Table of Contents IAS 2000 Internet Access Gateway User’s Manual
Table of Contents Table of Contents Table of Contents......................................................................................................................................................... i 0H 63H Chapter 1. Before You Start ................................................................................................................................ 1 1H 64H 1.1 Audience.............................................................................................................
Table of Contents 5.2.4 Walled Garden List................................................................................................................................ 64 5.2.5 Proxy Server Properties......................................................................................................................... 64 5.2.6 Dynamic DNS ....................................................................................................................................... 65 5.2.7 IP Mobility ..
Chapter 1. Before You Start Chapter 1. 1.1 Before You Start Audience This manual is intended for the system or network administrators with the networking knowledge to complete the step by step instructions in order to use IAS-2000 for a better management of network system and user data. 1.
Chapter 1. Before You Start 802.11b International standard for wireless networking that operates in the 2.4 GHz frequency range (2.4 GHz to 2.4835 GHz) and provides a throughput up to 11 Mbps. This is a very commonly used frequency. Microwave ovens, cordless phones, medical and scientific equipment, as well as Bluetooth devices, all work within the 2.4 GHz frequency band. 802.11g Similar to 802.11b, but this standard provides a throughput up to 54 Mbps. It also operates in the 2.
Chapter 1. Before You Start depends on several variables such as the rate of data transmission speed between networked devices, network overhead, number of users, and the type of device used to connect PCs to a network. It is similar to a pipeline in that capacity is determined by size: the wider the pipe, the more water can flow through it; the more bandwidth a network provides, the more data can flow through it. Standard 802.11b provides a bandwidth of 11 Mbps; 802.11a and 802.
Chapter 1. Before You Start CTS Clear To Send. A signal sent by a device to indicate that it is ready to receive data. Database A collection of data that is organized so that its contents can easily be accessed, managed, and updated. DDNS Dynamic Domain Name System. The capability of having a website, FTP, or e-mail server with a dynamic IP address using a fixed domain name. Default Gateway A device that forwards Internet traffic from your local area network.
Chapter 1. Before You Start DNS A program that translates URLs to IP addresses by accessing a database maintained on a collection of Internet servers. The program works behind the scenes to facilitate surfing the Web with alpha versus numeric addresses. A DNS server converts a name like mywebsite.com to a series of numbers like 107.22.55.26. Every website has its own specific IP address on the Internet. Domain Name The unique name that identifies an Internet site.
Chapter 1. Before You Start Ethernet International standard networking technology for wired implementations. Basic 10BaseT networks offer a bandwidth of about 10 Mbps. Fast Ethernet (100 Mbps) and Gigabit Ethernet (1000 Mbps) are becoming popular. Firewall A system that secures a network and prevents access by unauthorized users. Firewalls can be software, hardware or a combination of both. Firewalls can prevent unrestricted access into a network, as well as restrict data from flowing out of a network.
Chapter 1. Before You Start HTTP HyperText Transport Protocol. The communications protocol used to connect to servers on the World Wide Web. IEEE Institute of Electrical and Electronics Engineers, New York, www.ieee.org. A membership organization that includes engineers, scientists and students in electronics and allied fields. It has more than 300,000 members and is involved with setting standards for computers and communications.
Chapter 1. Before You Start customer's premises to the dial-up telephone network. ISDN uses standard POTS copper wiring to deliver voice, data or video. ISP Internet Service Provider. A company that provides access to the Internet. LAN Local Area Network. A system of connecting PCs and other devices within the same physical proximity for sharing resources such as an Internet connections, printers, files and drives. When Wi-Fi is used to connect the devices, the system is known as a wireless LAN or WLAN.
Chapter 1. Before You Start Network A series of computers or devices connected for the purpose of data sharing, storage, and/or transmission between users. Node A network junction or connection point, typically a computer or work station. Packet A unit of data sent over a network. Passphrase Used much like a password, a passphrase simplifies the WEP encryption process by automatically generating the WEP encryption keys for the company products. POP Post Office Protocol.
Chapter 1. Before You Start that messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to their corporate network via the Internet. Plug and Play A computer system feature that provides automatic configuration of add-ons and peripheral devices such as wireless PC Cards, printers, scanners and multimedia devices.
Chapter 1. Before You Start Server Any computer whose function in a network is to provide user access to files, printing, communications, and other services. SMTP Simple Mail Transfer Protocol. The standard e-mail protocol on the Internet. SNMP Simple Network Management Protocol. A set of protocols for managing complex networks. The first versions of SNMP were developed in the early 80s. SNMP works by sending messages, called protocol data units (PDUs), to different parts of a network.
Chapter 1. Before You Start SSL Secure Sockets Layer. Commonly used encryption scheme used by many online retail and banking sites to protect the financial integrity of transactions. When an SSL session begins, the server sends its public key to the browser. The browser then sends a randomly generated secret key back to the server in order to have a secret key exchange for that session. Static IP Address A fixed address assigned to a computer or device that is connected to a network.
Chapter 1. Before You Start TFTP Trivial File Transfer Protocol. A version of the TCP/IP FTP protocol that uses UDP and has no directory or password capability. UDP User Datagram Protocol. A network protocol for transmitting data that does not require acknowledgement from the recipient of the data that is sent. Upgrade To replace existing software or firmware with a newer version. Upload To transmit a file over a network. URL Uniform Resource Locator. The address of a file located on the Internet.
Chapter 1. Before You Start WAN Wide Area Network. A communication system of connecting PCs and other computing devices across a large local, regional, national or international geographic area. Also used to distinguish between phone-based data networks and Wi-Fi. Phone networks are considered WANs and Wi-Fi networks are considered Wireless Local Area Networks (WLANs). WEP Wired Equivalent Privacy. Basic wireless security provided by Wi-Fi.
Chapter 2. Overview Chapter 2. 2.1 Overview Introduction of IAS-2000 IAS-2000 is a Network Access Control System specially designed for simple small and middle-scaled wireless network environments while retaining network efficiency. IAS-2000 delivers “manageability”, “efficiency” and “friendly interface” and suits perfectly for campuses (or libraries, gymnasiums, etc.), small and middle enterprises, factories, Hotspots and community hospitals.
Chapter 2. Overview functions. The user account information is stored in the IAS-2000 database, or other specified external authentication databases. The process of authenticating the user’s identity is executed via the SSL encrypted webpage. Using the web interface, it can be ensured that the system is compatible to most desktop systems and palm computers.
Chapter 2. Overview Attention: Public LAN is referred to as the LAN port with the authentication function enabled from where the Authentication is required for the users to get access of the network; And, Private LAN is referred to as the LAN port with the authentication function disabled. Another setup example is shown in the following figure. The WAN1 and WAN2 of IAS-2000 simultaneously supports the Switch of 802.
Chapter 3. Hardware Installation Chapter 3. 3.1 Hardware Installation Panel Function Descriptions Front Panel Link LED: It stands for being connected to RJ45 connectors. Act LED: It stands for transmitting data. Power LED: Should light stands for the power is on. Status LED: Black indicates BIOS running. Blink light indicates OS running. Solid light indicates the system ready. AUX Port: It is reserved for future usage. Console Port: It resumes the factory defaults or reconfigures the system.
Chapter 3. Hardware Installation Rear Panel Power Switch Power Socket: System Fan System Fan The power cord attaches here. System Fan: Keeps the machine cool. Power Socket: The power cord attaches here. Power Switch: Turns on and off the machine. 3.
Chapter 3. Hardware Installation 3.3 System Requirement y Standard 10/100BaseT including five network cables with RJ-45 connectors y All PCs need to install the TCP/IP network protocol 3.4 Installation Steps Please follow the following steps to install IAS-2000: 1. Connect the power cord to the power socket on the rear panel. 2. Turn on the power switch on the rear panel. The Power LED will light up. 20 Air Live IAS-2000 User’s Manual V1.0.
Chapter 3. Hardware Installation 3. Connect an Ethernet cable to one LAN Port with the user authentication function enabled on the front panel. The default ports are LAN1 and LAN2 ports. (Note: Authentication is required for the users to access the network via these LAN Ports. The LAN port with authentication function is referred to as Public LAN.) Connect the other end of the Ethernet cable to an AP or switch. The LED of this LAN should be on to indicate a proper connection. 4.
Chapter 4. Network Configuration on PC Chapter 4. Network Configuration on PC After IAS-2000 is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup. 4.1 Internet Connection Setup 4.1.1 Windows 9x/2000 1. Choose Start > Control Panel > Internet Options. 2. Choose the “Connections” label, and then click Setup. 22 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 3. Choose “I want to set up my Internet connection manually, or I want to connect through a local area network (LAN)”, and then click Next. 4. Choose “I connect through a local area network (LAN)” and click Next. 5. Do NOT check any option in the following LAN window for Internet configuration, and just click Next. 23 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 6. Choose “No”, and click Next. 7. Finally, click Finish to exit the Internet Connection Wizard. Now, the setup has been completed. 4.1.2. Windows XP 1. Choose Start > Control Panel > Internet Options. 24 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 2. Choose the “Connections” label, and then click Setup. 3. Click Next when Welcome to the New Connection Wizard screen appears. 4. Choose “Connect to the Internet” and then click Next. 25 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 5. Choose “Set up my connection manually” and then click Next. 6. Choose “Connect using a broadband connection that is always on” and then click Next. 7. Finally, click Finish to exit the Connection Wizard. Now, you have completed the setup. 26 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 4.2 TCP/IP Network Setup If the operating system of your PC is Windows 95/98/ME/2000/XP, then just keep the default settings without any change to directly start/restart the system. With the factory default settings, during the process of starting the system, IAS-2000 with DHCP function will automatically assign an appropriate IP address and related information for each PC.
Chapter 4. Network Configuration on PC 3-1. Using DHCP: If you want to use DHCP, please choose “Obtain an IP address automatically” under the “IP Address” label and click OK. This is also the default setting. Then, reboot the PC to make sure an IP address is obtained from IAS-2000. 3-2. Using Specific IP Address: If you want to use specific IP address, you have to ask the network administrator for the information of IAS-2000: IP address, Subnet Mask, Gateway and DNS server address.
Chapter 4. Network Configuration on PC y Choose “Gateway” label and enter the gateway address of IAS-2000 in the “New gateway:” and then click Add and OK. y Choose “DNS Configuration” label. If no DNS Server is defined in the DNS Server column, please click Enable DNS and then enter a known DNS address or the DNS address provided by ISP. Then, click Add and click OK. 29 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 4.2.2. Check the TCP/IP Setup of Window 2000 1. Select Start > Control Panel > Network and Dial-up Connections. 2. Click the right button of the mouse on “Local Area Connection” icon and then select “Properties”. 3. Select “Internet Protocol (TCP/IP)” and then click Properties. Now, you can choose to use DHCP or specific IP address. 30 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 4-1. Using DHCP: If you want to use DHCP, please choose “Obtain an IP address automatically” and click OK. This is also the default setting. Then, reboot the PC to make sure an IP address is obtained from IAS-2000. 4-2. Using Specific IP Address: If you want to use specific IP address, you have to ask the network administrator for the information of IAS-2000: IP address, Subnet Mask, Gateway and DNS server address. .
Chapter 4. Network Configuration on PC y Then, click Advanced in the window of “Internet Protocol (TCP/IP) Properties”. y Choose the “IP Settings” label and click Add below the “Default gateways” column and the “TCP/IP Gateway Address” window will appear. Enter the gateway address of IAS-2000 in the “Gateway:” of “TCP/IP Gateway Address” window, and then click Add. After returning to the “IP Settings” section, click OK to finish. 32 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 4.2.3. Check the TCP/IP Setup of Window XP 1. Select Start > Control Panel > Network Connections. 2. Click the right button of the mouse on the “Local Area Connection” icon and select “Properties” 3. Select “General” label and choose “Internet Protocol (TCP/IP)” and then click Properties. Now, you can choose to use DHCP or specific IP address. 33 Air Live IAS-2000 User’s Manual V1.0.
Chapter 4. Network Configuration on PC 4-1. Using DHCP: If you want to use DHCP, please choose “Obtain an IP address automatically” and click OK. This is also the default setting. Then, reboot the PC to make sure an IP address is obtained from IAS-2000. 4-2. Using Specific IP Address: If you want to use specific IP address, you have to ask the network administrator for the information of IAS-2000: IP address, Subnet Mask, Gateway and DNS server address.
Chapter 4. Network Configuration on PC y Then, click Advanced in the window of “Internet Protocol (TCP/IP) Properties”. y Choose the “IP Settings” label and click “Add” below the “Default gateways” column and the “TCP/IP Gateway Address” window will appear. Enter the gateway address of IAS-2000 in the “Gateway:” of “TCP/IP Gateway Address” window, and then click Add. After returning to the “IP Settings” label, click OK to finish. 35 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration Chapter 5. Web Interface Configuration This chapter will guide you through further detailed settings. The following table shows all the functions of IAS-2000.
Chapter 5. Web Interface Configuration After the previous installation is completed, IAS-2000 can be further configured with the following steps 1. Use the network cable of the 10/100BaseT to connect a PC to the authenticated port, and then start a browser (such as Microsoft IE). Next, enter the gateway address for that port, the default is https://192.168.2.254. In the 60H opened webpage, you will see the login screen.
Chapter 5. Web Interface Configuration 5.1 System Configuration This section includes the following functions: Configuration Wizard, System Information, WAN1 Configuration, WAN2 Configuration, LAN1 Configuration and LAN2 Configuration. 5.1.1 Configuration Wizard There are two ways to configure the system: using Configuration Wizard or change the setting by demands manually. The Configuration Wizard has 7 steps providing a simple and easy way to guide you through the setup of IAS-2000.
Chapter 5. Web Interface Configuration Now, click System Configuration to go to the System Configuration page. Click the System Configuration from the top menu and the System Configuration page will appear. Then, click on Configuration Wizard and click the Run Wizard button to start the wizard. 39 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration y Running the Wizard First of all, you will see a welcome screen to briefly introduce the 7 steps. After a brief overview of the whole process, click Next to begin. y Step 1: Change Admin’s Password Enter a new password for the admin account and retype it in the verify password field (twenty-character maximum and no spaces). Click Next to continue. y Step 2: Choose System’s Time Zone Select a proper time zone via the pull-down menu. Click Next to continue.
Chapter 5. Web Interface Configuration y Step 3: Set System Information Home Page: Enter the URL that users should be directed to when successfully authenticated or use the default. NTP Server: Enter the URL of external time server for IAS-2000 time synchronization or use the default. DNS Server: Enter a DNS Server provided by your ISP (Internet Service Provider). Contact your ISP if you are not sure of the DNS IP Address. Click Next to continue.
Chapter 5. Web Interface Configuration ¾ PPPoE Client: Set PPPoE Client’s Information Enter the “Username” and “Password” provided by your ISP. Click Next to continue. y Step 5: Configure LAN1’s Information IP Address: Enter the Public LAN port IP Address or use the default. Subnet Mask: Enter the Public port Subnet Mask or use the default. Disable DHCP Server: If the DHCP server is disabled, the Public LAN clients must be configured with an IP address manually.
Chapter 5. Web Interface Configuration Preferred DNS Server: The DNS Server settings are provided by your ISP. Only the Preferred DNS Server field is mandatory. Contact your ISP if you are unsure of the DNS Server settings. Alternate DNS Server: The DNS Server settings are provided by your ISP. This field is optional. Click Next to continue. y Step 6: Select Default Authentication Server Set the user’s information in advance. Enter an easily identified name as the postfix name in the Postfix Name field (e.
Chapter 5. Web Interface Configuration ¾ POP3 User- Authentication Method-POP3 Enter IP/Domain Name and server port of the POP3 server provided by your ISP, and then choose enable SSL or not. Click Next to continue. ¾ RADIUS User- Authentication-RADIUS Enter RADIUS server IP/Domain Name, authentication port, accounting port and secret key. Then choose to enable accounting service or not, and choose the desired authentication method. Click Next to continue.
Chapter 5. Web Interface Configuration If you select Anonymous binding type, the system will access the LDAP servers without requiring authentication. If you select Specific DN binding type, you have to enter the username and password in the “Bind RDN” and “Bind Password” fields to access the LDAP server. If you select Windows AD binding type, please enter the domain name of Windows AD to access the LDAP server. Click Next to continue. 45 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration ¾ LDAP User- Authentication Method-NT Domain When NT Domain User is selected, enter the information for “Server IP Address”, and enable/disable “Transparent Login”. After this setup is completed, click Next to continue. y Step 7: Restart Click Restart to save the current settings and restart IAS-2000. The Setup Wizard is now completed. y During IAS-2000 restart, a “Restarting now. Wait for a minute.” message will appear on the screen.
Chapter 5. Web Interface Configuration Caution: During every step of the wizard, if you wish to go back to modify the settings, please click the Back button to go back to the previous step. 5.1.2 System Information These are some main information about IAS-2000. Please refer to the following description for these blanks: 47 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration y System Name: Set the system’s name or use the default. y WAN Failure Message: Enter the Administrator’s information here, such as administrator’s name, telephone number, e-mail address, etc. If users encountered problems in the connection of the WAN port to the system, this information will appear on the user’s login screen. y Device Name: FQDN (Fully-Qualified Domain Name). This is used as the domain name used in login page.
Chapter 5. Web Interface Configuration y Static IP Address: Manually specifying the IP address of the WAN1 Port is applicable for the network environment where the DHCP service is unavailable. The option of 802.3ad for WAN2 is only available when WAN1 is using a static IP address. The fields with red mark are required. Please fill in these fields. IP Address: The IP address of the WAN1 port. Subnet Mask: The subnet mask of the WAN1 port. Default Gateway: The gateway of the WAN1 port.
Chapter 5. Web Interface Configuration “Password”. There is a Dial on demand function under PPPoE. If this function is enabled, you can set a Maximum Idle Time. When the idle time is reached, the system will automatically disconnect itself. 5.1.4 WAN2 Configuration There are 4 methods of obtaining IP address for the WAN2 Port: None, Static IP Address, Dynamic IP Address, and 802.3ad. y None: The WAN2 Port is not functional.
Chapter 5. Web Interface Configuration y 802.3ad: This mode will be available if WAN1 is set to Static IP Address. When 802.3ad is enabled, the bandwidth of WAN1 and WAN2 are combined provided that WAN1 and WAN2 are connected to the same set of Switch supporting 802.3ad. See the following figure. 5.1.5 LAN1 / LAN2 Configuration All of the following four LAN ports can enable or disable user authentication function. In this part, you can set the related configurations about LAN1 port and DHCP server.
Chapter 5. Web Interface Configuration The system will need confirmation for enabling individual VLAN segment. Click Enable to continue. See the following figure. After enabling this VLAN segment, the following screen will appear. See the following description and figure for details. Enable User Authentication (on VLAN) y Enable: Enable this VLAN segment. y Enable User Authentication: Control the User Authentication according to individual VLAN segment. 52 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration y VLAN Tag: Enter any integer number within the range of 2~4094 as the Tag for this VLAN segment. y Mode: Two modes are provided: NAT mode and ROUTER mode. 1. NAT: All IP addresses externally connected through the VLAN port (these IP addresses must belong to the same network for the VLAN port) will be converted into the IP addresses of the WAN1 port by IAS-2000 and onward to outside the network. 2.
Chapter 5. Web Interface Configuration If you want to use the reserved IP address function, click on the Reserved IP Address List on the management interface. Then, the setup of the Reserved IP Address List as shown in the following figure will appear. Enter the related Reserved IP Address, MAC, and some description (not compulsory). When finished, click Apply to complete the setup. y Enable DHCP Relay: If you want to enable this function, you must specify other DHCP Server IP address.
Chapter 5. Web Interface Configuration 2. Enable DHCP Server: If you want to use the DHCP Server function, you must set it up properly. Related information needed on setting up the DHCP Server is described as follows: DHCP Pool Start IP Address, DHCP Pools End IP Address, Preferred DNS Server, Alternate DNS Server, Domain Name, WINS Server, Lease Time, and Reserved IP Address List. See the following figure.
Chapter 5. Web Interface Configuration 3. Enable DHCP Relay:If you want to enable this function, you must specify other DHCP Server IP address. See the following figure. 5.2 Network Configuration This section includes the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled Garden List, Proxy Server Properties, Dynamic DNS and IP Mobility. 5.2.1 Network Address Translation There are three parts, DMZ, Virtual Servers and Port and IP Redirect, need to be set.
Chapter 5. Web Interface Configuration y DMZ De-Militarized Zone. A computer within a DMZ is unprotected by firewall and typically all port accesses are routed through to that computer. A router will forward all traffic to the computer specified in the DMZ if it does not otherwise have a rule for how to forward traffic on a given port. There are 40 sets of static Internal IP Address and External IP Address available. These settings will become effective immediately after clicking the Apply button.
Chapter 5. Web Interface Configuration y Port and IP Redirect This function allows the administrator to set 40 sets of the IP addresses at most for redirection purpose. When the user attempts to connect to a destination IP address listed here, the connection packet will be converted and redirected to the corresponding destination. Please enter the “IP Address” and “Port” of Destination, and the “IP Address” and “Port” of Translated to Destination.
Chapter 5. Web Interface Configuration 5.2.2 Privilege List There are two parts, Privilege IP Address List and Privilege MAC Address List, need to be set. y Privilege IP Address List If there are some workstations belonging to the managed server that need to access the network without authentication, and enter the IP addresses of these workstations in this list. The “Remark” blank is not necessary but is useful to keep track. IAS-2000 allows 100 privilege IP addresses at most.
Chapter 5. Web Interface Configuration Warning: Permitting specific IP addresses to have network access rights without going through standard authentication process at the authenticated LAN may cause security problems. y Privilege MAC Address List In addition to the IP address, you can also set the MAC address of the workstations that need to access the network without authentication in this list. IAS-2000 allows 100 privilege MAC addresses at most.
Chapter 5. Web Interface Configuration Warning: Permitting specific MAC addresses to have network access rights without going through standard authentication process at the authenticated LAN may cause security problems. Import List: Select an Access Gateway and then click Import List to enter the Upload Privilege MAC Address List interface. Click the Browse button to select the text file for the user account upload. Then click Submit to complete the upload.
Chapter 5. Web Interface Configuration Export List: Click this to export the Mac List to create a .txt file and then save it on disk. 5.2.3 Monitor IP List The system will send out a packet periodically to monitor the connection status of the IP addresses on the list. If the monitored IP address does not respond, the system will send an e-mail to notify the administrator that such destination is not reachable.
Chapter 5. Web Interface Configuration y Send From: The e-mail address of the administrator in charge of the monitoring. This will show up as the sender’s e-mail. y Send To: The e-mail address of the person whom the monitoring result is for. This will be the receiver’s e-mail. y Interval: The time interval to send the e-mail report. y SMTP Server: The IP address of the SMTP server.
Chapter 5. Web Interface Configuration 5.2.4 Walled Garden List This function provides some free websites to the users to surf without logging in and authenticating the server. Up to 20 addresses or domain names of the websites can be defined in this list. Users without the network access right can still have a chance to experience the actual network service free of charge.
Chapter 5. Web Interface Configuration y Internal Proxy Server: IAS-2000 has a built-in proxy server. If this function is enabled, the end users will be forced to treat IAS-2000 as the proxy server regardless of the end-users’ original proxy settings. y External Proxy Server: Under the IAS-2000 security management, the system will match the External Proxy Server list to the end-users’ proxy setting.
Chapter 5. Web Interface Configuration y DDNS: Enabling or disabling of this function. y Provider: Select the DNS provider. y Host name: The IP address/domain name of the WAN port. y Username/E-mail: The register ID (username or e-mail) for the DNS provider. y Password/Key: The register password for the DNS provider. Please click Apply and these settings will become effective immediately. 5.2.7 IP Mobility y Enable IP PNP At the user end, you can use any IP address to connect to the system.
Chapter 5. Web Interface Configuration 5.3.1 Authentication Configuration This function is to configure the settings for different authentication servers. The system provides 5 servers (Local, POP3, RADIUS, LDAP and NT Domain), one On-demand User and one PMS User that the administrator can apply with different policy. Click on the server name to set the related configurations for that particular server.
Chapter 5. Web Interface Configuration 5.3.1.1 Local Server This server is only for “Local User”, you can’t change the authentication method for the server. y Server Name: Set a name for the server using numbers (0 to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed. y Sever Status: The status shows that the server is enabled or disabled. y Postfix: Set a postfix that is easy to distinguish (e.g.
Chapter 5. Web Interface Configuration y Edit Local User List: Click this to enter the “Local User List” screen and click the individual Username to edit that account. Add User: Click this button to enter the Add User interface. Fill in the necessary information such as “Username”, “Password”, “MAC” and “Remark” (optional). Then, select a desired Maximum Bandwidth, Request Bandwidth and Group, and then click Apply to complete adding the user or users. 69 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration y Import User: Click this to enter the Upload User interface. Click the Browse button to select the text file for the user account upload. Then click Submit to complete the upload process. The uploading file should be a text file and the format of each line is "ID, Password, MAC, Group, Remark" or “ID, Password, MAC, Max bandwidth, Request bandwidth, Policy, Remark” without the quotes. There must be no spaces between the fields and commas.
Chapter 5. Web Interface Configuration must be retained. When adding user accounts by uploading a file, the existing accounts in the embedded database will not be replaced by new ones. y Export User: Click this to create a .txt file and then save it on disk. 71 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration y Refresh: Click this to renew the list. Refresh button y Search: Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Del All: This will delete all the users at once. Delete: This will delete the users individually. 72 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration Edit User: If you want to edit the content of individual user account, click the username of the desired user account to enter the Edit User Interface for that particular user, and then modify or add any desired information such as “Username”, “Password”, “MAC”, “Maximum Bandwidth”, “Request Bandwidth”, “Policy” and “Remark” (optional) . Then, click Apply to complete the modification. y Radius Roaming Out / 802.
Chapter 5. Web Interface Configuration .5.3.1.2 POP3 Server POP3, RADIUS, LDAP and NT Domain Server can change the authentication method. Choose “POP3” in the Authentication Method field, the hyperlink beside the pull-down menu will become “POP3 Setting”. y Server Name: Set a name for the server using numbers (0 to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed.
Chapter 5. Web Interface Configuration y Server IP: Enter the IP address/domain name given by your ISP. y Port: Enter the Port given by your ISP. The default value is 100. y SSL Setting: If this option is enabled, the POP3 protocol will perform the authentication. 5.3.1.3 Radius Server Choose “Radius” in the Authentication Method field, the hyperlink beside the pull-down menu will become “Radius Setting”. Click the hyperlink for further configuration.
Chapter 5. Web Interface Configuration y 802.1X Authentication: Enable this function and the hyperlink of Radius Client List will appear. Click the hyperlink to get into the Radius Client Configuration list for further configuration. Please refer to Radius Roaming Out/802.1x Authentication in 5.3.1.1 Authentication Method – Local User. y Trans Full Name: When enabled, the ID and postfix will be transferred to the RADIUS server for authentication.
Chapter 5. Web Interface Configuration 5.3.1.4 LDAP Server Choose “LDAP” in the Authentication Method field, the hyperlink beside the pull-down menu will become “LDAP Setting”. Click the hyperlink for further configuration. Enter the related information for the primary server and/or the secondary server (the secondary server is not required). The blanks with red star are necessary information. These settings will become effective immediately after clicking the Apply button.
Chapter 5. Web Interface Configuration ¾ Anonymous: Access the LDAP servers without requiring authentication but only select one Account Attribute (UID, CN or sAMAccountName). ¾ Specified DN: Entering the specific DN username and password in the “Bind RDN” and “Bind Password” fields, and then select one Account Attribute (UID, CN or sAMAccountName) to access the LDAP server. 78 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration ¾ 5.3.1.5 Windows AD: Enter the domain name of Windows AD to access the LDAP server. NT Domain Server Choose “NTDomain” in the Authentication Method field, the hyperlink beside the pull-down menu will become “NT Domain Setting”. Click the hyperlink for further configuration. Enter the server IP address and enable/disable the transparent login function. These settings will become effective immediately after clicking the Apply button.
Chapter 5. Web Interface Configuration 5.3.1.6 On Demand User This is for the customer’s need in a store environment. When the customers need to use wireless Internet in the store, they have to get a printed receipt with username and password from the store to log in the system for wireless access. There are 2000 On-demand User accounts available. Server Status: The status shows that the server is enabled or disabled. Postfix: Set a postfix that is easy to distinguish (e.g.
Chapter 5. Web Interface Configuration y Search: Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. y Username: The login name of the on-demand user. y Password: The login password of the on-demand user. y Remain Time/Volume: The total time/Volume that the user can use currently. y Status: The status of the account. Normal indicates that the account is not in-use and not overdue.
Chapter 5. Web Interface Configuration maximum time allowed is 999 hours and 59 minutes). Expired Info: This is the duration of time that the user can use the account after the activation of the account. After this duration, the account will self-expires (the maximum days allowed is 999 days and the maximum time allowed is 999 hours). Valid Duration: This is the duration of time that the user needs to activate the account after the generation of the account.
Chapter 5. Web Interface Configuration 5.3.1.7 PMS User The system integrates a hotel in-door billing system, PMS, developed by Micros Fidelio, and it usually used in a hotel environment. When the customers need to use wireless Internet in the hotel, they have to get a printed receipt with username and password form the hotel to log in the system for wireless access. Server Status: The status shows that the server is enabled or disabled. PMS Server IP: Enter the IP address of the PMS server.
Chapter 5. Web Interface Configuration Search: Enter a keyword of a username that you wish to search in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Room No.: The room number of the PMS user. Username: The login name of the PMS user. Password: The login password of the PMS user. Remain Time: The total time/Volume that the user can use currently. Status: The status of the account.
Chapter 5. Web Interface Configuration Status: Select to enable or disable this billing rule. Hr. Purchased: This is the duration of time that the user can use the account after the activation of the account. After this duration, the account will self-expires. You can enter 1-999 hours. Valid Period: This is the duration of time that the user needs to activate the account after the generation of the account. If the account is not activated during this duration, the account will self-expires.
Chapter 5. Web Interface Configuration 5.3.2 Policy Configuration There are a Global policy and the other five policies. Every Policy has three profiles, Firewall Profile, Specific Route Profile, and Schedule Profile as well as one Bandwidth setting for that policy. But Global policy only has Firewall Profile and Specific Route Profile settings. y Global Policy Select Policy: Select Global to set the Firewall Profile and Specific Route Profile.
Chapter 5. Web Interface Configuration ¾ Rule Item: This is the rule that you have selected. ¾ Rule Name: The rule name can be changed here. ¾ Enable this Rule: After checking this function, the rule will be enabled. ¾ Action: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit packets passing. ¾ Protocol: There are three protocols to select, TCP, UDP and ICMP, or choose ALL to use all three protocols.
Chapter 5. Web Interface Configuration y ¾ View System Route Table: Click the hyperlink to see the information of the hosts or the networks. ¾ Profile Name: The profile name can be changed here. ¾ IP Address (Destination): The destination IP address of the host or the network. ¾ Subnet Netmask: Select a destination subnet netmask of the host or the network. ¾ IP Address (Gateway): The IP address of the next router to the destination.
Chapter 5. Web Interface Configuration ¾ Rule Item: This is the rule that you have selected. ¾ Rule Name: The rule name can be changed here. ¾ Enable this Rule: After checking this function, the rule will be enabled. ¾ Action: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit packets passing. ¾ Protocol: There are three protocols to select, TCP, UDP and ICMP, or choose ALL to use all three protocols.
Chapter 5. Web Interface Configuration ¾ Profile Name: The profile name can be changed here. ¾ IP Address (Destination): The destination IP address of the host or the network. ¾ Subnet Netmask: Select a destination subnet netmask of the host or the network. ¾ IP Address (Gateway): The IP address of the next router to the destination. ¾ Default: Check this option to apply the default values. Schedule Profile: Click the hyperlink of Setting for Schedule Profile to enter the Schedule Profile list.
Chapter 5. Web Interface Configuration 5.3.3 Black List Configuration The administrator can add, delete, or edit the black list for user access control. Each black list can include 500 users at most. If a user in the black list wants to log into the system, the user’s access will be denied. The administrator can use the pull-down menu to select the desired black list. y Select Black List: There are 5 lists to select from for the desired black list.
Chapter 5. Web Interface Configuration After entering the usernames in the “Username” blanks and the related information in the “Remark” blank (not required), click Apply to add the users. If the administrator wants to remove a user from the black list, just select the user’s “Delete” check box and then click the Delete button to remove that user from the black list. Import Black List: Click this to enter the Upload black List Account – (Blacklist1) interface.
Chapter 5. Web Interface Configuration The uploading file should be a text file and the format of each line should be "ID, Remark" without the quotes. There must be no spaces between the fields and commas. When adding user accounts by uploading a file, existing accounts in the embedded database that are also defined in the data file will not be replaced by the new ones. y Export Black List: Click Export List to create a .txt file and then save it on disk. 93 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration 5.3.4 Guest User Configuration This function can permit guests to log into the system. Select “Enable Guest User” and click Apply to save the settings. y Guest User List: IAS-2000 offers ten guest users for log in. To activate a guest user, just enter the password in the corresponding “Password” text field for that guest account. Guest accounts with blank password will not be activated. y Session Length: This restricts the connection time of the guest users.
Chapter 5. Web Interface Configuration 5.3.5 Additional Configuration y User Control: Functions under this section applies for all general users. Idle Timer: If a user has been idled with no network activities, the system will automatically kick out the user. The logout timer can be set in the range of 1~1440 minutes, and the default logout time is 10 minutes. Multiple Login: When enabled, a user can log in from different computers with the same account.
Chapter 5. Web Interface Configuration y Internet Connection Detection: Enter a specific URL or IP address and IAS-2000 will try to detect the network connection by sending packets directly to that specific URL or IP address. If there is a problem in the connection of the WAN port of the system such that the URL or IP address specified cannot be reached, there will be a connection failed message showing on the users’ login screen.
Chapter 5. Web Interface Configuration Click Use Default Page to use the default login page. After the upload process is completed, the new login page can be previewed by clicking Preview button at the bottom. The user-defined login page must include the following HTML codes to provide the necessary fileds for username and password. If the user-defined login page includes an image file, the image file path in the HTML code must be the image file you will upload.
Chapter 5. Web Interface Configuration After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file and click Delete to delete the file. 3. Logout Page: The administrator can upload new logout page. The process is similar to that of Login Page. Click Use Default Page to use the default login succeed page. After the upload process is completed, the new login succeed page can be previewed by clicking Preview button at the bottom. 4.
Chapter 5. Web Interface Configuration After the upload process is completed, the new login succeed page can be previewed by clicking Preview button at the bottom. 5. Logout Succeed Page: The administrator can upload new logout succeed page. The process is similar to that of Login Page. Click Use Default Page to use the default logout succeed page. After the upload process is completed, the new logout succeed page can be previewed by clicking Preview button at the bottom.
Chapter 5. Web Interface Configuration y Enhance User Authentication: With this function, only the users with their MAC addresses in this list can log into IAS-2000. There will only be 40 users allowed in this MAC address list. User authentication is still required for these users. Please select “Enable”, enter the Permit MAC Address List to fill in these MAC addresses and then click Apply. Caution: The format of the MAC address is: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.
Chapter 5. Web Interface Configuration 5.4 Utilities This section provides four utilities to customize and maintain the system including Change Password, Backup/Restore Setting, Firmware Upgrade and Restart. 5.4.1 Change Password The administrator can change the passwords here. Please enter the current password and then enter the new password twice to verify. Click Apply to activate this new password.
Chapter 5. Web Interface Configuration 5.4.2 Backup/Restore Setting This function is used to backup/restore the IAS-2000 settings. Also, IAS-2000 can be restored to the factory default settings here. y Backup Current Setting: Click Backup Setting to create a .db database backup file and save it on disk. y Restore Setting: Click Browse to search for a .db database backup file created by IAS-2000 and click Restore Setting to restore to the same settings at the time the backup file was created.
Chapter 5. Web Interface Configuration 5.4.3 Firmware Upgrade The administrator can download the latest firmware from the website and upgrade the system here. Click Browse to search for the firmware file and click Apply to go on with the firmware upgrade process. It might be a few minutes before the upgrade process completes and the system needs to be restarted afterwards to make the new firmware effective. Warning: 1. Firmware upgrade may cause the loss of some of the data.
Chapter 5. Web Interface Configuration 5.4.4 Restart This function allows the administrator to safely restart IAS-2000 and the process should take about three minutes. Click YES to restart IAS-2000; click NO to go back to the previous screen. If you need to turn off the power, we recommend you to restart IAS-2000 first and then turn off the power after completing the restart process. Caution: The connection of all online users of the system will be disconnected when system is in the process of restarting.
Chapter 5. Web Interface Configuration 5.5 Status This section includes System Status, Interface Status, Current Users, Traffic History, Notification Configuration and Online Report to provide system status information and online user status. 105 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration 5.5.1 System Status This section provides an overview of the system for the administrator. 106 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration The description of the table is as follows: Description Item Current Firmware Version The present firmware version of IAS-2000 System Name The system name. The default is IAS-2000 WAN Failure Message Home Page Syslog server- Traffic History Proxy Server Friendly Logout Remote Management IP Management SNMP Retainable Days History Traffic log Email To NTP Server The information to be shown on the login screen when a user has a connection problem.
Chapter 5. Web Interface Configuration 5.5.2 Interface Status Provides an overview of the interface for the administrator including WAN1, WAN2, LAN1 and LAN2. 108 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration The description of the table is as follows: Description Item MAC Address WAN1 WAN2 IP Address The MAC address of the WAN1 port. The IP address of the WAN1 port. Subnet Mask The Subnet Mask of the WAN1 port. MAC Address The MAC address of the WAN2 port. IP Address Subnet Mask Mode MAC Address IP Address The IP address of the WAN2 port. The Subnet Mask of the WAN2 port. The mode of the LAN1 port. The MAC address of the LAN1. The IP address of the LAN1.
Chapter 5. Web Interface Configuration 5.5.3 Current Users In this function, each online user’s information including Username, IP Address, MAC Address, Packets In, Bytes In, Packets Out, Bytes Out, Idle Time and Logout can be obtained. Administrator can use this function to force a specific online user to log out. Just click the hyperlink of Logout next to the online user’s name to logout that particular user. Click Refresh to renew the current users list. 110 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration 5.5.4 Traffic History This function is used to check the history of IAS-2000. The history of each day will be saved separately in the DRAM for at least3 days. Caution: Since the history is saved in the DRAM, if you need to restart the system and also keep the history, then please manually copy and save the information before restarting. 111 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration Click Download, you can save every history log in a text file. If the History Email has been entered under the Notification Configuration page, then the system will automatically send out the history information to that email address. y Traffic History As shown in the following figure, each line is a traffic history record consisting of 9 fields, Date, Type, Name, IP, MAC, Pkts In, Bytes In, Pkts Out, and Bytes Out, of user activities.
Chapter 5. Web Interface Configuration y Internal Service As shown in the following figure, the history record consists of 6 fields, DHCP Server, Syslog Server, SNMP Server, HTTP Server, Agent, SSH Server, EMS Server, RADIUS Server, Proxy Server and Redirector Server for network service status. y System Performance As shown in the following figure, the history record consists of 5 fields, CPU Usage %, Memory Usage %, Total Memory (KB), Memory Used (KB) and Memory Free (KB) of IAS-2000 status.
Chapter 5. Web Interface Configuration y On-demand User Log As shown in the following figure, each line is a on-demand user log record consisting of 13 fields, Date, System Name, Type, Name, IP, MAC, Pkts In, Bytes In, Pkts Out, Bytes Out, Expiretime, Validation and Remark, of user activities.
Chapter 5. Web Interface Configuration 5.5.5 Notification Configuration IAS-2000 will save the traffic history into the internal DRAM. If the administrator wants the system to automatically send out the history to a particular email address, please enter the related information in these fields. y Send From: The e-mail address of the administrator in charge of the monitoring. This will show up as the sender’s e-mail. y Send To: The e-mail address of the person whom the history email is for.
Chapter 5. Web Interface Configuration 5.5.6 Online Report This function provides real time on-line report of the IAS-2000 system including System Status, Service Status, Network Interface Status and Network Session Status. y System Status As shown in the following figure, the online report consists of 5 fields, CPU Usage, Memory Usage, Total Memory, Memory Used and Memory Free of IAS-2000 status.
Chapter 5. Web Interface Configuration y Network Interface Status As shown in the following figure, the online report consists of 5 fields, Interface, Speed-IN (bps), Speed-OUT (bps), Packet-IN (pps) and Packet-OUT (pps) for WAN and LAN status. y Network Session Status As shown in the following figure, the online report consists of 3 fields, IP, TCP session count and UDP session count. This report tells how many connections each IP address uses now. 117 Air Live IAS-2000 User’s Manual V1.0.
Chapter 5. Web Interface Configuration 5.6 Help On the screen, the Help button is on the upper right corner. Click Help to the Online Help window and then click the hyperlink of the items to get the information. 118 Air Live IAS-2000 User’s Manual V1.0.
Appendix A. External Network Access Appendix A External Network Access If all the steps are set properly, IAS-2000 can be further connected to the managed network to experience the controlled network access environment. Firstly, connect an end-user device to the network at IAS-2000’s LAN1/LAN2 and set to obtain an IP address automatically. After the network address is obtained at the user end, open an Internet browser and link to any website.
Appendix A. External Network Access 4. If you are an on-demand user, you can enter the username and password in the “User Login Page” and then click the Remaining button to know the remaining time or data quota of the account. 5. When an on-demand user logs in successfully, the following Login Successfully screen will appear and it is a little different from the normal user’s login successfully screen. There is an extra line showing “Remaining usage” and a “Redeem” button.
Appendix B. Console Interface Configuration Appendix B Console Interface Configuration Via this port to enter the console interface for the administrator to handle the problems and situations occurred during operation. 1. To connect the console port of IAS-2000, you need a console, modem cable and a terminal simulation program, such as the Hyper Terminal. 2. If you use Hyper Terminal, please set the parameters as 9600,8,n,1. Caution: the main console is a menu-driven text interface with dialog boxes.
Appendix B. Console Interface Configuration y Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and debugging. The utilities are described as following: ¾ Ping host (IP): By sending ICMP echo request to a specified host and wait for the response to test the network status. ¾ Trace routing path: Trace and inquire the routing path to a specific target.
Appendix B. Console Interface Configuration The username is “admin” and the default password is also “admin”, which is the same as for the web management interface. You can use this option to change the administrator’s password. Even if you forgot the password and are unable to log in the management interface from the web or the remote end of the SSH, you can still use the null modem to connect the console management interface and set the administrator’s password again.
Appendix C. Specifications Appendix C Specifications 1. Hardware Specification y Dimensions: 42.5cm(W) x 4.4cm(H) x 24cm(D) y Weight: 4.2kg y Power: 110-240 VAC 50/60Hz y Operating Temperature: 5-45°C y 19” 1U Rack Mount Design y 4 Fast Ethernet RJ 45 Connectors y 2 RS-232 Serial Ports y Supports 10/100Mbps Full / Half Duplex Transfer Speed 2. y Technical Specification Standards This system supports IEEE 802.1x, 802.11b and 802.
Appendix C.
