GemTek Technology R950829G Users Manual
User’s Guide Version 1.0
Figure 103 – Edit DHCP Server Settings
IP Address from/IP Address to – specify the IP address range supported for the DHCP servi ce
[mandatory fields].
WINS Address (Windows Internet Naming Service) – specify service IP address if it is available on
the network [dots and digits].
Lease Time – specify the IP address renewal in seconds [1-1000000].
Domain – specify DHCP domain name [optional, 1-128 sting].
DNS address – specify the DNS server’s IP address [in digits and dots notation].
DNS secondary address – specify the secondary DNS server’s IP address [in digits and dot s
notation].
Case 2 Configure the DHCP relay
Select the interface on which you want to configure the DHCP service. Select the DHCP relay and
click the update button specify the DHCP relay parameters:
Figure 104 – Edit DHCP Relay Settings
Circuit ID – the unique DHCP relay parameter [optional, by default the MAC address of the device
WAN interface is used].
If want designate the DHCP relay server, please refer to network configuration | DHCP relay.
If DHCP relay service is selected, the default WAN gateway is used automatically.
Update – to update entered values, the following screen appears:
Figure 105 – Apply or Discard DHCP Server Settings
Apply Changes – to save entered new DHCP settings.
Discard Changes – to restore previous values.
BROWAN Page
69
User’s Guide Version 1.0
Network Interface | POP3
It is convenient to use POP3 authentication way if there has no RADIUS server. BW1330 use POP3
interface to authenticate clients instead of RADIUS protocol.
Figure 106 – POP3 Server configuration
Just fill out the POP3 server IP address or URL name such like “mail.browan.com”.
Network Interface | RADIUS
RADIUS is an authentication and accounting system used by many Internet Service Providers (ISP).
RADIUS enables ISPs to maintain a very large database of users. By using RADIUS, service
providers can implement policy-based management of their subscribers’ base. RADIUS also helps
ISPs to collect statistical data about their subscribers (e.g. amount of time, amount of transferred
bytes, and session time).
Use the RADIUS (Remote Authentication Dial In User Service) menu to set-up the following RADIUS
settings:
RADIUS Settings – general RADIUS settings configuration (e.g. NAS server ID, servers timeouts)
RADIUS Servers – up to 32 different RADIUS servers’ configuration (accounting and
authentication servers)
WISP (Wireless Internet Service Provider) – specify WISP domain for RADIUS server
Proxy – configure the BW1330 to act as RADIUS proxy server.
Accounting Backup – backup the RADIUS subscribers accounting information.
Network Interface | RADIUS | Settings
General RADIUS settings are configured using the RADIUS settings menu under the network
interface:
Figure 107 – RADIUS Settings Configuration
RADIUS Retries – retry count of sending RADIUS packets before giving up.
RADIUS Timeout – maximum amount of time before retrying RADIUS packets [sec].
BROWAN Page
70
User’s Guide Version 1.0
NAS Server ID – name of the RADIUS client.
User Session Timeout - amount of time from the user side (no network carrier) before closing the
connection [sec].
User Accounting Update - period after which server should update accounting information [sec].
User Accounting Update Retry – retry time period in which server should try to update a ccounting
information before giving up [sec].
User Idle Timeout - amount of user inactivity time, before automatically disconnecting user from the
network [sec].
Location ISO Country code – location ID attribute, country code according ISO standards [string].
Location E.164 Country code – location ID attribute, country code according E.164 specification.
Location E.164 Area code – location ID attribute, area code according E.164 specification.
See the Location ID and ISO Country codes for your country in the Appendix:
Location Network – location ID attribute, network name [string].
Hotspot Operator Name – location name attribute, operator’s name [string].
Location – location name attribute, textual description of the location [string].
Bandwidth Up – maximum bandwidth up at which corresponding user is allowed to transmit [bps].
Bandwidth Down – maximum bandwidth down at which corresponding user is allowed to receive
[bps].
Each setting in this table can be edited. Select RADIUS setting you need to update, click the edit next
to the selected setting and change the value:
Location ID and ISO Country Codes
User can check its available bandwidth in the logout page statistics.
.
D)
Figure 108 – Edit RADIUS Settings
Use the update button to update to an entered value. Now select another RADIUS setting to edit, or
apply changes and restart the server if the server configuration is finished:
BROWAN Page
71
User’s Guide Version 1.0
Figure 109 – Apply or Discard RADIUS Settings
Apply Changes – click if RADIUS settings configurat ion is finished.
Discard Changes – restore all previous values.
Network Interface | RADIUS | Servers
Up to 32 different RADIUS servers can be configured under the RADIUS servers
By default, one RADIUS server is specified for the system:
Figure 110 – RADIUS Servers Settings
New – add new RADIUS server.
Details – click on details to get more information about RADIUS server settings.
Edit – edit selected RADIUS server settings.
Delete – remove selected RADIUS server.
To view complete RADIUS server settings, click the details button in the action column:
menu.
Figure 111 – RADIUS Server's Details
BROWAN Page
72
User’s Guide Version 1.0
To edit RADIUS server click the edit button:
Figure 112 – Add New RADIUS Server
Name – specify the new RADIUS server name.
Default – check the check box to make the selected RADIUS the de fault server.
Authentication IP – authentication RADIUS server IP address [dots and digits].
Authentication Port – specify the network port used to communicate with RADIUS [1-65535].
The port default value of 1812 is based on RFC 2138 "Remote Authentication Dial-
Authentication Secret – shared secret string that is used to encrypt data frames used for
authentication server.
Accounting IP – accounting RADIUS server IP address [dots and digits].
Accounting Port – specify the network port used to communicate with RADIUS [1-65535].
Accounting Secret – shared secret string that is used to encrypt data frames used for accounting
server.
Backup IP – backup RADIUS server IP address [dots and digits].
Backup Port – specify the network port used to communicate with RADIUS [1-65535].
Backup Secret – shared secret string that is used to encrypt data frames used for backup server.
Reverse Accounting – [enabled/disabled]. The RADIUS accounting request contains Acc-InputOctets and Acc-Output-Octets attributes. The interpretation of these attributes according the
RFC2866 is relative to the point of view. If this point is at the AC - Acct-Input* attributes should contain
the bytes/packets received at AC port from the client and Acct-Output* attributes should contain
bytes/packets sent from AC port to the client. If we move this point to the client - we will get the
reversing of Acct-Input* and Acct-Output* attributes values. The Acct-Input* then should contain
bytes/packets received from AC, what is bytes/packets that AC sent to the user in AC point of view
and what was Acct-Output*.
in User Service (RADIUS)".
Shared secret must be the same on RADIUS server and RADIUS client.
The AC implementation of RADIUS accounting request is at the client point of view
(reverse accounting is disabled).
BROWAN Page
73
User’s Guide Version 1.0
The value "disabled" means that Acct-Input* RADIUS attributes will contain bytes/packets sent to
the client and Acct-Output* RADIUS attributes will contain bytes/packets received from the client
during the curse of service being provided.
The value "enabled" means that info in the Acct-Input* and Acct-Output* RADIUS attributes will be
swapped (reversed). That is the Acct-Input* will contain bytes/packets received from the client and the
Acct-Output* will contain bytes/packets sent to the client.
User password md5sum secret: if enabled, user input password will be md5-summerized before
pass to RADIUS server for more security (Need RADIUS Server do relevant configurations).
Strip WISP – [enabled/disabled] select ‘enabled' if you want to strip WISP domain name before
sending it to the RADIUS server. Stripping means removing everything before the “/” character
including character itself for such user name login format like: “WISPdomain/username”.
Select “disabled” if you need to send the user login name to RADIUS server unmodified. Some
RADIUS servers can be configured in such way that requires full-unmodified user name to be sent.
UAM authentication method – select authentication method from drop-down menu:
PAP – Password Authentication Protocol
Update – add new specified RADIUS server.
Cancel – restore all previous values.
After adding a new RADIUS server or editing an existing one, the following controls appears:
figure – 113 apply and reboot
Apply Changes – save changed configuration.
Discard Changes – discard all changes.
Restart – after applying changes to the system, you should restart the control ler to make applied
changes work.
Network Interface | RADIUS | WISP
Up to 32 WISP entries can be defined using the network interface | RADIUS |
Different WISPs (Wireless Internet Service Providers) can be associated with appropriate RADIUS
servers and device interfaces using the network interface | RADIUS | WISP menu:
WISP menu.
Figure 114 – WISP Menu
Domain policy means BW1330 use which policy to fetch WISP name from user name then to judge
user belong which domain.
Hotspot owner can use three policy to judge the WISP name from user name:
BROWAN Page
74
User’s Guide Version 1.0
1. username follow the format: username@WISPdomain
2. username follow the format: WISPdomain/username
3. use prefix of username as wisp name, the range of prefix length is from 2 to 6.
Figure 115 – Domain Policy
New – click to define WISP for RADIUS server.
Figure 116 – Define New WISP
Name – new WISP domain name [string, up to 256 symbols, no space, dot or dash allowed].
RADIUS Name – select RADIUS for new WISP from list box [non editable].
Bound To – select the WISP binder interface. The WISP can be associated with appropriate device
interface.
Update – system with new WISP.
Cancel – restore all previous values.
Network Interface | RADIUS | Proxy
The BW1330 can forward the RADIUS authentication and accounting requests from Access Point (AP)
to the real RADIUS server. To configure the RADIUS proxy, follow the steps:
Step 1 Connect the Access Point to any LAN port available on the Access Controller
(BW1330). The AP should be in the bridge mode.
Step 2 Using the network interface | RADIUS | proxy menu configure the RADIUS proxy
parameters: RADIUS authentication port (UDP), RADIUS accounting port (UDP) different from authentication port and Accounting detection timeout:
Figure 117 – RADIUS Proxy Settings
RADIUS Proxy Status – select [enabled] to enable the RADIUS proxy feature [enabled/disabled].
Authentication Port – specify the port on AC for listening the RADIUS authentication packets. The
AC RADIUS proxy authentication port will accept only RADIUS authentication packets [1-65535,
default: 1812].
Accounting Port – specify the port on AC for listening the RADIUS accounting packets. The AC
RADIUS proxy accounting port will accept only RADIUS accounting packets [1-65535, default: 1813].
Detection Timeout – specify the RADIUS proxy accounting detection timeout in seconds. The AC will
wait the specified period for accounting packet after the authentication request was got [0-3600].
BROWAN Page
75
User’s Guide Version 1.0
The authentication RADIUS proxy port should differ from the accounting port.
Step 3 Configure the AP to send the RADIUS authentication and accounting packets to the
AC LAN IP address and UDP ports which are configured on AC RADIUS proxy configuration.
Step 4 The RADIUS secrets on AC should be set to value, which is good at the real RA DIUS
server for which the following packet will be forwarded.
Such preconfigured AC will act as RADIUS proxy and will forward the RADIUS authentication and
accounting packets from AP according WISP and RADIUS server settings in the AC configuration
without any modification.
Network Interface | RADIUS | Accounting Backup
The administrator can backup the hotspot subscribers’ RADIUS accounting information in two ways:
Via syslog protocol to the specified host
Download to the selected location (e.g. on your PC)
Use the network interface | RADIUS | accounting backup menu:
Figure 118 – Accounting Backup
Backup via syslog – enable this type to send the RADIUS accounting information via syslog protocol
to the specified host [enable/disable] and note that the Host IP specification is obligatory.
Host – enter host IP address where to send accounting backup messages.
Backup to local file – enable this option, and the download button appears:
Figure 119 – Accounting Backup enable
Download – click the button to download the accounting information file to your selected location.
Both types of accounting backup can be enabled.
BROWAN Page
76
User’s Guide Version 1.0
Network Interface | Tunnels
This chapter describes the configuration of VPN tunnels. VPN tunnels can be used to secure
management and AAA traffic between the hotspot network and the network operation center of the
operator.
The Access Controllers support GRE tunnels. Furthermore PPP (Point-to-Point Protocol) can be use
to authenticate the AC to a authentication server and to assign IP settings to the WAN port of the AC.
Network Interface | Tunnels | PPPoE/GRE
Use the network interface | tunnels | PPPoE/ GRE menu to connect to ISP via PPPoE or GRE
tunnel. All traffic will be sent via this tunnel.
Default gateway specified in network interface | configuration page will not be used, because all
Internet traffic will be sent/received via the specified PPPoE or GRE server (tunnel).
By default no services are available on the controller:
Figure 120 – PPPoE /GRE for DSL
To specify PPPoE tunnel for your controller click the edit button and enter the following:
Figure 121 – Specify PPPoE Tunnel
Service – select service PPPoE.
Username – enter username to connect to the server [text string, can not be empty].
The same username should be configured on the PPPoE server.
Password – enter password by which user should be authenticated [text string, can not be empty].
Encryption – enables use of MPPE encryption.
When PPPoE tunnel is used, then no server IP is required - broadcast address will be used.
To specify GRE tunnel for your controller click the edit button and enter the following:
Figure 122 – Specify GRE Tunnel
Service – select service GRE.
Remote IP – IP address of GRE tunnel endpoint [IP address].
Interface IP – enter the IP address of GRE interface [IP address].
Interface Netmask – enter the netmask of GRE interface [netmask].
BROWAN Page
77
User’s Guide Version 1.0
Network Interface | Tunnels | GRE Client for VPN
GRE (Generic Routing Encapsulation) tunnel is one of the solutions for tunneling private network over
the TCP/IP connection (e.g. PPTP, L2TP, PPPoE). GRE tunnel does not use encryption. It only
encapsulates data and sends it over the Internet. So the administrator should take care that no
unencrypted private information is going through the GRE tunnel. By default there is no GRE tunnels
on the AC:
Figure 123 – GRE Tunnel
Click edit button to specify values
See the following example to understand GRE settings.
Example:
BW1330
Figure 124 – GRE Tunnel
BROWAN Page
78
User’s Guide Version 1.0
For example, there are 2 internal networks: network A and B, and intermediate network - Internet.
Network A (administrator's computer with Network Management System); we shall call this network
(192.168.82.0/24) “Net A”.
Network: 192.168.82.0
Netmask: 255.255.255.0
Router: 192.168.82.16
GRE server has two interfaces, LAN and WAN:
LAN IP: 192.168.82.16
WAN IP: 211.139.210.123
Network B has subscribers on LAN of BW1330 interface (ixp0) we shall call this network
(192.168.3.0/24) “Net B”:
Network: 192.168.3.0
Netmask: 255.255.255.0
Router: 192.168.3.1
Where GRE interface (WAN IP of AC) is 211.139.210.168.
GRE server
Remote Host IP: 211.139.210.168
Interface IP: 0.0.0.0
Interface netmask: 255.255.255.0
Route: 192.168.3.0/24
Refer to figure 125 the setting as below:
The setting of BW1330
GRE Remote Host IP: 211.139.210.123
GRE Interface IP: 0.0.0.0
GRE Interface netmask: 255.255.255.0
GRE Route: 192.168.82.0/24
Figure 125 – GRE client for VPN setting
The remote host IP address of “GRE client for VPN” is different with remote IP of
As far as the Internet is concerned, we assume that it will pass any packet sent from Net A to Net B or
Net B to Net A. The administrator from Net A will be able to access clients on Net B through the GRE
tunnel between the GRE server and the GRE interface of AC.
BROWAN Page
GRE service under Network Interface | Tunnels | PPPoE/GRE menu. You must
assign different IP address for the both GRE service enabled simultaneously.
79
User’s Guide Version 1.0
2.33 dBi
20
18
2.33 dBi
Network interface| wireless | Basic
Use the Network interface | wireless | Basic menu to configure such wireless settings as regulatory
domain, channel, band, and power, layer2isolation. Click the edit button on the setting to change the
basic configuration of wireless module.
Figure 126 – Basic Wireless Settings
Edit – edit the wireless basic settings
To change basic wireless setting properties click the Edit button in the Action column. The status
can be changed now:
Figure 127 – Edit Basic Wireless Settings
Radio Name– specify which wireless interface of BW1330, which is fixed: wlan1;
Domain – select the regulatory domain according to your country
The full frequency range of the 2.4 GHz is not permitted for use in all countries. Depending on your
selection of regulatory domains, the available frequency channels will vary.
Before changing radio settings manually verify that your settings comply with
government regulations. At all times, it will be the responsibility of the end-user to
ensure that the installation complies with local radio regulations. Refer to the
Appendix:
B) Regulatory Domain/Channels.
Channels – select the channel that the access point will use to transmit and receive information. If
one channel is defined, it acts as default channel. Channels list will vary depending on selected
regulatory domain and selected band. Multiple frequency channels are used to avoid interference
between two radios of this AP, and between nearby access points. If you wish to operate more than
one access point in overlapping coverage areas, we recommend a distance of at least four channels
between the chosen channels. For example, for three Access Points in close proximity choose
channels 1, 6 and 11 for 11b/g.
Band – working bands on which your radios are working.
4 bands are supplied: 2.4GHz(Mixed 11g), 2.4GHz(11g only), 2.4GHz(Mixed 11g WiFi) and 2.4GHz
(11g only WiFi).If 2.4GHz(Mixed 11g) or 2.4GHz(11g only) is selected, the radio will work on 2.4GHz
BROWAN Page
80
Loading...