are correct or not. > User Log: Records the User Log of the system to a specific FTP server. > On‐demand User Log: Records the On‐demand User Log of the system to a specific FTP server. > Roaming Out / In Users Log: Records the Roaming Out / In Users Log to a specific FTP server. > Session Log: Log each connection created by users and track the source IP/Port and destination IP/Port. > Session Log will be sent to the FTP server automatically in every defined interval in Session Log email notification. Session Log allows uploading the log file to a FTP server periodically. The maximum log file size is 256K. The log file will also be sent to the FTP server once the file size reaches its maximum size. On‐demand User Billing Report: Records the On‐demand User Billing Report to a specific FTP server. > Local HTTP Web Log / HTTP Web Log: Records the URL of websites visited by users accessing the internet via the > RAYTALK RA‐696 to a specific FTP server. WMI Configuration Log: Records the WMI Configuration Log of the system to a specific FTP server. > DHCP Lease Log: Records the DHCP Lease Log of the system to a specific FTP server. > Traffic Report: Records the Traffic Report of the system to a specific FTP server. > ...
Page 110 Server Folder: The folder in the configured FTP Server in which the sent Log will be placed. > Interval: The time interval at which the Log will be sent. > Logged Interface: The check box of Public or Private shall be checked to enable logging the HTTP Web Log of this interface. > ...
Page 111: Advanced Applications
12 Advanced Applications 12.1 Upload/Download Local User Accounts To Upload / Download Local Users Accounts, go to: Users >> Authentication, click Configure for the Local Authentication Database. Or click Quick Links >> Local User Management from system Home page.  Upload User: Click Upload User to enter the Upload User from File interface. Click the Browse button to select the text file for uploading user accounts, then click Upload to complete the upload process. ...
Page 112 When the system uploads a file, any format error or duplicated username will terminate the uploading process and no account will be uploaded. Please correct the format in the uploading file or delete the duplicated user accounts in the database then try again. • Download User: Use this function to create a .txt file with all Local user account information and save it on a disk. ...
Page 113: Radius Advanced Settings
12.2 RADIUS Advanced Settings To configure RADIUS Advanced Settings, go to: Users >> Authentication. Click Configure for the RADIUS Authentication Database. > Complete vs. Only ID vs. Leave Unmodified For RADIUS authentication, there is an option to send the complete username with postfix or username only. Username Format: When the Complete option is checked, both the username and postfix will be transferred to the RADIUS server for authentication. On the other hand, when the Only ID option is checked, only the username will be transferred to the external RADIUS server for authentication. If the Leave Unmodified option is selected, the system will send the username to Default Auth Server set in 802.1X configuration page for authentication. > NAS Identifier System will send this value to the external RADIUS server, if needed by the external RADIUS server. > NAS Port Type System will send this value to the external RADIUS server, if needed by the external RADIUS server. > Class‐Group Mapping ...
Page 114: Roaming Out
12.3 Roaming Out To configure local user Roaming Out, go to: Users >> Authentication, click configure for Local. Under certain configurations, the RAYTALK RA‐696 can act as a RADIUS server for Roaming Out local users logged from another system. The Local User database will act as the RADIUS user database.  Account Roaming Out & 802.1X Authentication: When Account Roaming Out is enabled; the link of Roaming Out & 802.1X Client Device Settings will be available to define the client device authorized to roam by entering the IP address, ...
Page 115 12.4 Customizable Pages To configure Custom Pages, go to: System >> Service Zones, click Configure in Public zone. There are several user login and logout pages that can be customized by the administrator. You can select Default Page, Template Page, Uploaded or External Page.  Disclaimer Page: The Disclaimer Page is for the hotspot owner or MIS staff who wants to display ‘terms of use” or announcement information before the user login page. Click Configure, the setup page will appear. An unauthorized client will receive a disclaimer page once opening the web browser. If a client selects “I agree” and clicks Next, then he or she will proceed to the User Login Page for client to login with username and password. The Disclaimer Page can be Enabled at: System >> General  Template Page: To utilize the template user pages stored locally in the system, choose Template Page and configure the necessary settings as follows. Click Select (hyperlinked) to pick up a color for each item and fill in your copyright message. You can also upload a Logo image file for your template with the Preview and Edit the Image File button. Click Configure, the setup page will appear for the corresponding page where you can change the text displayed as you wish. After setting is finished, click Preview to see the result. If you are happy with the customized pages, click Apply to activate the changes made.  Uploaded Page: Choose the Uploaded Page option if you wish to upload your own html coded page. Click Configure for each custom page and upload the HTML file and corresponding image files and click Apply. ...
Page 116: Appendix A. Policy Priority
Appendix A. Policy Priority Global Policy, Authentication Policy and User Policy The RAYTALK RA‐696 supports multiple Policies, including one Global Policy and 5 individual Policies can be assigned to different Authentication Server. Global Policy is the system’s universal policy and is applied to all clients, while other individual Policies can be selected and defined to be applied to any Authentication Server. For some authentication, such as Local and RADIUS, users can be assigned to different Policies individually. One user may be applied to a different policy at the same time. Which policy is actually applied to this user? The Policy Priority is enforced as follows: User Policy >> Authentication Policy >> Global Policy Now, let us discuss the different user policy types: > For Local and RADIUS, users can be assigned to different policies individually. For example, a Local user, user01, is assigned to Policy1 and the Local Authentication Policy2. When user01 logs in to Public Zone, user01 will be governed under Policy1. This is a common case for users that can be assigned a Policy individually. > For Local and RADIUS, if these users are not assigned under any User Policy individually, they will be governed under the same policy as others within the same authentication server. For example, if the Local Authentication is assigned to Policy3, a Local user01 when logged in to Public Zone will get Policy3. This is another common case for users that are assigned Policy by the authentication server. > If a User is not assigned a Policy individually and the authentication server is also not assigned a Policy, then the Global Policy will be applied to all users. For example, a Local user, user01, is assigned to None Policy and the Local Authentication is also assigned to None Policy on User list. Then user01 logged in to Public Zone will be applied with the Global Policy. In conclusion, the Global Policy has the lowest policy priority; the User Policy has the highest priority. ...
Page 117: Appendix B. Wds Management
Appendix B. WDS Management The Public Zone of the RAYTALK RA‐696 supports up to 2 WDS links. WDS (Wireless Distribution System) is a function used to connect APs (Access Points) wirelessly to extend wireless coverage. The WDS management function of the system can help administrators to setup two WDS links. To configure WDS, go to: System >> Service Zones, click Configure in Public zone. WDS (Wireless Distribution System) is a function used to connect APs (Access Points) wirelessly. The WDS management function of the system can help administrators to setup two WDS links.  WDS Status: Select Enable to activate this WDS link.  MAC Address of Remote AP: Enter the MAC of the remote AP that generates a WDS link with the RayTalk RA‐696.  Security Type: WEP: WEP Key Length may be 64 bits, 128 bits or 152 bits; and WEP Key Format can be ASCII or HEX. Enter the applicable WEP Key. WPA‐PSK: Select the preferred ciphering method, TKIP or AES and enter the PSK / Pass‐phrase. ...
Page 118: Appendix C. Radius Accounting
Appendix C. RADIUS Accounting This section will briefly introduce the basic configuration of RADIUS server to work with VSA for controlling the maximum client volume usage (upload; download or upload + download traffic). This VSA will be sent from the RADIUS server to the gateway along with an Access‐Accept packet. In other words, when the external RADIUS server accepts the request, it will reply not only an Access‐Accept but also a maximum value in bytes each user is allowed to transfer. This value can be the maximum upload traffic, the maximum download traffic, or the sum of the download and upload traffics in bytes per user. The gateway will check this value every minute; if the user traffic reaches this value, the gateway will stop the session of this user and send a “Stop” to RADIUS server. 1. Description VSA is designed to allow vendors to support their own extended Attributes which are not covered in common attributes. It MUST not affect the operation of the RADIUS protocol. “Attribute Number” and “Attribute Value” can then be designed to provide additional control over RADIUS. If the amount of traffic is larger than 4 GB, the attributes of “XXXX‐4GB” will be used. On the other hand, when the administrator fills in all attributes, the user will be kicked out from the system if any condition is reached. ...
Page 119 Step 2 Run “Internet Authentication Server” and open “Remote Access Policies” Right‐click Policy and scroll down to the Properties page. Step 3 Click Edit Profile and select the Advanced Tag. Click Add to add a new Vendor‐specific attribute. ...
Page 120 Step 4 Add a new attribute under Vendor‐specific Check Yes to conform to the RADIUS RFC. Click Configure Attribute to proceed. Set “Vendor‐assigned attribute number = 10” Select “Attribute format = Hexadecimal” Set “Attribute Value = 1000000” Step 5 Confirm whether the Vendor‐specific Attribute has been added successfully Step 6 Follow the same steps to create other Vendor‐specific Attributes if needed. ...
Page 121: Vsa Configuration In Radius Server (Freeradius)
3. VSA configuration in RADIUS server (FreeRADIUS) This section will guide you through VSA configuration with FreeRADIUS v1.0.5 running on “Fedora”. Before getting started, open the shell of RADIUS server; for example, use Putty to access the Linux host: Step 1 Confirm the following key elements in the RADIUS server: users, groups Verify whether there are already users in the RADIUS Server. Verify whether there are already Groups and assigned users belonging to these Groups in the RADIUS Server. Step 2 Log in to the Linux host of the RADIUS server. Step 3 Create a file under the “freeradius” folder. Step 4 Edit and save the contents of the file as follows: Administrator can also add other attributes as the table stated in Section 2 with the same format. Step 5 Edit the file under the folder “freeradius”. Step 6 To include “the file in the dictionary of RADIUS server, insert it in an incremental position as follows. ...
Page 122 Step 7 Open the “radius” database. Step 8 Insert VSA into RADIUS response. In this example, the maximum download and upload traffics in bytes for group03 users is 1MBytes. Step 9 Restart RADIUS daemon to get your settings activated. ...
Page 123: Appendix D. On-Demand Account Types & Billing Plan
Appendix D. On‐demand Account types & Billing Plan This section explains the parameters as well as the different account types provided when editing billing plans in On‐demand authentication. Usage‐time with Expiration Time: Users can access internet as long as account is valid with remaining quota (usable time). Users need to activate the purchased account within a given time period by logging in. It is Ideal for short‐term usage, namely in coffee shops, at airport terminals, etc. This billing type only deducts quota when internet is being used. However, the countdown to Expiration Time is continuous regardless of logging in or out. Account would expire when the Valid Period is used up or the quota depleted. ‐Quota is the total period of time (xx days yy hrs zz mins), during which On‐demand users are allowed to access the network. The total maximum quota is “364Days 23hrs 59mins 59secs” even after redeeming. ‐Account Activation is carried out when the user logs in for the first time. Failing to do so in the period set in Account Activation will result in account expiration. ‐Valid Period is the valid period of usage time. After this time period, even if there is remaining quota, the account will still expire. ‐Price is the unit price of this plan. ‐Group will be the applied Group to users created from this plan. ...
Page 124 ...
Page 125 ...
Page 126 ‐Hotel Cut‐off‐time: Hotel Cut‐off‐time is the clock time (normally check‐out time) at which the on‐demand account is cut off (made expired) by the system on the following day or many days later. On the account creation UI of this plan, operator can enter a Unit value which is the number of days to Cut‐off‐time according to customers’ stay time. For example: Unit = 2 days, Cut‐off Time = 13:00 then account will expire on 13:00 two days later. Grace Period is an additional, short period of time after the account is cut off that allows user to continue to use the on‐demand account to access the Internet without paying additional fee. Unit Price is the daily price of this billing plan. It is mainly used in hostel (hotel?) venues to provide internet service according to guests’ stay time. Group will be the applied Group to users created from this plan. Reference field allows administrator to input additional information. ...
Page 127 Volume: Users can access internet as long as his/her account has remaining traffic volume quota. The account will expire when Valid Period has been used up or the quota is depleted. This type is ideal for small quantity of applications such as sending/receiving email, transferring a file, etc. Count down of Valid Period is continuous regardless of logging in or out. Quota is the total Mbytes (1~2000) On‐demand users are allowed to use to access the network. Account Activation is carried out when the user logs in for the first time. Failing to do so in the period set in Account Activation will result in account expiration Valid Period is the valid period of usage time. After this time period, the account will expire even if there is remaining quota. Price is the unit price of this plan. Group will be the applied Group to users created from this plan. Reference field allows administrator to input additional information. ...
Page 128 ...
Page 129 Duration‐time with Elapsed Time: Account is activated upon the account creation time. Countdown begins immediately after account creation and is continuous regardless of logging in or out. The account will expire once the Elapsed Time is reached. This billing type is ideal for providing internet service immediately after account creation throughout a specific period of time. Begin Time is the time that the account will be activated for use. It is set to account creation time. First time login is set to require users to log in within a specified period of time. Elapsed Time is the time interval for which the account is valid for internet access (xx hrs yy mins). Price is the unit price of this plan. Group will be the applied Group to users created from this plan. Reference field allows administrator to input additional information. ...
Page 130 Duration‐time with Cut‐off Time: Cut‐off Time is the clock time at which the on‐demand account is cut off (made expired) by the system on that day. For example if a shopping mall closes at 23:00, operators selling on‐demand tickets can use this plan to create a ticket set to be Cut‐off on 23:00. If an account of this kind is created after the Cut‐off Time, the account will automatically expire. ...
Page 131 Duration‐time with Begin‐and End Time: This plan defines explicitly the Begin Time and End Time of the account. Countdown begins immediately after account activation and expires when the End Time is reached. This plan is ideal for providing internet service throughout a specific period of time; for example during exhibition events or large conventions where each registered participant will get an internet account valid from 8:00 AM Jun 1 to 5:00 PM Jun 5. Account can be created in batch similar to creating coupons. Begin Time is the time that the account will be activated for use, defined explicitly by the operator. End Time is the time that the account will expire, defined explicitly by the operator. Price is the unit price of this plan. Group will be the applied Group to users created from this plan. Reference field allows administrator to input additional information. ...
Page 132: Appendix E. External Payment Gateways
Appendix E. External Payment Gateways This section is to show independent Hotspot owners how to configure related settings in order to accept payments via Authorize.net, PayPal, SecurePay or WorldPay, making the Hot Spot Wi‐Fi an e‐commerce environment for end users to pay for and obtain Internet access with credit cards. 1. Payments via Authorize.Net To configure Payments via Authorize.Net, go to: Users >> Authentication >> On‐demand User >> External Payment Gateway >> Authorize.Net. Before setting up “Authorize.Net”, it is required that the merchant owners have a valid Authorize.Net account. > Authorize.Net Payment Page Configuration Merchant ID: This is the “Login ID” that comes with the Authorize.Net account Merchant Transaction Key: The merchant transaction key is similar to a password and is used by Authorize.Net to authenticate transactions. ...
Page 133 > Service Disclaimer Content/ Choose Billing Plan for Authorize.Net Payment Page/Client’s Purchasing Record Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding a new or editing service disclaimer. Choose Billing Plan for Authorize.Net Payment Page These 10 plans are the plans configured in the Billing Plans page, and all previously enabled plans can be further enabled or disabled here, as needed. Client’s Purchasing Record  Starting Invoice Number: An invoice number may be provided as additional information for a transaction. The number will be incremented automatically for each following transaction. Click the “Change the Number” checkbox to change it. ...
Page 134 Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content > Authorize.Net Payment Page Fields Configuration  Item: Check the box to show this item on the customer’s payment interface.  Displayed Text: Enter what needs to be shown for this field.  Required: Check the box to indicate this item as a required field.  Credit Card Number: Credit card number of the customer. The Payment Gateway will only accept card numbers that correspond to the listed card types.  Credit Card Expiration Date: Expiration date of the credit card. This should be entered in the format of MMYY. For example, the expiration date of July September 2009 should be entered as 0709. ...
Page 135  Customer ID: This is an internal identifier for customers that may be associated with the billing information for a transaction. This information field may contain any format.  First Name: The first name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter John in the First Name field indicating this customer’s name.  Last Name: The last name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter Doe in the Last Name field indicating this customer’s name.  Company: The name of the company associated with the billing or shipping information entered on a given transaction.  Address: The address entered either in the billing or shipping information of a given transaction.  City: The city associated with either the billing address or shipping address of a transaction.  State: A state associated with both the billing and shipping address of a transaction. This may be entered as either a two‐ character abbreviation or the full text name of the state.  Zip: The ZIP code represents a five or nine digit postal code associated with the billing or shipping address of a transaction. This may be entered as five digits, nine digits, or five digits and four digits.  Country: The country associated with both the billing and shipping address of a transaction. This may be entered as either an abbreviation or full name.  Phone: A phone number associated with both a billing and shipping address of a transaction.  Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number.  Fax: A fax number may be associated with the billing information of a transaction. This number  may be entered as all number or contain parentheses and dashes to separate the area code and number. Authorizie.Net Payment Page Remark Content ...
Page 136: Payments Via Paypal
2. Payments via PayPal To configure Payments via PayPal, go to: User >> Authentication >> On‐demand User >> External Payment Gateway >> PayPal. Before setting up “PayPal”, it is required that the hotspot owners have a valid PayPal “Business Account”. After opening a PayPal Business Account, the hotspot owners should find the “Identity Token” of this PayPal account to continue with “PayPal Payment Page Configuration”. > External Payment Gateway / PayPal Payment Page Configuration o Business Account: The “Login ID” (an email address) associated with the PayPal Business Account. o Payment Gateway URL: The default website address to post all transaction data. o Identity Token: This is the key used by PayPal to validate all the transactions. o IPN behind NAT: IPN is the acronym of Instant Payment Notification which is a mechanism adopted by PayPal for identifying the outcome of a transaction. When this option is enabled, an upstream NAT server may be designated for accepting the IPN message from PayPal. This is a mandatory configuration item if the WAN IP of your gateway in not a public IP address, corresponding NAT translation configurations are necessary. o Verify SSL Certificate: This is to help protect the system from accessing a website other than PayPal o Currency: The currency to be used for payment transaction. ...
Page 137 > Service Disclaimer Content / Choose Billing Plan for PayPal Payment Page  Service Disclaimer Content: View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here.  Choose Billing Plan for PayPal Payment Page: These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled. > Client’s Purchasing Record / PayPal Payment Page Remark Content Client’s Purchasing Record:  Starting Invoice Number: An invoice number may be provided as additional information for the transaction. This is a reference field that may contain any sort of information. ...
Page 138: Payments Via Securepay
3. Payments via SecurePay To configure Payments via SecurePay, go to: Users >> Authentication >> On‐demand User>> External Payment Gateway >> SecurePay. Before setting up “SecurePay”, it is required that the hotspot owners have a valid SecurePay “Merchant Account” from its official website. ...
Page 139: Payments Via World Pay
> SecurePay Page Configuration Merchant ID: The ID that is associated with the Merchant Account. Merchant Password: This is the key used by Secure Pay to validate all the transactions. Payment Gateway URL: The default website address to post all transaction data. Verify SSL Certificate: This is to help protect the system from accessing a website other than Secure Pay. Currency: The currency to be used for the payment transactions. > Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here. > Choose Billing Plan for SecurePay Payment Page These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled. > SecurePay Payment Page Remark Content The message content will be displayed as a special notice to end customers. 4. Payments via World Pay To configure Payments via WorldPay, go to: Users >> Authentication >> On‐demand User >> External Payment Gateway >> WorldPay. > ...
Page 140 transaction data. Currency: The currency to be used for the payment transactions. > Service Disclaimer Content View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here. > WorldPay Billing Configuration These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled. > WorldPay Note Content The message content will be displayed as a special notice to end customers. ...
Page 141 Before setting up “WorldPay”, it is required that the hotspot owners have a valid WorldPay “Merchant Account” from its official website: RBS WorldPay: Merchant Services & Payment Processing, going to rbsworldpay.com >> support center >> account login. STEP1. Log in to the Merchant Interface. > Login url: w ww.rbsworldpay.com/support/index.php?page=login&c=WW > Select Business Gateway ‐ Formerly WorldPay > Click M erchant Interface > Username: user2009 > Password: user2009 STEP2. Select Installations from the left hand navigation STEP3. Choose an installation and select the Integration Setup button for the specific environment. Installation ID: 239xxx > STEP4. Check Enable Payment Response checkbox. ...
Page 142: Appendix F. Portal Page Customization
Appendix F. Portal Page Customization Since every Service Zone have their own configuration profiles and acts like a virtual gateway, administrators can customize or define their own portal pages utilized by users of that Service Zone. The customizable pages of a Service Zone are: Disclaimer Page, Login Page, Logout Page, Login Success Page, Login Fail Page, Logout Success Page, Logout Fail Page, Login Success Page for On‐demand User, Port Location Mapping Free Login Page, Port Location Mapping Charge Login Page. Main Menu >> System>Service Zone >> Service Zone Configuration For each customizable page, the available customization options are to use: Default Page, Template Page, Uploaded Page, or External Page. Main Menu >> System >> Service Zone >> Service Zone Configuration >> Login Page Default Page uses a web page stored within the system, its format and content cannot be changed. Template Page also uses a web page stored within the system, but the contents such as text color, background color displayed text and logo can be configured according to your preferences. Uploaded Page is to upload yourself defined web page into the system, and use it as portal page displayed to the user. External Page uses a web page stored in an external web server as the portal page for your users. Because the pages are located on a remote server, therefore special efforts are required by these external pages to parse, process and send necessary URL parameters to and from the system. ...
Page 143: How External Pages Operate
How External Pages Operate Choose External Page if you desire to use an external web page for your custom pages. Simply enter the URL of your external webpage, click Preview button to check if it is reachable, take a look at how your external webpage will be displayed, then click Apply button. Main Menu >> System >> Service Zone >> Service Zone Configuration >> Login Page When a user connects to this Service Zone, opens a web browser and attempts to access the internet, the system will redirect the user to the external login page configured. Gateway while redirecting users to the external web page will also send URL parameters required for the operation, for instance user authentication. Therefore, each self‐defined external pages (Login, Logout, Login Success, Logout Success, etc.) requires codes to handle URL parameters to and from the Gateway. A simple example is illustrated below for Login Page, please refer to External Login Page Parameters for URL parameter relating to other pages such as Login Success Page ... and etc. Therefore it is important that your external pages are designed by someone with good knowledge of URL parameter utilization. Diagram below explains how External Page operates using user login flow as illustration: ...
Page 144 The URL parameters sent by the Gateway to the external login page are as follows: Field Value Description loginurl String (URL encoded) The URL which shall be submitted when user login. remainingurl String (URL encoded) The URL which shall be submitted when user want to get remaining quota. vlanid Integer (1 ~ 4096) VLAN ID gwip IP format Gateway activated WAN IP address client_ip ...
Page 145 <script language="Javascript"> form.action = getVarFromURL(window.location.href, 'loginurl'); </script> <INPUT type="text" name="myusername" size="25"> <INPUT type="password" name="mypassword" size="25"> <INPUT name="button_submit" type="submit" value="Enter"> <INPUT name="button_clear" type="button" value="Clear"> </FORM> The following shows the corresponding self‐defined javascript function used to parse the loginurl parameter: function getVarFromURL(url, name) { if(name == "" || url == "") { return ""; } name = name.replace(/[\[]/|"\\\[").replace(/[\]]/|"\\\]"); var regObj = new RegExp("[\\?&]"+name+"=([^&#]*)"); var result = regObj.exec(url); if(result == null) { return ""; } else { return decodeURIComponent(result[1]); } } ...
Page 146: Appendix G. Terminal Server Setup
Appendix G. Terminal Server Setup Overview of Network Ticket Generator RT‐TO696RF is an innovative product RayTalk offers to facilitate the communication between Hot Spot Wi‐Fi Access Point and Internet Subscriber Gateway and serial POS printer. It is mainly used to have the connected printer fast‐print necessary account information extracted from Hot Spot Wi‐Fi Access Point or Internet Subscriber Gateway for a user who would like to access the Internet or managed networks, making provisioning of wired or wireless connection easier and more user‐friendly. What is noteworthy is that, RT‐TO696RF supports wireless connectivity to the uplink gateway. That is, operators now can deploy a network with lesser physical wires. Here is a deployment example: ...
Page 147 LED Panel LED indicators Power When the power adapter is connected, Power will become constantly on; when disconnected, the light turns into constantly off. Always check if Power is on before using RT‐TO696RF. Status 1. Short illuminated intervals means RT‐TO696RF successfully booted up. It flashes slowly. 2. Long illuminated intervals means RT‐TO696RF and uplink device connected 3. Special flashing means the keypad locked. The indicator fast‐blinks twice periodically. Note: <TAS Mode only> 4. Fast flashing means RT‐TO696RF trying to connect to uplink device. 5. Constantly off for ten seconds means RT‐TO696RF fails to connect to uplink device after step 4. Afterwards, Status will go back to step 1. 6. Constantly on for ten seconds means RT‐TO696RF succeeds in connecting to uplink device after step 4. Afterwards, Status will go to step 2. Ethernet Ethernet turns into constantly on w hen an Ethernet cable is connected. Ethernet blinks when the system detects wired traffic passing Ethernet. It is constantly off w hen no cable is connected. WLAN WLAN behaves similarly as Ethernet ‐ becoming constantly on when wireless connectivity is enabled (not necessarily connected. It just means that the RF card is ready to serve). WLAN blinks when the system detects wireless traffic. It is constantly off if the RF card is disabled. Understanding the LED indicators There are four LED indicators on the panel : Power, Status, LAN, and WLAN from left to right. Below summarizes all indication types in different states: ...
Page 148: Including Rt-To696Rf Into Your Network
Including RT‐TO696RF into Your Network 1. Put relevant devices in place. 2. Attach a RT‐TO696RF to a power adaptor provided in the package. 3. Attach a POS printer to a power adaptor provided in the package and turn on the power switch situated on the left side of the device. 4. Connect a POS printer to the Console port of RT‐TO696RF by a RS‐232 cable provided within the POS printer package. 5. Connect RT‐TO696RF to your RayTalk Internet Subscriber Gateways via Ethernet port or wirelessly. If you are to do it wirelessly, conduct a site survey in the first place. The wireless coverage is subject to change. 6. To verify if the deployment works fine. Press FUNC + ‘1’ + ENTER to see if RT‐TO696RF is attached to a correct gateway and get an IP address from it. Additionally, press ‘Number’ + ENTER to see if an account with a certain billing plan can be printed out. If it is not working properly, go to Appendix A for trouble shooting. ...
Page 149: Managing Rt-To696Rf On The Web Management Interface
Managing RT‐TO696RF on the Web Management Interface RT‐TO696RF is designed specifically to operate in conjunction with all RayTalk Hot Spot Wi‐Fi Access Point and Internet Subscriber Gateways. If you are not using default settings, before connecting RT‐TO696RF to your RayTalk Hot Spot Wi‐Fi Access Point and Internet Subscriber Gateways, some configurations steps are required. Go to the Web Management Interface (WMI) for RT‐TO696RF’s relevant configurations. The default values are: IP address: 192.168.1.10 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.254 Remember to set the TCP/IP settings of the computer you use with a static IP address that is under the same subnet as RT‐...
Page 150: Setting Up Rt-To696Rf With The Pos Printer
Internet Subscriber Gateway RT‐TO696RF offers ‘manual’ and ‘auto’ connection to uplink RayTalk Hot Spot Wi‐Fi Access Point or Internet Subscriber Gateway. The former implies that administrator would have to go on to RT‐TO696RF’s WMI, filling in necessary columns that are supposed to fit what is set up on the controller end. However, the auto connection – called Terminal Auto Setup (TAS) – is ...
Page 151: Terminal Auto Setup (Tas - Only Available On Rt-To696Rf)
Method 2: Wireless Connection Fill in Network Settings and Wireless Settings, click Save, and reboot the system. After RT‐TO696RF and the uplink device has successfully built up a connection, the Status indicator will blink with long illuminated intervals. Note: When wired connection is established, the wireless connectivity will be turned off by the system automatically, meaning wireless and wired connection will not co‐exist at any time. Wired connection has a higher priority. When the settings are done completely on the RayTalk Hot Spot Wi‐Fi Access Point or Internet Subscriber Gateway side, go to RT‐ TO696RF’s WMI and check if every uplink setting matches that on the controller. Terminal Auto Setup (TAS – Only available on RT‐TO696RF) TAS refers to an automatic connection mechanism that requires NO previous network settings. Just press the TAS button on RT‐TO696RF for three seconds, and it will automatically look for and associate to a suitable RayTalk Hot Spot Wi‐Fi Access Point or Internet Subscriber Gateway that supports this function. The TAS connection will rewrite the previous manual settings. You will see the Uplink page of the WMI grayed out as well as Status show that the system is in TAS mode. TAS process takes about thirty seconds for completion. Whether the connection succeeds or fail s the attempt, RT‐TO696RF will always have the printer print out if the connection is ‘successful’ or it ‘failed.’ Please make sure beforehand that the Ethernet ...
Page 152 For more information visit www.raytalk.com - info@raytalk.com RayTalk Industries S.r.l via N. di Galasso, 19 - Zona Ind.le Galazzano - 47899 Serravalle - Rep. di San Marino (RSM) Tel: 0549-901170 / Fax: 0549-900890 / Country code: +378 Copyright © RayTalk Industries. All rights reserved. Every object or process described in this document is owned by Industries RayTalk except as expressly discussed and referred to third parties.

RayTalk RA-696 User Manual

Quick Links

Need help?

Questions and answers

Related Manuals for RayTalk RA-696

Summary of Contents for RayTalk RA-696

Table of Contents