4IPNET MSG100G001 Manual

Loading...

4ipnet MSG100

User’s Manual

V1.00

Copyright Notice

The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission of 4IPNET, INC.

Disclaimer

4IPNET, INC. does not assume any liability arising out the application or use of any products, or software described herein. Neither does it convey any license under its parent rights not the parent rights of others. 4IPNET further reserves the right to make changes in any products described herein without notice. The publication is subject to change without notice.

Trademarks

4IPNET (4ipnet) is a registered trademark of 4IPNET, INC. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

FCC CAUTION

This equipment has been tested and proven to comply with the limits for a class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

---Reorient or relocate the receiving antenna.

---Increase the separation between the equipment and receiver.

---Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

---Consult the dealer or an experienced radio/TV technician for help.

 

 

 

 

4ipnet MSG100 User’s Manual

 

 

 

Table of Contents

 

1.

Introduction

................................................................................................................................................

3

 

1.1

Introduction ..............................................................................................................of MSG100

3

 

1.2

System ..........................................................................................................................Concept

3

 

1.3

Document ...............................................................................................................Conventions

4

2.

System Overview .......................................................................................................................................

5

 

2.1

Package .......................................................................................................................Contents

5

 

2.2

Specification ................................................................................................................................

5

 

2.2.1

.......................................................................................................

Hardware Specification

5

 

2.2.2

........................................................................................................

Technical Specification

6

3.

Installation ..................................................................................................................................................

 

8

 

3.1

Panel .........................................................................................................Function Description

8

 

3.2

Hardware ...................................................................................................................Installation

9

 

3.3

Software ..............................................................................................................Configuration

10

 

3.3.1

........................................................................

Instruction of Web Management Interface

10

 

3.3.2

.....................................................................................................................

Setup Wizard

13

 

3.3.3

.....................................................................................................

User Login Portal Page

16

4.

Web Interface ...................................................................................................................Configuration

17

 

4.1

System ................................................................................................................Configuration

18

 

4.1

System.......................................................................................................................................

18

 

4.1.1

..............................................................................................................................

General

18

 

4.1.2

................................................................................................................................

WAN1

21

 

4.1.3

................................................................................................................................

WAN2

23

 

4.1.4

.......................................................................................................................

WAN Traffic

24

 

4.1.5

.............................................................................................................

LAN Port Mapping

26

 

4.1.6

.....................................................................................................................

Service Zone

28

 

4.2

Users .........................................................................................................................................

37

 

4.2.1

....................................................................................................................

Authentication

37

 

4.2.1.1 .........................................................................................

Local Authentication Database

38

 

4.2.1.2 ........................................................................................

POP3 Authentication Database

43

 

4.2.1.3 ....................................................................................

RADIUS Authentication Database

44

 

4.2.1.4 .........................................................................................

LDAP Authentication Database

46

 

4.2.1.5 ................................................................................

NT Domain Authentication Database

48

 

4.2.1.6 .............................................................................

ONDEMAND Authentication Database

49

 

4.2.1.7 .............................................................................................................

SIP Authentication

51

 

4.2.2

...........................................................................................................................

Black List

53

 

4.2.3

.................................................................................................................................

Group

54

i

© 2008 4IPNET, INC.

 

 

 

4ipnet MSG100 User’s Manual

 

4.2.4

Policy.................................................................................................................................

57

 

4.2.5

Additional Control..............................................................................................................

60

4.3

 

Network......................................................................................................................................

63

 

4.3.1

NAT....................................................................................................................................

63

 

4.3.2

Privilege List......................................................................................................................

65

 

4.3.3

Monitor IP ..........................................................................................................................

66

 

4.3.4

Walled Garden ..................................................................................................................

67

 

4.3.5

Proxy Server......................................................................................................................

68

 

4.3.6

DDNS ................................................................................................................................

69

 

4.3.7

Client Mobility....................................................................................................................

69

 

4.3.8

VPN ...................................................................................................................................

70

4.4

 

Utilities .......................................................................................................................................

74

 

4.4.1

Password Change.............................................................................................................

74

 

4.4.2

Backup & Restore .............................................................................................................

75

 

4.4.3

System Upgrade ...............................................................................................................

76

 

4.4.4

Restart...............................................................................................................................

76

 

4.4.5

Network Utilities.................................................................................................................

77

4.5

 

Status.........................................................................................................................................

79

 

4.5.1

System ..............................................................................................................................

79

 

4.5.2

Interface ............................................................................................................................

81

 

4.5.3

Routing Table ....................................................................................................................

83

 

4.5.4

Online Users......................................................................................................................

84

 

4.5.5

User Logs ..........................................................................................................................

85

 

4.5.6

E-mail & SYSLOG.............................................................................................................

87

4.6

 

Help ...........................................................................................................................................

89

Appendix A. Network Configuration on PC ..................................................................................................

90

1.

Internet Connection Setup.................................................................................................................

90

2.

TCP/IP Network Setup.......................................................................................................................

92

Appendix B. Port-based Service Zone Deployment Example ....................................................................

95

Appendix C. Tag-based Service Zone Deployment Example ...................................................................

100

Appendix D. Certificate Setting for IE7 and IE6 .........................................................................................

104

Appendix E. DHCP Replay............................................................................................................................

112

Appendix F. Proxy Setting for Enterprise ...................................................................................................

114

Appendix G. IPSec VPN ................................................................................................................................

119

Appendix H. Console Interface ....................................................................................................................

123

Appendix I. Session Limit and Session Log .............................................................................................

126

ii

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

1. Introduction

1.1 Introduction of MSG100

The 4ipnet MSG100 Multi-service Wireless Office Gateway is a “network-service-in-a-box” business gateway that that provides remote, centralized management of data and voice services for small and branch offices and teleworkers. The compact, multi-functional networking appliance concurrently provides advanced services, including network segmentation, user authentication, role-based access control, and instant account provisioning for visitors. Moreover, it provides VPN, secure WLAN, individual user bandwidth management, WAN failover and load balancing for small businesses. Easy deployment and remote management features enable MSG100 to be deployed in places with limited IT resource.

This manual is intended for system integrators, field engineers and network administrators to set up MSG100 in their network environments. It contains step-by-step procedures and graphic examples to guide MIS staff or individuals with basic network system knowledge to complete the installation.

1.2 System Concept

In a Small and Mid-size Business (SMB) network environment, devices such as switches, hubs, and access points are commonly used, and Internet connection is usually via an ADSL or a cable modem. MSG100 uses virtual LAN (VLAN) technology to partition one physical network under its control into five logical virtual networks, called Service Zones, including one untagged zone and four tagged zones. The untagged zone is also referred as the Default Service Zone in this system, which is always enabled. On the other hand, the other four tagged zones can be enabled or disabled respectively. By default, port-based configuration is used and all of the four physical LAN ports are set to use the Default Service Zone.

The figure below demonstrates an example of the SMB network deployed with MSG100. Both LAN and WLAN of the system can be secured by IPSec VPN. MSG100 will actively establish VPN tunnels while the selected users are logging in. Not only the traffic within the office network will be protected by IPSec VPN, this VPN module can be configured to support site-to-site IPSec VPN tunnels across remote branch offices. The same clientless VPN setup implementation can also be extended to remote users in accessing office network from public Internet via PPTP VPN tunnels. Once the remote client-to-site PPTP VPN tunnels are established, traveling employees can connect back to the office network via reliable, secure connections using their portable devices.

3

© 2008 4IPNET, INC.

4IPNET MSG100G001 Manual

4ipnet MSG100 User’s Manual

1.3 Document Conventions

Represents essential steps, actions, or messages that should not be ignored.

8 Note: Contains related information that corresponds to a topic.

Indicates that clicking this button will return to the system Homepage.

Logout the system.

Access Online Help interface.

Indicates that clicking this button will apply all of your settings.

Indicates that clicking this button will clear what you have set before the settings are applied.

The red asterisk indicates that information in this field is compulsory.

Screen captures and pictures used in this manual may be displayed in part or in whole, and may vary or differ slightly from the actual product, depending on versioning and menu accessed.

4

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

2. System Overview

2.1

Package Contents

 

The standard package of MSG100 includes:

 

Ÿ

MSG100

x 1

Ÿ

Quick Installation Guide (QIG)

x 1

Ÿ

CD-ROM (with User’s Manual and QIG)

x 1

Ÿ

Power Cord

x 1

Ÿ

Power Adapter (12DC, 2A)

x 1

Ÿ

Cross-over Ethernet RJ-45 Cable

x 1

Ÿ

RS-232 DB9 Console Cable

x 1

It is recommended to keep the original packing material for possible future shipment when repair or maintenance is required. Any returned product should be packed in its original packaging to prevent damage during delivery.

2.2 Specification

2.2.1 Hardware Specification

General

Form Factor: Mini book

Dimensions (W x D x H): 11.8" x 6.1" x 1.7" (300 mm x 155 mm x 43 mm)

Weight: 2.5 lbs (1.15 kg)

Operating Temperature: 0 ~ 40 oC

Storage Temperature: -20 ~ 65 oC

Power Adapter: 100~240 VAC, 50/60 Hz

Built-in real-time clock

Connectors & Display

WAN Ports: 2 x 10BASE-T/100BASE-TX RJ-45

LAN Ports: 4 x 10BASE-T/100BASE-TX RJ-45

Console Port: 1 x RS-232 DB9

LED indicators: 1 x Power, 1 x Status, 2 x WAN, 4 x LAN

5

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

2.2.2 Technical Specification

Networking

Support Router, NAT mode

Support Static IP, DHCP, PPPoE mode on WAN interfaces and PPTP (WAN 1 only)

Controllable LAN ports requiring authentication

Support IP Plug and Play (IP PnP)

Built-in DHCP server and support for DHCP relay

Support NAT:

(1)IP/Port Destination Redirection

(2)DMZ Server Mapping

(3)Virtual Server Mapping

(4)H.323 Pass-Through

(5)SIP Pass-Through

Support static route

Support Wake on LAN, Web-based utilities (Ping, Trace Route and ARP) and Dynamic DNS

Walled Garden (free surfing zone): 20

Support MAC Address Pass-Through

HTTP Proxy Servers: 10

WAN failover and local balancing on dual WANs

Support multiple Service Zones in Port-based or Tag-based mode

Security

Local VPN tunnels to enhance wireless security: 50

Client-to-stie remote VPN of PPTP over public Internet: 10

Site-to-site VPN tunnels over public Internet: 3

Support VPN Pass-Through (IPSec and PPTP)

Support built-in DoS attack protection

Support MAC Access Control List

Support user Black List: 5 lists x 40 sets

Allows MAC address and user identity binding for local user authentication

Support QoS and WMM

User Management

Simultaneous support for multiple authentication methods (Local, POP3(S), LDAP, RADIUS, NT Domain, on-demand and SIP)

Role-based access control (including Firewall policies, Specific route, Login Schedule, and Bandwidth management)

Support time-based firewall

User Session Management:

(1)SSL protected login portal page

(2)Support multiple logins with one single account

(3)Session idle timer

6

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

(4)Session/account expiration control

(5)Email message with a hyperlink and login reminder for accessing login page

(6)Windows domain transparent login

(7)Configurable login time frame

Instant account (200 accounts) generation for guests by authorized users without IT’s intervention

User account roaming support

Support local account Grouping to classify users

System Administration

Multi-lingual, web-based management UI

Customizable login and logout portal pages

SSH remote management

Remote firmware upgrade

NTP time synchronization

Console management interface support (CLI)

Backup and restore of system configuration

SNMP v2 support

Monitoring and Reporting

Status monitoring of on-line users

Monitoring of IP-based network devices

WAN connection detection and failure alert message

Support SYSLOG for diagnosing, troubleshooting and logging

User traffic session log

Traffic history report in an automatic email to administrator

Support RADIUS accounting

Notification email of status monitoring and reporting

7

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

3.Installation

3.1 Panel Function Description

Front Panel

1.Power ON indicates the power on, and OFF indicates the power off.

2.Status Power and Status both ON indicate system ready, OFF indicates BIOS running, and BLINKING

indicates OS running.

3.WAN ON indicates connection, OFF indicates no connection, and BLINKING indicates data transmitting.

4.LAN ON indicates connection, OFF indicates no connection, and BLINKING indicates data transmitting.

Rear Panel

1.Power Attach the power adaptor here.

2.Reset

Press and hold the Reset button for about 5 seconds and the LED status indicator on the front panel will start to blink before restarting the system.

Press and hold the Reset button for more than 10 seconds and the LED status indicator on the front panel will start to speed up blinking before resetting the system to default configuration.

3.WAN

For connecting to external networks which are not managed by MSG100 via ADSL or Cable Modem, or connecting to a certain LAN of an organization via Switch or Hub.

4.LAN

For connecting to the networks managed by MSG100, such as client networking devices.

MSG100 supports Service Zone function including Port-Based mode and Tag-Based mode. Under Tag-Based mode, Service Zones are distinguished by VLAN tagging instead of physical LAN ports, and vise versa. By default, the system is in Port-Based mode and all LAN ports are set to the default Service Zone.

5.Console For displaying text data on an extended monitor via a RS-232 DB9 cable.

8

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

3.2 Hardware Installation

Please follow the steps mentioned below to install the hardware of MSG100.

1.Connect the power adapter to the power socket on the rear panel. The Power LED on the front panel should be ON to indicate a proper connection.

2.Connect an Ethernet cable to WAN1 Port on the rear panel. Per your needs, connect the other end of the cable to a networking device such as ADSL modem, cable modem, switch or hub. The WAN1 LED indicator should be ON to indicate a proper connection.

3.Connect an Ethernet cable to any LAN Port on the rear panel. Connect the other end of the cable to a PC for configuring the MSG100 system. The LED indicator should be ON to indicate a proper connection.

Please only use the power adapter supplied with the MSG100 package. Using a different power adapter may damage this system.

To double verify the wired connection between MSG100 and your switch/router/hub, please also check the LED status indication of these network devices.

9

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

3.3Software Configuration

3.3.1 Instruction of Web Management Interface

4ipnet MSG100 supports web-based configuration. Upon the completion of hardware installation, MSG100 can be configured through a PC by using its web browser with JavaScript enabled such as Internet Explorer version 6.0.

Step 1:

Set DHCP in TCP/IP of the administrator PC to get an IP address dynamically. Connect the PC to any LAN Port of MSG100. An IP address will be assigned to the PC automatically via the MSG100 built-in DHCP server.

Step 2:

Launch a web browser to access the web management interface of MSG100 by entering https://192.168.1.254(“ https” is used for a secured connection) or http://192.168.1.254in the address field.

Step 3:

The following Administrator Login Page will then appear. Enter “ admin” (the default value) in the Username and Password fields, and then click Login to log in.

If you are unable to get to the login screen, please check the IP address used. The IP address should 8 Note: be in the same subnet of the default gateway. For using static IP in TCP/IP setting, set a static IP

address such as 192.168.1.x for your network interface, and then open a new browser again.

10

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

Step 4:

After a successful login, a “Home” page with four links called Setup Wizard, Quick Links, System Overview, and Main Menu will appear.

ØSetup Wizard: provides a four-step quick configuration of the system. Please refer to Section 3.2.2. Quick Configuration for more information.

à

ØQuick Links: provides 8 links for the administrator to access frequently used pages of the web management interface directly, which are System Status, Local User Management, Policy Management, Privilege List, Online User List, Guest Account Management, Authentication Configuration, and Firmware Management.

à

11

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

ØSystem Overview: provides an overview of the system status for the administrator. Certain hyperlinks of associated configuration pages are provided in this page for the administrator to access directly.

à

ØMain Menu: provides detailed configuration pages for administrators to configure the system manually. Please refer to Section 4. Main Menu for more information.

à

8 Note:

Quick Links and System Overview are not accessible until the system is configured via Setup Wizard.

12

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

3.3.2 Setup Wizard

MSG100 provides a Setup Wizard for quick configuration. The Configuration Wizard comprises of four basic steps. Follow the instructions of Configuration Wizard to enter the required information step by step, save your settings, and restart MSG100. Then, the system is ready to use. The four steps of Configuration Wizard are listed below:

Step I. General

Step 2. WAN1 Interface

Step 3. Local User Account (Optional)

Step 4. Confirm and Restart

Please follow the steps below to complete the Setup Wizard configuration.

Step 1: General

Click the Setup Wizard in the Home page to start the configuration process.

Enter a new password in the New Password field, and re-enter it again in the Verify Password field (a maximum of 20 characters and no spaces allowed in between).

Select an appropriate time zone from the Time Zone drop-down list box to set up the system time.

Click Next to continue.

For security concern, it is strongly recommended to change the administrator's password.

13

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

Step 2: WAN1 Interface and Wireless

Select a proper type of Internet connection for WAN1 interface from the following three available connections: Static, Dynamic, or PPPoE. Your ISP or network administrator can advise on the connection type available to you. Below depicts an example for Dynamic.

Click Next to continue.

Step 3: Local User Account (Optional)

New local accounts can be created and added into the database via this optional function. If local user accounts are not required, click Skip to go directly to Step 4. However, it is recommended to create at least one local user account in order to verify the system‘s readiness upon completion of this Setup Wizard.

Enter the Username (e.g. “ testuser” ) and Password (e.g. “ testuser” ) to create a new local account.

Click Next to continue.

More local accounts can be added by clicking the Back button in Step 4.

Step 4: Confirm and Restart

Click Finish to save current settings and restart the system.

14

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

A confirmation dialog box will then appear. Click OK to continue.

A Confirm and Restart message will appear on the screen during the restarting process. Please do not interrupt the system until the Administrator Login Page appears.

8 Note:

The system is trying to locate a DNS server at this stage. Therefore, a longer startup time is required if the configured DNS cannot be found.

When the following Administrator Login Page appears, it means the restart process is now completed.

15

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

3.3.3 User Login Portal Page

In order to be granted network access via MSG100’s controlled port, a user must be authenticated first by entering a correct username and password on the User Login Portal Page. To verify whether the configuration of the new local user account(s) created via the Setup Wizard has been completed successfully:

1.Connect a client device (e.g. laptop, PC) to the LAN1 Port of MSG100. The device will obtain an IP address automatically via DHCP.

2.Open a web browser on a client device, access any URL, and then the default User Login Page will appear.

3.Enter the Username and Password of a local user account previously generated via Setup Wizard (e.g.

“ test@local” as the Username and “ test” as the Password); then Click Login

1. MSG100 supports multiple authentication options including built-in local user database and external authentication database (e.g. RADIUS). The system will automatically identify which authentication option is used from the full username entered.

8 Note:

2. The format of a full (valid) username is userid@postfix, where “ userid” is the user ID and “ postfix” is the name of the selected authentication option.

3. Exception: The postfix can be omitted only when the default authentication option is used. For example, “ LOCAL” is the default authentication option at this system; therefore, you may enter either “ test” or “ test@local” in the Username field.

Congratulation!

The Login Success Page will appear after a client has successfully logged into MSG100 and has been authenticated by the system. The appearance of Login Success Page means that MSG100 has been installed and configured properly.

16

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

4.Web Interface Configuration

This chapter will guide you through further detailed settings. The following table shows all the UI functions of MSG100.

OPTION

System

Users

Network

Utilities

Status

 

 

 

 

 

 

 

General

Authentication

NAT

Password Change

System

 

WAN 1

Black List

Privilege

Backup & Restore

Interface

 

WAN 2

Group

Monitor IP

System Upgrade

Routing Table

FUNCTION

WAN Traffic

Policy

Walled Garden

Restart

Online Users

LAN Port

Additional

Proxy Server

Network Utilities

User Logs

 

Mapping

Control

 

 

 

 

 

Service Zones

 

DDNS

 

E-mail & SYSLOG

 

 

 

Client Mobility

 

 

 

 

 

VPN

 

 

Click Apply to allow the changes you made on the current page to take effect immediately.

Sometimes the system may require a restart after clicking Apply. When a restart message

8 Note: appears, the system must be restarted for the settings to take effect. Restart can be done till all configurations are completed.

All on-line users will be disconnected during restart.

17

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

4.1 System Configuration

4.1 System

This section includes the following functions: General, WAN1, WAN2, WAN Traffic, LAN Port Mapping, and

Service Zones.

4.1.1 General

Main information about MSG100 is shown on this page, including System Name, Internal Domain Name, Homepage Redirect URL, User Log Access IP Address, Management IP Address List, SNMP, HTTPS Protected Login, and Network Time Protocol (NTP) Server.

18

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

ŸSystem Name: Set the name of the system or use the default.

ŸInternal Domain Name: A fully qualified domain name (FQDN) of the system. The domain name entered here will be shown at the top left of the Login Success page. In addition, when HTTPS is enabled, entering the domain name of the uploaded certificate will not only change the URL of the User Login page, but also increase login speed. For example, if the Internal Domain Name is configured as “ ashop.com” , the URL of the User Login page will be https://ashop.com/loginpages/login.shtml.

ŸHomepage Redirect URL: Enter the URL of a Web server as the homepage. When Local VPN is disabled at this system, after a successful login, users will be directed to this homepage, such as http://www.google.com, regardless of the original homepage set in their computers.

ŸUser Log Access IP Address: Specify the IP address of an external billing system to access the system's user logs. Only the specified billing system can directly access the system's user logs in text format via a Web browser. For example, if the access interface of MSG100 is “10.30.1.213”, the user logs can be found in following URLs.

n Traffic History https://10.2.3.213/status/history/2007-07-17

n On-demand History https://10.2.3.213/status/ondemand_history/2007-07-17

ŸManagement IP Address List: Set the IP range where the web management interface of MSG100 can be connected via its WAN and/or LAN ports. For example, “192.168.1.0/24” means that as long as you are within the IP range between 192.168.1.0 and 192.168.1.255, you can reach the management interface.

ŸSNMP: MSG100 supports SNMPv2. If this function is enabled, the specified SNMP server can access the Management Information Base (MIB) of the system.

19

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

ŸHTTPS Protected Login: The system supports HTTPS (encrypted) and HTTP (non-encrypted) for clients to log into the system. When this function is enabled, the Secured Socket Layer (SSL) will be activated and implemented into the Web-based user login page.

ŸTime: The system time can be set up manually or synchronized with remote NTP (Network Time Protocol) servers. It supports up to five NTP servers. When NTP is enabled, the information of at least one NTP server must be provided.

The system time can also be set up manually by selecting Manually set up. Then select the date and time from the drop-down list box.

20

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

4.1.2 WAN1

There are 4 connection types supported on the WAN1 Port: Static, Dynamic, PPPoE and PPTP.

ŸStatic (Use the following IP Settings): Select this option to specify a static IP address for the WAN1 port manually when a static IP address is available for MSG100. The fields with red asterisk are required.

ØIP Address: The IP address of the WAN1 port.

ØSubnet Mask: The subnet mask of the WAN1 port.

ØDefault Gateway: The gateway of the WAN1 port.

ØPreferred DNS Server: The primary DNS Server of the WAN1 port.

ØAlternate DNS Server: The substitute DNS Server of the WAN1 port. This is optional.

ŸDynamic (IP settings assigned automatically): This option can be selected when there is a DHCP server located on the network that MSG100 is connected to. Click Renew to get an IP address automatically.

21

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

ŸPPPoE: Select this option when PPPoE is the connection protocol provided by your ISP.

To properly configure PPPoE connection type, set the Username, Password, MTU and Clamp MSS. When Dial on Demand is enabled, the Maximum Idle Time field is required to be filled in. The system will disconnect itself from the Internet automatically when the Maximum Idle Time is reached.

ŸPPTP: Select this option when PPTP is the connection protocol provided by your ISP.

When Dial on Demand is enabled, the Maximum Idle Time field is required to be filled in. The system will disconnect itself from the Internet automatically when the Maximum Idle Time is reached.

There are two connection types available, Static or DHCP.

Ø Static: Select Static to specify the IP address of the PPTP Client manually.

ØDHCP: Select DHCP to get the IP address automatically..

22

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

4.1.3 WAN2

WAN2 can be disabled when selecting None. When WAN2 Port is enabled, it supports 3 connection types: Static,

Dynamic and PPPoE.

ŸNone: The WAN2 Port is disabled.

ŸStatic (Use the following IP Settings): Select this option to specify a static IP address for the WAN2 port manually when a static IP address is available for MSG100. The fields with red asterisk are required.

ŸDynamic (IP settings assigned automatically): This option can be selected when there is a DHCP server located on the network that MSG100 is connected to. Click Renew to get an IP address automatically.

ŸPPPoE: Select this option when PPPoE is the connection protocol provided by your ISP.

To properly configure PPPoE connection type, set the Username, Password, MTU and Clamp MSS. When Dial on Demand is enabled, the Maximum Idle Time field is required to be filled in. The system will disconnect itself from the Internet automatically when the Maximum Idle Time is reached.

23

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

4.1.4 WAN Traffic

MSG100 supports uplink/downlink bandwidth management features, including Load Balancing and WAN Failover, and Connection Detection.

Available Bandwidth on WAN Interface:

ØUplink Bandwidth: The maximum uplink bandwidth of the WAN interface to be shared by clients. The same setting will be applied to WAN1 and WAN2.

ØDownlink Bandwidth: The maximum downlink bandwidth of the WAN interface to be shared by clients. The same setting will be applied to WAN1 and WAN2.

WAN Failover & Connection Detection: MSG100 supports WAN Failover, Load Balancing and the ability to detect WAN connection.

ØTarget for detecting Internet connection: Enter the IP address or domain name of up to three targets to which the system will send packets for detecting Internet connection status. If there is a problem in the connection in the WAN port, and the specified IP address(es) or domain name(s) cannot be reached, there will be a warning message appearing on clients’ screens. To enable WAN Failover, at least one target must be configured.

ØEnable Load Balancing: MSG100 supports outbound load balancing. Select to enable the system’s Load Balancing function. The system will distribute traffics to WAN1 and WAN2 based on the weight ratio assigned; the weight ratio can be based on Sessions, Packets or Bytes. When this function is enabled, the WAN Failover check box will disappear because WAN Failover is covered by Load Balancing.

o WAN1 Weight: Enter a value ranging from 1~99. The default value is 50.

oBase: Three Base types can be selected from: Sessions, Packets or Bytes. Packets and Bytes are based on historic downlink data. New connection sessions will be distributed between WAN1 and WAN2 based on the Base selected and WAN1 Weight set.

24

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

ØEnable WAN Failover: Select to enable the WAN Failover function to ensure continuous uptime for Internet connection. Furthermore, select “Fall back to WAN1 when WAN1 is available again” to allow the traffic goes back to WAN1 when WAN1 becomes active again after a disconnection.

ØWarning of Internet Disconnection: MSG100 supports Internet disconnection detection feature. When this function is enabled, a text box will appear for the administrator to enter a warning message. This warning message will appear on clients' screens when Internet connection is down.

25

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

4.1.5 LAN Port Mapping

MSG100 supports multiple Service Zones in either of the two VLAN modes, Port-Based or Tag-Based, but not concurrently. In Port-Base mode, each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports. In Tag-Based mode, each LAN port can serve traffic from any Service Zone as each Service Zone is identified by VLAN tags carried within message frames. By default, the system is in Port-Based mode with Service Zone 1 (Default Service Zone) enabled and all LAN ports are mapped to Default Service Zone. Compare two figures below to see the differences.

 

Port-Based

 

Tag-Based

It is recommended that the administrator decides which mode is better for a multiple-service-zone deployment before proceeding further with the system configuration. Settings for the two VLAN modes are slightly different, for example, the VLAN Tag setting is required for Tag-Based mode.

Select the mode for Service Zone: Select a VLAN mode, either Port-Based or Tag-Based.

8 Note:

The switches deployed under MSG100 in Port-Based mode must be Layer 2 switches only. The switch deployed under MSG100 in Tag-Based mode must be a VLAN switch only.

26

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

ØPort-Based: When Port-Based mode is selected, traffic from different virtual Service Zones will be distinguished by physical LAN ports. Each LAN port can be mapped to a Service Zone in the form of a many-to-one mapping between ports and Service Zones.

o Specify a desired Service Zone for each LAN Port: For each LAN port, select a Service Zone to which the LAN port is to be mapped from the drop-down list box.

By factory default, all LAN ports are mapped to Default Service Zone; therefore, the administrator can enter the web management interface via any LAN port upon the first power up of the system. From the drop-down list box, all disabled Service Zones are gray-out; to activate any desired Service Zone, please configure the desired Service Zone under the Service Zone tab and enable its Service Zone Status (refer to Section 4.1.6. Service Zones).

ØTag-Based: When the Tag-Based mode is selected, traffic from different virtual Service Zones will be distinguished by VLAN tagging, instead of by physical LAN ports.

Select Tag-Based and then click Apply to activate the Tag-Based VLAN function. When a restart message screen appears, do NOT restart the system until you have completed the configuration under the Service Zones tab first.

For more information on enabling Tag-Based VLAN and configuring Service Zones, please refer to

Appendix B. Service Zone – Deployment Example.

27

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

4.1.6 Service Zone

There are five Service Zones: Default, SZ1, SZ2, SZ3 and SZ4. Click Configure to complete the settings of each Service Zone. The management interface of the Port-Based Service Zone is different from that of the Tag-Based Service Zone

Port-Based

Tag-Based

ŸService Zone Name: The name of the respective Service Zones.

ŸLAN Port Mapping: The Green Light indicates which physical LAN port (from left to right: LAN1, LAN2, LAN3, and LAN4) is currently mapped to the Service Zone. This column will only appear when the system is in PortBased mode.

ŸVLAN Tag: The VLAN tag assigned to the Service Zone.

ŸApplied Policy: The policy applied to the Service Zone.

ŸDefault Authentication Option: The authentication option selected for the Service Zone such as Local, POP3,

RADIUS, LDAP, NT Domain, Ondemand or SIP will be shown in this column.

ŸStatus: Indicates whether the Service Zone is currently active or not; Enabled represents the SZ is in an active state, and Disable represents an inactive state.

28

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

ŸDetails: Detailed settings of the Service Zone.

Click Configure to enter the Basic Settings, SIP Interface Configuration and Authentication Setting interfaces for further configuration.

ØBasic Settings

(1)Service Zone Status: Indicates the current activating status of the Service Zone.

(2)Service Zone Name: The name of the Service Zone.

(3)Network Interface: When the system is in Tag-Based Service Zone mode, the VLAN Tag column will appear.

Port-Based

Tag-Based

29

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

oOperation Mode: When NAT mode is selected, the Service Zone will run in NAT mode. When Router mode is selected, the Service Zone will then run in Router mode.

o IP address: Specify the IP Address assigned to this Service Zone.

o Subnet Mask: Specify the Subnet Mask assigned to this Service Zone.

o VLAN Tag: Enter the VLAN tag number for this Service Zone.

(4)DHCP Server: MSG100 supports three DHCP modes: Disable DHCP server, Enable DHCP Server or

Enable DHCP Relay. Each Service Zone can have its own DHCP setting.

o Disable DHCP Server: Select this option when using a static IP address for Internet connection.

oEnable DHCP server: The system will act as a DHCP server and assign an IP address to its clients when this option is enabled.

Start IP / End IP: Specify the range of IP addresses to be distributed by the built-in DHCP server to clients. This setting must synchronize with the IP range configured in System > General > Management IP Address List (refer to 4.1.1 General).

Preferred DNS Server: Enter the IP address of the preferred DNS server.

Alternate DNS Server: Enter the IP address of the 2nd DNS server; this is optional.

Domain Name: Enter the Windows domain name for this Service Zone.

WIN Server IP: The IP address of the WINS (Windows Internet Naming Service) server if a WINS server is applicable to this Service Zone..

Lease Time: The valid time period of the IP addresses issued from the DHCP server. Choose the time interval from the drop-down list box to update DHCP IP addresses automatically.

Reserved IP Address List: Each Service Zone can reserve certain IP addresses (within the predefined DHCP range) for specific client devices via MAC, to prevent the system from issuing these IP addresses to downstream clients.

oEnable DHCP Relay: When this option is enabled and the Service Zone is connected to an external DHCP server, IP addresses will then be assigned by that external DHCP serve. The system will only relay DHCP information from the external DHCP server to downstream clients of this Service Zone.

DHCP Server IP Address: Enter the IP address of the external DHCP server to be used.

30

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

.

For more information on DHCP replay, please refer to Appendix D. DHCP Replay.

ØSIP Interface Configuration

The system provides SIP proxy that helps SIP clients pass through NAT. After enabling SIP and completing SIP Authentication configuration, all authenticated SIP traffic can pass through NAT via a selective and fixed WAN interface. (For more information on SIP Authentication configuration, refer to

4.2.1.7 SIP Authentication.)

SIP Authentication can be activated in either NAT or Router mode. A Policy can be selected to govern SIP traffic from the clients who log in with SIP Authentication. The login schedule of the selected Policy will be ignored by SIP Authentication. However, the specific route and firewall rules of that selected Policy will be applied to SIP traffic.

8 Note:

Be noted that the specific route of the applied Policy cannot conflict with the assigned WAN interface for SIP authentication.

ØAuthentication Settings

This interface displays the authentication status related to this Service Zone. Enabled means that clients will be authenticated when accessing this Service Zone. The Login/Logout pages can also be customized here.

31

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

(1)Authentication Required for the Zone: Enable or disable this feature.

(2)Authentication Options:

oAuth Option: The authentication options supported by MSG100. Click the hyperlink of the respective options, including Server1 to Server4, Guest Users, and SIP Authentication, to enter the

Authentication Option configuration page.

oAuthentication Database: The type of authentication database used. The system supports five types of authentication databases: Local, POP3, RADIUS, LDAP, and NT Domain.

oPostfix: A postfix is used to inform the system which authentication option is used for authenticating an account (e.g. bob@BostonLdap or tim@TokyoRadius) when multiple options are concurrently in use. One of authentication options can be assigned as default. The postfix can be omitted only when the default authentication option is used. For example, if "BostonLdap" is the postfix of the default option, Bob can log in with either "bob" or "bob@BostonLdap” as his username.

oDefault: Select an Auth Option to be default authentication option. If clients log in the system via the default authentication option, the postfix can be omitted when typing username.

oEnabled: Check to activate the authentication options, and uncheck to inactivate. For more information on Authentication Methods, please refer to Section 4.2.1. Authentication.

(3)Group Permission for this Service Zone:

To configure Group permission based on the role of this Service Zone. Click Configure to have further configuration or view the details.

Click Enabled of the desired Group option(s) to allow the clients of the selected Group(s) to log into this Service Zone after a successful authentication. Moreover, a pre-defined Policy can be applied to any Group in this Service Zone.

Click the hyperlink of the respective Group names in the To Zone Permission Configuration column to enter the Group tab, where zone permission and policy assignment can be further configured (refer to

Section 4.2.3. Group).

(4)Default Policy in this Service Zone: A Policy selected from the drop-down list box can be applied to the Service Zone. Click on Edit System Policies, the Policy Configuration interface will appear for

32

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

detailed settings (refer to Section 4.2.4. Policy).

(5)E-mail Message for Login Reminding: The system will send an automatic POP3 e-mail to notify clients who should have logged into the system. The administrator can customize the content of this notification e-mail. Each Service Zone can have its own message.

Click on Edit Mail Message to enter the POP3 Email Message Editing page.

(6)Custom Pages: There are five users’ login and logout pages that can be customized by the administrator for each Service Zone. Click Configure to have further configuration of these pages.

a.Login Page

The administrator can use the default Login Page or get the customized one by setting the template page, uploading the page or downloading from a designated website. Upon completion of the configuration, click Preview at the bottom of this page to view the customized Login Page. If the administrator wishes to restore the factory default setting of Login Page, click the Use Default Page button.

a-1.Login Page - Default Page

Choose Default Page to use the default login page.

33

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

a-2.Login Page – Template Page

Choose Template Page to make a customized login page. Click the hyperlink of Select to pick a color and then fill in all of the blanks. Click Preview to view the result first.

a-3.Login Page - Uploaded Page

Choose Uploaded Page to upload a new/edited login page.

The user-defined login page must include the following HTML codes to provide the necessary fields for username and password.

If the user-defined login page includes an image file, the image file path in the HTML codes must be as follows.

Remote VPN

: <img src=images/xx.jpg” >

Default Service Zone

: <img src=images0/xx.jpg” >

Service Zone 1

: <img src=images1/xx.jpg” >

Service Zone 2

: <img src=images2/xx.jpg” >

Service Zone 3

: <img src=images3/xx.jpg” >

Service Zone 4

: <img src=images4/xx.jpg” >

Click the Browse button to select the customized HTML codes to upload. Then click Submit to complete the upload process.

34

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

Next, enter or browse the filename of the images to be uploaded in the Upload Images field on the

Upload Images Files page and then click Submit. The system will show the used space and the image file limit (512K).

After the image file is uploaded, the file name will show on the Existing Image Files field. Check the file and click Delete to delete the file.

Upon the completion of the upload process, the new login page can be previewed by clicking

Preview button on the bottom.

a-4.Login Pages - External Page

Choose External Page to download a login page from the designated website. Enter the website address in the External URL field and then click Apply.

After applying the setting, the new login page can be previewed by clicking Preview at the bottom of this page.

The user-defined login page must include the following HTML codes to provide the necessary fields for username and password.

For example, if the system name of this MSG100 is ”abc.3322.org”, then the first line of the html codes would be “https://abc.3322.org/loginpages/userlogin.shtml” instead of “userlogin.shtml”.

b.Logout Page

The administrator can use the default Logout Page or get the customized one by setting the template page, uploading the page or downloading from a designated website. Upon completion of the configuration, click Preview at the bottom of this page to view the customized Logout Page. If

35

© 2008 4IPNET, INC.

4ipnet MSG100 User’s Manual

the administrator wishes to restore the factory default setting of Logout Page, click the Use Default Page button. As the process is similar to that of Login Page, please refer to the configuration instructions of Login Page for more details.

The HTML codes of the admin-defined logout interface are different from those of Login Page. The following HTML codes must be included to allow users to enter the username and password.

8 Note:

c.Login Success Page

The administrator can use the default Login Success Page or get the customized one by setting the template page, uploading the page or downloading from a designated website. Upon completion of the configuration, click Preview at the bottom of this page to view the customized Login Success Page. If the administrator wishes to restore the factory default setting of Login Success Page, click the Use Default Page button. As the process is similar to that of Login Page, please refer to the configuration instructions of Login Page for more details.

d.Login Success Page for Instant Account

The administrator can use the default Login Success Page for Instant Account or get the customized one by setting the template page, uploading the page or downloading from a designated website. Upon completion of the setting, click Preview at the bottom of this page to view the customized Login Success Page for Instant Account. If the administrator wishes to restore the factory default setting of Login Success Page for Instant Account, click the Use Default Page button. As the process is similar to that of Login Page, please refer to the configuration instructions of Login Page for more details.

e.Logout Success Page

The administrator can use the default Logout Success Page or get the customized one by setting the template page, uploading the page or downloading from a designated website. Upon completion

of the setting, click Preview at the bottom of this page to view the customized Logout Success Page. If the administrator wishes to restore the factory default setting of Logout Success Page, click the

Use Default Page button. As the process is similar to that of Login Page, please refer to the configuration instructions of Login Page for more details.

36

© 2008 4IPNET, INC.

+ 91 hidden pages