Step 1Configure your RADIUS server to use the "Billing-Class-of-Service" attribute as
defined in the WISPr vendor specific attribute set (see appendix: Vendor Specific Attributes). If this BCoS attribute is set to the value "visitor_access" during the
authentication response, the AC will allow routing between the WLAN port and the
LAN port for this specific user.
Step 2 Use the system | access | NAV menu and enable visitoraccess function on ixp0
(LAN).
Such a user (visitor) will have employee access rights and access to servers running in the LAN (see
Figure 146 – User Access, employee traffic). In other words, the P-560 controls the client’s access to
the LAN via RADIUS attributes specifically addressing which clients are allowed to connect to the
LAN.
Visitor access on selected interface can only function with enabled
authentication. RADIUS server should authenticate the user, in order to control
user’s access to LAN.
If authentication is on enabled (visitor access enabled) user only receives the access to the Internet
independently from his/her access rights.
System | Access | SNMP
SNMP is the standard protocol that regulates network management over the Internet. With enabled
SNMP service Hotspot-in-a-Box can act as SNMP agent. To communicate with SNMP manager you
must set up the same SNMP communities and identifiers on both ends: manager and agent. For more
information about SNMP see Chapter 6 – SNMP Management.
Use the system | access | SNMP menu to enable/disable SNMP service or change current SNMP
configuration on your P560 controller.
Gemtek Systems Page 101
User’s Guide Chapter 7 – Reference Manual
Figure 147 – SNMP Settings
SNMP Table:
SNMP Service – enable or disable SNMP service on AC [enabled/disabled]. By default SNMP service
is enabled. With service enabled the AC acts as the SNMP agent.
If enabled, then device can be configured via SNMP:
SNMP Name – An administratively assigned name for this managed node [0-99 any string]. By
convention, this is the node’s fully qualified domain name.
SNMP Location – The physical location of this node (e.g., `telephone closet, 3rd floor') [0-99 any
string].
SNMP Contact – The textual identification of the contact person for this managed node, together with
information on how to contact this person [0-99 any string].
SNMP Read-Only Community – Community name is used in SNMP version 1 and version 2c. Readonly (public) community allows reading values, but denies any attempt to change values [1-32 all
ASCII printable characters, no spaces].
SNMP Read-Write Community – Community name is used in SNMP version 1 and version 2c.
Read-write (private) community allows to read and (where possible) change values [1-32 all ASCII
printable characters, no spaces].
Default Trap Community Name – The default SNMP community name used for traps without
specified communities. The default community by most systems is "public". The community string
must match the community string used by the SNMP network management system (NMS) 1-32 all
ASCII printable characters, no spaces].
Authentication Failure Taps Generation – select [enable/disable] getting the authentication failure
traps from your AC.
Gemtek Systems Page 102
User’s Guide Chapter 7 – Reference Manual
SNMP Users Table:
SNMP Users table is only used for SNMP v3.
SNMP Users – Users are used in SNMP version 3. They have the same access rights as
communities, but instead of a single community name there are user name and password. Strong
encryption is supported in SNMPv3.
UserName – enter user name for read-only (RO) or read-write (RW) SNMP access [1-32 all ASCII
printable characters, no spaces].
Password – enter password for read-only (RO) or read-write (RW) SNMP access [8-32 all ASCII
characters, no spaces].
SNMP Proxies Table:
SNMP Proxies – SNMP proxy configuration specifies that any incoming SNMP requests can be send
to another host. SNMP proxy can be configured in such a way that can proxy only specified SNMP
request under specific OID (OID local). Click the new button to create SNMP proxy:
Figure 148 – Add SNMP Proxies
ContextName – enter the context name for SNMP proxy rule between client and AC. Context name
only works with SNMP v3. If a "context name" is specified, it assigns the proxy rule to a particular
context name within the local agent [1-32 all ASCII printable characters, no spaces]:
P-560
WAN
Administrator
SNMP v3
with Context Name
LAN
SNMP v1/v2c
Figure 149 – SNMP and Content Name
This is the proper way to query multiple SNMP agents through a single proxy. Assign each remote
agent to a different context name. Then you can use "snmpwalk -n contextname1" to walk one
remote proxied agent and "snmpwalk -n contextname2" to walk another, assuming you are using
SNMPv3 to talk to the proxy (snmpv1 and snmpv2c context mappings aren’t currently supported but
might be in the future) (see the Figure 149 – SNMP and Content Name).
Type – select SNMP version for SNMP proxy rule between AP and AC [v1/v2c].
Community Name – enter community name for communicating with the host (see Figure 149 –
SNMP and Content Name, the host is AP in this case) [1-32 all ASCII printable characters, no
spaces].
Gemtek Systems Page 103
User’s Guide Chapter 7 – Reference Manual
IPAddress – specify the host address (AP in our case) to which any incoming requests should be resent [dots and digits].
OIDLocal – enter Object Identifier (OID) of MIB tree if you want to proxy only the specified SNMP
requests under the specific OID in the MIB tree. That part is specified by OID local tree [optional,
number and dots].
OIDTarget – Optionally, you can relocate the "OIDlocal” tree to the new location at the "OIDtarget"
If no OID is specified all SNMP request to the controller will be redirected to a
specific host.
SNMP Trap Table:
You can configure your SNMP agent to send SNMP Traps (and/or inform notifications) under the
defined host (SNMP manager) and community name (optional).
Type – select trap message type [v1/v2/inform].
Host – enter SNMP manager IP address [dots and digits].
Community Name – specify the community name at a SNMP trap message. This community will be
used in trap messages to authenticate the SNMP manager. If not defined, the default trap community
name will be used (specified in the SNMP table) [1-32 all ASCII printable characters, no spaces].
Port – enter the port number the trap messages should be send through [number].
System | Status
Use the system | status menu to check the P-560 current status:
Firmware Version – the current version of the firmware.
Device Status – current device status: running/warning.
Gemtek Systems Page 104
User’s Guide Chapter 7 – Reference Manual
CurrentlyConnectedAdministrators – logged administrators list in format: [administrator name, IP
address, and idling time in hours/minutes/seconds].
Uptime – indicates the time, expressed in days, hours and minutes since the system was last
rebooted [days/hours/minutes/seconds].
SoftwareRuntime – indicates the time, expressed in days, hours and minutes since the software
reboot. The system itself can restart the software without rebooting the device
[days/hours/minutes/seconds].
Total Memory – total operational memory of your P-560 [kB].
Free Memory – indicates the memory currently available in the controller [kB].
Average Load – indicates the average load of the P-560 processor in the period of the last 1minute,
5 minutes and 15 minutes (a larger value means a larger average load on the processor).
Minimum load – 0.0
Normal load – should not exceed 1.0 (including)
Processor is busy – more than 1.00.
Connected Clients Number – total number of current connected clients on WAN interface. Click on
the settings and get detailed connected clients list (clients page under the connection | user):
Figure 151 – Connected Clients Detailed List
Connected Clients Input Bytes – current connected clients’ total Input bytes [K, KB, MB, GB].
Connected Clients Output Bytes – current connected clients’ total Output bytes [K, KB, MB, GB].
WAN interface (ixp1) (including the IP address, netmask, gateway, MAC address of the WAN
interface, DNS servers, RX/TX statistics)
Figure 152 – WAN Interface Statistics
RX – indicates data volume received on the WAN interface since reboot.
TX – indicates data volume transmitted to the WAN interface since reboot.
Wireless LANinterface (eth0) (including the IP address, netmask, MAC address of the WLAN
interface, RX/TX statistics)
Gemtek Systems Page 105
User’s Guide Chapter 7 – Reference Manual
Figure 153 – LAN Interface Statistics
RX – indicates data volume received on the WLAN interface since reboot.
TX – indicates data volume transmitted to the WLAN interface since reboot.
LAN interface (ixp0) (including the IP address, netmask, MAC address of the LAN interface,
RX/TX statistics)
RX – indicates data volume received on the WLAN interface since reboot.
TX – indicates data volume transmitted to the WLAN interface since reboot.
Services (all services list with its status: enabled/disabled)
Services are displayed as a link to the respective menu where status can be
configured.
Refresh – click the button to refresh device status statistics.
Gemtek Systems Page 106
User’s Guide Chapter 7 – Reference Manual
System | Reset
Check the Factory defaults values in the Appendix section: B) Factory Defaults
If you need to reboot your device or reset to factory defaults select the system | reset menu:
Figure 154 – Reset and Reboot
Reset – reset device to factory default values.
Reboot – reboot device with the last saved configuration.
for the Access Controller.
Keep in mind that resetting the device is an irreversible process.
Please note that even the administrator password will be set back to the factory
default.
Gemtek Systems Page 107
User’s Guide Chapter 7 – Reference Manual
System | Update
Check for new product updates at the Gemtek Systems website:
To update your device firmware, use only the original firmware image and under system | update
menu click the upload button:
Figure 155 – Firmware Update
Specify the full path to the new firmware image and click the upload button:
http://www.gemtek-systems.com
Figure 156 – New Firmware Upload
Firmware Image – enter the firmware image using the full path.
Browse – click the button to specify the new image location.
Upload – upload with new firmware.
Cancel – cancel the upload process.
New firmware image is uploaded into the controller. Now you need to upload this new firmware into
the controller’s FLASH memory, click the flash button:
Figure 157 – Flash New Image
Flash – flash new image, reboots the system.
Do not switch off and do not disconnect the P-560 from the power supply during the
firmware update process because the device could be damaged.
Firmware auto-update:
Auto-update function allows update device firmware automatically. This function will help for large
enterprises, having hundreds of AC's, to keep them up to date.
Gemtek Systems Page 108
User’s Guide Chapter 7 – Reference Manual
Figure 158 – Firmware Auto-update Configuration
Status - defines if auto-update is enabled or disabled. Default value disabled.
Update URL - defines where firmware should be downloaded from. It points directly to firmware
update file. URL should be accessible without any user authentication. URL can use HTTP, HTTPS
and FTP protocols. Default value - empty string.
Update interval – time interval between each update in hours [1-9999]. Time is counted from last
device boot-on. Default value is 48 hours.
Delay – delays update process by given amount of hours. This should prevent from getting hundreds
requests for firmware download at the same time [0-24]. Default value is 0.
Save - save new firmware auto-update settings.
On boot auto-update feature checks for available updates on specified server at
given URL. If there is different version - device downloads, installs firmware update
and reboots. If firmware version matches current version on device - no update
takes place.
Gemtek Systems Page 109
User’s Guide Chapter 7 – Reference Manual
Connection
Use the connection menu to view the connected user’s statistics, set outgoing mail server or observe
the connected station availability.
Figure 159 – Connection Menu
Connection | Users
The users menu is for viewing the connected users’ statistics. Also ability to logoutuser from the
system is implemented here:
Figure 160 – Users’ Statistics
The users’ statistics parameters are as follows:
No – number of the user’s session connection.
User – username of the connected client.
Interface – name of interface, through which client is connected [eth0/ixp0].
User IP – IP address, from which the user’s connection is established. Address is presented in digits
and dots notation.
Session Time - session duration since the user login.
Idle Time - amount of user inactivity time [hours: minutes: seconds].
Details – click on user details to get more information about the client:
Figure 161 – User’s Details
User – the username of the connected client.
Gemtek Systems Page 110
User’s Guide Chapter 7 – Reference Manual
Interface – name of interface, through which client is connected.
User IP – IP address, from which the user’s connection is established. Address is presented in digits
and dots notation.
MAC Address – hardware address of the network device from which the user is connected.
Authentication mode – authentication method which user uses to connect.
WISP – WISP domain name where the user belongs.
Session ID – the unique user’s session ID number. This can be used for troubleshooting purposes.
Session Time – session time duration since user login [hours: minutes: seconds/unlimited].
Remaining Time – remaining user’s session time [hours: minutes: seconds/unlimited]. Session time
for user is defined in the RADIUS server.
Idle Time - amount of user inactivity time [hours: minutes: seconds].
Input Bytes - amount of data in bytes, which the user network device has received [Bytes].
Output Bytes - amount of data in bytes, transmitted by the user network device [Bytes].
can define the user session in bytes. Remaining bytes is received from RADIUS [Bytes/unlimited].
Bandwidth downstream/upstream – user upstream and downstream bandwidth [in bps].
Back – returns to connected client’s statistics list.
Logout User – click this button to explicitly logout user from the network.
Refresh – click the button to refresh users’ statistics.
Gemtek Systems Page 111
User’s Guide Chapter 7 – Reference Manual
Connection | E-mail Redirection
The outgoing mail (SMTP) server redirection is performed using the e-mail redirection menu. By
default such redirection settings is displayed:
Figure 162 – E-mail Redirection Settings
Click the edit button to specify your outgoing mail server settings.
Figure 163 – Edit E-mail Redirection
Status – enable/disable e-mail redirection function.
Host – SMTP server address where to redirect the outgoing clients e-mails [enter host name or host IP address].
Port – port number [number, by default: 25].
Save – save new e-mail redirection settings.
Connection | Station Supervision
The stationsupervision function is used to monitor the connected host station availability. This
monitoring is performed with ping. If the specified number of ping failures is reached (failure count),
the user is logged out from the AC.
Figure 164 – Station Supervision
To adjust the ping interval/failure count, click the Edit button.
Figure 165 – Edit Station Supervision
Interval – define interval of sending ping to host [in seconds].
Failure Count – failure count value after which the user is logged out from the system.
Save – save station supervision settings.
Cancel – cancel changes.
Gemtek Systems Page 112
User’s Guide Appendix
Appendix
A) Access Controller Specification
Technical Data
Wireless
Standard
Data Rate
Client Stations
Typical range 50 meters in indoor environments, up to 300m outdoors
Transmit Power Max. 17 dBm (EIRP)
Antennas Two 2dBi dipole antennas with space diversity, SMA connectors.