User's Manual

ManualsBrandsLanReady Technologies ManualsElectronics802.11 b//g Access Point

Administrator’s Manual

Version 1.0.1

Summary of content (127 pages)

PAGE 1
Administrator’s Manual Administrator’s Manual Version 1.0.
PAGE 2
Administrator’s Manual Copyright The intellectual property rights and copyright of this manual belong to vendor. and are protected by the R.O.C. copyright laws and international copyright laws. No part or the manual in its entirety may be transshipped, transmitted, duplicated, distributed, displayed, published, or broadcasted in any form or by any means without the prior written permission of vendor.
PAGE 3
Administrator’s Manual Table of Contents 1. 2. 3. Preface............................................................................................ 1 1.1. Brief Introduction ............................................................................................1 1.2. Before you Read ............................................................................................2 1.2.1. Audience................................................................................................2 1.2.
PAGE 4
Administrator’s Manual 5. 4.2. Utilities for network debugging.....................................................................29 4.3. Change admin password .............................................................................30 4.4. Reload factory default ..................................................................................31 4.5. Restart..........................................................................................................31 Web Management Interface ..
PAGE 5
Administrator’s Manual 5.5.3 Firmware Upgrade ...................................................................................93 5.5.4 Restart .....................................................................................................94 5.6 Status ...........................................................................................................94 5.6.1 System Status ..........................................................................................94 5.6.
PAGE 6
Administrator’s Manual Figure Index Figure 3-1 The User Public LAN Flow.....................................................................20 Figure 3-2 Example of Setting up a Small Enterprise Network ............................20 Figure 3-3 Administrator Login ...............................................................................22 Figure 3-4 Welcome Screen .....................................................................................22 Figure 3-5 Configuration Wizard Screen ...........
PAGE 7
Administrator’s Manual Figure 5-18 WAN Dynamic IP Mode ........................................................................46 Figure 5-19 WAN PPPoE Mode ................................................................................46 Figure 5-20 Dial on Demand ....................................................................................46 Figure 5-21 Authentication Configuration..............................................................
PAGE 8
Administrator’s Manual Figure 5-37 Example of Authentication Policy.......................................................60 Figure 5-38 Local User List......................................................................................62 Figure 5-39 Example of Adding User Accounts.....................................................63 Figure 5-40 Added User Accounts Screen .............................................................63 Figure 5-41 Example of Editing User Accounts........................
PAGE 9
Administrator’s Manual Figure 5-69 Example of Guest Login Schedule Management Interface ..............83 Figure 5-70 Defining Public Accessible Server .....................................................84 Figure 5-71 IP Address and Network Port Redirect...............................................85 Figure 5-72 Privilege IP Address .............................................................................86 Figure 5-73 Direct Connecting MAC Address ...................................................
PAGE 10
Administrator’s Manual B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
PAGE 11
Administrator’s Manual frequency range 2.400-2.4835 GHz; In France, the equipment must be restricted to the 2.4465-2.4835 GHz frequency range and must be restricted to indoor use.
PAGE 12
Administrator’s Manual “To prevent radio interference to the licensed service, this device is intended to be operated indoors and away from windows to provide maximum shielding. Equipment (or its transmit antenna) that is installed outdoors is subject to licensing.” “Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
PAGE 13
Administrator’s Manual 1. Preface 1.1. Brief Introduction Wireless network breaks through the barrier of traditional thinking, and releases unlimited innovation and implementability, which becomes the working attitude and living environment pursued by people nowadays. In addition, manufacturers try very hard to lower the entry level and thus more consumers are happy to have such technology to get rid of the tangled network cables and limitations.
PAGE 14
Administrator’s Manual Friendly Management and Application Interfaces The system is not only easy to install, but also has friendly management interface and operation logic, which allow you to get a hand on it easily. You can use all the functions of the system with a click. A full web-based management interface allows you to operate and manage the system online by browser.
PAGE 15
Administrator’s Manual 2. Product Description 2.1.
PAGE 16
Administrator’s Manual 2.2. Front Panel WAN Port can be connected to the Internet or Intranet by Switch. Private LAN Indication Light Light up if being connected to Private LAN port of the trustful Intranet environment. Power Indication Light Light up if power is on. Wireless Indication Light: Light up if Public LAN Port can be connected to the open network environment managed by the system, and requires authentication before logging on to the Internet. 4 wireless is functioning properly.
PAGE 17
Administrator’s Manual Back Size DC Power Socket Reset button resumes the factory defaults or reconfigures the system. We recommend you to set this configuration by experts. WAN Port can be connected to the Internet or Intranet by Switch. Private LAN Indication Light Light up if being connected to Private LAN port of the trustful Intranet environment. Public LAN Port can be connected to the open network environment managed by the system, and requires authentication before logging on to the Internet.
PAGE 18
Administrator’s Manual WAN Port The WAN port is connected to a network which is not managed by the system, and this port can be used to connect the ATU-Router of ADSL, the port of Cable Modem, or the Switch or Hub on the LAN of a company. Public LAN Port The Public LAN port is used to connect to the desired network for management or WLAN, and all users connected to the Public LAN must login successfully before using the network resources.
PAGE 19
Administrator’s Manual Weight: 470g Power: DC12V/1A 5.5Φ Operating Temperature: 5-45°C 5 Fast Ethernet RJ 45 Connectors 1 RJ11 Ports Supports 10/100Mbps Full / Half Duplex Transfer Speed 2.4. Technical Specifications 2.4.1. Standards Supports IEEE 802.1x Supports IEEE 802.11g 2.4.2.
PAGE 20
Administrator’s Manual Customizable packet filtering rules Customizable walled garden (free surfing area) 2.4.4.
PAGE 21
Administrator’s Manual 2.4.6.
PAGE 22
Administrator’s Manual 3. Installation 3.1. Installation 3.1.1. System Requirements Standard 10/100BaseT including four network cables with RJ-45 connectors. All PCs need to install the TCP/IP network protocol. 3.1.2. Installation Procedure Follow the following steps to install the system: 1. Make sure the power is turned off. 2. Connect the WAN port.
PAGE 23
Administrator’s Manual Warning: Public LAN cannot connect to Layer 3 device. 5. Connect the Private LAN port. The Private LAN port is used to connect the trustful network or Ethernet. In other words, the computer connected on Private LAN does not require login to use the network resources. This port can be used to connect to a server such as File Server or a DataBase Server, etc.
PAGE 24
Administrator’s Manual need to keep the default setting (without any change) to directly start/restart the system. During the process of starting the system, the system with DHCP function will automatically assign an appropriate IP address (and related information) to each PC. For the Windows operating systems other than those for servers, the default setting of the TCP/IP will treat the PC as the DHCP client, and such function is called “obtain an IP address automatically”.
PAGE 25
Administrator’s Manual 2. Choose the “Connections” Icon, and then click “Setup”. 3. Choose “I want to set up my Internet connection manually, or I want to connect through a local Area network (LAN)”, and then click “Next”.
PAGE 26
Administrator’s Manual 4. Choose “I connect through a local area network (LAN)” and click “Next”. 5. Do not choose any option in the following LAN window for Internet configuration.
PAGE 27
Administrator’s Manual 6. When the system asks “Do you want to set up an Internet mail account now?”, choose “No”. 7. Click “Finish” to exit the Internet Connection Wizard. Now, you have completed the setup.
PAGE 28
Administrator’s Manual Windows XP 1. Choose Start - Console – Internet Option. 2. Choose the “Connections” icon, and then click “Setup”.
PAGE 29
Administrator’s Manual 3. Press “Next” when the new connection wizard appears on the screen. 4. Choose “Connect to the Internet” and then click “Next”.
PAGE 30
Administrator’s Manual 5. Choose “Set up my connection manually”, and then click “Next”. 6. Choose “Connect using a broadband connection that is always on”, and then click “Next”.
PAGE 31
Administrator’s Manual 7. Click “Finish” to exit the Connection Wizard. Now, you have completed the setup. 3.2. Getting Started 3.2.1. System Concept The system is responsible for controlling all network data passing through the system. The users under the managed network must be authenticated in order to obtain the right to access the network beyond the managed network. The Public LAN mechanism at the user’s end is provided via the system server, and the SSL encryption is used to protect the webpage.
PAGE 32
Administrator’s Manual the user with an appropriate access right, so that the user can use the network. Figure 3-1 The User Public LAN Flow If the online user remains idle without using the network for a time exceeding a predetermined time or the online user logs out of the system, the system will exit the working stage of such user, and terminate the user’s access right for the network. In the system, the device is responsible for authorization and management functions.
PAGE 33
Administrator’s Manual In Figure 3-2, the device is set to control a part of the company’s intranet. The whole managed network includes cable network users and wireless network users. In the beginning, any user located at the managed network is unable to access the network resource without permission. If you want to have the access right to access the network beyond the managed network, you must open an Internet browser such as the Internet Explorer to connect to any website.
PAGE 34
Administrator’s Manual 3.2.3.1. Entering the Web Management Interface 1. Opening Browser After the installation and the foregoing setup is completed, use the network cable of the 10/100BaseT to connect to the Private LAN port, please open the browser (such as Microsoft IE). On the website, enter the administrator’s URL such as https://192.168.2.254.
PAGE 35
Administrator’s Manual Click System Configuration > Configuration Wizard and the configuration wizard will appear on the screen as shown in Figure 3-5.
PAGE 36
Administrator’s Manual Click “Run Wizard” and the configuration wizard will guide you through the seven steps to complete the setup. Please refer to Chapter 5.1.1 “Configuration Wizard” for the detailed description. 3.2.3.2. Accessing External Network from Network Section Managed by System If all the steps are set properly so far, we can further connect the device to the managed network to experience the controlled network access environment.
PAGE 37
Administrator’s Manual Key in the created username and password in this interface. And then click on the “Enter” button (for both standard user and on-demand user). Figure 3-7 Successful Login Page After this user login successfully, you have just completed the setup and allowed it to provide you with a managed network environment. This user can also browse the webpage on the Internet.
PAGE 38
Administrator’s Manual The following is the successful login page for on-demand user. There is an extra function, the “Redeem” button, that user can add credit in the current account if the remaining usage is considered to be insufficient. Figure 3-9 Successfully logon page for on-demand user Attention: The maximum session time/data transfer is 24305 days/2003Mbyte. If the redeem amount exceeds this number, the system will automatically reject the redeem process.
PAGE 39
Administrator’s Manual password, by key in this information in the appropriate window, the system will merge the two accounts and put together the available usage. Figure 3-10 Redeem page This window will show the remaining hours or data size for user’s online access.
PAGE 40
Administrator’s Manual 4. Console Interface The interface provides two types of function, A. The device provides a RJ11 interface for the administrator to handle different problems and situations occurred during operation. To link to the RJ11 interface of the device, you need a modem cable. The terminal simulation program that you use, such as the super terminal, should be set to the parameter value of 9600,8,n,1. The main console is a basic interface using interactive dialog boxes.
PAGE 41
Administrator’s Manual Figure 4-1 Main Menu of Console Interface 4.2. Utilities for network debugging Figure 4-2 Utility Menu The console interface provides several utilities to assist the Administrator to control the system conditions and debugging. The utilities are described as following: 1. Ping host (IP): By sending ICMP echo request, the online condition with specific target can be tested. 2. Trace routing path: Trace and inquire the routing path to a specific target. 3.
PAGE 42
Administrator’s Manual 4. Display the routing table: The internal routing table is displayed to assist the confirmation of successful setup of another Static Route. 5. Display ARP table: The internal ARP table is displayed. 6. Display system live time: The system live time (time for system being turn on) is displayed. 7. Check service status: The current execution status of each service is checked. 8.
PAGE 43
Administrator’s Manual from the Web or the remote end of the SSH, you can still use the null modem to connect to the console management interface and set the administrator’s password again. Caution: Although it does not require a password for the connection via the serial port, the same management interface can be accessed via SSH. Therefore we recommend you to immediately change the Admin username and password after you login the system for the first time. 4.4.
PAGE 44
Administrator’s Manual 5. Web Management Interface This section gives a complete description on the setup. Table 5-1 shows all options and functions and may facilitate your operation on the device.
PAGE 45
Administrator’s Manual Configuration, Authentication Configuration, and Private LAN Configuration. Please refer to the explicit setup if you need more information. 5.1.1. Configuration Wizard The Wizard will guide you through the setup. All you need is to follow the procedures and instructions given by the Wizard, step by step, fill in the required set values. And, then restart to activate the setting.
PAGE 46
Administrator’s Manual After a brief check-over of the whole process, click “Next” to continue, or “Exit” to exit the Setup Wizard. Figure 5-2 Setup Wizard Description 1. Change Admin’s Password Please change the admin’s password as shown in Figure 5-3. Click “Next” to continue or “Exit” to exit.
PAGE 47
Administrator’s Manual 2. Choose the System’s Time Zone Choose your system’s time zone as shown in Figure 5-4. Click “Next” to continue or “Exit” to exit. Figure 5-4 Choose the System’s Time Zone 3. Set System Information After logging on successfully, you will see fields for Home Page, NTP Server, and DNS server. ．Home Page: It will direct you to the website after a user logs on. You can enter the website of your company or any major entry website.
PAGE 48
Administrator’s Manual Figure 5-5 Set System Information 4. Select Connection Type for WAN Port To select the connection type for WAN PORT, you can choose any of the following three types as shown in Figure 5-6: • For static IP address, please select Static IP Address. (Figure5-7) • For dynamic IP address, please select the Dynamic IP Address (Figure 5-8). • For xDSL and using PPPoE to connect to Internet, please select PPPoE Client (Figure 5-9, Figure 5-10). Click “Next” to go to the next stage.
PAGE 49
Administrator’s Manual Figure 5-6 Select the Connection Type for WAN Port • For static IP address After you select Static IP Address, please enter the IP, Netmask, and Gateway of WAN PORT as shown in Figure 5-7. Click “Next” to continue or “Exit” to exit.
PAGE 50
Administrator’s Manual • For dynamic IP address After you select Dynamic IP Address as shown in Figure 5-8, click “Next” to continue or “Exit” to exit. Figure 5-8 Select the Connection Type for WAN Dynamic IP Address • For PPPoE After you select PPPoE, enter the username and password of the PPPoE as shown in Figure 5-9. Click “Next” to continue or “Exit” to exit.
PAGE 51
Administrator’s Manual 5. Configure Public LAN This procedure sets the related information of the Public LAN as shown in Figure 5-10. Please enter IP and Subnet Mask, and determine to Enable or Disable the DHCP. Figure 5-10 Configure Public LAN Click “Next” to continue or “Exit” to exit. • If you choose to enable the DHCP, please refer to Figure 5-11.
PAGE 52
Administrator’s Manual Related information for enabling the DHCP Server includes DHCP Start IP Address, DHCP End IP Address, Domain Name, Primary DNS IP Address, and Secondary DNS IP address. Fillling in the correspondent values, click “Next” to continue or “Exit” to exit. 6. Set Wireless – Access Point Connection Please enter SSID name and select a channel and the Transmission mode, then click next.
PAGE 53
Administrator’s Manual DHCP. Figure 5-13 Configure Wireless port • If you select to enable the DHCP, please refer to Figure 5-14.
PAGE 54
Administrator’s Manual DHCP End IP Address, Domain Name, Primary DNS IP Address, and Secondary DNS IP address. After this setup is completed, click “Next” to continue or “Exit” to exit. 8. Restart If you are sure that your setup is correct, please click the “Restart” button to restart and complete the setup procedures. If you do not want to keep the previous setups, please click “Exit”. It will invalidate the previous setups.
PAGE 55
Administrator’s Manual 5.1.2. System Information Figure 5-16 System Configuration Caution: Click on “apply” button will automatically use the current setting without restart the system. The on-line users will nonethelessly be disconnected because of the information update. System Name: The name of system. Administrator Info: It lets the Administrator enter the related information such as administrator’s name, telephone number, and e-mail.
PAGE 56
Administrator’s Manual entered in these columns on screen. Home Page: You can enter the website of the Web Server. When a user logs on, the user will be linked to this home page automatically. The home page is usually set to the website of the company. No matter which webpage the user wants to link, the user will be redirected to the set website here. Remote Manage IP: You can set up the system to connect the WAN Port to a website that controls the functions, such website could be 10.2.3.0/24.
PAGE 57
Administrator’s Manual Set Device Date and Time: Set up the current time. 5.1.3. WAN Configuration There are 3 methods of obtaining IP from the WAN Port: Static IP Address, Dynamic IP Address, and PPPoE. 1. Static IP Address: Manually specify the IP address of the WAN Port, which is applicable for the network environment that the IP address cannot be obtained from WAN Port automatically. Figure 5-17 Example of WAN Static IP Mode 2.
PAGE 58
Administrator’s Manual Figure 5-18 WAN Dynamic IP Mode 3. PPPoE: If WAN Port uses the network environment connected by PPPoE, please select PPPoE, and set the username and password. Figure 5-19 WAN PPPoE Mode 3.1 Dial on Demand: When the Dial on Demand function is enabled under PPPoE, the system will automatically disconnect the user after an idle time as specified here.
PAGE 59
Administrator’s Manual 5.1.4. Authentication Configuration The device have two ports require of authentication , one is General Public LAN , the other is Wireless port. Figure 5-21 Authentication Configuration 1.
PAGE 60
Administrator’s Manual obtain the Public LAN and access the network resources properly, suppose you had used static IP address and specified IP address, Subnet Mask, Default Gateway and DNS. ‧User Authentication: You can choose to Enable or Disable user Public LAN. ‧Operation Mode: It provide one mode: NAT Mode.
PAGE 61
Administrator’s Manual Figure 5-24 Enable the DHCP Server on Public LAN If you want to use the Reserved IP Address List function, please click the hyperlink of the Reserved IP Address List on the management interface. Then, the setup of the Reserved IP Address List as shown in the following figure will appear. Please enter the related Reserved IP Address, MAC, and description (not compulsory) on the management interface. After the information is keyed, click “Apply” to complete the setup.
PAGE 62
Administrator’s Manual 2. Wireless Port Figure 5-26 Example of Wireless Interface Configuration SSID: The SSID is the unique name shared among all devices in a wireless network. The SSID must be the same for all devices in the wireless network. It is case sensitive, must not exceed 32 characters, and may be any keyboard character. Auto Channel Select: The system will automatically select the appropriate channel.
PAGE 63
Administrator’s Manual Transmission Mode: There are 3 mode you can select, 802.11b (2.4G,1~11Mbps), 802.11g (2.4G,54Mbps) and Mix mode(b and g) SSID broadcast: Allows the SSID to be broadcast on your network. You may want to enable this function while configuring your network, but make sure to disable it when you finished. With this enabled, someone could easily obtain the SSID information with site survey software and get unauthorized access to your network. Click Enable to broadcast.
PAGE 64
Administrator’s Manual Mode: There are two types that you can select HEX and ASCII. Advance setting in detail: Please click the hyperlink of Advance. Figure 5-28 Advance setting of Wireless Authntication Type: The default is set to Auto, where it auto-detects for Shared Key or Open System. Shared Key is when both the sender and the recipient share a WEP key for authentication. Open Key is when the sender and the recipient do not share a WEP key for authentication.
PAGE 65
Administrator’s Manual protection mechanism will ensure that your Wireless-B devices will connect to Access Point when many Wireless-G devices are present. However, performance of your Wireless-G devices may decrease. Basic Rates: The SNMP screen allows you to customize the Simple Network Management. The default value is set to Default. Depending on the wireless mode you have selected, a default set of supported data rates will be selected.
PAGE 66
Administrator’s Manual Figure 5-29 Wireless Port Configuration (2) IP PNP: At the user end, you can use any IP address to connect to the machine at the Wireless Port section; no matter what the IP address at the user end is, you can obtain the Wireless Port and access the network resources properly, suppose you used static IP address and specified IP address, Subnet Mask, Default Gateway and DNS. User Authentication: You can choose to Enable or Disable user Wireless Port.
PAGE 67
Administrator’s Manual Figure 5-30 Disable the DHCP Server on Wireless 2. Enable DHCP Server: Enable the functions of the DHCP Server. Appropriate setup is needed for the normal enabling of the DHCP server, and the setup information includes DHCP Scope Start IP Address, End IP Address, Preferred DNS Server, Alternate DNS Server, Domain Name, WINS Serve, and Reserved IP Address List.
PAGE 68
Administrator’s Manual management interface. After the information is keyed, click “Apply” to complete the setup.
PAGE 69
Administrator’s Manual 5.1.5. Private Configuration Set up the IP address and Subnet Mask of Private LAN Port as shown in the following figure. Figure 5-33 Example of Private LAN Interface Operation Mode: It provides one modes: NAT Mode. NAT Mode：All IP addresses externally connected through the Private LAN Port (these IP address must belong to the same subnet as the Private LAN Port) will be converted into the IP address of the WAN Port and connected to the outside network.
PAGE 70
Administrator’s Manual IP Address: Enter your desired IP address for the setup. Subnet Mask: Enter your desired Subnet Mask for the setup. Related Setup for DHCP Server of Private LAN Port: DHCP Server provides two choices: Disable DHCP Server, Enable DHCP Server. 1. Disable DHCP Server: Disable the DHCP Server function. Figure 5-34 Disable DHCP Server on Private LAN 2.
PAGE 71
Administrator’s Manual If you want to use the Reserved IP Address List function, please click the hyperlink of the Reserved IP Address List on the management interface. Then, the setup of the Reserved IP Address List as shown in the following figure will appear. Please enter the related Reserved IP Address, MAC, and some description (not compulsory) on the management interface. After the information is keyed in, click “Apply” to complete the setup. Figure 5-36 Reserve IP Address Setting on Private LAN 5.
PAGE 72
Administrator’s Manual 5.2.1 Authentication Policies The device provides a simple interface simplifying the complicated management setup, and the system provides a total of 2 management setups. Administrator can adopt different Authetication methods according to each management setup. Each management setup has at most 20 management rules to go with the group configuration, so that the management on general users is once more diversified and flexible.
PAGE 73
Administrator’s Manual Authentication Policy: It is the preferred Authentication group. Authentication Methods Configuration: Authentication method setup. Authentication Policy: The system provides 2 policy groups for your choice. Select the desired control group from the pull-down menu. Preferred Authentication Method: After selecting the item, it means that the selected setup control group as shown above is the preferred Authentication method.
PAGE 74
Administrator’s Manual Figure 5-38 Local User List User List: It provides a complete list of existing user accounts as shown in Figure 5-38, includes information such as Username, Password, MAC, Group, and Remark. The Administrator can delete or search user information in this management interface. You can also use the “Delete All” function key to delete all user accounts.
PAGE 75
Administrator’s Manual MAC,Remark each parameter is separated by a comma, and no space is allowed between MAC Remark but the comma is still needed. (Figure 5-42) Download User Account: Click “Download User Accounts” in the User List to enter the Download User Accounts interface, and the system will directly list all created user accounts, and show a hyperlink for the download at the bottom of the screen.
PAGE 76
Administrator’s Manual Figure 5-41 Example of Editing User Accounts Figure 5-42 Example of Upload User Account Interface Figure 5-43 Example of Download User Account Interface 2. RADIUS The RADIUS server sets the external Authentication for user accounts. The setup for primary server or secondary server is available, and such setup will be enabled immediately.
PAGE 77
Administrator’s Manual Figure 5-44 RADIUS Setup Screen 802.1X Authentication: Select to enable 802.1X as needed. Click the hyperlink “Edit” to enter the edit interface of the 802.1X. Trans Full Name: If you select enable, the ID and postfix will transfer to RADIUS server to authentication. If you select disable, only ID will transfer to RADIUS server to authentication.
PAGE 78
Administrator’s Manual Name. Authentication Port: It is the Authentication port for RADIUS server. Accounting Port: It is the port reading the accounting information. Secret Key: It is used for encryption and decryption. Accounting Service: Select to enable Accounting Service as needed. Authentication Method: CHAP and PAP are for your choice. Layer 2 Authentication: enable/disable so called 802.1x authentication (Please refer to technical handbook for a better picture of this function).
PAGE 79
Administrator’s Manual Caution: We do not suggest Administrator to enable this function, unless in extreme circumstances. If Administrator enables the layer 2 authentication, all settings at Layer 3, Local, RADIUSl, will all be OVERRULED and ERASED. 5.2.2 Group Configuration In the system, there are Guest and 5 other user groups for Administrator to manage the firewall profile, route profile and online connection speed in order to control the users.
PAGE 80
Administrator’s Manual 5.2.3 Black List Configuration The device provides a black list function for the system. Administrator can add, delete, or edit a specific black list. Each black list has at most 40 users. If a user logs into the system and such user is on the black list, then the access will be blocked. Administrator can use the pull-down menu to select the desired black list. Figure 5-47 Example of Black List If you click the hyperlink of “Add User to List”, the Add Black List will appear.
PAGE 81
Administrator’s Manual After you enter the ID of a user in the black list, click “Apply”. For example, if you successfully add the user b1 into the black list, the system will display a notice to Administrator. User ‘b1’ has been added! After clicking “Previous”, you will return to the Black List Configuration. If you want to delete a user from the black list, select the delete check box and then click the “Delete” button.
PAGE 82
Administrator’s Manual and authorization functions. Figure 5-50 Roaming Configuration Below is a GRIC example: Authentication Port IP address: 192.168.1.254 Username: xyz, and his IP address: 192.168.1.100 Password: xyz MAC address: 01:23:45:67:89:ab The gric.shtml example should look like this: https://192.168.1.254/loginpages/gric.shtml?uname=xyz&uip=192.168.1.100&up wd=xyz&umac=01:23:45:67:89:ab User can also use browser to key in GRIC\username or username@GRIC on ID field and user’s password at the
PAGE 83
Administrator’s Manual 5.2.5 Additional Configuration Figure 5-51 Additional Configuration User Control: It applies the rules for general users. Logout Timer：If a user has idled and not used the network for a while, the system will automatically log out the user. Such logout time can be set in the range of 1~1440, and the default logout time is 10 minutes. Friendly： Login: After you select this function, the login page will automatically obtain the username and password from previous login.
PAGE 84
Administrator’s Manual address). URL or IP address: this predetermined URL will be used as a target address to check the Internet connection. Upload File: 1. Upload Login page There are three frames with blue edges, which represent 3 sections for user to define the user interface. If you want to use user-defined interface, please enter the filename of the login webpage in the first part of the interface, or browse and click such file.
PAGE 85
Administrator’s Manual If the user-defined login interface includes a graphic file, the HTML code of the graphic file path must be the upload graphic file. In the Upload Image at the third section of this interface Upload Image File, key in the path and file name of such graphic file or browse to select such file. The maximum size of the graphic file is 512K. Figure 5-54 Path of Graphic File in User Login Interface PAGE 86
Administrator’s Manual 2. Upload Logout Page The system will provide you with the user-defined logout interface, which is similar to the user login interface. Figure 5-57 Upload User Logout Interface The difference resides on that your user-defined user logout interface must include the following HTML codes to provide users a channel to enter the username and password. Figure 5-58 HTML Codes Required for User Logout Interface
PAGE 87
Administrator’s Manual
POP3 Message: the system can allow administrator to edit its own warning mail sent to user who has opened a mail browser without logging on to the internet beforehand. Figure 5-59 POP3 Message 5.2.6 On-demand User Configuration On-Demand user: When you connect the Printer to console port, there are 2000 On-demand user accounts available. By default, the On-demand user database is empty.
PAGE 88
Administrator’s Manual Figure 5-60 Receipt Information Welcome! -----------------------Username: Password: q6m34m3b Price: US$2 Usage: 60 minute(s) -----------------------ESSID: Shared WEP Keys (HEX 40 bit): -----------------------Valid to use until: 2004/05/05 12:46:56 -----------------------Thank You! 2004 Figure 5-61 On-demand User Configuration 76
PAGE 89
Administrator’s Manual Figure 5-62 On-demand User Page Field and Description Description Field Store Name You can specify the prefix of the user name, max is 8 char., for example: D-Link. Receipt Header You can configure the receipt’s header in this filed. Receipt Footer You can configure the receipt’s footer in this filed. Printer Baud Rate You can specify the baud rate to support specific printer, the default setting is 9600. Assign to Group You can assign the on-demand to a pre-determined group.
PAGE 90
Administrator’s Manual Figure 5-64 Billing Configuration Status: Enable/Disable this billing rule.
PAGE 91
Administrator’s Manual time, the account will be expired automatically. Validity Duration: The account will remain valid after this number of days; prior that user has activated his/her account. Price: Price for the online access. ．Upload On-demand User: Figure 5-65 Upload On-demand User File Name: Key in or browse the file that contains the on-demand user information (format as described in Note 1). 5.
PAGE 92
Administrator’s Manual 5.3.1 Firewall Profile The system offers Global and 3 firewall profiles. If you want to set up the firewall rules to suit all users, you can set such firewall profile in Global, and the other five firewall profiles can be set without conflict between one another.
PAGE 93
Administrator’s Manual Figure 5-67 Select the Group for Applying Firewall Profile Rules Figure 5-68 Example of Edit Filter Rule The figure above sets up the first IP Filter rule for the first firewall profile, in which all of its contents are sent from 192.168.1.1, and the destination is 192.168.1.100; Port=54 packets, which will be blocked directly by the system regardless of TCP, UDP, or ICMP. Rule Name: Name this IP Filter rule. Enable this Rule: Such rule will be effective when selected.
PAGE 94
Administrator’s Manual Action: If your setting matches, Pass：The packet passes successfully. Block：The packet is blocked. Protocol: Provides three kinds of protocols: TCP, UDP, and ICMP for your choice. All stands for all three protocols chosen. Source MAC: Source Address of the MAC Address. Source (Destination) IF: Source (Destination) Interface includes 4 interfaces: WAN, Public LAN, Private LAN and wireless for your choice. ALL stands for all the four interfaces.
PAGE 95
Administrator’s Manual Figure 5-69 Example of Guest Login Schedule Management Interface 5.4 Network Configuration Five functions are provided to control individual jobs of the network transmission, which include Network Address Translate, Privilege List, Walled Device list, and Proxy Server Properties. 5.4.1 Network Address Translate 1.
PAGE 96
Administrator’s Manual Figure 5-70 Defining Public Accessible Server 2. Port and IP Redirect When any user attempts to connect to the destination defined in this interface, the connection packet will be converted to the corresponding destination. You can define at most 40 groups on this interface for the redirect condition. These settings will be effective immediately after you click “Apply”.
PAGE 97
Administrator’s Manual Figure 5-71 IP Address and Network Port Redirect 5.4.2 Privilege List 1. Privilege IP Address List Although all devices at the user end are managed, sometimes you still need to have a user end with some exception processing. For example, if the server has been put on the managed network and you want to login to the network from such server without going through the Public LAN.
PAGE 98
Administrator’s Manual Warning: Permitting certain IP address to have network access rights without going through standard authentication process at the Public LAN may cause security problems. Figure 5-72 Privilege IP Address 2. Privilege MAC Address List Besides permitting specific IP address at user end to have the “free” network access right without going through the Public LAN, the system also provides a way to do so according to the MAC address at the user end.
PAGE 99
Administrator’s Manual Warning: Permitting specific IP address to have network access rights without going through the Public LAN may cause security problems. Figure 5-73 Direct Connecting MAC Address 5.4.3 Monitor IP List The system will send out the packet regularly, to monitor and control the status of the IP addresses on the list.
PAGE 100
Administrator’s Manual Figure 5-74 Monitor IP List Sender: The email address of administrator server who is in charge of the monitoring. Receiver: The email address of a predefined IP user who is being monitored. Interval: The interval time for administrator server to dispatch a warning or an instruction message. Monitor IP list: The list of the IP addresses taken under surveillance. Monitor: Show monitor IP status.
PAGE 101
Administrator’s Manual Figure 5-75 Monitor IP result 5.4.4 Walled Garden List This system allows users to login to certain websites before passing through the Public LAN. You only need to enter the IP address (or Domain Name) of these websites into the Walled Garden List. You can enter up to 20 addresses into this list. This function lets you provide some free service to users.
PAGE 102
Administrator’s Manual 5.4.5 Proxy Server Properties Internal Proxy Server: the device has a built-in proxy server, if you active this function, end user can specify the device as proxy server, no need to enter the IP address and Port. External Proxy Server: Base on security management, only port 80 is allowed (it will appear on login webpage).
PAGE 103
Administrator’s Manual 5.4.6 Dynamic DNS Dynamic DNS: the device provides a convenient DNS function, translating the IP address of WAN port to a domain name, facilitating Administrator to connect to WAN port. If the DHCP is activated at WAN port, this function will also update the newest IP address regularly to DNS server.
PAGE 104
Administrator’s Manual Figure 5-79 Change Administrator’s Account Caution: If you lost or forgot the Administrator’s Password, you can still change the Administrator’s password through the text mode management interface on the serial port. 5.5.2 Backup / Restore Strategy It provides the backup function; resumes current setting. This function can also restore the factory default setting.
PAGE 105
Administrator’s Manual Import Active Strategy: Generate the backup (image) file. Load Strategy: It loads the backup graphic file for the setup status (Caution: Such graphic file must be generated). Resetting to the Factory-Default configuration: Restore to the default setting. 5.5.3 Firmware Upgrade You can upgrade your firmware from the vendor website. Figure 5-81 Executing the Firmware Upgrade Warning: Firmware upgrade may cause data loss.
PAGE 106
Administrator’s Manual 5.5.4 Restart This function allows you to safely restart the system, the restart takes about three minutes. If you need to turn off the power, we recommend you to restart the system, and turn off the power after you hear a beep. Figure 5-82 Restart Caution: All online users connected to the system will be disconnected when the system is restarting. 5.
PAGE 107
Administrator’s Manual Figure 5-83 System Status Example 95
PAGE 108
Administrator’s Manual Figure 5-84 System Status Description Description Item Firmware Version System Name Administrator Info Home Page Syslog To Proxy Server Internet Connection Detection Remote Manage Manage IP SNMP Retain Days History Email To Time Server Time Name Date Time Logout Timer User The firmware version currently used. System name. Administrator’s related information will be shown on the login screen when a user has a connection problem.
PAGE 109
Administrator’s Manual Secondary DNS server Secondary DNS Server IP Address User must click “Login” to execute the login procedure. Login The system will not automatically get the username and password from the previous login for the direct Public LAN login. Friendly If a user login, a small window will show the user’s Logout information and provide a logout button for the logout. “Disable” stands for the case that closing the small windows will not cause a logout to the user. 5.6.
PAGE 110
Administrator’s Manual Figure 5-85 Interface Status Example 98
PAGE 111
Administrator’s Manual Figure 5-86 Interface Status Example Description Item WAN Wireless MAC Address The MAC address of the WAN port IP Address The IP address of the WAN port Subnet Mask The Subnet Mask of the WAN port Mode Wireless port mode: NAT mode MAC Address The MAC address of the Wireless port IP Address The IP address of theWireless port Subnet Mas The Subnet Mask of the Wireless port ESSID The ESSID of the Wireless port Channel The Channel of Wireless Encryption Encryption
PAGE 112
Administrator’s Manual IP Address The IP address of the Private LAN port Subnet Mask The Subnet Mask of the Private LAN port Enable/disable the DHCP function on the Private LAN Status WINS Private port IP Address DHCP Server Start Address IP Set the WINS server IP address on the DHCP server Starting IP Address in DHCP IP range End IP address End IP Address in DHCP IP range Lease Time The lease time of the IP address 5.6.
PAGE 113
Administrator’s Manual 5.6.4 Traffic History You can check the history of the device by this function. The history of each day will be saved independently. This system will save the history in the DRAM for more than 3 days. Figure 5-88 History Example Caution: Since the history is saved in DRAM, if you need to restart the device and want to keep the history, then please manually duplicate the history.
PAGE 114
Administrator’s Manual receiver field. Figure 5-90 Notify Configuration Example Sender: The email address of administrator server who is in charge of the history bookkeeper. Receiver: The email address of a predefined IP user who is being monitored. Interval: The Interval column shows the interval for sending the history email. If you choose one day, then the history mail will be sent to you once a day. Syslog To: It specifies the IP and Port of the Syslog server.
PAGE 115
Administrator’s Manual 6 Technical Support If you have any other technical questions, please feel free to contact our technical support department: 103
PAGE 116
Administrator’s Manual 7 Appendix - Windows TCP/IP Setup If you have not changed the factory default settings and are using Windows 95/98/ME/2000 TCP/IP, it is not necessary to make any modification here. With the factory default settings, the device will automatically assign an appropriate IP address (and related information) to each PC after the PC has been booted. If the version of Windows operating system is not for servers, the default TCP/IP settings will treat the PC as the DHCP client.
PAGE 117
Administrator’s Manual 2. Select the TCP/IP communication protocol of the network card, and then click “Properties”. Using DHCP If you want to use DHCP, please select “Obtain an IP Address Automatically”, which is also the default setting of Windows. Reboot the PC to make sure an IP address is obtained.
PAGE 118
Administrator’s Manual Using Specific IP Address If you have completed the setup for your PC, please inform the network administrator before modifying the following setup. 1. If the DNS Server column is blank, please click “Enable DNS”, and then enter the DNS address or the DNS address provided by ISP. After this procedure is completed, click “OK”.
PAGE 119
Administrator’s Manual 2. Click the “Gateway” icon, and enter the IP address of the device in the new gateway. After this procedure is completed, click “Add” (You can ask the network administrator for the IP address specified for thedevice).
PAGE 120
Administrator’s Manual 7.4 Check the TCP/IP Setup of Windows 2000 1. Select Start - Console – Network and Dial-up Connections. 2. Click the right button of the mouse on “Local Area Connection” icon to select “Properties”.
PAGE 121
Administrator’s Manual 3. Select Internet Protocol(TCP/IP), and then click “Properties”. Using DHCP If you want to use DHCP, please select “Obtain an IP Address Automatically”, which is also the default setting of Windows. Reboot the PC to make sure an IP address is obtained.
PAGE 122
Administrator’s Manual Using Static IP Address If you have completed the setup for your PC, please inform the network administrator before modifying the following setup. 1. Click “Advanced” in the window of Internet Protocol (TCP/IP). 2. Click the “IP Settings” icon, and then “Add” in the “Default Gateways” column to enter the IP address of the device. After this procedure is completed, click “Add”. (You can ask the network administrator to give you the IP address specified for the device.
PAGE 123
Administrator’s Manual 3. If the DNS Server column is blank, please click “Using the following DNS Server Address” in the window of Internet Protocol (TCP/IP), and then enter the DNS address or the DNS address provided by ISP. After this procedure is completed, click “OK”.
PAGE 124
Administrator’s Manual 7.5 Check the TCP/IP Setup of Windows XP 1. Select Start - Console – Network Connection. 2. Click the right button of the mouse on the “Local Area Connection” icon to select “Properties”.
PAGE 125
Administrator’s Manual 3. Click the “General” icon, and then select “Internet Protocol(TCP/IP)”. Click “Properties”. Using DHCP If you want to use DHCP, please select “Obtain an IP Address Automatically”, which is also the default setting of Windows. Reboot the PC to make sure an IP address is obtained.
PAGE 126
Administrator’s Manual Using Static IP Address If the setup for your PC is completed, please notice the network administration staff before changing the following settings. 1. Click “Advanced” in the Internet Protocol (TCP/IP) window. 2. Click the “IP Settings” icon, and enter the IP address of the device in the “Default Gateways” column, and then click “Add”.
PAGE 127
Administrator’s Manual completed, click “OK”. (You can ask the network administrator to give you the IP address specified for the device.) 3. If the DNS Server field is blank, please click “Using the following DNS Server Addresses” in the Internet Protocol (TCP/IP) Window, and key in the DNS address or DNS address provided by ISP.