Gemtek Technology MXF-R950829G HighPerformance Hotspot Access Point User Manual
Add to My manuals70 Pages
advertisement
www.browan.com
BW1330
High Performance Hotspot Access Point
User Guide
Version 1.0
September, 2006
Copyright©2006 BROWAN Communications, Inc.
Copyright
© 2002-2006 Browan Communications.
This user’s guide and the software described in it are copyrighted with all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of Browan
Communications.
Notice
Browan Communications reserves the right to change specifications without prior notice.
While the information in this manual has been compiled with great care, it may not be deemed an assurance of product characteristics. Browan Communications shall be liable only to the degree specified in the terms of sale and delivery.
The reproduction and distribution of the documentation and software supplied with this product and the use of its contents is subject to written authorization from Browan Communications.
Trademarks
The product described in this book is a licensed product of Browan Communications.
Microsoft, Windows 95, Windows 98, Windows Millennium, Windows NT, Windows 2000, Windows
XP, and MS-DOS are registered trademarks of the Microsoft Corporation.
Novell is a registered trademark of Novell, Inc.
MacOS is a registered trademark of Apple Computer, Inc.
Java is a trademark of Sun Microsystems, Inc.
Wi-Fi is a registered trademark of Wi-Fi Alliance.
All other brand and product names are trademarks or registered trademarks of their respective holders.
National Radio Regulations
The usage of wireless network components is subject to national and or regional regulations and laws.
Administrator must ensure that they select the correct radio settings according to their regulatory domain. Refer to the B) Regulatory Domain/Channels chapter in the appendix to get more information on regulatory domains.
Please check the regulations valid for your country and set the parameters concerning frequency, channel, and output power to the permitted values!
BROWAN Page
1
FCC Warning
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
This device complies with Part 15 of the FCC Rules.
Operation is subject to the following two conditions:
(1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
CE Mark Warning
This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.
R&TTE Compliance Statement
This equipment complies with all the requirements of the Directive 1999/5/EC of the European
Parliament and the Council of 9 March 1999 on
Radio Equipment and Telecommunication Terminal
Equipment and the Mutual Recognition of their
Conformity (R&TTE).
The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal
Equipment and Satellite Earth Station Equipment)
As of April 8, 2000.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this manual and of the computer manufacturer must therefore be allowed at all times to ensure the safe use of the equipment.
FCC Caution
To assure continued compliance, any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment
EU Countries Intended for Use
The ETSI version of this device is intended for home and office use in Austria, Belgium, Denmark,
Finland, France (with Frequency channel restrictions), Germany, Greece, Ireland, Italy,
Luxembourg, The Netherlands, Portugal, Spain,
Sweden and United Kingdom.
FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator and your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The ETSI version of this device is also authorized for use in EFTA member states Iceland,
Liechtenstein, Norway and Switzerland.
EU Countries Not Intended for Use
None..
The availability of some specific channels and/or operational frequency bands are country dependent and are firmware programmed at the factory to match the intended destination. The firmware setting is not accessible by the end user.
BROWAN Page
2
User’s Guide Version 1.0
Contents
BROWAN Page
3
User’s Guide Version 1.0
Network Interface | POP3 ..............................................................................................................70
Network Interface | RADIUS ..........................................................................................................70
Network Interface | RADIUS | Settings ..........................................................................................70
Network Interface | RADIUS | Servers...........................................................................................72
Network Interface | RADIUS | WISP..............................................................................................74
Network Interface | RADIUS | Proxy..............................................................................................75
Network Interface | RADIUS | Accounting Backup ........................................................................76
Network Interface | Tunnels...........................................................................................................77
Network Interface | Tunnels | PPPoE/GRE ...................................................................................77
Network Interface | Tunnels | GRE Client for VPN ........................................................................78
Network interface| wireless | Basic ................................................................................................80
Network interface | wireless | Advance..........................................................................................82
Network Interface | Wireless | WDS ..............................................................................................85
Network interface | wireless | Sec WEP ........................................................................................86
BROWAN Page
4
User’s Guide Version 1.0
User Interface .................................................................................................................................... 87
User Interface | Configuration | Pages...........................................................................................87
User Interface | Configuration | Upload .........................................................................................88
User Interface | Configuration | Headers .......................................................................................88
User Interface | Configuration | Remote Authentication ................................................................89
User Interface | Configuration | Custom Uam................................................................................89
User Interface | Administrator ........................................................................................................94
User Interface | Start Page ............................................................................................................95
User Interface | Walled Garden .....................................................................................................95
User Interface | Web Proxy............................................................................................................96
System ...........................................................................................................................................97
System | Configuration | Syslog.....................................................................................................97
System | Configuration | Clock ......................................................................................................98
System | Configuration | NTP ........................................................................................................98
System | Configuration | Certificate ...............................................................................................99
System | Configuration | Save and Restore.................................................................................100
System | Configuration | Domain Name ......................................................................................101
System | Configuration | Share Username ..................................................................................102
System | Access | Access Control ...............................................................................................102
System | Access | Telnet .............................................................................................................104
System | Access | AAA ................................................................................................................104
System | Access | UAT ................................................................................................................105
System | Access | Isolation ..........................................................................................................106
System | Access | NAV ................................................................................................................106
System | Access | SNMP .............................................................................................................106
System | Access | Web Auth........................................................................................................109
System | Access | Mac List ..........................................................................................................110
System | Access | HTTPC ...........................................................................................................110
System | Status............................................................................................................................110
System | Reset.............................................................................................................................112
System | Update ..........................................................................................................................113
Connection ...................................................................................................................................... 115
Connection | Users ......................................................................................................................115
Connection | E-mail Redirection ..................................................................................................117
Connection | Station Supervision.................................................................................................117
Built-In AAA ..................................................................................................................................... 118
Built-in AAA | E-Billing .................................................................................................................118
Built-in AAA | E-Billing | User Control ..........................................................................................118
Built-in AAA | E-Billing | Band Class ............................................................................................121
Built-in AAA | E-Billing | Bill setting ..............................................................................................121
Built-in AAA | E-Billing| Power cut protection...............................................................................122
Built-in AAA | pre-paid .................................................................................................................123
Built-in AAA | pre-paid | user account..........................................................................................123
Built-in AAA | pre-paid | price/unit................................................................................................124
Built-in AAA | pre-paid | account life ............................................................................................124
Built-in AAA | pre-paid | receipts ..................................................................................................124
Built-in AAA | pre-paid | timeunit..................................................................................................125
Built-in AAA | pre-paid | account reminder...................................................................................125
Built-in AAA | pre-paid | manage net print ...................................................................................125
Built-in AAA | Configuration .........................................................................................................126
Built-in AAA | Configuration | Language ......................................................................................126
Built-in AAA | Configuration | Backup and restore .......................................................................126
Built-in AAA | pre-paid | WEP key and SSID ...............................................................................126
Built-in AAA | Configuration | title.................................................................................................126
APPENDIX .......................................................................................................................................... 128
A) Access Controller Specification .................................................................................................. 128
Technical Data .............................................................................................................................128
BROWAN Page
5
User’s Guide Version 1.0
B) Regulatory Domain/Channels..................................................................................................... 130
C) CLI Commands and Parameters ................................................................................................ 131
Network Commands ....................................................................................................................131
User Commands ..........................................................................................................................135
System Commands .....................................................................................................................137
Status Commands .......................................................................................................................140
Connection Commands ...............................................................................................................140
D) Location ID and ISO Country Codes .......................................................................................... 141
E) User Pages Templates Syntax ................................................................................................... 145
GLOSSARY ........................................................................................................................................ 150
BROWAN Page
6
User’s Guide
About this Guide
Version 1.0
Purpose
This document provides information and procedures on hardware installation, setup, configuration, and management of the Browan Communications high performance hotspot access point model
BW1330. The BW1330 is a highly integrated Access Controller with built-in AAA systems for public access hotspot. We will call it AC later in the manual.
Prerequisite Skills and Knowledge
To use this document effectively, you should have a working knowledge of Local Area Networking
(LAN) concepts and wireless Internet access infrastructures. In addition, you should be familiar with the following:
Hardware installers should have a working knowledge of basic electronics and mechanical assembly, and should understand related local building codes.
Network administrators should have a solid understanding of software installation procedures for network operating systems under Microsoft Windows 95, 98, Millennium, 2000, NT, and Windows
XP and general networking operations and troubleshooting knowledge.
Conventions Used in this Document
The following typographic conventions and symbols are used throughout this document:
Very important information. Failure to observe this may result in damage.
Important information that should be observed.
Additional information that may be helpful but which is not required. bold code
Menu commands, buttons and input fields are displayed in bold
File names, directory names, form names, and system-generated output such as error messages are displayed in constant-width type
<value> Placeholder for certain values, e.g. user inputs
[value]
Input field format, limitations, and/or restrictions.
Help Us to Improve this Document!
If you should encounter mistakes in this document or want to provide comments to improve the manual please send e-mail directly to: [email protected]
Browan Communications Technical Support
If you encounter problems when installing or using this product, please consult the Browan
Communications website at http://www.browan.com/ for:
Direct contact to the Browan Communications support centers.
Frequently Asked Questions (FAQ).
Download area for the latest software, user documentation and product updates.
BROWAN Page
7
User’s Guide Version 1.0
Chapter 1 – Introduction
Thank you for choosing the Browan Communications High Performance Hopspot Access Point.
The BW1330 is a high performance and highly integrated Access Controller for public access networks. It combines a high-speed wireless LAN Access Point, an IP Router, one LAN port and a complete Access Controller for Wi-Fi Hotspot. One single BW1330 can serve up to 30 simultaneous connected wireless client stations, takes control over authentication, accounting and routing to the
Internet as well as to the operator’s central network.
Product Overview
Authentication, Authorization & Accounting
The BW1330 supports multiple secure authentication methods from standard web browser login
(Universal Access Method), MAC authentication, to 802.1x/EAP with passwords, certificates or SIM cards. The integrated real-time accounting system is based on standard RADIUS/EAP and supports various billing plans from prepaid, pay-per-time, per-volume, per-use or flat rate. Integration into existing OSS/BSS systems can be done with ease.
Service Differentiation
The integrated Web server of the BW1330 allows flexible interaction with common web application servers, facilitating the provisioning of differentiated services with bandwidth management, location based and personalized services. Inter-Provider roaming and multi-OSS support is guaranteed by the persistent usage of standardized protocols and interfaces like RADIUS, HTTPS and XML. As all
BW1330 are compliant with the recommendations of the Wi-Fi Alliance WISP roaming group.
Remote Control
The BW1330 is placed at the edge of a broadband access network and allows operators to provide cost effective public Wi-Fi services, by managing per user access control, device configuration, and radio performance centrally from the operations centre. HTTPs, telnet, SSH or SNMP over VPN can be used for secure remote management.
Privacy
BW1330 supports different levels of security and data encryption. Client stations can be separated on link layer (Layer2 User Isolation), preventing intruders from accessing the hard discs of other users.
User credentials (passwords) are protected by SSL or EAP-based authentication methods. User traffic can be encrypted by VPNs (pass-through). Operators and service providers can make use of the integrated VPN/tunneling protocols to protect AAA and management traffic.
Management Options
You can use the Access Controller management systems through the following interfaces:
Web-browser
Command Line interface (CLI)
Simple Network Management Protocol (SNMP v1, v2, v3)
The AC management system pages are organized the same way for the web-browser interface and the CLI. This user manual provides detailed description of each management option.
BROWAN Page
8
User’s Guide
The BW1330 Features
Version 1.0
WLAN
802.11b+g compliant, 1-54Mbps with auto-fallback
Wi-Fi
Support Multiple BSSID up to 16 "Virtual AP"
Concurrent 802.11b and 802.11g access
WDS support (concurrent bridge and AP mode)
WPA/WPA2 (Wi-Fi Protected Access) support
R-TNC connectors for external antennas
RF output power
High receiver sensivity (up to -91 dBm@1Mbps, 8%PER)
AAA
Multiple
Per LAN/VLAN AAA, IP policies
WISPr compliant
Internal and external accounting backups
Internal or external web server
Remote user login, logout, session status control via https/XML
AAA proxy server (for simultaneous EAP and UAM)
Per user bandwidth management
Web proxy support
IP Router and IP address management
Static IP routing table
NAT/NAPT (IP masquerading)
Port-forwarding
802.1q VLAN support
Transparent VPN client pass-through (PPTP, IPsec ESP)
Selective routing
PPPoE
GRE
DHCP server, relay gateway (suboptions), DHCP client
Multiple IP pools per user group
UAT (Universal Address Translation)
SMTP redirection (e-mail)
VPN
GRE VPN client
Ethernet port
One WAN port, One LAN port 10/100Mb, auto-sensing
Management
Secure management via https, SSH, SNMP
SNMP
SNMPv3 (incl. authentication and encryption)
Management subnet for remote AP and switch management
Remote firmware update
BROWAN Page
9
User’s Guide Version 1.0
Chapter 2 – Installation
This chapter provides installation instructions for the hardware and software components of the
Access Controller BW1330. It also includes the procedures for the following tasks:
Hardware Introduction (LEDs, Connectors)
Connecting the Access Controller
First
Step-by-Step
The Product Package
The Access Controller comes with the following:
High Performance Hopspot Access Point (model: BW1330)
Detachable Antennas (Dipole Antenna with R-TNC plug connector, 2 units)
External power supply (Input:100-240VAC, 50-60Hz, Output: 12VDC, 1 unit)
Ethernet Patch Cable (STP, 1.5 m length, 1 unit)
Installation containing:
BW1330 User Guide in PDF format
KickStart
Product
Release
Adobe Acrobat Readers
Printed Warranty Note(3 year)
Console
Screw
If any of these items are missing or damaged, please contact your reseller or
Browan Communications sales representative.
BROWAN Page
10
User’s Guide
Hardware Introduction
General Overview
Version 1.0
Figure 1 –BW1330 Access Controller General View
The front panel of the Access Controller contains:
A series of indicator lights ( LEDs ) that help describe the state of various networking and connection operations.
The reverse panel of the Access Controller contains:
Connectors which enable you to make different network connections for the controller
Reset button enables you to reboot or reset the device configuration to the factory defaults
Press the Reset button for less than 3 seconds to reboot the controller.
Press the Reset button for more than 10 seconds to set the controller to factory defaults .
BROWAN Page
11
User’s Guide
Back Panel
Version 1.0
Figure 2 – Back Panel of the BW1330
The back panel of the Access Controller contains:
Model and device name (see item 1 in figure above). The official device name is High
Performance Hopspot Access Point , model BW1330 .
MAC address of the device. The label (item 2 in figure above) shows the LAN interface MAC address of the device.
You can determine the WAN and WLAN(Up to 16 MBSSID) interfaces’
MAC addresses by a simple calculation:
WAN interface MAC = LAN MAC + 1 (Hex)
WLAN(MBSSID) interface MAC = LAN MAC + 1 (Hex) by sequence up to 16 MAC
LEDs
The Access Controller has several LEDs located on the front panel:
Figure 3 – LEDs of the BW1330
BROWAN Page
12
User’s Guide Version 1.0
The various states of the LEDs indicate different networking and connection operations as follows:
Item LED Color Status Indication
1 Power
2
3
4
5
Online
WAN
LAN
WLAN
Green On system is active/working
Blinking system is booting
Orange
Green
Green
Green
On
On
Off
Writing to FLASH memory
PPPoE/PPTP/GRE tunnel for DSL is actived.
PPPoE/PPTP/GRE tunnel for DSL is deactived.
WAN active/working On
Blinking Data transmitting
On 100 Mbps network connection exists
Orange
Green
Blinking Data transmitting
On 10 Mbps network connection exists
Blinking Data transmitting
On WLAN active/working
Blinking Data transmitting
Connectors
The Access Controller has several connectors on the rear panel:
Figure 4 – Connectors
Descriptions of the connectors are given in the following table:
Item Connector Description
1 Power For power supply
2 Reset
Reboot or reset to factory defaults.
Press the reset button for less than 3 seconds to reboot the controller. Press the reset button for more than 10 seconds to set the controller to factory defaults
3
4
5
6
WAN
LAN
RS232
Antenna
For Internet connection and PoE input
For enterprise applications use this port to connect your company LAN, Intranet or to hotspot access points
Console port
The MAIN antenna
7 Antenna The AUX antenna
BROWAN Page
13
User’s Guide
Stand
Version 1.0
The BW1330 is designed standing on the desk or wall mount. Refer to the direction of red arrow to release and insert the stand at the back of BW1330. figure 5 – release stand figure 6 – insert stand
Wall Mount
BW1330 is also designed for wall mounting.Refer to the step 1 and step 2 to fix the stand on the wall and lock the BW1330 on it. figure 7 - wall mount
BROWAN Page
14
User’s Guide
Connecting the Access Controller
Use the following procedure to prepare your network connection to your BW1330.
Use the enclosed power adapter for power supply of your BW1330.
Step 1
Step 2
Version 1.0
Place the Access Controller on a flat work surface.
Connect one Ethernet patch cable to the LAN port of the Access Controller and to a free hub port on your local network.
Step 3 Connect the WAN port of the Access Controller to an Ethernet port of a broadband
Internet modem or router.
Step 4
Step 5
Connect the power adapter to the Access Controller.
Wait 30 seconds until the boot process is finished and check to ensure that at least the following LEDs are ON:
Power LED (steady On)
WAN
LAN
WLAN link LED
BROWAN Page
15
User’s Guide Version 1.0
Initialization
This paragraph describes how to access the Web configuration interface of the BW1330. After unpacking and connecting the product for the first time it responds to a dynamic IP address given by the DHCP server on LAN or WLAN interface.
The default network settings for your new access controller are:
Ixp1(WAN) port: IP 192.168.2.66 subnet 255.255.255.0 subnet 255.255.255.0 Br1
Ixp0 (LAN) port:
WLAN1_0(first virtual AP):
IP 192.168.3.1
In Bridge
In Bridge
For other management methods: SNMP and command line interface (CLI) please refer to their respective chapters.
Access Your BW1330
After connecting the BW1330 device to network, try to access the BW1330 via one of the method:
Follow these instructions to access your BW1330 using the Web browser:
Step 1
Step 2
● Access your device via LAN connected by RJ-45 cat.5 cable or wirelessly connect to
BW1330 by default SSID “BW1330” without any encryption. Waitting for DHCP server to give an IP address 192.168.3.x to your client PC. Open the Web browser and type the IP address of the BW1330: https://192.168.3.1/a.rg
● Configure your PC with a static IP address on the 192.168.2.x subnet with mask
255.255.255.0. Connect the BW1330 WAN interface into the same physical network as your PC. Open the web browser and type the default IP address of the BW1330: https://192.168.2.66/a.rg
Enter the BW1330 administrator login details to access the Web management.
The default administrator log on settings for all access point interfaces are:
User Name: admin
Password: admin01 figure 8 login page
Step 3 After successful administrator log on you will see the main page of the access controller’s Web interface :
BROWAN Page
16
User’s Guide Version 1.0 figure 9 administrator page
Software Introduction: KickStart
Another way is launch the KickStart utility that is provided with your product CD. The KickStart is a software utility that is included on the Installation CD. The utility automatically detects access points and access controllers installed on your network, regardless of its host IP address and lets you configure each unit’s IP settings. The feature list for the KickStart utility is listed below:
Scanning your subnet for all connected APs, ACs
Quick access to your AC via HTTPS, telnet, SSH
Setting new IP address of your AC
Reset to factory default settings
Default access (in case of lost administrator password)
Firmware
To install the KickStart utility insert the Installation CD into your CD-ROM drive. Find and install the utility from the product CD into the computer.
If the Installation CD does not start automatically, please run “ autorun.exe
” manually from the root directory of the installation CD.
Step 1 KickStart utility from the Installation CD . Click Start > Programs >
BROWAN > KickStart to launch the application. If the BW1330 device is connected to your network, the utility will automatically find your AC:
BROWAN Page
17
User’s Guide Version 1.0 figure 10 kick start utility
Step 2 Select your controller and right click. Select Open WEB item to launch the web management interface through the secure https connection: figure 11 kick start utility
BROWAN Page
18
User’s Guide
Step 3
Version 1.0
Enter the Access Controller administrator log on settings to access the web management interface.
The default administrator log on settings for all controller interfaces are:
User name: admin
Password: admin01
Step 4 After successful administrator log on you will see the controller web interface . The controller system statistics page is displayed by default: figure 12 administrator page
If you cannot connect to the device via your web browser because of TCP/IP misconfiguration, you can reset the product to the factory default. Press the reset button for more than 10 seconds.
Now you are enabled to perform the initial controller configuration. Follow the next section for step-bystep setup instruction to configure the device according to your needs.
BROWAN Page
19
User’s Guide Version 1.0
Step by Step Setup
Step 1.
Interface Set-Up
In the network interface | configuration |interface configuration menu you can set the TCP/IP settings. br1 is pre-configured as the WLAN port of your Access Controller, ixp1 is the WAN port. By default the bridge interface br1 initially contains two interfaces: wlan1_0 and ixp0. Wlan1_0 is the first virtual AP which you can configure up to 16 virtual AP(16 MBSSID) and ixp0 is the LAN port. Both ixp0 and wlan1_0 are DHCP server enabled by default.
You can modify these settings according to your local network requirements. Make sure that IP subnets do not overlap.
Figure 13 – Interface Configuration Settings
If DHCP client, or PPPoE,is selected as a dial-up protocol for the WAN interface the WAN settings of this table will be overwritten by the values retrieved from the
Internet Provider.
Step 2. DNS Set-Up
In the network interface | DNS menu you can specify your local domain name server or enter the
DNS server provided by your ISP (Internet Service Provider).
Figure 14 – DNS Redirection
DNS is set automatically if provided by the ISP dynamically via DHCP, PPPoE.
Step 3. IP Address Management
For automatic IP assignments to client stations, set the DHCP settings in the network interface |
DHCP menu according to your TCP/IP configuration from step 1 . Only use address ranges within the corresponding IP subnet of the LAN interface. In addition you can switch on the Universal Address
Translation function in the system | access | UAT menu. With UAT users do not need to change their local TCP/IP settings to log on to the Access Controller. The Access Controller will translate fixed IP numbers used in private networks transparently for the user.
Please refer to
Chapter 3 – Universal Address Translation for further details to
avoid IP conflicts.
Step 4. RADIUS Set-Up
In the network interface | RADIUS settings menu you can first define the local settings of the integrated RADIUS client of the Access Controller. For example you can modify timeouts and the
NAS server ID (name of the RADIUS client):
BROWAN Page
20
User’s Guide Version 1.0
Figure 15 – RADIUS Settings
On the second page: network interface | RADIUS | servers you can specify up to 32 different
RADIUS servers for authentication and accounting (see
). One of the
RADIUS server entries can be specified as the default server. Thus, if a user cannot be associated to any specific service provider by his login name, the Access Controller will send authentication and accounting messages to the default RADIUS server.
Figure 16 – RADIUS Servers
Make sure that the RADIUS server is up and running and is able to receive authentication requests from the Access Controller.
Step 5. Welcome/Login/Start pages
The most popular authentication method for public users is the UAM (Universal Access Method).
UAM can be enabled using the system | access | AAA menu. With UAM users can log-on to the
Access Controller using their web browser. As an operator of a wireless access service you can provide a custom set of web pages to your subscribers.
welcome page (default = Internal , Enabled) - the first page that is presented when users start their web browser.
login page (default = Internal) – the page containing the log-on fields for user name and password. This page is presented as default when the welcome page is disabled.
logout page (default = Internal) - the page that pops up after successful authentication. It includes information about the online session such as online time and transferred data.
help page (default = Internal) - the page with online help information for log-on.
unauthorized page (default = Internal) - the page which appears if web login method is disabled.
The default user login page looks like the picture below:
BROWAN Page
21
User’s Guide Version 1.0
Figure 17 – Example of a Simple Login Page
You have full flexibility to modify and adapt all these pages to your needs and personal designs. For initial set up and testing we recommend you use the default configuration, which will present a simple login window with input fields for user name and password.
Enter any start page you like in the user interface | start page menu. In addition you can define a number of free web sites in the walled garden table on the user interface menu.
For more information on how to build your own user pages please refer to
Step 6. Change Administrator Password
Before saving your initial configuration don’t forget to change the administrator password in the user interface | administrator menu.
Step 7. E-mail Redirection
If you have a SMTP mail server available for your subscribers enter its IP address and SMTP port number in the connection menu under the item e-mail redirection . All outgoing e-mail passing through the Access Controller will be redirected to this server.
Step 8. Save Configuration and Restart
Make sure you have saved your changes from each of the first seven steps and then press the save and reboot button on the lower side of the web management screen. After 10-15 seconds you can re-load the admin pages or start to log on to the Access Controller as a user.
Users connected to the LAN port of the Access Controller can type in any URL in their browser and they will be redirected to your defined welcome (if enabled) and login pages. Administrators can monitor connected users via the connection | users menu.
BROWAN Page
22
User’s Guide Version 1.0
Chapter 3 – Universal Address Translation
What is UAT
Universal Address Translation (UAT) allows Hotspot operators to offer true IP Plug&Play access for their subscribers.
With UAT enabled, the Access Controller will automatically and transparently translate fixed IP settings (IP address, gateway, DNS, proxy server) on a user’s PC enabling him to connect to the broadband Internet service, even if the client’s IP overlaps the IP subnet of the WAN port.
Without UAT public access, subscribers are forced to switch their TCP/IP settings to DHCP
(automatic IP address assignment), potentially losing any fixed IP address settings they previously entered.
UAT Principle
BW1330 acts as an ARP proxy to each client who has a fixed IP which not belong to the subnet of
LAN interface. As below figure descript, BW1330 will automatic reply a client’s ARP Request if its IP doesn’t belong to its LAN subnet to pretend as if BW1330 is its Gateway; then inside BW1330, a unicast router will be added for UAT client.
Figure 18 – UAT Principle
UAT Limitation
When using UAT operators have to be aware of some principal limitations:
If UAT mode is enabled on BW1330, BW1330 will act as an ARP Proxy under its LAN interface. If there has a sub-net behind a router which under the LAN of BW1330 and there has a PC whose IP belong to the sub-net as the figure show, the communication between PC2 and PC1 will be failed for the reason of BW1330’s ARP proxy packet.
But if the router is working under NAT mode, the communication from PC2 to PC1 will be OK.
BROWAN Page
23
User’s Guide figure 19 UAT Limitation
Version 1.0
Figure 20 – another subnet under BW1330
BROWAN Page
24
User’s Guide Version 1.0
Chapter 4 – User Pages (Based on XSL)
This chapter describes what the user pages are and how to manage them. Detailed instructions on how to change and upload new user pages are given below.
When launching his/her web browser the user's initial HTTP request will be redirected to an operator defined set of web pages, further called the "user pages". User pages are:
Welcome page– the first page presented to the user.
Login page – subscriber authentication page, allows the user to login to the network.
Logout page– small pop-up window for logged-on user statistics and log-out function.
Help page – get help with the login process.
Unauthorized page – this page is displayed when web login or EAP login methods are disabled
on the Access Controller for subscribers.
All further presented user pages are factory default. The Hotspot operator can upload new templates for all user pages.
User Pages Overview
Welcome Page
Welcome page is the first page a Hotspot subscriber receives when he starts his web browser and enters any URL. By default it’s a very simple page and provides only a link to the login page.
Figure 21 – Welcome Page
The Hotspot operator can change the welcome page according its needs. See more details in section:
Login Page
The subscriber gets to the login page after clicking the link on the welcome page. The login page is loaded from the Access Controller. To get access to the network, the user should enter his authentication settings: login name and password and click the login button:
Figure 22 – Simple Login Page
BROWAN Page
25
User’s Guide Version 1.0
The login name and password can be obtained from your Hotspot Operator. Login format available for BW1330:
username@WISPdomain
WISPdomain/username
The login page also displays subscriber’s logical and physical network addresses (IP and MAC).
Once authenticated, a start page appears. In addition, a smaller logout window (page) pops up.
The Hotspot operator can change the login page according to its needs. See more
details in section: Changing User Pages.
Logout Page
Make sure the JavaScript is enabled on your Web browser; otherwise you will not receive the logout page.
The Logout page contains the detailed subscriber’s session information and provides function for logging out of the network:
Figure 23 – Logout Page
Detailed AC subscriber’s session information includes:
Logout button – click the button to logout from the network. The log-out pop-up window closes.
Bill button – display subscriber’s billing information (not include current session).
Passwd button – click the button to change subscriber’s password.
User – subscriber’s login name.
User IP – subscriber’s logical network name (IP address).
BROWAN Page
26
User’s Guide
MAC Address – subscriber’s physical network address.
Version 1.0 time length – subscriber’s time length from client log on in format: [hours: minutes: seconds].
Download/upload bytes – subscriber’s session download and upload statistics in bytes.
Download/upload bytes left – session download and upload bytes left for subscriber limited from
RADIUS [in B, KB, MB, GB and unlimited].
Total bytes left – session total (download and upload) bytes left for subscriber limited form RADIUS
[in B, KB, MB, GB and unlimited]. time length left – time length left in format: [hours: minutes: seconds].
Bandwidth downstream/upstream – available upstream and downstream bandwidth for subscriber limited from RADIUS [in bps].
Refresh button – click the button to refresh the subscriber session information.
The Hotspot operator can change the logout page interface according to its needs.
See more details in section:
. All session details are further accessible via the operator XML interface.
Help Page
Click on the get help link in the login page for help tips related to network registration. A page appears similar to the following:
Figure 24 – Help Page
The Hotspot operator can change the help page according to its needs. See more
details in section: Changing User Pages.
Unauthorized Page
If web log-on method (UAM) or EAP-based authentication methods are disabled on the AC and the subscriber attempts to login to the network, he will receive the following page:
Figure 25 – Unauthorized Page
The Hotspot operator can change the unauthorized page according to its needs.
See more details in section:
BROWAN Page
27
User’s Guide
Changing User Pages
Version 1.0
As the Hotspot operator you can modify the user pages freely according to your personal needs and preferences. User Page templates can be either stored locally on the AC or on an external web server.
Use the user interface | configuration menu to modify user pages. There are two ways to change and store new user page templates:
External – linking new user page templates from an external server.
Internal – upload new templates to local memory.
Supported user pages template formats:
XSL (Extensible Style sheet Language) for welcome/login/logout pages.
HTML (Hypertext Markup Language for help/unauthorized pages.
The welcome, Login and logout pages must be in .XSL format.
The following image formats are supported for new templates. Other formats are not accepted:
PNG
GIF
JPG
The following examples demonstrate the use of internal and external user pages.
User Pages templates samples can be found in the Installation CD delivered to you with the product.
Example for External Pages
Step 1 Prepare your new user pages template for each user page: welcome/login/logout/help/unauthorized.
Step 2 Under the user interface | configuration | pages menu select the user page you want to change (e.g. login) figure 26 configure external pages
Step 3 Choose the external option under the use column:
figure 27 configure external pages
BROWAN Page
28
User’s Guide
Step 4 Specify the new user page location in the location field
( http://servername/filelocation ):
Version 1.0 figure 28 configure external pages
Do not try to upload other than supported formats. Such uploaded pages will not be displayed properly.
Step 5 Save entered changes with the apply changes button: figure 29 configure external pages
Step 6 Check for new uploaded user page (e.g. login): figure 30 new login page
If at anytime you wish to restore factory default user pages, click the reset button under the system | reset menu.
BROWAN Page
29
User’s Guide
Example for Internal Pages
Version 1.0
We will use the user pages templates from the Installation CD to show the example how to upload the internal pages. Follow the steps below:
Step 1 internal option is selected for all user pages you want to change. By default internal option is defined for all pages:
figure 31 internal pages
Step 2 Under the user interface | configuration | upload to upload new prepared user pages: menu click the upload button
Figure 32 upload page
The memory space in the AC for internal user pages is limited to 1 MB .
Step 3 Specify the location ( Examples directory if you use the Installation CD ) of new user page templates by clicking the browse button or enter the location manually.
Specify the location for the additional files of new user page templates: images and a cascading style sheet file ( css ) by clicking the browse button or enter the location manually: figure 33 upload template files
BROWAN Page
30
User’s Guide
Step 4 upload button to upload specified templates and files.
Version 1.0
You do not need to upload all additional files at once. You can repeat the upload process a number of times until all necessary images are uploaded.
Step 5 Check for the newly uploaded user pages and images to ensure that everything is uploaded and displayed correctly. Go to the link: https://<device-IP-address>/ to get to the new user welcome page: figure 34 customize welcome page https://<device-IP-address>/login.user
to get to the new user login page:
BROWAN Page
31
User’s Guide Version 1.0 figure 35 customize login page
If at anytime you wish to restore the factory default user pages, click the reset button under the system | reset menu.
BROWAN Page
32
User’s Guide Version 1.0
Extended UAM
The Extensions feature ( user interface | configuration menu) allows an external Web Application
Server (WAS) to intercept/take part in the user authentication process externally log on and log off the user as necessary. It provides means to query user session information as well.
See the following schemes to understand how the remote client authentication works.
Scheme 1:
The remote authentication method when client’s authentication request is re-directed to the external server (WAS):
Client AC WAS RADIUS Server
1. Initial Request
2. Fetch XSL
3. Renders HTML
4. Direct client communication with WAS
5. Client sends his/her login and password
6. WAS tries to authenticate client
7. AC sends request to
RADIUS
8. RADIUS reply authenticated or not
9. WAS reports client status: authenticated or not
Figure 36 – Client Remote Authentication Scheme (1)
The Client initiates (1) authentication process. AC intercepts any access to the Internet via HTTP and redirects the client to the welcome , or login URL on AC. In order to render the custom login screen
HTML page, the AC must be configured to (2) fetch .XSL script from a remote server, which in this case is a Web Application Server (WAS), or have custom .XSL uploaded on the AC. There is the ability to enable caching of .XSL scripts (see: User Interface | Configuration | Pages ), thus avoiding fetching of the same document every time a client requests authentication.
The AC (3) uses .XSL script to render HTML output, which is done by feeding a XML document to a parsed and prepared for rendering .XSL script. The latter XML document contains all needed information for Web Application Server like user name, password (if one was entered), user IP address, MAC address and NAS-Id. Custom .XSL script must generate initial welcome/login screen so that it embeds all the needed information in a HTML FORM element as hidden elements and
POST data not back to the AC, but to the Web Application Server (5). Thereafter the client communicates directly with the Web Application Server.
Find more details on how to prepare the .XSL templates to renter the HTML in
Appendix: E) User Pages Templates Syntax.
BROWAN Page
33
User’s Guide Version 1.0
When the Web Application server has all needed data from the client, it must try to authenticate (6) the client. Authentication is done by the RADIUS server but through the AC. At this step the shared secret is used to make the connection between the WAS and the AC. The AC re-sends the authentication request to the RADIUS server (7). Depending on the status, appropriate authentication status must be returned back to the WAS but through the AC (8). In step (9), the Web Application
Server knows the client authentication status and reports success or failure back to the client.
The Web Application Server (WAS) must be configured as a free site in the Walled
Garden area.
There is an ability to skip the rendering initial user pages from the .XSL. See the following scheme when the user initial request is redirected to the specified location.
Scheme 2:
The remote authentication method when client with proxy authentication request is re-directed to the external server (WAS):
Client AC WAS RADIUS Server
1. Initial Request
2. Replay with
HTTP redirect
3. Direct client communication with WAS
4. Client sends his/her login and password
5. WAS tries to authenticate client
6. AC sends request to
RADIUS
7. RADIUS replay authenticated or not
8. WAS reports client status: authenticated or not
Figure 37 – Client Remote Authentication Scheme (2)
The initial client request (1) can be redirected to the specified location, as redirection URL on the
Web Application server. In such case the client who wants to authenticate gets the redirection from
AC (2). In other words the AC intercepts any access to the Internet via HTTP and redirects the client to the defined welcome , or login URL on WAS (also see: User Interface | Configuration | Pages ).
The further actions are the same as described in the Scheme 1
The WAS location URL under welcome page redirect must be configured as a free site in the Walled Garden area.
To define such redirection URL use the user interface | configuration | pages menu. Enable welcome page, set the redirect setting and specify the redirect location for such authentication process (also see: User Interface | Configuration | Pages ).
BROWAN Page
34
User’s Guide
Parameters Sent to WAS
Version 1.0
Parameters that are send to the external server (WAS) using the remote user authentication method
(UAM).
Parameter Description Comments
nasid nasip clientip mac ourl sslport lang
Lanip
NAS server ID value
WAN IP address for WAS
Client IP address
Client MAC address
Initial URL where not authorized client enter to his/her browser and tries to browse. After authentication the client is redirected in this URL
HTTPS port number of AC (by default: 443).
Parameter "accept-language" from client browser request
The IP address of the LAN interface the user is connected to.
Can be specified under the network interface | RADIUS |
RADIUS settings menu
Can be changed or specified under the network interface | configuration | interface configuration menu.
Cannot be defined manually.
Cannot be defined manually.
Optional.
Not configurable.
Optional.
Can be changed or specified under the network interface | configuration | interface configuration menu.
In order to logon, log-off or get user status WAS submits POST request to the following URLs:
1. Remote user logon
Script name:
Parameters:
secret
ip
username
password
All parameters are required. pplogon.user shared secret, to protect page from accidental use
IP address of user to be logged on.
Username of the user to be logged on.
Password of the user to be logged on.
Script call example: https://BW1330/pplogon.user?secret=sharedSecret&ip=<user_IP_address>&userna me=userName&password=UserPassword
Script produces XML output:
<logon>
<status>Ok</status>
<error>0</error>
<description>User logged on.</description>
<replymessage>Hello user!</replymessage>
</logon>
Response status and error codes:
status error description
OK
Not checked
No IP
0
100
101
User is logged on.
Logon information not checked.
No user IP address supplied.
BROWAN Page
35
User’s Guide Version 1.0
No username
Disabled
Bad secret
No password
OK
Failed to authorize
Bad password
Network failed
Accounting error
Too many users
Unknown authorization error
102
103
104
105
110
111
112
113
114
115
120
No username supplied.
Remote authentication is disabled.
Incorrect shared secret supplied.
No user password.
User already logged on.
Failed to authorize user.
Incorrect username or/and password.
Network connection failed.
Accounting error.
Too many users connected.
Unknown authorization error.
<replymessage> is RADIUS Reply-Message attribute value. If RADIUS responds with Reply-
Message(s), they are added to logon response. If RADIUS does not responds with Reply-Message,
<replymessage> attribute is not added to output XML.
2. Remote user log-off
Script name: pplogoff.user
Parameters:
secret
ip shared secret, to protect page from accidental use
IP address of user to be logged off.
username
mac AC address of the user to be logged off.
All parameters are required, except the IP and MAC. At least one of IP and MAC addresses should be supplied. If supplied only IP, user is checked and logged off by username and IP. If IP and MAC addresses are supplied, then user is checked and logged off by username, IP and MAC addresses.
Script call example: https://BW1330/pplogoff.user?secret=sharedSecret&username=UserName&ip=<user
_IP_address>
Script produces XML output:
<logoff>
<status>Ok</status>
<error>0</error>
<description>User logged off.</description>
</logoff>
Response statuses and error codes:
status error Description
OK
Not checked
No username
Disabled
Bad secret
No IP/MAC
0
100
102
103
104
106
User is logged off.
Logoff information not checked.
No username supplied.
Remote authentication is disabled.
Incorrect shared secret supplied.
No user IP and/or MAC address supplied.
User with supplied MAC address not No user by MAC 121
BROWAN Page
36
User’s Guide Version 1.0 found.
No user by IP
No user by IP and MAC
Failed to logoff
Cannot resolve IP
Unknown logoff error
122
123
131
132
140
User with supplied IP address and username not found.
User with supplied IP, MAC addresses and username not found.
Failed to logoff user.
Cannot resolve user IP.
Unknown logoff error.
3. Remote user status
Script name: ppstatus.user
Parameters:
secret
ip
username shared secret, to protect page from accidental use
IP address of user to get status.
Username of the user to get status.
All parameters are required.
Script call example: https://BW1330/ppstatus.user?secret=sharedSecret&username=UserName&ip=<user
_IP_address>
Script produces XML output:
XML output, when some error occurs:
<ppstatus>
<status>No user by IP</status>
<error>122</error>
<description>User with supplied IP address not found.</description>
</ppstatus>
Response statuses and error codes:
status error description
OK
Not checked
No IP
No username
0
100
101
102
User status is ok.
Status information not checked.
No user IP address supplied.
No username supplied.
Disabled
Bad secret
103
104
Remote authentication is disabled.
Incorrect shared secret supplied
No user by IP 122 User with supplied IP address not found.
No user by IP and username 141 User with supplied IP address and username not found.
XML output when no errors and user statistics got successfully:
<ppstatus>
<status>Ok</status>
<error>0</error>
<description>Got user status.</description>
BROWAN Page
37
13
14
15
16
9
10
11
12
5
6
7
8
1
2
3
4
User’s Guide
<entry id="1">g17</entry>
<entry id="2">192.168.2.117</entry>
<entry id="3">200347C92B63</entry>
<entry id="4">00:00:05</entry>
<entry id="5">3E64C7967A36</entry>
<entry id="6">00:01:10</entry>
<entry id="7">0 bytes</entry>
<entry id="8">0 bytes</entry>
<entry id="9">testlab</entry>
<entry id="10">unlimited</entry>
<entry id="11">unlimited</entry>
<entry id="12">unlimited</entry>
<entry id="13">32 Mbps</entry>
<entry id="14">32 Mbps</entry>
<entry id="15">04:59:55</entry>
<entry id="16">EAP</entry>
</ppstatus>
Status detailed information by ID:
id description
User name
User IP address
User MAC address
Session time
Session ID
User idle time
Output bytes
Input bytes
User WISP name
Remaining bytes
Remaining output bytes
Remaining input bytes
Bandwidth upstream
Bandwidth downstream
Remaining session time
Authentication method
Version 1.0
BROWAN Page
38
User’s Guide Version 1.0
Chapter 5 – Customized User page (HTML)
This chapter will assist you on configuring BW13330 customized login/logout pages using the sample templates in BW13330 CD. BW13330 CD includes four different styles of templates (based on HTML).
There are three authentication-enabled styles (coffee bar, general and hotel), and one authenticationfree hotel style. User can also create a personalized login/logout pages based on the provided sample templates.
Determine Your Access Policy
Determine if the BW13330 access policy requires user authentication:
Choose either the authentication-enabled policy (user authentication require) style template or authentication-free policy (no user authentication require) style template as the base template. Step 2 will show how to configure authentication-free access policy on BW13330. User may use any HTML editing tools to modify the template contents to create a new personalized login/logout page.
Configure Authentication-Free Access Policy
Login BW13330 as super administrator and go to system | access | Web auth menu . From the diagram below, edit the ip web auth method status and set to enabled.
Figure 38 – configure IP authentication.
Once the status of the ip web auth method is set to enabled, any end-user trying to access to Internet from BW1330 will not require user authentication. More detail please refer to the system | access | Web auth in chapter 8.
Step1. Configure and Upload Customized Login/Logout Page files
Login BW1330 as super administrator and go to user interface | configuration | Custom UAM.
In order to configure BW1330 using the customized login/logout page, Customize Page status must be set to enable.
To enable Customized Page, edit the Customize page status( user interface |configuration |custom uam ) and set to Enabled. See the diagram below:
Figure 39 – enable customize page status
BROWAN Page
39
User’s Guide Version 1.0
Figure 40 – customize page status is enabled
To start to upload the customized template files, click the upload button. (We will use the coffee bar style template files in the BW1330 CD for this demonstration).
After clicking the upload button, an Update Custom UAM Files screen will appear. (See diagram below).
Figure 41 – upload files
Enter the physical path and filename of the coffee template files, or click the “browse” button to search the BW1330 CD where coffee template files are located.
The first two items are for login.html and logout.html files.
Additional files are for CSS and image files, such as jpg, gif, png and etc.
BROWAN Page
40
User’s Guide Version 1.0
Figure 42 – select example files
Figure 43 – upload login.html
After entering all the template files, press upload button to start the uploading files to BW1330.
Only ten Additional files can be uploaded at one time. To upload more additional file, repeat the same upload process in step 2-4, but please be aware of the first two items are only for login.html and logout.html files. Image files can only be uploaded to Additional file fields
BROWAN Page
41
User’s Guide Version 1.0
Figure 44 – upload other files
Once all files are uploaded successfully, a list of Uploaded File List will show.
Figure 45 – files have been uploaded
Verify if all files are uploaded successfully
BROWAN Page
42
User’s Guide Version 1.0
Figure 46 – verify all files
Step2. Configure the pixels of logout window.
The README file in each template directory contains the information of the pixels settings for the logout page. Enter the width size and height size setting of logout page and press the Save button.
E.g. the coffee bar template, the suggested size of logout page is 1024 x 768.
Figure 47 – set the pixels of logout window
Step3. Everything is ready
Now, any users that access the internet via the BW1330 will see the new personalized login and logout pages.
Let’s look at the new appearance of login and logout page based on the coffee bar template.
BROWAN Page
43
User’s Guide
:
Figure 48 – example of coffee bar login page
Version 1.0
Figure 49 – example of coffee bar logout page
BROWAN Page
44
User’s Guide
FAQ
Version 1.0
1. Question: How to add some links that could be accessed without authentication?
Answer: These authentication-free sites for users are so called “walled garden ”area. Please refer to the user’s guide to do the relating settings.
2. Question: How to hide the user login session information from my customers?
Answer: You can find these set of html code in logout.html we provided:
<td width="265" valign="top"><iframe src="logout.user?cmd=status" width="250" height="240" marginwidth="0" marginheight="0" scrolling="yes" frameborder="0"></iframe></td>
These set of code uses an embedded window to show the session data in logout window.
Comment them with HTML comments language “<!--“ and “//-->” will hide the session data in logout window.
3. Question: If I don’t want the logout window to pop-up to users, how could I do?
Answer: Please login BW1330 and go to user interface | configuration | Custom UAM to disable “pop logout page.”
Answer: 1. just un-plug you wireless card, or un-plug you network wire if you use a wired card.
2. Open a browser window, and input the URL: “logout.usr”, then you will be redirect to
logout window.
If you still have any question and any comments, please email to [email protected]
BROWAN Page
45
User’s Guide
Chapter 6 – Command Line Interface
Version 1.0
Introduction
The CLI (Command Line Interface) software is a configuration shell for the Access Controller. Using the CLI system operator can configure:
User
Network
System
Using the CLI system operator can check:
Status (device, network, service)
Connection
All available key combinations in CLI mode are listed in the table below:
Key and/or Combination
?
<TAB>
<CTRL> <D>
<CTRL> <A>
<CTRL> <E>
<CursUP>/<CursDOWN>
Function
Get context-sensitive help
Complete the current keyword or list all the options
Break out the sub-shell
Jump to the beginning of the line
Jump to the end of the line
Scroll through the history of commands
Get Connection to CLI
There are three different ways to get a connection to the CLI of the Access Controller, via the:
Telnet
SSH client
Terminal
Telnet Connection
Make sure that default access status is allowed and telnet function is enabled on the AC before trying to connect via telnet . Otherwise, no telnet connection will be available.
Connect the Access Controller via LAN or WAN ports using the enclosed UTP cable and start a telnet session (using a telnet application). For example, connect your device via the WAN port, and then make a telnet connection as the following: telnet 192.168.2.66 where 192.168.2.66 is the default WAN interface IP. Login to CLI mode and the prompt will be displayed automatically. Enter the administrator login settings (refer to the
section for details).
BROWAN Page
46
User’s Guide
SSH Connection
Version 1.0
Make sure that default access status is set to allow on the AC before attempting to connect via SSH . Otherwise no SSH connection will be available.
Connect the Access Controller via LAN or WAN ports using the enclosed UTP cable and start a SSH session (using an application as PuTTY). For example connect your device via the WAN port and then make a SSH connection to host IP: 192.168.2.66 (default WAN interface IP).
Login to CLI mode prompt will be displayed automatically. Enter the administrator login settings (refer to the next section for details).
Terminal Connection
A serial console port RS-232 on the BW1330 enables a connection to PC or terminal directly.
1. Connect one of the connectors of the RS-232 cable directly to the console port on the BW1330.
2. Connect the other end of the cable to the COM port of the PC or the terminal running the communication software.
The connection operates at 9600 baud, 8 data bits, 1 stop bit and no parity.
Login
Enter the administrator login settings in the displayed CLI command prompt.
The default administrator login settings:
Login: admin
Password: admin01
Figure 50 – CLI Login
After a successful login command prompt is displayed, the CLI is ready for commands. Press ‘?’ to get a list of main commands:
Figure 51 – Main CLI Commands
‘ ?
’ will not appear on the screen. While pressing this character, the display changes to the desired help page. To enter ‘ ?
’ as character type ‘ \?
’.
BROWAN Page
47
User’s Guide
Connection
Version 1.0
Connection is a category of command that is related to the user’s connection with the device.
A full list of all available connection commands/subcommands and its parameters is available in the Appendix section: C) CLI Commands and Parameters.
In general, connection usage is as follows: connection <command> <value>
To get a list of all available commands in the connection category type: connection ?
Figure 52 – Connection Commands
Network
Network is a category of commands that configures controller interface settings, DNS, DHCP, UAT and RADIUS settings.
A full list of all available network commands/subcommands and its parameters is available in the Appendix section C) CLI Commands and Parameters.
The network commands themselves contain several subcommands and the subcommands again contain several parameters. In general, network command usage is as follows: network <command> <subcommand1> <subcommand2> [-parameter] < value>
To get a list of all available commands in the configure category, type: network ?
Figure 53 – Network Commands List
To get a list of all-available subcommands for a specific command, type: network <command> ?, (e.g. network radius ?)
All available subcommands for radius are displayed:
BROWAN Page
48
User’s Guide Version 1.0
Figure 54 – Configure Network (1)
Specific command contains several subcommands: network <command> <subcommand1> ?, (e.g. network radius servers ?)
All available subcommands are displayed:
Figure 55 – Configure Network (2)
To get a list for available parameters on selected subcommand, type: network <command> <subcommand1> <subcommand2> ?, (e.g. network radius servers accounting ?)
All available parameters on entered subcommand are displayed:
Figure 56 – Configure Network (3)
To configure the desired controller interface setting, type all required parameters with values and subcommands: network <command> <subcommand1> <subcommand2> [-parameter] <value>
(e.g. network radius servers accounting 1 –a 127.0.0.2 –p 1814 –s testing111), where parameters are as follows:
-a – RADIUS server IP address used for RADIUS accounting
-p – RADIUS server port number used for RADIUS accounting
-s – Shared secret key for accounting.
Figure 57 – Configure Network (4)
BROWAN Page
49
User’s Guide Version 1.0
If successful, a message regarding the successful completion is displayed; otherwise, an error message is displayed.
In some cases, entered commands without parameters display current controller configuration or settings: network <command> <subcommad1> <subcommad2>, (e.g. radius servers accounting), displays available RADIUS servers and its settings list (in this case, the RADIUS accounting server which is already updated):
Figure 58 – Configure Network (5)
BROWAN Page
50
User’s Guide
User
Version 1.0
User is a category of commands that configures controller interface settings, affecting the user’s interface: redirection URL, free sites (walled garden), system management access, administrator login/password.
A full list of all available user commands/subcommands and their parameters is available in the Appendix section: C) CLI Commands and Parameters.
In general, the user command usage is as follows: user <command> <subcommand1> <subcommand2> [-parameter] <value>
To get the full list of the user commands, type: user ?
Figure 59 – User Commands List
To get a list of all-available subcommands for a specific command, type: user <command> ?, (e.g. user walled_garden ?)
All available subcommands for walled garden (free sites) are displayed:
Figure 60 – Configure User Interface (1)
To configure selected user interface settings, type:
User <command> <subcommand1> <subcommand2> [-parameter] <value>,
(e.g. user walled_garden url A -u www.gemtek-systems.com -s gemtek site), where parameters are as follows:
A – action: add URL
-u – define URL address
-s – define URL description, visible for user:
Figure 61 – Configure User Interface (2)
If successful, a message regarding the successful completion is displayed; otherwise, an error message is displayed.
BROWAN Page
51
User’s Guide Version 1.0
Status
Status is a category of commands that’s displays:
General status (model, firmware version, uptime, memory)
All network settings (IP address/netmask, MAC address, gateway, RX/TX statistics)
Currently services (DHCP, routes, port forward, telnet, SNMP, UAT, ..).
A full list of all available status commands/subcommands and their parameters is available in the Appendix section: C) CLI Commands and Parameters.
In general the status command usage is as follows:
Status <command>
To get the full list of the status commands, type: status ?
Figure 62 – System Status Commands List
To get the general device status information, type: status device :
Figure 63 – Device Status
Here you can find the current firmware version of your AC. This is important information for support requests and for preparing firmware uploads.
BROWAN Page
52
User’s Guide
System
Version 1.0
System is a category of commands that configures access to controller (telnet, AAA methods, L2 isolation, SNMP, UAT) and configuration: clock, NTP, pronto, syslog, trace and firmware upgrade.
A list of all available system commands/subcommands and their parameters are available in the Appendix section: C) CLI Commands and Parameters.
In general, the system command usage is as follows: system <command> <subcommand1> <subcommand2> [-parameter] <value>
To get the full list of the system commands, type: system
Figure 64 – System Commands List
Telnet
To make a telnet connection, type the telnet command in the command line: telnet
The telnet client is activated and ready for a telnet session.
Figure 65 – Telnet Session
Quit the telnet to return to CLI interface.
Reboot
To stop the controller and reboot the device, type the reboot command in the command line. No configuration changes are done. The last saved configuration is applied to the rebooted controller.
Reset
To reset the controller to factory defaults, type the reset command. The device is restarted and defaults values are set.
Please note that even the administrator password will be set back to the factory default.
Exit
To leave the CLI mode, type the Exit command in the command line.
BROWAN Page
53
User’s Guide
Chapter 7 – SNMP Management
Version 1.0
Introduction
Another way to configure and monitor the Access Controller (BW1330) via a TCP/IP network is SNMP
(Simple Network Management Protocol).
SNMP is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
The SNMP agent and management information base (MIB) reside on the Access Controller. To configure SNMP on the controller, you define the relationship between the Network Management
System (NMS) and the SNMP agent (our AC). The SNMP agent contains MIB and Browan
Communications private MIB variables whose values the SNMP manager can request or change. A
NMS can get a value from an agent or store a value into the agent. The agent gathers data from the
MIB, the repository for information about device parameters and network data. The agent can also respond to a manager’s requests to get or set data.
In order to manage the device you have to provide your Network Management
System software with adequate MIB files. Please consult your management software manuals on how to do that.
SNMP Versions
The BW1330 supports the following versions of SNMP:
SNMPv1 – the Simple Network Management Protocol: A Full Internet Standard, defined in RFC
1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.)
Security is based on community strings.
SNMPv2c – the community-string based Administrative Framework for SNMPv2. SNMPv2c (the
"C" stands for "community") is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p
(SNMPv2 Classic), and uses the community-based security model of SNMPv1.
SNMPv3 – SNMP v3 is based on version 2 with added security features. It addresses security requirements through encryption, authentication, and access control rules.
Both SNMPv1 and SNMPv2c use a community-based form of security. The community of managers able to access the agent's MIB is defined by an IP address access control list and password.
The Access Controller implementation of SNMP supports all MIB II variables (as described in RFC
1213) and defines all traps using the guidelines described in RFC 1215.The traps described in this
RFC are: coldStart
A coldStart trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered.
WarmStart
A WarmStart trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself and that its configuration is unaltered. authenticationFailure
An authenticationFailure trap signifies that the SNMP entity, acting in an agent role, has received a protocol message that is not properly authenticated.
BROWAN Page
54
User’s Guide linkDown
Version 1.0
A linkDown trap signifies that the SNMP entity, acting in an agent role, recognizes a failure in one of the communication links represented in the agent's configuration. linkUp
A linkUp trap signifies that the SNMP entity, acting in an agent role, recognizes that one of the communication links represented in the agent's configuration has come up.
SNMP Agent
The SNMP agent responds to SNMP manager requests as follows:
Get a MIB variable – the SNMP agent begins this function in response to a request from the
SNMP manager. The agent retrieves the value of the requested MIB variable and responds to the manager with that value.
Set a MIB variable – the SNMP agent begins this function in response to a message from the
SNMP manager. The SNMP agent changes the value of the MIB variable to the value requested by the manager.
The SNMP agent also sends unsolicited trap messages to notify an SNMP manager that a significant event has occurred (e.g. authentication failures) on the agent.
SNMP Community Strings
SNMP community strings authenticate access to MIB objects and function as embedded passwords.
In order for the SNMP manager to access the controller, the community string must match one of the two community string definitions on the controller. A community string can be as follows:
Read-only – gives read access to authorized management stations to all objects in the MIB except the community strings, but does not allow write access.
Read-write – gives read and write access to authorized management stations to all objects in the
MIB, but does not allow access to the community strings.
Use SNMP to Access MIB
As shown in the picture as below SNMP agent gathers data from the MIB. The agent can send traps
(notification of certain events) to the SNMP manager, which receives and processes the traps. Traps are messages alerting the SNMP manager to a condition on the network such as improper user authentication, restarts, link status (up or down), MAC address tracking, and so forth. The SNMP agent also responds to MIB-related queries sent by the SNMP manager in get-request , get-nextrequest , and set-request format.
P-560
+ get-request, get-next-reguest, get-bulk, set-request get-response, traps
MIB
SNMP Agent
SNMP Manager figure 66 SNMP Management
BROWAN Page
55
User’s Guide
BROAN Private MIB
Version 1.0
In addition to standard SNMP MIBs, BW1330 supports the Browan Communications private MIB. The private MIBs are enterprise specific and serve to extend the functionality of the standard MIBs. The
Private MIB identifies manageable objects and their properties that are specific to the managed device. MIBs let you manage device not only by using WEB or Command Line Interface but also using SNMP protocol. The descriptions and brief explanations of managed objects are available in the
MIB file. The MIB file is a specially formatted text file. It is using the so-called ASN.1 standard syntax.
BROWAN Page
56
User’s Guide Version 1.0
Chapter 8 – Reference Manual
This chapter contains BW1330 web management reference information.
The web management main menu consists of the following sub menus:
Network Interface – device configuration settings affecting networking.
User Interface – device configuration settings affecting the user interface.
System – device system configuration settings directly applicable to the controller.
Connection – device settings related to user’s connection with the BW1330.
Built-In AAA – Built-in AAA system for web authentication and accounting.
Exit – click exit and leave the web management then close your web-browser window.
Web Interface
The main web management menu is displayed at the top of the page after successfully logging into the system (see the figure below). From this menu all essential configuration pages are accessed.
Figure 67 – Main Configuration Management Menu
By default the system | status menu is activated and the current AC system status is displayed. The active menu is displayed in a different color.
The web management menu has the following structure:
Network Interface
Configuration – configuration page for all controller network interfaces
Interface configuration – network interfaces configuration
Bridge – bridge configuration
VLAN – define VLAN on your controller
Route – define new static route on the controller interface
Port forwarding – port-forwarding rules
DHCP Relay – DHCP relay server configuration
User ACL – define packet filter rules
Management subnet – access points (APs) management
DNS – define DNS server settings
DHCP – Dynamic Host Configuration Protocol services configuration
POP3 – POP3 server address configuration for client authentication
RADIUS – configuration set for RADIUS servers, includes menu:
RADIUS settings – NAS server ID, hotspot operator name and other settings
RADIUS servers – accounting, authentication RADIUS servers IP, port and other settings
WISP – add new WISP on the system.
Proxy – configure the AC to act as RADIUS server proxy.
Accounting backup – backup authentication logs in the remote or external server
Tunnels – set tunnels:
PPPoE/ GRE for DSL – connect to ISP via the PPPoE or GRE tunnel
GRE Client for VPN – set the GRE (Generic Routing Encapsulation) tunnels for the BW1330
Wireless – wireless interface configuration
Basic – primary SSID, regulatory domain, network mode, channels selection
Advanced – multiple SSID configuration
WDS – access point and WDS modes
SecWep – WEP and WPA
User Interface
Configuration –Welcome/Login/Logout/Help page customization
Pages – configure and upload user pages
BROWAN Page
57
User’s Guide
System
Upload – upload new internal user pages
Headers – define http headers encoding and language
Remote authentication –
Custom Uam – customized user login and logout page based by HTML page.
Administrator – administrator login and password change
Start page – define start page URL
Walled Garden – free web site list
Web Proxy – web proxy settings for clients
Version 1.0
Configuration – system configuration utilities:
Syslog – specify address where to send system log file
Clock – system clock settings
NTP – get time from network time protocol service
Certificate – upload new certificates into the local controller memory
Save and restore – save current device configuration for backup
Domain Name – Configure BW1330 domain for uniform digital certificate.
Share Username - setting user account shared status
Access – configure access to your controller:
Access Control – set default access to your AC
Telnet – enable/disable telnet connections
AAA – define different AAA methods
UAT – enable/disable universal address translation
Isolation – restricts clients from communicating along Level 2 separation
NAV – NAT, authentication and visitor access control
SNMP – SNMP service and proxies
Web Auth – Settings for auth methods of Built-in AAA
MAC List - MAC ACL table.
HTTPC - Configure if client use HTTPS or HTTP for web authentication.
Status – AC system status
Reset – reset configuration to factory defaults values and/or reboot
Update – find out current software version and update with new firmware
Connection
Users – connected users’ statistics list and log-out user function
E-Mail Redirection – outgoing mail (SMTP) redirection settings
Station Supervision – monitor station availability with ARP-pings settings
Built-in AAA
E-Billing – Post paid built-in AAA system
User Control – management E-Billing (Built-in AAA) user account.
Band Class – band width management for E-Billing account.
Bill settings – configure the billing policy and price for E-Billing account
Power cut protection – setting for power off protection
Pre-paid - per-paid built-in AAA system
User account – show current generated pre-paid account
Price/unit –setting of price and unit
Account life –setting of receipts available life
Web key and SSID –setting Web key and SSID printed on receipts
Receipts – history of printed receipts and profit
Timeunit –define the charge time by hour or day for the pre-paid user
Account reminder – remind hot spot owner checking the income of prepaid account.
Manage net print –set up the network printer for BW1330.
Configuration - Billing Backup and restore; Receipt Language and title configuration.
Language – setting language of printed receipts
Backup and Restore – Backup and restore Built-in AAA account and billing records.
Title – setting of venue name
In the following sections, short references for all menu items are presented.
BROWAN Page
58
User’s Guide Version 1.0
Network Interface
Network Interface | Configuration | Interface Configuration
The SMB Public Access Controller contains two multi-purpose network interfaces: br1 and ixp1.
These interfaces can be configured to work as either local area network (LAN) or wide area network
(WAN) interfaces or wireless area network(WLAN) for Access Points. LAN is used to connect hubs, switches, Access Points and subscribers. The WAN port connects to the Internet or the service provider’s backbone network. The wlan1_0 is the first virtual AP for wireless network.
All these interfaces are listed in the interface configuration page. By default a bridge exists (labeled br1) which contains two interfaces: wlan1 and ixp0.All network interfaces available in the SMB Public
Access Controller are shown in the following table:
Figure 68 – Interface Configuration Table
To change network interface configuration properties click the edit button in the action column. The status can be changed now:
Figure 69 – Edit Interface Configuration Settings part.1
Interface - standard interface name. This name cannot be edited and is assigned by the operating system during startup. Interface name cannot be changed because the hardware drivers define it.
Status – select the status of interface: [enabled/disabled].
Do not disable the interface through which you are connected to the BW1330.
Disabling such interface will lose your connection to the device.
Type – network type cannot be changed. There are two possible networking types:
LAN – interface is used as local area network (LAN) gateway, and is connected to a LAN;
WAN – interface is used to access the ISP network;
Change status or leave in the default state if no editing is necessary and click the continue button.
Then the following parameters can be changed:
Figure 70 – Edit Interface Configuration Settings part.2
IP Address – specify new interface IP address [in digits and dots notation, e.g. 192.168.5.1].
IP address of each interface should be from a different subnet; otherwise, you will receive an error message.
Netmask – specify the subnet mask [[0-255].[0-255].[0-255].[0-255]].These numbers are a binary mask of the IP address, which defines IP address order and the number of IP addresses in the subnet.
BROWAN Page
59
User’s Guide Version 1.0
Gateway – interface gateway. For LAN type interfaces, the gateway can only be defined as WAN interface gateway. The gateway of the WAN interface is usually the gateway router of the ISP or other
WAN network. [Default gateway is marked with ‘*’].
Update – update old values with entered ones.
The DHCP server settings will be automatically adjusted to match the new network settings.
Figure 71 – Apply or Discard Interface Configuration Changes
Apply changes – to save all changes made in the interface configuration table at once.
Discard changes – restore all previous values.
For such general changes as interface settings change, the Wireless PAC server needs to be restarted. Request for restart server appears:
Figure 71 – Restart Server
Reboot – Click the button to restart the server and apply the changes.
Network Interface | Configuration | Bridge
A bridge transparently relays traffic between multiple network interfaces. This means that a bridge connects two or more physical LAN interfaces together to form one bigger (logical) network interface.
There are some restrictions for bridge management that shall be taken into account:
There is special bridge br1 in BW1330 that cannot be removed. This bridge initially contains two interfaces: wlan1_0 and ixp0.
Interfaces (physical, VLAN or GRE tunnel) can be included only in one bridge.
The WAN interface cannot be included into a bridge.
VLAN's cannot be created on bridge interfaces they can only be added to them.
A Bridge cannot be included into another bridge.
By default the enabled bridge (ixp0 and wlan1_0) on br1 interface exists on the system: figure 72 - Default Bridge
To set up bridge on the AC click edit button and enter following parameters: figure73 - setting parameters
BROWAN Page
60
User’s Guide Version 1.0
Ageing – define the Ethernet (MAC) address ageing time, in seconds [0-65535]. The ageing time is the number of seconds a MAC address will be kept in the forwarding database after having received a packet from this MAC address. The entries in the forwarding database are periodically timed out to ensure they won't stay around forever . Default value is 0.
Garbage – specify the interval in seconds between garbage collector runs [0-65535]. Garbage collector periodically checks MAC table for timed out entries and removes them from the table. Default value is 0.
STP –define the STP (Spanning Tree Protocol) status [enabled/disabled].
Priority – define the bridge’s priority [high,medium,low]. Default value is low .
Delay – specify the bridges’ forward delay time in seconds [0-65535]. Delay is the time spent in each of the Listening and Learning states before the Forwarding state is entered . Default value is 0 .
Hello Time – specify the interval between hello packets in seconds [0-65535].
Hello packets are used to communicate information about the topology throughout the entire Bridged LAN . Default value is 0.
Max. Age – specify the maximum bridge message age in seconds [0-65535]. If the last received hello packet is more than this value, the bridge in question will initiate the Root Bridge election procedure.
Default value is 0.
Click continue button to finish the parameters setting and click new button if needs new interfaces adding into bridge. figure – 74 bridge setting
Click new button to add interfaces into bridge and specify the bridge ports (interfaces): figure – 75 add interface
Port (interface) – select the interface name to be bound into bridge .
Cost – specify the port’s path cost on this interface. This value is used in the designated port and root port selection algorithms. Default value is low.
Priority – specify the priority of ports with equal cost. You can use this to control which port gets used when there are redundant paths.
If you want to remove interface from bridge click delete button. e.g remove ixp0 from bridge.
Click delete button on the ixp0 column.
BROWAN Page
61
User’s Guide Version 1.0 figure 76 – remove interface
Click apply changes button and then reboot system to finish the removing. figure 77- apply and reboot
Network Interface | Configuration | VLAN
Up to 4094 VLANs can be created in the system.
Virtual Local Area Networks ( VLANs ) are logical groupings of network resources. You can create your own VLANs on your AC using the network interface | configuration | VLAN menu. By default no
VLANS are defined on the system:
Figure 78 – VLAN
To create a VLAN on the AC click the new button and enter following parameters:
Figure 79 – Create New VLAN
Interface – select interface for your VLAN network. VLANs cannot be created on a bridge.
Status – non-editable, by default is disabled.
ID – assign ID for your VLAN network [1 to 4094]. Client devices that associate using the ID are grouped into this VLAN.
You can not create VLANs which interface includes in bridge such as ixp0.If you want to create VLANs on the interface ixp0 you must separate ixp0 from bridge(br1 interface) via network interface| configuration| Bridge menu. Refer to Chapter 8
Network Interface | Configuration | Bridge
Please note after remove ixp0(LAN) it is DHCP server disabled as default.You will connect BW1330 either via WAN port(fix IP:192.168.2.66) or wlan1_0 wireless connected which DHCP server enabled(ip:192.168.3.x) as default.
Other VLAN settings cannot be changed. Click on the disabled link to continue specifying settings for your VLAN. The network interface configuration page is opened and VLAN settings are ready for editing:
BROWAN Page
62
User’s Guide Version 1.0
Figure 80 – Configure VLAN
Status – enable/disable your VLAN network. Select [enable] and click the continue button to configure the VLAN settings:
Figure 81 – Configure VLAN
Type – cannot be edited, depends on selected interface for VLAN [ixp0].
IP Address – enter the network address of your VLAN [format: digits and dots].
Netmask – enter the netmask for your VLAN network [format: digits and dots].
Gateway – select gateway for VLAN network [default: ixp1].
Click the update and restart and apply changes to save your new VLAN. Check the interface | configuration | VLAN menu for new created VLAN:
Figure 82– Enable New VLAN
Network Interface | Configuration | Route
Under the network interface | configuration | route menu, static routes for the Ethernet interfaces can be set. By default no static routes are defined on the system:
Figure 83 – Route
A routing rule is defined by the target subnet (target IP address and subnet mask), interface and/or gateway where to route the target traffic. A data packet that is directed to the target network is routed to the specified AC interface or to another gateway router. To add a new static route for the system, click the new button under the action column and specify the following parameters:
Figure 84 – Add New Route
If you want to set static routes on the interface ixp0 you must separate ixp0 from bridge
(br1 interface). Refer to Chapter 8 Network Interface | Configuration | Bridge
BROWAN Page
63
User’s Guide
Interface – choose device interface for the route: [br1/ixp0/ixp1/vlan[n]].
Status – set new static route status: [enabled/disabled].
Version 1.0
Gateway – enter the gateway address for the route. 0.0.0.0 stands for the default gateway of the selected interface [IP address].
Target IP Address – enter network address or host IP to be routed to [IP address].
Netmask – enter the target network netmask [dots and digits].
Save – save the new route.
Cancel – restore all previous values.
Figure 85 – Save New Route
Up to 255 static routes can be set between each interface.
Network Interface | Configuration | Port Forwarding
Port Forwarding is required when NAT is configured. NAT translates all internal addresses to one official IP address (WAN IP address). With port forwarding enabled it is possible to access internal services and workstations from the WAN interface.
Port forwarding forwards TCP or UDP traffic trough the BW1330 controller’s local port to the specified remote port. Use the network interface | configuration | port forwarding menu to specify such a port forwarding rule. By default no port forwards are defined on the controller:
Figure 86 – Port Forwarding Rules
Click the new button to add a port-forwarding rule:
Figure 87 – Add Port Forwarding Rule.
Status – select status: [enabled/disabled].
Type – select type of forwarding traffic: [TCP/UDP].
Local IP Address – BW1330 device interface address from which the selected traffic should be forwarded.
Local Port –BW1330 device interface port from which the selected traffic should be forwarded.
Remote IP Address/Port – internal IP address and port no (LAN ports) to which the selected traffic shall be forwarded.
Example:
Create rule as follow:
Type = TCP, local IP address/port = 192.168.2.248:8080 remote IP address/port = 1.2.3.4:8080.
With such a rule all traffic coming to port 8080 on the BW1330 interface local address 192.168.2.248 will be forwarded to port 8080 on the server (host) 1.2.3.4.
BROWAN Page
64
User’s Guide Version 1.0
Port forwarding is limited to 255 rules.
Network Interface | Configuration | DHCP Relay
If BW1330 use DHCP relay on its LAN interface, administrator can designate the DHCP relay server.
Figure 88 – DHCP Relay Server
The default value is “255.255.255.255”, it means BW1330 will broadcast client’s DHCP request to its
WAN interface. Administrator can designate an only server’s IP address.
Network Interface | Configuration | User ACL
User ACL provide high flexibility for administrator to define the rules for BW1330 to filter the packets which will forward or masquerade by it.
Figure 89 – User ACL
To add a new rule, just click the “new” button
Figure 90 – Create a new rule (first step)
First step select the rule policy (drop/accept/masquerade) to deal with packet and the packet type
(all/TCP/UDP/ICMP).Then decide the incoming and outgoing interfaces(any/br1/ixp1).
Figure 91 – Create a new rule (second step)
Second step select the type of source IP and destination IP (special IP/any IP).
Figure 92 – Create a new rule (third step)
Third step choose the type of source port and destination port (any port/special port).
Figure 93 – Create a new rule (fourth step)
Fourth step, fill out the source IP address and destination IP address (including IP address and net mask, if you choose “any IP” in second step, you do not need fill out the IP address); fill out the source port and destination port (if you select any port in third step or select protocol ICMP/all, you do not need fill out the port).
BROWAN Page
65
User’s Guide Version 1.0
Figure 94 – Create a new rule (fifth step)
After complete the rule configuration, click the “apply changes” button to save your configuration,
You can also re-order your rules if you have many rules configured and arrange the priority of them.
The rule with index 1 has the highest priority; with index 2 has the second high priority and so on.
Click the “sort” button to change the index.
Figure 95 – re-order rules
Click the “sort” button of one rule to re-order its priority and then select the index number; click “save” button to save your changes.
Network Interface | Configuration | Management Subnet
Each network interface can have a management subnet . Use the network interface | configuration
| management subnet menu to configure this feature on selected interface.
When management subnet is enabled, port forwarding will NOT WORK when connecting from IP addresses that are in the management subnet's remote administrator's network. This is because the management subnet allows connecting to the client computer without using port forwarding .
The administrator can enable or disable management subnet for each interface. By default no management subnet is enabled on the controller:
Figure 96 – Management Subnet
To specify new subnet management click the edit button on the selected interface:
Figure 97 – Add Management Subnet
IP Address and Netmask – specify the IP address and netmask of the management subnet. IP address will be set on the network interface as an alias, so you can connect to the BW1330 using this address. This IP address should be used on access points as the gateway address.
Remote Network and Netmask –specify the remote network that is allowed to access the local management subnet. Only addresses that are from the remote network will be accepted [dots and digits].
If you do not specify any remote network all stations with IP addresses from the management LAN are routed to the WAN port even without being authenticated.
BROWAN Page
66
User’s Guide Version 1.0
Clients using an IP address from the management subnet can browse the Internet without authorization, and no accounting will be done. Thus, it is strongly recommended to allow traffic only from the administrative remote network (no 0.0.0.0/0.0.0.0 in remote specification).
Example:
Interface configuration for ixp0: type: LAN
IP address: netmask:
192.168.3.1
255.255.255.0 gateway:
Management subnet on ixp0: ixp1
IP address: netmask:
10.0.0.1
255.255.255.0 remote network: 10.10.0.1 remote netmask: 255.255.255.0
With these settings applied, the administrator will be able to connect to devices behind the BW1330 on interface ixp0, if these devices use address in the range: 10.0.0.2 ... 10.0.0.254. The administrator is connecting via the Internet (from ixp1 interface).
The administrator’s computer can have an address from 10.10.0.1 to 10.10.0.254.
Please note that devices which are using 10.0.0.2. – 10.0.0.254 addresses have access to the administrative network too!
In this example, the administrative network uses the reserved IP address (10.x.x.x) – they are not routed in the Internet, so the administrator should setup routers in a path between the BW1330 and the administrator's computer to recognize 10.x.x.x addresses and route them correctly. This is not comfortable and sometimes it is impossible. There is a solution – the administrator can use GRE tunnel(see: Network Interface | Tunnels ) to setup a tunnel between the administrator's computer and the BW1330. The only addresses visible on the Internet will be the BW1330 WAN IP address and the administrator's computer (or router) IP address.
Network Interface | DNS
DNS (Domain Name Service) service allows AC subscribers to enter URLs instead of IP addresses into their browser to reach the desired web site.
Figure 98 –- DNS Settings Configuration
You can enter the primary and secondary DNS servers settings under the network interface | DNS menu.
Figure 99–Edit DNS Redirection Settings
The DNS server or DNS address can be obtained dynamically if DHCP, PPPoE (for DSL) service is enabled. To add DNS server manually click the edit button in the action column and type in the DNS server’s IP address:
IP address – enter the primary or secondary DNS server’s IP address [in digits and dots notation].
Save – click to save the new DNS server’s settings.
BROWAN Page
67
User’s Guide
Network Interface | DHCP
Version 1.0
The BW1330 controller can act as a DHCP server and/or as a DHCP relay gateway . The DHCP
(Dynamic Host Configuration Protocol ) service is supported on the LAN interfaces [ixp0/vlan[n]]. This service enables clients on the LAN to request configuration information, such as an IP address, from a server. This service can be viewed in the following table:
Figure 100 – DHCP Configuration
By default the AC is configured to act as a DHCP server .
Each LAN interface runs a different instance of the DHCP service. This service is configured by defining an IP address range and WINS address for client workstations. Other settings, such as the default gateway and DNS server address are configured automatically according to the interface settings.
To see the complete DHCP service configuration, click the details button in the action column:
Figure 101 – DHCP Settings Details
To edit the DHCP service configuration [DHCP server/DHCP relay], click the edit button in the action column:
Figure 102 – Edit DHCP Configuration Settings
Status – select status from drop-down menu:
Disabled – disable the DHCP service on the selected interface
DHCP Server – enabled by default
DHCP Relay – to route DHCP through the external server, enable relay service
Case 1 Configure the DHCP server
Select the interface on which you want to configure the DHCP service. Select the DHCP server and click the update button specify the DHCP server parameters:
BROWAN Page
68
advertisement
Related manuals
advertisement