LevelOne AMG-2100, AMG-2101 User Manual
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
AMG-2100
Gigabit Access and AP Management Gateway
AMG-2101
Gigabit Access and AP Management Gateway Plus
User’s Manual
V1.0
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
Table of Contents
1. Before You Start..........................................................................................................1
1.1
Preface .............................................................................................................................................1
1.2
Document Conventions..............................................................................................................1
1.3
Package Checklist ........................................................................................................................2
2. System Overview and Getting Start................................................................3
2.1
Introduction of AMG-2100/AMG-2101.................................................................................3
2.1.1
Key Features........................................................................................................................................3
2.1.2
Who Uses AMG-2100/AMG-2101.................................................................................................4
2.2
System Concept ...........................................................................................................................5
2.3
Hardware Description.................................................................................................................9
2.3.1
Front Panel ........................................................................................................................................... 9
2.3.2
Real Panel...........................................................................................................................................10
2.4
Preparation before the Installation .....................................................................................11
2.5
Hardware Installation...............................................................................................................12
2.6
Accessing Web Management Interface..............................................................................14
3. Placing AMG-2100/AMG-2101 in a Network Environment .............16
3.1
Network Requirement ..............................................................................................................16
3.2
Setting up WAN1 Port ..............................................................................................................16
3.2.1
Static IP...............................................................................................................................................17
3.2.2
DHCP (Dynamic IP).........................................................................................................................18
3.2.3
PPPoE....................................................................................................................................................19
3.2.4
PPTP......................................................................................................................................................20
3.3
Configuring WAN2 Port (optional).......................................................................................21
3.4
Other WAN Traffic Settings....................................................................................................24
3.4.1
WAN Failover .....................................................................................................................................25
3.4.2
Load Balance .....................................................................................................................................26
3.4.3
Internet Connection Detection ...................................................................................................27
3.4.4
WAN Bandwidth Control................................................................................................................28
3.5
LAN Partition -- Service Zone ...............................................................................................29
3.5.1
Planning your internal network ..................................................................................................31
3.5.2
Configure Service Zone network ...............................................................................................33
3.5.3
Tag Base and Port Base ................................................................................................................ 35
4. User Authentication and Grouping ................................................................38
4.1
Type of Users...............................................................................................................................38
4.1.1
Local .....................................................................................................................................................40
4.1.2
POP3 .....................................................................................................................................................43
4.1.3
RADIUS................................................................................................................................................44
4.1.4
LDAP ..................................................................................................................................................... 45
4.1.5
NT Domain .........................................................................................................................................47
4.1.6
On-Demand Users ...........................................................................................................................48
4.2
Users Group .................................................................................................................................59
4.2.1
Assign users to a Group ................................................................................................................ 60
4.2.2
Permission in Service Zone.......................................................................................................... 62
4.3
User Login.....................................................................................................................................65
4.3.1
Default Authentication ...................................................................................................................67
4.3.2
Login with postfix ............................................................................................................................67
4.3.3
Disable Authentication in Service Zone................................................................................... 68
5. Managing Wireless Network..............................................................................69
5.1
AMG-2100/AMG-2101 with Multiple Type of AP ............................................................69
5.2
Configure AP Template ............................................................................................................70
5.3
Discovery AP................................................................................................................................73
5.4
AP with Service Zone................................................................................................................75
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
5.5
AP Security...................................................................................................................................77
5.6
Change managed AP settings ...............................................................................................78
5.7
AP Operations from AP List....................................................................................................81
5.7.1
Reboot, Enable, Disable and Delete the AP ........................................................................... 81
5.7.2
Apply Template.................................................................................................................................82
5.7.3
Change Service Zone ..................................................................................................................... 83
5.7.4
AP Background Discovery.............................................................................................................84
5.7.5
Manually add AP............................................................................................................................... 85
5.7.6
Firmware management and upgrade ....................................................................................... 86
6. Policies and Access Control................................................................................87
6.1
Black List.......................................................................................................................................87
6.2
MAC Address Control................................................................................................................89
6.3
Policy...............................................................................................................................................90
6.3.1
Firewall ................................................................................................................................................92
6.3.2
Routing ................................................................................................................................................ 95
6.3.3
Schedule .............................................................................................................................................97
6.3.4
Sessions Limit ...................................................................................................................................98
6.4
QoS Traffic Class and Bandwidth Control.........................................................................99
7. Users’ Login and Logout.....................................................................................100
7.1
Before User Login ....................................................................................................................100
7.1.1
Login with SSL ................................................................................................................................ 100
7.1.2
Internal Domain Name with Certificate.................................................................................101
7.1.3
Administrator Contact Information .........................................................................................103
7.1.4
Walled Garden................................................................................................................................. 104
7.1.5
Walled Garden AD List ................................................................................................................. 105
7.1.6
Mail Message ...................................................................................................................................107
7.2
After User Login........................................................................................................................108
7.2.1
Browse which Home Page after login success.................................................................... 108
7.2.2
Idle Timer .........................................................................................................................................109
7.2.3
Multiple Login .................................................................................................................................. 110
7.2.4
DoS Attacker Denial Time .......................................................................................................... 110
7.2.5
Local Users Change Password Privilege ................................................................................ 111
7.2.6
On-demand Account Creation Privilege ................................................................................ 112
7.2.7
Proxy Server....................................................................................................................................114
8. Networking Features of a Gateway.............................................................119
8.1
DMZ...............................................................................................................................................119
8.2
Virtual Server ............................................................................................................................120
8.3
Privilege List...............................................................................................................................121
8.3.1
Privilege IP .......................................................................................................................................122
8.3.2
Privilege MAC ..................................................................................................................................123
8.4
IP Plug and Play........................................................................................................................124
8.5
Dynamic Domain Name Service.........................................................................................125
8.6
Port and IP Redirect................................................................................................................126
9. System Management and Utilities ...............................................................127
9.1
System Time..............................................................................................................................127
9.1.1
NTP......................................................................................................................................................127
9.1.2
Manual Settings..............................................................................................................................127
9.2
Management IP.........................................................................................................................128
9.3
Access History IP......................................................................................................................129
9.4
SNMP.............................................................................................................................................130
9.5
Three-Level Administration..................................................................................................131
9.6
Change Password.....................................................................................................................133
9.7
Backup / Restore and Reset to Factory Default...........................................................134
9.8
Firmware Upgrade...................................................................................................................135
9.9
Restart..........................................................................................................................................136
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
9.10
Network Utility ..........................................................................................................................137
9.10.1 Wake-on-LAN ..................................................................................................................................138
9.10.2 Ping .....................................................................................................................................................138
9.10.3 Trace Route......................................................................................................................................138
9.10.4 Show ARP Table..............................................................................................................................138
9.11
Monitor IP Link..........................................................................................................................139
9.12
Console Interface.....................................................................................................................140
10. System Status and Reports..............................................................................143
10.1
View the status.........................................................................................................................143
10.1.1 System Status.................................................................................................................................144
10.1.2 Interface Status .............................................................................................................................146
10.1.3 Hardware Information .................................................................................................................148
10.1.4 Routing Table................................................................................................................................... 149
10.1.5 Online Users .................................................................................................................................... 150
10.1.6 User Logs .......................................................................................................................................... 151
10.1.7 Local User Monthly Network Usage ........................................................................................154
10.2
Notification .................................................................................................................................155
10.2.1 E-Mail .................................................................................................................................................156
10.2.2 SYSLOG ............................................................................................................................................. 157
10.2.3 FTP ......................................................................................................................................................157
11. Virtual Private Network (VPN).......................................................................158
11.1
Local VPN ....................................................................................................................................158
11.2
Remote VPN ...............................................................................................................................163
11.3
Site-to-Site VPN .......................................................................................................................164
12. Customization of Portal Pages .......................................................................166
12.1
Customizable Pages................................................................................................................166
12.2
Loading a Customized Login Page.....................................................................................167
12.3
Load a Customized Logout Page........................................................................................171
13. Payment Gateways................................................................................................172
13.1
Payments via Authorize.Net ................................................................................................172
13.2
Payments via PayPal...............................................................................................................176
13.3
Payments via SecurePay.......................................................................................................179
13.4
Payments via World Pay........................................................................................................181
14. Additional Applications.......................................................................................184
14.1
Upload / Download Local Users Accounts ......................................................................184
14.2
Backup and Restore On-demand Users Accounts.......................................................186
14.3
POP3 login with complete name format..........................................................................187
14.4
RADIUS Advance settings.....................................................................................................188
14.5
LDAP Advance settings - Attribute-Group Mapping....................................................189
14.6
NT Transparent Login.............................................................................................................190
14.7
Roaming Out..............................................................................................................................191
14.8
SIP Proxy.....................................................................................................................................192
Appendix A. Network Configuration on PC & User Login........................................194
Appendix B. Policy Priority (Global Policy, Service Zone Policy,
Authentication Policy and User Policy) .............................................................................207
Appendix C. Monitoring 3rd Party AP .................................................................................208
Appendix D. RADIUS Accounting...........................................................................................209
Appendix E. Net Retriever and Port Mapping ................................................................217
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
General Public License
This product incorporates open source code into the software and therefore falls under the
guidelines governed by the General Public License (GPL) agreement.
Adhering to the GPL requirements, the open source code and open source license for the source
code are available for free download at http://global.level1.com.
If you would like a copy of the GPL or other open source code in this software on a physical CD
medium, LevelOne (Digital Data Communications) offers to mail this CD to you upon request, for
a price of US$9.99 plus the cost of shipping.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
1
1. Before You Start
1.1 Preface
This AMG-2100/AMG-2101 User Manual is for WLAN service providers or network administrators to set
up a network environment using the AMG-2100/AMG-2101 system. It contains step-by-step
procedures and graphic examples to guide MIS staff or individuals with basic network system
knowledge to complete the installation.
Besides this document, there is a “Quick Installation Guide” (QIG), which is for starting up
AMG-2100/AMG-2101 quickly. It is recommended to start with the QIG, and then refer to this manual
for further details. Some special topics are addressed separately in the Appendixes.
1.2 Document Conventions
Caution:
Represents essential steps, actions, or messages that should not be ignored.
Note:
Contains related information that corresponds to a topic.
Indicates that clicking this button will apply all of your settings.
Indicates that clicking this button will clear what you have set before the settings are applied.
The red asterisk indicates that information in this field is compulsory.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
2
1.3 Package Checklist
The standard package of AMG-2100/AMG-2101 includes:
AMG-2100/AMG-2101 x 1
CD-ROM (with User’s Manual and QIG) x 1
Quick Installation Guide (QIG) x 1
Console Cable x 1
Crossover Ethernet Cable x 1
Straight-through Ethernet Cable x 1
Power Cord x 1
Rack Mounting Bracket (with Screws) x 1
Caution:
It is highly recommended to use all the supplies in the package instead of substituting any
components by other suppliers to guarantee best performance.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
3
2. System Overview and Getting Start
2.1 Introduction of AMG-2100/AMG-2101
AMG-2100/AMG-2101 is an all-in-one product specially designed for wired and wireless data network
environments in middle scaled WLAN deployments. AMG-2100/AMG-2101 is a high-performance
industrial grade network appliance, capable of supporting the network access management for a larger
user base.
Access and AP Management Gateway products (AMG Series) feature integrated management, secured
data transmission, and enhanced accounting and billing. System administrators can effectively monitor
wired or wireless users, including employees and guest users via its user management interface.
Moreover, administrators can discover, configure, monitor, and upgrade all managed Access Points (APs)
from a single, centralized AP management interface.
2.1.1 Key Features
Like other AMG Series products, AMG-2100/AMG-2101 is designed to be a multi-service network
access controller for enterprise or campus environment; it is also deployed as a hotspot subscriber
gateway often. It is a pre-integrated multi-function network appliance, providing the following key
features:
Standard based user authentications, including Web-based login and 802.1x (RADIUS)
Customizable login portal pages and walled gardens to simplify branding
User groups (roles) and user management
Supports for multiple authentication databases (Local, On-demand, RADIUS, POP3, LDAP, NTDS)
Virtual service zones and policy management
Simple visitor account provisioning and billing plans by time or traffic volume
Payment gateway supports, including PayPal, Authorize.net, and SecurePay
Account roaming across multiple sites (branches)
AP management and wireless roaming across APs
Virtual Private Network (VPN) tunnels.
Converged network for Data, Voice and Video traffics
Dual uplinks (WAN) for better reliability and load balancing
Firewall and Denial of Service (DoS) attack prevention
Monitoring, notification and reporting
Network gateway features, including NAT, DHCP, DMZ, firewall and port forwarding
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
4
2.1.2 Who Uses AMG-2100/AMG-2101
Because of its well integrated rich access management features and high performance, academic
campuses, government agencies or enterprises’ IT departments will find AMG-2100/AMG-2101
is a money and time saver, sparing them from having to integrate multiple applications and multiple
equipments on their own in order to manage and secure the internet/network access for both wired and
wireless clients.
With its billing plan and payment features, WISPs and hospitalities (such as hotels, conventions) will
find AMG-2100/AMG-2101 is an instant revenue generator without requiring hefty equipment
investment or long term outsourcing service supports.
AMG Series products are most affordable, best price-performance appliances, comparing to the similar
equipments in the fields of Network Access Controllers, Wireless Controllers, Clientless VPN
Gateway or Hotspot Subscriber Gateway.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
5
2.2 System Concept
If you have experienced other AMG Series products before and are familiar with its system concept, you
may skip the concept description below. Please proceed to the next section on (Hardware
Description).
AMG-2100/AMG-2101 is capable of managing user authentication, authorization and accounting (AAA).
The user account information is stored in the local database or a specified external database server.
Featured with user authentication and integrated with external payment gateway,
AMG-2100/AMG-2101 allows users to easily pay the fee and enjoy the Internet service using credit
cards through Authorize.net, PayPal, SecurePay, PayPal or WorldPay.
With centralized AP management feature, the administrator does not need to worry about how to
manage multiple wireless access point devices.
Furthermore, AMG-2100/AMG-2101 introduces the concept of Service Zones - multiple virtual
networks, each with its own definable access control profiles. This is very useful for hotspot owners
seeking to provide different customers or staff with different levels of network services.
The following portion of this section explains the basic concepts of AMG-2100/AMG-2101; the same
concepts also apply to the other AMG Series products. With the understanding of these concepts, the
administrator will be able to do more advanced network planning and to manipulate the configurations
of AMG-2100/AMG-2101 to suit his own specific application. It is sufficient for most of administrators to
use the default configuration with minor WAN/DNS address changes for simple deployments.
Gateway is a network node where a small network attaches to a bigger network.
AMG-2100/AMG-2101 is a kind of gateway in a network environment; hence it has those features a
typical gateway has, such as NAT, DHCP, DMZ, Firewall and etc. Conventionally, the bigger network is
referred as the gateway’s WAN side or upstream network, while the small network is referred as the
gateway’s LAN side. The Ethernet ports leading to the WAN side network is called WAN ports. The
Ethernet ports leading to the LAN side network is called LAN ports.
Local User is a type of user with its account credential stored in a database named “Local” within
AMG-2100/AMG-2101. The “Local” database of AMG-2100/AMG-2101 allows local user accounts. A
local user account does not have an expiration date once they are created. If administrator wishes to
terminate the account, he must remove it. A local database can be used as an external RADIUS
database to another AMG Series product for account roaming.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
6
On-demand User is a type of user with its account credential stored in a database named
“On-demand” within AMG-2100/AMG-2101. The “On-demand” database of AMG-2100/AMG-2101
allows on-demand account records. On-demand User is used for short term usage purpose; it has an
expiration period. An on-demand account record will be recycled for creating new on-demand account
if it has expired for over certain days or has been modified by the Administrator/Manager manually.
External Authentication Database is a user account database that is not built inside
AMG-2100/AMG-2101. Besides Local database and On-demand database, AMG-2100/AMG-2101
allows up to three additional External Authentication databases simultaneously. The types of external
Authentication databases supported are RADIUS, POP3, LDAP (including ActiveDirectory), and
NTDomain (Win2K’s NTDS). The database of another AMG Series device can be used as an external
RADIUS database. External Authentication Database is useful for implementing account roaming; for
example, multiple AMG-2100/AMG-2101 devices in multiple campuses can share one common external
database. A user needs only one account in the common database to access the network from different
campuses.
Service Zone is a logic partition of AMG-2100/AMG-2101’s LAN network. The concept of Service Zone
is similar to the concept of virtual LAN (VLAN), which can be used to group the network traffic or
network services for clients on the same VLAN segment, regardless of the clients’ physical locations.
That is, several VLAN segments may be in service at one physical network location while devices
belonging to one VLAN segment may appear in multiple physical locations.
Each Service Zone can also be viewed a virtual machine of AMG-2100/AMG-2101 because each Service
Zone can define its own customized login portal page, and its own gateway properties (such as LAN IP
address, DHCP on/off and address range). The feature of Multiple Service Zone is also useful to service
multiple hotspot franchises in shopping malls or airport terminals by a single AMG-2100/AMG-2101.
A Service Zone is uniquely defined by a VLAN tag id and an associated SSID attribute. When a managed
access point (MAP) is added to a Service Zone through AMG-2100/AMG-2101 by the administrator, the
associated SSID will be activated in the MAP along with the VLAN tag of the Service Zone.
For example, in the following Figure 2, the administrator plans three logical Service Zones for an
academic campus:
The first Service Zone (with SSID=’Student”, and VLAN tag=1) is for students.
The second (with SSID=”Faculty” and VLAN tag=2) for faculties.
The third (SSID=”Guest” and VLAN tag=3) for guests.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
7
A Service Zone may or may not require client authentication, depending on how the administrator sets
it up. If a Service Zone requires user authentication, the client will be prompted for the login in first
before using the network services, no matter the client is connecting to its SSID wirelessly or a switch
port via wired line.
Group is a group of user accounts sharing the same access privileges, QoS properties and network
policies. Each client account belongs to a Group. Each Group may or may not have the access privilege
of a Service Zone, depending on the how the administrator define its policy. If the administrator does
not assign a new account to any specific Group, the account belongs to a catch-all group named
“None” by default.
Policy is for defining rules, privileges or properties for managing users. Each user group is bound by a
Policy within a given Service Zone. The same group may or may not be bound to the same policy in
different Service zones. There are two tiers of Policies. The first tier is a policy named ‘Global-Policy’.
The Global-Policy is a base policy which will be applied all users. The second tier is called ‘Group-Policy’
or simply ‘Policy’, which can be chosen to bound the network behaviors of a Group. The administrator
can define the Firewall Profile, Route Profile, Schedule Profile and Max Sessions in a Policy.
The following Figure 1 depicts an example relationship of Service Zone, Group and Policy. In this
example, Students and faculties logging into Service Zone 1 will be governed by Policy-A. Guests only
have the access of Service Zone 3, and will be bounded by Policy-C. Faculties have the access to both
Service Zone 1 and Service Zone 2 under two different policies.
Figure 1: An example relationship of Service Zone, Group and Policy
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
8
The following Figure 2 depicts an example using AMG-2100/AMG-2101 in managing network/internet
access in an academic campus environment. Imagine the network administrator may wish to set
different privileges and bandwidth limits for staff, students, and guests; he could use several Service
Zones of AMG-2100/AMG-2101 – one for staff, one for students, and one for the guests. He also uses
one zone for some shared servers in the diagram.
The access points at a physically location like the administration building may only allow the access of
faculties; hence the access points there are added only to the second Service Zone, enabling only the
“Faculty” SSID. On the other hand, the access points in the Cafeteria may allow the access of all groups;
hence the APs at Cafeteria are added to all Service Zones, enabling SSID=”Student”, SSID=”Faculty”,
and SSID=”Guest”.
There traffic of students, faculties, and guests will be segregated by the three VLAN segments.
Figure-2: An example of managed network
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
9
2.3 Hardware Description
2.3.1 Front Panel
1. LED Indicators: There are three kinds of LED, Power, Status and Hard-disk, to indicate
different status of the system.
2. Mgmt: For management use only, it always will open WMI (Web Management Interface)
homepage.
3. WAN1/ WAN2: Two WAN ports (10/100/1000 Base-T RJ-45) are connected to the external
network, such as the ADSL Router from your ISP (Internet Service Provider).
4. LAN1/ LAN2: Client machines connect to AMG-2100/AMG-2101 via these LAN ports
(10/100/1000 Base-T RJ-45).
5. Reset:
Press and hold the Reset button for about 5 seconds and status of LED on front panel will start
to blink before restarting the system.
Press and hold the Reset button for more than 10 seconds and status of LED on the front panel
will start to speed up blinking before resetting the system to default configuration.
6. Console: The system can be configured via a serial console port. The administrator can use a
terminal emulation program such as Microsoft’s Hyper Terminal to login to the configuration
console interface to change admin password or monitor system status, etc.
Note:
By default, all LAN ports are set with Port-based Default Service Zone; for Service Zone
configuration, please refer to 3.3 What is Service Zone.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
10
2.3.2 Real Panel
1. Power Supply Socket: Connecting the power cord to the built-in open-frame power supply
(Input: 100~240 VAC, 50/60 Hz ).
2. Power Switch: Power-On (|) & Power-Off ( O ).
3. Device Cooling Fan: Don’t block the cooling fans. Leave enough open space for ventilation.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
11
2.4 Preparation before the Installation
Before you start the installation by either following this User Manual or the Quick Installation Guide,
below is a short preparation list to do.
1) Unpack the AMG-2100/AMG-2101 and go thorough the package checklist.
2) Review the front panel and the back panel and identify each control and network interface that is
described in the previous Hardware Description section.
3) Prepare a couple of CAT5 Ethernet cables with using RJ-45 connectors. The cables are for
connecting IP devices, including this AMG-2100/AMG-2101, IP switches, and your PC.
4) Prepare a PC with Web browser for accessing the Web Management Interface.
5) Identify an upstream device to plug in AMG-2100/AMG-2101 in your network, such as ADSL, CABLE
modem or other edge devices. Collect the DNS server address provided by your ISP.
If you use AMG Series product for the first time, it is recommended that you follow the Quick
Installation Guide to start up the AMG-2100/AMG-2101 in a near default state with minimum
configuration changes (such as WAN settings and admin password), then refer to this manual later
when you want to configure the system for specific application needs.
The recommended general steps for the configuration are:
Set up system’s Time Zone, NTP server, DNS server and WAN1address
Configure LAN address range for at least one Service Zone, and enable its authentication. The
Default Service Zone is enabled by the factory default.
Create user accounts to test the login page via wire line in the enabled Service Zone.
Try to generate on-demand user and test the account.
Configure Wireless environment of Service Zone, then add in AP
Configure more Service Zones base on your application.
Set up Group and Policy (including Firewall rules and Session Limit).
Customize the portal login page and add walled garden Advertisement links if needed.
Set up Payment gateway if you want to use credit card for the on-demand accounts.
Load SSL certificate for the Web Server before operation.
Monitor the status pages and reports generated.
Perform other advanced setting for your specific application.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
12
2.5 Hardware Installation
Please follow the steps below to install the hardware of AMG-2100/AMG-2101:
1) Connect the power cord to the power socket on the rear panel.
2) Turn on ( | ) the power switch on the rear panel. The Power LED should be on to indicate a proper
connection.
3) Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the
Ethernet cable to an xDSL/cable modem, or a switch/hub of an internal network. The LED of this
port should be on to indicate a proper connection.
4) Connect an Ethernet cable to the Mgmt Port on the front panel. Connect the other end of the
Ethernet cable to an administrator PC for configuring the AMG-2100/AMG-2101 system. Connect an
Ethernet cable to the LAN1 or LAN2 Port on the front panel. Connect the other end of the Ethernet
cable to an AP for extending wireless coverage; a switch for connecting more wired clients; or
directly to a client PC. The LED of port should be on to indicate a proper connection.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
13
Figure 3 below is a simple network diagram for the initial installation and configuration. Start with this
simple network topology to set up AMG-2100/AMG-2101 for the first time; it helps to plan a more
sophisticated network topology to suits your specific application needs later.
Figure 3: A simple network diagram for the initial setup
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
14
2.6 Accessing Web Management Interface
AMG-2100/AMG-2101 supports web-based configuration. Upon the completion of hardware installation,
AMG-2100/AMG-2101 can be configured via web browsers with JavaScript enabled such as Internet
Explorer version 6.0 and above or Firefox.
To access the web management interface, connect a PC to the Mgmt port, and then launch a browse.
Make sure you have set DHCP in TCP/IP of your PC to get an IP address dynamically.
Next, enter the gateway IP address of AMG-2100/AMG-2101 at the address field. The default gateway
IP address from LAN Port is“https://192.168.255.254” (“https” is used for a secured
connection).
For the first time, if AMG-2100/AMG-2101 is not using a trusted SSL certificate, there will be a
“Certificate Error”, because the browser treats AMG-2100/AMG-2101 as an illegal website. Please
press “Continue to this website” to continue. The default user login page will then appear in the
browser.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
15
The administrator login page will appear. Enter “admin”, the default username, and “admin”, the
default password, in the UserName and Password fields. Click LOGIN to log in.
Caution:
If your PC is connecting to the Mgmt port, and you can’t get the Administrator’s login screen, the
reasons may be:
(1) The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the Mgmt
port;
(2) The IP address and the default gateway are not under the same network segment.
Please use default IP address such as 192.168.255.xx in your network and then try it again. For the
configuration on PC, please refer to Appendix A. Network Configuration on PC.
After a successful login, a “Home” page will appear on the screen.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
16
3. Placing AMG-2100/AMG-2101 in a Network
Environment
3.1 Network Requirement
Typically, in a network environment, AMG-2100/AMG-2101 plays the role of a gateway. On a gateway
device, a network port leading upstream to the Internet or the backbone network is called a ‘WAN port’
or an uplink port, while a network port used for branching out to the service the clients downstream is
referred as ‘LAN port’.
AMG-2100/AMG-2101 consists of two WAN ports, which are normally linking up to another routers or
modems leading to ISP. A gateway needs one WAN port only, but if you want dual-homing or
dual-uplink to add reliability and throughput, the second WAN port let you achieve the goal.
AMG-2100/AMG-2101 has two LAN ports. There could be other network bridge devices, such as
Layer-2 switches or VLAN switches, between AMG-2100/AMG-2101’s LAN ports and the client devices.
3.2 Setting up WAN1 Port
AMG-2100/AMG-2101’s two WAN ports are marked as WAN1 and WAN2 on the front panel. WAN1 port
supports four connection types: Static, Dynamic, PPPoE and PPTP. WAN2 port supports 3
connection types: Static, Dynamic and PPPoE. These connection types are enough to support most
ISP.
Depending on ISP or the upstream device the WAN port connects, you only need to select one
connection type for the port. For example, if your ISP is Cable modem issuing Dynamic address, then
you would select Dynamic connection when setting up the WAN ports.
Now, let us begin to configure WAN1 port:
Go to: System >> WAN1
.
On the WAN1 Configuration Web page, you can decide which of the four connection options (Static,
Dynamic, PPPoE and PPTP) to choose from.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
17
3.2.1 Static IP
When the ISP assigns you static IP address, or for other reason, your network requires you to use a
fixed IP address, then you (as the administrator of AMG-2100/AMG-2101) will manually enter the fixed
IP address as AMG-2100/AMG-2101’s WAN address.
Static: Manually specifying the IP address of the WAN Port. The fields with red asterisks are required
to be filled in.
IP Address: The IP address of the WAN1 port.
Subnet Mask: The subnet mask of the WAN1 port.
Default Gateway: The gateway of the WAN1 port.
Preferred DNS Server: The primary DNS server used by the system.
Alternate DNS Server: The substitute DNS server used by the system. This is an optional
field.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
18
3.2.2 DHCP (Dynamic IP)
When the ISP issues dynamic IP addresses or there is a DHCP server upstream for issuing dynamic IP
addresses, then you (as the administrator of AMG-2100/AMG-2101) can configure
AMG-2100/AMG-2101 to receive an IP address dynamically as AMG-2100/AMG-2101’s WAN1 address.
Dynamic: It is only applicable for the network environment where the DHCP server is available on the
upstream network. Click the Renew button to get an IP address automatically.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
19
3.2.3 PPPoE
If the ISP requires you use PPPoE Dialup connection, then the ISP will issue you an account with a
password. You would need to enter the account credential in the WAN configuration page for dialing up
to the ISP. If you are using ADSL/DSL Internet service, most likely, your ISP will require PPPoE
connection.
PPPoE: When selecting PPPoE to connect to the network, please set the “UserName”, “Password”
MTU: Short for Maximum Transmission Unit of a PPPoE frame. The PPPoE protocol allows an
Ethernet frame’s size to be up to 1492 bytes, but some ISP’s network equipments may
support a smaller frame size of than 1492 bytes. In that case, you have to enter a smaller
number MTU number to meet the ISP’s networking requirement.
MSS: Short for Maximum Segment Size for a TCP connection. An end-to-end TCP connection
over PPPoE will consume additional overhead out of each packet. At least 40 bytes are used
for the address. Hence, MSS must be smaller than MTU by at least 40.
Dial on demand function under PPPoE. If this function is enabled, a Maximum Idle Time
will be available for input a value. When the idle time is reached, the system will automatically
disconnect itself.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
20
3.2.4 PPTP
Although not a popular method, PPTP protocol for dialup connections is adapted by some ISPs (in
European Countries). AMG-2100/AMG-2101 offers the PPTP dialup feature for the rare cases. Your PPTP
ISP will issue you an account with a password as well as the PPTP server address.
PPTP: When selecting PPTP to connect to the network, please specify the given PPTP Server IP
Address and enter the “User Name”, “Password”.
Static or DHCP: Select Static to specify the IP address of the PPTP Client manually or select
DHCP to get the IP address automatically.
Dial on demand function under PPTP: If this function is enabled, a Maximum Idle Time will
be available for input a value. When the idle time is reached, the system will automatically
disconnect itself.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
21
3.3 Configuring WAN2 Port (optional)
AMG-2100/AMG-2101 also supports a second WAN port, called WAN2. The second port is for
connecting to a second feeding pipe upstream. When WAN1 is connected to an ISP and WAN2 is
connected to another ISP, the network is referred as ‘dual ISP homing’, or ‘having dual homed Internet
feed’. That is when the first ISP via WAN1 is down, the second ISP via WAN2 still be able to service the
client devices downstream of AMG-2100/AMG-2101.
When WAN2 is enabled, the system can be set up to support more features, such as WAN Failover and
Load Balance (but not a necessity). These two features will discuss in the next section (Other WAN
traffic Settings).
Note:
By default, all Policies of AMG-2100/AMG-2101 use WAN1 as the outgoing gateway; that is, all user
groups’ traffic will use WAN1 as the Internet feed. Administrator can change the Routing Profile of a
Policy to use WAN2 as default gateway; that way, for the groups bounded by the Policy will use
WAN2 as their Internet feed.
If dynamic “WAN Load Balancing” feature is not turned on, using the Policy’s Routing Profile to route
some users’ traffics to WAN2 is considered a way of doing static “Load Balancing”.
The configuration of WAN2 is similar to WAN1’s, except that WAN2 connection can be disabled and
WAN2’s connection type does not have the PPTP choice.
If you only have one Internet feed from one ISP, please leave the WAN2 at its default option - None, so
the WAN2 interface remains disable. If you want to use a second Internet feed (from an ISP or from
your corporate headquarter), select one of the three connection types for your WAN2 port: Static,
Dynamic, and PPPoE.
Now, let us enable and configure WAN2 port (optional):
Go to: System >> WAN2
.
None: The WAN2 Port is disabled.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
22
Static: Manually specifying the IP address of the WAN port. The red asterisks indicate required
fields to be filled in.
IP Address: the IP address of the WAN2 port.
Subnet Mask: the subnet mask of the network WAN2 port connects to.
Default Gateway: a gateway of the network WAN2 port connects to.
Preferred DNS Server: The primary DNS server used by the system.
Alternate DNS Server: The substitute DNS server used by the system. This is an optional
field.
Dynamic: It is only applicable for the network environment where a DHCP server is available. Click
the Renew button to get an IP address.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
23
PPPoE: When selecting PPPoE to connect to the network, please set the “User Name”,
“Password”.
MTU: Short for Maximum Transmission Unit of a PPPoE frame. The PPPoE protocol allows an
Ethernet frame’s size to be up to 1492 bytes, but some ISP’s network equipments may support
a smaller frame size of than 1492 bytes. In that case, you have to enter a smaller number MTU
number to meet the ISP’s networking requirement.
MSS: Short for Maximum Segment Size for a TCP connection. An end-to-end TCP connection
over PPPoE will consume additional overhead out of each packet. At least 40 bytes are used for
the address. Hence, MSS must be smaller than MTU by at least 40.
Dial on demand function under PPPoE. If this function is enabled, a Maximum Idle Time will
be available for input a value. When the idle time is reached, the system will automatically
disconnect itself.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
24
3.4 Other WAN Traffic Settings
It is a good idea to have two Internet feeds to the system, especial from two different ISP; it adds the
service reliability to your clients by turning on WAN-Failover feature. When one feed is out-of-service,
the other feed automatically picks up the responsibly of serving the clients under the feed that goes
outage.
By default, the system assumes there is only one feed to WAN1. All the Policies by default route all
clients’ internet traffic via WAN1, using the Internet pipe at WAN1. When you have two pipes, you
certainly want to set some Policies to utilize the bandwidth of the second pipe at WAN2, rather then just
when the WAN1 pipe fails.
Beside the static load balancing by setting “Policy” route, alternatively, you can use the system’s
dynamic Load-Balancing feature. When the feature is turned on, the system can distribute the load of
the up-going traffics to the two WAN pipes, according to the weight percentage assigned by the
administrator.
User’s Manual
AMG-2100 Gigabit Access and AP Management Gateway/
AMG-2101 Gigabit Access and AP Management Gateway Plus
25
3.4.1 WAN Failover
Configure WAN Failover:
Go to: System >> WAN Traffic.
Enable WAN Failover: Normally AMG-2100/AMG-2101 uses WAN1 as it primary WAN interface.
When WAN Failover is enabled and WAN2 is available, WAN1's traffic will be routed to WAN2 when
WAN1 connection is down. On the other hand, a Service Zone’s policy could also use WAN2 as its
interface; in that case, if WAN2 is down, the WAN2's traffic under its policy will also be routed to
WAN1.
Fall back to WAN1 when WAN1 is available again: If WAN Failover is enabled, the traffic will
be routed to WAN2 automatically when WAN1 connection fails. When fall back to WAN1 is
enabled, the routed traffic will be connected back to WAN1 when WAN1 connection is recovered.
Loading...