MW-2000Sv2 Hotspot Management Gateway User’s Manual
Declaration of Conformity We, Manufacturer/Importer OvisLink Corp. 5F., NO.6, Lane 130, Min-Chuan RD.
AirLive MW-2000S CE Declaration Statement Country cs Česky [Czech] Declaration OvisLink Corp. tímto prohlašuje, že tento AirLive MW-2000S je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES. da Dansk [Danish] Undertegnede OvisLink Corp. erklærer herved, at nl følgende udstyr AirLive MW-2000S overholder de Nederlands [Dutch væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. Hierbij verklaart OvisLink Corp.
Table of Contents Table of Contents Chapter 1. Before You Start....................................................................................................1 1.1 1.2 Audience ............................................................................................................................. 1 Document Convention......................................................................................................... 1 Chapter 2. System Overview...........................................
Table of Contents 7.2.3 7.2.4 7.3 Policy Configuration ...............................................................................................................116 Additional Configuration.........................................................................................................123 AP Management ............................................................................................................. 125 7.3.1 7.3.2 7.3.3 7.3.4 7.3.5 7.3.6 7.4 AP List ............................
Chapter 1. Before You Start Chapter 1. Before You Start 1.1 Audience This manual is intended for the system or network administrators with the networking knowledge to complete the step by step instructions of this manual in order to use the MW-2000S for a better management of network system and user data. 1.
Chapter 2. System Overview Chapter 2. System Overview 2.1 Introduction of MW-2000S Thank you for purchasing AirLive Hotspot Management Gateway MW-2000S. MW-2000S is a Hotspot Management Gateway, dedicatedly designed for small to medium-sized wireless network deployment and management, making it an ideal solution for easily managing the Hotspot service. With its user management features, administrators will be able to manage the whole process of wireless network access.
Chapter 2. System Overview 2.3 Specification 2.3.1 Hardware Specification y y General Form Factor: Mini-desktop Dimensions (W x D x H): 235 mm x 161.9 mm x 37.
Chapter 2. System Overview y Traffic History and Session Log MW-2000S features daily and monthly report to calculate the network access statistics of users; Session Log function records Source IP/MAC address, Destination IP/MAC address, port number, account name, and the time. Note: Please refer to the following chapter and learn more configurations to accomplish the Hotspot environment: Chapter 3.2 – Quick Software Configuration Chapter 7.1 – System Configuration Chapter 7.
Chapter 2. System Overview Service Zones y Co-work with WLA-5000AP With WLA-5000AP Multiple SSID function, MW-2000S can create and configure Multi-Service Zones. y Isolate Service Zones With VLAN, Multiple SSID and Policy setting, MW-2000S can separate the Service Zones from being accessed with each other.
Chapter 3. Base Installation Chapter 3. Base Installation 3.1 Hardware Installation 3.1.1 System Requirements y y Standard 10/100BaseT including five network cables with RJ-45 connectors All PCs need to install the TCP/IP network protocol 3.1.
Chapter 3. Base Installation y Power: o Light on: The power is switched on. o Light off: no power connected. WAN1/WAN2: The two WAN ports are connected to a network which is not managed by the AirLive MW-2000S system, and this port can be used to connect the ATU-Router of the ADSL, the port of a cable modem, or a switch or a hub on the LAN of a company. LAN1~LAN4: Clients’ machines connect to AirLive MW-2000S via LAN ports.
Chapter 3. Base Installation 3.1.4 Installation Steps Please follow the following steps to install MW-2000S: 1. Connect the DC power adapter to the power connector socket on the rear panel. The Power LED should be on to indicate a proper connection. 2. Connect an Ethernet cable to the WAN Port on the rear panel. Connect the other end of the Ethernet cable to ADSL modem, cable modem or a switch/hub of the internal network. The LED of this WAN port should be on to indicate a proper connection. 3.
Chapter 3. Base Installation 3.2 Quick Software Configuration There are two simple ways to configure the Hotspot system: Instant Account and Configuration Wizard. 3.2.1 Instant Account MW-2000S provides three different level account; admin, manager and operator. The default username and password as follows: Admin: The administrator can access all area of the AirLive MW-2000S.
Chapter 3. Base Installation Login with admin account: 1. Select System Configuration Æ WAN Configuration, and set up the WAN type and enter the necessary data. For more detail information please check chapter 7.1.3 WAN configuration. 2. Select System Configuration Æ System Information, configure the correct Time Zone and select to enable NTP server or set up time by manually. 3.
Chapter 3. Base Installation Login with manager account: 1. Select User Authentication Æ Authentication Configuration Æ On-demand User; in this item you can define General Settings, Ticket Customization, Billing Plans, External Payment Gateway, On-demand Account Creation, and On-demand Account List. 2. Select User Authentication Æ Authentication Configuration Æ On-demand User Æ Billing Plans, click Edit button to define the related information based on your policy.
Chapter 3. Base Installation Login with operator account: 1. Click Create to create a new account. 2. Click Printout to print ticket.
Chapter 3. Base Installation 3.2.2 Configuration Wizard MW-2000S provides Configuration Wizard for network administrators to quickly set up a basic system as a starting point to easily test the authentication and network connection. The 6 steps are listed below: 1. Change Admin’s Password 2. Choose System’s Time Zone 3. Set System Information 4. Select the Connection Type for WAN Port 5. Set Authentication Method 6.
Chapter 3. Base Installation y Step 3: Set System Information Home Page: Enter the URL to where users should be directed when the user is successfully authenticated. A default address is supplied too. NTP Server: Enter the URL of external time server for MW-2000S time synchronization or use the default server address. DNS Server: Enter a DNS Server provided by the ISP (Internet Service Provider). Contact the ISP if the DNS IP Address is unknown. Click Next to continue.
Chapter 3. Base Installation ¾ PPPoE Client: Set PPPoE Client’s Information Enter the “Username” and “Password” provided by the ISP. Click Next to continue. y Step 5: Step 5. Add Local User Account A new user can be added to the local user data base. To add a user here, enter the Username (e.g. test), Password (e.g. test), MAC (optional, to specify the valid MAC address of this user) and assign it a policy (or use the default). Click the Add Now button to add the user.
Chapter 3. Base Installation y Step 6. Save and Restart MW-2000S Click Restart to save the current settings and restart MW-2000S. The Setup Wizard is now completed. Click Restart to continue. y Restart: When MW-2000S is restarting, a “Restarting now. Please wait for a moment.” message will appear on the screen. Please do not interrupt MW-2000S until the message has disappeared. This indicates that a complete and successful restart process has finished.
Chapter 4 Basic Hotspot Configuration Chapter 4. Basic Hotspot Configuration This chapter will guide user to install basic Hotspot function step by step, so user can realize how to install and configure MW-2000S. If user needs to configure more MW-2000S feature, please check Chapter 7 Web Interface Configuration to know more detail information. User can follow the steps to configure basic Hotspot setting: Chapter 4.1 – Setup Internet Connection Chapter 4.2 – Setup Default Service Zone Chapter 4.
Chapter 4.
Chapter 4 Basic Hotspot Configuration 4.1 Setup Internet Connection STEP 1﹒Enter System Configuration Æ WAN1 Configuration to define the WAN connection. User can configure WAN connecting type with Static IP, Dynamic IP, PPPoE, or PPTP client based on the request. STEP 2﹒If user applies two Internet connections, the second line can be setup at WAN2, and enable Load balancing or Failover function at WAN Traffic Setting. For more information to configure WAN port setting, please check Chapter 7.1.
Chapter 4. Basic Hotspot Configuration 4.2 Setup Default Service Zones STEP 1﹒System Configuration Æ Service Zones: If user does not configure specific Service Zones, each user will follow default zone. For more detail configuration please check Chapter 7.1.7 Service Zones. STEP 2﹒Select Authentication type as On-demand User.
Chapter 4 Basic Hotspot Configuration STEP 3﹒Customize the Login / Logout page. User can choose to use the default page, or use Template Page, Uploaded Page, or External Page to customize the page. For more detail information of customized page please check Appendix H Customizable Pages. STEP 4﹒Take Template Page as example, user can select to design color of text and background, change the word of text and button, change logo, and replace the image file of background.
Chapter 4. Basic Hotspot Configuration 4.3 Setup Authentication Account STEP 1﹒Enter User Authentication Æ Authentication Configuration, select On-demand User. STEP 2﹒User can configure the advanced feature at main page of Authentication Server. STEP 3﹒ Click Configure button of General Settings and change Monetary Unit to EUR.
Chapter 4 Basic Hotspot Configuration STEP 4﹒Back to Authentication Server Configuration page, click Configure button of Billing Plans to create the billing plans. STEP 5﹒Create two plans with Time and Volume type, specify the Quota and expired time, and then click Apply to save the configuration.
Chapter 4. Basic Hotspot Configuration STEP 6﹒Back to Authentication Server Configuration page, if user would like to enable Credit Card payment system, user can click Create button of External Payment Gateway. Select Authorize.net or PayPal system based on user’s request. For more detail information of Authorize.net and PayPal please check Appendix D and Appendix E.
Chapter 4 Basic Hotspot Configuration 4.4 How to create On-demand account STEP 1﹒Back to Authentication Server Configuration page, and click Create button. STEP 2﹒Enter On-demand Account Creation page, press Create button to generate a random account.
Chapter 4. Basic Hotspot Configuration STEP 3﹒Press Printout button, the ticket can be printed out via ticket printer.. STEP 4﹒If Billing Plans is created several plans, user can choose to generate the random account from ticket printer. Click the Function key Selection button to choose the billing rule. STEP 5﹒Basic Hotspot configuration is done.
Chapter 5. Multi-Service Providers Chapter 5. Multi-Service Providers 5.1 Introduction User can install one single MW-2000S to offer the Internet connecting service with several service providers; each service provider can design its own login page and connect to its own RADIUS server as the database of User Authentication.
Chapter 5.
Chapter 5. Multi-Service Providers 5.2 Before to start There are several things user must pay attention, before you start to configure it: 1. The firmware version must be correct The current firmware version of MW-2000S is 2.00.00_00900, and WLA-5000AP firmware version must be v2.00e12, or MW-2000S will not succeed to detect WLA-5000AP. 2.
Chapter 5. Multi-Service Providers 5.3 Setup Internet Connection STEP 1﹒Enter System Configuration Æ WAN1 Configuration to define the WAN connection. User can configure WAN connecting type with Static IP, Dynamic IP, PPPoE, or PPTP client based on the request. STEP 2﹒If user applies two Internet connections, the second line can be setup at WAN2, and enable Load balancing or Failover function at WAN Traffic Setting. For more information to configure WAN port setting, please check Chapter 7.1.
Chapter 5. Multi-Service Providers 5.4 Setup Service Zones Environment: Service Zone SSID IP Subnet Authentication Policy Priority Airport Airport 192.168.11.x Local database Policy 1 Best Effort O2 O2 192.168.12.x RADIUS Policy 2 Background Orange Orange 192.168.13.x RADIUS Policy 3 Background STEP 1﹒System Configuration Æ Service Zones: Create the first Service Zone for Airport office worker. You can check Chapter 7.1.7 for more information about Service Zones.
Chapter 5. Multi-Service Providers STEP 2﹒System Configuration Æ Service Zones: Create the second Service Zone for O2 Service Provider.
Chapter 5. Multi-Service Providers STEP 3﹒Customize the Login / Logout page. User can choose to use the default page, or use Template Page, Uploaded Page, or External Page to customize the page. For more detail information of customized page please check Appendix H Customizable Pages.
Chapter 5. Multi-Service Providers STEP 4﹒Take Template Page as example, user can select to design color of text and background, change the word of text and button, change logo, and replace the image file of background.
Chapter 5. Multi-Service Providers STEP 5﹒System Configuration Æ Service Zones: Create the third Service Zone for Orange Service Provider.
Chapter 5. Multi-Service Providers STEP 6﹒Customize the Login / Logout page. User can choose to use the default page, or use Template Page, Uploaded Page, or External Page to customize the page. For more detail information of customized page please check Appendix H Customizable Pages. STEP 7﹒Take Template Page as example, user can select to design color of text and background, change the word of text and button, change logo, and replace the image file of background.
Chapter 5. Multi-Service Providers 5.5 Setup Authentication Account STEP 1﹒Create Local database account for Airport office worker. Select Server1 as default server of authentication, and enable the setting. Then click Server1 to enter the next step. STEP 2﹒User can change Server Name, Postfix Name, or enable Black List; select Local as Authentication Method, and click Local User Setting button to enter Local User Setting page. STEP 3﹒If user does not need to enable RADIUS Roaming Out or 802.
Chapter 5. Multi-Service Providers STEP 4﹒Click Add User to create new user. STEP 5﹒Fill in Username, Password, and else information; select a specific Service Zones, then click Apply to save the setting. For more detail information to setup local user please check Chapter 7.2.1.1 Authentication Method – Local.
Chapter 5. Multi-Service Providers STEP 6﹒Setup RADIUS connection with RADIUS Server for O2 and Orange Service providers. Authorized the account with different RADIUS server, therefore the Service Provider can provide the Internet service with own billing system and user authentication database. For more detail information to setup local user please check Chapter 7.2.1.3 Authentication Method – RADIUS. 5.
Chapter 5. Multi-Service Providers STEP 3﹒When MW-2000S detects the AP, system will create the connection automatically, so user can define AP’s setting via MW-2000S. STEP 4﹒Change AP Name, select AirPort, O2, and Orange Service Zone, and click Add to modify WLA-5000AP.
Chapter 5. Multi-Service Providers STEP 5﹒Page will turn to AP List and WLA-5000AP will be configuring with the data we set; when the configuration is done, the table will be listed a new AP device in AP List. 5.7 Setup Policy Currently, the default setting of MW-2000S allows passing through every Service Zones. So, if system does not block all connection at first, it might need to create more complicate Policy setting in order to reach the request.
Chapter 5. Multi-Service Providers STEP 1﹒Click User Authentication Æ Policy Configuration and select Global”; click Setting button of Firewall Profile to enter the setting. STEP 2﹒Click Firewall Rules to configure the firewall setting. STEP 3﹒Click No. 1 firewall rule to edit more firewall setting.
Chapter 5. Multi-Service Providers STEP 4﹒Input the Rule name, select Source and Destination Interface as ALL, and enable the Action as Block. STEP 5﹒Enable the Active of first rule, and click Apply to save the setting. STEP 6﹒When Global Policy setting is done, then to configure Policy 1, 2 and 3.
Chapter 5. Multi-Service Providers STEP 7﹒Configure Policy 1 to enable the connection from Airport Service Zone to Internet, and define the Traffic Class as Best Effort. Click Setting button of Firewall Profile to enter the setting. STEP 8﹒Click Firewall Rules to configure the firewall setting. STEP 9﹒Click No. 1 firewall rule to edit more firewall setting.
Chapter 5. Multi-Service Providers STEP 10﹒Input the Rule name, select Source Interface as Airport and Destination Interface as WAN1, then enable the Action to Pass. STEP 11﹒Enable the Active of first rule, and click Apply to save the setting. STEP 12﹒Enter User Authentication Æ Policy Configuration, and press QoS Profile button.
Chapter 5. Multi-Service Providers STEP 13﹒Select Best Effort for Traffic Class, and specify the total speed and the limitation for Downlink and Uplink. Click Apply to save the setting and finish the configuration of Policy 1. STEP 14﹒Configure Policy 2 to enable the connection from O2 Service Zone to Internet, and define the Traffic Class as Background. Click Setting button of Firewall Profile to enter the setting. STEP 15﹒Click Firewall Rules to configure the firewall setting.
Chapter 5. Multi-Service Providers STEP 16﹒Click No. 1 firewall rule to edit more firewall setting. STEP 17﹒Input the Rule name, select Source Interface as O2 and Destination Interface as WAN1, then enable the Action to Pass.
Chapter 5. Multi-Service Providers STEP 18﹒Enable the Active of first rule, and click Apply to save the setting. STEP 19﹒Enter User Authentication Æ Policy Configuration, and press QoS Profile button. STEP 20﹒Select Background for Traffic Class, and specify the total speed and the limitation for Downlink and Uplink. Click Apply to save the setting and finish the configuration of Policy 2.
Chapter 5. Multi-Service Providers STEP 21﹒Configure Policy 3 to enable the connection from Orange Service Zone to Internet, and define the Traffic Class as Background. Click Setting button of Firewall Profile to enter the setting. STEP 22﹒Click Firewall Rules to configure the firewall setting. STEP 23﹒Click No. 1 firewall rule to edit more firewall setting.
Chapter 5. Multi-Service Providers STEP 24﹒Input the Rule name, select Source Interface as Orange and Destination Interface as WAN1, then enable the Action to Pass. STEP 25﹒Enable the Active of first rule, and click Apply to save the setting. STEP 26﹒Enter User Authentication Æ Policy Configuration, and press QoS Profile button.
Chapter 5. Multi-Service Providers STEP 27﹒Select Background for Traffic Class, and specify the total speed and the limitation for Downlink and Uplink. Click Apply to save the setting and finish the configuration of Policy 3. STEP 28﹒Multi-Service Providers setting is complete.
Chapter 6. Multi-Service Zones Chapter 6. Multi-Service Zones 6.1 Introduction MW-2000S supports WMM QoS to classify packets’ priority, Voice, Video, Best Effort, and Background. So user can deploy MW-2000S and create several Service Zones with different priority, in order to make internal network more efficiency. Following steps offer the example of step-by-step configuration. In the example, we will create a Multi-Service Zones environment for Office Users, Guest, and IPCAM.
Chapter 6.
Chapter 6. Multi-Service Zones 6.2 Before to start There are several things user must pay attention, before you start to configure it: 1. The firmware version must be correct The current firmware version of MW-2000S is 2.00.00_00900, and WLA-5000AP firmware version must be v2.00e12, or MW-2000S will not succeed to detect WLA-5000AP. 2.
Chapter 6. Multi-Service Zones 6.3 Setup Internet Connection STEP 1﹒Enter System Configuration Æ WAN1 Configuration to define the WAN connection. User can configure WAN connecting type with Static IP, Dynamic IP, PPPoE, or PPTP client based on the request. STEP 2﹒If user applies two Internet connections, the second line can be setup at WAN2, and enable Load balancing or Failover function at WAN Traffic Setting. For more information to configure WAN port setting, please check Chapter 7.1.3, Chapter 7.1.
Chapter 6. Multi-Service Zones 6.4 Setup Service Zones Environment: Service Zone SSID IP Subnet Authentication Policy Priority Office Office 192.168.11.x Local database Policy 1 Best Effort IPCAM IPCAM 192.168.12.x Disable Policy 2 Video Guest Guest 192.168.13.x On-demand Policy 3 Background STEP 1﹒System Configuration Æ Service Zones: Create the first Service Zone for office worker. You can check Chapter 7.1.7 for more information about Service Zones.
Chapter 6. Multi-Service Zones STEP 2﹒System Configuration Æ Service Zones: Create the second Service Zone for IP Camera.
Chapter 6. Multi-Service Zones STEP 3﹒System Configuration Æ Service Zones: Create the third Service Zone for Guest uses .
Chapter 6. Multi-Service Zones 6.5 Setup Authentication Account STEP 1﹒Create Local database account for office worker. Select Server1 as default server of authentication, and enable the setting. Then click Server1 to enter the next step.
Chapter 6. Multi-Service Zones STEP 2﹒User can change Server Name, Postfix Name, or enable Black List; select Local as Authentication Method, and click Local User Setting button to enter Local User Setting page. STEP 3﹒If user does not need to enable RADIUS Roaming Out or 802.1x Authentication, just click Edit Local User List to check current user list or create new local user. STEP 4﹒Click Add User to create new user.
Chapter 6. Multi-Service Zones STEP 5﹒Fill in Username, Password, and else information; select a specific Service Zones, then click Apply to save the setting. For more detail information to setup local user please check Chapter 7.2.1.1 Authentication Method – Local. STEP 6﹒Setup On-demand account for Guest user. The account can be generated by randomly, and specify part of limitation. Click On-demand User to enter the next step.
Chapter 6. Multi-Service Zones STEP 8﹒ Click Edit button to configure the setting. STEP 9﹒Select Volume at Type; the available Quota is 500Mbyes; guest has to use the account in one day; the account will be expired in 2 days; and the price is free of charge. Click Apply to save the configuration.
Chapter 6. Multi-Service Zones STEP 10﹒ Click Enable and then click Apply to save the setting. STEP 11﹒Back to Authentication Server Configuration page, click Create button of On-demand Account Creation to create a random account for guest user.
Chapter 6. Multi-Service Zones STEP 12﹒Select the Plan Type and press Create button to create a new account. STEP 13﹒When guest user receives the ticket, he can input the username and password to pass the authentication and access Internet, till he spends out the quota. For more detail information to setup local user please check Chapter 7.2.1.6 Authentication Method – ONDEMAND.
Chapter 6. Multi-Service Zones 6.6 Setup AP Management STEP 6﹒AP Management Æ AP Discovery: Connect WLA-5000AP to MW-2000S Public Port, and use AP Management function to auto-detect and auto-configure WLA-5000AP. For more information please check Chapter 7.3.2 AP Discovery. STEP 7﹒Select “WLA-5000AP” and press Scan Now to detect AP. STEP 8﹒When MW-2000S detects the AP, system will create the connection automatically, so user can define AP’s setting via MW-2000S.
Chapter 6. Multi-Service Zones STEP 9﹒Change AP Name, select Office, IPCAM, and Guest Service Zone, and click Add to modify WLA-5000AP. STEP 10﹒Page will turn to AP List and WLA-5000AP will be configuring with the data we set; when the configuration is done, the table will be listed a new AP device in AP List.
Chapter 6. Multi-Service Zones 6.7 Setup Policy Currently, the default setting of MW-2000S allows passing through every Service Zones. So, if system does not block all connection at first, it might need to create more complicate Policy setting in order to reach the request. Once the default setting is changing to block all connection, the policy can be more easily that you just need to open the necessary connection. User can follow the steps to configure the Policy rules for Multi-Service Providers: 1.
Chapter 6. Multi-Service Zones STEP 3﹒Click No. 1 firewall rule to edit more firewall setting. STEP 4﹒Input the Rule name, select Source and Destination Interface as ALL, and enable the Action as Block. STEP 5﹒Enable the Active of first rule, and click Apply to save the setting.
Chapter 6. Multi-Service Zones STEP 6﹒When Global Policy setting is done, then to configure Policy 1, 2 and 3. STEP 7﹒Configure Policy 1 to enable the connection from Office Service Zone to Internet, the connection between MIS (192.168.11.11) and IPCAM (192.168.12.12), and define the Traffic Class as Best Effort. Click Setting button of Firewall Profile to enter the setting. STEP 8﹒Click Firewall Rules to configure the firewall setting. STEP 9﹒Click No. 1 firewall rule to edit more firewall setting.
Chapter 6. Multi-Service Zones STEP 10﹒Enter the first rule and input the Rule name, select Source Interface as Office and Destination Interface as WAN1; then enable the Action to Pass. STEP 11﹒Enter the second rule and input the Rule name, select Source Interface as Office and specify the IP address with 192.168.11.11; select Destination Interface as IPCAM and specify the IP address with 192.168.12.12; then enable the Action to Pass.
Chapter 6. Multi-Service Zones STEP 12﹒Enter the third rule and input the Rule name, select Source Interface as IPCAM and specify the IP address with 192.168.12.12; select Destination Interface as Office and specify the IP address with 192.168.11.11; then enable the Action to Pass. STEP 13﹒Enable the Active of rules, and click Apply to save the setting. STEP 14﹒Enter User Authentication Æ Policy Configuration, and press QoS Profile button.
Chapter 6. Multi-Service Zones STEP 15﹒Select Best Effort for Traffic Class, and specify the total speed and the limitation for Downlink and Uplink. Click Apply to save the setting and finish the configuration of Policy 1. STEP 16﹒Configure Policy 2 to enable the connection between IPCAM (192.168.12.12) and MIS (192.168.11.11), and define the Traffic Class as Video. Click Setting button of Firewall Profile to enter the setting. STEP 17﹒Click Firewall Rules to configure the firewall setting.
Chapter 6. Multi-Service Zones STEP 18﹒Click No. 1 firewall rule to edit more firewall setting. STEP 19﹒Enter the first rule and input the Rule name, select Source Interface as IPCAM and specify the IP address with 192.168.12.12; select Destination Interface as Office and specify the IP address with 192.168.11.11; then enable the Action to Pass.
Chapter 6. Multi-Service Zones STEP 20﹒Enter the second rule and input the Rule name, select Source Interface as Office and specify the IP address with 192.168.11.11; select Destination Interface as IPCAM and specify the IP address with 192.168.12.12; then enable the Action to Pass. STEP 21﹒Enable the Active of first rule, and click Apply to save the setting. STEP 22﹒Enter User Authentication Æ Policy Configuration, and press QoS Profile button.
Chapter 6. Multi-Service Zones STEP 23﹒Select Video for Traffic Class, and click Apply to save the setting and finish the configuration of Policy 2. STEP 24﹒Configure Policy 3 to enable the connection from Guest Service Zone to Internet, and define the Traffic Class as Background. Click Setting button of Firewall Profile to enter the setting. STEP 25﹒Click Firewall Rules to configure the firewall setting. STEP 26﹒Click No. 1 firewall rule to edit more firewall setting.
Chapter 6. Multi-Service Zones STEP 27﹒Input the Rule name, select Source Interface as Guest and Destination Interface as WAN1, and then enable the Action to Pass. STEP 28﹒Enable the Active of first rule, and click Apply to save the setting. STEP 29﹒Enter User Authentication Æ Policy Configuration, and press QoS Profile button.
Chapter 6. Multi-Service Zones STEP 30﹒Select Background for Traffic Class, and specify the total speed and the limitation for Downlink and Uplink. Click Apply to save the setting and finish the configuration of Policy 3. STEP 31﹒Multi-Service Providers setting is complete.
Chapter 7. Web Interface Configuration Chapter 7. Web Interface Configuration This chapter will guide you through further detailed settings. The following table is the UI and functions of the MW-2000S.
Chapter 7. Web Interface Configuration 7.1 System Configuration This section includes the following functions: Configuration Wizard, System Information, WAN1 Configuration, WAN2 Configuration, WAN Traffic Settings, Private LAN Configuration and Service Zone. 7.1.1 Configuration Wizard Please refer to 3.2 Quick Software Configuration for the detailed description of Configuration Wizard.
Chapter 7. Web Interface Configuration 7.1.2 System Information Most of the major system information about MW-2000S can be set here. Please refer to the following description for each field: y System Name: Set the system’s name or use the default name. y Device Name: FQDN (Fully-Qualified Domain Name). This is the domain name of the MW-2000S as seen on client machines connected on LAN ports. A user on client machine can use this domain name to access MW-2000S instead of its IP address.
Chapter 7. Web Interface Configuration y Access History IP: Specify an IP address of the administrator’s computer or a billing system to get billing history information of MW-2000S with the predefined URLs as the following: Traffic History:https://10.2.3.213/status/history/2005-02-17 On-demand History:https://10.2.3.213/status/ondemand_history/2005-02-17 y Management IP Address List: The IP address or subnet of remote management PCs.
Chapter 7. Web Interface Configuration 7.1.3 WAN1 Configuration There are 4 connection types for the WAN1 Port: Static IP Address, Dynamic IP Address, PPPoE and PPTP Client. y Static IP Address: Manually specifying the IP address of the WAN port. The red asterisks indicate required fields to be filled in. IP address: the IP address of the WAN1 port. Subnet mask: the subnet mask of the network WAN1 port connects to. Default gateway: a gateway of the network WAN1 port connects to.
Chapter 7. Web Interface Configuration y PPPoE Client: When selecting PPPoE to connect to the network, please set the “User Name” and “Password”. There is a Dial on demand function under PPPoE. If this function is enabled, Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself. y PPTP Client: Set WAN1 port to connect to external PPTP server to establish PPTP VPN tunnel.
Chapter 7. Web Interface Configuration 7.1.4 WAN2 Configuration Select None to disable this WAN2 interface, or there are 3 connection types for the WAN2 port: Static IP Address, Dynamic IP Address and PPPoE Client. y None: The WAN2 Port is disabled. y Static IP Address: Manually specifying the IP address of the WAN port. The red asterisks indicate required fields to be filled in. IP address: the IP address of the WAN2 port. Subnet mask: the subnet mask of the network WAN2port connects to.
Chapter 7. Web Interface Configuration y PPPoE Client: When selecting PPPoE to connect to the network, please set the “User Name” and “Password”. There is a Dial on demand function under PPPoE. If this function is enabled, Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself.
Chapter 7. Web Interface Configuration 7.1.5 WAN Traffic Settings The section is for administrators to configure the control over the entire system’s traffic though the WAN interface (WAN1 and WAN2 ports). Available Bandwidth on WAN Interface: y Uplink: It specifies the maximum uplink bandwidth that can be shared by clients of the system. y Downlink: It specifies the maximum downlink bandwidth that can be shared by clients of the system.
Chapter 7. Web Interface Configuration 7.1.6 Private LAN Configuration When accessing the network through the Private LAN port, users are not required to be authenticated. In this section, you can set the related configuration for the private LAN port and DHCP server. y Private LAN Operation Mode: Choose one of the two modes, NAT mode and Router mode, by the requirements. IP Address: Enter the desired IP address for the uncontrolled port.
Chapter 7. Web Interface Configuration Start/End IP Address: These fields define the IP address range that will be assigned to the Private LAN clients. Preferred DNS Server: The primary DNS server for the DHCP. Alternate DNS Server: The substitute DNS server for the DHCP. Domain Name: Enter the domain name. WINS IP Address: Enter the IP address of WINS. Lease Time: Choose the time to change the DHCP.
Chapter 7. Web Interface Configuration 7.1.7 Service Zones A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices. By associating a unique VLAN Tag and SSID with a Service Zone, administrators can separate wired network and wireless network into different logical zones.
Chapter 7. Web Interface Configuration 1) Service Zone Settings – Basic Settings ¾ ¾ ¾ ¾ Service Zone Status: Each service zone can be enabled or disabled except for the default service zone. Service Zone Name: The name of service zone could be input here. Network Settings: o Operation Mode: Contains NAT mode and Router mode. When NAT mode is chosen, the service zone runs in NAT mode. When Router mode is chosen this service zone runs in Router mode. o IP address: The IP Address of this service zone.
Chapter 7. Web Interface Configuration 2) Service Zone Settings – SIP Interface Configuration The system provides SIP proxy functionality, which allows SIP clients to pass through NAT. When enabled, all SIP traffic can pass through NAT via a fixed WAN interface. The policy route setting of SIP Authentication must be configured carefully because it must cooperate with the fixed WAN interface for SIP authentication. SIP Transparent Proxy can be activated in both NAT and Router mode.
Chapter 7. Web Interface Configuration ¾ Email Message for Login Reminding: When enabled, the system will automatically send an email to users if they attempt to send/receive their emails using POP3 email program (for example, Microsoft Outlook) before they are authenticated. Click Edit Mail Message to edit the message in HTML format: 4) Service Zone Settings – Wireless Settings ¾ ¾ Set SSID: Each service zone can be mapped with its own SSID.
Chapter 7. Web Interface Configuration 7.2 User Authentication This section includes the following functions: Authentication Configuration, Black List Configuration, Policy Configuration and Additional Configuration.
Chapter 7. Web Interface Configuration 7.2.1 Authentication Configuration This section is for administrators to pre-configure authentication servers for the entire system's Service Zones. For a particular Service Zone, administrators can enable all the authentication servers which will be used and also specify a default authentication server in the page of Service Zone Settings.
Chapter 7. Web Interface Configuration 7.2.1.1 Authentication Method - Local y Name: Set a name for the authentication option by using numbers (0~9), alphabets (a~z or A ~Z), dash (-), underline (_), space and dot (.) only. The length of this field is up to 40 characters. This name is used for the administrator to identify the authentication options easily such as HQ-RADIUS. y Postfix: A postfix is used to inform the system which authentication option to be used for authenticating an account (e.g.
Chapter 7. Web Interface Configuration y Add User: Click this button to enter into the Adding User(s) to the List interface. Fill in the necessary information such as “Username”, “Password”, “MAC” and “Remark”. Select a desired Policy and choose whether to enable Local VPN. Only “Username” and “Password” are required information. Check the desired service zone(s) in Service Zones area; it means that the client is able to log in the system via the checked service zone(s). The rest are optional.
y Chapter 7. Web Interface Configuration Upload User: Click this to enter the Upload User from File interface. Click the Browse button to select the text file for uploading user account, then click Upload to execute the upload process. The file for uploading should be a text file containing in each line the following information: Username, Password, MAC Address, Applied Policy, Remark, Local VPN enabled. There must be no spaces between the fields and commas.
Chapter 7. Web Interface Configuration y Del All: Click on this button to delete all the users at once and click on Delete to delete the user individually. y y Edit User: If editing the content of individual user account is needed, click the username of the desired user account to enter the Editing Existing User Data Interface for that particular user, and then modify or add any desired information such as “Username”, “Password”, “MAC”, “Policy” and “Remark” (optional) .
Chapter 7. Web Interface Configuration 7.2.1.2 Authentication Method - POP3 Clients may login the system by their POP3 accounts. There are two sets of POP3 server provided by the system, primary and secondary which are for fault tolerance. When POP3 Server is enabled, at least one POP3 server will be required. Local VPN function can be enabled for clients authenticated by POP3 authentication method.
Chapter 7. Web Interface Configuration 7.2.1.3 Authentication Method - RADIUS The system supports authentication by an external RADIUS authentication database. The system allows each RADIUS domain to have a pair of RADIUS servers, primary and secondary, for backing up each other. The system functions as a RADIUS authenticator for external RADIUS servers. Click the hyperlink Configure for further configuration. The RADIUS server sets the external authentication for clients.
y y y y y y y y y y Chapter 7. Web Interface Configuration 802.1X Authentication: The system supports 802.1X. When the option is enabled, an extra link will become available for going to the Roaming Out and 802.1X Client Device Settings page, the administrator could further set up for the 802.1x capable device that are allowed to authenticate against the local user database. Select 802.1X Authentication from the hyperlink. Enter IP address, Subnet Mask, and shared Secret Key of the authorized devices.
Chapter 7. Web Interface Configuration 7.2.1.4 Authentication Method - LDAP The system supports authentication by an external LDAP authentication database. There are two sets of LDAP server provided by the system, primary and secondary, which are for fault tolerance. Click the hyperlink Configure for further configuration. Enter the related information for the primary server and/or the secondary server (the secondary server is not required). Information is required for fields with red asterisks.
Chapter 7. Web Interface Configuration 7.2.1.5 Authentication Method - NT Domain The system supports authentication by an external NT Domain authentication database. y y Server: The IP address of the external NT Domain Server. Transparent Login: Transparent Login means Windows NT Domain single sign on. When Transparent Login is enabled, clients will log in the system automatically after they have logged in the NT domain. Thus, clients only need to log in once.
Chapter 7. Web Interface Configuration 7.2.1.6 Authentication Method - ONDEMAND There are some deployment scenarios (for example, at venues such as coffee shops, hotels, restaurants, etc.) where retail customers or casual visitors want to get wireless Internet access. To offer the Wi-Fi access (either for commercial use or for free), user accounts should be able to be created upon request and account tickets/receipts should also be provided.
Chapter 7. Web Interface Configuration Ticket Customization On-demand account ticket can be customized here and previewed on the screen. 2) y y y Receipt Header: There are two receipt headers supported by the system. The entered content will be printed on the receipt. These headers are optional. Receipt Footer: The entered content will be printed on the receipt. This footer is optional.
Chapter 7. Web Interface Configuration 3) Billing Plans Administrators can configure several billing plans. Click Edit button to enter the page of Editing Billing Plan. While choose the different type of the plan, the details will be shown different. Click Apply to save the plan that manually set up by the administrators. Go back to the screen of Billing Plans, click Enable button, and then the plan is activated. y y y Plan: The number of the specific plan.
Chapter 7. Web Interface Configuration External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on-line. The three payment selections include: Authorize.Net, PayPal and Disable. 4) Authorize.Net Before setting up “Authorize.Net”, it is required that the merchant owners have a valid Authorize.Net account. Please see Appendix D.
Chapter 7. Web Interface Configuration Service Disclaimer Content/ Choose Billing Plan for Authorize.Net Payment Page/Client’s Purchasing Record ¾ ¾ ¾ Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer. Choose Billing Plan for Authorize.
Chapter 7. Web Interface Configuration Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content ¾ Authorize.Net Payment Page Fields Configuration Item: Check the box to show this item on the customer’s payment interface. Displayed Text: Enter what needs to be shown for this field. Required: Check the box to indicate this item as a required field. Credit Card Number: Credit card number of the customer.
Chapter 7. Web Interface Configuration First Name: The first name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter John in the First Name field indicating this customer’s name. Last Name: The last name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter Doe in the Last Name field indicating this customer’s name.
Chapter 7. Web Interface Configuration Service Disclaimer Content /Choose Billing for Payment Page ¾ Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer. ¾ Choose Billing Plan for PayPal Payment Page These 10 plans are the plans configured in Billing Plans page, and all previously enabled plans can be further enabled or disabled here, as needed. Enable/Disable: Choose to enable or cancel the plan.
Chapter 7. Web Interface Configuration ¾ PayPal Payment Page Remark Content The message content will be displayed as a special notice to end customers in the page of “Rate Plan”. For example, it can describe the cautions for making a payment via PayPal. 5) On-demand Account Creation On-demand accounts are listed and related. When at least one plan is enabled, the administrator can generate on-demand user accounts here. Click this to enter the On-demand Account Creation screen.
Chapter 7. Web Interface Configuration 6) y y y y y y y On-demand Account List All created On-demand accounts are listed and related information on is also provided. Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Username: The login name of the user. Password: The login password of the user.
Chapter 7. Web Interface Configuration 7.2.1.7 Authentication Method - SIP The system provides SIP proxy for SIP clients (devices or soft clients) pass through NAT. After enable SIP proxy server, all SIP traffic can pass through NAT with a selective but fixed WAN interface. Administrator will be able to add trusted SIP Registrars up to four of them. A policy can be chosen to govern SIP traffic. y y y y SIP: SIP authentication supports 4 Trusted SIP Registrar.
Chapter 5. Web Interface Configuration 7.2.2 Black List Configuration The administrator can add, delete, or edit the black list for user access control. Each black list can include up to 40 users. Users’ accounts that appear in the black list will be denied of network access. The administrator can use the pull-down menu to select the desired black list. y Select Black List: There are 5 lists to select from for the desired black list.
Chapter 7. Web Interface Configuration 7.2.3 Policy Configuration Global policy is the system's universal policy including Firewall, Specific Route and Privilege, which will be applied to all users unless the user has been regulated and applied to another policy. Each policy consists of Firewall Profile, Specific Route Profile, Schedule Profile, QoS Profile and Privilege Profile. Policies can be defined in the Policy tab.
Chapter 7. Web Interface Configuration Predefined and Custom Service Protocols: This link leads to a policy’s Service List page where the administrator can define a list of services by protocols. The service names defined here forms a choice list for configuring firewall rules. Firewall Rules: This link leads to the policy’s Firewall Rules page. Rule No.1 has the highest priority; rule No. 2 has the second priority, and so on.
Chapter 7. Web Interface Configuration Source/Destination IP: Enter the source and destination IP addresses. Source/Destination Subnet Mask: Enter the source and destination subnet masks. Source/Destination Start/End Port: Enter the range of source and destination ports. Source MAC Address: The MAC address of the source IP address. This is for specific MAC address filter. Action: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit packets passing.
¾ ¾ Chapter 7. Web Interface Configuration Schedule Profile The Schedule table in a 7x24 format is used to control the clients' login time. When Schedule is enabled, clients applied polices are only allowed to login the system at the time which is checked in the applied policy. QoS Profile Click the button of Setting for Schedule Profile to enter the Traffic Configuration list. Traffic Class: Each policy can choose its own traffic class.
Chapter 7. Web Interface Configuration ¾ Privilege Profile Click the button of Setting for Privilege Profile to enter the Policy Privilege Configuration list. Maximum Concurrent Sessions: The concurrent sessions for each user; it can be restricted by administrator. When a user reaches the session limit, this user will be implicitly suspended from any new connection for a fixed time period.
Chapter 7. Web Interface Configuration Firewall Rules: This link leads to the policy's Firewall Rules page. Rule No. 1 has the highest priority; rule No. 2 has the second priority, and so on. Each firewall rule is defined by Source, Destination, a Service out of the policy's Service List and a Pass/Block action. Optionally, a Firewall Rule Schedule can be set to specify when the firewall rule is enforced; it can be set to Always, Recurring or One Time.
Chapter 7. Web Interface Configuration ¾ Privilege Profile: Click the button of Setting for Privilege Profile, the Specific Route Profile list will appear. Maximum Concurrent Sessions: The concurrent sessions for each user; it can be restricted by administrator. When a user reaches the session limit, this user will be implicitly suspended from any new connection for a fixed time period.
Chapter 7. Web Interface Configuration 7.2.4 Additional Configuration y User Control: Functions under this section apply to all general users. Idle Timer: If a user has idled with no network activities, the system will automatically kick out the user. The logout timer can be set between 1~1440 minutes, and the default logout time is 10 minutes. Multiple Login: When enabled, a user can log in from different computers with the same account.
Chapter 7. Web Interface Configuration y Credit Reminder: The administrator can enable this function to remind the on-demand users before their credit run out. There are two kinds of reminder, Volume and Time. The default reminding trigger level for Volume is 1Mbyte and the level for Time is 5 minutes. y Enhance User Authentication: With this function, only the users with their MAC addresses in this list can log into MW-2000S. There are 40 users maximum allowed in this MAC address list.
Chapter 7. Web Interface Configuration 7.3 AP Management MW-2000S supports to manage up to 12 access points (AP), and they can be configured in this section. This section includes the following functions: AP List, AP Discovery, Manual Configuration, Template Settings, Firmware Management and AP Upgrade.
Chapter 7. Web Interface Configuration 7.3.1 AP List All of the APs under the management of MW-2000S will be shown in the list. The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status. Check any AP and then click the button below to Reboot, Enable, Disable and Delete the checked AP if desired. Click Apply Template to select one template to apply to the AP. Click Apply Service Zone to setup one Service Zone to the AP.
Chapter 7. Web Interface Configuration y AP Name Click AP Name and enter the interface about related settings. There four kinds of settings, General Settings, LAN Interface Setting, Wireless Interface Setting and Access Control Setting. Click the hyperlink to go on the configuration. ¾ General Setting: Click Setting to enter the General Setting interface. Revise the AP Name, Admin Password and Remark if desired. Firmware information can also be observed here.
Chapter 7. Web Interface Configuration ¾ LAN Setting: Click LAN to enter the LAN Setting interface. Input the data of LAN including IP address, Subnet Mask and Default Gateway of AP. ¾ Wireless LAN: Click Wireless LAN to enter the Wireless interface. The data of Properties and Security need to be filled.
Chapter 7. Web Interface Configuration Properties y SSID: The SSID is the unique name shared among all APs in a wireless network. The SSID must be the same for all APs in the wireless network. It is case sensitive and has a maximum length of 32 bytes. y SSID Broadcast: Select this option to enable the SSID to broadcast in the network. When configuring the network, it’s suggested to enable this function but also make sure to disable it when finished.
Chapter 7. Web Interface Configuration Security: There are four kinds of security type, WEP, WPA, WPA2 and WPA2 MIXED for selection. y Disable: Choose this type, there is no any encryption used but 802.1x Authentication and Authentication Type. For Authentication Type, choose Open System, Shared Key, or Both according to the settings of the AP and Client. Check 802.1x Authentication to enable this function and enter the related data, if necessary.
¾ Chapter 7. Web Interface Configuration Access Control: In this function, when the status is “Enabled”, only these clients whose MAC addresses are listed in this list can be allowed to connect to the AP. When “Disabled” is selected, all clients can connect to the AP. The default is Disabled.
Chapter 7. Web Interface Configuration ¾ LAN Status: The table shows information about IP Address, Subnet Mask and Gateway. ¾ Wireless LAN Status: The table shows all of the related wireless information. ¾ Access Control Status: The table shows the status of MAC of clients under the control of the AP. ¾ Associated Client Status: The table shows the clients connecting to the AP and the related information of the client.
Chapter 7. Web Interface Configuration 7.3.2 AP Discovery Use this function to detect and manage all of the APs in the network segments. y To discover AP manually, please fill in the required data. Interface: Check Private LAN or/and LAN1~4 and enter the Base IP and Pool Size (the discovered APs will be configured to use IP address among the pool). ¾ AP Access: Input the IP Address Range (the default is 192.168.2.1/192.168.2.1), ID (the default is admin) and Password (the default is 1234) of the AP.
Chapter 7. Web Interface Configuration y Auto-Discover: Click Configure to enter Auto-Discovery interface to go on related configuration. The Interface and AP Access configuration is the same as the settings mentioned above. When Auto-Discovery Status function is enabled, the system will scan once every 10 minutes or according to the time set by the administrator.
Chapter 7. Web Interface Configuration 7.3.3 Manual Configuration The AP also can be added manually even though when it is offline. Input the related data of the AP and select a Template. After clicking Add, the AP will be added to the managed list. 7.3.4 Template Settings Template is a model that can be copied to every AP and not necessary to configure the AP individually. There are three templates provided. Click Edit to go on configuration.
Chapter 7. Web Interface Configuration After entering the interface, revise the configuration for demand and change administrator’s password if desired. About other function settings, please refer to 5.3.1 AP List.
Chapter 7. Web Interface Configuration 7.3.5 Firmware Management Here AP’s firmware can be uploaded and the present firmware can be downloaded deleted. 7.3.6 AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware, and click Apply to upgrade firmware.
Chapter 7. Web Interface Configuration 7.4 Network Configuration This section includes the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled Garden List, Proxy Server Properties, Dynamic DNS, IP Mobility and VPN Termination.
Chapter 7. Web Interface Configuration 7.4.1 Network Address Translation There are three parts, Demilitarized Zone, Public Accessible Server and Port and Redirect, that can be set. y DMZ DMZ allows administrators to define mandatory external to internal IP mapping, hence a user on WAN side network can access the private machine via the external IP (similar to DMZ usage in firewall product). There are 40 sets of static Internal IP Address and External IP Address available.
Chapter 7. Web Interface Configuration y Public Accessible Server This function allows the administrator to set 40 virtual servers at most, so that the computers not belonging to the managed network can access the servers in the managed network via WAN port IP of MW-2000S. Please enter the “External Service Port”, “Local Server IP Address” and “Local Server Port”. According to the different services provided, the network service can use the TCP protocol or the UDP protocol.
Chapter 7. Web Interface Configuration 7.4.2 Privilege List There are two parts, Privilege IP Address List and Privilege MAC Address List that can be set. y Privilege IP Address List If there are some workstations belonging to the managed server that need to access the network without getting authenticated, enter the IP addresses of these workstations in this list. The “Remark” blank is not necessary to be filled in but is useful in record-keeping. MW-2000S allows 100 privilege IP addresses at most.
Chapter 7. Web Interface Configuration y Privilege MAC Address List In addition to the IP address, the MAC address of the workstations that need to access the network without getting authenticated can also be set in this list. MW-2000S allows 100 privilege MAC addresses at most. It is possible to manually create the list by entering the MAC address (the format is xx:xx:xx:xx:xx:xx) as well as entering the remark (not required). These settings will become effective immediately after clicking Apply.
Chapter 7. Web Interface Configuration 7.4.3 Monitor IP List MW-2000S will send out a packet periodically to monitor the connection status of the IP addresses on the list. If the monitored IP address does not respond, the system will send an e-mail to notify the administrator that such destination is not reachable. After entering the related information, click Apply and these settings will become effective immediately. Click Monitor to check the current status of all the monitored IPs.
Chapter 7. Web Interface Configuration 7.4.4 Walled Garden List This function provides some free services to the users to access websites listed here before login to the network and without being authenticated. Up to 20 addresses or domain names of the websites can be defined in this list. Users without the network access right can still have a chance to experience the actual network service free of charge.
Chapter 7. Web Interface Configuration 7.4.5 Proxy Server Properties MW-2000S supports Internal Proxy Server and External Proxy Server functions. y External Proxy Server: Under the MW-2000S security management, the system will match the External Proxy Server list to the end-users’ proxy setting. If there isn’t a matching, then the end-users will no be able to reach the login page and thus unable to access the network.
Chapter 7. Web Interface Configuration 7.4.6 Dynamic DNS MW-2000S provides a convenient DNS function to translate a domain name to the IP address of WAN port that helps the administrator memorize and connect to WAN port. If the DHCP is activated at WAN port, this function will also update the newest IP address regularly to the DNS server. These settings will become effective immediately after clicking Apply. y y y y y DDNS: Enabling or disabling of this function. Provider: Select a DNS provider.
Chapter 7. Web Interface Configuration 7.4.7 IP Mobility MW-2000S supports IP PNP function. At the user end, a static IP address can be used to connect to the system. Regardless of what the IP address at the user end is, authentication can still be performed through MW-2000S 7.4.8 VPN Configuration Virtual Private Network, or VPN, a type of technology designed to increase the security of information transferred over the Internet.
Chapter 7. Web Interface Configuration 7.5 Utilities This section provides four utilities to customize and maintain the system including Change Password, Backup/Restore Setting, Firmware Upgrade, Restart and Network Utilities.
Chapter 7. Web Interface Configuration 7.5.1 Change Password MW-2000S supports three accounts with different access privileges. Choose to log in as admin, manager or operator. The default password and access privilege for each account are as follow: Admin: The administrator can access all configuration pages of the MW-2000S.
Chapter 7. Web Interface Configuration 7.5.2 Backup/Restore Setting This function is used to backup/restore the MW-2000S settings. Also, MW-2000S can be restored to the factory default settings here. y Backup current system setting: Click Backup to create a .db database backup file and save it on disk. y Restore system setting: Click Browse to search for a .db database backup file created by MW-2000S and click Restore to restore to the same settings at the time the backup file was created.
Chapter 7. Web Interface Configuration 7.5.3 Firmware Upgrade The administrator can download the latest firmware and upgrade the system here. Click Browse to search for the firmware file and click Apply to process firmware upgrade. It might be a few minutes before the upgrade process completes and the system needs to be restarted to make the new firmware effective. Warning: 1. Firmware upgrade may cause the loss of some of the data.
Chapter 7. Web Interface Configuration 7.5.4 Restart This function allows the administrator to safely restart MW-2000S and the process should take about 100 seconds. Click YES to restart MW-2000S; click NO to go back to the previous screen. If turning off the power is necessary, it is recommended to restartMW-2000S first and then turn off the power after completing the restart process.
Chapter 7. Web Interface Configuration 7.6 Status This section includes System Status, Interface Status, Routing Table, Current Users, Traffic History, and Notification Configuration to provide system status information and online user status.
Chapter 7. Web Interface Configuration 7.6.1 System Status This section provides an overview of the system for the administrator.
Chapter 7. Web Interface Configuration The description of the table is as follows: Description Item Current Firmware Version The present firmware version of MW-2000S System Name The system name. The default is MW-2000S Home Page Syslog server-Traffic History Syslog server-On demand User log Proxy Server Warning of Internet Connection Disconnection WAN Failover SNMP Retained Days History The page the users are directed to after initial login success.
Chapter 7. Web Interface Configuration 7.6.2 Interface Status This section provides an overview of the interface for the administrator including WAN1, WAN2, LAN1~4, LAN1~4 DHCP Server, Private LAN, and Private LAN DHCP Server.
Chapter 7. Web Interface Configuration The description of the table is as follows. Description Item MAC Address WAN1 WAN2 IP Address The IP address of the WAN1 port. Subnet Mask The Subnet Mask of the WAN1 port. MAC Address The MAC address of the WAN2 port. IP Address Subnet Mask Status WINS IP Address LAN1~4 DHCP Server The MAC address of the WAN1 port. The IP address of the WAN2 port. The Subnet Mask of the WAN2 port. Enable/disable stands for status of the DHCP server on the LAN1~4 port.
Chapter 7. Web Interface Configuration 7.6.3 Routing Table All the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface. y y y Policy 1~12: Shows the information of the individual Policy from 1 to 12. Global Policy: Shows the information of the Global Policy. System: Shows the information of the system administration. ¾ Destination: The destination IP address of the device.
Chapter 7. Web Interface Configuration 7.6.4 Current Users In this function, each online user’s information including Username, IP, MAC, Pkts In, Bytes In, Pkts Out, Bytes Out, Idle, Location and Kick Out will be shown. Administrators can force out a specific online user by clicking the hyperlink of ”Logout” and check the user access AP status by clicking the hyperlink of the AP name for “Location.” Click Refresh is to update the current users list.
Chapter 7. Web Interface Configuration 7.6.5 Traffic History Administrator may view traffic history and On-demand User Log of up to 3 days. All records are sorted by date and listed accordingly. This function is used to check the traffic history of MW-2000S. The traffic history of each day will be saved separately in the DRAM for at least 3 days.
Chapter 7. Web Interface Configuration y Roaming Out Traffic History As shown in the following figure, each line is a roaming out traffic history record consisting of 14 fields, Date, Type, Name, NSID, NASIP, NASPort, UserMAC, SessionID, SessionTime, Bytes in, Bytes Out, Pkts In, Pkts Out and Message, of user activities.
Chapter 7. Web Interface Configuration 7.6.6 Notification Configuration MW-2000S can automatically send the notification of Monitor IP Report, Traffic History, On-demand User Log, Session Log and AP status to up to 3 particular e-mail address. The notification of AP Status is triggered by the event when a managed AP becomes unreachable while the other types of emails are sent periodically in given intervals such as 1 hour. A trial email is provided by the system for validation.
y y Chapter 7. Web Interface Configuration E-mail Notification Configuration: ¾ Send To: Up to 3 e-mail address can be set up to receive the notification. These are the receiver’s e-mail addresses. There are four kinds of notification to selection -- Monitor IP Report, Traffic History, On-demand User Log and AP Status, and check which type of notification to be sent. ¾ Interval: The time interval to send the e-mail report. ¾ Send Test Email: To test the settings immediately.
Chapter 7. Web Interface Configuration 7.7 Help On the screen, the Help button is on the upper right corner. Click Help to the Online Help window and then click the hyperlink of the items to get the information.
Appendix A: Network Configuration on PC Appendix A: Network Configuration on PC After MW-2000S is installed, the following configurations must be set up on the PC: Internet Connection Setup and TCP/IP Network Setup. y Internet Connection Setup Windows 9x/2000 1) Choose Start Æ Control Panel Æ Internet Options. 2) Choose the “Connections” label, and then click Setup.
Appendix A: Network Configuration on PC 4) Choose “I connect through a local area network (LAN)” and click Next. 5) DO NOT choose any option in the following LAN window for Internet configuration, and just click Next. 6) Choose “No”, and click Next.
Appendix A: Network Configuration on PC 7) Finally, click Finish to exit the Internet Connection Wizard. Now, the set up has been completed. Windows XP 1) Choose Start Æ Control Panel Æ Internet Option. 2) Choose the “Connections” label, and then click Setup.
Appendix A: Network Configuration on PC 3) Click Next when Welcome to the New Connection Wizard screen appears. 4) Choose “Connect to the Internet” and then click Next. 5) Choose “Set up my connection manually” and then click Next.
Appendix A: Network Configuration on PC 6) Choose “Connect using a broadband connection that is always on” and then click Next. 7) Finally, click Finish to exit the Connection Wizard. Now, you have completed the setup.
Appendix A: Network Configuration on PC y TCP/IP Network Setup If the operating system of your PC is Windows 95/98/ME/2000/XP, keep the default settings without any change to directly start/restart the system. With the factory default settings, during the process of starting the system, MW-2000S with DHCP function will automatically assign an appropriate IP address and related information for each PC.
Appendix A: Network Configuration on PC 3) Using DHCP: If you want to use DHCP, please choose “Obtain an IP address automatically” on the “IP Address” label and click OK. This is also the default setting of Windows. Then, reboot the PC to make sure an IP address is obtained from MW-2000S. 4) Using Specific IP Address: If you want to use specific IP address, you have to ask the network administrator for the information of MW-2000S: IP address, Subnet Mask, New gateway and DNS server address.
Appendix A: Network Configuration on PC y Choose “Gateway” label and enter the gateway address of MW-2000S in the “New gateway:” and then click Add and OK. y Choose “DNS Configuration” label. If the DNS Server column is blank, please click Enable DNS and then enter the DNS address or the DNS address provided by ISP. Then, click Add and click OK. Check the TCP/IP Setup of Window 2000 1) Select Start Æ Control Panel Æ Network and Dial-up Connections.
Appendix A: Network Configuration on PC 2) Click the right button of the mouse on “Local Area Connection” icon and then select “Properties”. 3) Select “Internet Protocol (TCP/IP)” and then click Properties. Now, you can choose to use DHCP or specific IP address, please proceed to the following steps. 4) Using DHCP: If want to use DHCP, please choose “Obtain an IP address automatically” and click OK. This is also the default setting of Windows.
Appendix A: Network Configuration on PC 5) Using Specific IP Address: If you want to use specific IP address, you have to ask the network administrator for the information of the MW-2000S: IP address, Subnet Mask, New gateway and DNS server address. Note: If your PC has been set up completed, please inform the network administrator before proceeding to the following steps.
y Appendix A: Network Configuration on PC Choose the “IP Settings” label and click Add below the “Default Gateways” column and the “TCP/IP Gateway Address” window will appear. Enter the gateway address of MW-2000S in the “Gateway” of “TCP/IP Gateway Address” window, and then click Add. After back to the “IP Settings” label, click OK to finish. Check the TCP/IP Setup of Window XP 1) Select Start Æ Control Panel Æ Network Connection.
Appendix A: Network Configuration on PC 2) Click the right button of the mouse on the “Local Area Connection” icon and select “Properties” 3) Select “General” label and choose “Internet Protocol (TCP/IP)” and then click Properties. Now, you can choose to use DHCP or specific IP address, please proceed to the following steps. 4) Using DHCP: If want to use DHCP, please choose “Obtain an IP address automatically” and click OK. This is also the default setting of Windows.
Appendix A: Network Configuration on PC 5) Using Specific IP Address: If want to use specific IP address, you have to ask the network administrator for the information of the MW-2000S: IP address, Subnet Mask, New gateway and DNS server address. Note: If your PC has been set up completed, please inform the network administrator before proceeding to the following steps.
Appendix A: Network Configuration on PC y Choose the “IP Settings” label and click “Add” below the “Default Gateways” column and the “TCP/IP Gateway Address” window will appear. Enter the gateway address of MW-2000S in the “Gateway” of “TCP/IP Gateway Address” window, and then click Add. After back to the “IP Settings” label, click OK to finish.
Appendix B: An Example of User Login Appendix B: An Example of User Login Normally, users will be authenticated before they get network access through MW-2000S. This section presents the basic authentication flow for end users. Please make sure that the MW-2000S is configured properly and network related settings are done. 1) Open an Internet browser and try to connect to any website (in this example, we try to connect to www.google.com).
Appendix B: An Example of User Login 3) Successful! Now you can start using the network. The “Starting Browsing” button will take you to the website where you originally want to visit or the home page that is configured in the system. Note: When On-demand accounts are used (for example, we use q77z@ondemand here), the system will display more information, as shown below. y Remaining usage: The remaining quota of this On-demand account that the user can surf the Internet.
Appendix B: An Example of User Login y Redeem: When the remaining quota is insufficient, the user can add up the quota by purchasing an additional account. Please enter the new username (for example, we use 6uh3@ondemand here) and password in the Redeem Page and click ENTER button to merge the two accounts so that there will be more quota for the original account (in this case, we add up additional quota of 200M bytes). Note: The maximum session time/data transfer is 24305 days/9,999,999 Mbyte.
Appendix C: Network Configuration on PC Appendix C: A Deployment Example of Service Zones Typical Application Scenario: Employee vs. Guest In this scenario, users are separated into Employee and Guest for the purpose of different levels of access control. Application Network Diagram: One Service Zone (associated with VLAN tag: 1111 and SSID: SZ1-Employee) is set up for employees while the other Service Zone (associated with VLAN tag: 2222 and SSID: SZ1-Guest) is set up for guests.
Appendix C: Network Configuration on PC 2. Enable the Service Zone and set up other basic information 3. Configure the SSID and other settings which will be applied to the managed APs in this Service Zone 4.
Appendix C: Network Configuration on PC 5.
Appendix D: Accepting Payments via Authorize.Net Appendix D: Accepting Payments via Authorize.Net This section is to show independent Hotspot owners how to configure related settings in order to accept credit card payments via Authorize.Net, making the Hotspot an e-commerce environment for end users to pay for and obtain Internet access using their credit cards.
Appendix D: Accepting Payments via Authorize.Net 1. Setting Up 1.1 Open Accounts To set up MW-2000S to process credit card billing, the merchant owner will need two accounts (Internet Merchant account and Authorize.Net account). If you are looking for a merchant account or Internet payment gateway to process transactions, you can fill out the Inquiry Form on http://www.authorize.net/solutions/merchantsolutions/merchantinquiryform/. 1.2 Configure MW-2000S using an Authorize.
Appendix D: Network Configuration on PC Some major fields are required: Setting Description Merchant Login ID Merchant Transaction Key This is the “Login ID” that comes with the Authorize.Net account. To get a new key, please log in Authorize.Net Æ Click Settings and Profile Æ Go to the “Security” section Æ Click Obtain Transaction Key Æ Enter “Secret Answer” Æ Click Submit. https://secure.authorize.net/gateway/transact.
Appendix D: Accepting Payments via Authorize.Net 2. Basic Maintenance In order to maintain the operation, merchant owners will have to manage the accounts and transactions via Authorize.Net as well as MW-2000S. 2.1 Void A Transaction and Remove the On-demand Account Created on MW-2000S Sometimes, a transaction (as well as the related user account on MW-2000S) may have to be canceled before it has been settled with the bank. a. To void an unsettled transaction, please log in Authorize.Net.
Appendix D: Network Configuration on PC 2.2 Refund A Settled Transaction and Remove the On-demand Account Generated on MW-2000S a. To refund a credit card, please log in Authorize.Net. Click Virtual Terminal Æ Select a Payment Method Æ Click Refund a Credit Card Æ Payment/Authorization Information Æ Type information in at least three fields: Card Number, Expiration Date, and Amount Æ Confirm and click Submit. b. To remove the specific account from MW-2000S, please log in MW-2000S.
Appendix D: Accepting Payments via Authorize.Net 3. Reporting During normal operation, the following steps will be necessary to generate transaction reports. 3.1 Transaction Statistics by Credit Card Type during the Period Please log in Authorize.Net. Æ Click Reports Æ Check “Statistics by Settlement Date” radio button Æ Select “Transaction Type”, “Start Date”, and “End Date” as the criteria Æ Click Run Report 3.2 Transaction Statistics by Different Location a.
Appendix E: Accepting Payments via PayPal Appendix E: Accepting Payments via PayPal This section is to show independent Hotspot owners how to configure related settings in order to accept payments via PayPal, making the Hotspot an e-commerce environment for end users to pay for and obtain Internet access using their PayPal accounts or credit cards.
Appendix E: Accepting Payments via PayPal 1. Setting Up As follows are the basic steps to open and configure a “Business Account” on PayPal. 1.1 Open An Account Step 1: Sign up for a PayPal Business Account and login. Here is a link: https://www.paypal.
Appendix E: Accepting Payments via PayPal Settings Screenshots Auto Return (On) Return URL (Redirect Webpage) Type http://www.www.com or other URL. Payment Data Transfer (On) Block Non-encrypted Website Payment (Off) PayPal Account Optional (Off) Contact Telephone Number (Off) Click Save. 1.
Appendix E: Accepting Payments via PayPal Three fields are required: Setting Description Business Account ID This is the “Login ID” (email address) that is associated with the PayPal Business Account. https://www.paypal.com/cgi-bin/webscr (default URL for PayPal) Please log in PayPal after saving the above settings Æ Click Profile Æ Click Website Payment Preferences in the Selling Preferences section Æ Scroll down to the section, Payment Data Transfer (optional).
Appendix E: Accepting Payments via PayPal In addition, it is necessary to sign up for a SSL certificate, licensed from a “Certificate Authority” (for example, VerSign), for this registered Internet domain name. Thus, by meeting these two requirements, it will allow end customers or subscribers to pay for the Internet access in a securer and convenient way. 2.
Appendix E: Accepting Payments via PayPal Payment Gateway Æ Click Configure Æ Select PayPal Æ Go to “Client's Purchasing Record” section Æ Type in information in the text boxes: Invoice Number and Description (Item Name) Æ Confirm and click Apply 2.
Appendix F: Examples of Making Payments for End Users Appendix F: Examples of Making Payments for End Users 1. Making Payments via Authorize.Net Step 1: Click the link below the login window to pay for the service by credit card via Authorize.Net. Step 2: Choose I agree to accept the terms of use and click Next.
Appendix F: Examples of Making Payments for End Users Step 3: Please fill out the form and Click Submit to send out this transaction. There will be a confirm dialog box. Step 4: Please confirm the data and the click OK to go on the transaction or click Cancel to revise the data or cancel this transaction. After clicking OK, there will be another dialog box showing up to confirm this transaction again.
Appendix F: Examples of Making Payments for End Users Step 5: Click OK to complete the process or click Cancel to revise the data or cancel this transaction. Step 6: Click Start Internet Access to use the Internet access service. Note: The clients must fill in the correct credit card number and expiration date. Card code is the last 3 digits of the security code located on the back of your credit card.
Appendix F: Examples of Making Payments for End Users 2. Making Payments via PayPal Step 1: Click the link below the login window to pay for the service via PayPal. Step 2: Choose I agree to accept the terms of use and click Next. Step 3: Please fill out the form and Click Submit to send out this transaction. There will be a confirm dialog box.
Appendix F: Examples of Making Payments for End Users Step 4: You will be redirected to PayPal website to complete the payment process.
Appendix F: Examples of Making Payments for End Users Step 5: Click Start Internet Access to use the Internet access service. Note: Payment is accepted via PayPal. PayPal enables you to send payments securely online using PayPal account, a credit card or bank account. Clicking on Buy Now button, you will be redirected to PayPal’s site to make payment. Please do not manually close the browser when you reach PayPal’s payment confirmation page.
Appendix G: Local VPN Appendix G: Local VPN MW-2000S has the ability to establish IPSec VPN tunnels between local user’s Windows devices (on local wired or wireless network) and MW-2000S itself, for the purpose of traffic protection on local networks. By pushing down ActiveX Control to the user’s browser from MW-2000S, the system will be able to install a so-called “clientless” IPSec VPN.
Appendix G: Local VPN 1. User Operation Flow a. As usual, enter username and password in the User Login Page b. For the first time, if the user has never used Local VPN feature, Windows IE browser (6.0 or above) will display an alert message to ask the user whether she or he wants to install the “add-on” software.
c. Appendix G: Local VPN Click on the alert message and then choose the “Install ActiveX Control” to install the software. d. After the software is installed well, the system will try to establish the IPSec VPN tunnel for the user automatically.
Appendix G: Local VPN e. Once the IPSec VPN tunnel is established, the user has successfully logged in and the connection is secured by IPSec VPN. 2. ActiveX Control component The ActiveX Control is a software component running inside Internet Explorer. The ActiveX Control component can be checked by the following windows. From Windows Internet Explorer, click “Manage add-ons” button inside “Programs” page under “Tools” to show the add-ons programs list. You can see VPNClient.ipsec was enabled.
Appendix G: Local VPN 3. Limitations The limitation of the client side due to ActiveX and Windows OS includes: a. Internet Connection Firewall of Windows XP or Windows XP SP1 is not compatible with IPSec protocol. It shall be turned off to allow IPSec packets to pass through. b. Without Windows patch KB889527, ICMP (Ping) and PORT command of FTP cannot work in Windows XP SP2. c. The forced termination (through CTRL+ALT+DEL or Task Manager) of the Internet Explorer will stop the running of ActiveX.
Appendix G: Local VPN Suggestion: Don’t terminate this VPN task of Internet Explorer. There are some cases of Windows messages by which MW-2000S will warn current user to: ① Close the Windows Internet Explorer, ② Click “logout” button on “login success” page, ③ Click “back” or “refresh” of the same Internet Explorer, ④ Enter new URL in the same Internet Explorer, ⑤ Open a URL from the other application (e.g. email of Outlook) that occupies this existing Internet Explorer.
Appendix H: Customizable Pages Appendix H: Customizable Pages There are five users’ login and logout pages for each service zone that can be customized by administrators. Click the button of Configure, the Login (Logout) page will appear, including Login page, Logout Page, Login Success Page, Login Success Page for Instant Account and Logout Success Page. Click the radio button of page selections to have further configuration.
Appendix H: Customizable Pages y Custom PagesÆ Login Page ÆUploaded Page Choose Uploaded Page and upload a login page. The user-defined login page must include the following HTML codes to provide the necessary fields for username and password.
Appendix H: Customizable Pages And if the user-defined login page includes an image file, the image file path in the HTML code must be the image file to be uploaded. Remote VPN : 
Default Service Zone: 
Service Zone 1 : 
Service Zone 2 : 
Service Zone 3 : 
Service Zone 4 : 
Click the Browse button to select the file to upload.
Appendix H: Customizable Pages Note: The different part is the HTML code of the user-defined logout interface must include the following HTML code that the user can enter the username and password. After the upload is completed, the customized logout page can be previewed by clicking Preview at the bottom of this page. If restore to factory default setting is needed for the logout interface, click the “Use Default Page” button.
Appendix H: Customizable Pages y Custom PagesÆ Login Success PageÆ Uploaded Page Choose Uploaded Page and get the login success page to upload. Click the Browse button to select the file for the login success page upload. Then click Submit to complete the upload process. After the upload process is completed and applied, the new login success page can be previewed by clicking Preview button at the bottom.
Appendix H: Customizable Pages 4 Custom PagesÆ Login Success Page for On-demand User The users can apply their own Login Success page for Instant Users in the menu. As the process is similar to that of the Login Page, please refer to the “Login Page” instructions for more details.
Appendix H: Customizable Pages y Custom PagesÆ Login Success Pages for On-demand UsersÆ Uploaded Page Choose Uploaded Page and get the login success page for Instant by uploading. Click the Browse button to select the file for the login success page for Instant upload. Then click Submit to complete the upload process. y Custom PagesÆ Login Success Pages for On-demand UsersÆ External Page Choose the External Page selection and get the login success page from the specific website.
Appendix H: Customizable Pages the new login success page can be previewed by clicking Preview button at the bottom of this page. 5 Custom PagesÆ Logout Success Page The administrator can apply their own Logout Success page for Users in the menu. As the process is similar to that of the Login Page, please refer to the “Login Page” instructions for more details. y Custom Pages ÆLogout Success Page ÆDefault Page Choose Default Page to use the default logout success page.
Appendix H: Customizable Pages y Custom Pages ÆLogout Success Page ÆExternal Page Choose the External Page selection and get the logout success page from the specific website. Enter the website address in the External Page Setting field and then click Apply. After applying the setting, the new logout success page can be previewed by clicking Preview button at the bottom of this page.
Appendix I: Session Limit and Session Log Appendix I: Session Limit and Session Log Session Limit To prevent ill-behaved clients or malicious software from using up system’s connection resources, administrators will have to restrict the number of concurrent sessions that a user can establish.
Appendix J: Console Interface Appendix J: Console Interface Via this port, administrators can enter the console interface to handle the problems and situations occurred during operation. 1. To connect the console port of MW-2000S, a console, modem cable and a terminal simulation program, such as the Hyper Terminal are needed. 2. Please set the parameters as 9600,8,n,1,n if a Hyper Terminal is used. Caution: the main console is a menu-driven text interface with dialog boxes.
Appendix J: Console Interface y Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems. The utilities are described as follow: Ping host (IP): By sending ICMP echo request to a specified host and wait for the response to test the network status. ¾ Trace routing path: Trace and inquire the routing path to a specific target.
