NetComm IAC3000 User Manual

User Guide

IAC3000 User Guide www.netcomm.com.au

IAC3000 - Internet Access Controller

Table of Contents

Chapter 1. Before You St art....................................................................................................................1

1.1 Purpose....................................................................................................................................................1

1.2 Document Convention............................................................................................................................1

Chapter 2. System Overview ...................................................................................................................2

2.1 Introduction of IAC3000.........................................................................................................................2

2.2 System Concept ......................................................................................................................................2

2.3 Capacity and Performance......................................................................................................................3

Chapter 3. Base Installation...................................................................................................................4

3.1 Hardware Installation..............................................................................................................................4

3.1.1 System Requirements....................................................................................................................................4

3.1.2 Package Contents..........................................................................................................................................4

3.1.3 Panel Function Descriptions .........................................................................................................................5

3.1.4 Installation Steps...........................................................................................................................................6

3.2 Software Configuration...........................................................................................................................7

3.2.1 Quick Configuration .....................................................................................................................................7

3.2.2 User Login Portal Page...............................................................................................................................18

Chapter 4. Web Interface Configuration..............................................................................................22

4.1 System Configuration ...........................................................................................................................23

4.1.1 Configuration Wizard..................................................................................................................................24

4.1.2 System Information.....................................................................................................................................25

4.1.3 WAN1 Configuration..................................................................................................................................27

4.1.4 WAN2 Configuration..................................................................................................................................29

4.1.5 WAN Traffic Settings..................................................................................................................................31

4.1.6 LAN Port Mapping.....................................................................................................................................33

4.1.7 Service Zones..............................................................................................................................................36

4.2 User Authentication ..............................................................................................................................43

4.2.1 Authentication Configuration .....................................................................................................................44

4.2.1.1 Local.......................................................................................................................................................46

4.2.1.2 POP3 ......................................................................................................................................................51

4.2.1.3 RADIUS.................................................................................................................................................52

4.2.1.4 LDAP.....................................................................................................................................................55

4.2.1.5 NT Domain.............................................................................................................................................57

4.2.1.6 ONDEMAND ........................................................................................................................................59

4.2.1.7 SIP..........................................................................................................................................................73

4.2.2 Black List Configuration.............................................................................................................................74

4.2.3 Group Configuration...................................................................................................................................76

4.2.4 Policy Configuration...................................................................................................................................80

4.2.4.1 Global Policy..........................................................................................................................................80

4.2.4.2 Policy 1~12 ............................................................................................................................................83

4.2.5 Additional Configuration............................................................................................................................87

4.3 AP Management....................................................................................................................................90

4.3.1 AP List........................................................................................................................................................91

4.3.2 AP Discovery..............................................................................................................................................96

4.3.3 Manual Configuration...............................................................................................................................100

4.3.4 Template Settings......................................................................................................................................101

4.3.5 Firmware Management.............................................................................................................................102

4.3.6 AP Upgrade...............................................................................................................................................103

4.3.7 WDS Management....................................................................................................................................104

4.4 Network Configuration.......................................................................................................................105

4.4.1 Network Address Translation....................................................................................................................106

4.4.2 Privilege List.............................................................................................................................................108

4.4.3 Monitor IP List..........................................................................................................................................110

4.4.4 Walled Garden List / Walled Garden Ad List............................................................................................111

4.4.5 Proxy Server Properties ............................................................................................................................114

4.4.6 Dynamic DNS...........................................................................................................................................115

4.4.7 IP Mobility................................................................................................................................................116

4.4.8 VPN Configuration...................................................................................................................................117

4.5 Utilities................................................................................................................................................121

4.5.1 Change Password......................................................................................................................................122

4.5.2 Backup/Restore Setting.............................................................................................................................123

4.5.3 Firmware Upgrade....................................................................................................................................124

4.5.4 Restart.......................................................................................................................................................125

4.5.5 Network Utilities.......................................................................................................................................126

4.6 Status...................................................................................................................................................127

4.6.1 System Status............................................................................................................................................128

4.6.2 Interface Status..........................................................................................................................................130

4.6.3 Routing T able............................................................................................................................................132

4.6.4 Current Users............................................................................................................................................134

4.6.5 Traffic History...........................................................................................................................................135

4.6.6 Notification Configuration........................................................................................................................138

4.7 Help.....................................................................................................................................................140

Appendix A. Accepting Payment via Authorize.Net...........................................................................................142

Appendix B. Accepting Payment via PayPal......................................................................................................153

Appendix C. Service Zone Deployment Example ..............................................................................................164

Appendix D. Proxy Setting..................................................................................................................................177

Appendix E. Session Limit and Session Log......................................................................................................183

Appendix F. Network Configuration on PC & User Login...............................................................................185

Appendix G. Console Interface...........................................................................................................................201

Appendix H. Local VPN......................................................................................................................................205

Appendix I. Customizable Pages.......................................................................................................................211

Appendix J. Legal & Regulatory Information..........................................................................................211

IAC3000

User Manual

Chapter 1. Before You Start

1.1 Purpose

This manual is intended for the system or network administrators with the networking knowledge to complete the step by step instructions of this manual in order to use the IAC3000 for a better management of their network system and user data.

1.2 Document Convention

y For any caution or warning that requires special attention of readers, a highlight box with italic font is used as

below:

Warning: For security purposes, you should immediately change the Administrator’s password.

Indicates that clicking this button will return to the homepage of this section.

Indicates that clicking this button will return to the previous page.

Indicates that clicking this button will apply all of your settings. Indicates that clicking this button will clear what you set before these settings are applied.

IAC3000

User Manual

Chapter 2. System Overview

2.1 Introduction of IAC3000

IAC3000 is an Internet Access Controlle r, specially designed for wired and wireless data network environments in small to middle scaled businesses and hotspot s. It features integrated management, secured data transmission, and enhanced accounting and billing. System administrators can effectively monitor wired or wireless users, including employees and guest users via its user management interface. Moreover, administrators can discover, configure, monitor, and upg rade all managed Access Points (APs) from a single, centralized AP management interface, the IAC3000.

2.2 System Concept

IAC3000 is capable of managing user authentication, authorization and accounting. The user account information is stored in the local database or a specified external database server. Featured with user authentication and integrated with external payment gateway, IAC3000 allows users to easily pay the fee and enjoy the Internet service using credit cards through Authorize.net, PayPal & Secure Pay. With centralized AP management feature, the administrator does not need to worry about how to manage multiple wireless access point device s. Furtherm ore, IAC3000 introduces the concept of Service Zones - multiple virtual networks, each with its own definable network policy. This is very useful for hotspot owners seeking to provide different customers or staff with different levels of network services. The following diagram is an example of IAC3000 set to manage the Internet and network access services at a hotspot venue.

IAC3000

User Manual

2.3 Capacity and Performance

Capacity and Performance IAC3000

Concurrent Users 120 Local Accounts 1000 On-demand user Accounts 2,000 Managed Access Points (NP725)

Monitored 3rd-Party Access Points 40 VPN Termination Tunnels 120 VPN 3DES/DES Throughput 30 Mbps

IAC3000

User Manual

Chapter 3. Base Installation

3.1 Hardware Installation

3.1.1 System Requirements

¾ Standa rd 10/100BaseT network cables with RJ-45 connectors ¾ All PCs need to install the TCP/IP network proto col

3.1.2 Package Contents

The standard package of IAC3000 includes:

y IAC3000 x 1 y CD-ROM (with User Manual) x 1 y DC 12V Power Adapter x 1 y Ethernet Cable x 1 y Console Cabl e x 1

Warning: It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance.

IAC3000

User Manual

3.1.3 Panel Function Descriptions

Front Panel

 LED: There are four kinds of LED, Power, Status, WAN and LAN, to indicate different status of the system.

¾ Power: LED ON indicates power on. ¾ Status: While system power is on, status OFF indicates BIOS is running; BLINKING indicates the OS is

running, and ON indicates system is ready.

¾ WAN: LED ON indicates connection to the WAN port. ¾ LAN: LED ON indicates connection to the LAN port.

 WAN1/WAN2: Two WAN ports (10 Base-T / 100Base-TX RJ-45) are available on the system.  LAN1~LAN8: Client machines connect to IAC3000 via LAN ports (10 Base-T / 100Base-TX RJ-45).

Note: By Default, all LAN ports are set with Port-based Default Service Zone; for Service Zone configuratio n, please refer to section 4.1.7.

Rear Panel

 Reset: Press this button to restart the system.  Console: The system can be configured via a serial console port. The administrator can use a terminal

emulation program such as Microsoft’s HyperTerminal to login to the configuration console interface to change admin password or monitor system status, etc.

 DC+12V: The power adapter attaches here.

IAC3000

User Manual

3.1.4 Installation Steps

Steps to install IAC3000:

1. Connect the 12V power adapter to the power socket on the rear panel. The Power LED should be on to indicate a proper connection.

2. Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable to an ADSL modem, a cable modem or a switch/hub of the network. The LED of WAN1 port should be on to indicate a proper connection.

3. Connect an Ethernet cable to one of the LAN1~LAN8 Ports on the front panel. Connect the other end of the Ethernet cable to an administrator’s PC or a client PC, AP, or switch in managed network. The LED of the connected port should be on to indicate a proper connection.

Attention:

IAC3000 supports Auto Sensing MDI/MDIX. You may use either straight through or cross-over cable to conn ect the Ethernet Port.

3.2 Software Configuration

3.2.1 Quick Configuration

IAC3000 supports web-based configuration. Upon the completion of hardware installation, IAC3000 can be configured via web browsers with JavaScript enabled such as Internet Explorer version 6.0 and above or Firefox. There are two ways to configure the IAC3000 system: using the online Configuration Wizard or changing the settings by commands manually. The Configuration Wizard comprises of six basic steps as follows. Follow the instructions of Configuration Wizard to enter the required information step by step, save your settings, and restart IAC3000. The 6 steps of Configuration Wizard are listed below:

Step 1. Change Admin’s Password Step 2. Choose System’s Time Zone Step 3. Set System Information Step 4. Select Connection Type for WAN Port Step 5. Add Local User Account (Optional) Step 6. Save and Restart IAC

Please follow the following steps to complete the quick configuration:

1. To access the web man agement interface, connect a PC to one of the LAN1~8 ports, and then launch a

browse. Make sure you have set DHCP in TCP/IP of your PC to get an IP address dynamically.

Next, enter the gateway IP address of IAC3000 at the address field. The default gateway IP address is“http://192.168.30.1” (“https” is also supporte d in IAC3000, it is used for a secured connection).

The administrator login page will appear . Enter “admin”, the default username, and “admin”, the default password, in the User Name and Password fields. Click Enter to log in.

IAC3000

User Manual

After a successful login, a “Welcome to System Administration” page will appear on the screen.

If ‘https’ is used instead of ‘http’ for accessing the IAC3000 web management interface, by default, the IAC3000 is not using a trusted SSL certificate (for more information, please see 4.2.5 Additional Configuration), there will be a “Certificate Error”, because the browser treats IAC3000 as an illegal website. Please press “Continue to this website” to continue. The default user login page will then appear in the browser.

Caution: If you can’t get the login screen, the reasons may be: (1) The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the LAN port; (2) The IP address and the default gateway are not under the same network segment. Please use default IP address such as 192.168.30.xx in your network and then try it again. For the configuration on PC, please refer to

Appendix F.

IAC3000 supports three kinds of account interface. You can log in as admin, manager or operator. The default username and password as follows.

Admin: The administrator can access all area of the IAC3000.

User Name: admin Password: admin

Manager: The manager can access the area under User Authentication to manage the user account, but no permission to change the settings of the profiles of Firewall, Specific Ro ute and Schedule.

User Name: manager

Password: manager

IAC3000

User Manual

Operator: The operator can only access the area of Create On-demand User to create and print out the new on- demand user accounts.

User Name: operator Password: operator

IAC3000

User Manual

After a successful login to IAC3000, a web management interface with a welcome message will appear.

Note: To logout, simply click the Logout icon on the upper right corner of the interface to return to the login screen.

2. Now you are ready to run the Wizard.

To quickly configure IAC3000 by using the Configuration Wizard, click System Configuration from the top menu to go to the System Configuration page. Then , click Con figuration Wizard on the left. Click the Run Wizard button to begin the Configuration Wizard. The Configuration Wizard will appear in a pop-up browser window . Click Next to begin.

3. Running Configuration Wizard

A welcome screen that briefly introduces the 6 steps will appear. Click Next to begin.

Note: During every step of the wizard, if you wish to go back to modify the settings, please click the Back button to go back to the previous step.

y Step 1. Change Admin’s Password

h Enter a New Password for the admin account and retype it in the Verify Password field (20-

character maximum and no spaces).

IAC3000

User Manual

h Click Next to continue.

y Step 2. Choose System’s Time Zone

h Select a proper time zone from the drop-down list box. h Click Next to continue.

IAC3000

User Manual

y Step 3. Set System Information

h Home Page: Enter the URL that users should be initially directed to when successfully

authenticated to the network.

h NTP Server: Enter the URL of the external time server for IAC3000 time synchronization or use the

default setting.

h Click Next to continue.

y Step 4. Select Connection Type for WAN Port

Three are three types of WAN port to be selected from: Static IP Address, Dynamic IP Address and PPPoE Client. Select a proper Internet connection type and click Next to continue. ¾ Dynamic IP Address

If this option is selected, an appropriate IP address and related information will automatically be assigned. Click Next to continue.

¾ Static IP Address: Set WAN Port’s Static IP Address

IAC3000

User Manual

Enter the “IP Address”, “Subnet Mask” and “Default Gateway” “DNS Server” provided by your ISP. Click Next to continue.

¾ PPPoE Client: Set PPPoE Client’s Information

Enter the “Username” and “Password” provided by the ISP. Click Next to continue.

IAC3000

User Manual

y Step 5. Add Local User Account (Optional)

¾ A new user can be added to the Local User datab ase. To add a user here, enter the Username (e.g.

test), Password (e.g. test), MAC Address (optional, to specify the valid MAC address of this user) and assign an Applied Group to this particular user (or use the default None).

¾ More users can be added by clicking the Add Now button. ¾ Click Next to continue.

IAC3000

User Manual

y Step 6. Save and Restart IAC

¾ Click Restart to save current settings and restart IAC3000. The Setup Wizard is now complete.

y Restart: When IAC3000 is restarting, a “Restarting now. Please wait for a moment.” message will

appear on the screen.

Please do NOT interrupt IAC3000 restart process until the Configuration Wizard pop-up window has disappeared—which indicates the restart proce ss has been completed. If all steps are done properly, you can start working on the system or refer to the User Manual for advanced settings.

IAC3000

User Manual

Note: For an example of user login, please refer to Appendix F. Network Configuration on PC & User Login.

IAC3000

User Manual

3.2.2 User Login Portal Page

To login from the login portal page via the controlled port, the user has to be authenticated by the system with username and password. The administrator also can verify if the configuration o f IAC3000 has been done properly.

1. First, provided the steps in 3.1.4 and the quick set up wizard were completed, you may now connect a client’s device (for example, a PC) to the controlled port of IAC3000, and set the device to obtain an IP address automatically. After the client obtains the IP address, open an Internet browser. Try to launch any website and then the default User Login Page will appear . Enter a valid User Name and Password (e.g. test@local for the username and test for the password). Click Submit button.

2. Login success page will appear if IAC3000 has been installed and configured successfully. Now, clients can access the network or surf on the Internet.

IAC3000

User Manual

IAC3000

User Manual

3. When an on-demand user login successfully, the following Login Success page will appear. There is extra information showing “Remaining usage” and a “Redeem” button on the bottom.

y Remaining usage: Show the remaining quota that the on-demand user can use to surf Internet.

IAC3000

User Manual

y Redeem: When the remaining credit is going to use up, the client has to pay for adding credit to the

counter, and then, the client will get a new username and password. After clicking the Redeem button, a Redeem Page will appear. Please enter the new username and password obtained and click Enter button. The total available time or data size will be shown u p after adding credit.

IAC3000

User Manual

Chapter 4. Web Interface Configuration

This chapter will guide you through further detailed settings. The following table is the UI and functions of the IAC3000.

OPTION

System

Configuration

User

Authentication

Management

Network

Configuration

Utilities Status

Configuration

Wizard

Authentication

Configuration

AP List

Network Address

Translation

Change

Password

System

Status

System

Information

Black List

Configuration

AP Discovery Privilege List

Backup/Restore

Settings

Interface

Status

WAN1

Configuration

Group

Configuration

Manual

Configuration

Monitor IP List

Firmware

Upgrade

Routing

Table

WAN2

Configuration

Policy

Configuration

Template

Settings

Walled Garden

List

Walled Garden

Ad List

Restart

Current

Users

WAN Traffic

Settings

Additional

Configuration

Firmware

Management

Proxy Server

Properties

Network

Utilities

Traffic

History

LAN Port

Mapping

AP Upgrade Dynamic DNS

Notification

Configuration

Service Zones

WDS

Management

IP Mobility

FUNCTION

VPN

Configuration

Caution: After finishing the configuration of the settings, please click Apply and pay attention to see if a restart message appears on the screen. If such message appears, system must be restarted to allo w the settings to take effect. All on-line users will be disconnected during restart.

IAC3000

User Manual

4.1 System Configuration

This section includes the following functions: Configuration Wizard, System Information, WAN1 Configuration, WAN2 Configuration, WAN Traffic Settings, LAN Port Mapping and Service Zones.

IAC3000

User Manual

4.1.1 Configuration Wizard

There are two ways to configure the IAC3000 system: using the online Configuration Wizard or changing the settings by commands manually. The Configuration Wizard comprises of 6 basic steps, providing a simple and easy way to go through the basic setups of IAC3000 (Refer to section 3.2).

IAC3000

User Manual

4.1.2 System Information

Main information about IAC3000 is shown as follows:

y System Name: Set the system’s name or use the default name. y Device Name: FQDN (Fully-Qualified Domain Name). This is the domain name of the IAC3000 as seen on

client machines connected on LAN ports. A user on client machine can use this domain name to access IAC3000 instead of its IP address. In addition, when “Use the name on the sec urity certificate” option is checked, the system will use the CN (Common Name) value of the uploaded SSL certificate as the domain name.

IAC3000

User Manual

y Home Page: Enter the website of a Web Server to be the homepage. When users log in successfully, they will

be directed to the homepage set. Usually, the homepage is set to the company’s website, such as http://www.netcomm.com.au. If the home page function is disabled, the user will be directed to the URL she/he tries to visit originally.

y Access History IP: Specify an IP address of the administrator’s computer or a billing system to get billing

history information of IAC3000 with the predefined URLs as the following: Traffic Hist ory ：

https://192.168.30.1/status/history/2009-01-22

On-demand History：

https://192.168.30.1/status/ondemand_history/2009-01-22

y Management IP Address List: In the page of "Management IP Address List", the administrator can grant the

access of the web management interface by specifying a list specific IP addresse s or ranges of IP addresses, no matter the access is from WAN or LAN.

y SNMP: If the function is enabled, the Manager IP and the community can be assigned to access the

management information base (MIB) of the system.

User Logon SSL: Enable to activate https (encryption) or disable to activate http (non encryption) login pa ge. y Time: IAC3000 supports NTP (Network Time Protocol) communication protocol to synchronize the network

time. Please specify the IP address of a NTP server to adjust the time automatic ally (Universal Time is Greenwich Mean Ti me, GMT). The time can also be set manually by selecting “Set Device Date and Time” and then entering the date and time in these fields.

+ 196 hidden pages

NetComm IAC3000 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual