Epson IWE3200-H User Manual

IWE3200-H

HotSpot Gateway

User’s Guide

Version: 1.0

Last Updated: 08/11/2006

Federal Communication Commission Interference Statement

This equipment has been tested and found to comply with the limits for a Class B digital device, pur­suant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against
harmful interference in a residential installation. This equipment generates, uses and can radiated ra­dio frequency energy and, if not installed and used in accordance with the instructions, may cause
harmful interference to radio communications. However, there is no guarantee that interference will
not occur in a particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the user is en­couraged to try to correct the interference by one of the following measures:

z Reorient or relocate the receiving antenna.
z Increase the separation between the equipment and receiver.
z Connect the equipment into an outlet on a circuit different from that to which the receiver is

connected.

z Consult the dealer or an experienced radio/TV technician for help.

FCC Caution: To assure continued compliance, (example – use only shielded interface cables when

connecting to computer or peripheral devices). Any changes or modifications not expressly approved
by the party responsible for compliance could void the user’s authority to operate this equipment.

FCC Radiation Exposure Statement

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environ­ment. This equipment should be installed and operated with minimum distance 20 cm between the ra­diator & your body.

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two condi­tions: (1) This device may not cause harmful interference, and (2) this device must accept any inter­ference received, including interference that may cause undesired operation.

i

R&TTE Compliance Statement

This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN
PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication
terminal equipment and the mutual recognition of their conformity (R&TTE).

The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Termi­nal Equipment and Satellite Earth Station Equipment) as of April 8, 2000.

Safety

This equipment is designed with the utmost care for the safety of those who install and use it. How­ever, special attention must be paid to the dangers of electric shock and static electricity when work­ing with electrical equipment. All guidelines of this and of the computer manufacture must therefore
be allowed at all times to ensure the safe use of the equipment.

EU Countries Intended for Use

The ETSI version of this device is intended for home and office use in Austria, Belgium, Denmark,
Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, Portugal, Spain, Sweden, The Neth­erlands, and United Kingdom.

The ETSI version of this device is also authorized for use in EFTA member states Norway and Swit­zerland.

EU Countries Not Intended for Use

None.

ii

Table of Contents

1. Introduction.........................................................................................................................1

1.1. Overview...................................................................................................................1

1.2. Features.................................................................................................................... 2

1.3. LED Definition........................................................................................................... 7

1.4. Feature Comparison................................................................................................. 7

2. First-Time Installation and Configuration............................................................................ 8

2.1. Selecting a Power Supply Method............................................................................ 8

2.2. Mounting the IWE3200-H on a Wall .........................................................................9

2.3. Preparing for Configuration..................................................................................... 10

2.3.1. Connecting the Managing Computer and the IWE3200-H ........................... 10

2.3.2. Changing the TCP/IP Settings of the Managing Computer..........................11

2.4. Configuring the IWE3200-H.................................................................................... 11

2.4.1. Entering the User Name and Password ....................................................... 11

2.4.2. SETUP WIZARD Step 1: Selecting an Operational Mode............................ 12

2.4.3. SETUP WIZARD Step 2: Configuring TCP/IP Settings................................ 13

2.4.4. SETUP WIZARD Step 3: DHCP Server Settings ......................................... 15

2.4.5. SETUP WIZARD Step 4: Configure IEEE 802.11 Settings .......................... 15

2.4.6. Configuring User Authentication Settings..................................................... 16

2.4.7. Configuring RADIUS Settings....................................................................... 20

2.5. Deploying the IWE3200-H...................................................................................... 21

2.6. Setting up Client Computers................................................................................... 22

2.6.1. Configuring IEEE 802.11-Related Settings .................................................. 22

2.6.2. Configuring TCP/IP-Related Settings...........................................................23

2.7. Confirming the Settings of the IWE3200-H and Client Computers.........................23

2.8. Using Web-Based Network Management............................................................... 25

2.8.1. Menu Structure.............................................................................................25

2.8.2. Save, Save & Restart, and Cancel Commands............................................ 27

2.8.3. Home and Refresh Commands....................................................................27

2.9. Seeing Status ......................................................................................................... 28

2.9.1. Associated Wireless Clients......................................................................... 28

2.9.2. Authenticated Users..................................................................................... 28

2.9.3. Account Table............................................................................................... 29

2.9.4. Session List.................................................................................................. 29

2.9.5. Managed LAN Devices................................................................................. 30

2.10. System.................................................................................................................. 30

2.10.1. Specifying Operational Mode .....................................................................30

2.10.2. Changing Password ...................................................................................32

2.10.3. Managing Firmware.................................................................................... 32

2.10.4. Setting Time Zone...................................................................................... 36

2.11. Configuring TCP/IP Related Settings ...................................................................36

2.11.1. Address ......................................................................................................36

2.11.2. DNS............................................................................................................ 39

2.11.3. NAT ............................................................................................................40

2.11.4. DHCP Server.............................................................................................. 41

2.11.5. Load Balancing........................................................................................... 43

2.11.6. Zero Client Reconfiguration........................................................................ 44

2.12. Configuring Wireless Settings............................................................................... 44

2.12.1. Communication........................................................................................... 44

2.12.2. Security....................................................................................................... 47

2.13. Configuring AAA (Authentication, Authorization, Accounting) Settings ................ 51

2.13.1. Web Redirection......................................................................................... 51

iii

2.13.2. RADIUS...................................................................................................... 55

2.13.3. Authentication Session Control .................................................................. 57

2.13.4. Authentication Page Customization............................................................ 57

2.14. DDNS.................................................................................................................... 59

2.15. Configuring Advanced Settings ............................................................................60

2.15.1. Filters and Firewall ..................................................................................... 60

2.15.2. Management............................................................................................... 62

2.15.3. LAN Device Management........................................................................... 64

Appendix A............................................................................................................................ 66

A-1: Default Settings...................................................................................................... 66

A-2: LED Definitions ...................................................................................................... 67

A-3: Rear Panel............................................................................................................. 67

Appendix B: Troubleshooting................................................................................................ 68

B-1: TCP/IP Settings Problems .....................................................................................68

B-2: Wireless Settings Problems................................................................................... 70

B-3: Other Problems...................................................................................................... 71

Appendix C: Technical Specifications................................................................................... 72

C-1: IWE3200-H ............................................................................................................72

C-2: IWE500-INJ Power Injector.................................................................................... 74

C-3: IWE810-POS mini-POS Ticket Printer................................................................... 75

iv

1. Introduction

1.1. Overview

The IWE3200-H Wireless HotSpot Gateway enables Telco operators, wireless ISPs, enterprises,

government institutes, or school campuses to deploy WLANs with secured user authentication support.
It generates the user log on/off information for back-end billing systems, and user access log status for
tracking purpose, which is very useful and demanded function for the environment requires highly
security deployment, such as government institute, bank, or military campus.

The

IWE3200-H supports multiple xDSL/Cable connections, which balances the in-bond/out-bond

load (Multi-homing) and the bandwidth aggregation. The multiple WAN connections provide the
failed-over and connection back-up capability to guarantee the ‘always-on-line’ connections. More­over, with 802.11b/g wireless access point function, it provides wireless bridge mode – WDS. WDS
(Wireless Distribution System) provides standard ‘static’ bridges function to joint the LAN segments
that may be far separated (e.g., in two buildings, or in campus) to a complete network. Up to 6 WDS
bridge links are supported to work with AP function simultaneously.

For hotspot service,
and Access Log-on Control. 802.1x/RADIUS is the standard authentication procedure where the

standard 802.1x/RADIUS client and server devices are both required, while Access Log-on Control
provides more flexible authentication procedure that allows the non-802.1x wireless users can still be

authenticated and managed by the remote RADIUS server.
to allow the operators or the venues owner display their web or advertisement contents during the user
login period. With Walled-Garden function, some of the unauthorized wireless users who want to ac­cess the internet, the venue owners can limit such users to access certain level of internet resources.

Furthermore, considering the wireless users who may not configure their own network settings on
their own Notebook or Handheld device for any reasons,

figuration’ features, so that the wireless users can associate to the hotspot environment without any
network configuration on their own Notebook or Handheld device.

IWE3200-H also supports the external ticket printer. With optional IWE810-POS HotSpot mini-POS

for ticket printing and device control,
temporary user who will only need the fractal time for internet access in HotSpot Venues.

For the environment or location where the power is difficult to get,
Gateway series provides the optional POE function that compliant with the IEEE802.3af standard
with flexible power input via Ethernet cable in some particular environment. It is associated with the

IWE500-INJ POE Injector for POE application.

The flexible R-SMA detachable antennas can be replaced with high-gain directional/omni-directional
antennas for different purposes. All in all, the
best solution for flexible and security wireless application of SOHO, SME, Enterprise, HotSpots, ISP,

Telco operators.

IWE3200-H provides 2 kinds of user authentication method: 802.1x/RADIUS

IWE3200-H also provides the capability

IWE3200-H provides the ‘Zero IP Con-

IWE3200-H enables the HotSpot venues to print a ticket for

IWE3200-H Wireless HotSpot

IWE3200-H Wireless HotSpot Gateway series is the

1

1.2. Features

z User Authentication, Authorization, and Accounting

 Web redirection. When an unauthenticated wireless user is trying to access a Web page,

he/she is redirected to a logon page for entering the user name and password. Then, the
user credential information is sent to a back-end RADIUS server for authentication.

 Local pages or external pages. The IWE3200-H can be configured to use

log-on, log-off, authentication success, and authentication failure pages, which are

stored in itself or stored in an external Web server maintained by the WISP. The con­tents of local authentication pages can be customized.

 Advertisement links. The log-off authentication page can be configured to show a

sequence of advertisement banners.

 Unrestricted clients. Client computers with specific IP addresses or MAC ad-

dresses can bypass the Web redirection-based access control.

 Walled garden. Some specific URLs can be accessed without authentication. These

URLs can be exploited by WISPs for advertisement purposes.

 IEEE 802.1x. If a wireless client computer supports IEEE 802.1x Port-Based Network

Access Control, the user of the computer can be authenticated by the access Router and
wireless data can be encrypted by 802.1x EAP authentication method combined with WEP
encryption.

 RADIUS client. The IWE3200-H communicates with a back-end RADIUS server for

wireless user authentication, authorization, and accounting. Authentication methods in­cluding EAP-MD5, EAP-TLS/EAP-TTLS, PAP, and CHAP are supported.

 Robustness. To enhance authentication integrity, the access Router can be config-

ured to notify the RADIUS server after it reboots.

 Showing authenticated users. Showing the status and statistics of every RA-

DIUS-authenticated user. And an authenticated user can be terminated at any time for
management purposes.

 Authentication session control. Several mechanisms are provided for the network

administrator to control user authentication session lifetimes.

z IEEE 802.11b/g Compliant

 Wireless Operation

 Access Point. The AP enables IEEE 802.11 Stations (STAs) to automatically asso-

ciate with it via the standard IEEE 802.11 association process. In addition, the IEEE

802.11 WDS (Wireless Distribution System) technology can be used to manually es­tablish wireless links between two APs.

 64-bit and 128-bit WEP (Wired Equivalent Privacy). For authentication and

data encryption.

2

 Enabling/disabling SSID broadcasts. The user can enable or disable the SSID

broadcasts functionality for security reasons. When the SSID broadcasts functionality
is disabled, a client computer cannot associate the wireless AP with an “any” network
name (SSID, Service Set ID); the correct SSID has to be specified on client com­puters.

 MAC-address-based access control. Blocking unauthorized wireless client

computers based on MAC (Media Access Control) addresses.

 Repeater. A wireless AP can communicate with other wireless APs via WDS

(Wireless Distribution System). Therefore, the wireless AP can wirelessly forward
packets from wireless clients to another wireless AP, and then the later wireless AP
forwards the packets to the Ethernet network.

 Wireless client isolation. Wireless-to-wireless traffic can be blocked so that the

wireless clients cannot see each other. This capability can be used in hotspots appli­cations to prevent wireless hackers from attacking other wireless users’ computers.

 AP load balancing. Several wireless APs can form a load-balancing group. Within

a group, wireless client associations and traffic load can be shared among the wireless
APs.

 Transmit power control. Transmit power of the wireless AP’s RF module can be

adjusted to change RF coverage of the wireless AP.

 Showing associated wireless clients. Showing the status of every wireless cli-

ent that is associated with the wireless AP.

 Replaceable antennas. The factory-mounted antennas can be replaced with

high-gain antennas for different purposes.

z Internet Connection Sharing

 DNS proxy. The IWE3200-H can forward DNS (Domain Name System) requests from

client computers to DNS servers on the Internet. And DNS responses from the DNS serv­ers can be forwarded back to the client computers.

 Static DNS mappings. The network administrator can specify static FQDN (Fully

Qualified Domain Name) to IP address mappings. Therefore, a host on the internal
network can access a server also on the intranet by a registered FQDN.

 DHCP server. The IWE3200-H can automatically assign IP addresses to client com-

puters by DHCP (Dynamic Host Configuration Protocol).

 Static DHCP mappings. The network administrator can specify static IP address

to MAC address mappings so that the specified IP addresses are always assigned to
the hosts with the specified MAC addresses.

 Showing current DHCP mappings. Showing which IP address is assigned to

which host identified by an MAC address.

3

 NAT server. Client computers can share a public IP address provided by an ISP (Internet

Service Provider) by NAT (Network Address Translation). And our NAT server function­ality supports the following:

 Virtual server. Exposing servers on the intranet to the Internet.
 PPTP, IPSec, and L2TP passthrough. Passing VPN (Virtual Private Network)

packets through the intranet-Internet boundary. PPTP means Point-to-Point Tunneling
Protocol, IPSec means IP Security, and L2TP means Layer 2 Tunneling Protocol.

 DMZ (DeMilitarized Zone). All unrecognized IP packets from the Internet can be

forwarded to a specific computer on the intranet.

 Multiple public IP addresses support. An ISP may provide several public IP

addresses to a customer. The IWE3200-H can map each of the public IP addresses to

a host with a private IP address on the intranet.

 H.323 passthrough. Passing H.323 packets through the intranet-Internet boundary

so that users on the intranet can use VoIP (Voice over IP) applications.

 MSN Messenger support. Supporting Microsoft MSN Messenger for chat, file

transfer, and real-time communication applications.

 Session monitoring. Latest 50 incoming sessions and 50 outgoing sessions are

shown for monitoring user traffic.

z DSL/Cable Modem Support. Supporting dynamic IP address assignment by PPPoE

(Point-to-Point Protocol over Ethernet) or DHCP and static IP address assignment.

 Multiple DSL/Cable connections support. Supporting up to 4 DSL/cable-based

Internet connections. All outgoing traffic load from the internal network is shared among
the multiple Internet connections, so that total outgoing throughput is increased.

z Network Security

 Packet address and port filtering. Filtering outgoing packets based on IP address and

port number. (Incoming packet filtering is performed by NAT.)

 URL filtering. Preventing client users from accessing unwelcome Web sites. The HTTP

(HeperText Transfer Protocol) traffic to the specified Web sites identified by URLs (Uni­versal Resource Locators) is blocked.

 WAN ICMP requests blocking. Some DoS (Denial of Service) attacks are based on

ICMP requests with large payloads. Such kind of attacks can be blocked.

 Stateful Packet Inspection (SPI). Analyzing incoming and outgoing packets based on

a set of criteria for abnormal content. Therefore, SPI can detect hacker attacks, and can
summarily reject an attack if the packet fits a suspicious profile.

4

 Wireless-to-Ethernet-LAN traffic blocking. Traffic between the wireless interface

and the Ethernet LAN interface can be blocked.

z Changeable MAC Address of the Ethernet WAN Interface. Some ADSL modems work

only with Ethernet cards provided by the ISP. If IWE3200-H is used in such an environment,

the MAC address of the WAN interface of the Router has to be changed to the MAC address of
the ISP-provided Ethernet network card.

z SNTP. Support for absolute system time by SNTP (Simple Network Time Protocol).

z Dynamic DNS. Support for dynamic DNS services provided by dyndns.org and no-ip.com, so

that the access Router can be associated with a domain name even if it obtains an IP address dy­namically by PPP, PPPoE or DHCP.

z LAN Device Management. The access Router can pass management requests from the Inter-

net through its built-in NAT server to devices on the private network. As a result, network de­vices (such as access points) behind the NAT server can be managed from the Internet. In this
way, the access Router acts as a management proxy for the LAN devices.

z Firmware Tools

 Firmware upgrade. The firmware of the IWE3200-H can be upgraded, so that more fea-

tures can be added in the future.

 TFTP-based. Upgrading firmware by TFTP (Trivial File Transfer Protocol).
 HTTP-based. Upgrading firmware by HTTP (HeperText Transfer Protocol).

 Configuration backup. The configuration settings of the IWE3200-H can be backed up

to a file via TFTP for later restoring.

z Management

 Web-based Network Manager for configuring and monitoring the IWE3200-H. The

management protocol is HTTP (HeperText Transfer Protocol)-based. The management
protocol is HTTP-based. The access Router can be configured to be managed

 Only from the LAN side.
 Both from the LAN side and WAN side.
 Only from the WAN side.

5

In addition, it can also be configured to accept management commands only from specific
hosts.

 UPnP. The access Router responds to UPnP discovery messages so that a Windows XP

user can locate the access Router in My Network Places and use a Web browser to config­ure it.

 SNMP. SNMP (Simple Network Management Protocol) MIB I, MIB II, IEEE 802.1d,

IEEE 802.1x, Private Enterprise MIB are supported.

 System log. For system operational status monitoring.

 Local log. System events are logged to the on-board RAM of the access Router and

can be viewed using a Web browser.

 Remote log by SNMP trap. Systems events are sent in the form of SNMP traps to

a remote SNMP management server.

z LAN/WAN Configurable Ethernet Switch Ports. The IWE3200-H provides a 4-port

Ethernet switch so that a stand-alone Ethernet hub/switch is not necessary for connecting
Ethernet client computers to the Router. These Ethernet ports can be configured as WAN ports
for multiple DSL/cable-based Internet connections support.

z Hardware Watchdog Timer. If the firmware gets stuck in an invalid state, the hardware

watchdog timer will detect this situation and restart the IWE3200-H. Accordingly, the
IWE3200-H can provide continuous services.

z Configuration Reset. Resetting the configuration settings to factory-set values.

6

1.3. LED Definition

z PWR : Power
z ALV : Alive. Blinks when the IWE3200-H is working normally.
z RF : IEEE 802.11b/g interface activity
z WAN/LAN : Ethernet WAN/LAN interface activity

Fig. 1. LED Indicator.

1.4. Feature Comparison

IEEE 802.11 AP functionality
IEEE 802.1x
SNMP IEEE 802.1x MIB
Wireless client isolation
AP load balancing

IWE3200-H0S36X

Wired Advanced

IWE3200-H9S36X

Wireless Advanced

■

■

■

■

■

7

2. First-Time Installation and Configuration

2.1. Selecting a Power Supply Method

The IWE3200-H can be powered by either the supplied AC power adapter or the optional
IWE500-INJ POE Power Injector. The IWE3200-H automatically selects the suitable power de-

pending on your decision.

To power the IWE3200-H by the supplied power adapter:

1. Plug the power adapter to an AC socket.

2. Plug the connector of the power adapter to the power jack of the IWE3200-H.

NOTE:

To power the IWE3200-H by IWE500-INJ Power Injector:

1. Connect the power cord cable from power outlet to the IWE500-INJ power connector.

2. Check the “POWER” LED: if system is normal, the LED will be on (Green light); otherwise, the

3. Connect the Ethernet cable (RJ-45 Category 5) from Ethernet Hub/Switch to the “DATA IN”

This product is intended to be power-supplied by a Listed Power Unit, marked “Class 2”
or “LPS” and output rated “12V DC, 1.25 A minimum” or equivalent statement.

To Power Ou tlet

Fig. 2. Connecting the power cord cable to IWE500-INJ.

“POWER” LED will be off.

port of IWE500-INJ Power Injector.

4. Connect another Ethernet cable (RJ-45 Category 5) from “POWER & DATA OUT” port of the

IWE500-INJ Power Injector to the IWE3200-H. Please note the indication on the panel of
POE-enabled RJ45 port of IWE3200-H (LAN interface #4).

Fig. 3. POE enabled LAN Port Position.

8

Fig. 4. Connecting Ethernet cables to IWE500-INJ.

5. Check the “ACTIVE” LED: if power is successfully fed into the IWE3200-H, the “ACTIVE”

LED will be on (Red light); otherwise, the “ACTIVE” LED will be off.

6. If the electricity current is over the normal condition (Io＞1.0 A), the “ACTIVE” LED will flash

(Red light).

IWE500-INJ is specially designed for IWE3200-H. The use of IWE500-INJ with other

NOTE:

Ethernet-ready devices that are not compliant to IEEE 802.3af may cause damage to the
devices.

2.2. Mounting the IWE3200-H on a Wall

The IWE3200-H is wall-mountable.

1. Stick the supplied sticker for wall-mounting.

2. Use a

3. Plug in a supplied plastic conical anchor in each hole.

4. Screw a supplied screw in each plastic conical anchor for a proper depth so that the IWE3200-H

5. Hang the IWE3200-H on the screws.

φ6.5mm driller to drill a 25mm-deep hole at each of the cross marks.

can be hung on the screws.

Fig. 5. Mounting the IWE3200-H on a wall.

9

2.3. Preparing for Configuration

To configure a IWE3200-H, a managing computer with a Web browser is needed. For first-time con­figuration of a IWE3200-H, an Ethernet network interface card (NIC) should have been installed in
the managing computer. For maintenance-configuration of a deployed IWE3200-H, either a wireless

computer or a wired computer can be employed as the managing computer.

If “Opera” browser is used to configure an IWE3200-H, click the menu item File, click

NOTE:

Since the configuration/management protocol is HTTP-based, you have to make sure that the IP ad-

dress of the managing computer and the IP address of the managed IWE3200-H are in the same IP
subnet (the default IP address of an AP is 192.168.0.1 and the default subnet mask is 255.255.255.0.)

Preferences... click File types, and edit the MIME type, text/html, to add a file exten-

sion “.sht” so that Opera can work properly with the Web management pages of the

IWE3200-H.

2.3.1. Connecting the Managing Computer and the
IWE3200-H

To connect the managing computer and the IWE3200-H for first-time configuration, you have two

choices as illustrated in Fig. 6.

Fig. 6. Connecting a managing computer and an IWE3200-H via Ethernet.

You can use either a cross-over Ethernet cable (included in the package) or a switch/hub with 2

straight-through Ethernet cables.

NOTE:

One connector of the Ethernet cable must be plugged into the LAN Ethernet port of the

IWE3200-H for configuration.

10

2.3.2. Changing the TCP/IP Settings of the Managing
Computer

Use the Windows Network Control Panel Applet to change the TCP/IP settings of the managing
computer, so that the IP address of the computer and the IP address of the IWE3200-H are in the
same IP subnet. Set the IP address of the computer to 192.168.0.xxx.

NOTE:

For some versions of Windows, the computer needs to be restarted for the changes of
TCP/IP settings to take effect.

2.4. Configuring the IWE3200-H

The IWE3200-H is DHCP server enabled by default. After the IP addressing is configured, launch a
Web browser on the managing computer. Then, go to “http://192.168.0.1” to log on to the
IWE3200-H for Web-based management.

For maintenance configuration, the IWE3200-H can be reached by its host name using a

TIP:

2.4.1. Entering the User Name and Password

Before the Home page is shown, you will be prompted to enter the user name and password to gain
the right to access the Web-based Network Manager. For first-time configuration, use the default user

name “root” and default password “root”, respectively.

Web browser. For example, if the IWE3200-H is named “AP”, you can use the URL
“http://AP” to access the Web-based management interface of the IWE3200-H.

NOTE:

Fig. 7. Entering the user name and password.

It is strongly recommended that the password be changed to other value for security rea­sons. (See Section 2.10.2 for more information).

11

On the Home page, click the SETUP WIZARD to quickly change the configuration of the gateway.

Fig. 8. The Home Page.

2.4.2. SETUP WIZARD Step 1: Selecting an Operational
Mode

Fig. 9. Operational modes.

12

2.4.3. SETUP WIZARD Step 2: Configuring TCP/IP Settings

2.4.3.1. Router with a PPPoE-Based DSL/Cable Connec­tion

Fig. 10. TCP/IP settings for Router with a PPPoE-Based DSL/Cable Connection mode.

In this mode, two IP addresses are needed—one for the Ethernet LAN interface and the other for the

WAN interface. The LAN IP address must be set manually to a private IP address, say 192.168.0.xxx.
The default LAN IP address is 192.168.0.1 and the default subnet mask is 255.255.255.0. In most

cases, these default settings need no change.

As for the WAN IP address, it is obtained automatically by PPPoE from the ISP. Consult your ISP for

the correct User name, Password, and Service name settings.
The Trigger mode setting specifies the way a PPPoE connection is established. Your PPPoE connec-

tion can be established and torn down manually (Manual) by clicking the Connect and Disconnect
buttons on the Start page, respectively. Or you can choose to let the device automatically (Auto) es-
tablish a PPPoE connection at boot-up time. In Auto mode, if the connection is disrupted, the device

will try to re-establish the broken connection automatically.

2.4.3.2. Router with a DHCP-Based DSL/Cable Connec­tion

Fig. 11. TCP/IP settings for Router with a DHCP-Based DSL/Cable Connection mode.

In this mode, two IP addresses are needed—one for the Ethernet LAN interface and the other for the

WAN interface. The LAN IP address must be set manually to a private IP address, say 192.168.0.xxx.

13

The default LAN IP address is 192.168.0.1 and the default subnet mask is 255.255.255.0. In most

cases, these default settings need no change.

As for the WAN IP address, it is obtained by DHCP from the ISP. The Trigger mode setting affects
the behavior of the DHCP client of the Router. In Auto mode, you don’t have to worry about the
DHCP process; the device takes care of everything. In Manual mode, there are two buttons on the
Start page for you to manually release an obtained IP address (Release) and re-obtain a new one from
a DHCP server (Renew).

2.4.3.3. Router with a Static-IP DSL/Cable Connection

Fig. 12. TCP/IP settings for Router with a Static-IP DSL/Cable Connection mode.

In this mode, two IP addresses are needed—one for the Ethernet LAN interface and the other for the

WAN interface. The LAN IP address must be set manually to a private IP address, say 192.168.0.xxx.
The default LAN IP address is 192.168.0.1 and the default subnet mask is 255.255.255.0. In most

cases, these default settings need no change.

As for the WAN IP address, it must be manually set. Consult your ISP for the correct IP address,
Default Router, Subnet mask, Primary DNS server, and Secondary DNS server settings.

2.4.3.4. Router with a Multiple DSL/Cable Connections

14

Fig. 13. TCP/IP settings for Router with Multiple DSL/Cable Connections mode.

Since the Internet connection can be PPPoE-based, DHCP-based, or Static-IP-based, the addressing

settings of each WAN interface are the same as those of Router with a PPPoE-Based DSL/Cable

Connection, DHCP-Based DSL/Cable Connection, or Router with a Static-IP DSL/Cable Con­nection, respectively. As a result, refer to Sections 2.4.3.1, 2.4.3.2, and 2.4.3.3 for more information.

2.4.4. SETUP WIZARD Step 3: DHCP Server Settings

Fig. 14. DHCP Server Setting

The IWE3200-H can automatically assign IP addresses to client computers by DHCP. You can spec-

ify the first IP address that will be assigned to the clients and the number of allocatable IP addresses.

In most cases Default gateway and Primary DNS server should be set to the IP address of the
Router’s LAN interface (e.g., the default LAN IP address is 192.168.0.1 and the Subnet mask is set
to 255.255.255.0.)

Fig. 15. DHCP Relay Setting

When functionality is set to DHCP Relay, the IWE3200-H would not assign any IP address to the

clients. It forwards the received DHCP requests from the clients to the designate DHCP server.

2.4.5. SETUP WIZARD Step 4: Configure IEEE 802.11 Set­tings

Fig. 16. IEEE 802.11b communication settings.

The number of available RF channels depends on local regulations; therefore you have to choose an
appropriate regulatory domain to comply with local regulations. The SSID of a wireless client com-

15

puter and the SSID of the wireless access Router must be identical for them to communicate with each
other.

2.4.6. Configuring User Authentication Settings

The IWE3200-H supports both Web redirection-based and non-802.1x-based user and IEEE

802.1x-based user authentication.

After the IP addressing settings have been set using SETUP WIZARD, you have to configure Web
redirection settings and/or IEEE 802.1x settings for wireless user authentication.

When both Web redirection and IEEE 802.1x are enabled, the authentication process will first tried

IEEE 802.1x and then Web Redirection. In this way, the wireless access router can serve both IEEE

802.1x-enabled and IEEE 802.1x-disabled wireless users.

2.4.6.1. Web Redirection

To setup Web redirection-based user authentication, go to the AAAÆWeb Redirection. section for

configuration. There are three combinations for Web Redirection and Authentication method:

1. Enable with Authentication – Enable both Web-Redirection and user Authentication mechanism.

Fig. 17. Web redirection settings – Enable with Authentication

1.1. Encryption Method:

1.1.1. 401 Authorization: Logon page on Pop-up window.

1.1.2. CGI with Plain Code: Logon page on web browser, username/password without

encryption (plain text).

1.1.3. CGI with Base64: Logon page on web browser, username/password with

Base64 encryption.

1.1.4. CGI with SSL: Logon page on web browser, username/password with SSL en-

cryption.

1.2. Authentication protocol:

1.2.1. RADIUS: Authentication by external RADIUS server.

1.2.2. Local Accounts: Authentication by local database, associated with ticket print-

ing.

1.3. RADIUS authentication method:

1.3.1. EAP-MD5

16

1.3.2. PAP

1.3.3. CHAP

2. Enable without Authentication – Enable only the Web-Redirection, but disable the user Authenti-

cation mechanism. User will automatically redirect to the destination web page if the URL indi­cated.

Fig. 18. Web redirection settings – Enable without Authentication

3. Disable – Disable all Web-Redirection mechanisms.

2.4.6.2. Local Authentication Sever

The IWE3200-H supports the local Authentication Sever for some hotspot venues where standard

RADIUS or Billing server(s) is difficult to be implemented. The local Authentication Server contains

the built-in database for 2,000 user entries.

To setup the Local Authentication method:

1. Go to the section AAAÆWeb Redirection, in ‘Functionality’ of ‘Basic’ column, select ‘En-

able with Authentication’.

2. In ‘Authentication protocol’, select ‘Local Accounts’.

Fig. 19. Local Authentication Server Settings

3. Go to the AAAÆTicket Setting to setup the billing information. In the Ticket Setting page, the

information reflects the billing information is the ‘Monetary Unit’ and the ‘Amount of Money

Per Unit’, while the information reflects the user permitted access time frame is ‘Unit of Ses­sion Time (min)’ and ‘Valid period (hour)’. The reset of the settings is for ticket format cus-

tomization, you can specify the appropriate content which reflected the information of hotspot
venues to be shown on the ticket content. Detail billing setting is described as below:

 Monetary Unit: to define the unit of currency, e.g., input ‘USD’ for US Dollars or

‘EURO‘ for Euro Dollars. The currency unit will also shown on the billing ticket.

 Amount of Money Per Unit: to define the money to be charged per unit, which is used

with the input unit by the control keypad. For example, if the per unit charged money is 50
and the control keypad is input to be 5 (units), then the total money to be charged to the
user is 50 x 5 = 250. Default is ‘10’ per unit.

 Unit of Session time (min): to define the time frame (by min) of the user to access the

17

Internet , which is used with the input unit by the control keypad. For example, if the per
unit time is 50 (min) and the control keypad is input to be 5 (units), then the total available
access time frame of the user is 50 x 5 = 250 (min). Default is ‘1’ min.

 Valid period (hour): to define the valid period (by hour) while the user account generated.

If the user account generated but not activated during the valid period, the gateway will
automatically disable the user after the valid period expired. Default is ‘1’ hour.

Fig. 20. Ticket Setting

4. Go to the section STATUSÆAccount Table, there are four buttons for management the ac-

count table. Input the user name and password then press ‘Add’ button to generate the new local
user. Input the user name then press ‘Delete’ button to remove the user from the account table.
“Clean Table’ button uses to remove all user accounts. “Table Defragment” button provides to

remove accounts with inactive state. The local user account can be also generated by the control
keypad, see Sec. 2.4.7.3 for more details.

Fig. 21. Local User Database Management

5. All the status of generated local users will show in the ‘Account Table List’. The account table

list also includes the accounts which are randomly generated by the gateway as using the control
keypad. The user must use the generated username and password for access logon process.
There are 4 type status of each user account:

 Register: to show the generated user who has not yet logon and been activated.
 Active: the generated user who has successfully logon and access the Internet. The MAC

address and Login Time of the activated user will be also shown while user has been acti­vated.

18

 Inactive: to show the user account that access time frame expired, or ‘Valid Period’ ex-

pired.

 Permanent: to show the user account that would never expire. The state for the user ac-

counts which created by manual would be permanent. This kind of account would not have
any information for the session time and cost

Fig. 22. Account Table List

2.4.6.3. How to Setup the mini-POS Ticket Printer

The IWE3200-H supports the built-in user database for local authentication, this function also associ-

ates the optional external mini-POS Ticket Printer for billing printing purpose. The benefit of the
built-in user database is to provide the flexibility that there may some hotspot venues without the ca­pability to setup the complete RADIUS environment for user authentication. More over, the external
control keypad also can play the role to control the ticket printing and gateway control without addi­tion control PC required, hence reduce the cost of hotspot venue deployment.

To setup the mini-POS Ticket Printer:

1. Find the ‘Y-cable’ in the package of IWE810-POS mini-POS Ticket Printer.

2. Use the ‘Y-cable’ to connect the IWE3200-H, IWE810-POS, and the control keypad. Make

sure the Y-cable is well connected to the interface correctly.

3. Power on the IWE810-POS. To make sure the IWE810-POS is in good condition, you can

print out the testing ticket by holding the ‘FEED’ button on the IWE810-POS then power on.

The test ticket will be automatically printed.

The usage of control keypad:

1. Press the digit key on the control keypad to input the access ‘unit’.

2. The input ‘unit’ value will be only effected after user press the ‘Enter’ button on the keypad. For

example, if a new user need to be generated 30 units of access time frame, the key input must be

3. If there’s the type error, just leave the control keypad for 4sec before pressing the ‘Enter’ button,

then the keypad will automatically clear and renew the previous input value.

4. After pressing the ‘Enter’ button on the control keypad, the new local account will be automati-

cally generated, and the billing ticket will be printed simultaneously. The content of the ticket is

19