LevelOne WHG-311, WHG-315, WHG-401, WHG-707, WHG-505 User Manual

...

LevelOne

Secure WLAN Controller

WHG-311/315/401/505/515/707

User Manual

The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission of LevelOne, INC.

Disclaimer

LevelOne does not assume any liability arising out the application or use of any products, or software described herein. Neither does it convey any license under its parent rights not the parent rights of others. LevelOne further reserves the right to make changes in any products described herein without notice. The publication is subject to change without notice.

Trademarks

LevelOne is a registered trademark of Digital Data Communications Group. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

About 4ipnet

The LevelOne Secure WLAN Controller series is powered by 4ipnet. LevelOne is partnered with 4ipnet to deliver most feature-rich product yet simple deployment in wireless networking infrastructure solution.

4ipnet is a leading provider of wireless networking solution soft ware desi gn hous e for manageable, reliable, and secure wireless access. In an effort to meet changing market demands at the least possible cost, 4ipnet delivers a diverse array of turnkey, high-performance products and mission-critical applications to bring reliability and manageability to increasing l y complex wireless networks.

4ipnet’s complete WLAN infrastructure solution portfolio addresses the needs of different network operation environments ranging from the ISP to the SOHO, with an emphasis on simplified network deployment, centralized network management, and enhanced network perf ormance.

FCC CAUTIO N

WHG-311

This equipment has been tested and pro ven to comply with the limits for a class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used i n accor dance with the i nstructi ons, may cause harmful inte rference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipme nt does ca use harmful inter fe rence to radio or televis ion r ecepti on, which c an be determined by turning the equipment off and on, the user is encoura ged to try to correct the inte rfer ence by one or more of the following measures:

---Reorient or relocate the receiving a n tenna.

---Increase the separation between the equipment and receiver.

---Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

---Consult the dealer or an experie n ced radio/TV technician for help.

WHG-315, WHG-401, WHG-505, WHG-515, WHG-707

These equipments has been tested a nd found to comply with the li mits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is opera ted i n a commercial envir onment. This equipme nt gene r ates, us es and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

Table of Contents

1. Before You Start ................................................................................................... 8

1.1. Preface .............................................................................................................................. 8

1.2. Document Conventions ..................................................................................................... 8

2. WHG Controllers Installation Guide ................................................................... 9

2.1. WHG Controller Capacity Table ......................................................................................... 9

2.2. WHG Controller Hardware Overview ............................................................................... 10

2.2.1. WHG-311 Hardware ................................................................................................................. 10

2.2.2. WHG-315 Hardware................................................................................................................. 11

2.2.3. WHG-401 Hardware................................................................................................................. 12

2.2.4. WHG-505 Hardware................................................................................................................. 13

2.2.5. WHG-515 Hardware................................................................................................................. 14

2.2.6. WHG-707 Hardware................................................................................................................. 15

2.3. Preparation before the Installation ................................................................................... 16

2.4. Unpacking & Installing ..................................................................................................... 17

2.4.1. WHG-311 Package & Installation ............................................................................................. 17

2.4.2. WHG-315 Package & Installation ............................................................................................ 17

2.4.3. WHG-401 Package & Installation ............................................................................................ 18

2.4.4. WHG-505 Package & Installation ............................................................................................ 19

2.4.5. WHG-515 Package & Installation ............................................................................................ 19

2.4.6. WHG-707 Package & Installation ............................................................................................ 20

3. System Overview ............................................................................................... 22

3.1. System Concept .............................................................................................................. 22

3.2. Service Zone Concept ..................................................................................................... 26

3.3. AP Management Concept................................................................................................ 28

4. Getting Started ................................................................................................... 29

4.1. Accessing Web Management Interface ........................................................................... 29

4.2. Home Page ..................................................................................................................... 31

4.2.1. Setup Wizard ............................................................................................................................ 32

4.2.2. Quick Links ............................................................................................................................... 33

4.2.3. System Overview ..................................................................................................................... 34

4.2.4. Main Menu ............................................................................................................................... 35

4.2.5. Online Help .............................................................................................................................. 36

5. Initial Network Setup .......................................................................................... 37

5.1. Network Requirement ...................................................................................................... 37

5.2. Managing System Date & Time ....................................................................................... 37

5.3. WAN1 & WAN2 Setup ..................................................................................................... 38

5.4. WAN T raffic Control ......................................................................................................... 40

5.5. LAN Port & Service Zone Mapping .................................................................................. 41

5.6. LAN Partition -- Service Zone .......................................................................................... 44

5.6.1. Planning Your Internal Network ................................................................................................ 46

5.6.2. Configure Service Zone Network ............................................................................................. 47

5.6.3. WISPr Attributes in Service Zone ............................................................................................. 51

5.7. IPv6 ................................................................................................................................. 52

6. User Authentication and Grouping ................................................................... 54

6.1. Overview of User Authentication Database ...................................................................... 54

6.1.1. Configuring On-demand ........................................................................................................... 56

6.1.2. Configuring RADIUS ................................................................................................................ 73

6.1.3. Configuring Local ..................................................................................................................... 78

6.1.4. Configuring LDAP .................................................................................................................... 79

6.1.5. Configuring POP3 .................................................................................................................... 81

6.1.6. Configuring NT Domain ............................................................................................................ 82

6.1.7. Configuring SIP ........................................................................................................................ 83

6.1.8. Choosing Your Networks’ Authentication method .................................................................... 85

6.2. Users Group .................................................................................................................... 87

6.2.1. Assign users to a Group .......................................................................................................... 88

6.2.2. Permission in Service Zone ..................................................................................................... 90

6.2.3. QoS Traffic Class and Bandwidth Control................................................................................ 93

6.3. User Login ....................................................................................................................... 94

6.3.1. An Example of User Login ....................................................................................................... 94

6.3.2. Default Authentication .............................................................................................................. 96

6.3.3. Login with Postfix ..................................................................................................................... 96

7. Policies and A cce ss C on t ro l ............................................................................. 97

7.1. Policy .............................................................................................................................. 97

7.1.1. Firewall ..................................................................................................................................... 99

7.1.2. Routing ................................................................................................................................... 104

7.1.3. Schedule ................................................................................................................................ 105

7.1.4. Session Limit .......................................................................................................................... 106

7.2. User Access Control ...................................................................................................... 107

7.3. Session Limit & Session Log ......................................................................................... 111

8. Users’ Login and Logout ................................................................................. 113

8.1. Befor e User Login ......................................................................................................... 113

8.1.1. Login with SSL ....................................................................................................................... 113

8.1.2. Internal Domain Name with Certificate .................................................................................. 114

8.1.3. Walled Garden ....................................................................................................................... 116

8.1.4. Walled Garden AD List ........................................................................................................... 117

8.1.5. Mail Message ......................................................................................................................... 119

8.2. After User Login ............................................................................................................ 120

8.2.1. Portal Home Page .................................................................................................................. 120

8.2.2. Idle Timer ............................................................................................................................... 121

8.2.3. Multiple Login ......................................................................................................................... 122

8.2.4. Change Password Privilege ................................................................................................... 123

8.2.5. Proxy Server .......................................................................................................................... 124

9. Local Area AP Management ............................................................................ 126

9.1. Multiple Type of AP ........................................................................................................ 127

9.2. Configure AP T emplate .................................................................................................. 128

9.3. AP Discovery ................................................................................................................. 131

9.3.1. AP Background Discovery ..................................................................................................... 133

9.4. Manually add AP ........................................................................................................... 134

9.5. AP with Service Zone .................................................................................................... 135

9.6. AP Security ................................................................................................................... 137

9.7. Change managed AP settings ....................................................................................... 138

9.8. AP Operations from AP List ........................................................................................... 141

9.8.1. Reboot, Enable, Disable and Delete the AP .......................................................................... 141

9.8.2. Apply T emplate ....................................................................................................................... 142

9.8.3. Apply Service Zone (Tag-Based Only) ................................................................................... 143

9.9. Firmware management and upgrade ............................................................................. 144

9.10. WDS Management ........................................................................................................ 145

9.11. Rogue AP Detection ...................................................................................................... 146

9.12. AP Load Balancing ........................................................................................................ 148

10. Wide Area AP Management ............................................................................. 151

10.1. AP Discovery ................................................................................................................. 152

10.2. Manually add AP ........................................................................................................... 153

10.3. Manage AP Lists ........................................................................................................... 154

10.4. Manage Third Party AP ................................................................................................. 156

10.5. Map ............................................................................................................................... 157

10.5.1. Register key from Google ...................................................................................................... 158

10.5.2. Create a Map ......................................................................................................................... 159

10.5.3. Marking APs on your Map ...................................................................................................... 160

10.5.4. Operations from Map page .................................................................................................... 163

10.6. AP Operations from AP List ........................................................................................... 164

10.7. WDS List ....................................................................................................................... 166

10.8. Backup Config ............................................................................................................... 167

10.9. Firmware management and upgrade ............................................................................. 168

10.10. CAPWAP ....................................................................................................................... 169

11. Networking Features of a Gateway ................................................................. 170

11.1. DMZ .............................................................................................................................. 170

11.2. Virtual Server................................................................................................................. 171

11.3. Client Mobility ................................................................................................................ 172

11.4. DNS Cache ................................................................................................................... 173

11.5. Dynamic Domain Name Service .................................................................................... 174

11.6. Port and IP Forwarding .................................................................................................. 175

11.7. Dynamic Route .............................................................................................................. 176

12. System Management and Utilities .................................................................. 179

12.1. System Time ................................................................................................................. 179

12.1.1. NTP ........................................................................................................................................ 179

12.1.2. Manual Settings ..................................................................................................................... 180

12.2. Management IP ............................................................................................................. 181

12.3. Access History IP .......................................................................................................... 182

12.4. SNMP ............................................................................................................................ 183

12.5. Change Password ......................................................................................................... 184

12.6. Backup / Restore and Reset to Factory Default ............................................................. 185

12.7. Firmware Upgrade ......................................................................................................... 186

12.8. Restart .......................................................................................................................... 187

12.9. Network Utility ............................................................................................................... 188

12.10. Certificate ...................................................................................................................... 190

12.11. Administrator Account.................................................................................................... 193

12.12. Monitor IP ...................................................................................................................... 196

12.13. Console Interface .......................................................................................................... 197

13. System Status and Reports ............................................................................ 200

13.1. View the Status ............................................................................................................. 200

13.1.1. System Status ........................................................................................................................ 201

13.1.2. Interface Status ...................................................................................................................... 203

13.1.3. HW ......................................................................................................................................... 205

13.1.4. Routing Table ......................................................................................................................... 206

13.1.5. Online Users .......................................................................................................................... 207

13.1.6. Non-Login Users .................................................................................................................... 208

13.1.7. Session List ............................................................................................................................ 209

13.1.8. User Logs ............................................................................................................................... 210

13.1.9. Local User Monthly Network Usage ....................................................................................... 212

13.1.10. Logs ....................................................................................................................................... 213

13.1.11. DHCP Lease .......................................................................................................................... 214

13.2. Notification .................................................................................................................... 215

13.2.1. SMTP Settings ....................................................................................................................... 216

13.2.2. SYSLOG Settings .................................................................................................................. 217

13.2.3. FTP Settings .......................................................................................................................... 218

13.2.4. Notification Settings ............................................................................................................... 219

13.2.5. System Report ....................................................................................................................... 222

14. Virtual Private Network (VPN) ......................................................................... 223

14.1. Local VPN ..................................................................................................................... 223

14.2. Remote VPN ................................................................................................................. 227

14.3. Site-to-Site VPN ............................................................................................................ 228

15. Customization of Portal Pages ....................................................................... 230

15.1. Customizable Pages ..................................................................................................... 230

15.2. Loading a Customized Login Page ................................................................................ 231

15.3. Using an External Login Page ....................................................................................... 234

15.4. Load a Customized Logout Page .................................................................................. 235

15.5. How External Page Operates ........................................................................................ 236

15.6. Disclaimer Pag e ............................................................................................................ 251

16. Payment Gateways .......................................................................................... 253

16.1. Payments via Authorize.Net........................................................................................... 253

16.2. Payments via PayPal..................................................................................................... 257

16.3. Payments via SecurePay .............................................................................................. 259

16.4. Payments via WorldPay ................................................................................................ 261

17. Additional Applications ................................................................................... 264

17.1. Upload / Download Local Users Accounts ..................................................................... 264

17.2. Backup / Restore and Upload New On-demand Users Accounts ................................... 265

17.3. Account Roaming Out ................................................................................................... 266

17.4. Seamless Cross Gateway Roaming .............................................................................. 267

Appendix A. Certificate Settings for IE6 and IE7 ................................................................. 269

Appendix B. Networ k Configuration on PC & User Login .................................................. 278

Appendix C. Policy Priority ................................................................................................... 291

Appendix D. RADIUS Accounting ......................................................................................... 292

Appendix E. VLAN Port Location Mapping and PMS Middleware ..................................... 299

1. Before You Start

1.1. Preface

This WHG Controller User Manual is for WLAN service providers or network administrators to set up a network environment using the WHG Controllers. It contains step-by-step procedures and graphic examples to guide MIS staff or individuals with basic network system knowledge to complete the installation.

Besides this document, there is a “Quick Installation Guide” (QIG), which is for starting up WHG Controller quickly. It is recommended to start with the QIG, and then refer to this manual for further details. Some special topics are addressed separately in the Appendixes.

1.2. Docum ent Co n v enti ons

Indicates that clicking this button will apply all of your settings.

Indicates that clicking this button will clear what you have set before the settings are applied.

The red asterisk indicates that information in this field is compulsory.

Log out the system.

Access Online Help interface.

Access Home interface.

Represents essential steps, actions, or messages that should not be ignored.

 Note:

Contains related information that corresponds to a topic.

2. WHG Contro llers Installation Guide

2.1. WHG Controller Capacity Table

Capacity WHG-311 WHG-315 WHG-401 WHG-505 WHG-515 WHG-707

Form Factor

13" Mini-book 19”(1U) 19”(1U) 19”(1U) 19”(1U) 19”(1U)

WAN 2 x GbE 2 x GbE 2 x GbE 2 x GbE 2 x GbE

2 x GbE,

2 x Combo

SFP

LAN 8 x GbE 8 x GbE 2 x GbE 2 x GbE 4 x GbE

4 x GbE,

2 x SFP

Local

Accounts

3000 4000 5000 6000 10000 15000

On-demand

Accounts

3000 4000 5000 6000 10000 15000

Managed AP

Capacity

(Local & Wide

Combined)

30 50 150 200 250 500

LevelOne AP

Model

EAP-110 EAP-200 EAP-300

EAP-110 EAP-200 EAP-300 OWL800

Monitored IP 100 100 200 200 250 500

Service Zones

Default + 8 Default + 8 Default + 8 Default + 8 Default + 8 Default + 8

User Groups 8 8 16 24 24 24

User Policies

Global + 12 Global +12 Global + 24 Global + 40 Global + 40 Global + 40

2.2. WHG Controller Hardware Overview

2.2.1. WHG-311 Hardware

Quick Buttons



Reset: Press and hold the Reset button for over 3 seconds and status of

LED on front panel will start to blink, release button at this stage to restarting the system. Press and hold the Reset button for more than 10 seconds and status of LED on the front panel will turn from blinking to off, release at this stage to reset the system to default configuration.

 Quick-Restore: This button is the firmware switch button. Press this

button while system is powering up and release when the “Quick-Restore” LED lights up, the system will switch to the other firmware image and boot up with that firmware.

 Quick-VPN: Function reserved for future release.  Quick-Offload: Function reserved for future release.

LED Displays



Power: Power LED lights up as constant green when power supply is on.

 Status: Status LED is Blue. Blinking indicates that system OS is booting

up, when lit up constantly indicates that the system is ready for operation.

 Quick-Restore: This is used to indicate that the system will now switch to

the other F/W partition for operation.

 Quick-VPN: Function reserved for future release.  Quick-Offload: Function reserved for future release.

WAN1/ WAN2

Two Gigabit WAN ports (10/100/1000 Base-T RJ-45) for uplink connections to the external network, such as the ADSL Router from your ISP (Internet Service Provider).

LAN1~ LAN8

Eight Gigabit LAN ports for servicing LAN traffic (10/100/1000 Base-T RJ-45).

SD Disk

Used for system storage, please do not remove during operation.

USB

Function Reserved for future use.

Console

The system can be configured via a serial console port. The administrator can

use a terminal emulation program such as Microsoft’s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status, etc.

2 3 4 5 6

2.2.2. WHG-315 Hardware

LCD Display



Allows network administrator to check important system settings such as

network interface, SZ configurations, etc. The navigations buttons from left to right respectively are “Sleep”, “Esc”, “Up”, “Down”, and “Enter”.

Quick Buttons



Reset: Press and hold the Reset button for over 3 seconds and status of

 Quick-Restore: This button is the firmware switch button. Press this

button while system is powering up and release when the “Quick-Restore” LED lights up, the system will switch to the other firmware image and boot up with that firmware.

 Quick-VPN: Function reserved for future release.  Quick-Offload: Function reserved for future release.

LED Displays



Power:

Power LED lights up as constant green when power supply is on.

 Status: Status LED is Blue. Blinking indicates that system OS is booting

up, when lit up constantly indicates that the system is ready for operation.

 Quick-Restore: This is used to indicate that the system will now switch to

the other F/W partition for operation.

 Quick-VPN: Function reserved for future release.  Quick-Offload: Function reserved for future release.

WAN1/ WAN2

Two Gigabit WAN ports (10/100/1000 Base-T RJ-45) for uplink connections to

the external network, such as the ADSL Router from your ISP (Internet Service Provider).

LAN1~ LAN8

Eight Gigabit LAN ports for servicing LAN traffic (10/100/1000 Base-T RJ-45).

SD Disk

Used for system storage, please do not remove during operation.

USB

Function Reserved for future use.

Console

The system can be configured via a serial console port. The administrator can

use a terminal emulation program such as Microsoft’s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status, etc.

2 3 4 5 6 7 8

2.2.3. WHG-401 Hardware

LED Indicators

There are three kinds of LED,

Power, Status

and

Hard-disk

, to indicate

different status of the system.

LCD Display

Allows network administrator to check important system settings such as network

interface, SZ configurati ons, et c. T he navigat ion buttons from left to right respectively are “Esc”, “Up”, “Down”, and “Enter”.

Console

The system can be configured via a serial console port. The administrator can

use a terminal emulation program such as Microsoft’s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status, etc.

Reset

Press and hold the Reset button for about 5 seconds and status of LED on front

panel will start to blink before restarting the system. Press and hold the Reset button for more than 10 seconds and status of LED on the front panel will start to speed up blinking before resetting the system to default configuration.

USB

Reserved for future use.

Mgmt

For management use only, it always will open WMI (Web Management Interface) homepage.

WAN1/ WAN2

Two Gigabit WAN ports (10/100/1000 Base-T RJ-45) for uplink connections to the external network, such as the ADSL Router from your ISP (Internet Service Provider).

LAN1/ LAN2

Two Gigabit LAN ports for servicing LAN traffic (10/100/1000 Base-T RJ-45).

Power Supply Socket

Connecting the power cord to the built-in open-frame power supply (Input:

100~240 VAC, 50/60 Hz).

Power Switch

Power-On () & Power-Off ( O ).

Device Cooling Fan

Don’t block the cooling fans. Leave enough open space for ventilation.

1 2 3 4 5 6 7

2.2.4. WHG-505 Hardware

LED Indicators

There are three kinds of LED,

Power, Status

and

Hard-disk

, to indicate

different status of the system.

LCD Display

Allows network administrator to check important system settings such as

network interface, SZ configurations, etc. The navigations buttons from left to right respectively are “Esc”, “Up”, “Down”, and “Enter”.

Console

The system can be configured via a serial console port. The administrator can

use a terminal emulation program such as Microsoft’s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status, etc.

Reset

Press and hold the Reset button for about 5 seconds and status of LED on front

USB

Reserved for future use.

Mgmt

For management use only, it always will open WMI (Web Management

Interface) homepage.

WAN1/ WAN2

Two Gigabit WAN ports (10/100/1000 Base-T RJ-45) for uplink connections to

the external network, such as the ADSL Router from your ISP (Internet Service Provider).

LAN1/ LAN2

Two Gigabit LAN ports for servicing LAN traffic (10/100/1000 Base-T RJ-45).

Power Supply Socket

Connecting the power cord to the built-in open-frame power supply (Input:

100~240 VAC, 50/60 Hz).

Power Switch

Power-On () & Power-Off ( O ).

Device Cooling Fan

Don’t block the cooling fans. Leave enough open space for ventilation.

1 2 3 4 5 6 7

2.2.5. WHG-515 Hardware

LED Indicators

There are three kinds of LED, Power, Status and Hard-disk, to indicate

different status of the system.

LCD Display

Allows network administrator to check important system settings such as

network interface, SZ configurations, etc. The navigations buttons from left to right respectively are “Esc”, “Up”, “Down”, and “Enter”.

Reset

Press and hold the Reset button for about 5 seconds and status of LED on front

Console

The system can be configured via a serial console port. The administrator can

use a terminal emulation program such as Microsoft’s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status, etc.

USB

Reserved for future use.

Mgmt

For management use only, it always will open WMI (Web Management

Interface) homepage.

WAN1/ WAN2

Two Gigabit WAN ports (10/100/1000 Base-T RJ-45) for uplink connections to the external network, such as the ADSL Router from your ISP (Internet Service Provider).

LAN1 ~ LAN4

Four Gigabit LAN ports for servicing LAN traffic (10/100/1000 Base-T RJ-45).

Power Supply Socket

Connecting the power cord to the built-in open-frame power supply (Input:

100~240 VAC, 50/60 Hz).

Device Cooling Fan

Don’t block the cooling fans. Leave enough open space for ventilation.

Power Switch

Power-On () & Power-Off ( O ).

1 2 3 4 5 6 7

2.2.6. WHG-707 Hardware

WAN1/ WAN2 (SFP)

Two combo WAN ports (SFP) are connected to the external network, such as

the ADSL Router from your ISP (Internet Service Provider).

LAN5/ LAN6 (SFP)

Client machines connect to WHG Controller via these LAN ports (SFP).

LED Indicators

There are four kinds of LED, WAN1, WAN2, LAN4, and LAN5, to indicate the

traffic status of the SFP ports.

WAN1/ WAN2

Two WAN ports (10/100/1000 Base-T RJ-45) are connected to the external network, such as the ADSL Router from your ISP (Internet Service Provider).

LAN1 ~ LAN4

Client machines connect to WHG Controller via these LAN ports (10/100/1000 Base-T RJ-45).

USB

Reserved for future use.

Console

The system can be configured via a serial console port. The administrator can use a terminal emulation program such as Microsoft’s Hyper Terminal to login to the configuration console interface to change admin password or monitor system status, etc.

LED Indicators

There are three kinds of LED, Power, Status and Hard-disk, to indicate

different status of the system.

LCD Display

Allows network administrator to check important system settings such as network

interface, SZ configurations, etc. The navigations buttons from left to right respectively are “Esc”, “Up”, “Down”, and “Enter”.

Power Supply Socket

Connecting the power cord to the built-in open-frame power supply (Input:

100~240 VAC, 50/60 Hz).

Power Switch

Power-On () & Power-Off ( O ).

Device Cooling Fan

Don’t block the cooling fans. Leave enough open space for ventilation.

1 2 3 4 5 6 7 8 9

2.3. Preparation before the Installation

Before you start the installation by either following this User Manual or the Quick Installation Guide, below is a short preparation list to do.

1. Unpack the WHG Controller and go through the package checklist.

2. Revie w the front panel and the back panel and identif y each control and networ k interface that is descr ibed in

the Hardware & Specification section.

3. Prepare Ethernet cables with RJ-45 connectors.

4. Prepare a PC with Web browser for accessing the Web Management Interface.

5. Identify an upstream device for WHG Controller to connect to in your network, such as ADSL, CABLE modem or

other edge devices. Collect the DNS server address provided by your ISP. If you are using WHG Controller product for th e first tim e, it is recommended tha t you follow the Quick Installation Guide to start up the WHG Control ler in a near default state with m inimum configuration changes (such as WAN settings and adm in password), then refer t o this manual later when you want to configure the system for specif ic application needs.

The recommended general steps for the configuration are:

 Set up system’s Time Zone, NTP server, DNS server and WAN1 address  Configure LAN address range for at least one Service Zone, and enable its authentication. The

Default Service Zone is enabled to require authentication by the factory default.

 Create user accounts to test the login page via wire line in the enabled Service Zone.  Try to generate on-demand user and test the account.  Configure Wireless Settings of Service Zone, then add in AP.  Configure more Service Zones base on your application.  Set up Group and Policy (including Firewall rules and Session Limit).  Customize the portal login page and add walled garden Advertisement links if needed.  Set up Payment gateway if you want to use credit card for the on-demand accounts.  Load SSL certificate for the Web Server before operation.  Monitor the status pages and reports generated.  Perform other advanced setting for your specific application.

2.4. Unpacking & Installing

2.4.1. WHG-311 Package & Installation

 Package Checklist

The standard package of WHG-311 includes:

 WHG-311 x 1  CD-ROM (with User’s Manual and QIG ) x 1  Quick Installation Guide (QIG) x 1  RS-232 DB9 Console Cable x 1  Ethernet Cable x 1  Power Adaptor (12VDC, 2A) x 1

It is highly recommended to use all the supplies in the package instead of substituting any components by

other suppliers to guarantee best performance.

 Installation

 Connect the power adaptor to the power socket on the rear panel. The Power LED should be on to indicate a

proper connection.

 Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable to

an xDSL/cable modem, or a switch/hub of an internal network. The LED of this port should be on to indicate a

proper connection.

 Connect an Ethernet cable to a LAN Port on the front panel. Connect the other end of the Ethernet cable to an

administrator PC for configuring the system. Connect an Ethernet cable to the LAN1 or LAN2 Port on the front

panel. Connect the other end of the Ethernet cable to an AP for extending wireless coverage; a switch for

connecting more wired clients; or directly to a client PC. The LED of port should be on to indicate a proper

connection.

2.4.2. WHG-315 Package & Installation

 Package Checklist

The standard package of WHG-315 includes:

 WHG-315 x 1  CD-ROM (with User’s Manual and QIG ) x 1  Quick Installation Guide (QIG) x 1  RS-232 DB9 Console Cable x 1  Ethernet Cable x 1  Power Cord x 1

 Rack Mounting Bracket (with Screws) x 1

It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance.

 Installation

 Connect the power cord to the power socket on the rear panel.  Turn on ( | ) the power switch on the rear panel. The Power LED should be on to indicate a proper connection.  Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable to

an xDSL/cable modem, or a switch/hub of an internal network. The LED of this port should be on to indicate a

proper connection.

 Connect an Ethernet cable to a LAN Port on the front panel. Connect the other end of the Ethernet cable to an

administrator PC for configuring the system. Connect an Ethernet cable to the LAN1 or LAN2 Port on the front

panel. Connect the other end of the Ethernet cable to an AP for extending wireless coverage; a switch for

connecting more wired clients; or directly to a client PC. The LED of port should be on to indicate a proper

connection.

2.4.3. WHG-401 Package & Installation

 Package Checklist

The standard package of WHG-401 includes:

 WHG-401 x 1  CD-ROM ( with User’s Manual and QIG) x 1  Quick Installation Guide (QIG) x 1  RS-232 DB9 to RJ45 Console Cable x 1  Ethernet Cable x 1  Straight-through Ethernet Cable x 1  Power Cord x 1  Rack Mounting Bracket (with Screws) x 1

It is highly recommended to use all the supplies in the package instead of substituting any components by

other suppliers to guarantee best performance.

 Installation

an xDSL/cable modem, or a switch/hub of an internal network. The LED of this port should be on to indicate a

proper connection.

 Connect an Ethernet cable to the Mgmt Port on the front panel. Connect the other end of the Ethernet cable to

an administrator PC for configuring the system. Connect an Ethernet cable to the LAN1 or LAN2 Port on the

front panel. Connect the other end of the Ethernet cable to an AP for extending wireless coverage; a switch for

connecting more wired clients; or directly to a client PC. The LED of port should be on to indicate a proper

connection.

2.4.4. WHG-505 Package & Installation

 Package Checklist

The standard package of WHG-505 includes:

 WHG-505 x 1  CD-ROM ( with User’s Manual and QIG) x 1  Quick Installation Guide (QIG) x 1  RS-232 DB9 to RJ45 Console Cable x 1  Ethernet Cable x 1  Straight-through Ethernet Cable x 1  Power Cord x 1  Rack Mounting Bracket (with Screws) x 1

It is highly recommended to use all the supplies in the package instead of substituting any components by

other suppliers to guarantee best performance.

 Installation

1. Connect the power cord to the power socket on the rear panel.

2. Turn on ( | ) the power switch on the rear panel. The Power LED should be on to indicate a proper

connection.

3. Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable to an xDSL/cable modem, or a switch/hub of an internal network. The LED of this port s hou ld be on to indicate a proper connection.

4. Connect an Ethernet cable to the Mgmt Port on the front panel. Connect the other end of the Ethernet cable to an administrator PC for configuring the system. Connect an Ethernet cable to the LAN1 or LA N 2 Port on the front panel. Connect the other end of the Ethernet cable to an AP for extending wireless coverage; a switch for connecting more wired clients; or directly to a client PC. The LED of port should be on to indicate a proper connection.

2.4.5. WHG-515 Package & Installation

 Package Checklist

The standard package of WHG-505 includes:

 WHG-515 x 1  CD-ROM ( with User’s Manual and QIG) x 1  Quick Installation Guide (QIG) x 1  RS-232 DB9 to RJ45 Console Cable x 1

 Ethernet Cable x 1  Straight-through Ethernet Cable x 1  Power Cord x 1  Rack Mounting Bracket (with Screws) x 1

It is highly recommended to use all the supplies in the package instead of substituting any components by

other suppliers to guarantee best performance.

 Installation

an xDSL/cable modem, or a switch/hub of an internal network. The LED of this port should be on to indicate a proper connection.

 Connect an Ethernet cable to the Mgmt Port on the front panel. Connect the other end of the Ethernet cable to

an administrator PC for configuring the system. Connect an Ethernet cable to the LAN1 or LAN2 Port on the front panel. Connect the other end of the Ethernet cable to an AP for extending wireless coverage; a switch for connecting more wired clients; or directly to a client PC. The LED of port should be on to indicate a proper connection.

2.4.6. WHG-707 Package & Installation

 Package Checklist

The standard package of WHG-707 includes:

 WHG-707 x 1  CD-ROM (with User’s Manual and QIG) x 1  Quick Installation Guide (QIG) x 1  RS-232 DB9 Console Cable x 1  Ethernet Cable x 2  Power Cord x 1  Rack Mounting Bracket (with Screws) x 1

It is highly recommended to use all the supplies in the package instead of substituting any components by

other suppliers to guarantee best performance.

 Installation

1. Connect the power cord to the power socket on the rear panel.

2. Turn on the power switch on the rear panel.

3. Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable

to an xDSL/cable modem, or a switch/hub of an internal network. The LED of this port should be on to indicate a proper connection.

4. Connect an Ethernet cable to the LAN Ports on the front panel; connect the other end of the Ethernet cable

to an administrator PC for configuring the WHG Controller system. Connect an Ethernet c ab le to the LAN 1 or LAN2 Port on the front panel; connect the other end of the Ethernet cable to an AP for extending wireless coverage, a switch for connecting more wired clients, or a client PC. The LED of this port should be on to indicate a proper connection.

Start with this simple network topology to set up WHG Controller for the first time; it helps to plan a more sophisticated network topology to suits your specific application needs later.

【

A simple network diagram for the initial setup】

3. System Overview

3.1. System Concept

If you have experienced other LevelOne WLAN WHG Controller products before and are familiar with its system concept, you may skip the concept description below. Please proceed to the next section on (Getting Started).

WHG Controller is capable of managing user authentication, authorization and accounting (AAA). The user account information is stored in the local database or a specified external database server. Featured with user authentication and integrated with external payment gat e wa y, WHG Controllers allows users to easily pay the fee and enjoy the Internet service using credit cards through Authorize.Net, PayPal, SecurePay, or WorldPay.

With centralized AP management feature, the administrator does not need to worry about how to manage multiple wireless access point devices. WHG Controllers and LevelOne APs combined provides flexible network solution which supports overlay deployment where traffics from remote sites are tunnelled back and centrally controlled by WHG Controller.

Furthermore, WHG Controller introduces the concept of Service Zones - multiple virtual networks, each with its own definable access control profiles. This is very useful for hotspot owners seeking to provide different customers or staff with different levels of network services.

The following portion of this section explains the basic concepts of WHG Controller. With the understanding of these concepts, the administrator will be able to do more advanced network planning and to manipulate the configurations of WHG Controller to suit his own specific application. It is sufficient for most of administrators to use the default configuration with minor WAN/DNS address changes for simple deployments.

Gateway is a network node where a small network attaches to a bigger networ k. WHG Controller is a kind of gateway in a network environment; hence it has those features a typical gateway has, such as NAT, DHCP, DMZ, Firewall and etc. Conventionally, the bigger network is referred as the gateway’s WAN side or upstream network, while the small network is referred as the gateway’s LAN side. The Ethernet ports leading to the WAN side network is called WAN ports. The Ethernet ports leading to the LAN side network is called LAN ports.

Local User is a type of user with its account credential stored in a b u ilt -in database named “Local” within WHG Controller. The WHG Controller’s “Local” database cap ac it y varies with differ ent m ode l. A local user account does not have an expiration date once they are created. If administrator wishes to terminate the account, he must remove it manually from the database. A local database can be used as an external RADIUS database for another WHG Controller product for account roaming.

On-demand User is a type of user with its account credential stored in a built-in database named “On-demand” within WHG Controller. The WHG Controller’s “On-demand” database capacit y varies with different m odel. . On-demand User is used for short term usage purpose; it has an expiration period. An on-demand account record will be recycled for creating new on-demand account if it has expired for over 15 days or has been deleted by the

Administrator/Manager manually. External Authenticati on Database is a user account database that is not built inside WHG Controller. Besides Local database and On-demand database, WHG Controller allows up to three additional External Authentication databases simultaneously. The types of external Authentication databases supported are RADIUS, POP3, LDAP (including Active Directory), and NTDomain (Win2K’s NTDS). The database of another WHG Controller device can be used as an external RADIUS database. External Authentication Database is useful for implementing account roaming; for example, multiple WHG Controller devices in multiple campuses can share one common external database. A user needs only one account in the common database to access the network from different campuses.

Service Zone is a logic partition of WHG Controller’s LAN network. The concept of Service Zone is similar to the concept of virtual LAN (VLAN), which can be used to group the network traffic or network services for clients on the same VLAN segment, regardless of the clients’ physical locations. That is, several VLAN segments may be in service at one physical network location as well as devices belonging to one VLAN segment may spread across multiple physical locations.

Each Service Zone can also be viewed a virtual machine of WHG Controller because each Service Zone can define its own customized login portal page, and its own gateway properties (such as LAN IP address, DHCP on/off and address range). The feature of Multiple Service Zone is also useful to service multiple hotspot franchises in shopping malls or airport terminals by a single WHG Controller.

A Service Zone is uniquely defined by a VLAN tag id (under Tag-Based) and an associated SSID attribute. When a managed access point (MAP) is added to a Service Zone through WHG Controller’s AP Management feature by the administrator, the associated SSID will be activated in the MAP along with the VLAN tag of the corresponding Service Zone.

For example, in the following Figure 2, the administrator plans three logical Service Zones for an academic campus:

 The first Service Zone (with SSID=’Student”, and VLAN tag=1) is for students.  The second (with SSID=”Faculty” and VLAN tag=2) for faculties.  The third (SSID=”Guest” and VLAN tag=3) for guests.

A Service Zone may or may not require client authentication, depending on how the administrator sets it up. If a Service Zone requires user authentication, the client will be prompted for the login in first before using the network services, no matter whether the client is connecting to its SSID wirelessly or a switch port via wired line,.

Group is a group of user accounts sharing the same access privileges, QoS properties and network policies. Each client account belongs to a Group. Each Group may or may not be allowed to access a particular Service Zone, depending on the how the administrator define its access mapping. If the administrator does not assign a new account to any specific Group, the account belongs to a catch-all group named “None” by default.

Policy is for defining rules, privileges or properties for managing users . Each user group is bound by a Policy within a given Service Zone. The same group may or may not be bound to the same policy in different Service zones. There are two tiers of Policies. The first tier is a policy named ‘Global-Policy’. The Global-Po licy i s a base policy which will be applied to all user s if not applied with another policy. The second tier is called ‘Group-Policy’ or simply

‘Policy’, whic h can be chosen to bound the network behaviors of a Group. The administrator can define the Firewall Profile, Route Profile, Schedule Profile and Max Sessions in a Policy.

The following Figure depicts an example relationship of Service Zone, Group and Policy. In this example, Students and faculties logging into Service Zone 1 will be governed by Policy-A. Guests only have the access of Service Zone 3, and will be bounded by Policy-C. Faculties have the access to both Service Zone 1 and Service Zone 2 under two different policies.

An example relationship of Service Zone, Group and Policy

The following Figure depicts an example using WHG Controller in managing network/internet access i n an academic campus environment. Imagine the network administrator may wish to set different privileges and bandwidth limits for staff, students, and professors; he could use several Service Zones of WHG Controller – one for staff, one for students, and one for the professors. He also uses one zone for some shared servers in the diagram.

There traffic of students, professors, and guests can be segregated by thereby different VLAN segments.

An example of managed network in a Campus environment

Service Zone 1

Service Zone 2

Service Zone 3

Policy-B

Group

Student

Group

Faculty

Group

Guest

Policy-C

Policy-A

WHG Controller in a Business Headquarter

WHG Controller in a Hotel – Capable of integrating with DSLAM and PMS

3.2. Service Zone Concept

LevelOne Service Zones are virtual machines that has its’ own network interface, DHCP server, authentication configuration, user pages as well as security and user policy settings. By associating a unique VLAN Tag and SSID with a Service Zone, administrators can separate wired net w ork and wireless network into different logical networks isolated from one another. Users attempting to access the resources within the Service Zone will be controlled based on the access control profile of the Service Zone, such as authentication, security feature, wireless encryption method, traffic control, and etc. There are nine Service Zone profiles in total, Default Service Zone and Service Zones 1 ~ 8.



Simple network environment

For most simple internal network, such as there are just only two subnets. Using Port-Based model is an easy and better way. In Port-Based mode (configurable in Port Location Mapping tab page), each LAN port can only serve traffic from one Service Zone. An example of network application diagram is shown as below: one Service Zone for Employees and one for Guests.

The switches deployed under Controller in Port-Based mode must be Layer 2 switches only.



Multi subnet network environment

On the other hand, if the internal network is a Multi subnets network enviro nment, Tag-Based model will satisfy to your conditions. In Tag-Based mode, each LAN port will serve traffics from different Service Zones; a VLAN switch or VLAN AP is required to take care of the VLAN tags carried within the message frames. An example of network application diagram is shown as below: more than two Service Zones for different departments.

The switch deployed under Controller in Tag-Based mode must be a VLAN switch only.

3.3. AP Management Concept

AP Management feature is designed not only for internal network AP deployment, but also overlay deployment at remote locations over the cloud. WHG Controllers can manage from 30 to 500 LevelOne Access Points depending on model. For overlay AP deployment, WHG Controllers establish a secure tunnel between the managed AP and Controller.

Certain AP models with additional Ethernet ports can also provide wired network service. When managed remotely over the internet, the APs wired user traffic can be forwarded into the internet without having to be tunneled back and centrally forwarded by the AC. This feature is an example of Distributed Traffic Forwarding (DTF).

4. Getti ng Started

4.1. Accessing Web Management Interf ace

When you have completed the hardware installation of your WHG Controller, system configurations can be performed via built-in Web Management Interface (WMI).

Step 1. Connect your PC to any of the LAN ports of your WHG Controller. Step 2. Set the TCP/IP settings on your PC to “Obtain an IP address automatically”. Step 3. Launch a web browser and enter the WHG Controller’s default LAN IP address “192.168.1.254”. If you are

connected to a Mgmt port (WHG-401, WHG-505, WHG-515) please enter the mgmt port IP address “172.30.0.1”.

Step4. Enter the default administrator account and password “admin” to login. Once logged into the WMI, the system’s Home Page will be displayed.



If your PC is connecting to the LAN port, and you can’t get the Administrator’s login screen, the reasons may be:

(1) The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the built-in DHCP Server; (2) The IP address and the default gateway are not under the same network segment. Please use default IP address such as 192.168.1.xx in your netw ork and then tr y agai n.

After a successful login, a Home Page will appear on the screen.

For the first time, if WHG Controller is not using a trusted SSL certificate, there will be a “Certificate Error”, because the browser treats WHG Controller as an illegal website. Please press “Continue to this website” to continue. The default user login page will then appear in the browser.

+ 277 hidden pages

LevelOne WHG-311, WHG-315, WHG-401, WHG-707, WHG-505 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual