GemTek Technology AP930621G Users Manual

User’s Guide Chapter 7 – Reference Manual
Employees Traffic
Visitor Traffic
Internal Servers
Employe
LAN
WAN
P-560
Internet Router
Visitor
Figure 146 – User Access
Step 1 Configure your RADIUS server to use the "Billing-Class-of-Service" attribute as
defined in the WISPr vendor specific attribute set (see appendix: Vendor Specific Attributes). If this BCoS attribute is set to the value "visitor_access" during the authentication response, the AC will allow routing between the WLAN port and the LAN port for this specific user.
Step 2 Use the system | access | NAV menu and enable visitor access function on ixp0
(LAN).
Such a user (visitor) will have employee access rights and access to servers running in the LAN (see Figure 146 – User Access, employee traffic). In other words, the P-560 controls the client’s access to the LAN via RADIUS attributes specifically addressing which clients are allowed to connect to the LAN.
Visitor access on selected interface can only function with enabled authentication. RADIUS server should authenticate the user, in order to control
user’s access to LAN.
If authentication is on enabled (visitor access enabled) user only receives the access to the Internet independently from his/her access rights.
System | Access | SNMP
SNMP is the standard protocol that regulates network management over the Internet. With enabled SNMP service Hotspot-in-a-Box can act as SNMP agent. To communicate with SNMP manager you
must set up the same SNMP communities and identifiers on both ends: manager and agent. For more information about SNMP see Chapter 6 – SNMP Management.
Use the system | access | SNMP menu to enable/disable SNMP service or change current SNMP configuration on your P560 controller.
Gemtek Systems Page 101
User’s Guide Chapter 7 – Reference Manual
Figure 147 – SNMP Settings
SNMP Table:
SNMP Service – enable or disable SNMP service on AC [enabled/disabled]. By default SNMP service
is enabled. With service enabled the AC acts as the SNMP agent.
If enabled, then device can be configured via SNMP:
SNMP Name – An administratively assigned name for this managed node [0-99 any string]. By convention, this is the node’s fully qualified domain name.
SNMP Location – The physical location of this node (e.g., `telephone closet, 3rd floor') [0-99 any string].
SNMP Contact – The textual identification of the contact person for this managed node, together with information on how to contact this person [0-99 any string].
SNMP Read-Only Community – Community name is used in SNMP version 1 and version 2c. Read­only (public) community allows reading values, but denies any attempt to change values [1-32 all ASCII printable characters, no spaces].
SNMP Read-Write Community – Community name is used in SNMP version 1 and version 2c. Read-write (private) community allows to read and (where possible) change values [1-32 all ASCII printable characters, no spaces].
Default Trap Community Name – The default SNMP community name used for traps without specified communities. The default community by most systems is "public". The community string must match the community string used by the SNMP network management system (NMS) 1-32 all ASCII printable characters, no spaces].
Authentication Failure Taps Generation – select [enable/disable] getting the authentication failure traps from your AC.
Gemtek Systems Page 102
User’s Guide Chapter 7 – Reference Manual
SNMP Users Table:
SNMP Users table is only used for SNMP v3.
SNMP Users – Users are used in SNMP version 3. They have the same access rights as
communities, but instead of a single community name there are user name and password. Strong encryption is supported in SNMPv3.
User Name – enter user name for read-only (RO) or read-write (RW) SNMP access [1-32 all ASCII printable characters, no spaces].
Password – enter password for read-only (RO) or read-write (RW) SNMP access [8-32 all ASCII characters, no spaces].
SNMP Proxies Table:
SNMP Proxies – SNMP proxy configuration specifies that any incoming SNMP requests can be send
to another host. SNMP proxy can be configured in such a way that can proxy only specified SNMP request under specific OID (OID local). Click the new button to create SNMP proxy:
Figure 148 – Add SNMP Proxies
Context Name – enter the context name for SNMP proxy rule between client and AC. Context name only works with SNMP v3. If a "context name" is specified, it assigns the proxy rule to a particular context name within the local agent [1-32 all ASCII printable characters, no spaces]:
P-560
WAN
Administrator
SNMP v3 with Context Name
LAN
SNMP v1/v2c
Figure 149 – SNMP and Content Name
This is the proper way to query multiple SNMP agents through a single proxy. Assign each remote agent to a different context name. Then you can use "snmpwalk -n contextname1" to walk one remote proxied agent and "snmpwalk -n contextname2" to walk another, assuming you are using SNMPv3 to talk to the proxy (snmpv1 and snmpv2c context mappings aren’t currently supported but might be in the future) (see the Figure 149 – SNMP and Content Name).
Type – select SNMP version for SNMP proxy rule between AP and AC [v1/v2c].
Community Name – enter community name for communicating with the host (see Figure 149 –
SNMP and Content Name, the host is AP in this case) [1-32 all ASCII printable characters, no spaces].
Gemtek Systems Page 103
User’s Guide Chapter 7 – Reference Manual
IP Address – specify the host address (AP in our case) to which any incoming requests should be re­sent [dots and digits].
OID Local – enter Object Identifier (OID) of MIB tree if you want to proxy only the specified SNMP requests under the specific OID in the MIB tree. That part is specified by OID local tree [optional, number and dots].
OID Target – Optionally, you can relocate the "OID local” tree to the new location at the "OID target"
If no OID is specified all SNMP request to the controller will be redirected to a specific host.
SNMP Trap Table:
You can configure your SNMP agent to send SNMP Traps (and/or inform notifications) under the defined host (SNMP manager) and community name (optional).
Type – select trap message type [v1/v2/inform].
Host – enter SNMP manager IP address [dots and digits].
Community Name – specify the community name at a SNMP trap message. This community will be
used in trap messages to authenticate the SNMP manager. If not defined, the default trap community name will be used (specified in the SNMP table) [1-32 all ASCII printable characters, no spaces].
Port – enter the port number the trap messages should be send through [number].
System | Status
Use the system | status menu to check the P-560 current status:
Device statistics (including device name, model, firmware version, status, logged administrators,
general uptime, memory, load, connected clients)
Figure 150 – Device Statistics
Device Name – full device name and model.
Firmware Version – the current version of the firmware.
Device Status – current device status: running/warning.
Gemtek Systems Page 104
User’s Guide Chapter 7 – Reference Manual
Currently Connected Administrators – logged administrators list in format: [administrator name, IP address, and idling time in hours/minutes/seconds].
Uptime – indicates the time, expressed in days, hours and minutes since the system was last rebooted [days/hours/minutes/seconds].
Software Runtime – indicates the time, expressed in days, hours and minutes since the software reboot. The system itself can restart the software without rebooting the device [days/hours/minutes/seconds].
Total Memory – total operational memory of your P-560 [kB].
Free Memory – indicates the memory currently available in the controller [kB].
Average Load – indicates the average load of the P-560 processor in the period of the last 1minute,
5 minutes and 15 minutes (a larger value means a larger average load on the processor).
Minimum load – 0.0 Normal load – should not exceed 1.0 (including) Processor is busy – more than 1.00.
Connected Clients Number – total number of current connected clients on WAN interface. Click on the settings and get detailed connected clients list (clients page under the connection | user):
Figure 151 – Connected Clients Detailed List
Connected Clients Input Bytes – current connected clients’ total Input bytes [K, KB, MB, GB].
Connected Clients Output Bytes – current connected clients’ total Output bytes [K, KB, MB, GB].
WAN interface (ixp1) (including the IP address, netmask, gateway, MAC address of the WAN
interface, DNS servers, RX/TX statistics)
Figure 152 – WAN Interface Statistics
RX – indicates data volume received on the WAN interface since reboot. TX – indicates data volume transmitted to the WAN interface since reboot.
Wireless LAN interface (eth0) (including the IP address, netmask, MAC address of the WLAN
interface, RX/TX statistics)
Gemtek Systems Page 105
User’s Guide Chapter 7 – Reference Manual
Figure 153 – LAN Interface Statistics
RX – indicates data volume received on the WLAN interface since reboot. TX – indicates data volume transmitted to the WLAN interface since reboot.
LAN interface (ixp0) (including the IP address, netmask, MAC address of the LAN interface,
RX/TX statistics)
RX – indicates data volume received on the WLAN interface since reboot. TX – indicates data volume transmitted to the WLAN interface since reboot.
Services (all services list with its status: enabled/disabled)
Services are displayed as a link to the respective menu where status can be configured.
Refresh – click the button to refresh device status statistics.
Gemtek Systems Page 106
User’s Guide Chapter 7 – Reference Manual
System | Reset
Check the Factory defaults values in the Appendix section: B) Factory Defaults
If you need to reboot your device or reset to factory defaults select the system | reset menu:
Figure 154 – Reset and Reboot
Reset – reset device to factory default values.
Reboot – reboot device with the last saved configuration.
for the Access Controller.
Keep in mind that resetting the device is an irreversible process. Please note that even the administrator password will be set back to the factory
default.
Gemtek Systems Page 107
User’s Guide Chapter 7 – Reference Manual
System | Update
Check for new product updates at the Gemtek Systems website:
To update your device firmware, use only the original firmware image and under system | update menu click the upload button:
Figure 155 – Firmware Update
Specify the full path to the new firmware image and click the upload button:
http://www.gemtek-systems.com
Figure 156 – New Firmware Upload
Firmware Image – enter the firmware image using the full path.
Browse – click the button to specify the new image location.
Upload – upload with new firmware.
Cancel – cancel the upload process.
New firmware image is uploaded into the controller. Now you need to upload this new firmware into the controller’s FLASH memory, click the flash button:
Figure 157 – Flash New Image
Flash – flash new image, reboots the system.
Do not switch off and do not disconnect the P-560 from the power supply during the firmware update process because the device could be damaged.
Firmware auto-update:
Auto-update function allows update device firmware automatically. This function will help for large enterprises, having hundreds of AC's, to keep them up to date.
Gemtek Systems Page 108
User’s Guide Chapter 7 – Reference Manual
Figure 158 – Firmware Auto-update Configuration
Status - defines if auto-update is enabled or disabled. Default value disabled.
Update URL - defines where firmware should be downloaded from. It points directly to firmware
update file. URL should be accessible without any user authentication. URL can use HTTP, HTTPS and FTP protocols. Default value - empty string.
Update interval – time interval between each update in hours [1-9999]. Time is counted from last device boot-on. Default value is 48 hours.
Delay – delays update process by given amount of hours. This should prevent from getting hundreds requests for firmware download at the same time [0-24]. Default value is 0.
Save - save new firmware auto-update settings.
On boot auto-update feature checks for available updates on specified server at given URL. If there is different version - device downloads, installs firmware update and reboots. If firmware version matches current version on device - no update takes place.
Gemtek Systems Page 109
User’s Guide Chapter 7 – Reference Manual
Connection
Use the connection menu to view the connected user’s statistics, set outgoing mail server or observe the connected station availability.
Figure 159 – Connection Menu
Connection | Users
The users menu is for viewing the connected users’ statistics. Also ability to logout user from the system is implemented here:
Figure 160 – Users’ Statistics
The users’ statistics parameters are as follows:
No – number of the user’s session connection.
User – username of the connected client.
Interface – name of interface, through which client is connected [eth0/ixp0].
User IP – IP address, from which the user’s connection is established. Address is presented in digits
and dots notation.
Session Time - session duration since the user login.
Idle Time - amount of user inactivity time [hours: minutes: seconds].
Details – click on user details to get more information about the client:
Figure 161 – User’s Details
User – the username of the connected client.
Gemtek Systems Page 110
User’s Guide Chapter 7 – Reference Manual
Interface – name of interface, through which client is connected.
User IP – IP address, from which the user’s connection is established. Address is presented in digits
and dots notation.
MAC Address – hardware address of the network device from which the user is connected.
Authentication mode – authentication method which user uses to connect.
WISP – WISP domain name where the user belongs.
Session ID – the unique user’s session ID number. This can be used for troubleshooting purposes.
Session Time – session time duration since user login [hours: minutes: seconds/unlimited].
Remaining Time – remaining user’s session time [hours: minutes: seconds/unlimited]. Session time
for user is defined in the RADIUS server.
Idle Time - amount of user inactivity time [hours: minutes: seconds].
Input Bytes - amount of data in bytes, which the user network device has received [Bytes].
Output Bytes - amount of data in bytes, transmitted by the user network device [Bytes].
Remaining input/output/total bytes – user session remaining input/output bytes. WISP Operator
can define the user session in bytes. Remaining bytes is received from RADIUS [Bytes/unlimited].
Bandwidth downstream/upstream – user upstream and downstream bandwidth [in bps].
Back – returns to connected client’s statistics list.
Logout User – click this button to explicitly logout user from the network.
Refresh – click the button to refresh users’ statistics.
Gemtek Systems Page 111
User’s Guide Chapter 7 – Reference Manual
Connection | E-mail Redirection
The outgoing mail (SMTP) server redirection is performed using the e-mail redirection menu. By default such redirection settings is displayed:
Figure 162 – E-mail Redirection Settings
Click the edit button to specify your outgoing mail server settings.
Figure 163 – Edit E-mail Redirection
Status – enable/disable e-mail redirection function.
Host – SMTP server address where to redirect the outgoing clients e-mails [enter host name or host IP address].
Port – port number [number, by default: 25].
Save – save new e-mail redirection settings.
Connection | Station Supervision
The station supervision function is used to monitor the connected host station availability. This monitoring is performed with ping. If the specified number of ping failures is reached (failure count), the user is logged out from the AC.
Figure 164 – Station Supervision
To adjust the ping interval/failure count, click the Edit button.
Figure 165 – Edit Station Supervision
Interval – define interval of sending ping to host [in seconds].
Failure Count – failure count value after which the user is logged out from the system.
Save – save station supervision settings.
Cancel – cancel changes.
Gemtek Systems Page 112
User’s Guide Appendix
Appendix
A) Access Controller Specification
Technical Data
Wireless
Standard
Data Rate
Client Stations
Typical range 50 meters in indoor environments, up to 300m outdoors
Transmit Power Max. 17 dBm (EIRP)
Antennas Two 2dBi dipole antennas with space diversity, SMA connectors.
Encryption WPA, TKIP, WEP64, WEP128
WDS Wireless Distribution System for up to 7 APs
IEEE 802.11g (OFDM), IEEE 802.11b (DSSS), 2.4GHz ISM band, Wi-Fi compliant
802.11g: 54, 48, 36, 24, 18, 12, 9, 6 Mbps, 802.11b: 11Mbps, 5.5Mbps, 2, 1Mbps (auto fall back)
Max. 250 simultaneous client stations (depending on SW license Bronze, Silver, Gold)
Network and Hotspot Access Control
IP Router with NAT/PAT, firewall filters Hotspot access controller with web browser log-
on (UAM) and 802.1x/EAP support, Smart Client support, MAC authentication, WISPr compliant (Wi-Fi alliance)
AAA RADIUS client and proxy server
with EAP support
Universal address translation and web
proxy support (any client configuration is accepted)
VPN client (PPTP, GRE) IEEE 802.1x authenticator with EAP-SIM, MD-5,
WPA support DHCP server, DHCP relay gateway, DHCP client VPN pass-through Layer 2 user isolation E-mail redirection Bandwidth management via RADIUS
Universal access method (web browser log-on)
with XML support and walled garden (free web sites)
WISPr compatible log-on via web browser,
SSL/TLS support UAT
TLS, TTLS, PEAP
Interface
WAN 10/100Mb Ethernet, auto sensing, RJ-45
LAN
WLAN Two SMA antenna connectors
Four 10/100Mb Ethernet port switched, auto sensing, RJ-45, 802.1q VLAN support
Management
Interfaces
Software Update Remote software update via HTTPs
Reset Remote reset / Manufacturing reset
HTTPs, Telnet, SNMP (MIB II, Ethernet MIB, bridge MIB, private MIB), Terminal
Physical Specification
Dimension 195 mm x 160 mm x 27 mm
Gemtek Systems Page 113
User’s Guide Appendix
Weight -
Environment Specification
Temperature Humidity
Operating 0 to 55°C 10 % to 95%, non-condensing
Power Supply
External 100-230V AC, 50/60Hz
LEDs
8 LEDs Power, Online, WAN link, WLAN link, 4x LAN-link
Warranty
2 years
Package Contents
P560 Hotspot-in-a-Box Mounting Kit including tool to remove AP from
wall mounting
Two Ethernet patch cables External power supply, 100-230 V, 50/60 Hz Two detachable antenna’s SMA
connector type
CD-ROM with software and
documentation
Power cord for EU
Printed warranty note, release note
Related Products
Controllers: G-6000/G-4000/G-4100 Public Access Controller
Access Points: P-520 54Mb Operator P-360 11Mb Hotspot-in-a-Box
P-380 11MB Outdoor Router
Client Adapters: T-316 11Mb Ethernet Client (2.4 GHz)
Gemtek Systems Page 114
User’s Guide Appendix
B) Factory Defaults for the Access Controller
Network Interface Configuration Settings
Configuration | Interface Configuration
Interface Eth0
Status Enabled
Type LAN
IP Address 192.168.4.1
Netmask 255.255.255.0
Gateway Ixp1
Interface Ixp1
Status Enabled
Type WAN
IP Address 192.168.2.66
Netmask 255.255.255.0
Gateway 192.168.2.1
Interface Ixp0
Status Enabled
Type LAN
IP Address 192.168.3.1
Netmask 255.255.255.0
Gateway Ixp1
Configuration | VLAN
No VLAN entries are defined on system.
Configuration | Route
No routes are defined on system.
Configuration | Port Forwarding
No port forwards defined.
Configuration | Management Subnet
Interface Eth0
Status Disabled
IP Address 0.0.0.0
Netmask 0.0.0.0
Remote Network 0.0.0.0
Remote Netmask 0.0.0.0
Interface Ixp0
Status Disabled
IP Address 0.0.0.0
Netmask 0.0.0.0
Remote Network 0.0.0.0
Remote Netmask 0.0.0.0
Gemtek Systems Page 115
User’s Guide Appendix
DNS
Hostname None
Domain None
Type Primary
IP Address 0.0.0.0
Type Secondary
IP Address 0.0.0.0
DHCP
Status DHCP Server
Interface Eth0
IP Address from 192.168.4.2
IP Address to 192.168.4.254
WINS Address 0.0.0.0
Status DHCP Server
Interface Ixp0
IP Address from 192.168.3.2
IP Address to 192.168.3.254
WINS Address 0.0.0.0
RADIUS Settings
RADIUS Retries 5
RADIUS Timeout 2
NAS Server ID -
User Session Timeout 18000
User Accounting Update 600
User Accounting Update Retry 60
User Idle Timeout 900
Location ISO Country Code US
Location E.164 Country Code 1
Location E.164 Area Code 408
Location Network Gemtek_Systems
Hotspot Operator Name Gemtek_Systems
Location Terminal_Worldwide
Bandwidth Up 128 Kbits
Bandwidth Down 128 Kbits
RADIUS Servers
Name DEFAULT (default)
Type Authentication
IP Address 0.0.0.0
Port 1812
Secret password (case sensitive)
Type Accounting
IP Address 0.0.0.0
Gemtek Systems Page 116
Loading...
+ 35 hidden pages