- DL manuals
- 4IPNET
- Gateway
- HSG1100
- User Manual
4IPNET HSG1100 User Manual - 10.3.2 User Events
User’s Manual
WHG Controller / HSG Gateway
ENGLISH
140
10.3.2 User Events
Configuration path:
Main Menu >> Status >> Logs and Reports >> User
Events
This page is packed with all user logs and events. User logs and events can
be stored up to 40 days. Displays all user related information customizable to
administrator's preference. The administrator gets to choose the number of
rows (20, 40, 60, 80, 100) to display per page. Select the Begin and End date
from the calendar to filter unwanted User Events. After the Begin and End
dates are selected, click "Display" to display all User Events within the
selected dates.
The "Download" button downloads the displayed User Events into a comma
separated .txt file. Save as a new file with .csv extension to sort the
downloaded data into cells. The "Clear" button deletes current User Events
displayed on the User Interface.
Note that different User Types contain different user information. Categories
Summary of HSG1100
Page 1
User’s manual v2.20 whg & hsg series secure wlan controller / wireless hotspot gateway.
Page 2
User’s manual whg controller / hsg gateway english ii copyright the contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, el...
Page 3: Fcc Caution
User’s manual whg controller / hsg gateway english iii fcc caution whg311, whg321 this equipment has been tested and proven to comply with the limits for a class b digital device, pursuant to part 15 of the fcc rules. These limits are designed to provide reasonable protection against harmful interfe...
Page 4
User’s manual whg controller / hsg gateway english iv table of contents chapter 1. Introduction ........................................................................ 9 1.1. Whg controller series ..................................................................... 9 1.2 whg controller models .......
Page 5
User’s manual whg controller / hsg gateway english v 7.2 local area ap management ............................................................. 86 7.2.1 ap list .............................................................................. 86 7.2.2 ap adding and discovery ..............................
Page 6
User’s manual whg controller / hsg gateway english vi 11.2.1 usage-time with expiration time ........................................ 145 11.2.2. Usage-time with no expiration time .................................. 147 11.2.3. Hotel cut-off-time ........................................................
Page 7
User’s manual whg controller / hsg gateway english vii 2) wan ..................................................................................... 261 3) ipv6 ..................................................................................... 263 4) lan ports ........................................
Page 8
User’s manual whg controller / hsg gateway english viii 5) proxy server ........................................................................... 331 6) local dns record .................................................................... 333 7) dynamic routing .......................................
Page 9: Chapter 1. Introduction
User’s manual whg controller / hsg gateway english 9 chapter 1. Introduction 1.1. Whg controller series 4ipnet whg controllers are feature rich network edge devices designed for network service provisioning, authentication, security, and management. Depending on the scale of deployment, there are a ...
Page 10
User’s manual whg controller / hsg gateway english 10 network safety and traffic control are other big areas of concern for network owners, hoteliers as these are major factors in determining the quality and stability of your network environment as a whole. 4ipnet whg controllers addresses these nee...
Page 11: 1.3 Hsg Gateway Series
User’s manual whg controller / hsg gateway english 11 1.2 whg controller models 4ipnet whg controller product line comes with the following models for targeting network deployment of variable scale. Smb & enterprise controllers whg311, whg315, whg321, whg325, whg401, whg405, whg425 large enterprise ...
Page 12: 1.4 Hsg Gateway Models
User’s manual whg controller / hsg gateway english 12 information for this client to either the internal user database or an external user database depending on deployment. Network safety and traffic control are other big areas of concern for network owners, hoteliers as these are major factors in d...
Page 13
User’s manual whg controller / hsg gateway english 13 large enterprise & carrier grade controllers hsg5200 note please note that all hsg gateways do not support local and wide ap management as well as local & remote vpn. Note: 4ipnet may continue to introduce new platforms, and may retire old platfo...
Page 14
User’s manual whg controller / hsg gateway english 14 【 layer 2 network in port based mode】 【 layer 2 network in tag based mode】 layer 3 networks not only span physically under the lan ports of 4ipnet whg controller, it is also capable of reaching over different ip networks to manage remote sites wi...
Page 15: 1.6 Key Terms & Concepts
User’s manual whg controller / hsg gateway english 15 【 layer 3 network with tunnels】 1.6 key terms & concepts gateway is an edge device or network node where a small network attaches to a bigger network. 4ipnet whg controllers are in essence gateways in a network environment. Conventionally, the bi...
Page 16
User’s manual whg controller / hsg gateway english 16 4ipnet whg controller’s built-in database named “on-demand”. The 4ipnet whg controller’s “on-demand” database capacity varies with different model. On- demand user is designed for short term usage purpose; it has time or volume constraints and an...
Page 17
User’s manual whg controller / hsg gateway english 17 group is a user role profile which defines the accessibility of a user to different service zones and in turn defines the qos properties as well as network policy when access is granted. Each and every connected user will belong to a group, deter...
Page 18
User’s manual whg controller / hsg gateway english 18 【 relationship of service zone, group and policy】 service zone 1 service zone 2 service zone 3 policy-b group student group faculty group guest policy-c policy-a.
Page 19: 1.7.1. Common Settings
User’s manual whg controller / hsg gateway english 19 1.7 recommended configuration sequence set up system’s time zone, ntp server, dns server and wan1 address configure lan address range for at least one service zone, and enable its authentication. Create user accounts to test the login page via wi...
Page 20
User’s manual whg controller / hsg gateway english 20 the necessary functionalities and are for operation usage once your network is up and running. Customers with needs to fulfill specific applications, integration with 3 rd party devices, customization etc., please refer to chapters 11 and beyond ...
Page 21
User’s manual whg controller / hsg gateway english 21 chapter 2. Wmi & setup wizard 2.1. Web management interface the web management interface (wmi) of the whg controller can be accessed through a web browser (firefox, chrome, ie9 and higher recommended) of any pc connected to the lan interface with...
Page 22
User’s manual whg controller / hsg gateway english 22 you may refer to part e. Of appendix f for details on admin accounts configuration..
Page 23: 2.2 Running The
User’s manual whg controller / hsg gateway english 23 the wmi welcome page is as shown below after a successful administrator login. Note 1. To logout, simply click the logout icon on the upper right corner of the interface to return to the login screen. 2.2 running the wizard the setup wizard provi...
Page 24
User’s manual whg controller / hsg gateway english 24 step 1. General select an appropriate time zone from the time zone drop-down list. click next to continue. Step 2. Select connection type for wan1 port there are three types of wan connections to be selected from: static ip address, dynamic...
Page 25
User’s manual whg controller / hsg gateway english 25 step 3. Add local user account (optional) a new user can be added to the local user database. To add a user here, enter the username (e.G. Testuser), password (e.G. Testuser), and assign an applied group to this particular user (or use the defa...
Page 26
User’s manual whg controller / hsg gateway english 26 a confirm and restart message will appear on the screen during the restarting process. Please do not interrupt the system until the administrator login page appears..
Page 27
User’s manual whg controller / hsg gateway english 27 please do not interrupt whg restart process until the admin login page reappears – which indicates the restart process has been completed. Restart process complete..
Page 28: 3.1. Network Planning
User’s manual whg controller / hsg gateway english 28 chapter 3. Basic network settings 3.1. Network planning before installing the 4ipnet whg controller, careful network planning is required in order to meet the networking needs with the most efficient utilization of network resources. It staff of ...
Page 29
User’s manual whg controller / hsg gateway english 29 【 graphical illustration of layer 2 topology】 layer 2 network design guidelines always connect hierarchically. If there are multiple switches in a building, use an aggregation switch. Locate the aggregation switch close to the network core (e.G. ...
Page 30
User’s manual whg controller / hsg gateway english 30 【 graphical illustration of layer 3 topology】 layer 3 network design guidelines always connect hierarchically whether in local lan or remote lan. If there are multiple switches in a building, use an aggregation switch. Locate the aggregation swit...
Page 31: 3.2.1 Wan Settings
User’s manual whg controller / hsg gateway english 31 3.2. Uplink (wan side) configuration 3.2.1 wan settings configuration path: main menu >> system >> wan the wan port supports four connection configurations static, dynamic, pppoe and pptp. These connection types are adequate enough to support mos...
Page 32: 3.2.2. Dual Uplink
User’s manual whg controller / hsg gateway english 32 dynamic: it is only applicable for a network environment where the dhcp server is available on the upstream network. Click the renew button to get an ip address automatically. Pppoe: if your isp provides pppoe dialup connection, then the isp will...
Page 33
User’s manual whg controller / hsg gateway english 33 static: manually specifying the ip address of the wan port. The fields with red asterisks are required to be filled in. Dynamic: it is only applicable for a network environment where the dhcp server is available on the upstream network. Click the...
Page 34
User’s manual whg controller / hsg gateway english 34 3.2.3. Wan port selection for dual wan1 / wan2 models whg controller models whg707 and above are carrier grade models designed with a sfp and ethernet port for both wan1 and wan2 respectively. Administrator can further decide which physical port ...
Page 35
User’s manual whg controller / hsg gateway english 35 the deployment options are: ether port: deploy the copper ethernet wan port for service. fiber port: deploy the sfp port for service. fiber port and ether port: bridge fiber port and ethernet port, physically only connect one uplink either ...
Page 36
User’s manual whg controller / hsg gateway english 36 3.2.4. Wan traffic control the uplink and downlink bandwidth configured here is the combined bandwidth for wan interface including wan1 and wan2. However, please note that the actual bandwidth is still bounded by the network speed of your isp ope...
Page 37
User’s manual whg controller / hsg gateway english 37 load balancing administrator can spread the system traffic across wan1 and wan2 ports based on percentage load, calculated using session, bytes, or packets. Wan failover once enabled, whenever wan1 is down, wan2 will service the traffic originall...
Page 38
User’s manual whg controller / hsg gateway english 38 note 1. Please note that wan failover feature cannot be enabled concurrently with load balancing feature..
Page 39
User’s manual whg controller / hsg gateway english 39 3.3. Downlink (lan side) vlan option the downlink of whg controller is basically your managed network deployed for service. There are two types of deployment mode for networks attached to the lan ports of the whg controller: port-based mode and t...
Page 40
User’s manual whg controller / hsg gateway english 40 settings. 3.3.2. Tag-based service zone tag-based operation mode operates under the principle that different service zones are identified by vlan id. This means that tag-based operation allows each physical lan port to accept traffic for any enab...
Page 41
User’s manual whg controller / hsg gateway english 41 chapter 4. User authentication database 4.1. Authentication database configuration authentication database is a storage device where users’ credentials may be inquired for validity. When a user is associated to an authentication enabled in servic...
Page 42
User’s manual whg controller / hsg gateway english 42 internet on-demand account server local account server radius server sip server built-in nt domain server pop3 server external ldap server 【 graphical illustration of authentication databases in relation to whg controller】 the configurations of a...
Page 43: 4.2.1. Local User Database
User’s manual whg controller / hsg gateway english 43 4.2. Built-in authentication databases configuration path: main menu >> users >> internal authentication 4.2.1. Local user database this type of authentication method checks the local database that stores user, often the staff and credentials int...
Page 44
User’s manual whg controller / hsg gateway english 44 note 1. The fields with red asterisk are mandatory fields while the others are optional. 2. Mac address field once configured will bind this particular account under the condition that it may only be granted access using the device specified. 3. ...
Page 45
User’s manual whg controller / hsg gateway english 45 note 1. The txt files generated may be inter-used by all whg controller series as the defined csv format are consistent for all models. 2. Duplicated accounts will result in upload failure and a warning message will be displayed. Modifications to...
Page 46
User’s manual whg controller / hsg gateway english 46 deleting accounts accounts in the local user database may be deleted individually or entirely by selecting the “select all” checkbox. There will be a popup window asking if you are sure to carry out the action. 4.2.2. On-demand user database the ...
Page 47
User’s manual whg controller / hsg gateway english 47 on-demand authentication option offers plenty of options for customization. Pos tickets can be customized to businesses’ needs, and multiple payment options are also available on the whg controllers. Configuration path: main menu >> users >> inte...
Page 48
User’s manual whg controller / hsg gateway english 48 the whg controller can work in hand with clickatell sms server for on- demand accounts credentials to be sent to users via sms message. With a set of clickatell account username/password, the sms gateway.
Page 49
User’s manual whg controller / hsg gateway english 49 can be configured to send sms messages upon on-demand account creation. The sms service can be used for free access, paid access with payment gateway integration, or both. Define an api id and activate the desired billing plans. Multiple billing ...
Page 50
User’s manual whg controller / hsg gateway english 50 selecting an appropriate account type. The user group profile for each billing plan is also assigned here. On-demand accounts configuration path: main menu >> users >> on-demand accounts after enabling the selected billing plans, on-demand accoun...
Page 51
User’s manual whg controller / hsg gateway english 51 on-demand account import, export, deletion and admin redeem are also performed on this page. 4.2.3. The guest authentication option the guest authentication option is not technically a user database, but rather a specially designed option to allo...
Page 52
User’s manual whg controller / hsg gateway english 52 guest access time when set to ‘limited’ will enforce a usage time constraint based on mac addresses. If the quota is set to 30 minutes, each device may only be allowed 30 minutes of usage, and a new session will only be possible once the reactiva...
Page 53
User’s manual whg controller / hsg gateway english 53 step2: choose the service zones where you would like to apply the guest authentication option - go to main menu > system > service zone > configure. Scroll down the page to authentication options. Check to enable the option for free. Subsequently...
Page 54
User’s manual whg controller / hsg gateway english 54 the network with constraints specified in trial authentication option profile and the group profile. Mac address will be checked to avoid malicious use of free access. 4.3. External authentication options most organizations have already establish...
Page 55: 4.3.1. Radius
User’s manual whg controller / hsg gateway english 55 external network an external server 4ipnet whg controller login send user credential auth reply allow / deny login success / fail 1 2 4 3 note 1. Please note that having configured the authentication options whether using built-in or external dat...
Page 56
User’s manual whg controller / hsg gateway english 56 server 2 by default is configured to use radius authentication. 4ipnet whg controllers support radius authentication, radius class mapping, and radius transparent login with 802.1x. Below is the detailed configuration page of radius settings. Att...
Page 57
User’s manual whg controller / hsg gateway english 57.
Page 58: 4.3.2. Pop3
User’s manual whg controller / hsg gateway english 58 another important setting field is the class-group mapping on the page. It is a translation setting which maps radius classes to different groups on the 4ipnet whg controller, enabling different radius accounts to be incorporated into different g...
Page 59: 4.3.3. Ldap
User’s manual whg controller / hsg gateway english 59 4.3.3. Ldap the lightweight directory access protocol (ldap) is an application protocol for accessing and maintaining distributed directory information services over an ip network. If you wish to deploy ldap server for user authentication, procee...
Page 60: 4.3.4. Nt Domain
User’s manual whg controller / hsg gateway english 60 4.3.4. Nt domain nt domain option supports windows domain databases to perform user credential authentication. Configuration path: main menu >> users >> external authentication by default server 3 is selected to use nt domain. The administrator i...
Page 61
User’s manual whg controller / hsg gateway english 61 (1) a user is making a call through a sip-based phone (e.G. #301 --> #303). (2) the user gets authenticated transparently, if the user is registered in the sip registrar. (3) the call is established successfully. Configuration path: main menu >> ...
Page 62
User’s manual whg controller / hsg gateway english 62 please also make sure that the corresponding service zone also has ‘enable’ checked in the sip interface configuration in order to function properly..
Page 63
User’s manual whg controller / hsg gateway english 63 chapter 5. Group attributes & policy rules all 4ipnet whg controller models utilize ‘group’ and ‘policy’ to define user accessibility and network privileges in order to set constraints on users’ behavior. Since grouping, policy setting, and servi...
Page 64
User’s manual whg controller / hsg gateway english 64 account. As for those who are authenticated by external servers, 4ipnet whg controllers also offer group assignment per account for radius and ldap option via class-group mapping and attribute-group mapping respectively. In each group profile, th...
Page 65
User’s manual whg controller / hsg gateway english 65 same groups to be bound with different policies according to group-service zone permission mapping settings the administrator defines. For instance, a user from group 1 may be imposed by policy 1 in service zone 1, but policy 3 when he goes to se...
Page 66
User’s manual whg controller / hsg gateway english 66 5.2 practical setups of group and policies this section demonstrates with screenshots on how to practically set up the groups and policies on the wmi of the 4ipnet whg controller. group overview configuration path: main menu >> users >> groups ...
Page 67
User’s manual whg controller / hsg gateway english 67 group settings configuration path: main menu >> users >> groups >> configuration the group configuration – group x tableis for policy settings to be defined for the group. Multiple device login (except for on-demand) can be enabled here. The zo...
Page 68
User’s manual whg controller / hsg gateway english 68 check the status checkboxes to allow users of this group to access the corresponding service zones. To configure from a service zone’s perspective please go to access permission and authorization in service zone settings..
Page 69
User’s manual whg controller / hsg gateway english 69 policy settings configuration path: main menu >> users >> policies >> policy configuration 1. Select policy allows administrator to choose which policy profile to configure. 2. Firewall profile is for defining service protocols, user firewall r...
Page 70
User’s manual whg controller / hsg gateway english 70 4. Qos profile allows administrator to edit traffic configuration. 5. Specific route profile is where the administrator may statically assign routing nodes to forward traffic to a certain destination. 6. Ipv6 traffic class and 802.1p mapping (for...
Page 71
User’s manual whg controller / hsg gateway english 71 grouping users a group is determined by authentication servers, class (radius), attribute (ldap), or accounts individually (local, on-demand). Generally a group is assigned to all users of an authentication option users > authentication > auth ...
Page 72
User’s manual whg controller / hsg gateway english 72 policy priority policy can be configured at group-service zone permission mapping and service zone profile. The policy enforcement priority is as follows: group-service zone mapping > service zone default policy > global policy therefore, if th...
Page 73: 6.2 Service Zone Setup
User’s manual whg controller / hsg gateway english 73 chapter 6. Basic service zone configuration 6.1 the concept of service zone service zones are virtual partitions of the physical lan side of a 4ipnet controller. Similar to vlans, they can be separately managed and defined, having their own user ...
Page 74
User’s manual whg controller / hsg gateway english 74 zones, so the maximum number of service zones is equivalent to the number of lan ports on a 4ipnet whg controller. On the contrary, tag-based service zones are not limited by the number of ports, for they are specified by the vlan tag id pre-defi...
Page 75
User’s manual whg controller / hsg gateway english 75 if the setting is change to tag-based, the correspondence of service zones and ports will be grayed out. Each service zone will need to be assigned a unique vlan id, ranging from 1 to 4096. Note that the default service zone is designed to be tag...
Page 76
User’s manual whg controller / hsg gateway english 76 6.2.2. Nat mode or router mode configuration path: main menu >> system >> service zones >> configure nat is the acronym for network address translation which translates private ip addresses for devices on the lan side of a controller to routable ...
Page 77
User’s manual whg controller / hsg gateway english 77 vlan isolation, clients isolation, and none. O inter-vlan isolation: 2 clients within the same vlan will not see each other when coming in from different ports. Note that isolation is done when traffic passes through the gateway. When a switch or...
Page 78
User’s manual whg controller / hsg gateway english 78 1. Dhcp server configuration – the default setting for dhcp server is “enable”. Select other options from the drop-down list. 2. Define the ip range for issuing when using enable dhcp server (built-in). There are a total of six dhcp pools for con...
Page 79
User’s manual whg controller / hsg gateway english 79 auth server identifier when more than one auth server is enabled for service. 2. Mac address authentication radius mac authentication feature once enabled, if the connected device has its mac address entered in the configured radius server, the c...
Page 80
User’s manual whg controller / hsg gateway english 80 3. Ppp dial-up authentication point-to-point protocol (ppp) is a data link protocol commonly used in establishing a direct connection between two networking nodes. When this feature is enabled for service, end users may configure a dial-up connec...
Page 81
User’s manual whg controller / hsg gateway english 81 service disclaimer page can be enabled if required. These pages are fully customizable to give administrators complete flexibility. Message pages can also be customized and message pages include: login success pages, login success page for on-dem...
Page 82
User’s manual whg controller / hsg gateway english 82 upload your own: the administrator has the option to upload a html file as the login page. The "download html sample file" gives administrators a sample html code to edit from. Once this sample html code is downloaded, open the file with any brow...
Page 83: 7.1. Introduction
User’s manual whg controller / hsg gateway english 83 chapter 7. Basic ap management (whg only) 7.1. Introduction management of access points are always of vital importance for a network administrator. Thus 4ipnet delivers a simple, straightforward set of management tools to help you achieve it. Gen...
Page 84
User’s manual whg controller / hsg gateway english 84 manageable 4ipnet access points for local ap management may be checked at: main menu >> access points >> local area ap management >> overview . Manageable 4ipnet access points for wide area ap management may be checked at: main menu >> access poi...
Page 85
User’s manual whg controller / hsg gateway english 85 individual ap configuration is very time consuming and impractical when it comes to large scale ap deployments. Under local area ap management, there are up to 8 templates available for each ap model containing configuration attributes primarily ...
Page 86: 7.2.1 Ap List
User’s manual whg controller / hsg gateway english 86 note 1. Before the adding of ap’s to any service zone, admin should set up a general wireless environment for the zone in advance, which will be only be applied to locally managed aps. 2. Each ap will also be assigned one distinctive ip address o...
Page 87
User’s manual whg controller / hsg gateway english 87 (system status, service zone status, wireless status, access control status, and associated client status). Administrators may filter the ap list by selecting the desired ap models. Check the ap models under ap type and click “apply” to apply the...
Page 88
User’s manual whg controller / hsg gateway english 88 can be added individually or in batches. This is determined by the “add method”; select “add ap” from the drop-down list to add aps individually, or select “find multiple aps” to add in batches. To add an ap, specify an ap name and enter its ip a...
Page 89
User’s manual whg controller / hsg gateway english 89 to add aps in batches, the admin scans an ip address range and collectively discover the ap’s of the same type, either by 1. ‘factory default’ scanning – used if the administrator has not changed any of the configuration on their ap’s. And there ...
Page 90
User’s manual whg controller / hsg gateway english 90 7.2.3 templates configuration configuration path: main menu >> access points >> local area ap management >> templates as said in the introduction, admin is capable of utilizing ap configuration templates to eliminate tedious ap configuration task...
Page 91
User’s manual whg controller / hsg gateway english 91 the ssid and wireless security can be specified per service zone. Depending on deployment needs, access filtering may be imposed on individual service zone’s managed ap devices. The wireless settings section under the vap configuration list allow...
Page 92
User’s manual whg controller / hsg gateway english 92 implies that you are configuring a white list. ‘disable’ implies that no access filtering is imposed regardless of the mac entries configured below. Status mac address the action taken by the controller disabled controller does not enforce any ma...
Page 93: 7.2.5 Wds Links
User’s manual whg controller / hsg gateway english 93 1. First add a firmware and select the firmware file at access points >> local area ap management >> firmware and click upload next to the row to store the ap firmware within the controller. 2. Upgrade the necessary ap’s by going to access points...
Page 94
User’s manual whg controller / hsg gateway english 94 【 a simple concept diagram illustrating wds connection】 the wds management function helps administrators plan and setup a "tree" structure of wds network with managed aps..
Page 95
User’s manual whg controller / hsg gateway english 95 wds connection settings: determine the channel and security type for the aps deployed in the wds network tree. Wds status: shows the added aps in the wds tree with security and channel settings. More than one wds tree can be set up in your networ...
Page 96
User’s manual whg controller / hsg gateway english 96 connections of the selected ap will be deleted including the wds connections to its child aps, and the child aps without wired connection will become unreachable. 7.2.6 rogue ap scanning rogue ap detection is another essential way of protecting y...
Page 97
User’s manual whg controller / hsg gateway english 97 7.2.7 ap load balancing feature this is a function that prevents managed aps from overloading. When the system detects the occurrence of aps' associated-client numbers exceeding a predefined threshold at circumstances and other aps in the same gr...
Page 98
User’s manual whg controller / hsg gateway english 98 7.3 wide area ap management configuration path: main menu >> access points >> wide area ap management this section goes on to explain how to centrally manage the access points on the wan from a 4ipnet whg controller. It is worth noting that wan-s...
Page 99
User’s manual whg controller / hsg gateway english 99 7.3.1. Adding an access point configuration path: main menu >> access points >> wide area ap management >> ap list >> add the adding page allows administrator to directly add a single access point to the management list regardless of its status. ...
Page 100
User’s manual whg controller / hsg gateway english 100 7.3.3 ap configuration with templates configuration with templates is supported on selected models for wide area ap management. Configuration path: main menu >> access points >> wide area ap management >> template.
Page 101
User’s manual whg controller / hsg gateway english 101 up to 3 templates are available and all functions configurable for wireless on the access point can be configured from the template. General settings on the access point include basic wireless settings such as the band, channel, transmit power, ...
Page 102
User’s manual whg controller / hsg gateway english 102 2. Make sure that controllers’ capwap settings are using a security certificate that is issued by the same ca. For information on certificate management on the controller please refer to the subsequent chapter in this guide. 3. Upload the necess...
Page 103
User’s manual whg controller / hsg gateway english 103 5. On the ap side: enable the capwap function from system >> capwap, where admin will see several discovery methods to be activated, namely: (1) dns srv discovery this type of discovery utilizes a dns server to complete the discovery method. Thr...
Page 104
User’s manual whg controller / hsg gateway english 104 (2) dhcp option discovery administrator should enable the capwap feature and the dhcp server of the controller in order for the ap to get an ip address that is in the same subnet of that of the 4ipnet whg controller it is trying to connect. (3) ...
Page 105
User’s manual whg controller / hsg gateway english 105 ap wmi will show with the vap enabled and tunnel status as well on the system overview page: note 1. Ap tunnels will be established automatically when the capwap template has selected vap to be enabled and tunneled back to a sz. 2. If the capwap...
Page 106
User’s manual whg controller / hsg gateway english 106 7.3.5 tunneled vap location mapping setup configuration path: main menu >> access points >> wide area ap management >> list for vaps which are tunneled back to the controller from remote aps. Administrator may wish to allocate a nas identifier a...
Page 107
User’s manual whg controller / hsg gateway english 107 once the vap tunneled back has been configured with plm (port location mapping), remote sites may also benefit from the pms system or other centrally managed hotspot operations which require location attributes or information. 7.3.6 access point...
Page 108
User’s manual whg controller / hsg gateway english 108 3. Go back to the list page,choose the ap, and then click the add to map button, and choose the desired map. After the settings, admin should be able to see an icon of the ap on the selected map. Note 1. The button show coverage on the main page...
Page 109
User’s manual whg controller / hsg gateway english 109 7.3.7 rogue ap scanning rogue ap detection is another essential way of protecting your network environment. Wide ap management supports the detection of non-authorized access points present in the vicinity. Non-authorized access points pose a po...
Page 110
User’s manual whg controller / hsg gateway english 110 7.3.8 ap load balancing feature it is a function to prevent managed aps from overloading. When the system detects the occurrence of aps' associated-client numbers exceeding a predefined threshold at circumstances and other aps in the same group ...
Page 111: Environment
User’s manual whg controller / hsg gateway english 111 chapter 8. Advanced settings for network environment 8.1 ipv4 / ipv6 dual stack network configuration path: main menu >> system >> ipv6 4ipnet whg controller supports operating in an ipv6 networking environment. When ipv6 configuration option is...
Page 112
User’s manual whg controller / hsg gateway english 112 go6: go6 is based on the provision of dedicated servers, called tunnel brokers, to automatically manage tunnel requests from users. A set of username and password will be provided by the isp for authentication. The username, password and server ...
Page 113
User’s manual whg controller / hsg gateway english 113 item description ipv4 ping: it allows administrator to detect a device using ip address or host domain name to see if it is responding. Trace route: it allows administrator to recover the real path of packets from the gateway to a destination us...
Page 114: 8.2 User Access Control
User’s manual whg controller / hsg gateway english 114 the types of packets to capture by using tcpdump commands under the expression field. Status when the administrator is executing any network utilities features, the status of the operation is displayed here. Result the operation result is displa...
Page 115
User’s manual whg controller / hsg gateway english 115 after entering the usernames in the username blanks fields and the related information in the remark blank fields (not required), click apply to add the users. To remove a user from the black list, select the user’s delete hyperlink to remove th...
Page 116: 8.2.2 Mac Acl
User’s manual whg controller / hsg gateway english 116 8.2.2 mac acl configuration path: main menu >> users >> additional controls mac acl is a mac address access control list where specific mac addresses may be listed for access filtering, either allow or deny. User authentication is still required...
Page 117: 8.3 Certification
User’s manual whg controller / hsg gateway english 117 note 1. The format of the mac address is: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx- xx. Colon will be automatically inserted by the system. 8.3 certification configuration path: main menu >> utilities >> certificate whg access controller can issue ce...
Page 118
User’s manual whg controller / hsg gateway english 118 8.3.1. System certificate this is the certificate that identifies the system. These certificates may be used for applications such as https login, capwap, and etc. The controller has a built-in factory default certificate (gateway.Example.Com) t...
Page 119
User’s manual whg controller / hsg gateway english 119 to upload a certificate/private key/intermediate ca, click “browse”, select the appropriate files, and click upload files. 8.3.2. Internal root ca the administrator can upload an internal root ca, or generate a root ca for private use. The creat...
Page 120
User’s manual whg controller / hsg gateway english 120 once an internal root ca is uploaded/generated, details will be shown in the following format. To view details of the certificate, click the "view" button. 8.3.3. Internally issued certificate internally issued certificates can be generated on t...
Page 121
User’s manual whg controller / hsg gateway english 121 8.3.4. Trusted certificate authorities apart from self signed certificate and system's root ca, administrators can also upload other certificates signed by other ca entities or trusted cas into the system. These trusted root ca certificates are ...
Page 122
User’s manual whg controller / hsg gateway english 122 8.4 management access configuration path: main menu >> system >> general >> management ip address on the whg access controller, the administrator can grant access to the web management interface by specifying a list specific ip addresses or rang...
Page 123: Management
User’s manual whg controller / hsg gateway english 123 chapter 9. Utilities for controller management 9.1 whg controller management configuration path: main menu >> utilities >> administrator account the whg controller’s root management account is the “admin” account with full access, modification a...
Page 124
User’s manual whg controller / hsg gateway english 124 password safety can be enabled to protect the web management interface from unauthorized personnel. Note that these settings are disabled by default. Step 2: configure group access property the controller supports customizable administration acc...
Page 125
User’s manual whg controller / hsg gateway english 125 can generate other administrative accounts (manager, ondemand manager and operator). Permission settings for all administrative accounts can be customized. With the exception of the super group members, other administrative accounts can be confi...
Page 126
User’s manual whg controller / hsg gateway english 126 can be done periodically via ftp. Furthermore, whg controller can be restored to the factory default settings here. Note 1. The general backup feature will lead to a pop up window prompting to save a db file. 2. Restoring previous db configurati...
Page 127: 9.3 Firmware Upgrade
User’s manual whg controller / hsg gateway english 127 9.3 firmware upgrade configuration path: main menu >> utilities >> system upgrade the administrator can obtain the latest firmware from 4ipnet’s website or 4ipnet’s support team and upgrade the system. Click browse to search for the firmware fil...
Page 128: 9.4 Restart
User’s manual whg controller / hsg gateway english 128 9.4 restart configuration path: main menu >> utilities >> restart this function allows the administrator to safely restart whg controller, and the process might take several minutes to complete. Click apply to restart whg controller. Ifthe power...
Page 129: 10.1.1 The Dashboard
User’s manual whg controller / hsg gateway english 129 chapter 10. Reports and logs for monitoring 10.1 system related status 10.1.1 the dashboard this page displays important system related information that the administrator might need to be aware of at a glance, which includes general system setti...
Page 130: 10.1.2 System Summary
User’s manual whg controller / hsg gateway english 130 10.1.2 system summary configuration path: main menu >> status >> system summary the system status page displays a table of contents including system firmware version, report servers configured, wan optional settings, user log profile, system tim...
Page 131
User’s manual whg controller / hsg gateway english 131 corresponding configuration pages..
Page 132: 10.1.3 Network Interface
User’s manual whg controller / hsg gateway english 132 a selection of reports is available when the “see reports” button is clicked. These reports can be sorted based on interface, time and intervals. 10.1.3 network interface configuration path: main menu >> status >> interface this section provides...
Page 133
User’s manual whg controller / hsg gateway english 133 note 1. If statistics are required to be saved for long term keeping, see report & notification section for instructions to send and save network traffic on external servers..
Page 134: 10.1.4 Routing
User’s manual whg controller / hsg gateway english 134 10.1.4 routing configuration path: main menu >> status >> routing tables >> ipv4/ipv6 this status page displays all the policy route rules, and global policy route rules will be listed here. It provides a fast reference window for the administra...
Page 135
User’s manual whg controller / hsg gateway english 135 minutes/hours/days, the number under column 3 indicated the expired count in the last 30 minutes/hours/days and so on. Dhcp lease list valid ip addresses issued from the dhcp server and related information of the client using this ip address is ...
Page 136: 10.2.1 Online User
User’s manual whg controller / hsg gateway english 136 10.2 client related status 10.2.1 online user configuration path: main menu >> status >> monitor users >> online users users displayed on this page are the ones that are authenticated by this controller under its managed network either lan or re...
Page 137
User’s manual whg controller / hsg gateway english 137 mac address, ip address and associated vlan id, service zone as well as associated ap if the client uses wireless connection. 10.2.3 cross gateway roaming users configuration path: main menu >> status >> monitor users >> roaming in users this pa...
Page 138: 10.2.5 Session List
User’s manual whg controller / hsg gateway english 138 this page shows the users that are authenticated by other controllers using this controller’s on-demand database as radius database. 10.2.5 session list configuration path: main menu >> status >> sessions this page allows the administrator to in...
Page 139: 10.3 Logs And Reports
User’s manual whg controller / hsg gateway english 139 10.3 logs and reports 10.3.1 system related configuration path: main menu >> status >> logs and reports this page displays the system’s local log and user events since system boot up. Administrators can examine the log entries of various events....
Page 140: 10.3.2 User Events
User’s manual whg controller / hsg gateway english 140 10.3.2 user events configuration path: main menu >> status >> logs and reports >> user events this page is packed with all user logs and events. User logs and events can be stored up to 40 days. Displays all user related information customizable...
Page 141
User’s manual whg controller / hsg gateway english 141 will be left blank if inapplicable to the user type. 10.4 reports & notification configuration path: main menu >> status >> reporting whg controller can automatically send various kinds of user and/or system related reports to configured e-mail ...
Page 142
User’s manual whg controller / hsg gateway english 142 smtp settings: allows the configuration of 5 recipient e-mail addresses and necessary mail server settings where various user related logs will be sent to. Syslog settings: allows the configuration of two external syslog servers where selected u...
Page 143
User’s manual whg controller / hsg gateway english 143 users logs as well as system logs will be sent to. Notification settings: provides an overview of all the available users and system logs for selection. Selected logs can be sent to the chosen location (e-mail, syslog, ftp) on customizable time ...
Page 144
User’s manual whg controller / hsg gateway english 144 chapter 11. Hotspot application 11.1 on-demand billing plans configuration path: main menu >> users >> internal authentication >> on- demand >> billing plans billing plan profiles define the terms and conditions of guest internet access. Click t...
Page 145
User’s manual whg controller / hsg gateway english 145 11.2 on-demand billing plan types 11.2.1 usage-time with expiration time users can access internet as long as account is valid with remaining quota (usable time). Users need to activate the purchased account within a given time period by logging...
Page 146
User’s manual whg controller / hsg gateway english 146.
Page 147
User’s manual whg controller / hsg gateway english 147 11.2.2. Usage-time with no expiration time users can access internet as long as account has remaining quota (usable time). Users need to activate the purchased account within a given time period by logging in. This is ideal for short term usage ...
Page 148
User’s manual whg controller / hsg gateway english 148.
Page 149
User’s manual whg controller / hsg gateway english 149 11.2.3. Hotel cut-off-time hotel cut-off-time is the clock time (normally check-out time) at which the on-demand account is cut off (made expired) by the system on the following day or many days later. On the account creation ui of this plan, op...
Page 150: 11.2.4. Volume
User’s manual whg controller / hsg gateway english 150 11.2.4. Volume users can access internet as long as account is valid with remaining quota (traffic volume).Account expires when valid period is used up or quota is depleted. This is ideal for small quantity applications such as.
Page 151
User’s manual whg controller / hsg gateway english 151 sending/receiving mail, transferring a file etc. Count down of valid period is continuous regardless of logging in or out. quota is the total mbytes (1~1000000), during which on-demand users are allowed to access the network. account activat...
Page 152
User’s manual whg controller / hsg gateway english 152 11.2.5. Duration-time with elapsed time account is activated upon account creation. Count down begins immediately after account is created and is continuous regardless of logging in or out. Account expires once the elapsed time is reached. This ...
Page 153
User’s manual whg controller / hsg gateway english 153 set to account creation time. elapsed time is the time interval for which the account is valid for internet access (xx hrs yy mins). number of devices is to define the number of allowed simultaneous logged in devices per account. price is ...
Page 154
User’s manual whg controller / hsg gateway english 154 11.2.6. Duration-time with cut-off time cut-off time is the clock time at which the on-demand account is cut off (made expired) by the system on that day. For example if a shopping mall is set to close at 23:00; operators selling on-demand ticke...
Page 155
User’s manual whg controller / hsg gateway english 155 11.2.7. Duration-time with begin-and-end time the begin time and end time of the account are defined explicitly. Count down begins immediately after account activation and expires when the end.
Page 156
User’s manual whg controller / hsg gateway english 156 time has been reached. This is ideal for providing internet service throughout a specific period of time. For example during exhibition events or large conventions such as computex where each registered participant will get an internet account v...
Page 157
User’s manual whg controller / hsg gateway english 157 11.3 terminal server setup configuration path: main menu >> users >> authentication >> on-demand user >> general settings >> terminal server terminal configuration is a list of serial-to-ethernet devices that communicate with the system only; an...
Page 158
User’s manual whg controller / hsg gateway english 158 more user-friendly. What is noteworthy is that, sds200w supports wireless connectivity to the uplink gateway. That is, operators now can deploy a network with lesser physical wires. Keypad panel overview useful shortcut keys combination function...
Page 159
User’s manual whg controller / hsg gateway english 159 button or combination. The system will also clear it automatically after five seconds. Func + ‘0’ + enter to activate safe mode – disabling the func + ‘1’ + enter shortcut key in order to protect sds200w’s information leakage. ‘4-digit’ + enter ...
Page 160
User’s manual whg controller / hsg gateway english 160 understanding the led indicators there are four led indicators on the panel : power, status, lan, and wlan from left to right. Below summarizes all indication types in different states: right side panel overview left side panel overview t amplit...
Page 161
User’s manual whg controller / hsg gateway english 161 including sds200w into your network the following diagram illustrates a deployment example that shows how the sds200w can be connected to the pos printer and the 4ipnet gateway/controller. Sds200w prt-100 prt-200 hotspot 1 hotspot 2 1. Put the d...
Page 162
User’s manual whg controller / hsg gateway english 162 managing sds200w on the web management interface sds200w is designed specifically to operate in conjunction with all 4ipnet gateways/controllers, including both hsg and whg series. If you are not using default settings, before connecting sds200w...
Page 163
User’s manual whg controller / hsg gateway english 163 setting up sds200w with the pos printer serial settings to make a pos printer properly functions with sds200w, set up serial settings in advance in console on sds200w’s wmi. Printing on-demand tickets for your customers operators have two ways o...
Page 164
User’s manual whg controller / hsg gateway english 164 gateway/controller via an ethernet cable. Enter the network settings and make sure they match what is determined on the controller. The change will take effect after (1) clicking save and (2) rebooting the system. After sds200w and the uplink de...
Page 165
User’s manual whg controller / hsg gateway english 165 terminal auto setup (tas – only available on sds200w) tas refers to an automatic connection mechanism that requires no previous network settings. Just press the tas button on sds200w for three seconds, and it will automatically look for and asso...
Page 166
User’s manual whg controller / hsg gateway english 166 - an image can be uploaded (such as your company logo) in tmb format if needed. - there are 2 width types, 2” for prt100 and 3” for prt200. - select the desired language for the configured ticket template. Whg supports english, french, german, j...
Page 167
User’s manual whg controller / hsg gateway english 167 you may start customizing your pos ticket from the window below manually typing or by inserting parameters from the drop-down list as shown in the above example. Once this is done, you may start assigning billing plans and ticket templates for y...
Page 168
User’s manual whg controller / hsg gateway english 168 the administrator can now select the desired ticket template for a specific ticket generator from the drop-down list. Applications for qr code log-in on-demand account generation with a ticket generator is a very common deployment for hotspot pr...
Page 169
User’s manual whg controller / hsg gateway english 169 for the utilized billing plan, the corresponding ticket template needs to be customized to support qr code. 1) the width needs to be changed to 3 ” (default value = 2”) 2) the parameter needs to be added by typing in “$qr” on the template, or se...
Page 170: 11.5 Creating Accounts
User’s manual whg controller / hsg gateway english 170 11.5 creating accounts configuration path: main menu >> users >> on-demand accounts >> accounts creation administrators have the option of creating single accounts or batch accounts. For potential hotspot operators who may wish to pre-generate g...
Page 171
User’s manual whg controller / hsg gateway english 171 administrator can choose to use random generated usernames and passwords or custom-create them when creating batch on-demand accounts. For random generated passwords, they can be short (4 characters) or long (8 characters). When creating custom ...
Page 172: 11.6 User Self Service
User’s manual whg controller / hsg gateway english 172 11.6 user self service credit card via external payment gateway configuration path: main menu >> users >> authentication >> on-demand user >> external payment gateway whg controller supports different types of payment gateway options depending o...
Page 173
User’s manual whg controller / hsg gateway english 173 select the enabled billing plans that are allowed for end users to self purchase through the payment gateway. The service disclaimer can be customized by configuring web page customization. Subsequently after the configuration of your external p...
Page 174
User’s manual whg controller / hsg gateway english 174 login page will be shown with a hyperlink which guides the end user step by step to purchase an account with a valid credit card. In order for users to get account info via sms after buying a new account online, and eliminate the risk of forgett...
Page 175
User’s manual whg controller / hsg gateway english 175 account buyers enter a cellphone number after paying a fee for the account online. The account buyers can then re-send the sms no more than the configured number. To preview your external payment portal, click “configure” for web page customizat...
Page 176
User’s manual whg controller / hsg gateway english 176 internet from a vlan mapped room, the pages or messages displayed are as follows: when a user tries to access internet from a room, the browser will show the login page with a list of available plans and service agreement. The service agreement ...
Page 177
User’s manual whg controller / hsg gateway english 177 chapter 12. Pms integration this section introduces the port location mapping feature used with pms integration. This feature is designed for creating multiple vlan divisions (as if they were separate lan ports) under a service zone and mapping ...
Page 178
User’s manual whg controller / hsg gateway english 178 12.1 hotel room location mapping configuration path: main menu >> system >> port location mapping the port location mapping feature allows each service zone to own multiple vlans (as if each vlan is a port) in order to identify where the clients...
Page 179
User’s manual whg controller / hsg gateway english 179 may change the port type of the rooms to block. If the user opens a browser and tries to access internet, it will pop up a blocking message to notify the user. Auth. Required port type is used mainly for hospitality application to charge users. ...
Page 180: 12.2 Net-Retriever
User’s manual whg controller / hsg gateway english 180 12.2 net-retriever configuration path: main menu >> users >> middleware >> net retriever in the middleware tab page of users category, administrator may choose to select the interfacing protocol that is compatible with their site’s hospitality m...
Page 181: 12.3 Micros Opera
User’s manual whg controller / hsg gateway english 181 configure the corresponding middleware’s id and the access controller id to establish the link. Use the default interfacing port number unless modified on the middleware side. A common secret key is required to successfully setup the link. Link ...
Page 182
User’s manual whg controller / hsg gateway english 182 fill in the micros pms ip and port as configured on the pms system end. Administrators may define user account credentials using a combination of rn (room number), gn (guest name) or g# (guest number) to designate the micros protocol parameter f...
Page 183
User’s manual whg controller / hsg gateway english 183.
Page 184: 13.1 Roaming Related
User’s manual whg controller / hsg gateway english 184 chapter 13. Account roaming 13.1 roaming related roaming capability is an essential feature requirement for large scale deployments or alliance co-operation for operators who seek to provide network access for other isp subscribers to generate m...
Page 185
User’s manual whg controller / hsg gateway english 185 wispr smart client: select enable if you wish to allow customers with a roaming account from a wispr agent (ipass, wifi skype, boingo, and etc.) to access your internet. Make sure to enable the https protected login field under system >> general...
Page 186
User’s manual whg controller / hsg gateway english 186 13.3 cross gateway roaming configuration path: main menu >> network >> client mobility cross gateway roaming feature enables an end user to seamlessly move around large network deployment where there are multiple controllers in service. Normally...
Page 187
User’s manual whg controller / hsg gateway english 187 configure the slave node’s master node and secret key. 13.4 local / on-demand account roaming out the built-in user account databases both local and on-demand of the whg controller may be used for other controllers as their external radius authe...
Page 188
User’s manual whg controller / hsg gateway english 188 to use on-demand user database as the radius database of another controller: configuration path: main menu >> users >> internal authentication >> on-demand.
Page 189
User’s manual whg controller / hsg gateway english 189 after enabling the roaming out feature for local or on-demand, click the radius client device settings hyperlink. The redirected page allows the administrator to specify the controller ip which is allowed to behave as a radius client and authent...
Page 190: Chapter 14. Vpn
User’s manual whg controller / hsg gateway english 190 chapter 14. Vpn 14.1 site-to-site configuration path: main menu >> network >> vpn >> site-to-site vpn whg controller supports site-to-site vpn for more than 2 whg controllers to create vpn tunnel to each other over the wan network. For example, ...
Page 191
User’s manual whg controller / hsg gateway english 191 note 1. The ipsec settings in both sites must be same. Then create a local site with subnet for mapping to the remote site. Such as “192.168.11.0/24” of whg controller_a >> “192.168.111.0/24” of whg controller_b, after the tunnel is created, the...
Page 192: 14.2 Remote Client
User’s manual whg controller / hsg gateway english 192 note 1. You can create more than one vpn tunnel, but the ip segment mapping can not be overlap, because one ip segment can not have two routing rules. 14.2 remote client configuration path: main menu >> network >> vpn >> remote vpn whg controlle...
Page 193: 14.3 Local Client
User’s manual whg controller / hsg gateway english 193 all settings are similar to the settings in a service zone. Remote vpn can also be setup with a sip wan interface, authentication options, group permission, applied policy and customizable login page. After remote vpn is enabled, when users brow...
Page 194
User’s manual whg controller / hsg gateway english 194 regardless of the type of network, wired or wireless. By pushing down activex to the client’s windows device from the system, no extra client software is required to be installed, in which a so-called “clientless” ipsec vpn setting is then confi...
Page 195: 15.1 Switch List
User’s manual whg controller / hsg gateway english 195 chapter 15. Switch management the 4ipnet sw1024 is a powerful 24+2 port vlan switch with 500w of power budget. The whg controller gives administrators one comprehensive interface for managing your 4ipnet equipment including the 4ipnet sw1024. 15...
Page 196
User’s manual whg controller / hsg gateway english 196 15.2 poe schedule template configuration path: main menu >> switches >> poe schedule template the poe schedule template allows administrators to set a schedule for delivering power on the assigned ports of the managed switch. This function can b...
Page 197
User’s manual whg controller / hsg gateway english 197 15.3 backup configuration configuration path: main menu >> switches >> backup configuration backup configuration displays a list of backed up configuration from a managed switch. Configuration can be saved to this list by selecting a switch and ...
Page 198: Whg711, Whg801)
User’s manual whg controller / hsg gateway english 198 chapter 16. Platform dependent features 16.1 high availability (ha) (whg321, whg325, whg405, whg515, whg525, whg707, whg711, whg801) the 4ipnet ha design principle is to use redundancy in achieving higher availability with minimum impact during ...
Page 199
User’s manual whg controller / hsg gateway english 199 feature description: 1. 4ipnet ha feature is a software determined feature which can be enabled or disabled. Software determined ethernet role: when enabled, lan1 port will become the dedicated ha port. When disabled, lan1 remain its normal func...
Page 200
User’s manual whg controller / hsg gateway english 200 4. Ha link once established synchronizes all system configurations, user databases, user online status, system resource status, managed ap profile from the active ac to the standby ac. 5. There is a ha link monitoring mechanism by the standby ac...
Page 201: 16.2.1. Quick-Restore
User’s manual whg controller / hsg gateway english 201 16.2.1. Quick-restore there will be two firmware images on the system, denoted as fw1 and fw2 bundled to configuration db, denoted as config1 and config2 respectively. During system power up, the system will boot up with the fw+config which is r...
Page 202
User’s manual whg controller / hsg gateway english 202 case2: when fw2+config2 is the last in operation fw+config, pressing the “quick-restore” button will switch the operation to fw1+config1. Successive reboots without pressing the “quick-restore” will trigger the system to run with fw1+config1. 2)...
Page 203
User’s manual whg controller / hsg gateway english 203 3) firmware upgrade when the administrator performs firmware upgrade on wmi, the system will overwrite the fw and default of the fw not in operation. The current in operation fw+config will not be overwritten..
Page 204
User’s manual whg controller / hsg gateway english 204 current in operation config will be copied to the other config. When firmware upgrade is complete, system will automatically switch to the newly upgraded firmware and the system will reboot with the new firmware. 4) modifying, backup, restoring,...
Page 205: 16.2.2. Quick-Vpn
User’s manual whg controller / hsg gateway english 205 16.2.2. Quick-vpn 1) allow admin to establish site to site vpn with a push button action between two access controller for example between hq site ac and remote site ac. Paragraphs below will designate hq site ac as ac1 and remote site ac as ac2...
Page 206
User’s manual whg controller / hsg gateway english 206 2) admin only needs to enter on ac2 site-to-site vpn settings: add a remote site add a local site 3) once ac2 has configured its site-to-site vpn settings, establishment is triggered by pressing the quick-vpn buttons as follows: press and ...
Page 207
User’s manual whg controller / hsg gateway english 207 2) there is a notion of sender-receiver pair, where one ac is the sender and the other ac is the receiver ac. 3) wan2 is designated as quick-maintenance port when quick-maintenance process is initiated. 4) before initiating quick-maintenance pro...
Page 208: Whg801)
User’s manual whg controller / hsg gateway english 208 16.3 ap simulation (whg321, whg325, whg405, whg425, whg515, whg525, whg711, whg801) ap simulation allows the administrator to simulate wifi signal coverage of access points. This is designed to help administrators with network survey and plannin...
Page 209
User’s manual whg controller / hsg gateway english 209 the signal strength and coverage of the simulation aps would depend on factors such as the ap model, transmit power, ap height, and etc. Once these simulation aps are created, simply drag and drop these aps onto the floor plan. 2.4ghz is indicat...
Page 210
User’s manual whg controller / hsg gateway english 210 click “simulate 2.4g” or “simulate 5g” to see if the deployed aps are adequate for your requirement..
Page 211
User’s manual whg controller / hsg gateway english 211 when simulation is done successfully, the recommended channel allocation will be shown next to the simulation ap. Configurations can then be saved conveniently to a template to be used for ap management..
Page 212
User’s manual whg controller / hsg gateway english 212 16.3.2. Managed ap simulation (status) managed ap simulation is a used for monitoring of access points based on location. Not to be confused with the simulation tool (utility), the aps on the managed ap simulation floor plan are real managed acc...
Page 213
User’s manual whg controller / hsg gateway english 213 appendix a. Whg models & installation whg controller capacity table *table contents are subjected to change without notice. Capacity whg311 whg315 form factor 13" mini-book 19”(1u) wan 2 x gbe 2 x gbe lan 8 x gbe 8 x gbe local accounts 3000 4000...
Page 214
User’s manual whg controller / hsg gateway english 214 whg controller capacity table *table contents are subjected to change without notice. Capacity whg321 whg325 form factor 13" mini-book 19”(1u) wan 2 x gbe 2 x gbe lan 2 x gbe 2 x gbe local accounts 10000 10000 on-demand accounts 10000 10000 mana...
Page 215
User’s manual whg controller / hsg gateway english 215 whg controller capacity table *table contents are subjected to change without notice. Capacity whg401 whg405 whg425 form factor 19”(1u) 19”(1u) 19”(1u) wan 2 x gbe 2 x gbe 2 x gbe lan 2 x gbe 4 x gbe 4 x gbe local accounts 5000 10000 10000 on-de...
Page 216
User’s manual whg controller / hsg gateway english 216 whg controller capacity table *table contents are subjected to change without notice. Capacity whg505 whg515 whg525 form factor 19”(1u) 19”(1u) 19”(1u) wan 2 x gbe 2 x gbe 2 x gbe lan 2 x gbe 4 x gbe 4 x gbe local accounts 6000 10000 10000 on-de...
Page 217
User’s manual whg controller / hsg gateway english 217 whg controller capacity table capacity whg707 whg711 whg801 form factor 19”(1u) 19”(1u) 19”(2u) wan 2 x gbe, 2 x combo sfp 2 x gbe, 2 x combo sfp 2 x gbe, 2 x combo sfp, 1 x 10gb sfp lan 4 x gbe, 2 x sfp 10 x gbe, 2 x sfp 6 x gbe, 6 x sfp, 1 x 1...
Page 218: Hardware Overview
User’s manual whg controller / hsg gateway english 218 hardware overview whg311 hardware 1 quick buttons reset: press and hold the reset button for over 3 seconds and status of led on front panel will start to blink, release button at this stage to restart the system. Press and hold the reset button...
Page 219
User’s manual whg controller / hsg gateway english 219 can use a terminal emulation program such as microsoft’s hyper terminal to login to the configuration console interface to change admin password or monitor system status, etc. Whg315 hardware 1 lcd display allows network administrator to check i...
Page 220
User’s manual whg controller / hsg gateway english 220 wan2 to the external network, such as the adsl router from your isp (internet service provider). 5 lan1~ lan8 eight gigabit lan ports for servicing lan traffic (10/100/1000 base-t rj- 45). 6 usb function reserved for future use. 7 console the sy...
Page 221
User’s manual whg controller / hsg gateway english 221 press and hold the reset button for more than 10 seconds and status of led on the front panel will start to speed up blinking before resetting the system to default configuration. 3 console the system can be configured via a serial console port....
Page 222
User’s manual whg controller / hsg gateway english 222 to the external network, such as the adsl router from your isp (internet service provider). 8 lan1/ lan2 two gigabit lan ports for servicing lan traffic (10/100/1000 base-t rj- 45). Whg405 hardware 1 lcd display allows network administrator to c...
Page 223
User’s manual whg controller / hsg gateway english 223 led on the front panel will start to speed up blinking before resetting the system to default configuration. 4 console the system can be configured via a serial console port. The administrator can use a terminal emulation program such as microso...
Page 224
User’s manual whg controller / hsg gateway english 224 8 lan1/ lan2 two gigabit lan ports for servicing lan traffic (10/100/1000 base-t rj- 45). Whg515 hardware 1 led indicators there are three led indicators, power, status and hard-disk, to indicate different status of the system. 2 lcd display all...
Page 225
User’s manual whg controller / hsg gateway english 225 front panel will start to blink before restarting the system. Press and hold the reset button for more than 10 seconds and status of led on the front panel will start to speed up blinking before resetting the system to default configuration. 4 c...
Page 226
User’s manual whg controller / hsg gateway english 226 whg711 hardware 1 wan1/ wan2 (sfp) two combo wan ports (sfp) are connected to the external network, such as the adsl router from your isp (internet service provider). 2 lan7/ lan8 (sfp) client machines connect to whg controller via these lan por...
Page 227
User’s manual whg controller / hsg gateway english 227 admin password or monitor system status, etc. 4 mgmt for management use only, it will always open wmi (web management interface) homepage where its default ip address and subnet mask are 172.30.0.1 and 255.255.0.0. 5 led indicators there are thr...
Page 228: Installation Instruction
User’s manual whg controller / hsg gateway english 228 installation instruction preparations 1. Unpack the whg controller and go through the package checklist. 2. Review the front panel and back panel and identify each control and network interface that is described in the hardware & specification s...
Page 229
User’s manual whg controller / hsg gateway english 229 appendix b. Hsg models & installation hsg gateway capacity table capacity hsg1100 hsg1250 hsg3200 hsg3250 hsg5200 form factor 19”(1u) 19”(1u) 19”(1u) 19”(1u) 19”(1u) wan 1 x gbe 2 x gbe 2 x gbe 2 x gbe 2 x gbe, 2 x combo sfp lan 4 x gbe 8 x gbe ...
Page 230: Hardware Overview
User’s manual whg controller / hsg gateway english 230 hardware overview hsg1100 hardware 1 quick buttons quick-print: this button is for printing a ticket to create an on-demand account when a pos printer is connected to the console port. An on- demand account will be created from billing plan 1 wi...
Page 231
User’s manual whg controller / hsg gateway english 231 the system. Press and hold the reset button for more than 10 seconds and status of led on the front panel will turn from blinking to off, release at this stage to reset the system to default configuration. Quick-restore: this button is the firmw...
Page 232
User’s manual whg controller / hsg gateway english 232 hsg3200 hardware 1 led indicators there are three led indicators, power, status and hard-disk, to indicate different status of the system. 2 lcd display allows network administrator to check important system settings such as network interface, s...
Page 233
User’s manual whg controller / hsg gateway english 233 or monitor system status, etc. 4 usb reserved for future use. 5 wan1/ wan2 two gigabit wan ports (10/100/1000 base-t rj-45) for uplink connections to the external network, such as the adsl router from your isp (internet service provider). 6 lan1...
Page 234: Installation Instruction
User’s manual whg controller / hsg gateway english 234 installation instruction preparations 1. Unpack the whg controller and go through the package checklist. 2. Review the front panel and the back panel and identify each control and network interface that is described in the hardware & specificati...
Page 235: External Page Concept
User’s manual whg controller / hsg gateway english 235 appendix c. External pages external page concept choose external page if you desire to use an external web page for your custom pages. Simply enter the url of your external webpage, click preview button to check if it is reachable, take a look a...
Page 236
User’s manual whg controller / hsg gateway english 236 the diagram below explains how external page operates using user login/logout flow as illustration: login:.
Page 237
User’s manual whg controller / hsg gateway english 237 logout: the url parameters sent by the gateway to the external login page are as follows: field value description loginurl string (url encoded) the url to be submitted when a user logs in. Remainingurl string (url encoded) the url to be submitte...
Page 238
User’s manual whg controller / hsg gateway english 238 gwmac mac format (separated by ':') gateway activated wan mac address client_ip ip format client ip address ipv6_addr ipv6 format client ipv6 address umac mac format (separated by ':') client mac address session string encrypted session informat...
Page 239
User’s manual whg controller / hsg gateway english 239 } an external page example that the user will see upon launching a browser is shown, and you can see the url parameters sent from the system highlighted in red: external page design variables this section displays all the url parameters that are...
Page 240
User’s manual whg controller / hsg gateway english 240 client ip address, mac address, date, and return url. 2. Login successful page variables: field value description uid string user id (postfix is included) original_uid string original user id utype string (local, radius, ondemand, pop3, ldap, si...
Page 241
User’s manual whg controller / hsg gateway english 241 for radius user) wispr-billing-class-of- service string wispr billing-class-of-service attribute (only available for radius user) wispr-location-id string wispr location-id attribute (only available for radius user) wispr-location-name string wi...
Page 242
User’s manual whg controller / hsg gateway english 242 network administrator. Invalid username or password.Please check your username and password and try again. Cannot identify the policy for your account.Please contact your network administrator. User of this device (the mac address) is not allowe...
Page 243
User’s manual whg controller / hsg gateway english 243 idletimeout integer (sec.) idle timeout logouturl string (url encoded) logout url redeemurl string (url encoded) redeem url vlanid integer (1~4094) vlan id gwip ip format gateway activated wan ip address client_ip ip format client ip address sz ...
Page 244
User’s manual whg controller / hsg gateway english 244 session optional string encoded string which contains some information of this session, default is taken from cookie. Output: no output, return user to login successful page. 2. User logout path: (lan ip address or internal domain name) /loginpa...
Page 245
User’s manual whg controller / hsg gateway english 245 if command is not set and there is no ret_url presented, client would be led to pop_reminder.Shtml page, which shows the remaining quota in our ui style. If ret_url is presented, client would be returned to ret_url, and gateway would add these f...
Page 246
User’s manual whg controller / hsg gateway english 246 client would return to ret_url and gateway would add result in ret_url which indicates the result of changing password. Field value description result string, including: change password successfully user password is incorrect invalid password fo...
Page 247
User’s manual whg controller / hsg gateway english 247 redeem user name can not be found from the database. Original user password is incorrect. Redeem user password is incorrect. Original user type and on demand user type do not match. Original user has not logged in. Redeem user logged in already....
Page 248
User’s manual whg controller / hsg gateway english 248 username, password, expiretime, usage, price, duration, serial number result valuable. Expiretime is account expiration time which is a linux time stamp, and duration is account duration time and the unit is 'day', serial number is account s/n..
Page 249: Tools
User’s manual whg controller / hsg gateway english 249 appendix d. Useful management & evaluation tools useful management tools here are the top six open source it management products that do a solid job of replacing the big suites from hp, ibm, ca and bmc. Each offer low-cost professional services ...
Page 250: Evaluation Tools
User’s manual whg controller / hsg gateway english 250 evaluation tools wireshark (for packet capturing and debug analysis) wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and oft...
Page 251
User’s manual whg controller / hsg gateway english 251 appendix e. On-demand account types there are four main types of on-demand account type: usage-time (buy quota: usable time) volume (buy quota: usable traffic volume) pre-paid concept, only deducts quota while using. Account expires when quo...
Page 252
User’s manual whg controller / hsg gateway english 252 volume users can access internet as long as account is valid with remaining quota and need to activate the purchased account within a given time period by logging in..
Page 253
User’s manual whg controller / hsg gateway english 253 account expires when valid period is used up or quota is depleted. Hotel cut-off time operator can set the clock time for when the account will expire. account automatically activates when it is created. unit is the number of days to exe...
Page 254
User’s manual whg controller / hsg gateway english 254 duration time users can access internet while account is within valid time interval. Count down begins once account activates and expires when expiration time is reached. duration-time accounts can be further classified into: elapsed time ...
Page 255
User’s manual whg controller / hsg gateway english 255 • define explicitly the begin time and end time of the account. Account expires when the end time has been reached. cut-off time • define explicitly the clock time to “cut-off” within the day of creation..
Page 256
User’s manual whg controller / hsg gateway english 256 note 1. Since there are only 10 billing plans, if you wish to create accounts of the same type but with various quotas, this may be achieved via the unit field. Network operator is able to multiply the quota by an integer ranging from 1 to 9 in ...
Page 257
User’s manual whg controller / hsg gateway english 257.
Page 258: I. Main
User’s manual whg controller / hsg gateway english 258 appendix f. Ui reference index i. Main main menu is the link that leads to all the configuration pages in the web management interface. A screenshot of the main menu is captured below, the iconic button on the top row will redirect to configurat...
Page 259: III. Dashboard
User’s manual whg controller / hsg gateway english 259 iii. Dashboard this page displays important system related information that the administrator might need to be aware of at a glance, which includes general system settings, network interface and online users etc. A drop-down menu is available fo...
Page 260: A. System
User’s manual whg controller / hsg gateway english 260 a. System system: this section relates to system configuration. It includes, general information, wan configurations, lan ports, service zones, and etc. 1) general.
Page 261: 2) Wan
User’s manual whg controller / hsg gateway english 261 system name: this is a mnemonic name you can give to the controller. Once configured, it will show on the web browser’s frame. Contact information: this is the email, cell phone, or other means of contact which will be displayed on the web brows...
Page 262
User’s manual whg controller / hsg gateway english 262 your wan connection static: this option enables the administrator to configure a static ip address on the wan interface. Applicable if your subscribed internet package comes with a static ip address. Dynamic: this option enables the wan interfac...
Page 263: 3) Ipv6
User’s manual whg controller / hsg gateway english 263 available bandwidth on wan interface: this section of the configuration page allows the administrator to specify uplink and downlink limitations to be enforced on the servicing wan interface. Function of wan2: the wan2 connection can be activate...
Page 264: 4) Lan Ports
User’s manual whg controller / hsg gateway english 264 address. Static: manually enter all the related ipv6 information. Red asterisk are mandatory fields. Ideal if your internet package comes with static ipv6 addresses issues by your isp. 6to4: 6to4 is an internet transition mechanism for migrating...
Page 265: 6) Service Zones
User’s manual whg controller / hsg gateway english 265 status: this feature can be turn on or off here. Number of active(s): selecting up to 3 actives for n+1 ha mode: the role of this particular controller must be determined here manually. Ha port ip address: the ip address configured for the dedic...
Page 266
User’s manual whg controller / hsg gateway english 266 addresses of clients will be assigned by an external dhcp server. The system will only relay dhcp information from the external dhcp server to downstream clients of this service zone. Assigned ip address for ap management: under port-based servi...
Page 267
User’s manual whg controller / hsg gateway english 267 router mode nat mode service zone status: each service zone can be enabled or disabled except for the default service zone. Service zone name: the name of service zone could be input here. Network interface: o vlan tag (tag base only): the vlan ...
Page 268
User’s manual whg controller / hsg gateway english 268 inter lan port isolation (available on whg707/801, port based): select enable or disable. When the option is “enabled”, clients under different lan ports cannot ping each other. When the option is “disabled”, clients under different lan ports ca...
Page 269
User’s manual whg controller / hsg gateway english 269 item description dhcp server scope 1 start ip address / end ip address a range of ip addresses that are built in dhcp server will be assigned to clients. Note: please change the management ip address list accordingly (at system configuration >> ...
Page 270: 7) Port Location Mapping
User’s manual whg controller / hsg gateway english 270 assigned ip address for ap management (default zone): when lan ports are in port-based mode, each service zone can designate an ip segment for ip address assignment to the managed ap when the newly discovered ap is added into the service zone. W...
Page 271
User’s manual whg controller / hsg gateway english 271 administrator could use port location mapping feature to map a location (such as a hotel room) to a vlan port of vlan switch or a dslam device. Each room is mapped to a vlan tag. And each room can be assign to different service zones to get diff...
Page 272
User’s manual whg controller / hsg gateway english 272 port type: the default state of the rooms, it may be: free, block, single user, multiple user. choose lan port: select the lan port for which traffic is received service zone: the service zone profile used to provide internet service to th...
Page 273
User’s manual whg controller / hsg gateway english 273 port type: the default state of the rooms, it may be: open, block, auth. Required. choose lan port: select the lan port for which traffic is received service zone: the service zone profile used to provide internet service to the correspond...
Page 274: 8) Middleware
User’s manual whg controller / hsg gateway english 274 import/export list: for backing up and restoring the port location mapping list change all port type: to configure port type for all rooms: free, block, single user, multiple user. 8) middleware by setting up the connection to middleware, th...
Page 275
User’s manual whg controller / hsg gateway english 275 response (md5 hash) to test the authenticity of the link. It should contain one or more lowercase letters, uppercase letters, numbers and symbols. It should also be between 8 ~ 16 characters. Interface port: the port used by net retriever, the d...
Page 276: B. Users
User’s manual whg controller / hsg gateway english 276 b. Users users: this section relates to user authentication, authorization and accounting. It includes groups configuration, internal/external authentication configuration, on-demand accounts, policies configuration, privilege lists configuratio...
Page 277: 2) Internal Authentication
User’s manual whg controller / hsg gateway english 277 2) internal authentication the system supports multiple authentication options, which include both internal and external databases. Internal authentication databases include “local”, “on-demand”, and “guest”..
Page 278
User’s manual whg controller / hsg gateway english 278 the default authentication for “local” is set at authentication server 1. The user postfix is used for the system to identify which authentication option will be used for the specific user account when multiple options are concurrently in use. T...
Page 279: 3) External Authentication
User’s manual whg controller / hsg gateway english 279 the guest authentication option is not technically a user database, but rather a specially designed option to allow a user to access and surf the network without any user account or password. This feature allows the user to associate with a part...
Page 280: 5) Schedule
User’s manual whg controller / hsg gateway english 280 account creation: administrators can choose to create a single account or multiple accounts using the "batch create" function. Before accounts can be created, at least one billing plan needs to be set up and activated. Accounts can be created wi...
Page 281: 6) Policies
User’s manual whg controller / hsg gateway english 281 6) policies global policy is the system's universal policy including firewall profile, specific route profile, schedule profile, and maximum concurrent sessions management which will be applied to all users unless the user has been regulated and...
Page 282: 7) Blacklists
User’s manual whg controller / hsg gateway english 282 this attribute carefully based on your network usage ipv4 dscp and 802.1p mapping: this criteria enables the static mapping configuration from ipv4 dscp tag into the desired 802.1p traffic class for sending in the managed vlan network. Ipv6 traf...
Page 283: 8) Privilege Lists
User’s manual whg controller / hsg gateway english 283 8) privilege lists the privilege function supports three types of privilege list based on ip address, mac address and ipv6 address. Devices specified in the list require no authentication to access the network. Note that a user group can be assi...
Page 284
User’s manual whg controller / hsg gateway english 284 user session control idle timeout: configure the time base without activity to deem as idle timeout. Idle detect interval: the time interval for checking for whether the idle criteria are reached. Successive accumulation of idle intervals exceed...
Page 285: C. Access Points
User’s manual whg controller / hsg gateway english 285 session timeout: for created sessions generated by users authenticated via build-in radius server (could be account roaming user), the timeout range may be configured here manually. Please configure this attribute carefully. Idle timeout: for us...
Page 286: B) List
User’s manual whg controller / hsg gateway english 286 select any ap by checking the checkbox and then click the button below to reboot, enable, disable, delete, apply template and apply service zone (tag-based) the selected ap if desired. B) list a list is used to show the information of each manag...
Page 287: C) Adding
User’s manual whg controller / hsg gateway english 287 select any ap by checking the checkbox on the list and then click the buttons to reboot, enable, disable, delete, apply template and reset to default to the selected ap if desired. C) adding the adding function is used to manually set up an ap v...
Page 288: D) Discovery
User’s manual whg controller / hsg gateway english 288 d) discovery this discovery function is to manually or automatically detect the supported types of aps when connected to the lan ports and automatically assign a unique ip address to each ap discovered. Click “add” from the ap list and select “f...
Page 289: E) Templates
User’s manual whg controller / hsg gateway english 289 e) templates the ap setting templates can be defined. Up to 8 templates can be edited, saved, and used in "adding" and "discovery" sections. Templates by ap model the system supports up to eight templates which include configurations of aps. The...
Page 290
User’s manual whg controller / hsg gateway english 290 general: in this section, revise the subnet mask and default gateway here if desired. Configure the ntp servers and time zone. In addition, administrator can enable syslog server to receive the log from ap and enable snmp read/write ability. ...
Page 291
User’s manual whg controller / hsg gateway english 291 ssid broadcast: select this option to e nable the ap’s ssid to broadcast in your network. It is suggested to disable ssid broadcast feature when you have an authentication disabled network intended for private use. Band: depending on the ap mode...
Page 292
User’s manual whg controller / hsg gateway english 292 vap configuration: enable/disable vap under the ‘status’ column. Configuration of vaps can be done by clicking the edit icon under ‘action’..
Page 293
User’s manual whg controller / hsg gateway english 293.
Page 294
User’s manual whg controller / hsg gateway english 294 status: vap can be enabled or disabled here profile name: the profile name of a specific rf card and its vap for identity / management purposes. Service zone: select the mapping service zone for the vap from the drop-down list vlan id: select th...
Page 295
User’s manual whg controller / hsg gateway english 295 clients require a larger or smaller bandwidth for sending multicast/ broadcast packets, the administrator can customize the access point ’s multicast/ broadcast bandwidth here. Management frame rate: this feature controls the bandwidth for manag...
Page 296
User’s manual whg controller / hsg gateway english 296 state: enable or disable the respective rules rule: the numbering of this specific rule will decide its priority among available firewall rules in the table. Rule name: the rule name can be specified here. Ethertype: the drop-down list will prov...
Page 297: F) Firmware
User’s manual whg controller / hsg gateway english 297 destination: mac address/mask indicates the destination mac; ip address/mask indicates the destination ip address (when ethertype is ipv4); arp ip/mac & mask indicate the arp payload fields. Action: the rule can be chosen to be block or pass rem...
Page 298: H) Wds Management
User’s manual whg controller / hsg gateway english 298 the administrator can upgrade the firmware of selected aps individually or at the same time by checking the check box of the aps in selection column. Note that both the version before upgrade and the next version must be ones that have been inte...
Page 299: I) Rogue Ap Detection
User’s manual whg controller / hsg gateway english 299 could be set up for more than one tree. Click edit to change the wds connection settings for the associated wds tree. wds update: update the wds connection with the following operations. add: add a new wds connection with a child ap not in t...
Page 300: J) Ap Load Balancing
User’s manual whg controller / hsg gateway english 300 the bottom of the window, the selected rogue ap on this list can be added into the trusted list or deleted if it can be ignored. general configuration scanning interval: the unit for this field is minute. Enter 0 to disable “rogue ap detecti...
Page 301: A) Map
User’s manual whg controller / hsg gateway english 301 load balancing: this configuration item enables the administrator to specify the criteria under which ap load balancing feature will be enforced. Balance interval: the administrator specifies the time interval for which the system synchronizes t...
Page 302
User’s manual whg controller / hsg gateway english 302 goto ap: this function is for administrator to select an ap on the list, and the map will shift to show the selected ap in the center of the map. Show coverage: this button once pressed will display the signal coverage of all the aps on the map ...
Page 303
User’s manual whg controller / hsg gateway english 303 procedure to create a map: step 1: get a public ip address from your isp and configure this address to wan interface. Step 2: apply for a google maps registration key. Step 3: click add a new map button on the map page. Configure map name and re...
Page 304
User’s manual whg controller / hsg gateway english 304 click the terms and conditions check box and fill in your whg controller’s wan ip address. Google will generate an api key for your whg controller. Now, return to the map tab page in whg controller’s wmi and scroll down to the bottom of the page...
Page 305
User’s manual whg controller / hsg gateway english 305 the above screenshot is an example showing taipei city with map name as taipei bridge, zoom level of 14 and normal map type. If you have several aps deployed and listed in list under wide area ap management, their geographical location can be ma...
Page 306
User’s manual whg controller / hsg gateway english 306 fill in the coordinates where you wish to mark this particular ap. Link 1 ~ link 3 is for configuring a http link that will show up in the dialogue box on the map for referencing additional information related to this ap; for instance the ip add...
Page 307
User’s manual whg controller / hsg gateway english 307 you can click on the ap icon to see the dialogue box for additional information or links that you have configured. Click the more info link for information on ap status, client list, wds list and links related to this ap..
Page 308: B) List
User’s manual whg controller / hsg gateway english 308 ap status, client list and wds list information listed are collected from the remote ap via snmp. B) list a list is to show the information of each managed ap, including type, name, ip address, mac address, online status, # of users, and geograp...
Page 309
User’s manual whg controller / hsg gateway english 309 after adding aps to the managed list, some operations can be executed for managing the listed ap’s. Go: the whg controller cannot directly configure wide area ap’s settings remotely. However, the goto button is a convenient link for accessing th...
Page 310
User’s manual whg controller / hsg gateway english 310 (under firmware tab page). For vaps which are tunneled back to the controller from remote aps, administrator may wish to allocate a nas identifier as well as designate an ip pool for service. In the managed ap list in wide area ap management, ad...
Page 311: C) Discovery
User’s manual whg controller / hsg gateway english 311 user limitation: administrator can specify the number of clients which can be allocated an ip address for service from this vap. Essid: the essid of this vap is displayed here. Room number / location id: administrator can input a string of text ...
Page 312: D) Adding
User’s manual whg controller / hsg gateway english 312 allow the administrator to remotely configure the ap’s snmp community. Discover: when the administrator tries to discover a new ap, select the device type. Second, enter the current ip range of the aps, login id and password. Then click discover...
Page 313: E) Template
User’s manual whg controller / hsg gateway english 313 device name: the mnemonic name given to this ap device. Login id: the device’s management interface login name. Password: the device’s management interface login password. Snmp community: the snmp read community string used for status access. E)...
Page 314
User’s manual whg controller / hsg gateway english 314 rf card name: select an rf card for your ap. Band: depending on the ap model template you are editing, there are different modes to select, 802.11a, 802.11b, 802.11g, 802.11a+802.11n, 802.11b+802.11g, 802.11g+802.11n and 802.11ac. Short preamble...
Page 315
User’s manual whg controller / hsg gateway english 315 channel: select the appropriate channel from the drop-down menu to correspond with your network settings. Max transmit rate: the default is set to auto. Available range is from 1 to 54mbps. The rate of data transmission should be set depending o...
Page 316
User’s manual whg controller / hsg gateway english 316 vap: enable or disable this vap. Profile name: the profile name of a specific rf card and its vap for identity / management purposes. Essid: essid (extended service set id) serves as an identifier for clients to associate with the specific vap. ...
Page 317
User’s manual whg controller / hsg gateway english 317 advanced wireless settings rts threshold: enter a value between 1 and 2346. Rts (request to send) thresholddetermines the packet size at which the system issues a request to send (rts) before sending the fragment to prevent the hidden node probl...
Page 318: F) Wds List
User’s manual whg controller / hsg gateway english 318 wmm: the default is disable. Wi-fi multimedia (wmm) is a quality of service (qos) feature that prioritizes wireless data packets based on four access categories: voice, video, best effort, and background. Applications without wmm and application...
Page 319: G) Backup Config
User’s manual whg controller / hsg gateway english 319 the wds link if established between aps listed on list will be listed here with related information such as the band and channel of the link, security settings if any and the transmit power, byte, packets etc. G) backup config backed up config f...
Page 320: J) Rogue Ap Detection
User’s manual whg controller / hsg gateway english 320 capwap status: the configuration status of capwap function. Click enable to turn on the access whg controller to allow capwap supported ap’s to automatically add to the managed ap list. apply certificate to aps: this configuration item allow...
Page 321: K) Ap Load Balancing
User’s manual whg controller / hsg gateway english 321 k) ap load balancing this is a function to prevent managed aps from overloading. When the system detects the occurrence of aps' associated-client numbers exceeding a predefined threshold and other aps in the same group are still below the thresh...
Page 322: D. Switches
User’s manual whg controller / hsg gateway english 322 or traffic loading number of packets as the measure of an ap’s system load. Administrator can specify the system threshold which will initiate the load balancing mechanism. Cluster: this item when entered to its configuration page will display a...
Page 323: 2) Poe Schedule Template
User’s manual whg controller / hsg gateway english 323 the switch's name will be shown as a hyperlink. Click the hyperlink of each managed sw1024 for further configuration (general setting, poe setting, vlan membership setting, port setting, poe schedule) on the switch. Click the hyperlink of the sh...
Page 324
User’s manual whg controller / hsg gateway english 324 the first template is the default template and cannot be deleted. The template name may be customized for easy reference (eg. Switch-core1). Click "configure", illustrated by the pencil icon, to enter settings for the template. The following can...
Page 325: 3) Backup Configuration
User’s manual whg controller / hsg gateway english 325 3) backup configuration the list gives an overview of the backed up configurations. Administrators may download the configuration file for restoration. Or check the checkboxes to delete the selected configuration files. E. Network network: this ...
Page 326
User’s manual whg controller / hsg gateway english 326 external interface (wan1) that will change dynamically if wan1 interface is dynamic. When assign wan ip automatically is checked, the entered internal ip address under will be bound to the wan1 interface. Each static assignment could be bound wi...
Page 327: 2) Monitor Ip
User’s manual whg controller / hsg gateway english 327 this function allows the administrator to set specific sets of the ip addresses at most for redirection purpose. When the user attempts to connect to a destination ip address listed here, the connection packet will be converted and redirected to...
Page 328
User’s manual whg controller / hsg gateway english 328 3) walled garden and walled garden ad this function provides certain free services for users to access the websites listed here before login and authentication. Specific addresses or domain names of the websites can be defined in this list. User...
Page 329: 4) Vpn
User’s manual whg controller / hsg gateway english 329 note that entries selected as walled garden ad must be a url and cannot be an ip address with prefix. 4) vpn on this tab, 3 types of vpn are available on the system: local vpn, remote vpn, and site-to-site vpn. For local vpn, the system allows t...
Page 330
User’s manual whg controller / hsg gateway english 330
Page 331: 5) Proxy Server
User’s manual whg controller / hsg gateway english 331 5) proxy server the system provides a built-in proxy server and external proxy server function. After successful authentication, the clients’ will be directed back to the desired proxy servers. Basically, a proxy server can help clients access t...
Page 332
User’s manual whg controller / hsg gateway english 332 step 3. Enable proxy server settings in internet options on client stations. By enabling the built-in proxy server, all traffic is forwarded to the local proxy server on the controller. Using an external proxy server to specify an external proxy...
Page 333: 6) Local Dns Record
User’s manual whg controller / hsg gateway english 333 step 3. Enable proxy server settings in internet options on client stations. 6) local dns record the administrator could statically assign a domain name to ip mappings for all clients connected to the whg controller’s lan network. This feature c...
Page 334: 7) Dynamic Routing
User’s manual whg controller / hsg gateway english 334 7) dynamic routing the function supports three dynamic routing protocols: rip, ospf and is-is. isis configuration: it is a routing protocol designed to move information efficiently within a computer network, a group of physically connected com...
Page 335
User’s manual whg controller / hsg gateway english 335 address to uniquely identify a router on the inter-network. Route level: level 1 systems route within an area; when the destination is outside an area, they route toward a level 2 system. Level 2 intermediate systems route between areas and towa...
Page 336
User’s manual whg controller / hsg gateway english 336 ospf v3 configuration: ipv6 dynamic routing configuration rip configuration: it is a dynamic routing protocol used in local and wide area networks. You can configure each interface to be a passive or supportive version, and authentication..
Page 337
User’s manual whg controller / hsg gateway english 337 passive: rip packets will not be sent from network interfaces if they are checked as passive. Version: select the rip version for this interface, ripv1 uses broadcast to deliver rip packets, ripv2 uses multicast to deliver rip packets, both uses...
Page 338: 8) Ddns
User’s manual whg controller / hsg gateway english 338 garbage collection timer: specify the time in seconds before erasing invalid route from the routing table. 8) ddns before activating this function, you must have your dynamic dns hostname registered with a dynamic dns provider. Whg controller su...
Page 339: F. Utilities
User’s manual whg controller / hsg gateway english 339 slave node: while configuring the slave node, enter its master node setting. F. Utilities utilities: this section provides functions for modifying accounts, backup/restore system, firmware upgrade, restart service, network utilities, and certifi...
Page 340
User’s manual whg controller / hsg gateway english 340 it also allows the administrator to create other administrator accounts with different permission. Admin has authority to change his/her own password or add more accounts to the admin list to take (some of) the management responsibility. passw...
Page 341
User’s manual whg controller / hsg gateway english 341 min password categoryallows an admin to define how complex the passwords of the sub-admins are required. Below shows what each number stands for: number definition 0 passwords will not be checked 1 passwords should include at least 1 form (capit...
Page 342
User’s manual whg controller / hsg gateway english 342 (there are 6 categories a sub-admin can fall into – super group, manager, operator, ondemand manager, custom1, custom2, and custom3. Click configure at the right of the drop-down list to see and modify the differences. Be aware that the authorit...
Page 343: 2) Backup & Restore
User’s manual whg controller / hsg gateway english 343 please note that only the created sub-admins can be deleted. Check the boxes to ‘lock’ or ‘unlock’ to forbid certain sub-admins to access the management page. Besides, admin can also click the hyperlinks in the ‘name’ column to edit admins’/ sub...
Page 344: 3) Certificates
User’s manual whg controller / hsg gateway english 344 backup can be done periodically over ftp. Enable this feature by clicking on the configure button under period backup. restore system settings: click browse to search for a .Db database backup file created by the controller and click restore t...
Page 345
User’s manual whg controller / hsg gateway english 345 system certificate this is the certificate that identifies the system. These certificates may be used for applications such as https login, capwap, and etc. The controller has a built-in factory default certificate (gateway.Example.Com) that c...
Page 346
User’s manual whg controller / hsg gateway english 346 internal root ca the administrator can generate a root ca for private use. The created root ca certificate can be downloaded and used to sign certificates generated by the system. Note that the system only allows one internal root ca to be creat...
Page 347: 4) Network Utilities
User’s manual whg controller / hsg gateway english 347 the generated certificate will be listed and the certificate/key pair can be downloaded with get cert, get key in view. trusted certificate authorities apart from self signed certificate and system’s root ca, administrators can also upload oth...
Page 348
User’s manual whg controller / hsg gateway english 348 item description ipv4 ping: it allows administrator to detect a device using ip address or host domain name to see if it is alive or not. Trace route: it allows administrator to recover the real path of packets from the gateway to a destination ...
Page 349: 5) Simulation Tool
User’s manual whg controller / hsg gateway english 349 sniff with this feature the administrator can listen for packets from selected interfaces. The administrator can further filter the types of packets to capture by using tcpdump commands under the expression field. Status when the administrator i...
Page 350: 6) Restart
User’s manual whg controller / hsg gateway english 350 estimated number of devices: number of client devices that will be using the network on this floor plan. Assigned channels for 2.4g: the configured channels here will be selected and assigned to aps during simulation. Assigned channels for 5g: t...
Page 351: 7) System Upgrade
User’s manual whg controller / hsg gateway english 351 7) system upgrade the administrator can download the latest firmware from website and upgrade the system here. Click browse to search for the firmware file and click apply for the firmware upgrade. It may take a few minutes before the upgrade pr...
Page 352: 1) System Summary
User’s manual whg controller / hsg gateway english 352 1) system summary a display of current settings on the system. An overview of the system is provided here for the administrator's reference..
Page 353
User’s manual whg controller / hsg gateway english 353 general system name the system name. The default name is the model number. Firmware version the present firmware version of whg controller system up time displays for how long the system has operated. Build number the current build number. Syste...
Page 354: 2) Interface
User’s manual whg controller / hsg gateway english 354 2) interface a display of the current settings of all network interfaces. Select interface from the drop-down menu. Each service zone represents a virtual system; therefore, the information of the system's network interface is grouped by service...
Page 355: 3) Monitor Users
User’s manual whg controller / hsg gateway english 355 ipv6 prefix the prefix of ipv6 address auto-negotiation when auto-negotiation is on, the system chooses the highest performance transmission mode (speed/duplex/flow control) that both the system and the device connected to the interface support....
Page 356: 4) Managed Ap Simulation
User’s manual whg controller / hsg gateway english 356 4) managed ap simulation managed ap simulation allows administrators to upload a 2-d floor plan for a visualization report of managed aps. Click the add floor plan button to first add a floor plan. Floor plan type: determine if floor plan will b...
Page 357: 5) Process Monitor
User’s manual whg controller / hsg gateway english 357 managed aps can then be added using the add managed ap button. 5) process monitor the process monitor is a network utility that shows the active status of process daemons on the gateway. Administrators can choose to enable or disable the process...
Page 358: 6) Logs & Reports
User’s manual whg controller / hsg gateway english 358 6) logs & reports this page is used to check the traffic history of the system which includes logs such as capwap log, configuration change log, local web log, radius server log, system log and uamd log. User logs are summarized in user events, ...
Page 359: 7) Reporting
User’s manual whg controller / hsg gateway english 359 note that different user types contain different user information. Categories will be left blank if inapplicable to the user type. Applicable user event categories for local users: date, type, name, ip, ipv6, mac, pkts in, bytes in, pkts out, by...
Page 360
User’s manual whg controller / hsg gateway english 360 detail: clicking this radio button allows the configuration of the e-mail subject for the corresponding log. Send: clicking this radio button sends a test log to the selected e-mail address. sending logs to syslog the following log types can b...
Page 361
User’s manual whg controller / hsg gateway english 361 detail: clicking this button allows the configuration of syslog attributes such as tag, severity and facility which will be assigned to the corresponding log to meet the filtering requirements on the syslog server. Note: the “system log” option ...
Page 362
User’s manual whg controller / hsg gateway english 362.
Page 363
User’s manual whg controller / hsg gateway english 363 detail: clicking this button allows the specification of the ftp server folder where the logs sent will be stored on the ftp server. Note: the outputted log files to the ftp server will be named according to the format $topic_$extradesc_$systemn...
Page 364
User’s manual whg controller / hsg gateway english 364 smtp server: enter the ip address of the sender’s smtp server. smtp port: by default the port number is 25. Administrator can specify other ports if the smtp server runs smtp over ssl. encryption: enable this option if your smtp server run...
Page 365: 8) Session List
User’s manual whg controller / hsg gateway english 365 8) session list this page allows the administrator to inspect sessions currently established between a client and the system. Each result displays the ip and port values of the source and destination. You may define the filter conditions and dis...
Page 366
User’s manual whg controller / hsg gateway english 366 dhcp lease log the dhcp lease log is displayed here and a search can be performed by ip address, mac address or service zone. dhcp lease list valid ip addresses issued from the dhcp server and related information of the client using this ip ...
Page 367: 10) Routing Table
User’s manual whg controller / hsg gateway english 367 10) routing table the routing table lists all ipv6 and ipv4 route rules. The system route rules are shown here as well. The policy route rule has higher priority than the global policy route rule, and the system route rule has the lowest priorit...
Page 368
User’s manual whg controller / hsg gateway english 368 gateway: the gateway ip address of the port. interface: thechoice of interface network, including wan1, wan2, default, or the named service zones to be applied for the traffic interface. P/n: v22020150318.