4IPNET MSG100 User Manual

4ipnet MSG100

User’s Manual

V1.00

The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission of 4IPNET, INC.

Disclaimer

4IPNET, INC. does not assume any liability arising out the application or use of any products, or software described herein. Neither does it convey any license under its parent rights not the parent rights of others. 4IPNET further reserves the right to make changes in any products described herein without notice. The publication is subject to change without notice.

Trademarks

4IPNET (4ipnet) is a registered trademark of 4IPNET, INC. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

FCC CAUTION

This equipment has been tested and proven to comply with the limits for a class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

---Reorient or relocate the receiving antenna.

---Increase the separation between the equipment and receiver.

---Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

---Consult the dealer or an experienced radio/TV technician for help.

4ipnet

MSG

100

User’s Manual

Table of Contents

1. Introduction................................................................................................................................................3

1.1 Introduction of MSG100..............................................................................................................3

1.2 System Concept..........................................................................................................................3

1.3 Document Conventions...............................................................................................................4

2. System Overview.......................................................................................................................................5

2.1 Package Contents.......................................................................................................................5

2.2 Specification................................................................................................................................5

2.2.1 Hardware Specification.......................................................................................................5

2.2.2 Technical Specification........................................................................................................6

3. Installation..................................................................................................................................................8

3.1 Panel Function Description.........................................................................................................8

3.2 Hardware Installation...................................................................................................................9

3.3 Software Configuration..............................................................................................................10

3.3.1 Instruction of Web Management Interface........................................................................10

3.3.2 Setup Wizard.....................................................................................................................13

3.3.3 User Login Portal Page.....................................................................................................16

4. Web Interface Configuration...................................................................................................................17

4.1 System Configuration................................................................................................................18

4.1 System.......................................................................................................................................18

4.1.1 General..............................................................................................................................18

4.1.2 WAN1................................................................................................................................21

4.1.3 WAN2................................................................................................................................23

4.1.4 WAN Traffic.......................................................................................................................24

4.1.5 LAN Port Mapping.............................................................................................................26

4.1.6 Service Zone.....................................................................................................................28

4.2 Users.........................................................................................................................................37

4.2.1 Authentication....................................................................................................................37

4.2.1.1 Local Authentication Database.........................................................................................38

4.2.1.2 POP3 Authentication Database........................................................................................43

4.2.1.3 RADIUS Authentication Database....................................................................................44

4.2.1.4 LDAP Authentication Database.........................................................................................46

4.2.1.5 NT Domain Authentication Database................................................................................48

4.2.1.6 ONDEMAND Authentication Database.............................................................................49

4.2.1.7 SIP Authentication.............................................................................................................51

4.2.2 Black List...........................................................................................................................53

4.2.3 Group.................................................................................................................................54

4ipnet

MSG

100

User’s Manual

4.2.4 Policy.................................................................................................................................57

4.2.5 Additional Control..............................................................................................................60

4.3 Network......................................................................................................................................63

4.3.1 NAT....................................................................................................................................63

4.3.2 Privilege List......................................................................................................................65

4.3.3 Monitor IP..........................................................................................................................66

4.3.4 Walled Garden..................................................................................................................67

4.3.5 Proxy Server......................................................................................................................68

4.3.6 DDNS................................................................................................................................69

4.3.7 Client Mobility....................................................................................................................69

4.3.8 VPN...................................................................................................................................70

4.4 Utilities.......................................................................................................................................74

4.4.1 Password Change.............................................................................................................74

4.4.2 Backup & Restore.............................................................................................................75

4.4.3 System Upgrade...............................................................................................................76

4.4.4 Restart...............................................................................................................................76

4.4.5 Network Utilities.................................................................................................................77

4.5 Status.........................................................................................................................................79

4.5.1 System..............................................................................................................................79

4.5.2 Interface............................................................................................................................81

4.5.3 Routing Table....................................................................................................................83

4.5.4 Online Users......................................................................................................................84

4.5.5 User Logs..........................................................................................................................85

4.5.6 E-mail & SYSLOG.............................................................................................................87

4.6 Help...........................................................................................................................................89

Appendix A. Network Configuration on PC..................................................................................................90

1. Internet Connection Setup.................................................................................................................90

2. TCP/IP Network Setup.......................................................................................................................92

Appendix B. Port-based Service Zone Deployment Example....................................................................95

Appendix C. Tag-based Service Zone Deployment Example...................................................................100

Appendix D. Certificate Setting for IE7 and IE6.........................................................................................104

Appendix E. DHCP Replay............................................................................................................................112

Appendix F. Proxy Setting for Enterprise...................................................................................................114

Appendix G. IPSec VPN................................................................................................................................119

Appendix H. Console Interface....................................................................................................................123

Appendix I. Session Limit and Session Log.............................................................................................126

4ipnet

MSG

100

User’s Manual

1. Introduction

1.1 Introduction of MSG100

The 4ipnet MSG100 Multi-service Wireless Office Gateway is a “ network-service-in-a-box” business gateway that that provides remote, centralized management of data and voice services for small and branch offices and teleworkers. The compact, multi-functional networking appliance concurrently provides advanced services, including network segmentation, user authentication, role-based access control, and instant account provisioning for visitors. Moreover, it provides VPN, secure WLAN, individual user bandwidth management, WAN failover and load balancing for small businesses. Easy deployment and remote management features enable MSG100 to be deployed in places with limited IT resource.

This manual is intended for system integrators, field engineers and network administrators to set up MSG100 in their network environments. It contains step-by-step procedures and graphic examples to guide MIS staff or individuals with basic network system knowledge to complete the installation.

1.2 System Concept

In a Small and Mid-size Business (SMB) network environment, devices such as switches, hubs, and access points are commonly used, and Internet connection is usually via an ADSL or a cable modem. MSG100 uses virtual LAN (VLAN) technology to partition one physical network under its control into five logical virtual networks, called Service Zones, including one untagged zone and four tagged zones. The untagged zone is also referred as the Default Service Zone in this system, which is always enabled. On the other hand, the other four tagged zones can be enabled or disabled respectively. By default, port-based configuration is used and all of the four physical LAN ports are set to use the Default Service Zone.

The figure below demonstrates an example of the SMB network deployed with MSG100. Both LAN and WLAN of the system can be secured by IPSec VPN. MSG100 will actively establish VPN tunnels while the selected users are logging in. Not only the traffic within the office network will be protected by IPSec VPN, this VPN module can be configured to support site-to-site IPSec VPN tunnels across remote branch offices. The same clientless VPN setup implementation can also be extended to remote users in accessing office network from public Internet via PPTP VPN tunnels. Once the remote client-to-site PPTP VPN tunnels are established, traveling employees can connect back to the office network via reliable, secure connections using their portable devices.

4ipnet

MSG

100

User’s Manual

1.3 Document Conventions

8 Note:

Represents essential steps, actions, or messages that should not be ignored.

Contains related information that corresponds to a topic.

Indicates that clicking this button will return to the system Homepage.

Logout the system.

Access Online Help interface.

Indicates that clicking this button will apply all of your settings.

Indicates that clicking this button will clear what you have set before the settings are applied.

The red asterisk indicates that information in this field is compulsory.

Screen captures and pictures used in this manual may be displayed in part or in whole, and may vary or differ slightly from the actual product, depending on versioning and menu accessed.

4ipnet

MSG

100

User’s Manual

2. System Overview

2.1 Package Contents

The standard package of MSG100 includes:

Ÿ MSG100 x 1 Ÿ Quick Installation Guide (QIG) x 1 Ÿ CD-ROM (with User’s Manual and QIG) x 1 Ÿ Power Cord x 1 Ÿ Power Adapter (12DC, 2A) x 1 Ÿ Cross-over Ethernet RJ-45 Cable x 1 Ÿ RS-232 DB9 Console Cable x 1

It is recommended to keep the original packing material for possible future shipment when repair or maintenance is required. Any returned product should be packed in its original packaging to prevent damage during delivery.

2.2 Specification

2.2.1 Hardware Specification

General

† Form Factor: Mini book † Dimensions (W x D x H): 11.8" x 6.1" x 1.7" (300 mm x 155 mm x 43 mm) † Weight: 2.5 lbs (1.15 kg) † Operating Temperature: 0 ~ 40 oC † Storage Temperature: -20 ~ 65 oC † Power Adapter: 100~240 VAC, 50/60 Hz † Built-in real-time clock

Connectors & Display

† WAN Ports: 2 x 10BASE-T/100BASE-TX RJ-45 † LAN Ports: 4 x 10BASE-T/100BASE-TX RJ-45 † Console Port: 1 x RS-232 DB9 † LED indicators: 1 x Power, 1 x Status, 2 x WAN, 4 x LAN

4ipnet

MSG

100

User’s Manual

2.2.2 Technical Specification

Networking

† Support Router, NAT mode † Support Static IP, DHCP, PPPoE mode on WAN interfaces and PPTP (WAN 1 only) † Controllable LAN ports requiring authentication † Support IP Plug and Play (IP PnP) † Built-in DHCP server and support for DHCP relay † Support NAT:

(1) IP/Port Destination Redirection (2) DMZ Server Mapping (3) Virtual Server Mapping (4) H.323 Pass-Through (5) SIP Pass-Through

† Support static route † Support Wake on LAN, Web-based utilities (Ping, Trace Route and ARP) and Dynamic DNS † Walled Garden (free surfing zone): 20 † Support MAC Address Pass-Through † HTTP Proxy Servers: 10 † WAN failover and local balancing on dual WANs † Support multiple Service Zones in Port-based or Tag-based mode

Security

† Local VPN tunnels to enhance wireless security: 50 † Client-to-stie remote VPN of PPTP over public Internet: 10 † Site-to-site VPN tunnels over public Internet: 3 † Support VPN Pass-Through (IPSec and PPTP) † Support built-in DoS attack protection † Support MAC Access Control List † Support user Black List: 5 lists x 40 sets † Allows MAC address and user identity binding for local user authentication † Support QoS and WMM

User Management

† Simultaneous support for multiple authentication methods (Local, POP3(S), LDAP, RADIUS, NT

Domain, on-demand and SIP)

† Role-based access control (including Firewall policies, Specific route, Login Schedule, and Bandwidth

management)

† Support time-based firewall † User Session Management:

(1) SSL protected login portal page (2) Support multiple logins with one single account (3) Session idle timer

4ipnet

MSG

100

User’s Manual

(4) Session/account expiration control (5) Email message with a hyperlink and login reminder for accessing login page (6) Windows domain transparent login (7) Configurable login time frame

† Instant account (200 accounts) generation for guests by authorized users without IT’s intervention † User account roaming support † Support local account Grouping to classify users

System Administration

† Multi-lingual, web-based management UI † Customizable login and logout portal pages † SSH remote management † Remote firmware upgrade † NTP time synchronization † Console management interface support (CLI) † Backup and restore of system configuration † SNMP v2 support

Monitoring and Reporting

† Status monitoring of on-line users † Monitoring of IP-based network devices † WAN connection detection and failure alert message † Support SYSLOG for diagnosing, troubleshooting and logging † User traffic session log † Traffic history report in an automatic email to administrator † Support RADIUS accounting † Notification email of status monitoring and reporting

4ipnet

MSG

100

User’s Manual

3. Installation

3.1 Panel Function Description

Front Panel

1. Power： ON indicates the power on, and OFF indicates the power off.

2. Status： Power and Status both ON indicate system ready, OFF indicates BIOS running, and BLINKING indicates OS running.

3. WAN： ON indicates connection, OFF indicates no connection, and BLINKING indicates data transmitting.

4. LAN： ON indicates connection, OFF indicates no connection, and BLINKING indicates data transmitting.

Rear Panel

1. Power： Attach the power adaptor here.

2. Reset：

• Press and hold the Reset button for about 5 seconds and the LED status indicator on the front panel will start to blink before restarting the system.

• Press and hold the Reset button for more than 10 seconds and the LED status indicator on the front panel will start to speed up blinking before resetting the system to default configuration.

3. WAN：

• For connecting to external networks which are not managed by MSG100 via ADSL or Cable Modem, or connecting to a certain LAN of an organization via Switch or Hub.

4. LAN：

• For connecting to the networks managed by MSG100, such as client networking devices.

• MSG100 supports Service Zone function including Port-Based mode and Tag-Based mode. Under

Tag-Based mode, Service Zones are distinguished by VLAN tagging instead of physical LAN ports, and vise versa. By default, the system is in Port-Based mode and all LAN ports are set to the default Service Zone.

5. Console： For displaying text data on an extended monitor via a RS-232 DB9 cable.

4ipnet

MSG

100

User’s Manual

3.2 Hardware Installation

Please follow the steps mentioned below to install the hardware of MSG100.

1. Connect the power adapter to the power socket on the rear panel. The Power LED on the front panel should be ON to indicate a proper connection.

2. Connect an Ethernet cable to WAN1 Port on the rear panel. Per your needs, connect the other end of the cable to a networking device such as ADSL modem, cable modem, switch or hub. The WAN1 LED indicator should be ON to indicate a proper connection.

3. Connect an Ethernet cable to any LAN Port on the rear panel. Connect the other end of the cable to a PC for configuring the MSG100 system. The LED indicator should be ON to indicate a proper connection.

• Please only use the power adapter supplied with the MSG100 package. Using a different power adapter may damage this system.

• To double verify the wired connection between MSG100 and your switch/router/hub, please also check the LED status indication of these network devices.

4ipnet

MSG

100

User’s Manual

3.3 Software Configuration

3.3.1 Instruction of Web Management Interface

4ipnet MSG100 supports web-based configuration. Upon the completion of hardware installation, MSG100 can be configured through a PC by using its web browser with JavaScript enabled such as Internet Explorer version 6.0.

Step 1:

Set DHCP in TCP/IP of the administrator PC to get an IP address dynamically. Connect the PC to any LAN Port of MSG100. An IP address will be assigned to the PC automatically via the MSG100 built-in DHCP server.

Step 2:

Launch a web browser to access the web management interface of MSG100 by entering “ https://192.168.1.254” (“ https” is used for a secured connection) or “ http://192.168.1.254” in the address field.

Step 3:

The following Administrator Login Page will then appear. Enter “ admin” (the default value) in the Username and Password fields, and then click Login to log in.

If you are unable to get to the login screen, please check the IP address used. The IP address should

8 Note:

be in the same subnet of the default gateway. For using static IP in TCP/IP setting, set a static IP address such as 192.168.1.x for your network interface, and then open a new browser again.

4ipnet

MSG

100

User’s Manual

Step 4: After a successful login, a “Home” page with four links called Setup Wizard, Quick Links, System Overview, and Main Menu will appear.

Ø Setup Wizard: provides a four-step quick configuration of the system. Please refer to Section 3.2.2. Quick

Configuration for more information.

Ø Quick Links: provides 8 links for the administrator to access frequently used pages of the web management

interface directly, which are System Status, Local User Management, Policy Management, Privilege List,

Online User List, Guest Account Management, Authentication Configuration, and Firmware Management.

4ipnet

MSG

100

User’s Manual

Ø System Overview: provides an overview of the system status for the administrator. Certain hyperlinks of

associated configuration pages are provided in this page for the administrator to access directly.

Ø Main Menu: provides detailed configuration pages for administrators to configure the system manually.

Please refer to Section 4. Main Menu for more information.

8 Note:

Quick Links and System Overview are not accessible until the system is configured via Setup Wizard.

4ipnet

MSG

100

User’s Manual

3.3.2 Setup Wizard

MSG100 provides a Setup Wizard for quick configuration. The Configuration Wizard comprises of four basic steps. Follow the instructions of Configuration Wizard to enter the required information step by step, save your settings, and restart MSG100. Then, the system is ready to use. The four steps of Configuration Wizard are listed below:

Step I. General Step 2. WAN1 Interface Step 3. Local User Account (Optional) Step 4. Confirm and Restart

Please follow the steps below to complete the Setup Wizard configuration.

Step 1: General

• Click the Setup Wizard in the Home page to start the configuration process.

• Enter a new password in the New Password field, and re-enter it again in the Verify Password field (a maximum

of 20 characters and no spaces allowed in between).

• Select an appropriate time zone from the Time Zone drop-down list box to set up the system time.

• Click Next to continue.

For security concern, it is strongly recommended to change the administrator's password.

4ipnet

MSG

100

User’s Manual

Step 2: WAN1 Interface and Wireless

• Select a proper type of Internet connection for WAN1 interface from the following three available connections:

Static, Dynamic, or PPPoE. Your ISP or network administrator can advise on the connection type available to you. Below depicts an example for Dynamic.

• Click Next to continue.

Step 3: Local User Account (Optional)

New local accounts can be created and added into the database via this optional function. If local user accounts are not required, click Skip to go directly to Step 4. However, it is recommended to create at least one local user account in order to verify the system‘s readiness upon completion of this Setup Wizard.

• Enter the Username (e.g. “ testuser” ) and Password (e.g. “ testuser” ) to create a new local account.

• Click Next to continue.

• More local accounts can be added by clicking the Back button in Step 4.

Step 4: Confirm and Restart

• Click Finish to save current settings and restart the system.

4ipnet

MSG

100

User’s Manual

• A confirmation dialog box will then appear. Click OK to continue.

• A Confirm and Restart message will appear on the screen during the restarting process. Please do not

interrupt the system until the Administrator Login Page appears.

8 Note:

The system is trying to locate a DNS server at this stage. Therefore, a longer startup time is required if the configured DNS cannot be found.

• When the following Administrator Login Page appears, it means the restart process is now completed.

4ipnet

MSG

100

User’s Manual

3.3.3 User Login Portal Page

In order to be granted network access via MSG100’s controlled port, a user must be authenticated first by entering a correct username and password on the User Login Portal Page. To verify whether the configuration of the new local user account(s) created via the Setup Wizard has been completed successfully:

1. Connect a client device (e.g. laptop, PC) to the LAN1 Port of MSG100. The device will obtain an IP address automatically via DHCP.

2. Open a web browser on a client device, access any URL, and then the default User Login Page will appear.

3. Enter the Username and Password of a local user account previously generated via Setup Wizard (e.g. “ test@local” as the Username and “ test” as the Password); then Click Login

1. MSG100 supports multiple authentication options including built-in local user database and external authentication database (e.g. RADIUS). The system will automatically identify which authentication option is used from the full username entered.

8 Note:

2. The format of a full (valid) username is userid@postfix, where “ userid” is the user ID and “ postfix” is the name of the selected authentication option.

3. Exception: The postfix can be omitted only when the default authentication option is used. For example, “ LOCAL” is the default authentication option at this system; therefore, you may enter either “ test” or “ test@local” in the Username field.

Congratulation!

The Login Success Page will appear after a client has successfully logged into MSG100 and has been authenticated by the system. The appearance of Login Success Page means that MSG100 has been installed and configured properly.

4ipnet

MSG

100

User’s Manual

4. Web Interface Configuration

This chapter will guide you through further detailed settings. The following table shows all the UI functions of MSG100.

OPTION System Users Network Utilities Status

FUNCTION

General Authentication

WAN 1 Black List Privilege Backup & Restore WAN 2 Group Monitor IP System Upgrade Routing Table

WAN Traffic Policy Walled Garden

LAN Port

Mapping

Additional

Control

Service Zones DDNS E-mail & SYSLOG

Client Mobility

VPN

NAT Password Change

System

Interface

Restart Online Users

Proxy Server Network Utilities User Logs

8 Note:

• Click Apply to allow the changes you made on the current page to take effect immediately.

• Sometimes the system may require a restart after clicking Apply. When a restart message

appears, the system must be restarted for the settings to take effect. Restart can be done till all configurations are completed.

• All on-line users will be disconnected during restart.

4ipnet

MSG

100

User’s Manual

4.1 System Configuration

4.1 System

This section includes the following functions: General, WAN1, WAN2, WAN Traffic, LAN Port Mapping, and Service Zones.

4.1.1 General

Main information about MSG100 is shown on this page, including System Name, Internal Domain Name, Homepage Redirect URL, User Log Access IP Address, Management IP Address List, SNMP, HTTPS Protected Login, and Network Time Protocol (NTP) Server.

4ipnet

MSG

100

User’s Manual

Ÿ System Name: Set the name of the system or use the default. Ÿ Internal Domain Name: A fully qualified domain name (FQDN) of the system. The domain name entered here

will be shown at the top left of the Login Success page. In addition, when HTTPS is enabled, entering the domain name of the uploaded certificate will not only change the URL of the User Login page, but also increase login speed. For example, if the Internal Domain Name is configured as “ ashop.com” , the URL of the User Login page will be https://ashop.com/loginpages/login.shtml.

Ÿ Homepage Redirect URL: Enter the URL of a Web server as the homepage. When Local VPN is disabled at

this system, after a successful login, users will be directed to this homepage, such as http://www.google.com, regardless of the original homepage set in their computers.

Ÿ User Log Access IP Address: Specify the IP address of an external billing system to access the system's user

logs. Only the specified billing system can directly access the system's user logs in text format via a Web browser. For example, if the access interface of MSG100 is “10.30.1.213” , the user logs can be found in following URLs.

n Traffic History： https://10.2.3.213/status/history/2007-07-17

n On-demand History： https://10.2.3.213/status/ondemand_history/2007-07-17

Ÿ Management IP Address List: Set the IP range where the web management interface of MSG100 can be

connected via its WAN and/or LAN ports. For example, “192.168.1.0/24” means that as long as you are within the IP range between 192.168.1.0 and 192.168.1.255, you can reach the management interface.

Ÿ SNMP: MSG100 supports SNMPv2. If this function is enabled, the specified SNMP server can access the

Management Information Base (MIB) of the system.

4ipnet

MSG

100

User’s Manual

Ÿ HTTPS Protected Login: The system supports HTTPS (encrypted) and HTTP (non-encrypted) for clients to

log into the system. When this function is enabled, the Secured Socket Layer (SSL) will be activated and implemented into the Web-based user login page.

Ÿ Time: The system time can be set up manually or synchronized with remote NTP (Network Time Protocol)

servers. It supports up to five NTP servers. When NTP is enabled, the information of at least one NTP server must be provided.

The system time can also be set up manually by selecting Manually set up. Then select the date and time from the drop-down list box.

4ipnet

MSG

100

User’s Manual

4.1.2 WAN1

There are 4 connection types supported on the WAN1 Port: Static, Dynamic, PPPoE and PPTP.

Ÿ Static (Use the following IP Settings): Select this option to specify a static IP address for the WAN1 port

manually when a static IP address is available for MSG100. The fields with red asterisk are required.

Ø IP Address: The IP address of the WAN1 port. Ø Subnet Mask: The subnet mask of the WAN1 port. Ø Default Gateway: The gateway of the WAN1 port. Ø Preferred DNS Server: The primary DNS Server of the WAN1 port. Ø Alternate DNS Server: The substitute DNS Server of the WAN1 port. This is optional.

Ÿ Dynamic (IP settings assigned automatically): This option can be selected when there is a DHCP server

located on the network that MSG100 is connected to. Click Renew to get an IP address automatically.

4ipnet

MSG

100

User’s Manual

Ÿ PPPoE: Select this option when PPPoE is the connection protocol provided by your ISP.

To properly configure PPPoE connection type, set the Username, Password, MTU and Clamp MSS. When Dial on Demand is enabled, the Maximum Idle Time field is required to be filled in. The system will disconnect itself from the Internet automatically when the Maximum Idle Time is reached.

Ÿ PPTP: Select this option when PPTP is the connection protocol provided by your ISP.

When Dial on Demand is enabled, the Maximum Idle Time field is required to be filled in. The system will disconnect itself from the Internet automatically when the Maximum Idle Time is reached. There are two connection types available, Static or DHCP.

Ø Static: Select Static to specify the IP address of the PPTP Client manually.

Ø DHCP: Select DHCP to get the IP address automatically..

4ipnet

MSG

100

User’s Manual

4.1.3 WAN2

WAN2 can be disabled when selecting None. When WAN2 Port is enabled, it supports 3 connection types: Static, Dynamic and PPPoE.

Ÿ None: The WAN2 Port is disabled. Ÿ Static (Use the following IP Settings): Select this option to specify a static IP address for the WAN2 port

manually when a static IP address is available for MSG100. The fields with red asterisk are required.

Ÿ Dynamic (IP settings assigned automatically): This option can be selected when there is a DHCP server

located on the network that MSG100 is connected to. Click Renew to get an IP address automatically.

Ÿ PPPoE: Select this option when PPPoE is the connection protocol provided by your ISP.

4ipnet

MSG

100

User’s Manual

4.1.4 WAN Traffic

MSG100 supports uplink/downlink bandwidth management features, including Load Balancing and WAN Failover, and Connection Detection.

• Available Bandwidth on WAN Interface: Ø Uplink Bandwidth: The maximum uplink bandwidth of the WAN interface to be shared by clients. The

same setting will be applied to WAN1 and WAN2.

Ø Downlink Bandwidth: The maximum downlink bandwidth of the WAN interface to be shared by clients.

The same setting will be applied to WAN1 and WAN2.

• WAN Failover & Connection Detection: MSG100 supports WAN Failover, Load Balancing and the ability to detect WAN connection. Ø Target for detecting Internet connection: Enter the IP address or domain name of up to three targets to

which the system will send packets for detecting Internet connection status. If there is a problem in the connection in the WAN port, and the specified IP address(es) or domain name(s) cannot be reached, there will be a warning message appearing on clients’ screens. To enable WAN Failover, at least one target must be configured.

Ø Enable Load Balancing: MSG100 supports outbound load balancing. Select to enable the system’s Load

Balancing function. The system will distribute traffics to WAN1 and WAN2 based on the weight ratio assigned; the weight ratio can be based on Sessions, Packets or Bytes. When this function is enabled, the WAN Failover check box will disappear because WAN Failover is covered by Load Balancing.

o WAN1 Weight: Enter a value ranging from 1~99. The default value is 50. o Base: Three Base types can be selected from: Sessions, Packets or Bytes. Packets and Bytes are

based on historic downlink data. New connection sessions will be distributed between WAN1 and WAN2 based on the Base selected and WAN1 Weight set.

4ipnet

MSG

100

User’s Manual

Ø Enable WAN Failover: Select to enable the WAN Failover function to ensure continuous uptime for

Internet connection. Furthermore, select “Fall back to WAN1 when WAN1 is available again” to allow the traffic goes back to WAN1 when WAN1 becomes active again after a disconnection.

Ø Warning of Internet Disconnection: MSG100 supports Internet disconnection detection feature. When

this function is enabled, a text box will appear for the administrator to enter a warning message. This warning message will appear on clients' screens when Internet connection is down.

4ipnet

MSG

100

User’s Manual

4.1.5 LAN Port Mapping

MSG100 supports multiple Service Zones in either of the two VLAN modes, Port-Based or Tag-Based, but not concurrently. In Port-Base mode, each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports. In Tag-Based mode, each LAN port can serve traffic from any Service Zone as each Service Zone is identified by VLAN tags carried within message frames. By default, the system is in Port-Based mode with Service Zone 1 (Default Service Zone) enabled and all LAN ports are mapped to Default Service Zone. Compare two figures below to see the differences.

【 Port-Based】【 Tag-Based】

It is recommended that the administrator decides which mode is better for a multiple-service-zone deployment before proceeding further with the system configuration. Settings for the two VLAN modes are slightly different, for example, the VLAN Tag setting is required for Tag-Based mode.

• Select the mode for Service Zone: Select a VLAN mode, either Port-Based or Tag-Based.

8 Note:

The switches deployed under MSG100 in Port-Based mode must be Layer 2 switches only. The switch deployed under MSG100 in Tag-Based mode must be a VLAN switch only.

4ipnet

MSG

100

User’s Manual

Ø Port-Based: When Port-Based mode is selected, traffic from different virtual Service Zones will be

distinguished by physical LAN ports. Each LAN port can be mapped to a Service Zone in the form of a many-to-one mapping between ports and Service Zones. o Specify a desired Service Zone for each LAN Port: For each LAN port, select a Service Zone to

which the LAN port is to be mapped from the drop-down list box. By factory default, all LAN ports are mapped to Default Service Zone; therefore, the administrator can enter the web management interface via any LAN port upon the first power up of the system. From the drop-down list box, all disabled Service Zones are gray-out; to activate any desired Service Zone, please configure the desired Service Zone under the Service Zone tab and enable its Service Zone Status (refer to Section 4.1.6. Service Zones).

Ø Tag-Based: When the Tag-Based mode is selected, traffic from different virtual Service Zones will be

distinguished by VLAN tagging, instead of by physical LAN ports. Select Tag-Based and then click Apply to activate the Tag-Based VLAN function. When a restart message screen appears, do NOT restart the system until you have completed the configuration under the Service Zones tab first. For more information on enabling Tag-Based VLAN and configuring Service Zones, please refer to Appendix B. Service Zone – Deployment Example.

+ 100 hidden pages

4IPNET MSG100 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual