Nomadix AG 3100 User Manual
  1. Manuals
  2. Brands
  3. Nomadix Manuals
  4. Gateway
  5. AG 3100
  6. User manual

Nomadix AG 3100 User Manual

Access gateways
Hide thumbs Also See for AG 3100:
Table of Contents

Advertisement

Quick Links

AG 3100
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AG 3100 and is the answer not in the manual?

Questions and answers

Related Manuals for Nomadix AG 3100

Summary of Contents for Nomadix AG 3100

  • Page 1 AG 3100...
  • Page 2 AG 3100 Copyright © 2007 Nomadix, Inc. All Rights Reserved. This product also includes software developed by: The University of California, Berkeley and its contributors; Carnegie Mellon University, Copyright © 1998 by Carnegie Mellon University All Rights Reserved; Go Ahead Software, Inc., Copyright ©...
  • Page 3 AG 3100 Trademarks symbol, and Nomadix Service Engine™ are trademarks of Nomadix, Inc. All other trademarks and brand names are marks of their respective holders. Product Information Telephone: +1.818.597.1500 Fax: +1.818.597.1502 For technical support information, see the Appendix in this User’s Guide.
  • Page 4 AG 3100 Notifications This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
  • Page 5 AG 3100 CAUTION WARNING Read the instruction manual prior to operation. Risk of electric shock; do not open; no user-serviceable parts inside. ATTENTION AVERTISSEMENT Lire le mode d’emploi avant utilisation. Risque de choc electrique; ne pas ouvrir; ne pas tenter de demontre l’appareil.
  • Page 6 AG 3100 This page intentionally left blank.
  • Page 7 AG 3100 Copyright © 2007 Nomadix, Inc. All Rights Reserved. This product also includes software developed by: The University of California, Berkeley and its contributors; Carnegie Mellon University, Copyright © 1998 by Carnegie Mellon University All Rights Reserved; Go Ahead Software, Inc., Copyright ©...
  • Page 8 AG 3100 Trademarks symbol, and Nomadix Service Engine™ are trademarks of Nomadix, Inc. All other trademarks and brand names are marks of their respective holders. Product Information Telephone: +1.818.597.1500 Fax: +1.818.597.1502 For technical support information, see the Appendix in this User’s Guide.
  • Page 9 AG 3100 Notifications This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
  • Page 10 AG 3100 CAUTION WARNING Read the instruction manual prior to operation. Risk of electric shock; do not open; no user-serviceable parts inside. ATTENTION AVERTISSEMENT Lire le mode d’emploi avant utilisation. Risque de choc electrique; ne pas ouvrir; ne pas tenter de demontre l’appareil.
  • Page 11 AG 3100 This page intentionally left blank.

  • Page 12: Table Of Contents

    Table of Contents ......................i Introduction ........................1 About this User’s Guide......................1 Organization..........................1 Welcome to the AG 3100......................2 Product Configuration and Licensing ................2 Key Features and Benefits ......................3 Platform Reliability......................3 Local Content and Services ....................3 Transparent Connectivity ....................
  • Page 13 Assigning the Location Information and IP Addresses ............ 49 Logging Out and Powering Down the System ................ 52 Connecting the AG 3100 to the Customer’s Network............. 53 Establishing the Basic Configuration for Subscribers............. 54 Setting the DHCP Options ....................54...
  • Page 14 AG 3100 Archiving Your Configuration Settings.................. 58 Installing the Nomadix Private MIB..................58 Chapter 2: System Administration................59 Choosing a Remote Connection....................59 Using the Web Management Interface (WMI) ..............60 Using an SNMP Manager....................61 Using a Telnet Client ....................... 61 Logging In..........................
  • Page 15 AG 3100 Displaying the Host Table {Hosts} ................150 Displaying ICMP Statistics {ICMP} ................151 Displaying the Network Interfaces {Interfaces}............. 152 Displaying the IP Statistics {IP} ..................153 Viewing IPSec Tunnel Status {IPSec} ................153 Displaying the Routing Tables {Routing} ..............154 Displaying the Active IP Connections {Sockets} ............
  • Page 16 Adding Static Ports {Static Port-Mapping Add} ............236 Deleting Static Ports {Static Port-Mapping Delete} ............. 238 Blocking a Subscriber Interface {Subscriber Interfaces} ..........239 Updating the AG 3100 Firmware {Upgrade}..............239 Chapter 3: The Subscriber Interface ................. 241 Overview..........................241 Authorization and Billing......................
  • Page 17 Private Key Generation ....................282 Create a Certificate Signing Request (CSR) File ............284 Create a Public Key File (server.pem) ................286 Setting Up AG 3100 for SSL Secure Login ..............290 Setting Up the Portal Page .................... 290 Mirroring Billing Records..................... 291 Sending Billing Records....................

  • Page 18: Introduction

    This User’s Guide provides information and procedures that will enable system administrators to install, configure, manage, and use the Nomadix AG 3100 product successfully and efficiently. Use this guide to take full advantage of the AG 3100’s functionality and features. Organization This User’s Guide is organized into the following chapters:...

  • Page 19: Welcome To The Ag 3100

    The AG 3100 also offers a unique set of security and connectivity features for deploying wireless 802.11 networks. The AG 3100 yields a complete solution to a set of complex issues in the Enterprise, Public- LAN, and Residential segments.

  • Page 20: Key Features And Benefits

    Property Management System (PMS) and for system management and administration, while maintaining one billing relationship with their chosen provider. The AG 3100 enables a wide variety of network deployment options for different venue types. For example: Allows for flexible WAN Connectivity (T1/E1, Cable, xDSL, and ISDN).

  • Page 21: Transparent Connectivity

    AG 3100 Transparent Connectivity Resolving configuration conflicts is difficult and time consuming for network users who are constantly on the move, and costly to the solution provider. In fact, most users are reluctant to make changes to their computer’s network settings and won’t even bother. This fact alone has prevented the widespread deployment of broadband network services.

  • Page 22: Billing Enablement

    IP address type, or bandwidth. Access Control and Authentication The AG 3100 ensures that all traffic to the Internet is blocked until authentication has been completed, creating an additional level of security in the network. The AG 3100 also allows service providers to create their own unique “walled garden,”...

  • Page 23: 5-Step Service Branding

    AG 3100 5-Step Service Branding A network enabled with the Nomadix AG 3100 (or any other Nomadix Access Gateway) offers a 5-Step service branding methodology for service providers and their partners, comprising: Initial Flash Page branding. Initial Portal Page Redirect (Pre-Authentication). Typically, this is used to redirect the user to a venue-specific Welcome and Login page.

  • Page 24: Nse Core Functionality

    AG 3100 NSE Core Functionality Powering Nomadix’ family of Access Gateways, the Nomadix Service Engine (NSE) delivers a full range of features needed to successfully deploy Wi-Fi Public access networks. These “core” features solve issues of connectivity, security, billing, and roaming in a Wi-Fi Public access network.

  • Page 25: Access Control

    Session Rate Limiting (SRL) on page 20 Session Termination Redirect on page 20 Smart Client Support on page 21 SNMP Nomadix Private MIB on page 21 Tri-Mode Authentication on page 21 URL Filtering on page 22 Walled Garden on page 22...

  • Page 26: Bandwidth Management

    With the Nomadix Information and Control Console (ICC) feature enabled, subscribers can increase or decrease their own bandwidth dynamically (by the minute, or on an hourly, daily, weekly, or monthly basis), and also adjust the pricing plan for their service (see graphic).

  • Page 27: Command Line Interface

    The Command Line Interface (CLI) is a character-based user interface that can be accessed remotely or via a direct cable connection. Until your Nomadix product is up and running on the network, the CLI is the Network Administrator’s window to the system. Software upgrades can only be performed from the CLI.

  • Page 28: External Web Server Mode

    Take advantage of the comprehensive Nomadix XML API to implement more complex billing plans. Recycle existing Web page content for the centrally hosted portal page. If you choose to use the EWS interface, Nomadix Technical Support can provide you with sample scripts. See also, Contact Information on page 301.

  • Page 29: Inat

    AG 3100 iNAT™ Nomadix invented a new way of intelligently supporting multiple VPN connections to the same termination at the same time (iNAT™), thus solving a key problem of many Public access networks. Nomadix’ patent-pending iNAT™ (intelligent Network Address Translation) feature contains an advanced, real-time translation engine that analyzes all data packets being communicated between the private address realm and the public address realm.

  • Page 30: Information And Control Console

    AG 3100 Information and Control Console The Nomadix Information and Control Console (ICC) is a HTML-based pop-up window that is presented to subscribers with their Web browser. The ICC allows subscribers to select their bandwidth and billing options quickly and efficiently from a simple pull-down menu. For credit card accounts, the ICC displays a dynamic “time”...

  • Page 31: Internal Web Server

    AG 3100 Internal Web Server The NSE offers an embedded Internal Web Server (IWS) to deliver Web pages stored in flash memory. These Web pages are configurable by the system administrator by selecting various parameters to be displayed on the internal pages. When providers or HotSpot owners do not want to develop their own content, the IWS is the answer.

  • Page 32: Ip Upsell

    Information and Control Console on page MAC Filtering MAC Filtering enhances Nomadix' access control technology by allowing system administrators to block malicious users based on their MAC address. Up to 50 MAC addresses can be blocked at any one time. See also,...

  • Page 33: Ntp Support

    As part of the Portal Page Redirect feature, the NSE can send a defined set of parameters to the portal page redirection logic that allows an External Web Server to perform a redirection based AG 3100 ID and IP Address Origin Server...

  • Page 34: Radius-Driven Auto Configuration

    Once configured, this methodology can also be effectively used to centrally manage configuration profiles for all Nomadix devices in the public access network.

  • Page 35: Radius Proxy

    AG 3100 RADIUS Proxy The RADIUS Proxy feature relays authentication and accounting packets between the parties performing the authentication process. Different realms can be set up to directly channel RADIUS messages to the various RADIUS servers. This functionality can be effectively...

  • Page 36: Secure Management

    NSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption. Establishing the IPSec tunnel not only allows for the secure management of the Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on...

  • Page 37: Secure Socket Layer (Ssl)

    XML enables solution providers to customize and enhance their product installations. This feature allows the operator to use Nomadix' popular XML API using the built-in SSL certificate functionality in the NSE so that parameters passed between the Gateway and the centralized Web server are secured via SSL.

  • Page 38: Smart Client Support

    Adjungo Networks, Boingo Wireless, GRIC and iPass. SNMP Nomadix Private MIB Nomadix’ Access Gateways can be easily managed over the Internet with an SNMP client manager (for example, HP OpenView or Castle Rock). To take advantage of the functionality provided with Nomadix’ private MIB (Management...

  • Page 39: Url Filtering

    “Walled Garden” within the Internet where unauthenticated users can be granted or denied access to sites of your choosing. Web Management Interface Nomadix’ Access Gateways can be managed remotely via the built-in Web Management Interface where various levels of administration can be established. See also, Using the Web...

  • Page 40: Optional Nse Modules

    PMS system whenever a subscriber purchases Internet service and decides to post the charges to their room. Nomadix’ Access Gateways are equipped with a dedicated PMS port to facilitate connectivity with a customer’s Property Management System.

  • Page 41: Credit Card Module

    The optional High Availability Module offers enhanced network uptime and service availability when delivering high-quality Wi-Fi service by providing Fail-Over functionality. This module allows a secondary Nomadix Access Gateway to be placed in the network that can take over if the primary device fails, ensuring Wi-Fi service remains uninterrupted.

  • Page 42: Optional Standalone Application

    AG 3100 Optional Standalone Application The following supplemental application—delivered on a separate CD-ROM—are available from Nomadix: Meeting Room Scheduler (MRS) If you have purchased the NSE’s optional Hospitality Module, our Meeting Room Scheduler (MRS) application can further enhance your product’s integration into the hospitality environment.

  • Page 43: Network Architecture (Sample)

    AG 3100 Network Architecture (Sample) The AG 3100 can be deployed effectively in a variety of wireless and wired broadband environments where there are many users—usually mobile—who need high speed access to the Internet. The following example shows a potential Hospitality application:...

  • Page 44: Product Specifications

    AG 3100 Product Specifications Specifications ERFORMANCE User Support: Up to 200 users concurrently Throughput: 85 Mbits/s* *As defined by RFC1242, Section 3.17 OUNTING 1U rack space in a 19” rack PERATING OLTAGE 100 to 240 VAC , 50/60 Hz, Auto Sensing...
  • Page 45 AG 3100 Specifications LED I NDICATORS ACT/LINK and 10/100 for each Ethernet port Power ETWORK ANAGEMENT Multi-Level Administration Controls Integrated VPN Client (IPSec) for secure connection to an NOC Access Control Lists Web Administration UI CLI via Telnet and Serial Port...

  • Page 46: Online Help (Webhelp)

    WebHelp is best viewed using Internet Explorer, version 4.0 or higher. WebHelp is useful when you have an Internet connection to the AG 3100 and you want to access information quickly and efficiently. It contains all the information you will find in this User’s Guide.
  • Page 47 AG 3100 This page intentionally left blank. Introduction...

  • Page 48: Chapter 1: Installing The Ag 3100

    See also Installation Workflow on page Once you have installed your AG 3100 and established the configuration settings, you should write the settings to an archive file. If you ever experience problems with the system, your archived settings can be restored at any time. See...

  • Page 49: Unpacking The Ag 3100

    AG 3100 Unpacking the AG 3100 When you unpack the AG 3100, you will find the following items in the carton: Item AG 3100 module Cable – power cord (US or European) Cable – serial, DB9 female to DB9 female (6ft length) Null Modem (NM) Cable –...

  • Page 50: Installation Workflow

    Network Connect the AG 3100 to the customer’s network. Power up the AG 3100 and log in via a Telnet session or the Web Management Interface. Set the basic configuration parameters for subscribers. The AG 3100 is now ready for administrators to add, delete, or change unique subscriber profiles.

  • Page 51: Powering Up The System

    AG 3100 Powering Up the System Use this procedure to establish a direct cable connection between the AG 3100 and your laptop computer, and to power up the system. Place the AG 3100 on a flat and stable work surface.

  • Page 52: Logging In To The Command Line Interface

    AG 3100 Logging In to the Command Line Interface Use this procedure to initialize the system and log in to the AG 3100’s Command Line Interface (CLI). The character-based CLI is used at initial start-up. Start a HyperTerminal™ session to connect to the AG 3100. Use the following...
  • Page 53 AG 3100 Installing the AG 3100...

  • Page 54: The Management Interfaces (Cli And Web)

    Until the unit is installed on the customer’s network and a remote connection is established, the CLI is the administrator’s window to the system. This is where you establish all the AG 3100 start-up configuration parameters, depending on the customer’s network architecture.

  • Page 55: Making Menu Selections And Inputting Data With The Cli

    Enter key. The system does not accept data or commands until you hit the Enter key. Menu Organization (Web Management Interface) When you have successfully installed and configured the AG 3100 from the CLI, you can then access the AG 3100 from its embedded Web Management Interface (WMI). The WMI is easier to use (point and click) and includes some items not found in the CLI.
  • Page 56 AG 3100 Note: Your browser preferences or Internet options should be set to compare loaded pages with cached pages. Installing the AG 3100...

  • Page 57: Inputting Data - Maximum Character Lengths

    Location settings (all fields) Partner Image File Name Password (adding subscriber profiles) Port Description (finding ports by description) Redirection Frequency (in minutes) 2,147,483,647 (recommend 3600) Reservation Number Username (adding subscriber profiles) Valid SSL Certificate DNS Name Installing the AG 3100...

  • Page 58: Online Documentation And Help

    Help system Other online documentation resources, available from our corporate Web site (www.nomadix.com), include a full PDF version of this User’s Guide (viewable with Acrobat™ Reader, version 4.0 or higher), white papers, technical notes, and business cases. The PDF version of this User’s Guide and associated README files are also available on the “Accessories”...

  • Page 59: Quick Reference Guide

    When establishing the start-up configuration for a new installation, you are connected to the AG 3100 via a direct serial connection (you do not have remote access capability because the AG 3100 is not yet configured or connected to a network).

  • Page 60: Assigning Login User Names And Passwords

    AG 3100 uses to transmit data to the Internet. Assigning Login User Names and Passwords When you initially powered up the AG 3100 and logged in to the Management Interface, the default login user name and password you used was “admin.” The AG 3100 allows you to define 2 concurrent access levels to differentiate between managers and operators, where managers are permitted read/write access and operators are restricted to read access only.
  • Page 61 Enter new RADIUS remote test password: ***** Retype new RADIUS remote test password: ***** The RADIUS remote test login and password were changed You must use the new login user name(s) and password(s) to access the system. Installing the AG 3100...

  • Page 62: Setting The Snmp Parameters (Optional)

    AG 3100 Setting the SNMP Parameters (optional) You can address the AG 3100 using an SNMP client manager (for example, HP OpenView). SNMP is the standard protocol that regulates network management over the Internet. To do this, you must set up the SNMP communities and identifiers. For more information about...

  • Page 63: Enabling The Logging Options (Recommended)

    IP addresses. When system logging is enabled, the standard SYSLOG protocol (UDP) is used to send all message logs generated by the AG 3100 to the specified server. Enter (logging) at the Configuration menu.
  • Page 64 Enter Tracking number (0-7) [0]: Enter Tracking server IP [0.0.0.0]: 9.10.11.12 Enable/disable Tracking log save to file[disabled]: enable System log Enabled System log number System log filter System log server IP 8.9.10.11 System log Save to file Disabled Installing the AG 3100...
  • Page 65 System Report log Enabled System Report log number System Report log server IP 8.9.10.11 System Report log Save to file Disabled Tracking logging Enabled Tracking log number Tracking log server IP 8.9.10.11 Tracking log Save to file Disabled Installing the AG 3100...

  • Page 66: Assigning The Location Information And Ip Addresses

    IP address, the subscriber interface IP address, the subnet mask, and the default gateway IP address. All of these AG 3100 “location” parameters must be set up as part of the system’s start up configuration (otherwise the AG 3100 will not be “visible” on the network).
  • Page 67 AG 3100 After establishing all “Location” settings, you must reboot the AG 3100 for your changes to take effect. Sample Screen Response: Configuration>loc Please enter your company name [companyname]: newname Please enter your site name [sitename]: Coffee House Please enter your address <Line 1>...
  • Page 68 The system must be reset to function properly. Reboot? [yes/no]: y Your new settings are displayed and the AG 3100 reboots. When the system restarts, the Telnet interface is enabled (based on your new configuration settings which are saved to the AG 3100’s on-board flash memory).

  • Page 69: Logging Out And Powering Down The System

    AG 3100 Logging Out and Powering Down the System Use this procedure to log out and power down the AG 3100. Enter (logout) at the AG 3100 Menu. Your serial session closes automatically. Sample Screen Response: AG 3100>l Serial session 1 closing Turn off the AG 3100 and disconnect the power cord.

  • Page 70: Connecting The Ag 3100 To The Customer's Network

    AG 3100 Connecting the AG 3100 to the Customer’s Network Use this procedure to connect the AG 3100 to the customer’s network (after the start up configuration parameters have been established). Choose an appropriate physical location that allows a minimum clearance of 4cm either side of the unit (for adequate airflow).

  • Page 71: Establishing The Basic Configuration For Subscribers

    AG 3100, you can either enable the DHCP relay (routed to an external DHCP server IP address), or you can enable the AG 3100 to act as its own DHCP server. In both cases, DHCP functionality is necessary if you want to automatically assign IP addresses to subscribers.
  • Page 72 2 - Modify an IP Pool 3 - Remove an IP Pool 4 - Exit this menu Select the DHCP Pool configuration mode[0]: After setting up your DHCP options, the system must be rebooted for your changes to take effect. Installing the AG 3100...

  • Page 73: Setting The Dns Options

    “nomadix”). Enter a valid domain name (the Internet domain that DNS requests will utilize). Enter the host name (the DNS name of the AG 3100). The host name must not contain any spaces. After assigning the host name, the system requests IP addresses for the primary, secondary, and tertiary DNS servers (the default for the DNS primary address is 0.0.0.2).
  • Page 74 The system must be reset to function properly. Reboot? [yes/no]: y Domain newdomainname Host Name newhostname Primary DNS 20.21.22.23 Secondary DNS 21.22.23.24 Tertiary DNS 22.23.24.25 Rebooting ... The DNS options have been established. DNS will now convert subscriber browser URLs into the correct IP addresses automatically. Installing the AG 3100...

  • Page 75: Archiving Your Configuration Settings

    Import the nomadix.mib file into your SNMP client manager. Connect to the AG 3100 from a node on the network that is accessible via the AG 3100’s network port (Internet, LAN, etc.). Be sure to enable the SNMP daemon on the AG 3100 (available on the AG 3100’s CLI or Web Management Interface, under the Configuration...

  • Page 76: Chapter 2: System Administration

    System Menu on page 219 Choosing a Remote Connection Once installed and configured for the customer’s network, the AG 3100 can be managed and administered remotely with any of the following interface options: Using the Web Management Interface (WMI) on page 60 - Provides a powerful and flexible Web interface for network administrators.

  • Page 77: Using The Web Management Interface (Wmi)

    The Web Management Interface (WMI) is a “graphical” version of the Command Line Interface, comprised of HTML files. The HTML files are embedded in the AG 3100 and are dynamically linked to the system’s functional command sets. You can access the WMI from any Web browser.

  • Page 78: Using An Snmp Manager

    The following example shows a (partial) SNMP screen response. Using a Telnet Client There are many Telnet clients that you can use to connect with the AG 3100. Using Telnet provides a simple terminal emulation that allows you to see and interact with the AG 3100’s Command Line Interface (as if you were connected via the serial interface).

  • Page 79: Logging In

    AG 3100 Logging In To access the AG 3100’s Web Management Interface, use the Manager or Operator login user name and password you defined during the installation process (refer to Assigning Login User Names and Passwords on page 43). User names and passwords are case-sensitive.
  • Page 80 AG 3100 System Administration...
  • Page 81 AG 3100 to accept and process XML commands from an external source. XML commands are sent over the network to the AG 3100. The AG 3100 parses the query string, executes the commands specified by the string, and returns data to the system that initiated the command request.
  • Page 82 System administrators AAA Passthrough Port can set the AG 3100 to pass-through HTTPS traffic, in addition to standard port 80 traffic, without being redirected. When access to a non-HTTPS address (for example, a Search Engine or News site) has been requested, the subscriber is then redirected as usual.
  • Page 83 – The IWS is “flashed” into the system’s memory and the subscriber’s login page is served directly from the AG 3100. In this mode, the login page consists of a simple request for the subscriber’s ID (user name) and password.
  • Page 84 AG 3100 Enabling AAA Services with the Internal Web Server You are here because you want to enable the AAA Services with the AG 3100’s Internal Web Server. The AG 3100 maintains an internal database of authorized subscribers, based on their MAC (hardware address) and user name (if enabled).
  • Page 85 AG 3100). For assistance, contact Appendix A: Technical Support on page 301. You must reboot the AG 3100 every time you enable or disable SSL Support. If you want to designate a portal page, you must enable the Portal Page feature, otherwise leave this feature disabled.
  • Page 86 301. All data communications between the AG 3100 and the credit card server are encrypted by the SSL (Secure Sockets Layer) protocol. The AG 3100 never “sees” subscriber credit card numbers. Your product license key must support this feature.
  • Page 87 Enabling AAA Services with an External Web Server You are here because you want to enable the AAA Services with an External Web Server (EWS). In the EWS mode, the AG 3100 redirects the subscriber’s login request to an external server.
  • Page 88 AG 3100 You can assign a session idle timeout parameter for subscribers (see following note). To assign an idle timeout, simply enter a numeric value (in seconds) in the Subscriber Idle box (the default is 1200). Timeout Subscriber Idle Timeout does not apply to RADIUS and Post Pay PMS subscribers.

  • Page 89: Establishing Secure Administration {Access Control

    A login is permitted only to the interfaces that have not been blocked, and only if a match is made with the master “Source IP” list contained on the AG 3100. If a match is not made with the “Source IP list,” the login is denied, even if a correct login name and password are supplied.
  • Page 90 AG 3100 System Administration...
  • Page 91 Do not enable the blocking of all interfaces without setting up and enabling SNMP. Enabling the blocking of all interfaces and disabling SNMP will completely block access to the AG 3100 administration interface. For assistance, contact Nomadix Technical Support. Enable or disable subscriber-side interface blocking for any of the following interfaces Telnet Access: enables/disables blocking of Telnet access from the subscriber-side to the NSE Telnet interface.
  • Page 92 IP addresses to access the management interfaces. If you have changed the serial port to act as a PMS interface, please contact Nomadix technical support. In this case, refer to Contact Information on page 301.

  • Page 93: Defining Automatic Configuration Settings {Auto Configuration

    AG 3100 Defining Automatic Configuration Settings {Auto Configuration} The AG 3100 allows you to define parameters to enable the automatic configuration of the system. See also, RADIUS-driven Auto Configuration on page From the Web Management Interface, click on , then Configuration Auto Configuration.
  • Page 94 As shown in the diagram below, two subsequent events drive the automatic configuration of Nomadix devices: A flow of RADIUS Authentication Request and Reply messages between the Nomadix gateway and the centralized RADIUS server that specifies the location of the meta...
  • Page 95 Administrative Steps to Enable Auto-Config for the NOC Administrator: Add NAS IP address. Add Nomadix Auto-Config VSA to the Nomadix dictionary file on the RADIUS server. Create a RADIUS profile with the configuration VSA. Create an FTP server with the configuration files.

  • Page 96: Setting Up Bandwidth Management {Bandwidth Management

    AG 3100 Setting Up Bandwidth Management {Bandwidth Management} The AG 3100 allows system administrators to manage the bandwidth for subscribers, defined in Kbps (Kilobits per seconds) for both upstream and downstream data transmissions. With the ICC feature enabled, subscribers can increase or decrease their own bandwidth dynamically (by the minute, or on an hourly, daily, weekly, or monthly basis), and also adjust the pricing plan for their service.

  • Page 97: Establishing Billing Records "Mirroring" {Bill Record Mirroring

    AG 3100 can also send copies of billing records to predefined “carbon copy” servers. Additionally, if the primary and secondary servers are down, the AG 3100 can store up to 2,000 credit card transaction records. When a connection is re-established (with either server), the AG 3100 sends the stored information to the server—no records are lost!
  • Page 98 Primary IP Secret Key The AG 3100 and the “mirror” servers must use the same secret key. Repeat Step 4 for the secondary server (if any) and all carbon copy servers. Define the “fail-safe” provisions, including: Retransmit Method – Alternate, or do not alternate.

  • Page 99: Managing The Dhcp Service Options {Dhcp

    AG 3100, you can either enable the DHCP relay (routed to an external DHCP server IP address), or you can enable the AG 3100 to act as its own DHCP server. In both cases, DHCP functionality is necessary if you want to automatically assign IP addresses to subscribers.
  • Page 100 By default, the AG 3100 is configured to act as its own DHCP server and the relay feature is disabled. If you want the AG 3100 to act as its own DHCP server, do not enable the relay. Go directly to Step 8.
  • Page 101 AG 3100 If you want to add a new DHCP Pool, click on the button. The Add DHCP Pools screen appears: Enter a valid address for the DHCP server. DHCP Server IP Enter the DHCP Server Netmask Enter the starting and ending IP addresses for the DHCP address pool you want to use:...
  • Page 102 AG 3100 Select Public Pool Private Pool , as required. A “public” IP address will not be translated by DAT. If required, make this an and/or the by checking the IP Upsell Pool Default Pool appropriate boxes. Do not allow pools to overlap.

  • Page 103: Managing The Dns Options {Dns

    DNS allows subscribers to enter meaningful URLs into their browsers (instead of complicated numeric IP addresses) by automatically converting the URLs into the correct IP addresses. You can assign a primary, secondary, or tertiary (third) DNS server. The AG 3100 utilizes whichever server is currently available.
  • Page 104 AG 3100 Enter the IP addresses for the DNS servers (located at the customer’s network operating center where DNS requests are sent). Servers include: Primary DNS Server Secondary DNS Server Tertiary DNS Sever The secondary and tertiary DNS servers are only utilized if the primary DNS server is unavailable.

  • Page 105: Managing The Dynamic Dns Options {Dynamic Dns

    AG 3100 Managing the Dynamic DNS Options {Dynamic DNS} These settings can be accessed under the following menus: WMI Configuration Go to Configuration->Dynamic DNS CLI Configuration Go to Configuration->dyndns Go to Configuration->dyndns->configure for configurations System Administration...
  • Page 106 AG 3100 Enable Checkbox This is the checkbox to enable or disable the Dynamic DNS functionality. Provider Information This is to specify provider details. Currently only dyndns.org is supported. Protocol the vendor supports Server and Port to which the client sends updates to the DDNS server.

  • Page 107: Gre Tunneling {Gre Tunneling

    AG 3100 GRE Tunneling {Gre Tunneling} Use the following procedure to set the GRE Tunneling options. From the Web Management Interface, click , then . The GRE Configuration Gre Tuneling Tuneling screen appears: Click the checkbox for GRE Tunneling to enable this feature.

  • Page 108: Setting The Home Page Redirection Options {Home Page Redirect

    If required, click on the check box for Parameter Passing Parameter passing allows the AG 3100 to track a subscriber’s initial Web request (usually their home page) and pass the information on to the solution provider. The solution provider uses this information to ensure that the subscriber can return to their home page easily.

  • Page 109: Enabling Intelligent Address Translation (Inat)

    Our patent-pending iNAT™ feature contains an advanced, real-time translation engine that analyzes all data packets being communicated between the private and public address domains. The Nomadix iNAT engine performs a defined mode of network address translation based on packet type and protocol (for example, GRE, IKE etc…).

  • Page 110: Defining Ipsec Tunnel Settings {Ipsec

    AG 3100 Defining IPSec Tunnel Settings {IPSec} From the Web Management Interface, click on Configuration, then IPSec (You can also access IPSec from the CLI by going to Configuration->IPSec to configure settings, and Network Info->IPSec to view IPSec Tunnel status.)
  • Page 111 AG 3100 IPSec Configuration Enable/disable with checkbox but requires a reboot Click on Add button in the Peers and Security Policy (SP) tables to add an entry. Peer IP addresses in Peers and SP tables are links to the configured policies.
  • Page 112 AG 3100 IPSec Tunnel Peers Tunnel Peer • IP address of peer Peer Authentication Method Choice of Pre-shared key or X.509 certificates Enter the Pre-shared Key in the Shared Key text field if Pre-shared Key is selected Enter the filename of the private and public certificates if X.509 is selected. Note: files must exist on flash first.
  • Page 113 AG 3100 System Administration...
  • Page 114 AG 3100 IPSec Tunnel Security Policies Tunnel Peer IP Address Select a Peer IP Address from the pull-down menu with which this security association is to be established. Must select a Peer if the policy is using ESP or AH.
  • Page 115 AG 3100 Security Parameters Choice of Discard, Bypass, ESP, or AH. Discard/Bypass => a select direction type ESP only => select all acceptable encryption algorithms ESP/AH => select all acceptable authentication algorithms Perfect Forward Secrecy Strength Maximum Lifetime Maximum Life size...

  • Page 116: Establishing Your Location {Location

    AG 3100 Establishing Your Location {Location} This command sets up your location and the corresponding IP addresses for the network interface, subscriber interface, subnet, and default gateway. You *must* provide your full location information. From the Web Management Interface, click on...
  • Page 117 You may lose your connection if you change the IP settings incorrectly (using invalid IP addresses). If you “misconfigure” the AG 3100 and network connectivity is lost, you can still access the AG 3100 from the Command Line Interface (CLI) via a direct serial connection. In this case, refer to:...
  • Page 118 AG 3100 is located. Enter a valid default gateway IP address in the field. Default Gateway The default gateway is the IP address of the router that the AG 3100 uses to transmit data to the Internet. System Administration...
  • Page 119 AG 3100 When finished, you must reboot the system for the new settings to take effect. Click on the check box for Reboot after changes are saved? to reboot the system after saving your changes. Click on the button to save your changes and reboot the system, or click on the Submit button if you want to reset all the values to their previous state.

  • Page 120: Managing The Log Options {Logging

    AG 3100 Managing the Log Options {Logging} System logging creates log files and error messages generated at the system level. AAA logging creates activity log files for the AAA (Authorization, Authentication, and Accounting) functions. You can enable either of these options.
  • Page 121 AG 3100 System Administration...
  • Page 122 When system logging is enabled, the standard SYSLOG protocol (UDP) is used to send all message logs generated by the AG 3100 to the specified SYSLOG server. Enter a unique number (between 0 and 7) in the field.
  • Page 123 There are IN and OUT messages for the beginning and ending of each session. Examples: INFO [AG 3100 v2.4.113] LI : IN-->: THU JUN 23 11:43:58 2007 | testlab | S(192.168.2.4/3444), D(66.163.175.128/80), X(67.130.149.4/5004), non-proxy , 00:90:27:78:81:00, RADIUS, IPASS/0U0000 INFO [AG 3100 v2.4.113] LI : OUT-->: THU JUN 23 11:44:01 2007 | testlab |...
  • Page 124 AG 3100 PageFaults are stored in the file named “lograw.txt” in the /flash directory and is not viewable on the web management interface. Click on the button to save your changes, or click on the button if you want Submit Reset to reset all the values to their previous state.

  • Page 125: Enabling Mac Authentication {Mac Authentication

    AG 3100 Enabling MAC Authentication {MAC Authentication} These settings can be accessed under the following menus: WMI Configuration Go to Configuration->MAC authentication CLI Configuration Go to configuration->macauth SNMP Configuration Go to nse->aaa.aaaMacAuth (enterprises.3309.1.x.2.28) for MAC-based Authentication configuration branch System Administration...
  • Page 126 AG 3100 MAC Authentication Checkbox This checkbox enables/disables the MAC-based Authentication functionality. It is disabled by default. Retry Frequency in seconds This is the time in seconds to wait after an unsuccessful MAC authentication attempt to initiate another request. The minimum and default value is 10 seconds.

  • Page 127: Enabling The Meeting Room Scheduler {Meeting Room Scheduler

    Submit Reset to reset all the values to their previous state. For detailed information about installing, configuring, and using the NOMADIX™ Meeting Room Scheduler application, refer to the following documentation: Meeting Room Scheduler User’s Guide (P/N 200-1007-001) Click on the...

  • Page 128: Assigning Passthrough Addresses (Passthrough Addresses)

    AG 3100 Assigning Passthrough Addresses (Passthrough Addresses) The AG 3100 allows up to 300 IP passthrough addresses and DNS names. This feature allows users to “pass through” the AG 3100 and access predetermined services (for example, the redirected home page) at the solution provider’s discretion, even though they may not have subscribed to the broadband Internet service.

  • Page 129: Assigning A Pms Service {Pms

    PMS, the AG 3100 can post charges for Internet access directly to a guest’s hotel bill. In this case, the guest is billed only once. The AG 3100 outputs a call accounting record to the PMS system whenever a subscriber purchases Internet service and decides to post the charges to their room.
  • Page 130 AG 3100 Supported PMS interfaces include: Lodging Link (PTI) Holodex (AutoClerk) HOBIC (OSPS, TSPS, 1BT2, TEST, RSI) Galaxy (Post Only) Marriot NH (post-paid only) Micros Fidelio (Query & Post, Post Only, and Post Only with TCP/IP) Micros (1700/2000/3700/4700/8700 System Software Emulation)
  • Page 131 AG 3100 From the Web Management Interface, click on , then The Property Configuration PMS. Management System Settings screen appears: System Administration...
  • Page 132 If the “Skip First Char in Last Name” feature is enabled, the space is reserved for purposes other than the first character of the last name, so the AG 3100 will skip the first space in the last name field for name verification. System Administration...
  • Page 133 Reset Based on the HOBIC interface standards, Nomadix, Inc. has also certified interoperability with a number of other PMS and call accounting solutions such as Ramesys’ ImagInn, Xeta Virtual XL, and Hilton’s proprietary standard OnQ.

  • Page 134: Setting Up Port Locations {Port-Location

    AG 3100 Setting Up Port Locations {Port-Location} Port-Location allows you to establish the mode of operation for devices. From the Web Management Interface, click on Configuration , then Port-Location. Port-Location Settings screen appears: System Administration...
  • Page 135 If you enabled In Room Port Mapping, you must assign a . You Username Password will need these when you perform port mapping from the subscriber side of the AG 3100. Go to In Room Port Mapping on page 120 to map rooms from the subscriber side of the AG 3100.
  • Page 136 AG 3100 These options enable an SNMP query to “ask” the access concentration device which card, slot, or port the information is coming from. The information can then be “sent to” and “billed by” the PMS. You must enter the IP address (not name), SNMP community, and SNMP query duration (maximum time it takes to detect subscriber migration) of all access concentrators connected to the site.
  • Page 137 This section shows In Room Port Mapping from the subscriber side, when the In Room Port Mapping feature is enabled. AG 3100 multiple VLAN tagged systems can use the same tags and be placed on different Subscriber ports. Although it is technically possible to place two different VLAN tagged switches (one on each Subscriber side) that have the same VLAN tags designated, this configuration can cause problems.
  • Page 138 AG 3100 Enter your user name and password, then click on the button. The In Room Port Mapping screen appears: Enter the room number and a description for this room. Select the access mode you want to assign to this room:...

  • Page 139: Defining The Radius Client Settings {Radius Client

    AG 3100 Defining the RADIUS Client Settings {RADIUS Client} The AG 3100 supports Remote Authentication Dial-In User Service (RADIUS). RADIUS is an authentication and accounting system used by many Internet Service Providers. The “Usernames” function must be enabled for a RADIUS login. See also,...
  • Page 140 AG 3100 For additional RADIUS information, see also: Defining the RADIUS Proxy Settings {RADIUS Proxy} on page 126 Defining the Realm-Based Routing Settings {Realm-Based Routing} on page 129 RADIUS Attributes on page 269 From the Web Management Interface, click on...
  • Page 141 Default User Idle Timeout before the subscriber’s session times out and they must login again. The AG 3100 can reauthenticate “repeat” subscribers who return to the system within 720 hours. To enable this feature, click on the check box for...
  • Page 142 (if you want the system to display a post session “goodbye” page). The “goodbye” page can be defined as a RADIUS VSA or be driven by the AG 3100’s Internal Web Server (IWS). If required, check the box for . To enable the default 802.1q Enable WAN 802.1q Attribute...

  • Page 143: Defining The Radius Proxy Settings {Radius Proxy

    AG 3100 Defining the RADIUS Proxy Settings {RADIUS Proxy} A RADIUS Proxy allows the NSE to relay authentication and accounting packets between the parties performing the authentication process. Different realms can be set up to directly channel RADIUS messages to the various RADIUS servers.
  • Page 144 Adding an Upstream RADIUS NAS If you want to add a new Upstream RADIUS NAS (for example, an 802.11 Access Point on the subscriber side of the AG 3100)., click on the button. The Add Upstream RADIUS NAS screen appears: To make this entry the “active”...
  • Page 145 AG 3100 Click on the button to add this Upstream RADIUS NAS definition, then click on the Back to Main RADIUS Proxy Settings page link to return to the RADIUS Proxy Settings screen. The Upstream RADIUS NAS definition you just added appears in the list. You can add up to 10 definitions.

  • Page 146: Defining The Realm-Based Routing Settings {Realm-Based Routing

    AG 3100 Defining the Realm-Based Routing Settings {Realm-Based Routing} Use this procedure when setting up RADIUS Service Profiles (up to 10) and Realm-based Routing Policies (up to 50). For additional RADIUS information, see also: Defining the RADIUS Client Settings {RADIUS Client} on page 122...
  • Page 147 AG 3100 Define RADIUS Service Profiles RADIUS service profiles are used to direct username access requests for both plain RADIUS users and users who supply realm/domain in their username. In response to a RADIUS access request, these RADIUS servers will return the L2TP tunnel parameters which the NSE will use to establish an L2TP tunnel.
  • Page 148 The secret key is a valuable and necessary security measure. The AG 3100 and the RADIUS servers must use the same secret key. Repeat Steps 2 through 4 for the secondary RADIUS authentication server (if used).
  • Page 149 AG 3100 Retransmission Options This category requires you to define the data retransmission method (failover or round-robin), the retransmission frequency, and how many retransmissions the system should attempt. Select the (Failover or Round Robin). Retransmission Method Enter a value for the time (in seconds) in the field.
  • Page 150 AG 3100 Define Realm Routing Policies Realm routing policies are used to determine how supplied username/password input is used to authenticate users. Create a realm routing policy for each realm that will be handled. The realm routing policy will reference either a RADIUS service profile or a tunnel profile. Many different realm routing policies can reference the same RADIUS service or tunnel profile.
  • Page 151 AG 3100 To define a specific realm, choose the option and enter the destination in Specific Realm Realm Name field. Alternatively, you can choose the Wildcard match option, then define your search options: Prefix match only Suffix match only Match either Select the required from the pull-down menu.
  • Page 152 AG 3100 System Administration...
  • Page 153 AG 3100 The following screen shows a realm routing policy that handles suffix-based usernames using a tunnel profile. This differences in this example are that the realm name is “tcisp.com”, “Suffix match only” is enabled (the delimiter in this case is “@”), and a tunnel profile, “LNSOne”, is selected instead of a RADIUS service profile.
  • Page 154 AG 3100 The “Local hostname” field is also blank is this example which means that the NSE will use the default value of “usg_lac” during tunnel negotiation. Configure RADIUS Client The NSE RADIUS client must be setup for realm-based routing mode since realm information will be used by the NSE’s L2TP tunnel feature to determine how to handle usernames that...

  • Page 155: Managing Smtp Redirection {Smtp

    Managing SMTP Redirection {SMTP} When SMTP redirection is enabled (for misconfigured or properly configured subscribers), the AG 3100 redirects the subscriber’s E-mail through a dedicated SMTP server, including SMTP servers which support login authentication. To the subscriber, sending and receiving E-mail is as easy as it’s always been.

  • Page 156: Managing The Snmp Communities {Snmp

    AG 3100 Managing the SNMP Communities {SNMP} You can address the AG 3100 using an SNMP client manager (for example, HP OpenView). SNMP is the standard protocol that regulates network management over the Internet. To do this, you must set up the SNMP communities and identifiers. For more information about...
  • Page 157 Submit Reset button if you want to reset all the values to their previous state. You can now use your SNMP client to manage the AG 3100 via the Internet. System Administration...

  • Page 158: Enabling Dynamic Multiple Subnet Support (Subnets)

    AG 3100 Enabling Dynamic Multiple Subnet Support (Subnets) Nomadix’ dynamic multiple subnet support allows you to create flexible and cost-effective IP pool solutions to meet the demands of complex networks in large residential and public access networks. For example: Establish a maximum of 15 different DHCP pools for routable IP addresses at the same time.
  • Page 159 (Public Subnets Settings). To edit the “Current Public DHCP Subnets” table, go to Managing the DHCP Service Options {DHCP} on page For additional information about the multiple subnet feature, go to Contact Information on page 301 for Nomadix Technical Support. System Administration...

  • Page 160: Displaying Your Configuration Settings {Summary

    AG 3100 Displaying Your Configuration Settings {Summary} You can display a summary listing of all your current Configuration settings. To view the summary listing, go to the Web Management Interface, click on Configuration then click on Summary. The Summary of Configuration Settings screen appears (partial screen shown here): More listings ...

  • Page 161: Setting The System Date And Time {Time

    After entering new data for the final parameter (minutes), the system writes the information into its BIOS, then displays the new date and time. The AG 3100 also allows you to enter a “Time offset from UTC.” This parameter is the Universal Coordinated...

  • Page 162: Setting Up Url Filtering {Url Filtering

    AG 3100 Setting Up URL Filtering {URL Filtering} The AG 3100 can restrict access to specified Web sites based on URLs defined by the system administrator. URL filtering will block access to a list of sites and/or domains entered by the administrator using the following three methods: Host IP address (for example, 1.2.3.4)

  • Page 163: Enabling Secure Management {Vpn Tunnel

    NSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption. Establishing the IPSec tunnel not only allows for the secure management of the Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on...
  • Page 164 This procedure allows system administrators to establish the peer-to-peer IPSec connection. Basic IPSec parameters must be entered by the system administrator to successfully establish the VPN session. We recommend that you create different private subnets behind the VPN termination device and the AG 3100. System Administration...

  • Page 165: Network Info Menu

    AG 3100 Network Info Menu Displaying ARP Table Entries {ARP} You can display a table that shows the current status of the ARP (Address Resolution Protocol) assignments. ARP is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address.

  • Page 166: Displaying Dat Sessions {Dat

    AG 3100 Displaying DAT Sessions {DAT} The AG 3100 provides “plug-and-play” access to subscribers who are misconfigured with static (permanent) IP addresses, or subscribers that do not have DHCP functionality on their computers. Dynamic Address Translation (DAT) allows all users to obtain network access, regardless of their computer’s network settings.

  • Page 167: Displaying The Host Table {Hosts

    AG 3100 Displaying the Host Table {Hosts} You can display a table which lists the hosts that are currently configured. This table includes the assigned host names, their corresponding IP addresses, and any aliases that may be assigned to each host. Hosts provide services to other computers that are linked to it by a network.

  • Page 168: Displaying Icmp Statistics {Icmp

    AG 3100 Displaying ICMP Statistics {ICMP} You can display the current ICMP (Internet Control Message Protocol) statistics. ICMP is a standard Internet protocol that delivers error and control messages from hosts to message requestors. These statistics are presented as a listing which details the current status of each ICMP transmission element.

  • Page 169: Displaying The Network Interfaces {Interfaces

    AG 3100 Displaying the Network Interfaces {Interfaces} You can display the network interfaces which are presented as a detailed listing of all interface communication elements and their current status. To view the Network Interfaces, go to the Web Management Interface, click on...

  • Page 170: Displaying The Ip Statistics {Ip

    AG 3100 Displaying the IP Statistics {IP} You can display the IP (Internet Protocol) statistics which are presented as a detailed listing of all IP elements and their current status. With IP transmissions, data is broken up into packets which are then sent over the network. By using IP addressing, Internet Protocol ensures that the data reaches its destination, even though different packets may “pass through”...

  • Page 171: Displaying The Routing Tables {Routing

    AG 3100 Displaying the Routing Tables {Routing} You can display the current Routing Tables, including any dynamically generated routes, unreachable routes, or wildcard routes. To view the Routing Tables, go to the Web Management Interface, click on , then Network Info click on Routing.

  • Page 172: Displaying The Active Ip Connections {Sockets

    AG 3100 Displaying the Active IP Connections {Sockets} You can display a table which provides a detailed listing of all currently active IP (Internet Protocol) connections. To view the Socket Table, go to the Web Management Interface, click on , then...

  • Page 173: Displaying The Static Port Mapping Table {Static Port-Mapping

    AG 3100 Displaying the Static Port Mapping Table {Static Port-Mapping} You can display a table which provides a detailed listing of the currently active static port mapping scheme. To view the Static Port-Mapping Table, go to the Web Management Interface, click on...

  • Page 174: Displaying Tcp Statistics {Tcp

    AG 3100 Displaying TCP Statistics {TCP} You can display the TCP (Transmission Control Protocol) statistics which are presented as a detailed listing of all TCP elements and their current status. TCP is a standard protocol that manages data transmissions across networks.

  • Page 175: Displaying Udp Statistics {Udp

    AG 3100 Displaying UDP Statistics {UDP} You can display the UDP (User Datagram Protocol) statistics which are presented as a detailed listing of all UDP elements and their current status. UDP is an Internet standard transport layer protocol. It is a connectionless protocol which adds a level of reliability and multiplexing to the Internet Protocol (IP).

  • Page 176: Port-Location Menu

    AG 3100 Port-Location Menu The Port Location capabilities on the NSE have been enhanced. It is now possible to define a policy on a port. The billing methods (RADIUS, Credit Card, PMS, L2TP Tunneling) and the billing plans available on each port can now be individually configured.

  • Page 177: Adding And Updating Port-Location Assignments {Add

    There may even be multiple ports assigned to a single room or location. The AG 3100 uses a port-location authorization table to manage the assigned ports and ensure accurate billing for the services used by a particular port.
  • Page 178 AG 3100 Enter a location identifier in the Location field. Locations can be assigned as an alpha, numeric, or alpha-numeric value unless a PMS interface is used (see note). If you are using a PMS interface, ensure that the "Location" field consists only of numbers (no alpha characters or symbols).
  • Page 179 AG 3100 Please note that while it is possible to set the value of a per-port configuration parameter independently of the value of the corresponding global parameter, the feature itself is disabled for a port unless both the per-port and global parameters are set to enabled. Thus: RADIUS authentication for a port is enabled only if the RADIUS Client is globally enabled AND the per-port enable RADIUS billing parameter is set.

  • Page 180: Deleting All Port-Location Assignments {Delete All

    AG 3100 Deleting All Port-Location Assignments {Delete All} This procedure shows you how to delete all port-location assignments. The AG 3100 displays a warning and prompts you to confirm this action before deleting all the port-locations currently assigned in the system.

  • Page 181: Deleting Port-Location Assignments By Location {Delete By Location

    This procedure shows you how to delete a port-location assignment, based on its location. The AG 3100 prompts you to confirm this action before deleting the requested port-location. If you are unsure which port-locations are currently mapped to the system, you...

  • Page 182: Deleting Port-Location Assignments By Port {Delete By Port

    AG 3100 Deleting Port-Location Assignments by Port {Delete by Port} This procedure shows you how to delete a port-location assignment, based on its port. The AG 3100 prompts you to confirm this action before deleting the requested port-location. If you are unsure which port-locations are currently mapped to the system, you...

  • Page 183: Exporting Port-Location Assignments {Export

    “location.txt” file. The location.txt file is stored in: /flash/location.txt (resident in the AG 3100’s flash memory). Exporting your current port-location assignments to the AG 3100’s flash memory will overwrite the existing location.txt file. From the Web Management Interface, click on...

  • Page 184: Finding Port-Location Assignments By Description {Find By Description

    AG 3100 Finding Port-Location Assignments by Description {Find by Description} This procedure shows you how to find a port-location assignment, based on its description. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their location or port.

  • Page 185: Finding Port-Location Assignments By Location {Find By Location

    AG 3100 Finding Port-Location Assignments by Location {Find by Location} This procedure shows you how to find a port-location assignment, based on its location. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their description or port.

  • Page 186: Finding Port-Location Assignments By Port {Find By Port

    AG 3100 Finding Port-Location Assignments by Port {Find by Port} This procedure shows you how to find a port-location assignment, based on its location. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their description or location.

  • Page 187: Importing Port-Location Assignments {Import

    Importing Port-Location Assignments {Import} This procedure shows you how to import port-location assignments from the “location.txt” file. The location.txt file is stored in: /flash/location.txt (resident in the AG 3100’s flash memory). If you have never exported port-location assignments (since installing the AG 3100 at this site), the location.txt is empty.
  • Page 188 You can click on the “View location.txt” link if you want to view the current contents of the file. Creating a “location.txt” File You can create your own “location.txt” file and upload the file to the AG 3100’s flash memory at [IP address]/flash/location.txt. Use the following format when creating the file: “1”,1,00:00:00:00:00:00,0.0.0.0,0, “Room 101”...

  • Page 189: Displaying The Port-Location Mappings {List

    AG 3100 Displaying the Port-Location Mappings {List} You can display a listing of all port-locations assigned to this system. To view the listing of port-location assignments, go to the Web Management Interface, click on , then click on The List Port-Location Assignments screen appears: Network Info List.

  • Page 190: Subscriber Administration Menu

    Subscriber Administration Menu Adding Subscriber Profiles {Add} AAA Services must be enabled before you can add a subscriber profile into the AG 3100’s internal authorization database. Refer to, Defining the AAA Services {AAA} on page This procedure shows you how to add subscriber profiles into a table of authorized users. Use this procedure when the credit card service option is disabled and the solution provider wants to limit access to pre-qualified users only.
  • Page 191 AG 3100 From the Web Management Interface, click on , then Subscriber Administration Add. The Add a Subscriber Profile to the Database screen appears: Choose for this profile. Subscriber Device Define the DHCP Address Type: (only used when the IP Upsell feature...
  • Page 192 AG 3100 Enter the IP Address of the subscriber. Enter a valid address for this subscriber. Subnet In the field, enter a user name for this subscriber. If you entered a MAC Username address and you do not want to assign a user name, skip Step 9 (password).

  • Page 193: Displaying Current Subscriber Connections {Current

    AG 3100 Displaying Current Subscriber Connections {Current} You can display a listing of all the subscribers currently connected to the system. The list includes the MAC addresses of the subscribers, their active state, the individual expiration times, port numbers (if assigned), and the number of bytes that have been passed from the subscriber to the Internet.

  • Page 194: Deleting Subscriber Profiles By Mac Address {Delete By Mac

    AG 3100 Deleting Subscriber Profiles by MAC Address {Delete by MAC} This procedure shows you how to delete a subscriber profile from the AG 3100’s database of authorized subscribers, based on the profile’s MAC address. To see a current listing of the subscriber database, sorted by MAC addresses, go Listing Subscriber Profiles by MAC Address {List by MAC} on page 183.

  • Page 195: Deleting Subscriber Profiles By User Name {Delete By User

    AG 3100 Deleting Subscriber Profiles by User Name {Delete by User} This procedure shows you how to delete a subscriber profile from the AG 3100’s database of authorized subscribers, based on the profile’s user name. To see a current listing of the subscriber database, sorted by user name, go to Listing Subscriber Profiles by User Name {List by User} on page 184.

  • Page 196: Displaying The Currently Allocated Dhcp Leases {Dhcp Leases

    , then click on Subscriber Administration DHCP Leases. To utilize this feature, your AG 3100 must be set to act as its own DHCP Server. The DHCP function cannot be set to DHCP Relay. Refer to Managing the DHCP Service Options {DHCP} on page...

  • Page 197: Deleting All Expired Subscriber Profiles {Expired

    AG 3100 Deleting All Expired Subscriber Profiles {Expired} This procedure shows you how to delete all expired subscriber profiles from the AG 3100’s database of authorized subscribers. Use this procedure when you want to “clean up” the subscriber database. From the Web Management Interface, click on...

  • Page 198: Finding Subscriber Profiles By Mac Address {Find By Mac

    AG 3100 Finding Subscriber Profiles by MAC Address {Find by MAC} This procedure shows you how to find a subscriber profile from the AG 3100’s database of authorized subscribers, based on the profile’s MAC address. Use this procedure when you want to see the statistics corresponding to the MAC address.

  • Page 199: Finding Subscriber Profiles By User Name {Find By User

    Finding Subscriber Profiles by User Name {Find by User} This procedure shows you how to find a subscriber profile from the AG 3100’s database of authorized subscribers, based on the profile’s user name. Use this procedure when you want to see the statistics corresponding to the user name.

  • Page 200: Listing Subscriber Profiles By Mac Address {List By Mac

    AG 3100 Listing Subscriber Profiles by MAC Address {List by MAC} You can display the currently active database of authorized subscribers, based on MAC addresses. To view the list of Authorized Subscriber Profiles, go to the Web Management Interface, click...

  • Page 201: Listing Subscriber Profiles By User Name {List By User

    AG 3100 Listing Subscriber Profiles by User Name {List by User} You can display the currently active database of authorized subscribers, based on user names. You can display the currently active database of authorized subscribers, based on their user names.

  • Page 202: Radius Proxy Accounting Logs {Radius Session History

    AG 3100 RADIUS Proxy Accounting Logs {RADIUS Session History} These settings are available under Subscriber Administration/RADIUS Session History menu. Enable Logfile checkbox When this setting is enabled any RADIUS proxy accounting messages sent or received by the RADIUS proxy application are logged into a file named “RADHIST.RAD” in the /flash directory.

  • Page 203: Displaying Current Profiles And Connections {Statistics

    AG 3100 Displaying Current Profiles and Connections {Statistics} You can view the total number of profiles and connections currently stored in the AG 3100’s database of authorized subscribers. The displayed list includes the number of subscribers currently in the database (Current Table) and a numerical breakdown of how the subscribers can utilize the system (for example, free access, credit card, etc.).

  • Page 204: Subscriber Interface Menu

    Plan C: 1 week, 1Mbit/s downstream, 1Mbit/s upstream, public IP address, $99 charge. In addition to credit card billing, Property Management Systems used by hotels are also supported along with the internal data base of the AG 3100 and billing via Nomadix' secure XML API. See also, Assigning a PMS Service {PMS} on page 112 (see following note).
  • Page 205 AG 3100 System Administration...
  • Page 206 AG 3100 Review the billing plans (normal plans and X over Y plans) that are currently active. To view or edit a billing plan, simply click on the button opposite the View/Edit/Delete corresponding plan. The Internal Billing Options Plan Setup or Internal Billing Options XoverY Plan Setup screen appears for the billing plan (and type) you selected (see next page for sample of X over Y plan setup screen).
  • Page 207 AG 3100 Sample of Internal Billing Options XoverY Plan Setup Screen System Administration...
  • Page 208 Time Unit One time unit is assigned to each billing plan. The AG 3100 allows you to define multiple billing plans with different time units at the same time. For example, you can define one billing plan that changes by the hour (e.g.
  • Page 209 AG 3100 Define the messages you want to present to subscribers, including: Introduction Message Offer Message Policy Message Define the Units of Access (Minute, Hour, Day, Week, or Month) you want to make available to subscribers. If you want to allow free access to subscribers, you can define the following free billing...
  • Page 210 AG 3100 Define the DHCP Pool (public or private) -- see following note. The “public” option requires IP Upsell to be turned on, otherwise subscribers will receive private IP addresses. Click on the button to save your changes and establish this billing plan.

  • Page 211: Setting Up The Information And Control Console {Icc Setup

    AG 3100 Setting Up the Information and Control Console {ICC Setup} The Nomadix Information and Control Console (ICC) is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing plan options quickly and efficiently, and displays a dynamic “time” field to inform them of the time remaining on their account.
  • Page 212 AG 3100 From the Web Management Interface, click on Subscriber Interface , then ICC Setup The ICC Setup screen appears: System Administration...
  • Page 213 If you enabled either of the ICC pop-up options, you can choose a unique name for the console. Simply type a meaningful name in the Title field. Define the physical location where you want the Nomadix Logout Console to appear on the subscriber’s screen. Choose one of the following options: Upper Left Corner...
  • Page 214 When assigning images for buttons, refer to: Pixel Sizes on page 199. If you assign (or change) button images or banner images, the AG 3100 must be rebooted for your changes to take effect. When you have completed assigning all your redirect buttons, click on the...
  • Page 215 AG 3100 Assigning Banners From the Subscriber Console (Information and Control Console - ICC) Setup screen, click on the link. The Subscriber Console (Information and Control Configure Banners Console - ICC) Banners Setup screen appears: Click here to return to the previous screen You can display up to 5 banners, but they must be defined here.
  • Page 216 Start Time (Optional) Stop Time (Optional) If you assign (or change) button images or banner images, the AG 3100 must be rebooted for your changes to take effect. If you changed any of the Image Name definitions, click on the check box for Reboot (to reboot the AG 3100).
  • Page 217 AG 3100 Banner (373 x 32 pixels) Small Buttons (45 x 26 pixels) ISP Button (98 x 26 pixels) Time Formats Use the following formats when defining times: Duration for Banners – 1 through 9999, or more Start or Stop times for Banners –...

  • Page 218: Defining Languages {Language Support

    AG 3100 Defining Languages {Language Support} The AG 3100 allows you to define the text displayed to your users by the Internal Web Server (IWS) without any HTML or ASP knowledge. The language you select here will determine the language encoding that the AG 3100’s Internal Web Server instructs the browser to use.
  • Page 219 Interface and the subscriber’s portal page, choose the Other option, then choose one of the available Japanese character sets from the drop-down menu. If sufficient space is available, the AG 3100’s Internal Web Server also supports multiple languages at the same time.

  • Page 220: Enable Serving Of Local Web Pages {Local Web Server

    AG 3100 Enable Serving of Local Web Pages {Local Web Server} Here are the quick setup instructions to enable serving of local web pages. Upload the required pages and images to the /flash/web directory using FTP. Total file size of all pages and images cannot exceed 200 KB. File names should be labeled using the 8.3 format.
  • Page 221 AG 3100 Web Page File Name This text box lets you add or remove the names of the web pages that you intend to serve to the end users. Note: The name of the web page has to be added in order for it to be served to the end users.

  • Page 222: Defining The Subscriber's Login Ui {Login Ui

    AG 3100 Defining the Subscriber’s Login UI {Login UI} This procedure allows you to set up the presentation and content of the subscriber’s login User Interface (UI). From the Web Management Interface, click on , then Subscriber Interface Login UI.
  • Page 223 Click on the check box for Enable “Remember Me” option if you want to enable (or disable) this feature. This option enables the AG 3100 to “remember” logins for a predetermined duration (see next step). The “Remember Me” option requires JavaScript to be enabled.
  • Page 224 (see notes). You must reboot the AG 3100 for the “Image File Name” or “Partner Image File Name” settings to take effect. You can view a grid of acceptable screen colors. To view the grid, simply click on the “View Color Grid”...
  • Page 225 Image File Name Partner Image File Name must reboot the AG 3100 for your changes to take effect. In this case, click on the check box for Reboot after changes are saved? The partner image (splash screen) is not the same screen that is defined by the Image File Name (IWS screen) field.

  • Page 226: Defining The Post Session User Interface (Post Session Ui)

    The Post Session UI (Goodbye Page) can be defined either as a RADIUS VSA or be driven by the AG 3100’s Internal Web Server (IWS). Using the IWS option means that this functionality is available for other post-paid billing mechanisms (for example, post-paid PMS—if your product license supports PMS).
  • Page 227 AG 3100 From the Web Management Interface, click on , then Subscriber Interface Post Session The Subscriber Post Session User Interface Settings screen appears: System Administration...
  • Page 228 AG 3100 Click on the Enable IWS Goodbye Page check box to enable (or disable) the IWS Goodbye Page, as required. If you enabled the IWS Goodbye Page, select your preferred display options by checking the corresponding boxes: Display IP Address...

  • Page 229: Defining Subscriber Ui Buttons {Subscriber Buttons

    AG 3100 Defining Subscriber UI Buttons {Subscriber Buttons} This procedure allows you to define how each of the control buttons are displayed to subscribers. From the Web Management Interface, click on , then Subscriber Interface Subscriber Buttons. The Subscriber Page -- Control Button Definitions screen appears: Caution Only the Login button should be named “Login.”...

  • Page 230: Defining Subscriber Ui Labels {Subscriber Labels

    AG 3100 Defining Subscriber UI Labels {Subscriber Labels} This procedure allows you to define how the user interface (UI) field labels are displayed to subscribers. From the Web Management Interface, click on , then Subscriber Interface Subscriber The Subscriber Page -- Field Label Definitions screen appears: Labels.

  • Page 231: Defining Subscriber Error Messages {Subscriber Errors

    AG 3100 Defining Subscriber Error Messages {Subscriber Errors} This procedure allows you to define how error messages are displayed to subscribers. There are 2 (two) pages of error messages available. From the Web Management Interface, click on Subscriber Interface , then...
  • Page 232 AG 3100 Repeat Steps 1 – 3 for page 2 of 2 (see following screen): System Administration...

  • Page 233: Defining Subscriber Messages {Subscriber Messages

    AG 3100 Defining Subscriber Messages {Subscriber Messages} This procedure allows you to define how “other” subscriber messages are displayed. There are 3 (three) pages of subscriber messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber The Subscriber Page -- Other Message Definitions, 1 of 3 screen Messages, 1 of 3.
  • Page 234 AG 3100 Click on the Submit button to save your changes, or click on the Reset button if you want to reset all the values to their previous state. If you want to reset all field values to their default state, click on the button.
  • Page 235 AG 3100 Repeat Steps 1 – 3 for page 3 of 3 (see following screen): System Administration...

  • Page 236: System Menu

    AG 3100 System Menu Adding an ARP Table Entry {ARP Add} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting.

  • Page 237: Deleting An Arp Table Entry {Arp Delete

    AG 3100 Deleting an ARP Table Entry {ARP Delete} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting.

  • Page 238: Enabling The Bridge Mode Option {Bridge Mode

    “remove” the AG 3100 from the network without physically disconnecting the unit. You can still manage the AG 3100 when Bridge Mode is enabled, but you have no other functionality. If you enable the Bridge Mode option and then plug the AG 3100 into a network, all you need to do is assign it routable IP addresses.

  • Page 239: Exporting Configuration Settings To The Archive File {Export

    AG 3100 Exporting Configuration Settings to the Archive File {Export} This procedure shows you how to export the current system configuration settings to an archive file for future retrieval. This function is useful if you want to change the configuration settings and you are unsure of the effect that the changes will have.

  • Page 240: Importing The Factory Defaults {Factory

    If you restore the factory default configuration settings, you will no longer be able to access the AG 3100 remotely. However, you always have the option of using the “import” function to restore system configuration settings from the archive file.

  • Page 241: Defining The Fail Over Options {Fail Over

    Many large scale networks require fail-over support for all devices in the Public access network. The AG 3100 allows two Nomadix Gateways to act as siblings, where one device will take up the users should the other device become disconnected from the network. As part of this functionality, the settings (except IP addresses) between the two devices will be synchronized automatically.

  • Page 242: Viewing The History Log {History

    Login – User name of the Administrator / Operator. IP – Source IP address (see note). The source IP displayed may be the source IP of a NAT router instead of the client of the person accessing the AG 3100. System Administration...

  • Page 243: Establishing Icmp Blocking Parameters {Icmp

    AG 3100 Establishing ICMP Blocking Parameters {ICMP} The AG 3100 includes the option to block all ICMP traffic from “pending” or “non authenticated” users that are destined to addresses other than those defined in the pass-through (walled garden) list. The default setting for this option is “disabled” since ICMP pass-through is a useful end-user troubleshooting feature and also required by certain smart clients (for example, GRIC).

  • Page 244: Importing Configuration Settings From The Archive File {Import

    AG 3100 Importing Configuration Settings from the Archive File {Import} This procedure shows you how to restore the system configuration settings from an archive file (previously created with the export function). The archived configuration settings you want to restore may not contain valid IP addresses.

  • Page 245: Establishing Login Access Levels {Login

    (Submit, Reset, Reboot, Add, Delete, etc.), but operators cannot change any system settings. When this feature is enabled, one manager and three operators can access the AG 3100 at any one time (the default is “disabled”). This feature supports the following interfaces: Telnet Command Line Interface (CLI) –...
  • Page 246 AG 3100 Click on the check box for Administration Concurrency if you want to assign concurrent Manager and Operator logins. In the field, enter a login name for this manager. Manager Login Login names and passwords are case-sensitive. Use login names and passwords that are easy to remember (up to 11 characters, any character type).
  • Page 247 If you enabled Administration Concurrency, repeat steps 3 to 5 for an operator login. As part of its Smart Client feature, the AG 3100 offers a remote RADIUS testing feature (enabled by default). With this feature, the AG 3100 provides a password-protected Web page.

  • Page 248: Defining The Mac Filtering Options {Mac Filtering

    AG 3100 Defining the MAC Filtering Options {Mac Filtering} MAC Address filtering enhances Nomadix' access control technology by allowing System Administrators to block malicious users based on their MAC address. Up to 50 MAC addresses can be blocked at any one time (see caution).

  • Page 249: Rebooting The System {Reboot

    AG 3100 Rebooting the System {Reboot} This procedure shows you how to reboot the AG 3100. The “reboot” procedure outlined on this page allows you to decide when to reboot (if you are making multiple changes to different menu functions and you want to reboot just one time after completing all your changes).

  • Page 250: Adding A Route {Route Add

    AG 3100 Adding a Route {Route Add} This procedure shows you how to add a route into the AG 3100’s routing table. This is accomplished by establishing the route’s destination IP address, and by setting the gateway or router IP address by which the route’s destination can be reached.

  • Page 251: Deleting A Route {Route Delete

    AG 3100 Deleting a Route {Route Delete} This procedure shows you how to delete a route to a specific IP destination. From the Web Management Interface, click on , then The Delete System Route Delete. Static Routes screen appears: Enter the address of the route you want to delete from the routing table.

  • Page 252: Establishing Session Rate Limiting {Session Limit

    AG 3100 Establishing Session Rate Limiting {Session Limit} Session Rate Limiting (SRL) significantly reduces the risk of “Denial of Service” attacks by allowing administrators to limit the number of DAT sessions any one user can take over a given time period and, if necessary, then block malicious users.

  • Page 253: Adding Static Ports {Static Port-Mapping Add

    AG 3100. The advantage for the network administrator is that free private IP addresses can be used to manage devices (such as Access Points) on the subscriber side of the AG 3100 without setting them up with public IP addresses.
  • Page 254 Internal Port reference. Enter a valid MAC Address Enter the External IP Address The External IP address field will default to the IP address of the AG 3100. Enter the External Port reference. Optional: Enter the Remote IP Address . Leave this field set to zero if you want to connect to the internal device from any network-side workstation.

  • Page 255: Deleting Static Ports {Static Port-Mapping Delete

    AG 3100. The advantage for the network administrator is that free private IP addresses can be used to manage devices (such as Access Points) on the subscriber side of the AG 3100 without setting them up with public IP addresses.

  • Page 256: Blocking A Subscriber Interface {Subscriber Interfaces

    Updating the AG 3100 Firmware {Upgrade} Upgrading the AG 3100 firmware is performed from the AG 3100’s Command Line Interface (CLI) only. Refer to the Firmware Upgrade Procedure (separate document available from Nomadix Technical Support).
  • Page 257 AG 3100 This page intentionally left blank. System Administration...

  • Page 258: Chapter 3: The Subscriber Interface

    When a subscriber accesses the solution provider’s high speed network, the AG 3100 points their browser to a sign-in page. The AG 3100 then creates a database entry that automatically records the subscriber’s Media Access Control (MAC) address and integrates this address with a PMS interface for secure billing.

  • Page 259: Authorization And Billing

    AG 3100 Authorization and Billing As a gateway device, the AG 3100 enables plug-and-play access to broadband networks. Broadband network solution providers can now offer their subscribers a wide range of high speed services, including access to the Internet. Of course, a high speed Internet connection is not free –...

  • Page 260: The Aaa Structure

    (in the hotel scenario), via a mailed invoice, or directly to the subscriber’s credit card account. The following illustration shows the functional relationship between the AG 3100’s internal modules and the external support systems. The Subscriber Interface...
  • Page 261 AG 3100 Subscriber Login Subscriber Management Internal Web Server External Web Server Internal Web Management Interface (on flash for login pages) (for login & portal pages) Authentication Internal User Database Authorization Table Internal User Database Credit Card Server PMS System...
  • Page 262 Only subscribers that are correctly identified and authenticated are authorized to access the system. Once authorized, the subscriber’s activity is logged and billed through the AG 3100’s Accounting module. The Accounting module fully supports the following functions: Credit card billing (for example, interaction with AuthorizeNet).

  • Page 263: Process Flow (Aaa)

    Process Flow (AAA) The following flowchart outlines the AAA and billing process. All actions depicted in the chart are administered and tracked by the AG 3100. AG 3100 detects connection and verifies user against authorization table New User Existing Subscriber...

  • Page 264: Internal And External Web Servers

    English, Chinese, French, German, Japanese, and Spanish. Home Page Redirection The AG 3100 can be configured to redirect all valid subscribers to a Web portal or home page determined by the solution provider. After a specified time, from the first home page redirection (determined by the system administrator), subscribers are redirected again to the portal at the next Web page request.

  • Page 265: Subscriber Management

    Credit card Combinations of two or more subscriber management models can be used. When a subscriber connects to the network and attempts to access the Internet, the AG 3100 looks for each model in the given order above. Subscriber Management Models The system administrator establishes the subscriber management model via the Command Line Interface (CLI) or the Web Management Interface.

  • Page 266: Configuring The Subscriber Management Models

    Credit card Enable the AAA services. You have the choice of enabling the AG 3100’s internal authorization module or using an external credit card authorization server. Internal Authorization Enabled Enter the credit card server’s URL and IP address, then enter the merchant ID you obtain from Authorize.Net.

  • Page 267: Information And Control Console (Icc)

    AG 3100 Information and Control Console (ICC) The Information and Control Console (ICC) is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing options quickly and efficiently, and displays a dynamic “time” field to inform them of the time remaining on their account. The ICC also offers service providers an opportunity to display advertising banners and provide a choice of redirection options.

  • Page 268: Logout Console

    AG 3100 Logout Console The AG 3100 allows System Administrators to define a simple HTML-based pop-up window for explicit logout that can be used as an alternative to the more fully featured ICC. The pop-up Logout Console can display the elapsed/count-down time and one logo for intra-session service branding.
  • Page 269 AG 3100 This page intentionally left blank. The Subscriber Interface...

  • Page 270: Chapter 4: Quick Reference Guide

    Web Management Interface (WMI) Menus The following tables contain a listing and brief explanation of all menus and menu items in the AG 3100’s Web Management Interface (WMI), listed as they appear on screen. Menus Description Configuration Displays the Configuration menu.

  • Page 271: Configuration Menu Items

    (IP address) of administrator logins. A login is permitted only if a match is made with the master list contained on the AG 3100. If a match is not made, the login is denied, even if a correct login name and password are supplied.
  • Page 272 PMS feature. Port-Location Establishes the Access Concentrator settings. RADIUS Client With the appropriate product license, the AG 3100 supports Remote Authentication Dial-In User Service (RADIUS). This procedure sets up the RADIUS client. RADIUS Proxy Establishes RADIUS proxies, where different realms can be set up to directly channel RADIUS messages to the various RADIUS servers.

  • Page 273: Network Info Menu Items

    AG 3100 Network Info Menu Items Item Description Displays the ARP table, including the destination IP address and the gateway MAC address. Displays the DAT session table. Hosts Displays the host table, including host names, associated IP addresses and any assigned aliases.

  • Page 274: Port-Location Menu Items

    AG 3100 Port-Location Menu Items Items Description Adds or updates port-location assignments. Delete All Deletes all port-location assignments. Use this command with caution. Delete by Location Deletes port-location assignments, based on a specified location. Delete by Port Deletes port-location assignments, based on a specified port (VLAN tag).

  • Page 275: Subscriber Administration Menu Items

    AG 3100 Subscriber Administration Menu Items Items Description Adds subscriber profiles to the database. Current Displays a list of all currently connected subscribers. Delete by MAC Deletes a subscriber, based on a specific MAC address. Delete by User Deletes a subscriber, based on a specific user name.

  • Page 276: Subscriber Interface Menu Items

    AG 3100 Subscriber Interface Menu Items Items Description Billing Options Establishes the various billing plans and rates (schemes), including messages and appearance. ICC Setup Sets up the Information and Control Console (ICC) for subscribers. Language Support Defines the language to be displayed on the Web Management Interface and the subscriber’s portal page.

  • Page 277: System Menu Items

    Factory Imports the factory default settings. FailOver Sets up a “sibling” Nomadix Gateway, allowing one device to take up the users should the other device become disconnected from the network. History Displays a history log of the system’s activity, including Access, Reboot and Uptime.

  • Page 278: Alphabetical Listing Of Menu Items (Wmi)

    Obtain the latest Firmware Upgrade Procedure from Nomadix Technical Support. Alphabetical Listing of Menu Items (WMI) The menu items listed here are for a fully featured AG 3100 (with all optional modules included). Refer to, About Your Product License on page...
  • Page 279 Summary .......Display a summary of the configuration settings ....Configuration TCP ........Display the TCP performance statistics........Network Info Time ........Set the system date and time...........Configuration UDP........Display the UDP performance statistics.........Network Info Upgrade.........Upgrade the AG 3100 system firmware .........System URL Filtering......Define URLs for filtering ............Configuration Quick Reference Guide...

  • Page 280: Default (Factory) Configuration Settings

    AG 3100 Default (Factory) Configuration Settings The following table shows a partial listing of the AG 3100’s primary default configuration settings (the settings established at manufacturing). For a complete listing of the factory default settings, refer to the file. For more information, go to Importing the Factory factory.txt...
  • Page 281 AG 3100 Function Default Setting AAA Logging Disabled AAA Log Server Number AAA Log Server IP 0.0.0.0 SYSLOG (System Logging) Disabled SYSLOG Server Number SYSLOG Server IP 0.0.0.0 AAA Services Disabled Internal Authorization Enabled New Subscribers Enabled Credit Card Service...

  • Page 282: Sample Aaa Log

    AG 3100 Sample AAA Log The following table shows a sample AAA log. This log is generated by the AG 3100 and sent to the SYSLOG server that is assigned to AAA logging. Type Subscriber Expi- Date Time 3100 Log Message...

  • Page 283: Message Definitions (Aaa Log)

    Subscriber profile was not added to the AG 3100 Unsuccessful_Error authorization table because the credit card server did not recognize the transaction. AAA_lookup Subscriber profile has been recognized and the AG 3100 is Added_in_memory_table_pending waiting to authenticate the user. AAA_Interface Subscriber profile was manually added to the authorization Added_by_administrator table.

  • Page 284: Sample Syslog Report

    AG 3100 Sample SYSLOG Report Syslog reports are generated by the AG 3100 and sent to the syslog server that is assigned to general error detection and reporting. 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [AG 3100 v5.4.03] DHCP: ndxDHCPInit: 0021 DHCP initialized 2003-02-10 11:25:53 Local2.Info 1.2.3.4 INFO [AG 3100 v5.4.03]...

  • Page 285: Keyboard Shortcuts

    AG 3100 Keyboard Shortcuts The following table shows the most common keyboard shortcuts. Action Keyboard Shortcut Cut selected data and place it on the clipboard. Ctrl + X Copy selected data to the clipboard. Ctrl + C Paste data from the clipboard into a document (at the insertion point).

  • Page 286: Radius Attributes

    Optionally, the RADIUS server can instruct the NAS to perform other functions; for example, the RADIUS server can tell the AG 3100 what upstream and downstream bandwidth the subscriber should receive. If RADIUS cannot authenticate the subscriber, it will instruct the NAS to deny access to the network.

  • Page 287: Authentication-Request

    AG 3100 The Nomadix AG 3100 RADIUS functionality can be broken down into the following categories: Authentication-Request Authentication-Reply (Accept) Accounting-Request Selected Detailed Descriptions Nomadix Vendor Specific Attributes Authentication-Request Username Password Service-Type NAS-Port (port number) NAS-Identifier Framed-IP Address NAS-IP Address NAS-Port-Type...

  • Page 288: Authentication-Reply (Accept)

    AG 3100 Authentication-Reply (Accept) Reply-Message Reject-Message State (used/tested for 802.1x) Class Session-Timeout Idle-Timeout EAP-Packet (used for 802.1x) Message-Authenticator (used for 802.1x) Acct-Interim-Interval Nomadix VSAs: Nomadix-Bw-Up Nomadix-Bw-Down Nomadix-URL-Redirection Nomadix-IP-Upsell Nomadix-MaxBytesUp Nomadix-MaxBytesDown Nomadix-Net-VLAN Nomadix-Session-Terminate-End-Of-Day Nomadix-Subnet Nomadix-Expiration Quick Reference Guide...

  • Page 289: Accounting-Request

    AG 3100 Accounting-Request Username Acct-Status-Type (Start/Stop/Update) Acct-Session-ID Acct-Output-Octets Acct-Input-Octets Acct-Output-Packets Acct-Input-Packets Class Nomadix VSAs: Nomadix-Subnet Nomadix-URL-Redirection Nomadix-IP-Upsell Acct-Session-Time (Stop) Terminate-Cause (Stop) NAS ID NAS-IP Address NAS-Port-Type NAS-Port Framed-IP Address Acct-Delay-Time Called-Station-ID Calling-Station-ID Quick Reference Guide...

  • Page 290: Selected Detailed Descriptions

    “0” means forever. Timeout Detection If a subscriber is sending traffic through the AG 3100, the AG 3100 will immediately detect a Session-Timeout. However in the case of an Idle-Timeout or an inactive subscriber Session- Timeout, the AG 3100 detects it via a clean-up function that is currently called every 2 minutes.
  • Page 291 AG 3100 Called-Station-ID This is the Media Access Control (MAC) address of the AG 3100. Calling-Station-ID This is the Media Access Control (MAC) address of the client's computer. New Attributes in Acct-Request The AG 3100 has to send the following attributes in an Accounting-Stop: Acct-Output-Packets: number of packets sent by subscriber.

  • Page 292: Nomadix Vendor Specific Attributes

    This attribute allows the administrator to redirect the user to a page of the administrators choice each time the user logs in. Nomadix-IP-Upsell This attribute allows the user to receive a public address from a DHCP pool when the AG 3100 has the IP-Upsell feature enabled. Nomadix-Volume-Based-Session-Timeout This attribute allows you to terminate a session once a specified data volume has been reached.

  • Page 293: Setting Up The Ssl Feature

    AG 3100 Setting Up the SSL Feature This section describes how to set up the AG 3100’s SSL feature. Prerequisites The AG 3100 should support SSL feature. Please go to Displaying Your Configuration Settings {Summary} on page 143 and verify that the Licensed Features include "AAA SSL Support".

  • Page 294: Installing Cygwin And Openssl On A Pc

    There are several sources for obtaining “Cygwin” to install OpenSSL. One popular source is: http://sources.redhat.com/cygwin/. Nomadix used Cygwin version 1.3.2 for generating this section of the User’s Guide. Installing Cygwin and OpenSSL on a PC The example in this document is based on downloading the software with Netscape 4.75.
  • Page 295 AG 3100 Click on the button to display the next setup screen. Next Click on the button to display the next setup screen. Next Click on the button to display the next setup screen. Next Quick Reference Guide...
  • Page 296 Select a location and click on the button. Next For the purposes of this document, Nomadix used: ftp://planetmirror.com. In the following screens, please skip all packages except “cygwin” and “openssl,” then click on the Next when you are done. At the time of this writing, there are more than 70 packages to install. Please ensure that you “skip”...
  • Page 297 AG 3100 Click on the button to start the “download” process. Wait for the download process to Next complete. Quick Reference Guide...
  • Page 298 AG 3100 Click on the Next button to start the “install” process. Wait for the install process to complete. There will be a pop-up dialog to inform you that the installation process is completed. At the pop-up dialog, click on the button.

  • Page 299: Private Key Generation

    AG 3100 Private Key Generation Create a directory from Root and put 5 random files, , and (see a.dat b.dat c.dat d.dat e.dat note) into the C:\cygwin\bin\ directory (or the directory where you installed openssl.exe). These random files can be any file type, such as Word, Excel, etc. Change the files to .dat files (shown above).
  • Page 300 However, if you are saving them as different names, you must change the names back to “cakey.pem” when trying to FTP to the AG 3100. Do not include “-des3” option to keep the private key in an unencrypted form.

  • Page 301: Create A Certificate Signing Request (Csr) File

    The “Common Name” is the name used in the AG 3100->AAA->SSL Certificate Domain Name. The Common Name in the Public Key must match the SSL Certificate Domain Name in the Web Management Interface of the AG 3100 (refer to the AG 3100 setup information later in this document).
  • Page 302 AG 3100 Here is the output of server.csr: Quick Reference Guide...

  • Page 303: Create A Public Key File (Server.pem)

    AG 3100 Create a Public Key File (server.pem) VeriSign Purchasing Process The signing process varies by Certificate Authority. Generally, you will need to send a Certificate Signing Request to the Certificate Authority (CA) and the CA will create a public key base on the certificate request.
  • Page 304 Some older versions of popular browsers only support 40-bit or 56-bit encryption. Since it impossible to forecast the browsers that may be used in a visitor-based network, Nomadix recommends implementing a 40-bit Public Key. During the process, VeriSign will ask for your business information and verification. There are several ways to proof the existence of your business.
  • Page 305 AG 3100 CSR Submission to VeriSign: Please select “Apache Freeware” to submit the CSR to VeriSign. The Certificate Signing Request is in the server.csr (created in the previous step). Open server.csr and copy and paste all data into the edit box.
  • Page 306 AG 3100 The file, “server.pem” will look like this: You have now finished the process of obtaining a public key. Quick Reference Guide...

  • Page 307: Setting Up Ag 3100 For Ssl Secure Login

    AG 3100 Setting Up AG 3100 for SSL Secure Login FTP the “cakey.pem” and “server.pem” files into the AG 3100 platform's flash directory. FTP to the AG 3100 by Netscape: ftp://username:password@[AG 3100 Network IP]/flash Drag and drop the “cakey.pem” and “server.pem” files into the directory.

  • Page 308: Mirroring Billing Records

    By effectively “mirroring” the billing data, the AG 3100 can send copies of billing records to predefined “carbon copy” servers. Additionally, if the primary and secondary servers are down, the AG 3100 can store up to 2,000 PMS or credit card transaction records. The AG 3100 regularly attempts to connect with the primary and secondary servers.

  • Page 309: Xml Interface

    XML Interface XML for the External Server The AG 3100 sends a string of XML commands according to specifications. HTTP headers are added to the XML packets that are built, as the billing “mirroring” information is sent to the Content-length has also been added to the external server in HTTP compliant XML format.
  • Page 310 The AG 3100 uses USG commands for XML strings. The AG 3100 accepts a single line of XML text in the specified format. The XML string is a command sent by the External Server to the AG 3100 product. In this case, the acknowledgement received from the External Server forms the command.
  • Page 311 RESULT_VALUE:OK or ERROR IP:Standard IP format (123.123.123.123) ERROR_CODE1 for OK, or any other number Please contact Nomadix Technical Support for the complete XML DTD. Refer to Contact Information on page 301. For more information about Billing Records Mirroring, see also: Billing Records Mirroring on page 24 Establishing Billing Records “Mirroring”...

  • Page 312: Chapter 5: Troubleshooting

    Interface. General Hints and Tips The AG 3100 is both a hardware device and a powerful software utility. As a hardware computing device, the AG 3100 requires careful handling. It should be positioned in a dust-free and temperature-controlled environment. Never block the unit’s ventilation holes, and do not stack with other equipment (unless correctly mounted in a rack).

  • Page 313: Management Interface Error Messages

    AG 3100 Management Interface Error Messages The following table contains the error messages associated with the Management Interface (CLI and Web). All messages are listed alphabetically. Error Message Cause AAA must be enabled before adding a You are attempting to add a subscriber profile subscriber to the profile database.
  • Page 314 When upgrading the software, the system FTP a valid boot image to the flash. needs the new boot image file. You must FTP the file from NOMADIX™ to your local hard drive. Warning: no DHCP services are available to This message is displayed because you have subscribers.

  • Page 315: Common Problems

    255.255.255.0 The DHCP relay is disabled Check the internal DHCP and the DHCP service service settings. settings in the AG 3100 are misconfigured. Subscribers are unable to The DNS server settings are Check the DNS settings (host, route to a domain name, but misconfigured.
  • Page 316 When a subscriber logs in for Home page redirection is not Enable home page the first time, their browser is enabled in the AG 3100. redirection. not redirected to the specified The home page URL was Re-enter the correct URL.
  • Page 317 AG 3100 This page intentionally left blank. Troubleshooting...

  • Page 318: Appendix A: Technical Support

    When contacting technical support, please have your AG 3100’s serial number available. The serial number is located on the bottom panel of your AG 3100. Contact Information You can contact us by Email, fax, telephone, or regular mail.
  • Page 319 AG 3100 This page intentionally left blank. Appendix A: Technical Support...

  • Page 320: Glossary Of Terms

    Ethernet on page 306. (Authentication, Authorization, and Accounting) A combination of commands used by Nomadix Gateways to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. When a subscriber logs into the system, their unique MAC address is placed into an authorization table. The system then authenticates the subscriber’s MAC address and billing information before allowing them to access the Internet and make online...
  • Page 321 (ACKnowledgment) If all the transmitted data is present and correct, the receiving device sends an ACK signal, which acts as a request for the next data packet. Adaptive Configuration Technology A Nomadix, Inc. patented technology that enables Dynamic Address Translation. See also, DAT on page 305.
  • Page 322 (permanent) IP addresses, or subscribers that do not have DHCP functionality on their computers. DAT is a Nomadix, Inc. patented technology that allows all users to obtain network access, regardless of their computer’s network settings. See also, DHCP on page 305.
  • Page 323 AG 3100 Dynamic IP Address A temporary IP address that is assigned by the DHCP server to a device. Devices retain dynamic IP addresses only for the duration of their networking session. When a device disconnects from the network, the IP address is recaptured by the DHCP server and becomes available for reassignment to another device.
  • Page 324 AG 3100 FHSS (Frequency Hopping Spread Spectrum) One of two types of spread spectrum radio—the other being Direct-Sequence Spread Spectrum (DSSS on page 305). FHSS is a transmission technology used in WLAN on page 316 transmissions where the data signal is modulated with a narrowband carrier signal that "hops" in a random but predictable sequence from frequency to frequency as a function of time over a wide band of frequencies.
  • Page 325 AG 3100 (Home Page Redirection) Nomadix Gateways enable solution providers to redirect subscribers to a “portal” home page of their choice. This allows the solution provider to generate online advertising revenues and increase business exposure. See also, Home Page on page 307.
  • Page 326 Whenever a subscriber logs on, your Nomadix Gateway automatically translates their computer’s network settings to provide them with seamless access to the broadband network. Subscribers no longer need to alter their computer’s settings. See also,...
  • Page 327 Misconfigured User A Nomadix, Inc. term used to describe users who have IP address configurations that are different from the current network. For example, if the current network is 123.45.67.89 but the user’s IP address is 10.10.10.15, then this user is considered to be “misconfigured.”...
  • Page 328 AG 3100 Packet How data is distributed over the Internet. A packet contains the source and destination addresses, as well as the data. An ethernet packet is normally 1,518 bytes. In IP networks, packets are often called datagrams. See also,...
  • Page 329 AG 3100 Protocol A standard process consisting of a set of rules and conditions that regulates data transmissions between computing devices. Some examples of protocols include HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), TCP/IP (Transmission Control Protocol/Internet Protocol), and POP (Post Office Protocol). All these protocols are responsible for regulating the transmission of their specific data file types.
  • Page 330 Normally, a solution provider is offering a solution that isn’t readily available on the open market. For example, NOMADIX™ is a solution provider to its customers (broadband network service providers), and those customers are solution providers to their end users (network subscribers).
  • Page 331 AG 3100 Subnet Address The subnet portion of an IP address that is dedicated to the subnet. In a subnetted network, the host portion of an IP address is split into a subnet portion and a host portion using an address (subnet) mask. See also,...
  • Page 332 AG 3100 Tunneling A technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsoft's PPTP technology enables organizations to use the Internet to transmit data across a Virtual Private Network (VPN). It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet.
  • Page 333 HTML. For example, XML supports links that point to multiple documents, as opposed to HTML links, which can reference just one destination each. For all Nomadix Gateways, XML is used by the subscriber management module for port location and user administration. Enabling the XML interface allows your Nomadix Gateway to accept and process XML commands from an external source.

  • Page 334: Index

    AG 3100 Index character lengths AAA log Command Line Interface AAA services inputting data External Web Server logging in Internal Web Server common problems concurrent login message definitions configurable ports log sample Configuration menu process flow configuration settings structure archiving...
  • Page 335 214, inputting data in-room port mapping exporting configuration settings Installation External Web Server 11, powering up the AG 3100 unpacking the AG 3100 workflow factory settings interfaces importing Internal Web Server fail over options...
  • Page 336 Mirroring billing records portal page redirect MRS 25, Port-based billing policies 66, multi-level administration 15, enabling multiple subnets Port-Location menu post session user interface powering down network architecture (sample) powering up the AG 3100 network connections Network Info menu Authentication Index...
  • Page 337 AG 3100 Echo Request remember me Keep Alive remote connections Password routes 233, Username adding PPPoE deleting IP Configuration Mode routing tables Maximum TCP MSS PPPoE Client Print billing secure administration Print billing command secure management Private Key Generation secure socket layer...
  • Page 338 UDP statistics displaying 185, UI buttons finding by MAC UI labels finding by user unpacking the AG 3100 listing by MAC updating firmware listing by user URL filtering Subscriber tracking log user session time adjustment Subscriber UI buttons...
  • Page 339 AG 3100 This page intentionally left blank. Index...

Table of Contents