Page 1
Copyright © 2008 Micronet Communications, INC
Product Guide
Network Access Control
SP1910 / SP1900
The Key to Securing Your Business Network!
Peter Tsai
Product Manager / Product Marketing Dept.
Feb 17th, 2009
Page 2
Micronet Communications Introduction
2
Micronet Communications Introduction
2
Are Your Network Triple AAA Protected &
Managed?
“Are you certain all the connected clients are authorized?”
“Are your network resources correctly allocated?”
“Are you finding hard to manage the bill for the services?”
Manage Your Network Environments with Micronet Network Access Controller!
Page 3
Micronet Communications Introduction
www.micronet.info
3
SP1910 Network Access Controller
Interface
Status Indicators
Reset Button
Console Port for Ticket Printer
Wan Ports (1 - 2)
LAN Ports (1 - 8)
Power Jack
1
2
3
4
5
6
2
1
3
5
6
4
Page 4
Micronet Communications Introduction
www.micronet.info
4
SP1900 Network Access Controller
2
3
4
1
Interface
Status Indicators
Console Port for CLI Settings
Wan Ports (1 - 2)
LAN Ports (1 - 2)
1
2
3
4
Page 5
5
Micronet Communications Introduction
www.micronet.info
Case Study – Business MTU
Multi-Tenant Unit
Application for MTU
environments with multiple
business tenants that
expand across several
floors (eg. Office Building,
Public Building).
Enhanced Coverage &
Speed with 11n AP/Router
By implementing SP916N, the
AP/Router can service more
grounds and eliminate signal
dead spots.
SP1910
Ground
Floor
1F
2F
10F
M913
RADIUS
Server
SP916N
SP916N
SP916N
Internet
Page 6
6
Micronet Communications Introduction
www.micronet.info
Internet
SP1910
1F
2F
10F
M913
SP918GK
SP918GK
SP918GK
SP918GK
Ground
Floor
Case Study – Residential MDU
Multi-Dwelling Unit
Application for MDU
environments with multiple
residential apartments that
expand across several
levels (Eg. Hotel,
Apartment Building).
Remote AP Management
SP1910 can remotely
manage up to 12 SP918GK
Wireless APs through a
centralized Web Interface.
Page 7
7
Micronet Communications Introduction
www.micronet.info
Case Study – User Authentication
User Authentication
All users connecting to the
building’s network either
through wired or wireless will
need to be authenticated.
Authentication Methods
Authentication can take
place either at the local
database of SP1910 or
through external servers
(RADIUS, NT Domain,
POP3, LDAP).
Internet
SP1910
Network Access
Controller
SP916N
11n AP/Router
SP916N
Page 8
8
Micronet Communications Introduction
www.micronet.info
Case Study – Resource Authorization
User Authorization
The solution allows each
users to be set with different
profiles containing various
resource allocations.
Profile Types
Each profiles can limit or
allocate different network
resources (bandwidth, firewall,
schedule and specific route)
to help administrators easily
categorized user groups.
Internet
User 1
Profile 1
User 2
Profile 2
2
1
Profile
Wed
Tues
Day ResourceAccess
Tuesday
512K
128K
128K
512K
2
1
Profile
Wed
Tues
Day ResourceAccess
Wednesday
512K
128K
SP1910
SP916N
SP916N
Page 9
9
Micronet Communications Introduction
www.micronet.info
Case Study – Billing Accounting
Account Billing
The solution allows
management of billing
transactions for services
provided to public.
Billing & Reporting
Administrators can set
different billing profiles
according to time and data
volume to charge for public
Internet access. The system
can also generate a report for
the revenue stream of each
profile.
Report from 2008/01/20 ~ 2008/03/20
Total Account
Sold
2
Total Income 40
Income from
Time Users
40
Income from
Data Users
0
Plan 1 2
Plan 3
Plan 2 0
0
Internet
SP1910
SP916N
SP916N
Page 10
10
Micronet Communications Introduction
www.micronet.info
Technical – IP Device Monitoring
IP Device Monitoring:
¾ Both SP1910 & SP1900 support IP Device Monitoring function for
allowing ongoing status checkup for servers, PCs, or APs.
¾ Any device with an IP can be monitored using the function to verify the
status.
¾ The NAC will routinely PING the monitored device to verify status and
will alert the user via email whenever it is not responding.
¾ Important function for checking server availability in a corporate
environment.
¾ Network with wireless LAN deployment can make use of the function
to check online status of its access points.
Page 11
11
Micronet Communications Introduction
www.micronet.info
Case Study – IP Device Monitoring
Monitored IP Availability
No IP Address Status
2
1 192.168.1.200
192.168.1.100
IP Monitoring
The function allows
devices (Server/AP) to be
monitored via IP address.
An alert email will be sent
to administrator if the
monitored device is
unavailable.
192.168.1.200
192.168.1.100
Internet
Email Alert
SP1910
Page 12
12
Micronet Communications Introduction
www.micronet.info
Technical – Triple A
Authentication:
¾ This process involves the controlling device to have the capability of
establishing digital identity of all entity in the network for access control.
Common method is user account management either via local
database on device or external authentication server (Eg. RADIUS).
Authorization:
¾ The process refers to granting specific privilege rights to different entity
group for achieving optimal network resource allocation. Process often
includes bandwidth control, scheduling and firewall profiles.
Accounting:
¾ The process involves the method of tracking network resource usage
either for billing or traffic control. For NAC environment, it is important
to generate total usage amount of Internet service from external
parties.
All Micronet NAC Solution conforms to the Triple A ideology.
Page 13
13
Micronet Communications Introduction
www.micronet.info
Authentication/Authorizing/Accounting Matrix
Triple AAA SP1910 SP1900
¾
Local User Database
¾
External Authentication Server (RADIUS, NT
Domain, POP3, LDAP)
¾
CA Certificate
¾
Bandwidth Control
¾
User Policy (Firewall, Schedule, Specific
Route & Bandwidth)
¾
Walled Garden
¾
Billing & Reporting Functions
¾
Enable Session Expiration for On-demand
Account by Time & Data Volume
¾
Traffic History
Authentication
Authorizing
Accounting
Page 14
14
Micronet Communications Introduction
www.micronet.info
Technical – User Account Type
External Authentication Server
¾ NAC authentication process can also be redirected to an external
authentication server.
¾ Supported authentication servers include: POP3, RADIUS, LDAP &
NTDomain.
¾ All account information are stored remotely on the authentication server.
¾ It is an ideal method to centralize all network’s user accounts onto a
single external authentication server.
Page 15
15
Micronet Communications Introduction
www.micronet.info
NAC Configuration Guide
Concurrent Users Recommended
SP1910 100 ~ 200
SP1910 with Multiple AP
SP1910 with Multiple SP918GK
SP1900 200 ~ 500 SP1900 with Multiple AP
The APs used in conjunction with above NAC products are not restricted to
only Micronet APs. However, if users wish to make use of AP Management on
SP1910’s Web UI, the AP will need to be Micronet SP918GK.
Page 16
16
Micronet Communications Introduction
www.micronet.info
NAC Function Matrix
NAC Function SP1910 SP1900
2000 On-demand
500 Local Users
2000 On-demand
2500 Local Users
1 Public & 1 Private4 Public & 4 Private
Local Account
AP Management
Public/ Private LAN
Port
M913
Ticket Printer
Above Public & Private LAN ports are default settings. User may change the
quantity and arrangement via the Web-based UI.
Page 17
17
Micronet Communications Introduction
www.micronet.info
Technical – User Account Type
On-Demand User:
¾ On-demand users are for temporary users outside of the organization.
¾ All account information are stored locally in the NAC’s database.
¾ The NAC will generate a random username and password to the user.
¾ Administrator can limit the user on Internet usage by time & data volume.
¾ It is the ideal account type for paid Internet access for the public WLAN.
Local User:
¾ Local users are for permanent users internal to the organization (Eg.
Staff).
¾ All account information are stored locally in the NAC’s database.
¾ The administrator will set a meaning and easy to remember username
and password for each user.
¾ It is the ideal account type for internal staff where the account will have a
more permanent lifetime.
Page 18
18
Micronet Communications Introduction
www.micronet.info
Technical – Private & Public LAN Ports
Private LAN Port:
¾ LAN ports on the NAC/Hotspot products can be divided into two main
categories: private & public.
¾ Private LAN ports allow all connected clients to access Internet without
going through the authentication procedure.
¾ Private LAN ports are suitable for internal access by administrator or
business personnel.
Public LAN Port:
¾ Public LAN ports will require all connected clients to be authenticated
before allowing access to Internet.
¾ On default, first half of the LAN ports will be public. However this setup
can be altered in the Web UI.
¾ Public LAN ports are targeted for customers requesting Internet
access via public WLAN.
Page 19
19
Micronet Communications Introduction
www.micronet.info
NAC Scenario Matrix
NAC Environment SP1910 SP1900
Public Space / Building
Office Building
Library
Convention Center
School / University
Airport
Page 20
20
Micronet Communications Introduction
www.micronet.info
Key Features / Advantages / Benefits
Key Features
Advantages Benefits
SP1910 supports up to 200
concurrent users.
SP1900 supports up to 500
concurrent users.
Depending on environments,
Micronet’s NAC solutions will
be able to fulfill up to large
network scenarios of 500
concurrent users.
All models support on-
demand accounts for
temporary customers with
randomly generated
account details.
Alternatively, local user
accounts allow the
administrator to specify
username, password and
expiry date.
On-demand accounts are
suitable for random
customers who enter the
hotspot areas requesting for
Internet access.
Local user accounts are
suited more for internal staff
with fixed login details.
VPN
Internet Access
Local
Database
On-demand &
Local User
Scalability
500 Concurrent
Users
Page 21
21
Micronet Communications Introduction
www.micronet.info
Key Features / Advantages / Benefits
Key Features Advantages Benefits
The solutions allow user to
use existing external
database server for user
authentication.
Supported server includes
POP3, Radius Server,
LDAP and NTDomain.
This function allows a
centralize management of
user accounts at a single site.
Users will be able to use the
same user account across
different sites since all
accounts are stored at a
single site for authentication.
Both SP1910/SP1900
support two WAN ports for
load balance.
SP1910 provides failover
and fallback support
between two WAN
connections.
Users can specify the WAN
port that different policy group
will use as gateway to
achieve load balance.
When WAN 1 fails, it will
automatically redirect to WAN
2 for Internet access. Once,
WAN 1 connection returns to
normal, the traffic will fallback.
VPN
Internet Access
External
Database
POP3/ Radius/
LDAP & NTDomain
Multi-WAN
Load Balance &
Fail Over
Page 22
22
Micronet Communications Introduction
www.micronet.info
Key Features / Advantages / Benefits
Key Features
Advantages Benefits
Both SP1910 & SP1900
support Bandwidth Control
for limiting each individual
according to policy set.
SP1910 (8 policies)
/SP1900 (6 policies) allows
multiple policy to be
configured to fit the
different user groups.
Tighter control on network
resource sharing with limited
bandwidth for broadband
access.
Each user’s allowed
bandwidth will be govern by
the policy it is assigned.
SP1900 supports IEEE
802.1q VLAN for
segmentation large
networks into groups for
easier control and
maintenance.
Group isolation is an essential
feature in enterprise or SMB
networks to ensure
information and resources are
only accessible to the
intended personnel.
VPN
Internet Access
IEEE 802.1q
VLAN
Bandwidth
Control
6/8 Policy Groups
Network
Segmentation
Page 23
23
Micronet Communications Introduction
www.micronet.info
Key Features / Advantages / Benefits
Key Features
Advantages Benefits
SP1910 can remotely
configure IP and Security
setting for multiple AP
using a single Web
interface.
SP1910 can enable/
disable or reboot APs
remotely through the Web
UI.
For environments that will
span across several sites,
SP1910 can provide a tighter
control and more efficient
maintenance over these APs.
Notification/ Alert emails
can be sent periodically for
the following reports: IP
Monitor, Traffic History,
On-demand Log and AP
status.
Users can use the IP
monitoring function to verify
Internet connection or
connected servers’ availability.
Notification email can keep
the MIS alert of all AP status
and traffic activities.
AP
Management
SP1910 &
SP918GK Only
IP
Monitoring
Alert Email &
Traffic Report
Page 24
24
Micronet Communications Introduction
www.micronet.info
NAC: Selling Channel
Distributor / Importer Reseller End User / Customer
Value-Added Distributor
Network / IT Distributor
Network / IT Wholesaler
SI for Computer Security
Network SI
Corporate / Enterprise
Government
Education: College &
University
Page 25
25
Micronet Communications Introduction
www.micronet.info
SP1910 :Network Access Controller, 200 Users
SP1900 :Network Access Controller, 500 Users
SP907GK:WLAN USB Adapter
SP907GH:WLAN High Gain USB Adapter
SP907N :11n WLAN USB Adapter
Micronet NAC Product Line
Access Point
Network Access Controller
SP918GK:WLAN Access Point
SP916N :11n WLAN Router/AP
Wireless Adapter
Page 26
26
Micronet Communications Introduction
www.micronet.info
Why Choosing Micronet?
Millions of loyal users worldwide!
Excellent product quality and robust
design for reliability
Market leader in the field:
z Provides the most complete network
product line
z Successful deployment of Micronet
solutions around the globe
20 years of experience in networking
industry for providing quality products
and solutions
Global operation and cooperation
Page 27
Micronet Communications Introduction
www.micronet.info
27
Questions & Answers?
Email: sales@micronet.info
support@micronet.info
Loading...