- DL manuals
- AirLive
- Gateway
- IAS-2000 V2
- User Manual
AirLive IAS-2000 V2 User Manual
Summary of IAS-2000 V2
Page 1
Ias-2000 v2 internet access gateway user’s manual 1.
Page 2: Declaration of Conformity
Clause description ■ en 55022:1998 limits and methods of measurement of radio disturbance characteristics of information technology equipmen ■ en 61000-3-2:2000 disturbances in supply systems caused by household appliances and similar electrical equipment "harmonics ■ en 61000-3-3:1995/ disturbances...
Page 3
Airlive ias-2000 v2 ce declaration statement country declaration country declaration cs Česky [czech] ovislink corp. Tímto prohlašuje, že tento airlive ias-2000 v2 je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/es. Lt lietuvių [lithuanian] Šiuo ovislink corp. ...
Page 4
This device uses software which is partly or completely licensed under the terms of the gnu general public license. The author of the software does not provide any warranty. This does not affect the warranty for the product itself. To get source codes please contact: ovislink corp., 5f, no. 96, min-...
Page 5
Ias-2000 v2 user’s manual . 1 copyright the contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photo...
Page 6: Contents
Ias-2000 v2 user’s manual . I contents chapter 1. Before you start .....................................................................................................................................1 1.1 audience ........................................................................................
Page 7
Ias-2000 v2 user’s manual . Ii 5.3.2 policy configuration ...................................................................................................................................87 5.3.3 black list configuration.................................................................................
Page 8: 1.1 Audience
Ias-2000 v2 user’s manual . 1 chapter 1. Before you start 1.1 audience this manual is for hotspot owners or administrators in enterprises to set up network environment using ias-2000 v2. It contains step by step procedures and graphic examples to guide mis staff or individuals with slight network sy...
Page 9: Chapter 2. Overview
Ias-2000 v2 user’s manual . 2 chapter 2. Overview 2.1 introduction of ias-2000 v2 ias-2000 v2 is a network access control system specially designed for middle-scaled or large network environments while retaining network efficiency. Ias-2000 v2 delivers “manageability”, “efficiency” and “friendly int...
Page 10
Ias-2000 v2 user’s manual . 3 request for the access. In the meantime, ias-2000 v2 will also continue blocking the user from accessing the network. If the user is an authorized user, then ias-2000 v2 will authorize the user with an appropriate access right, so that the user can use the network. If t...
Page 11
Ias-2000 v2 user’s manual . 4.
Page 12
Ias-2000 v2 user’s manual . 5 chapter 3. Hardware installation 3.1 panel function descriptions front panel led color status description power green on power on the device off bios running blink os running status led green on system ready wan1, lan1, wan2, lan2 (l) orange blink sending / receiving of...
Page 13: 3.2 Package
Ias-2000 v2 user’s manual . 6 rear panel system fan: keep the machine cool. Power fan: keep the power cool. Power socket: the power cord attaches here. Power switch: turn on and off the machine. 3.2 package contents the standard package of ias-2000 v2 includes: y ias-2000 v2 x 1 y cd-rom x 1 y power...
Page 14: 3.4 Installation
Ias-2000 v2 user’s manual . 7 3.4 installation steps please follow the following steps to install ias-2000 v2: 1. Connect the power cord to the power socket on the rear panel. 2. Turn on the power switch on the rear panel. The power led will light up. 3. Connect an ethernet cable to one lan port wit...
Page 15
Ias-2000 v2 user’s manual . 8 4. Connect an ethernet cable to one lan port with the user authentication function disabled on the front panel. The default port is lan2 port. (note: no authentication is required for the users to access the network via this lan port. The lan port without authentication...
Page 16
Ias-2000 v2 user’s manual . 9 chapter 4. Network configuration on pc after ias-2000 v2 is installed, the following configurations must be set up on the pc: internet connection setup for windows xp and tcp/ip network setup. 4.1. Internet connection setup for windows xp 1. Choose start > control panel...
Page 17
Ias-2000 v2 user’s manual . 10 3. Click next when welcome to the new connection wizard screen appears. 4. Choose “connect to the internet” and then click next. 5. Choose “set up my connection manually” and then click next..
Page 18
Ias-2000 v2 user’s manual . 11 6. Choose “connect using a broadband connection that is always on” and then click next. 7. Finally, click finish to exit the connection wizard. Now, the setup has been completed.
Page 19: 4.2. Tcp/ip Network Setup
Ias-2000 v2 user’s manual . 12 4.2. Tcp/ip network setup if the operating system of the pc in use is windows 95/98/me/2000/xp, keep the default settings without any change to directly start/restart the system. With the factory default settings, during the process of starting the system, ias-2000 v2 ...
Page 20
Ias-2000 v2 user’s manual . 13 3. Select “general” label and choose “internet protocol (tcp/ip)” and then click properties. Now, choose to use dhcp or specific ip address. 4-1. Using dhcp: if using dhcp is desired, please choose “obtain an ip address automatically” and click ok. This is also the def...
Page 21
Ias-2000 v2 user’s manual . 14 y please choose “use the following ip address:” and enter the information given from the network administrator in “ip address:” and “subnet mask:” as well as “default gateway” if the dns server column is blank, please choose “use the following dns server addresses:” an...
Page 22
Ias-2000 v2 user’s manual . 15 y choose the “ip settings” label and click “add” below the “default gateways” column and the “tcp/ip gateway address” window will appear. Enter the gateway address of ias-2000 v2 in the “gateway:” of “tcp/ip gateway address” window, and then click add. After returning ...
Page 23
Ias-2000 v2 user’s manual . 16 chapter 5. Web interface configuration this chapter will present further detailed settings. The following table shows all the functions of ias-2000 v2. Option system configuration network configuration user authentication utilities status configuration wizard network a...
Page 24
Ias-2000 v2 user’s manual . 17 caution: if you can’t get the login page, you may have incorrectly set your pc to obtain an ip address automatically from authentication lan port or the ip address used does not have the same subnet as the url. Please use default ip address such as 192.168.2.Xx in your...
Page 25: 5.1 System
Ias-2000 v2 user’s manual . 18 5.1 system configuration this section includes the following functions: configuration wizard, system information, wan1 configuration, wan2 & failover, lan1 configuration and lan2 configuration..
Page 26
Ias-2000 v2 user’s manual . 19 5.1.1 configuration wizard (also served as quick installation) there are two ways to configure the system: using configuration wizard or change the setting by demands manually. The configuration wizard has 7 steps providing a simple and easy way to set up ias-2000 v2 a...
Page 27
Ias-2000 v2 user’s manual . 20 then, click on configuration wizard and click the run wizard button to start the wizard. Y running the wizard a welcome screen that briefly introduces the 7 steps will appear. Click next to begin. Y step 1: change admin’s password enter a new password for the admin acc...
Page 28
Ias-2000 v2 user’s manual . 21 y step 2: choose system’s time zone select a proper time zone via the pull-down menu. Click next to continue. Y step 3: set system information home page: enter the url to where the clients should be directed when they are properly authenticated. Ntp server: enter the u...
Page 29
Ias-2000 v2 user’s manual . 22 ¾ static ip address: set wan1 port’s static ip address enter the “ip address”, “subnet mask” and “default gateway” provided by the isp. Click next to continue. ¾ pppoe client: set pppoe client’s information enter the“username” and “password” provided by the isp. Click ...
Page 30
Ias-2000 v2 user’s manual . 23 y step 5: set lan1 dhcp server if enable dhcp server option is selected, fields marked with red asterisk must be filled in. Start ip address: the start ip address that will be assigned to the public lan clients. End ip address: the end ip address that will be assigned ...
Page 31
Ias-2000 v2 user’s manual . 24 ¾ local user- add user a new user can be added to the local user data base. To add a user here, enter the username (e.G. Test), password (e.G. Test), mac (optional) and assign it a policy (or use the default). Upon completing a user adding, more users can be added to t...
Page 32
Ias-2000 v2 user’s manual . 25 ¾ ldap user- authentication method-ldap add a new user to the ldap user data base. Enter the “ldap server”, “server port”and “base dn” and select one kind of binding type and account attribute to access the ldap server. If user account binding type is selected, the sys...
Page 33
Ias-2000 v2 user’s manual . 26 if windows ad binding type is selected, please enter the domain name of windows ad to access the ldap server. Click next to continue. ¾ nt domain user- authentication method-nt domain when nt domain user is selected, enter the information for “server ip address”, and e...
Page 34
Ias-2000 v2 user’s manual . 27 y during ias-2000 v2 restart, a “restarting now. Wait for a minute.” message will appear on the screen. Please do not interrupt ias-2000 v2 until themessage has disappeared. This indicates that a complete and successful restart process has finished. Caution: during eve...
Page 35
Ias-2000 v2 user’s manual . 28 5.1.2 system information these are some main information about ias-2000 v2. Please refer to the following description for these blanks: y system name: set the system’s name or use the default. Y device name: fqdn (fully-qualified domain name). This is used as the domai...
Page 36
Ias-2000 v2 user’s manual . 29 y system time: ias-2000 v2 supports ntp communication protocol to synchronize the network time. Please specify the ip address of a ntp server and select the desired time zone in the system configuration interface for adjusting the time automatically. (universal time is...
Page 37
Ias-2000 v2 user’s manual . 30 5.1.3 wan1 configuration there are 3 methods that wan1 port supports: static ip address, dynamic ip address, and pppoe client. Y static ip address: manually specifying the ip address of the wan1 port which is applicable for the network environment where the dhcp servic...
Page 38
Ias-2000 v2 user’s manual . 31 y dynamic ip address: it is only applicable for the network environment where the dhcp server is available in the network. Click the renew button to get an ip address..
Page 39
Ias-2000 v2 user’s manual . 32 y pppoe client: when selecting pppoe to connect to the network, please enter the “username” and “password”. There is a dial on demand function under pppoe. If this function is enabled, you can set a maximum idle time. When the idle time is reached, the system will auto...
Page 40
Ias-2000 v2 user’s manual . 33 5.1.4 wan2 & failover there are 3 methods of obtaining an ip address for the wan2 port: none, static ip address, and dynamic ip address. Y none: the wan2 port is not functional. ¾ warning of internet disconnection: enable to detect the wan1 port connection status. Y st...
Page 41
Ias-2000 v2 user’s manual . 34 y dynamic ip address: select this when wan2 port can obtain ip address automatically, such as a dhcp server available from wan2 port. Up to three urls can be entered. Check “warning of internet disconnection” to work with the wan failover function..
Page 42
Ias-2000 v2 user’s manual . 35 for dynamic ip address, wan failover and fallback to wan1 when possible also can be enabled like as the function for static ip address. If warning of internet disconnection is enabled, a warning message can be entered to indicate what the system should display when int...
Page 43
Ias-2000 v2 user’s manual . 36 5.1.5 lan1 configuration user authentication can be chosen to enable or disable in lan1 port. In this part, you can set the related configurations about lan1 port and dhcp server..
Page 44
Ias-2000 v2 user’s manual . 37 y dhcp server configuration ¾ disable dhcp server: disable the function of the dhcp server. ¾ enable dhcp server: enter proper setting of start ip address, end ip address, preferred dns server, alternate dns server, domain name, wins server, lease time, and reserved ip...
Page 45
Ias-2000 v2 user’s manual . 38 reserved ip address list: click on the reserved ip address list on the management interface to fill in the reserved ip addresses if desired. Then, the setup of the reserved ip address list as shown in the following figure will appear. Enter the related reserved ip addr...
Page 46
Ias-2000 v2 user’s manual . 39 y enable vlan: if you want to split lan1 to several vlans, please select the enable vlan. After enable vlan is selected, the following screen will appear. Choose the desired item and click edit for further configuration. See the following figure. The system will need c...
Page 47
Ias-2000 v2 user’s manual . 40 y enable user authentication (on this individual vlan): ¾ enable: enable this vlan segment. ¾ enable user authentication: choose to enable or disable user authentication for this individual vlan segment. ¾ vlan tag: enter any integer number within the range of 2~4094 a...
Page 48
Ias-2000 v2 user’s manual . 41 y vlan dhcp configuration ¾ disable dhcp server: disable the function of the dhcp server of ias-2000 v2. ¾ enable dhcp server: if you want to use the dhcp server function of ias-2000 v2, set proper configurations is necessary. Related information needed on setting up t...
Page 49
Ias-2000 v2 user’s manual . 42 reserved ip address list: if you want to use the reserved ip address function, click on the reserved ip address list on the management interface. Then, the setup of the reserved ip address list as shown in the following figure will appear. Enter the related reserved ip...
Page 50
Ias-2000 v2 user’s manual . 43 5.1.6 lan2 configuration user authentication can be chosen to enable or disable in lan2 port. In this part, you can set the related configurations about lan2 port and dhcp server..
Page 51
Ias-2000 v2 user’s manual . 44 y dhcp server configuration ¾ disable dhcp server: disable the function of the dhcp server. ¾ enable dhcp server: enter proper setting of start ip address, end ip address, preferred dns server, alternate dns server, domain name, wins server, lease time, and reserved ip...
Page 52
Ias-2000 v2 user’s manual . 45 reserved ip address list: click on the reserved ip address list on the management interface to fill in the reserved ip addresses if desired. Then, the setup of the reserved ip address list as shown in the following figure will appear. Enter the related reserved ip addr...
Page 53
Ias-2000 v2 user’s manual . 46 y enable vlan: if you want to split lan2 to several vlans, please select the enable vlan. After enable vlan is selected, the following screen will appear. Choose the desired item and click edit for further configuration. See the following figure. The system will need c...
Page 54
Ias-2000 v2 user’s manual . 47 ¾ enable: enable this vlan segment. ¾ enable user authentication: choose to enable or disable user authentication for this individual vlan segment. ¾ vlan tag: enter any integer number within the range of 2~4094 as the tag for this vlan segment. ¾ mode: two modes are p...
Page 55
Ias-2000 v2 user’s manual . 48 reserved ip address list: if you want to use the reserved ip address function, click on the reserved ip address list on the management interface. Then, the setup of the reserved ip address list as shown in the following figure will appear. Enter the related reserved ip...
Page 56: 5.2 Network
Ias-2000 v2 user’s manual . 49 5.2 network configuration this section includes the following functions: network address translation, privilege list, monitor ip list, walled garden list, proxy server properties, dynamic dns and ip mobility..
Page 57
Ias-2000 v2 user’s manual . 50 5.2.1 network address translation there are three parts, dmz, virtual servers and port and ip redirect, need to be set. Y dmz dmz (de-militarized zone) allows administrators to define mandatory external to internal ip mapping; hence a user on wan side network can acces...
Page 58
Ias-2000 v2 user’s manual . 51 y virtual servers this function allows the administrator to set 40 virtual servers at most, so that the computers not belonging to the managed network can access the servers in the managed network via wan port ip of ias-2000 v2. Please enter the “external service port”...
Page 59
Ias-2000 v2 user’s manual . 52.
Page 60
Ias-2000 v2 user’s manual . 53 5.2.2 privilege list there are two parts, privilege ip address list and privilege mac address list, need to be set. Y privilege ip address list if there are some workstations belonging to the managed server that need to access the network without authentication, and en...
Page 61
Ias-2000 v2 user’s manual . 54 y privilege mac address list in addition to the ip address, the mac address of the workstations that need to access the network without authentication can also be set in this list. Ias-2000 v2 allows 100 privilege mac addresses at most. The list can be created by enter...
Page 62
Ias-2000 v2 user’s manual . 55 ¾ import list: select an access gateway and then click import listto enter the upload privilege mac address list interface. Click the browse button to select the text file for the user account upload. Then click submit to complete the upload. The uploading file should ...
Page 63
Ias-2000 v2 user’s manual . 56 5.2.3 monitor ip list the system will send out a packet periodically to monitor the connection status of the ip addresses on the list. If the monitored ip address does not respond, the system will send an e-mail to notify the administrator that such destination is not ...
Page 64
Ias-2000 v2 user’s manual . 57 y auth method: the system provides four authentication methods, plain, login, cram-md5 and ntlmv1, or “none” to use none of the above. Depending on which authentication method selected, enter the account name, password and domain. Y send test email: click “send” to sen...
Page 65
Ias-2000 v2 user’s manual . 58 5.2.4 walled garden list this function provides some free services to the users to access websites listed here before login and authentication. Up to 20 addresses or domain names of the websites can be defined in this list. Users without the network access right can st...
Page 66
Ias-2000 v2 user’s manual . 59 5.2.5 proxy server properties ias-2000 v2 supports internal proxy server and external proxy server functions. Please perform the necessary configurations. Y internal proxy server: ias-2000 v2 has a built-in proxy server. If this function is enabled, the end users will ...
Page 67
Ias-2000 v2 user’s manual . 60 5.2.6 dynamic dns ias-2000 v2 provides a convenient dns function to translate the ip address of wan port to a domain name that helps the administrator memorize and connect to wan port. If the dhcp is activated at wan port, this function will also update the newest ip a...
Page 68
Ias-2000 v2 user’s manual . 61 5.2.7 ip mobility y ip pnp clients can use any ip address to connect to the system. Regardless of what the ip address at the client end is, he or she can still authenticate through ias-2000 v2 and access the network. Y mobile ip if several sets of ias-2000 v2 are used ...
Page 69: 5.3 User
Ias-2000 v2 user’s manual . 62 5.3 user authentication this section includes the following functions: authentication configuration, policy configuration, black list configuration, guest user configuration and additional configuration..
Page 70
Ias-2000 v2 user’s manual . 63 5.3.1 authentication configuration this function is to configure the settings for different authentication servers. The system provides 10 servers (local, pop3, radius, ldap and nt domain), one on-demand user and one pms user that the administrator can apply with diffe...
Page 71
Ias-2000 v2 user’s manual . 64 5.3.1.1 local server this server is only for “local user” and the authentication method can not be changed for this server. Y server name: set a name for the server using numbers (0 to 9), alphabets (a to z or a to z), dash (-), underline (_) and dot (.) with a maximum...
Page 72
Ias-2000 v2 user’s manual . 65 click the local user setting hyperlink for further configuration. Y edit local user list: click this to enter the“local user list” screen. ¾ add user: click this button to enter the add user page. Fill in the necessary information such as “username”, “password”, “mac” ...
Page 73
Ias-2000 v2 user’s manual . 66 click apply to complete adding the user or users ¾ import user: click this to enter the upload user account page. Click the browse button to select the text file for the user account upload. Then click submit to complete the upload process..
Page 74
Ias-2000 v2 user’s manual . 67 the uploading file should be a text file and the format of each line is "id, password, mac, policy, remark" or “id, password, mac, max bandwidth, request bandwidth, policy, remark” without the quotes. There must be no spaces between the fields and commas. The mac field...
Page 75
Ias-2000 v2 user’s manual . 68 ¾ export list: click this to create a .Txt file and then save it on disk. ¾ refresh: click this to refresh the list..
Page 76
Ias-2000 v2 user’s manual . 69 ¾ search: enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. ¾ del all: this will delete all the users at once. ¾ delete: this will delete the users individually...
Page 77
Ias-2000 v2 user’s manual . 70 y radius roaming out / 802.1x authentication: these 2 functions can be enabled or disabled by checking the radio button. Checking either of them makes the hyperlink called radius client list show up. Click the hyperlink of radius client list to enter the radius client ...
Page 78
Ias-2000 v2 user’s manual . 71 5.3.1.2 pop3 server pop3, radius, ldap and nt domain server can be chosen to be the authentication method. Choose “pop3” in the authentication method field, the hyperlink beside the pull-down menu will become “pop3 setting”. Y server name: set a name for the server usi...
Page 79
Ias-2000 v2 user’s manual . 72 click the hyperlink of pop3 setting for further configuration. Enter the related information for the primary server and/or the secondary server (the secondary server is not required). The blanks with red asterisks are necessary information. These settings will become e...
Page 80
Ias-2000 v2 user’s manual . 73 5.3.1.3 radius server choose “radius” in the authentication method field, the hyperlink beside the pull-down menu will become “radius setting”. Y server name: set a name for the server using numbers (0 to 9), alphabets (a to z or a to z), dash (-), underline (_) and do...
Page 81
Ias-2000 v2 user’s manual . 74 click the hyperlink of radius setting for further configuration. The radius server sets the external authentication for user accounts. Enter the related information for the primary server and/or the secondary server (the secondary server is not required). The blanks wi...
Page 82
Ias-2000 v2 user’s manual . 75 5.3.1.4 ldap server choose “ldap” in the authentication method field, the hyperlink beside the pull-down menu will become “ldap setting”. Y server name: set a name for the server using numbers (0 to 9), alphabets (a to z or a to z), dash (-), underline (_) and dot (.) ...
Page 83
Ias-2000 v2 user’s manual . 76 click the hyperlink of ldap setting for further configuration. Enter the related information for the primary server and/or the secondary server (the secondary server is not required). The blanks with red asterisks are necessary information. These settings will become e...
Page 84
Ias-2000 v2 user’s manual . 77 ¾ anonymous: access the ldap servers without requiring authentication but only select one account attribute (uid, cn or samaccountname). ¾ specified dn: enter more information for the specific dn username and password in the “bind rdn” and “bind password” fields, and t...
Page 85
Ias-2000 v2 user’s manual . 78 5.3.1.5 nt domain server choose “ntdomain” in the authentication method field, the hyperlink beside the pull-down menu will become “nt domain setting”. Y server name: set a name for the server using numbers (0 to 9), alphabets (a to z or a to z), dash (-), underline (_...
Page 86
Ias-2000 v2 user’s manual . 79 5.3.1.6 on demand user this is for the customer’s need in a store environment. When the customers need to use wireless internet in the store, they have to get a printed receipt with username and password from the store to log in the system for wireless access. There ar...
Page 87
Ias-2000 v2 user’s manual . 80 y users list: click to enter the on-demand user list screen. In the on-demand user list, detailed information will be documented here. By default, the on-demand user database is empty. ¾ search: enter a keyword of a username to be searched in the text filed and click t...
Page 88
Ias-2000 v2 user’s manual . 81 y billing configuration: click this to enter the billing configuration screen. In the billing configuration page, administrator may configure up to 10 billing plans. ¾ status: select to enable or disable this billing plan. ¾ type: set the billing plan by “data” (the ma...
Page 89
Ias-2000 v2 user’s manual . 82 y create on-demand user: click this to enter the on-demand user generate page. ¾ pressing the create button for the desired plan, an on-demand user will be created, then click printout to print a receipt which will contain this on-demand user’s information. There are 2...
Page 90
Ias-2000 v2 user’s manual . 83 5.3.1.7 pms user the system integrates a hotel in-door billing system, pms, developed by micros fidelio, and it is usually used in the hotel environment. When the customers need to use wireless internet in the hotel, they have to get printed receipts with usernames and...
Page 91
Ias-2000 v2 user’s manual . 84 ¾ search: enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. ¾ room no.: the room number of the pms user. ¾ user name: the login name of the pms user. ¾ password...
Page 92
Ias-2000 v2 user’s manual . 85 ¾ status: select to enable or disable this billing plan. ¾ hr. Purchased: this is the duration of time that the user purchases. 1-999 hour(s) can be entered. ¾ valid period: this is the duration of time that the user can use the internet service after the activation of...
Page 93
Ias-2000 v2 user’s manual . 86 by default, the pms user database is empty. After entering “room number” and “maximum user” then pressing create button by the desired plan, a pms user will be created. Click printout to print a receipt which will contain this pms user’s information. See the following ...
Page 94
Ias-2000 v2 user’s manual . 87 5.3.2 policy configuration there are ten policies that ias-2000 v2 supports and a global policy. Every policy has three profiles, firewall profile, specific route profile, and schedule profile as well as one bandwidth setting for that policy. But global policy only has...
Page 95
Ias-2000 v2 user’s manual . 88 rule item: this is therule selected. Rule name: the rule name can be changed here. Enable this rule: after checking this function, the rule will be enabled. Action: there are two options, block and pass. Block is to prevent packets from passing and pass is to permit pa...
Page 96
Ias-2000 v2 user’s manual . 89 ¾ specific route profile: click the hyperlink of settingfor specific route profile, the specific route profile page will appear. Profile name: the profile name can be changed here. Destination ip address: the destination ip address of the host or the network. Destinati...
Page 97
Ias-2000 v2 user’s manual . 90 ¾ maximum concurrent sessions: the concurrent sessions for each user; it can be restricted by administrator. When a user reaches the session limit, this user will be implicitly suspended from any new connection for a fixed time period. Y policy 1~policy 10 ¾ select pol...
Page 98
Ias-2000 v2 user’s manual . 91 rule item: this is therule selected. Rule name: the rule name can be changed here. Enable this rule: after checking this function, the rule will be enabled. Action: there are two options, block and pass. Block is to prevent packets from passing and pass is to permit pa...
Page 99
Ias-2000 v2 user’s manual . 92 source/destination interface: there are five interfaces to choose, all, wan1, wan2, lan1 and lan2. Source/destination ip: enter the source and destination ip addresses. Source/destination subnet mask: enter the source and destination subnet masks. ¾ specific route prof...
Page 100
Ias-2000 v2 user’s manual . 93 ¾ bandwidth: choose one bandwidth limit for that particular policy..
Page 101
Ias-2000 v2 user’s manual . 94 ¾ maximum concurrent sessions: the concurrent sessions for each user; it can be restricted by administrator. When a user reaches the session limit, this user will be implicitly suspended from any new connection for a fixed time period..
Page 102
Ias-2000 v2 user’s manual . 95 5.3.3 black list configuration the administrator can add, delete, or edit the black list for user access control. Each black list can include 500 users at most. If a user in the black list wants to log into the system, the user’s access will be denied. The administrato...
Page 103
Ias-2000 v2 user’s manual . 96 if the administrator wants to remove a user from the black list, just select the user’s “delete” check box and then click the delete button to remove that user from the black list..
Page 104
Ias-2000 v2 user’s manual . 97 ¾ import black list: click this to enter the upload black list account – (blacklist1) page. Click the browse button to select the text file for the user account upload to the black list. Then click submit to complete the upload process. The uploading file should be a t...
Page 105
Ias-2000 v2 user’s manual . 98 5.3.4 guest user configuration this function can permit guests to log into the system. Select “enable guest user” and click apply to save the settings. Y guest user list: ias-2000 v2 offers ten guest user accounts. To activate a guest user, just enter the password in t...
Page 106
Ias-2000 v2 user’s manual . 99 5.3.5 additional configuration y user control: functions under this section applies for all general users. ¾ idle timer: if a user has been idled with no network activities, the system will automatically kick out the user. The logout timer can be set in the range of 1~...
Page 107
Ias-2000 v2 user’s manual . 100 y customize login pages 1. Certificate: the administrator can upload a new private key and a customer certificate. Click the browse button to select the file for the certificate to upload. Then click submit to complete the upload process. Click set to default and then...
Page 108
Ias-2000 v2 user’s manual . 101 b. Choose template page to make a customized login page here. Click selectto pick up a color and then fill in all of the blanks. Click preview to see the result first..
Page 109
Ias-2000 v2 user’s manual . 102 c. Choose uploaded page and upload a login page. Click the browse button to select the file to upload. Then click submit to complete the upload process. After the upload process is completed, the new login page can be previewed by clicking preview button at the bottom...
Page 110
Ias-2000 v2 user’s manual . 103 the user-defined login page must include the following html codes to provide the necessary fields for username and password. I f the user-defined login page includes an image file, the image file path in the html code must be the image file to be uploaded. Then, enter...
Page 111
Ias-2000 v2 user’s manual . 104 d. Choose the external page selection and get the login page from the specific website. Enter the website address in the “external page setting” field and then click apply. After applying the setting, the new login page can be previewed by clicking preview button at t...
Page 112
Ias-2000 v2 user’s manual . 105 3. Logout page: the users can apply their own logout page here. The process is similar to that of login page. The different part is the html code of the user-defined logout interface must include the following html code that the user can enter the username and passwor...
Page 113
Ias-2000 v2 user’s manual . 106 4. Login success page for on-demand: the administrator can use the default login success page for on-demand or get the customized login success page for on-demand by setting the template page, uploading the page or downloading from the specific website. After finishin...
Page 114
Ias-2000 v2 user’s manual . 107 b. Choose template page to make a customized login success page for on-demand here. Click selectto pick up a color and then fill in all of the blanks. Click preview to see the result first..
Page 115
Ias-2000 v2 user’s manual . 108 c. Choose uploaded page and get the login success page for on-demand by uploading. Click the browse button to select the file for the login success page for on-demand upload. Then click submit to complete the upload process after the upload process is completed, the n...
Page 116
Ias-2000 v2 user’s manual . 109 after the image file is uploaded, the file name will show on the “existing image files” field. Check the file and click deleteto delete the file. D. Choose the external page selection and get the login success page from the specific website. Enter the website address ...
Page 117
Ias-2000 v2 user’s manual . 110 b. Choose template page to make a customized login success page here. Click selectto pick up a color and then fill in all of the blanks. Click preview to see the result first..
Page 118
Ias-2000 v2 user’s manual . 111 c. Choose uploaded page and get the login success page to upload. Click the browse button to select the file for the login success page upload. Then click submit to complete the upload process. After the upload process is completed, the new login success page can be p...
Page 119
Ias-2000 v2 user’s manual . 112 after the image file is uploaded, the file name will show on the “existing image files” field. Check the file and click deleteto delete the file. D. Choose the external page selection and get the login success page from the specific website. Enter the website address ...
Page 120
Ias-2000 v2 user’s manual . 113 6. Logout success page: the administrator can use the default logout success page or get the customized logout success page by setting the template page, uploading the page or downloading from the specific external website. After finishing the setting, click preview t...
Page 121
Ias-2000 v2 user’s manual . 114 c. Choose uploaded page and get the logout success page to upload. Click the browse button to select the file for the logout success page to be uploaded. Then click submit to complete the upload process. After the upload process is completed, the new logout success pa...
Page 122
Ias-2000 v2 user’s manual . 115 then, enter or browse the filename of the images to upload in the upload images fieldon the upload images files page and then click submit. The system will show the used space and the maximum size of the image file of 512k. If the administrator wishes to restore the f...
Page 123
Ias-2000 v2 user’s manual . 116 y credit reminder: the administrator can enable this function to remind the on-demand users before their credit run out. There are two kinds of reminder, volume and time. The default reminding trigger level for volume is 1mbyte and the level for time is 5 minutes. Y p...
Page 124
Ias-2000 v2 user’s manual . 117 y enhance user authentication: with this function, only the users with their mac addresses in this list can log into ias-2000 v2. There will only be 40 users allowed in this mac address list. User authentication is still required for these users. Please click the hype...
Page 125: 5.4 Utilities
Ias-2000 v2 user’s manual . 118 5.4 utilities this section provides four utilities to customize and maintain the system including change password, backup/restore setting, firmware upgrade and restart..
Page 126
Ias-2000 v2 user’s manual . 119 5.4.1 change password the administrator can change passwords here. Please enter the required fields marked with red asterisks. Click applyto activate the new passwords. Caution: if the administrator’s password is lost, the administrator’s password still can be changed...
Page 127
Ias-2000 v2 user’s manual . 120 5.4.2 backup/restore setting this function is used to backup/restore the ias-2000 v2 settings. Also, ias-2000 v2 can be restored to the factory default settings here. Y backup current setting: click backup settings to create a .Db database backup file and save it on d...
Page 128
Ias-2000 v2 user’s manual . 121 5.4.3 firmware upgrade the administrator can download the latest firmware from the website and upgrade the system here. Click browse to search for the firmware file and click apply to go on with the firmware upgrade process. It might be a few minutes before the upgrad...
Page 129
Ias-2000 v2 user’s manual . 122 5.4.4 restart this function allows the administrator to safely restart ias-2000 v2 and the process should take about three minutes. Click yes to restart ias-2000 v2; click no to go back to the previous screen. Ifturning off the power is necessary, restarting ias-2000 ...
Page 130: 5.5 Status
Ias-2000 v2 user’s manual . 123 5.5 status this section includes system status, interface status, current users, traffic history, notification configuration and online report to provide system status information and online user status..
Page 131
Ias-2000 v2 user’s manual . 124 5.5.1 system status this section provides an overview of the system for the administrator..
Page 132
Ias-2000 v2 user’s manual . 125 the description of the table is as follows: item description current firmware version the present firmware version of ias-2000 v2 system name the system name. The default is internet access gateway home page the page the users are directed to after initial login is su...
Page 133
Ias-2000 v2 user’s manual . 126 syslog server enabled / disabled stands for the current setting to allow or disallow recording logs at syslog server. Email enabled / disabled stands for the current setting to allow or disallow mailing out logs to specific recipient. Session log ftp server enabled / ...
Page 134
Ias-2000 v2 user’s manual . 127 5.5.2 interface status provide an overview of the interface for the administrator including wan1, wan2, lan1 and lan2..
Page 135
Ias-2000 v2 user’s manual . 128 the description of the table is as follows: item description mac address the mac address of the wan1 port. Ip address the ip address of the wan1 port. Wan1 subnet mask the subnet mask of the wan1 port. Mode the mode of the wan2 port. Mac address the mac address of the...
Page 136
Ias-2000 v2 user’s manual . 129 5.5.3 current users in this function, each online user’s information including username, ip, mac, pkts in, bytes in, pkts out, bytes out, idle and kick out can be obtained.Administrator can use this function to force a specific online user to log out. Just click the h...
Page 137
Ias-2000 v2 user’s manual . 130 5.5.4 traffic history this function is used to check the history of ias-2000 v2. The history of each day will be saved separately in the dram for 3 days..
Page 138
Ias-2000 v2 user’s manual . 131 caution: since the history is saved in the dram, if you need to restart the system and also keep the history, then please manually copy and save the information before restarting. Click download to save every history log in a text file..
Page 139
Ias-2000 v2 user’s manual . 132 if the history email has been entered under the notification configuration page, then the system will automatically send out the history information to that email address. Y traffic history as shown in the following figure, each line is a traffic history record consis...
Page 140
Ias-2000 v2 user’s manual . 133 y roaming out traffic history as shown in the following figure, each line is a roaming out traffic history record consisting of 14 fields, date, type, name, nsid, nasip, nasport, usermac, sessionid, sessiontime, bytes in, bytes out, pkts in, pkts out and message,of us...
Page 141
Ias-2000 v2 user’s manual . 134 y internal service as shown in the following figure, the history record consists of 6 fields, dhcp server, syslog server, snmp server, http server, agent, ssh server, ems server, radius server, proxy server and redirector server for network service status. Y system pe...
Page 142
Ias-2000 v2 user’s manual . 135 5.5.5 notification configuration ias-2000 v2 will save the traffic history and session logs into the internal dram. If the administrator wants the system to automatically send out the history to a particular email address, please enter the related information in these...
Page 143
Ias-2000 v2 user’s manual . 136 session log for the entire system: y syslog server: enter the ip and port of the syslog server. Y send log (to email & ftp) every: the time interval to send the e-mail report, for upload logs to ftp server. Y email box: ¾ enable / disable: enable or disable the featur...
Page 144
Ias-2000 v2 user’s manual . 137 ¾ password: specify ftp account password. ¾ ftp setting test: click “send test log” button to send a test report to ftp server..
Page 145
Ias-2000 v2 user’s manual . 138 5.5.6 online report this function provides real time on-line report of the ias-2000 v2 system including system status, service status, network interface status and network session status. Y system status as shown in the following figure, the online report consists of ...
Page 146
Ias-2000 v2 user’s manual . 139 y network interface status as shown in the following figure, the online report consists of 5 fields, interface, speed-in (bps), speed-out (bps), packet-in (pps) and packet-out (pps) for wan and lan status. Y network session status as shown in the following figure, the...
Page 147: 5.6 Help
Ias-2000 v2 user’s manual . 140 5.6 help on the screen, the help button is on the upper right corner. Click help to the online help window and then click the hyperlink of the items to get the information..
Page 148: Appendix A.
Ias-2000 v2 user’s manual 141 appendix a. External network access if all the steps are set properly, ias-2000 v2 can be further connected to the managed network to experience the controlled network access environment. Firstly, connect an end-user device to the network at ias-2000 v2’s lan1 and set t...
Page 149
Ias-2000 v2 user’s manual . 142 4. An on-demand user can enter the username and password in the “user login page” and click remaining button to know the remaining time or data quota of the account. 5. When an on-demand user logs in successfully, the following login successfully screen will appear an...
Page 150: Appendix B.
Ias-2000 v2 user’s manual . 143 appendix b. Console interface configuration via this port to enter the console interface for the administrator to handle the problems and situations occurred during operation. 1. To connect the console port of ias-2000 v2, a console, modem cable and a terminal simulat...
Page 151
Ias-2000 v2 user’s manual . 144 y utilities for network debugging the console interface provides several utilities to assist the administrator to check the system conditions and debugging. The utilities are described as following: ¾ ping host (ip): by sending icmp echo request to a specified host an...
Page 152
Ias-2000 v2 user’s manual . 145 ¾ print the kernel ring buffer: it is used to examine or control the kernel ring buffer. The program helps users to print out their boot-up messages instead of copying the messages by hand. Y change admin password besides supporting the use of console management inter...
Page 153: Appendix C.
Ias-2000 v2 user’s manual . 146 appendix c. Specifications a. Hardware specification y dimensions: 42.6cm(w) x 4.4cm(h) x 27cm(d) y weight: 6kg y power: 90-264 vac 43~63hz y operating temperature: 5-40°c y 19” 1u rack mount design y 4 gigabyte ethernet (10/100/1000) y rs-232 db9 y supports 10/100/10...
Page 154
Ias-2000 v2 user’s manual . 147 y user management supports at least 500 on-line users concurrently supports local, pop3 (+ssl), radius, and ldap lan1/lan2 mechanisms supports lan1& lan2 mechanisms simultaneously can choose mac address locking for built-in user database can set the time for the user ...
Page 155: Appendix D.
Ias-2000 v2 user’s manual . 148 appendix d. Proxy setting for hotspot hotspot is a place such as a coffee shop, hotel, or a public area where provides wi-fi service for mobile and temporary users. Hotspot is usually implemented without complicated network architecture and using some proxy servers pr...
Page 156
Ias-2000 v2 user’s manual . 149 3. Click the proxy server properties from left menu and the homepage of the proxy server properties will appear. 4. Add the isp’s proxy server ip and port into external proxy server setting..
Page 157
Ias-2000 v2 user’s manual . 150 5. Enable built-in proxy server in internal proxy server setting. 6. Click apply to save the settings..
Page 158: Appendix E.
Ias-2000 v2 user’s manual . 151 appendix e. Proxy setting for enterprise enterprises usually isolate their intranet and internet by using more elaborated network architecture. Many enterprises have their own proxy server which is usually at intranet or dmz under the firewall protection. In enterpris...
Page 159: Gateway Setting
Ias-2000 v2 user’s manual . 152 gateway setting 1. Login gateway by using “admin”. 2. Click the network configuration from top menu and the homepage of the network configuration will appear..
Page 160
Ias-2000 v2 user’s manual . 153 3. Click the proxy server properties from left menu and the homepage of the proxy server properties will appear. 4. Add your proxy server ip and port into external proxy server setting..
Page 161
Ias-2000 v2 user’s manual . 154 5. Disable built-in proxy server in internal proxy server setting. 6. Click apply to save the settings. Warning:if your proxy server is disabled, it will make the user authentication operation abnormal. When users open the browser, the login page won’t appear because ...
Page 162: Client Setting
Ias-2000 v2 user’s manual . 155 client setting it is necessary for clients to add default gateway ip address into proxy exception information so the user login successful page can show up normally. 1. Use command “ipconfig” to get default gateway ip address. 2. Open browser to add default gateway ...
Page 163
Ias-2000 v2 user’s manual . 156 z for firefox.