Nomadix HotSpot User Manual

HotSpot Gateway

Copyright © 2005 Nomadix, Inc. All Rights Reserved.

This product also includes software developed by: The University of California,
Berkeley and its contributors; Carnegie Mellon University, Copyright © 1998 by
Carnegie Mellon University All Rights Reserved; Go Ahead Software, Inc.,
Copyright © 1999 Go Ahead Software, Inc. All Rights Reserved; Livingston
Enterprises, Inc., Copyright © 1992 Livingston Enterprises, Inc. All Rights
Reserved; The Regents of the University of Michigan and Merit Network, Inc.,
Copyright 1992 – 1995 All Rights Reserved; and includes source code covered by
the Mozilla Public License, Version 1.0 and OpenSSL.

HOTSPOT GATEWAY

Trademarks

The symbol, , and Nomadix Service Engine™ are
trademarks of Nomadix, Inc. All other trademarks and brand names are marks of their

respective holders.

Patent Information

Covered by one or more of the following U.S. and foreign patents: US6,789,110,
US6,636,894-B1, US6,130,892, US6,868,399, US6,857,0 09, AU740,112,
EP1,224,788, EP1,282,955, EP1,222,791, DE600,11,799,5-08, MX222,100 Based on
PCT/US98/04781, NZ337,772, SG88,575, SG88,483, SG93,120, SG88,465,
ZL00,815,827.4

Product Information

Telephone: +1.818.597.1500
Fax: +1.818.597.1502
See also “Appendix A: Techni cal Support” on page 311.
This User’s Guide is protected by U.S. copyright laws. You may not transmit, cop y,

modify , or translate this manual, or reduce it or any part of it to any machine readable
form, without the express permission of the copyright holder.

Write your product serial number in this box:

S/N

DISCLAIMER

Nomadix, Inc. makes no warranty, either express or implied, including but not limited
to any implied warranties of merchantability and fitness for a particular purpose,
regarding the product described herein. In no event shall Nomadix, Inc. be liable to
anyone for special, collateral, incidental, or consequential damages in connection
with or arising from the use of Nomadix, Inc. products.

HOTSPOT GATEWAY

NOTIFICATIONS

This equipment has been tested and found to comply with the limits for a Class B
digital device, pursuant to part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential installation.
This equipment generates, uses and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions, may cause harmful interference
to radio communications. However, there is no guarantee that interference will not
occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try to correct the interference by one or more of the
following measures:

z Reorient or relocate the receiving antenna.
z Increase the separation between the equipment and receiver.
z Connect the equipment into an outlet on a circuit different from that to which

the receiver is connected.

z Consult the dealer or an experienced radio/TV technician for help.

Modifications not expressly approved by the manufacturer could void the user's
authority to operated the equipment under FCC rules.

This Class B digital apparatus meets all requirements of the Canadian Interference­Causing Equipment Regulations.

Cet appareil numérique de la classe B respecte toutes les exigences du Réglement sur
le matériel brouilleur du Canada.

HOTSPOT GATEWAY

WARNING

Risk of electric shock; do not open; no user-

serviceable parts inside.

AVERTISSEMENT

Risque de choc electrique; ne pas ouvrir; ne pas

tenter de demontre l’appareil.

WARNUNG

Nicht öffnen; elektrische Bauteile.

AVISO

Riesgo de shock eléctrico. No abrir. No hay piezas

configurables dentro.

CAUTION

Read the instruction manual prior to operation.

ATTENTION

Lire le mode d’emploi avant utilisation.

ACHTUNG

Lesen Sie das Handbuch bevor Sie das Gerät in

Betrieb nehmen.

PRECAUCIÓN

Leer el manual de instrucciones antes de poner en

marcha el equipo.

1100 Business Center Circle, Suite 100 Newbury Park, CA 91320, USA (head office)

HOTSPOT GATEWAY

This page intentionally left blank.

HOTSPOT GATEWAY

Table of Contents

Introduction .........................................................................................................1

About this User’s Guide............................................................................................. 1

Organization............................................................................................................... 1

Welcome to the Nomadix HotSpot Gateway ............................................................. 2

Product Configuration and Licensing................................................................. 3

Key Features and Benefits.......................................................................................... 4

Platform Reliability............................................................................................. 4

Local Content and Services................................................................................. 5

Transparent Connectivity.................................................................................... 5

Billing Enablement.............................................................................................. 6

Access Control and Authentication..................................................................... 6

Security................................................................................................................ 7

5-Step Service Branding...................................................................................... 7

NSE Core Functionality ............................................................................................. 8

Access Control..................................................................................................... 9

Bandwidth Management....................................... ............................................... 9

Bridge Mode...................................................................................................... 10

Command Line Interface................................................................................... 10

Dynamic Address Translation™....................................................................... 10

Dynamic Transparent Proxy............................................................................. 10

End User Licensee Count.................................................................................. 11

External Web Server Mode ............................................................................... 11

Home Page Redirect.......................................................................................... 11

iNAT™ .................... .......................................................................................... 12

Information and Control Console..................................................................... 13

Internal Web Server .......................................................................................... 13

International Language Support....................................................................... 14

IP Upsell............................................................................................................ 14

Logout Pop-Up Window.................................................................................... 14

MAC Filtering................................................................................................... 15

Multi-Level Administration Support.................................................................. 15

NTP Support...................................................................................................... 15

Portal Page Redirect......................................................................................... 15

Port Mapping .................................................................................................... 16

RADIUS-driven Auto Configuration................................................................. 16

RADIUS Client.................................................................................................. 16

RADIUS Proxy ................................................ .................................................. 17

Remember Me and RADIUS Re-Authentication................................................ 17

Secure Management.......................................................................................... 18

Table of Contents i

HOTSPOT GATEWAY

Secure Socket Layer (SSL)................................................................................. 19

Secure XML API................................................................................................. 19

Session Rate Limiting (SRL) .............................................................................. 20

Session Termination Redirect ............................................................................ 20

Smart Client Support.......................................................................................... 20

SNMP Nomadix Private MIB............................................................................. 20

Tri-Mode Authentication.................................................................................... 21

URL Filtering................................................... .................................................. 21

Walled Garden................................................................................................... 21

Web Management Interface ............................................................................... 21

Optional NSE Modules ............................................................................................. 22

Credit Card Module........................................................................................... 22

Wholesale Roaming Module .............................................................................. 22

High Availability Module................................................................................... 22

Optional Standalone Applications............................................................................. 23

Meeting Room Scheduler (MRS)........................................................................ 23

Network Architecture (Sample) ................................................................................ 24

Product Specifications............................................................................................... 25

Online Help (WebHelp) ............................................................................................ 26

Notes, Cautions, and Warnings................................................................................. 27

Chapter 1: Installing the HSG......................................................................... 29

Unpacking the HSG .................................................................................................. 30

Installation Workflow ................... ............................................................ ................ 31

Powering Up the System........................................................................................... 32

Logging In to the Command Line Interface.............................................................. 33

The Management Interfaces (CLI and Web)............................................................. 35

Making Menu Selections and Inputting Data with the CLI ............................... 35

Menu Organization (Web Management Interface) ............................................ 36

Inputting Data – Maximum Character Lengths................................................. 38

Online Documentation and Help ....................................................................... 39

Quick Reference Guide............................................................................................. 40

Establishing the Start Up Configuration ................................................................... 40

Assigning Login User Names and Passwords.................................................... 42

Setting the SNMP Parameters (optional)........................................................... 43

Enabling the Logging Options (recommended)................................................. 44

Assigning the Location Information and IP Addresses...................................... 47

Logging Out and Powering Down the System.......................................................... 50

Connecting the HSG to the Customer’s Network ..................................................... 51

Establishing the Basic Configuration for Subscribers............................................... 52

Setting the DHCP Options................................................................................. 52

Setting the DNS Options .................................................................................... 54

ii Table of Contents

HOTSPOT GATEWAY

Archiving Your Configuration Settings ............................................. ...................... 56

Installing the Nomadix Private MIB ........................................................................ 56

Chapter 2: System Administration.................................................................. 57

Choosing a Remote Connection............................................................................... 57

Using the Web Management Inter fa ce (WMI) .................................................. 58

Using an SNMP Manager................................................................................. 59

Using a Telnet Client......................................................................................... 59

Logging In................................................................................................................ 60

About Your Product License.................................................................................... 60

Configuration Menu ................................................................................................. 60

Defining the AAA Services {AAA}..................................................................... 60

Enabling AAA Services with the Internal Web Server............................... 65

Enabling AAA Services with an External Web Server............................... 69

Establishing Secure Administration {Access Control} ..................................... 70

Defining Automatic Configuration Settings {Auto Configuration}................... 73

Enabling Auto Configuration............................................................. ........ 74

Setting Up Bandwidth Management {Bandwidth Management} ...................... 77

Establishing Billing Records “Mirroring” {Bill Record Mirroring} ............. .. 78

Managing the DHCP Service Options {DHCP}......................... ...................... 80

Managing the DNS Options {DNS}................................................................... 84

Configuring Dynamic DNS {Dynamic DNS}.................................................... 86

GRE Tunneling {Gre Tunneling}............................................. ......................... 88

Setting the Home Page Redirection Options {Home Page Redirect} ............... 89

Enabling Intelligent Address Translation (iNAT)............................................. 91

Defining IPSec Tunnel Settings {IPSec} ........................................................... 92

IPSec Tunnel Peers............................ ........................................................ 93

IPSec Tunnel Security Policies.................................................................. 95

Establishing Your Location {Location} ............................................................ 98

Managing the System and Billing Log Options {Logging} ............................. 101

Enabling the Meeting Room Scheduler {Meeting Room Scheduler}.............. 106

Assigning Passthrough Addresses {Passthrough Addresses}......................... 107

Setting Up Port Locations {Port-Location}................................... ................. 109

In Room Port Mapping ................... ......................................................... 113

Defining the RADIUS Client Settings {RADIUS Client}................................. 115

Miscellaneous Options............................................................................. 117

Defining the RADIUS Proxy Settings {RADIUS Proxy}................................. 118

Adding an Upstream RADIUS NAS......................................................... 119

Defining the Realm-Based Routing Settings {Realm-Based Routing}............ 121

Adding a RADIUS Service Profile........................................................... 122

Adding a Realm Routing Policy............................................................... 125

Managing SMTP Redirection {SMTP}............................................................ 127

Managing the SNMP Communities {SNMP} .................................................. 128

Table of Contents iii

HOTSPOT GATEWAY

Enabling Dynamic Multiple Subnet Support (Subnets) ................................... 130

Displaying Your Configuration Settings {Summary}............................ ........... 132

Setting the System Date and Time {Time}........................................................ 133

Setting Up URL Filtering {URL Filtering}...................................................... 135

Enabling Secure Management {VPN Tunnel} .................. ............................... 136

Network Info Menu.................................................... ............................................. 138

Displaying ARP Table Entries {ARP}.............................................................. 138

Displaying DAT Sessions {DAT} ..................................................................... 139

Displaying the Host Table {Hosts} .................................................................. 140

Displaying ICMP Statistics {ICMP}................................................................ 141

Displaying the Network Interfaces {Interfaces}................ ............................... 142

Displaying the IP Statistics {IP}...................................................................... 143

Viewing IPSec Tunnel Status {IPSec}.............................................................. 143

Displaying the Routing Tables {Routing}........................................................ 144

Displaying the Active IP Connections {Sockets}............................................. 145

Displaying the Static Port Mapping Table {Static Port-Mapping} ................. 146

Displaying TCP Statistics {TCP}..................................................................... 147

Displaying UDP Statistics {UDP}................................................................... 148

Port-Location Menu ................................................................................................ 149

Adding and Updating Port-Location Assignments {Add}................................ 150

Adding a Port-Location Assignment......................................................... 150

Updating a Port-Location Assignment ................... .................................. 152

Deleting All Port-Location Assignments {Delete All} ..................................... 153

Deleting Port-Location Assignments by Location {Delete by Location}......... 154

Deleting Port-Location Assignments by Port {Delete by Port}.................... ... 155

Exporting Port-Location Assignments {Export}.............................................. 156

Finding Port-Location Assignments by Description {Find by Description} ... 157

Finding Port-Location Assignments by Location {Find by Location}............. 159

Finding Port-Location Assignments by Port {Find by Port}........................... 161

Importing Port-Location Assignments {Import}............................. ................. 162

Viewing the “location.txt” File ................................................................ 163

Creating a “location.txt” File .................................................................. 164

Displaying the Port-Location Mappings {List} ............................................... 165

Subscriber Administration Menu ............................................. ............................... 166

Adding Subscriber Profiles {Add}.................................................................... 166

Displaying Current Subscriber Connections {Current} .............. .................... 169

Deleting Subscriber Profiles by MAC Address {Delete by MAC}................... 170

Deleting Subscriber Profiles by User Name {Delete by User}........................ 171

Displaying the Currently Allocated DHCP Leases {DHCP Leases}............... 172

Deleting All Expired Subscriber Profiles {Expired}........................................ 173

Finding Subscriber Profiles by MAC Address {Find by MAC}.................... ... 174

Finding Subscriber Profiles by User Name {Find by User}............................ 175

Listing Subscriber Profiles by MAC Address {List by MAC}.......................... 176

Listing Subscriber Profiles by User Name {List by User}............................... 177

iv Table of Contents

HOTSPOT GATEWAY

Viewing RADIUS Proxy Accounting History {RADIUS Session History}...... 178

Displaying Current Profiles and Connections {Statistics} ............................. 179

Subscriber Interface Menu ..................................................................................... 180

Defining the Billing Options {Billing Options}............................................... 180

Duration-based Billing Plans .................................................................. 180

Setting Up a “Normal” Billing Plan........................................................ 185

Setting Up an X over Y Billing Plan ........................................................ 187

Setting Up the Information and Control Console {ICC Setup}....................... 188

Assigning Buttons..................................................................................... 191

Assigning Banners.................................................................................... 192

Pixel Sizes ................................................................................................ 194

Time Formats........................................................................................... 194

Defining Languages {Language Support} ...................................................... 195

Enabling Local Web Serving {Local Web Server}.......................................... 197

Defining the Subscriber’s Login UI {Login UI} ............................................. 199

Subscriber Login Screen (Sample)........................................................... 203

Defining the Post Session User Interface (Post Session UI)........................... 204

Defining Subscriber UI Buttons {Subscriber Buttons} ................................... 207

Defining Subscriber UI Labels {Subscriber Labels} ................................... ... 208

Defining Subscriber Error Messages {Subscriber Errors}............................. 210

Defining Subscriber Messages {Subscriber Messages}.............. .................... 212

System Menu.......................................................................................................... 216

Adding an ARP Table Entry {ARP Add}......................................................... 216

Deleting an ARP Table Entry {ARP Delete}................................................... 217

Enabling the Bridge Mode Option {Bridge Mode}......................................... 218

Exporting Configuration Settings to the Archive File {Export}...................... 219

Importing the Factory Defaults {Factory}...................................................... 220

Defining the Fail Over Options {Fail Over}................................................... 221

Viewing the History Log {History} ................................................................. 223

Establishing ICMP Blocking Parameters {ICMP} ......................................... 225

Importing Configuration Settings from the Archive File {Import}................. 226

Establishing Login Access Levels {Login}...................................................... 227

Defining the MAC Filtering Options {Mac Filtering} .................................... 230

Rebooting the System {Reboot}....................................................................... 231

Adding a Route {Route Add}........................................................................... 232

Deleting a Route {Route Delete}.................................................................. ... 233

Establishing Session Rate Limiting {Session Limit} ....................................... 234

Adding Static Ports {Static Port-Mapping Add}............................................. 235

Deleting Static Ports {Static Port-Mapping Delete}....................................... 237

Changing the Function of the Serial Port {Serial} ............. ............................ 238

Blocking a Subscriber Interface {Subscriber Interfaces} ............................... 239

Updating the HSG Firmware {Upgrade}....................................... ................. 239

Table of Contents v

HOTSPOT GATEWAY

Chapter 3: The Subscriber Interface............................................................ 245

Overview................................................................................................................. 245

Authorization and Billing........................................................................................ 246

The AAA Structure .................... ....................................................................... 248

Process Flow (AAA)................................ ......................................................... 250

Internal and External Web Servers.................................................................. 251

Language Support............................................................................................ 251

Home Page Redirection ................................................................................... 251

Subscriber Management.......................................................................................... 252

Information and Control Console (ICC) .......................................... ....................... 254

ICC Pop-Up Window ............................................... ........................................ 254

Logout Console ................................................................................................ 255

Chapter 4: Quick Reference Guide............................................................... 257

Web Management Interface (WMI) Menus............................................................ 257

Configuration Menu Items ............................................................................... 258

Network Info Menu Items..................................................... .. .......................... 260

Port-Location Menu Items.......................................... ..................................... 261

Subscriber Administration Menu Items............................................................ 262

Subscriber Interface Menu Items............................................................... ...... 263

System Menu Items..................................... ...................................................... 264

Alphabetical Listing of Menu Items (WMI) ........................................................... 266

Default (Factory) Configuration Settings................................................................ 268

Product Specifications............................................................................................. 270

Sample AAA Log........................................................................................... ......... 272

Sample SYSLOG Report .......................... ........................................................ ...... 274

Sample History Log ...................... .......................................................................... 274

Keyboard Shortcuts.................. ............................... ................................................ 275

HyperTerminal Settings .......................................................................................... 275

RADIUS Attributes................................................................................................. 276

Authentication-Request.............................. ... ................................................... 277

Authentication-Reply (Accept)......................................................................... 278

Accounting-Request ................................................. ........................................ 279

Selected Detailed Descriptions.................................................... .................... 280

Nomadix Vendor Specific Attributes...................................... .......................... 282

Setting Up the SSL Feature..................................................................................... 283

Prerequisites .... ........................................................ ........................................ 283

Obtain a Private Key File (cakey.pem)............................................................ 284

Installing Cygwin and OpenSSL on a PC ........................................................ 285

Private Key Generation ................................................................................... 290

Create a Certificate Signing Request (CSR) File............................................. 293

Create a Public Key File (server.pem) ............................................................ 295

Setting Up HSG for SSL Secure Login............................................................. 299

vi Table of Contents

HOTSPOT GATEWAY

Setting Up the Portal Page.............................................................................. 299

Mirroring Billing Records....................................................... ............................... 300

Sending Billing Records.............. ... ................................................................. 300

XML Interface ................................................................................................. 301

XML for the External Server.................................................................... 301

HSG to External Server: .............................................. ............................ 301

Example of a Negative Acknowledgement:..................................... ......... 303

Format for each Field:............................................................................. 303

Chapter 5: Troubleshooting......................................................... .................. 305

General Hints and Tips........................................ ................................................... 305

Management Interface Error Messages.................................................................. 306

Common Problems..................... ............................................................................ 308

Appendix A: Technical Support .................................................................... 311

Contact Information ............................................................................................... 312

Appendix B: Addendum................................................................................. 313

PPPoE Client.......................................................................................................... 313

L2TP Tunneling ..................................................................................................... 317

Define RADIUS Service Profiles..................................................................... 317

Define Tunnel Profiles .......... ............................................................ .............. 319

Define Realm Routing Policies ....................................................................... 320

Configure RADIUS Client............................................................................... 323

Local Syslog and Syslog Filters............................................................................. 324

Glossary of Terms ...........................................................................................327

Index .................................................................................................................343

Table of Contents vii

HOTSPOT GATEWAY

This page intentionally left blank.

viii Table of Contents

HOTSPOT GATEWAY

Introduction

About this User’s Guide

This User’s Guide provides information and procedures that will enable system
administrators to install, configure, manage, and use the Nomadix HotSpot Gateway
(HSG) product successfully and efficiently. Use this guide to take full advantage of
the HSG’s functionality and features.

Organization

This User’s Guide is organized into the following chapters:

Chapter 1 – Installing the HSG. This chapter provides instructions for installing th e

HSG and establishing the start-up configuration.

Chapter 2 – System Administration. This chapter provides all the instructions and

procedures necessary to manage and administer the HSG on the customer’s network,
following a successful installation.

Chapter 3 – The Subscriber Interface. This chapter provides an overview and sample

scenario for the HSG’s subscriber interface. It also includes an outline of the
authorization and billing processes utilized by the system, and the Nomadix
Information and Control Console.

Chapter 4 – Quick Reference Guide. This chapter contains product reference

information, organized by topic and functionality. It also contains a full listing of all
product configuration elements, sorted alphabetically and by menu.

Chapter 5 – Troubleshooting. This chapter provides information to help you resolve

common hardware and software problems. It also contains a list of error messages
associated with the management interface.

Appendix A: Technical Support. Technical Support informs you how to obtain

technical support. You should refer to the troubleshooting proced ures cont ained in

Troubleshooting before contacting Nomadix, Inc. directly.
Appendix B: Addendum. The Addendum pro vid es information and procedures that

will enable system administrators to configure and use the specific features
introduced in the 1.3 Maintenance, 1.3 M+ and 1.4 releases for the Nomadix HotSpot
Gateway (HSG).

Introduction 1

HOTSPOT GATEWAY

Glossary of Terms. The glossary provides an explanation of terms directly related to

Nomadix product technology. Glossary entries are organized alphabetically.

Index. The index is a valuable information search tool. Use the index to locate specific

topics and categories contained in this User’s Guide.

Welcome to the N omadix HotSpot Gateway

The Nomadix HotSpot Gateway (HSG) is a freestanding, fully featured network
appliance that enables public access service providers to offer broadband Internet
connectivity to their customers.

The HSG employs one fast Ethernet port to interface with a router (network side) and
two fast Ethernet Switch ports to interface with aggregation equipment (subscriber
side) within the network. The HSG allows users to transparently move between
different networks while retaining one billing relationship with their chosen service
provider. Supporting all user types and any access method (wired or wireless), the
HSG provides an unequalled public-LAN access solution.

Nomadix HotSpot Gateway (HSG)

2 Introduction

HOTSPOT GATEWAY

Product Configuration and Licensing

All Nomadix Access Gateway products, including the HSG, are powered by our
patented and patent-pending suite of embedded software, called the Nomadix Service
Engine™ (NSE). The HSG employs our NSE core software package with the option
to purchase additional modules to expand the product’s functionality.

This User’s Guide covers all features and functionality provided with the NSE core
package, as well as the additional optional modules. Your product license must
support the optional NSE modules if you want to take advantage of the expanded
functionality. The following note will preface procedures that directly relate to
optional modules:

Your product license may not support this feature.

See also:

z “NSE Core Functionality” on page 8.
z “Optional NSE Modules” on page 22.

Introduction 3

HOTSPOT GATEWAY

Key Features and Benefits

The HSG addresses the specific needs of the public access HotSpot, making it an
excellent choice for mid-sized venue deployments. The HSG supports up to 50
simultaneous users, with the option to purchase two additional 50 count upgrades of
50 users per upgrade for a maximum of 150 simultaneous users.

The HSG enables a wide variety of network deployment options for different venue
types. For example:

z Allows for flexible WAN Connectivity (T1/E1, Cable, xDSL, and ISDN).
z Supports 802.11a/b/g and hybrid networks utilizing wired Ethernet.
z Supports key requirements needed to be compliant with the Wi-Fi ZONE™

program.

z Allows you to segment your existing network into public and private

sections using VLANs, then leverage your existing network investment to
create new revenue streams.

z Enables you to provide Wi-Fi access as a billable service or as an amenity to

augment the main line of business for your venue.

z The HSG contains an advanced XML interface for accepting and processing

XML commands, allowing the implementation of a variety of service plans
and offerings.

z Offers three user-friendly ways of remote management—through a Web

interface, SNMP MIBs, and Telnet interfaces—allowing for scalable, large
public access deployments.

Platform Reliability

The HSG is designed as a network appliance, providing maximum uptime and
reliability unlike competitive offerings that use a server-based platform.

4 Introduction

HOTSPOT GATEWAY

Local Content and Services

The HSG’s Portal Page feature intercepts the user’s browser settings and directs them
to a designated Web site to securely sign up fo r service or log in if they have a pre­existing account.

z Allows the provider or HotSpot owner to present their customers with local

services or have the user sign up for service at zero expense.

z Offers both pre and post authentication redirects of the user’s browser,

providing maximum flexibility in branding for both the service provider and

HotSpot owner.

Transparent Connectivity

Resolving configuration conflicts is difficult and time consuming for network users
who are constantly on the move, and costly to the solution provider. In fact, most
users are reluctant to make changes to their computer’s network settings and won’t
even bother. This fact alone has prevented the widespread deployment of broadband
network services.

Our patented Dynamic Address Translation™ (DAT) functionality offers a true “plug
and play” solution by enabling a seamless and transparent experience and the tools to
acquire new customers on-site.

DAT greatly reduces provisioning and technical support costs and enables HotSpot
owners and providers to deliver an easy to use, customer-friendly service.

Introduction 5

HOTSPOT GATEWAY

Billing Enablement

The HSG supports billing plans using credit cards, scratch cards, or monthly
subscriptions, and can base the billable event on a number of different parameters
such as time, volume, IP address type, or bandwidth.

Access Control and Authentication

The HSG ensures that all traffic to the Internet is blocked until authentication has been
completed, creating an additional level of security in the network. Also, allows
HotSpot operators to create their own unique “walled garden,” enabling users to
access only certain predetermined Web sites before they have been authenticated.

Nomadix simultaneously supports the secure browser-based Universal Access
Method (UAM), IEEE 802.1x, and Smart Clients for companies such as Adjungo
Networks, Boingo Wireless, GRIC and iPass.

6 Introduction

HOTSPOT GATEWAY

Security

The patent-pending iNAT™ (Intelligent Network Address Translation) feature
creates an intelligent mapping of IP Addresses and their associated VPN tunnels—by
far the most reliable multi-session VPN passthrough to be tested against diverse VPN
termination servers from companies such as Cisco, Checkpoint, Nortel and
Microsoft. Nomadix’ iNAT feature allows multiple tunnels to be established to the
same VPN server, creating a seamless connection for all users at the public access
location.

The HSG provides fine-grain management of DoS (Denial of Service) attacks
through its Session Rate Limiting (SRL) feature, and MAC filterin g for improved
network reliability.

5-Step Service Branding

A network enabled with the Nomadix HSG (or any other Nomadix Access Gateway)
offers a 5-Step service branding methodology for public access operators and their
partners, comprising:

1. Initial Flash Page branding.

2. Initial Portal Page Redirect (Pre-Authentication). Typically, this is used to

redirect the user to a venue-specific Welcome and Login page.

3. Home Page Redirect (Post-Authentication). This redirect page can be tailored to

the individual user (as part of the RADIUS Reply message, the URL is received
by the NSE) or set to re-display itself at freely configurable intervals.

4. The Information and Control Console (ICC) contains multiple opportu nities for

an operator to display its branding or the branding of partners during the user’ s
session. As an alternative to the ICC, a simple pop-up window provides the
opportunity to display a single logo.

5. The “Goodbye” page is a post-session page that can be defined either as a

RADIUS VSA or be driven by the Internal Web Server (IWS) in the NSE. Using
the IWS option means that this functionality is also available for other post-paid
billing mechanisms.

Introduction 7

HOTSPOT GATEWAY

NSE Core Functionality

Powering Nomadix’ family of Access Gateways, the Nomadix Service Engine (NSE)
delivers a full range of features needed to successfully deploy Wi-Fi public access
networks. These “core” features solve issues of connectivity, security, billing, and
roaming in a Wi-Fi public access network.

The NSE’s core package of features includes:

z Access Control
z Bandwidth Management
z Bridge Mode
z Command Line Interface
z Dynamic Address Translation™
z Dynamic Transparent Proxy
z End User Licensee Count
z External Web Server Mode
z Home Page Redirect
z iNAT™
z Information and Control Console
z Internal Web Ser ver
z International Language Support
z IP Upsell
z Logout Pop-Up Window
z MAC Filtering
z Multi-Level Administration Support
z NTP Support
z Portal Page Redirect
z Port Mapping
z RADIUS Client
z RADIUS-driven Auto Configuration
z RADIUS Proxy
z Remember Me and RADIUS Re-Authentication
z Secure Management
z Secure Socket Layer (SSL)
z Secure XML API
z Session Rate Limiting (SRL)
z Session Term ination Redirect
z Smart Client Support
z SNMP Nomadix Private MIB
z Tri-Mode Authentication
z URL Filtering
z Walled Garden
z Web Management Interface

8 Introduction

HOTSPOT GATEWAY

Access Control

For IP-based access control, the NSE incorporates a master access control list that
checks the source (IP address) of administrator logins. A login is permitted only if a
match is made with the master list contained within the NSE. If a match is not made,
the login is denied, even if a correct login name and password are supplied.

The access control list supports up to 50 (fifty) entries in the form of a specific IP
address or range of IP addresses.

The NSE also offers access control based on the interface being used. This feature
allows administrators to block access from Telnet, Web Management, and FTP
sources.

Bandwidth Management

The NSE optimizes bandwidth by limiting bandwidth usage symm etricall y or
asymmetrically on a per device (MAC address / User) basis, and manages the WAN
Link traffic to provide complete bandwidth management over the entire network. Y ou
can ensure that every user has a quality experience by placing a bandwidth ceiling on
each device accessing the network, so every user gets a fair share of the available
bandwidth.

With the Nomadix Information and Control Console (ICC) feature enabled,
subscribers can increase or decrease their own bandwidth dynamically (by the
minute, or on an hourly, daily, weekly, or monthly basis), and also adjust the pricing
plan for their service (see graphic).

Bandwidth selection
(pull down)

Information and Control Console (ICC)

Introduction 9

HOTSPOT GATEWAY

Bridge Mode

This feature allows complete and unconditional access to devices. When Bridge Mode
is enabled, your NSE-powered product is effectively transparent to the network in
which it is located.

The NSE forwards any and all packets (except those addressed to the NSE network
interface). The packets are unmodified and can be forwarded in both directions. The
Bridge Mode function is a very useful feature when troubleshooting your entire
network as it allows administrators to effectively “remove” your product from the
network without physically disconnecting the unit.

Command Line Interface

The Command Line Interface (CLI) is a character-based user interface that can be
accessed remotely or via a direct cable connection. Until your Nomadix product is up
and running on the network, the CLI is the Network Administrator’s window to the
system. Software upgrades can only be performed from the CLI.

See also:

z “The Management Interfaces (CLI and Web)” on page 35.

Dynamic Address Translation™

Dynamic Address Translation (DAT) enables transparent broadband network
connectivity, covering all types of IP configurations (static IP, DHCP, DNS),
regardless of the platform or the operating system used—ensuring that everyone gets
access to the network without the need for changes to their computer’s configuration
settings or client-side software. The NSE supports both PPTP and IPSec VPNs in a
manner that is transparent to the user and that provides a more secure standard
connection. See also, “Transparent Connectivity” on page 5.

Dynamic Transparent Proxy

The NSE directs all HTTP and HTTPS proxy requests through an internal proxy
which is transparent to subscribers (no need for users to perform any reconfiguration
tasks). Uniquely , the NSE also supports clients that dynamically change their browser
status from non-proxy to proxy, or vice versa. In addition, the NSE supports proxy
ports 80, 800-900, 911 and 990 as well as all unassigned ports (for example, ports
above 1024), thus ensuring far fewer proxy related support calls than competitive
products.

10 Introduction

HOTSPOT GATEWAY

End User Licensee Count

The NSE supports a range of simultaneous user counts depending on the Nomadix
Access Gateway you choose. In addition, various user count upgrades are available
for each of our NSE-powered products that allow you to increase the simultaneous
user count.

External Web Server Mode

The External Web Server (EWS) interface is for customers who want to develop and
use their own content. It allows you to create a “richer” environment than is possible
with your product’s embedded Internal Web Server.

The advantages of using an External Web Server are:

z Manage frequently changing content from one location.
z Serve different pages depending on site, sub-location (for example, VLAN),

and user.

z Take advantage of th e comprehensiv e Nom a dix XML API to im plement

more complex billing plans.

z Recycle existing Web page content for the centrally hosted portal page.

If you choose to use the EWS interface, Nomadix T echnical Support can provide you
with sample scripts. See also, “Contact Information” on page 312.

Home Page Redirect

The NSE supports a comprehensive HTTP redirect logic that allows network
administrators to define multiple instances to intercept the browser’s request and
replace it with freely configurable URLs.

Portal page redirect enables redirection to a portal page
process. This means that anyone will get redirected to a Web page to establish an
account, select a service plan, and pay for access. Home Page redirect enables
redirection to a page

after the authentication process (for example, to welcome a

specific user to the service—after the user has been identified by the authentication
process. See also, “Portal Page Redirect” on page 15.

before the authentication

Introduction 11

HOTSPOT GATEWAY

iNAT™

Nomadix invented a new way of intelligently supporting multiple VPN connections to
the same termination at the same time (iNAT™), thus solving a key problem of many
public access networks.

Nomadix’ patent-pending iNAT™ (intelligent Network Address Translation) feature
contains an advanced, real-time translation engine that analyzes all data packets being
communicated between the private address realm and the public address realm.

The NSE performs a defined mode of network address translation based on packet
type and protocol (for example, GRE, ISAKMP etc.). UDP packet fragmentation is
supported to provide more seamless translation engine for certificate-based VPN
connections.

If address translation is needed to ensure the success of a specific application (for
example, multiple users trying to access the same VPN termination server at the same
time), the packet engine selects an IP address from a freely definable pool of publicly
routable IP addresses. The same public IP address can be used as a source IP to
support concurrent tunnels to different termination devices—offering unmatched
efficiency in the utilization of costly public IP addresses. If the protocol type can be
supported without the use of a public IP (for example, HTTP, FTP), our proven
Dynamic Address Translation™ functionality continues to be used.

Some of the benefits of iNAT™ include:

z Improves the success rate of VPN connectivity by misconfigured users, thus

reducing customer support costs and boosting customer satisfaction.

z Maintains the security benefits of traditional address translation technologies

while enabling secure VPN connections for mobile workers accessing
corporate resources from a public access location.

z Dynamically adjusts the mode of address translation during the user's

session, depending on the packet type.

z Supports users with static private IP addresses (for example, 192.168.x.x) or

public (different subnet) IP addresses without any changes to the client IP
settings.

z Dramatically heightens the reusability factor of costly public IP addresses.

12 Introduction

HOTSPOT GATEWAY

Information and Control Console

The Nomadix Information and Control Console (ICC) is a HTML-based pop-up
window that is presented to subscribers with their Web browser. The ICC allows
subscribers to select their bandwidth and billing options quickly and efficiently from
a simple pull-down menu. For credit card accounts, the ICC displays a dynamic
“time” field to inform subscribers of the time remaining on their account.

Information and Control Console (ICC)

Additionally, the ICC contains multiple opportunities for an operator to display its
branding or the branding of partners during the user’s session, as well as display
advertising banners and present a choice of redirection options to their subscribers.

See also:

z “5-Step Service Branding” on page 7.
z “Logout Pop-Up Window” on page 14.
z “Information and Control Console (ICC)” on page 254.

Internal Web Server

The NSE offers an embedded Internal Web Server (IWS) to deliver Web pages stored
in flash memory. These Web pages are configurable by the system administrator by
selecting various parameters to be displayed on the internal pages. When providers or
HotSpot owners do not want to develop their own content, the IWS is the answer . A
banner at the top of each IWS page is configurable and contains the customer's
company logo or any other image file they desire.

To support PDAs and other hand-held devices, the NSE automatically formats the
IWS pages to a screen size that is optimal for the particular device being used.

See also:

z “5-Step Service Branding” on page 7.
z “International Language Support” on page 14.

Introduction 13

HOTSPOT GATEWAY

International Language Support

The NSE allows you to define t he text displaye d to your users by the IWS without any
HTML or ASP knowledge. The language you select determines the language
encoding that the IWS instructs the browser to use. See also, “Internal W eb Server” on

page 13.

The available language options are:

z English
z Chinese (Big 5)
z French
z German
z Japanese (Shift_JIS)
z Spanish
z Other, with drop-down menu

IP Upsell

System administrators can set two different DHCP pools for the same physical LAN.
When DHCP subscribers select a service plan with a public pool address, the NSE
associates their MAC address with their public IP address for the duration of the
service level agreement. The opposite is true if they select a plan with a private pool
address. This feature enables a competitive solution and is an instant revenue
generator for ISPs.

The IP Upsell feature solves a number of connectivity problems, especially with
regard to L2TP and certain video conferencing and online gaming applications.

Logout Pop-Up Window

As an alternative to the Information and Control Console (ICC), the NSE delivers a
HTML-based pop-up window with the following functions:

z Provides the opportunity to display a single logo.
z Displays the session’s elapsed/count-down time.
z Presents an explicit Logout button.

See also, “Information and Control Console” on page 13.

14 Introduction

HOTSPOT GATEWAY

MAC Filtering

MAC Filtering enhances Nomadix' access control technology by allowing system
administrators to block malicious users based on their MAC address. Up to 50 MAC
addresses can be blocked at any one time. See also, “Session Rate Limiting (SRL)”

on page 20.

Multi-Level Administration Support

The NSE allows you to define 2 concurrent access levels to differentiate between
managers and operators, where managers are permitted read/write access and
operators are restricted to read access only.

Once the logins have been assigned, managers have the ability to perform all write
commands (Submit, Reset, Reboot, Add, Delete, etc.), but operators cannot change
any system settings. When Administration Concurrency is enabled, one manager and
three operators can access the HSG platform at any one time.

NTP Support

The NSE supports Network Time Protocol (NTP), an Internet standard protocol that
assures accurate synchronization (to the millisecond) of computer clock times in a
network of computers. NTP synchronizes the client’s clock to the U.S. Naval
Observatory master clocks. Running as a continuous background client program on a
computer, NTP sends periodic time requests to servers, obtaining server time stamps
and using them to adjust the client's clock.

Portal Page Redirect

The NSE contains a comprehensive HTTP page redirection logic that allows for a
page redirect before (Portal Page Redirect) and/or after the authentication process
(Home Page Redirect). As part of the Portal Page Redirect feature, the NSE can send
a defined set of parameters to the portal page redirection logic that allows an External
Web Server to perform a redirection based on:

z HSG ID and IP Address
z Origin Server
z Port Location
z Subscriber MAC address
z Externally hosted RADIUS login failure page

This means that the network administrator can now perform location-specific service
branding (for example, an airport lounge) from a centralized Web server.

See also, “Home Page Redirect” on page 11.

Introduction 15

HOTSPOT GATEWAY

Port Mapping

This feature allows the network administrator to setup a port mappi ng scheme that
forwards packets received on a specific port to a particular static IP (typically private
and misconfigured) and port number on the subscriber side of the NSE. The
advantage for the network administrator is that free private IP addresses can be used
to manage devices (such as Access Points) on the subscriber side of the NSE without
setting them up with Public IP addresses.

RADIUS-driven Auto Configuration

Nomadix’ unique RADIUS-driven Auto Configuration functionality utilizes the
existing infrastructure of a mobile operator to provide an effortless and rapid method
for configuring devices for fast network roll-outs. Once configured, this methodology
can also be effectively used to centrally manage configuration profiles for all
Nomadix devices in the public access network.

Two subsequent events drive the automatic configuration of Nomadix devices:

1. A flow of RADIUS Authentication Request and Reply messages between the

Nomadix gateway and the centralized RADIUS server that specifies the location
of the meta configuration file (containing a listing of the individual configuration
files and their download frequency status) are downloaded from an FTP server
into the flash of the Nomadix device.

2. Defines the automated login into the centralized FTP server and the actual

download process into the flash.

Optionally, the RADIUS authentication process and FTP download can be secured by
sending the traffic through a peer-to-peer IPSec tunnel established by the Nomadix
gateway and terminated at the NOC (Network Operations Center). See also, “Secure

Management” on page 18.

RADIUS Client

Nomadix offers an integrated RADIUS (Remote Authentication Dial-In User Service)
client with the NSE allowing service providers to track or bill users based on the
number of connections, location of the connection, bytes sent and received, connect
time, etc. The customer database can exist in a central RADIUS server, along with
associated attributes for each user. When a customer connects into the network, the
RADIUS client authenticates the customer with the RADIUS server, applies
associated attributes stored in that customer's profile, and logs their activity (including
bytes transferred, connect time, etc.). The NSE's RADIUS implementation also
handles vendor specific attributes (VSAs), required by WISPs that want to enable
more advanced services and billing schemes, such as a per device/per month
connectivity fee. See also, “RADIUS Proxy” on page 17.

16 Introduction

HOTSPOT GATEWAY

RADIUS Proxy

The RADIUS Proxy feature relays authentication and accounting packets between
the parties performing the authentication process. Different realms can be set up to
directly channel RADIUS messages to the various RADIUS servers. This
functionality can be effectively deployed to:

z Support a wholesale WISP model directly from the edge without the need

for any centralized AAA proxy infrastructure.

z Support EAP authenticators (for example, WLAN APs) on the subscriber-

side of the NSE to transparently proxy all EAP types (TLS, SIM, etc.) and to

allow for the distribution of per-session keys to EAP authenticators and

supplicants.

Complementing the RADIUS Proxy functionality is the ability to route RADIUS
messages depending on the Network Access Identifier (NAI). Both prefix-based (for
example, ISP/username@ISP.net) and suf fix-based (username@ISP.net) NAI routing
mechanisms are supported. Together, the RADIUS Proxy and NAI Routing further
support the deployment of the Wholesale Wi-Fi™ model allowing multiple providers
to service one location. See also, “RADIUS Client” on page 16.

Remember Me and RADIUS Re-Authentication

The NSE’s Internal Web Server (IWS) stores encrypted login cookies in the browser
to remember logins, using Usernames and Passwords between Access Points. This
“Remember Me” functionality creates a more efficient and better user experience in
wireless networks.

The RADIUS Re-Authentication buffer has been expanded to 720 hours, allowing an
even more seamless and transparent connection experience for repeat users.

Introduction 17

HOTSPOT GATEWAY

Secure Management

There are many different ways to configure, manage and monitor the performance and
up-time of network devices. SNMP, Telnet, HTTP and ICMP are all common
protocols to accomplish network management objectives. And within those objectives
is the requirement to provide the highest level of security possible.

While several network protocols have evolved that offer some level of security and
data encryption, the preferred method for attaining maximum security across all
network devices is to establish an IPSec tunnel between the NOC (Network
Operations Center) and the edge device (early VPN protocols such as PPTP have been
widely discredited as a secure tunneling method).

As part of Nomadix’ commitment to provide outstanding carrier-class network
management capabilities to its family of public access gateways, we offer secure
management through the NSE’s standards-driven, peer-to-peer IPSec tunneling with
strong data encryption. Establishing the IPSec tunnel not only allows for the secure
management of the Nomadix gateway using any preferred management protocol, but
also the secure management of third party devices (for example, WLAN Access
Points and 802.3 switches) on private subnets on the subscriber side of the Nomadix
gateway. See also, “Enabling Secure Management {VPN Tunnel}” on page 136.

Two subsequent events drive the secure management function of the Nomadix
gateway and the devices behind it:

1. Establishing an IPSec tunnel to a centralized IPSec termination server (for

example, Nortel Contivity). As part of the session establishment process, key
tunnel parameters are exchanged (for example, Hash Algorithm, Security
Association Lifetimes, etc.).

2. The exchange of management traffic, either originating at the NOC or from the

edge device through the IPSec tunnel. Alternatively, AAA data such as RADIUS
Authentication and Accounting traffic can be sent through the IPSec tunnel. See
also, “RADIUS-driven Auto Configuration” on page 16.

18 Introduction

HOTSPOT GATEWAY

The advantage of using IPSec is that all types of management traffic are supported,
including the following typical examples:

z ICMP - PING from NOC to edge devices
z Telnet - Telnet from NOC to edge devices
z Web Management - HTTP access from NOC to edge devices
z SNMP

z SNMP GET from NOC to subscriber-side device (for example, AP)
z SNMP SET from NOC to subscriber-side device (for example, AP)
z SNMP Trap from subscriber-side device (for example, AP) to NOC

Secure Socket Layer (SSL)

This feature allows for the creation of an end-to-end encrypted link between your
NSE-powered product and wireless clients by enabling the Internal Web Server
(IWS) to display pages under a secure link—important when transmitting AAA
information in a wireless network when using RADIUS.

SSL requires service providers to obtain digital certificates from VeriSign™ to create
HTTPS pages. Instructions for obtaining certificates are provided by Nomadix.

Secure XML API

XML (eXtensible Markup Language) is used by the subscriber management module
for user administration. The XML interface allows the NSE to accept and process
XML commands from an external source. XML commands are sent over the network
to your NSE-powered product which executes the commands, and returns data to the
system that initiated the command request. XML enables solution providers to
customize and enhance their product installations.

This feature allows the operator to use Nomadix' popular XML API using the built-in
SSL certificate functionality in the NSE so that parameters passed between the
Gateway and the centralized Web server are secured via SSL.

If you plan to implement XML for external billing, please contact
technical support for the XML specification of your product. Refer to

“Contact Information” on page 312.

Introduction 19

HOTSPOT GATEWAY

Session Rate Limiting (SRL)

Session Rate Limiting (SRL) significantly reduces the risk of “Denial of Service”
attacks by allowing administrators to limit the number sessions any one user can take
over a given time period and, if necessary, then block malicious users.

Session Termination Redirect

Once connected to the public access network, the NSE will automatically direct the
customer to a Web site for local or personalized services, or to establish an account
and pay for services through its Home Page Redirect functionality. In addition, the
NSE also provides pre and post authentication redirects as well as one at session
termination. See also, “Home Page Redirect” on page 11.

Smart Client Support

The NSE supports authentication mechanisms used by Smart Clients by companies
such as Adjungo Networks, Boingo Wireless, GRIC and iPass.

SNMP Nomadix Private MIB

Nomadix’ Access Gateways can be easily managed over the Internet with an SNMP
client manager (for example, HP OpenView or Castle Rock).

To take advantage of the functionality provided with Nomadix’ private MIB
(Management Information Base), simply import the
Accessories CD (supplied with the product) to view and manage SNMP objects on
your product.

See also:

z “Using an SNMP Manager” on page 59
z “Installing the Nomadix Private MIB” on page 56.

nomadix.mib file from the

20 Introduction

HOTSPOT GATEWAY

Tri-Mode Authentication

The NSE enables multiple authentication models providing the maxim um amount of
flexibility to the end user and to the operator by supporting any type of client entering
their network and any type of business relationship on the back end. For example, in
addition to supporting the secure browser-based Universal Access Method (UAM)
via SSL, Nomadix is the only company to simultaneously support port-based
authentication using IEEE 802.1x and authentication mechanisms used by Smart
Clients.

See also:

z “Access Control and Authentication” on page 6.
z “Smart Client Support” on page 20.

URL Filtering

The NSE can restrict access to specified Web sites based on URLs defined by the
system administrator . URL filtering will block access to a list of sites and/or domains
entered by the administrator using the following three methods:

z Host IP address (for example, 1.2.3.4).
z Host DNS name (for example, www.yahoo.com).
z DNS domain name (for example, *.yahoo.com, meaning all sites under the

yahoo.com hierarchy, such as finance.yahoo.com, sports.yahoo.com, etc.).

The system administrator can dynamically add or remove up to 300 specifi c IP
addresses and domain names to be filtered for each property.

Walled Garden

The NSE provides up to 300 IP passthrough addresses (and/or DNS entries), allowing
you to create a “Walled Garden” within the Internet where unauthenticated users can
be granted or denied access to sites of your choosing.

Web Management Interface

Nomadix’ Access Gateways can be managed remotely via the built-in Web
Management Interface where various levels of administration can be established. See
also, “Using the Web Management Interface (WMI)” on page 58.

Introduction 21

HOTSPOT GATEWAY

Optional NSE Modules

Credit Card Module

Your product license may not support this feature.

The optional Credit Card Module provides a secure interface over SSL to enable
billing via a credit card for HSIA. This module also includes the Bill Mirror
functionality for posting of billing records to multiple sources.

See also:

z “Secure Socket Layer (SSL)” on page 19.

Wholesale Roaming Module

Your product license may not support this feature.

The optional Wholesale Roaming Module provides advanced NAI (Network Access
Identifier) routing capabilities, enabling multiple service providers to share a HotSpot
location, further supporting a Wi-Fi wholesale model. This functionality allows users
to interact only with their chosen provider in a seamless and transparent manner.

High Availability Module

Your product license may not support this feature.

The optional High Availability Module offers enhanced network uptime and service
availability when delivering high-quality Wi-Fi service by providing Fail-Over
functionality. This module allows a secondary Nomadix Access Gateway to be placed
in the network that can take over if the primary device fails, ensuring Wi-Fi service
remains uninterrupted.

22 Introduction

HOTSPOT GATEWAY

Optional Standalone Applications

The following supplemental applications—delivered on a separate CD-ROM—are
available from Nomadix:

Meeting Room Scheduler (MRS)

If you have purchased the NSE’s optional Hospitality Module, our Meeting Room
Scheduler (MRS) application can further enhance your product’s integration into the
hospitality environment. The MRS allows hotel desk clerks to schedule and reserve
conference rooms on behalf of their hotel guests and generate the necessary invoices
in advance. Hotel desk clerks can now effectively schedule meetings and collect
payments directly.

Introduction 23

Network Architecture (Sample)

HOTSPOT GATEWAY

24 Introduction

HOTSPOT GATEWAY

Product Specifications

PERFORMANCE

User Support:

50 users concurrently, with option to expand (up to 150 users)

Throughput:

75Mbits/s*

*As defined by RFC1242, Section 3.17

PHYSICAL

Dimensions:

1U, free standing

8.66 (W) x 10.00 (D) x 1.75 (H) inches
220 (W) x 254 (D) x 44 (H) mm

Weight:

4.05 pounds (1.84 Kg)

Specifications

O

PERATING ENVIRONMENT

Temperature: 5° – 40° C
Relative Humidity: 20% – 90%

P

OWER

44 watt AT power supply

C

OMPLIANCE

FCC Part 15, Subpart B, Class B
CE Mark
CENELEC EN 55022:1998 Class B
CENELEC EN 60950
CENELEC EN 61000-3-3:1995
CISPR 22: 1997 Class B
UL Std. 1950
CAN/CSA Std. C22.2 No. 950

I

NTERFACES

Subscriber / Network Interface:

3 10/100 Mbps Ethernet RJ45

Management Port :

1 DB9 serial

Introduction 25

Specifications

HOTSPOT GATEWAY

LED I

NDICATORS

ACT/LINK and 10/100 for each Ethernet port
Power

N

ETWORK MANAGEMENT

Multi-Level Administration Controls
Access Control Lists
Web Administration UI
SNMP
XML API
CLI via Telnet and Serial Port

Online Help (WebHelp)

The HSG incorporates an online Help system called “WebHelp” which is accessible
through the Web Management Interface (when a remote Internet connection is
established following a successful installation). WebHelp can be viewed on any
platform (for example, Windows, Macintosh, or UNIX-based platforms) using either
Internet Explorer or Netscape Navigator (see note).

WebHelp is best viewed using Internet Explorer, version 4.0 or higher.

WebHelp is useful when you have an Internet connection to the HSG and you want to
access information quickly and efficiently . It contains all the information you will find
in this User’s Guide.

For more information about WebHelp and other online documentation resources, go
to “Online Documentation and Help” on page 39.

26 Introduction

HOTSPOT GATEWAY

Notes, Cautions, and Warnings

The following symbols are used throughout this User’s Guide:

This symbol is used for general notes and additional information that
may be useful to you.

This symbol is used for cautions and warnings. Cautions and
warnings provide important information to eliminate the risk of a
system malfunction or possible damage.

Introduction 27

HOTSPOT GATEWAY

This page intentionally left blank.

28 Introduction

HOTSPOT GATEWAY

Installing the HSG

This chapter provides installation instructions for the hardware and software
components of the HSG. It also includes an overview of the management interface,
some helpful hints for system administrators, and procedures for the following tasks:

z Unpacking the HSG
z Powering Up the System
z Logging In to the Command Line Interface
z Establishing the Start Up Configuration
z Logging Out and Powering Down the System
z Connecting the HSG to the Customer’s Network
z Establishing the Basic Configuration for Subscribers
z Archiving Your Configuration Settings

1

z Installing the Nomadix Private MIB

See also “Installation Workflow” on page 31..

Once you have installed your HSG and established the configuration
settings, you should write the settings to an archive file. If you ever
experience problems with the system, your archived settings can be
restored at any time. See “Archiving Your Configuration Settings” on

page 56.

Nomadix HotSpot Gateway (HSG)

Installing the HSG 29

HOTSPOT GATEWAY

Unpacking the HSG

When you unpack the HSG, you will find the following items in the carton:

Item Qty

HSG module 1
Power cord 1
DB9 female-to-female serial connector/cable (6 ft. length), for establishing a

direct serial connection with the HSG.
“Accessories” CD-ROM (containing this User’s Guide, README file,

NOMADIX Enterprise MIB file, and any other useful accessories.
Quick Start Guide 1
End User License Agreement (EULA) 1
Packing materials (polystyrene end caps) 2

1

1

30 Installing the HSG

HOTSPOT GATEWAY

Installation Workflow

This flowchart illustrates the steps that are required to install and configure the HSG
successfully. Review the installation workflow before attempting to install the HSG
on the customer’s network.

Place the HSG on a flat and stable work surface and connect the power cord.

Connect the HSG to a “live” network. Use the DB9 serial cable (6 ft.

length) between the HSG’s serial port and your computer.

Power up your computer and turn on the HSG.

Start a HyperTerminal session to communicate with the HSG via the serial port.

Log in to the Command Line Interface.

When prompted, configure your HSG’s IP, DNS, and Location

settings. The HSG will then prompt you to reboot the system.

When prompted, accept to the Nomadix End User License Agreement (EULA). You must

accept the EULA before the HSG can connect with the Nomadix License Key Server. When

the key is successfully received from the server, your HSG will reboot. You can now power

down and connect the HSG to the customer’s network.

Network

Connect the HSG to the customer’s network.

Power up the HSG and log in via a Telnet session o r the Web Management Interface.

Set the basic configuration parameters for subscribers.

The HSG is now ready for administrators to add, delete, or

Export your configuration settings to an archive file.

change unique subscriber profiles.

Installing the HSG 31

HOTSPOT GATEWAY

Powering Up the System

Use this procedure to establish a direct cable connection between the HSG and your
laptop computer, and to power up the system.

1. Place the HSG on a flat and stable work surface.

2. Connect the power cord.

3. Connect the DB9 female-to-female serial cable (6 ft. length) between the HSG’s

“serial port” and your computer.

4. Turn on your computer and allow it to boot up.

5. Turn on the HSG.

Rear Panel

Serial Port

Serial Cable

32 Installing the HSG

HOTSPOT GATEWAY

Logging In to the Command Line Interface

Use this procedure to initialize the system and log in to the HSG’s Command Line
Interface (CLI). The character-based CLI is used at initial start-up.

1. Start a HyperTerminal™ session to connect to the HSG. Use the following

HyperTerminal set tin gs:

Bits per second 9600
Data bits 8
Parity None
Stop bits 1
Flow control None

2. When connected to the HSG, a login prompt appears on your screen.

The default login user name is “admin.” The password is “admin.” Login names
and passwords are case-sensitive.

3. Enter admin when prompted for a user name and password. The HSG Menu

appears when you have logged in to the HSG’s management interface
successfully. If this is an initial installation which requires the HSG to receive a
license key from the Nomadix License Key Server, you must accept the
Nomadix End User License Agreement (EULA).

Installing the HSG 33

HOTSPOT GATEWAY

34 Installing the HSG

HOTSPOT GATEWAY

The Management Interfaces (CLI and Web)

The HSG supports various methods for managing the system remotely.
These include, an embedded graphical Web Management Interface
(WMI), an SNMP client, or Telnet. However, until the unit is installed
and running, system management is performed from the HSG’s
embedded CLI via a direct serial cable connection. The CLI can also be
accessed remotely.

Until the unit is installed on the customer’s network and a remote connection is
established, the CLI is the administ rator’s window to the system. This is where you
establish all the HSG start-up configuration parameters, depending on the customer’s
network architecture.

The HSG Menu is your starting point. From here, you access all the system
administration items from the 5 (five) primary menus available “configuration,”
“network info,” “port-location,” “subscribers,” and “system.” The HSG Menu also
includes a “logout” option for logging out of the system.

Although the basic functional elements are the same, the CLI and the
WMI have some minor content and organizational differences. For
example, in the WMI the “subscribers” menu is divided into
“Subscriber Administration” and “Subscriber Interface.” See also,

“Menu Organization (Web Management Interface)” on page 36.

Making Menu Selections and Inputting Data with the CLI

The CLI is character-based. It recognizes the fewest unique characters it needs to
correctly identify an entry. For example, in the HSG Menu you need only ent e r
access the Configuration menu, but you must enter su to access the Subscribers menu
and

sy to access the System menu (because they both start with the letter “s”).

You may also do any of the following:

z Enter b (back) or press Esc (escape) to return to a previous menu.
z Press Esc to abort an action at any time.
z Press Enter to redisplay the current menu.
z Press ? at any time to access the CLI’s Help screen.

When using the CLI, if a procedure asks you to “enter sn,” this means you must type

sn and press the Enter key. The system does not accept data or commands until you

hit the Enter key.

Installing the HSG 35

c to

HOTSPOT GATEWAY

Menu Organization (Web Management Interface)

When you have successfully installed and configured the HSG from the CLI, you can
then access the HSG from its embedded Web Management Interface (W MI). The
WMI is easier to use (point and click) and includes some items not found in the CLI.
You can use either interface, depending on your preference.

The following “composite” screen shows how the HSG’s WMI menus (folders) are
organized (shown here side-by-side for clarity and space). The menu items listed here
are for a fully featured HSG (with all optional modules included). See also, “About

Your Product License” on page 60.

36 Installing the HSG

HOTSPOT GATEWAY

Note: Y our br owser pr efer ences or Internet
options should be set to compare loaded
pages with cached pages.

Installing the HSG 37

HOTSPOT GATEWAY

Inputting Data – Maximum Character Lengths

The following table details the maximum allowable character lengths when inputting
data:

Data Field Max. Characters

All Messages (billing options) 72
All Messages (subscriber error messages) 72
All Messages (subscriber login UI) 72
All Messages (subscriber “other” messages) 72
Description of Service (billing options Plan) 140
Home Page URL 237
Host Name and Domain Name (DNS settings) 64
IP / DNS Name (passthrough addresses) 237
Label (billing options plan) 16
Location settings (all fields) 99
Partner Image File Name 12
Password (adding subscriber profiles) 128
Port Description (finding ports by description) 63
Redirection Frequency (in minutes) 2,147,483,647

(recommend 3600)
Reservation Number 24
Username (adding subscriber profiles) 96
Valid SSL Certificate DNS Name 64

38 Installing the HSG

HOTSPOT GATEWAY

Online Documentation and Help

The Web Management Interface (WMI) incorporates an online help system which is
accessible from the main window.

Click here to access
the online Help system

Other online documentation resources, available from our corporate Web site
(www.nomadix.com), include a full PDF version of this User’s Guide (viewable with
Acrobat™ Reader, version 4.0 or higher), white papers, technical notes, and business
cases. The PDF version of this User’s Guide and associated README files are also
available on the “Accessories” CD-ROM supplied with your HSG.

Installing the HSG 39

HOTSPOT GATEWAY

Quick Reference Guide

This manual contains a “Quick Reference Guide” on page 257 which provides
information to help you navigate and use the management interfaces (CLI and Web)
quickly and efficiently. It also contains the product specifications, a listing of the
factory default settings, sample log reports, listings of comm ands (by menu and
alphabetical), HyperTerminal settings, and some common keyboard shortcuts.

Establishing the Start Up Configuration

The CLI allows you to administer the HSG’s start-up configuration settings.

When establishing the start-up configuration for a new installation, you
are connected to the HSG via a direct serial connection (you do not
have remote access capability because the HSG is not yet configured or
connected to a network). Once the installation is complete (see

“Installation Workflow” on page 31) and the system is successfully

configured, you will have the additional options of managing the HSG
remotely fr om the system’s Web Management Interface, an SNMP client
manager of your choice, or a simple Telnet interface.

The start up configuration must be established before connecting the HSG to a
customer’s network. The “start up” configuration settings include:

z Assigning Login User Names and Passwords – You must assign a uniq ue

login user name and password that enables you to administer and manage the
HSG securely.

User names and passwords are case-sensitive.

z Setting the SNMP Parameters (optional) – The SNMP (Simple Network

Management Protocol) parameters must be established before you can use an
SNMP client (for example, HP OpenView) to manage and monitor the HSG
remotely.

z Enabling the Logging Options (recommended) – Servers must be assigned

and set up if you want to create system and AAA (billing) log files, and
retrieve error messages generated by the HSG.

40 Installing the HSG

HOTSPOT GATEWAY

z Assigning the Location Information and IP Addresses:

z Assigning the Network Interface IP Address – Th is is the

z Assigning the Subscriber Interface IP Address – This is the

z Assigning the Subnet Mask – The subnet mask defines the

z Assigning the Default Gateway IP Address – This is the IP

public IP address that allows administrators and subscribers to see the
HSG on the network. Use this address when you need to make a
network connection with the HSG.

IP address that subscribers will see on the private side of the HSG.

number of IP addresses that are available on the routed subnet where
the HSG is located.

address of the router that the HSG uses to transmit data to the
Internet.

Installing the HSG 41

HOTSPOT GATEWAY

Assigning Login User Names and Passwords

When you initially powered up the HSG and logged in to the Management Interface,
the default login user name and password you used was “admin.” The HSG allows
you to define 2 concurrent access levels to differentiate between managers and
operators, where managers are permitted read/write access and operators are
restricted to read access only . Once the logins have been assigned, managers have the
ability to perform all write commands (Submit, Reset, Reboot, Add, Delete, etc.), but
operators cannot change any system settings. When Administration Concurrency is
enabled, one manager and three operators can access the HSG at any one time (the
default setting for this feature is “disabled”).

1. Enter sy (system) at the HSG Menu. The System menu appears.

2. Enter lo (login).

The system prompts you for the current login. If this is the first time you are
changing the login parameters since initializing the HSG, the default login name
and password is “admin.”

The system accepts up to 11 characte rs (a ny character type) for user
names and passwords. All user names and passwords are case-sensitive.

3. When prompted, confirm the current login parameters and enter new ones.

Sample Screen Response

System>lo
Enable/Disable Administration Concurrency [disabled]: e

Current login: admin
Current password: *****

Enter new manager login: newmgr
Enter new password: *******
Retype new password: *******

The administrative login and password were changed
Enter new operator login: newop

Enter new operator password: *****
Retype new operator password: *****

The operator login and password were changed

Enter RADIUS remote test login: rad
Enter new RADIUS remote test password: *****
Retype new RADIUS remote test password: *****

The RADIUS remote test login and password were changed

You must use the new login user name(s) and password(s) to access the system.

42 Installing the HSG

HOTSPOT GATEWAY

Setting the SNMP Parameters (optional)

You can address the HSG using an SNMP client manager (for example, HP
OpenView). SNMP is the standard protocol that regulates network management over
the Internet. To do this, you m ust set up the SN MP communities and identifiers. For
more information about SNMP, see “Using an SNMP Manager” on pag e 59 .

If you want to use SNMP, you must manually turn on SNMP.

1. Enter c (configuration) at the HSG Menu. The Configuration menu appears.

2. Enter sn (snmp).

3. Enable the SNMP daemon, as required. The system displays any existing SNMP

contact information and prompts you to enter new information. If this is the first
time you have initialized the SNMP command since removing the HSG from its
box, the system has no information to display (there are no defaults).

4. Enter the SNMP parameters (communities and identifiers). The SNMP

parameters include your contact information, the get/set communities, and the IP
address of the trap recipient. Your SNMP mana ger needs this information to
enable network management over the Internet.

5. If you enabled the SNMP daemon, you must reboot the system for your changes

to take effect. In this case, enter y (yes) to reboot your HSG.

Sample Screen Response

Configuration>sn
Enable the SNMP Daemon? [Yes]:

Enter new system contact: newname@domainname.com
[Nomadix, Westlake Village, CA]
Enter new system location: Office, Westlake Village, CA
Enter read/get community[public ]:
Enter write/set community[private]:
Enter IP of trap recipient[0.0.0.0 ]: 10.11.12.13

SNMP Daemon Enabled
System contactnewname@domainname.com
System locationOffice, Westlake Village, CA
Get (read) communitypublic
Set (write) communityprivate
Trap recipient 10.11.12.13
Reboot to enable new changes? [yes/no] y
Rebooting ...

You can now address the HSG using an SNMP client manager.

Installing the HSG 43

HOTSPOT GATEWAY

Enabling the Logging Options (recommended)

System logging creates log files and error messages generated at the system level.
AAA logging creates activity log files for the AAA (Authentication, Authorization,
and Accounting) functions. You can enable either of these options.

Although the AAA and billing logs can go to the same server, we
recommend that they have their own unique server ID number assigned
(between 0 and 7). When managing multiple properties, the properties
are identified in the log files by their IP addresses.

When system logging is enabled, the standard SYSLOG protocol (UDP) is used to
send all message logs generated by the HSG to the specified server.

1. Enter log (logging) at the Configuration menu.

The system displays the current logging status (enabled or disabled).

2. Enable or disable the system and/or AAA logging options, as required.

If you enable either option, go to Step 3, otherwise logging is disabled and you
can terminate this procedure.

3. Assign a valid ID number (0-7) to each server.

4. Enter the IP addresses to identify the location of the system and AAA SYSLOG

servers on the network (the default for both is 0.0.0.0).
When logging is enabled, log files and error messages are sent to these servers for

future retrieval. To see sample reports, go to “Sample SYSLOG Report” on

page 274 and “Sample AAA Log” on page 272.

Sample Screen Response

Configuration>log

Enable/disable system log [disabled]: enable
Enter system log number (0-7)[0]: 1
Enter System log filter

0: Emergency
1: Alert
2: Critical
3: Error
4: Warning
5: Notice
6: Info
7: Debug

Select an option from above [6] 6

44 Installing the HSG

HOTSPOT GATEWAY

Enter system server IP [0.0.0.0]: 8.9.10.11
Enable/disable system log savefile [disabled]: enable

Enable/disable AAA logging [disabled]: enable
Enter AAA number (0-7) [0]: 2
Enter AAA log filter [6]
Enter AAA server IP [0.0.0.0]: 9.10.11.12
Enable/disable log save to file [disabled]: enable

Enable/disable RADIUS History log [disabled]: enable
Enter RADIUS history log number (0-7) [0]: 2
Enter RADIUS history log filter [6]
Enter RADIUS history log server IP [0.0.0.0]: 9.10.11.12
Enable/disable RADIUS history log Save to file [disabled]: enable

Enable/disable System Report log [disabled]: enable
Enter System Report log number (0-7) [0]: 2
Enter System Report log server IP [0.0.0.0]: 9.10.11.12
Enter System Report log Interval (minutes) [10]

Enable/disable Tracking log [disabled]: enable
Enter Tracking number (0-7) [0]: 2
Enter Tracking server IP [0.0.0.0]: 9.10.11.12
Enable/disable Tracking log save to file [disabled]: enable

System log Enabled
System log number 1
System log filter 6
System log server IP 8.9.10.11
System log Save to file Disabled

AAA log Enabled
AAA log number 1
AAA log filter 6
AAA log server IP 8.9.10.11
AAA log Save to file Disabled

RADIUS History log Enabled
RADIUS History log number 1
RADIUS History log filter 6
RADIUS History log server IP 8.9.10.11
RADIUS History log Save to file Disabled

System Report log Enabled
System Report log number 1
System Report log server IP 8.9.10.11

Installing the HSG 45

System Report log Save to file Disabled

Tracking logging Enabled
Tracking log number 1
Tracking log server IP 8.9.10.11
Tracking log Save to file Disabled

HOTSPOT GATEWAY

46 Installing the HSG

HOTSPOT GATEWAY

Assigning the Location Information and IP Addresses

The “location” command in the Configuration menu establishes the HSG’s location
settings, the network interface IP address, the subscriber interface IP address, the
subnet mask, and the default gateway IP address. All of these HSG “location”
parameters must be set up as part of the system’s start up configuration (otherwise the
HSG will not be “visible” on the network).

1. Enter c (configuration) at the HSG Menu.

The Configuration menu appears.

2. Enter loc (set Location options).

The system displays the Company Name. If the name displayed is not correct (or
no name is entered), enter it now.

3. When prompted, enter the company’s address (line by line - 6 lines).

4. When prompted, enter a valid email address for this company.

The system now displays the current network interface IP address (the default
address is 10.0.0.10) and prompts you for a valid address. The network interface
IP address is the public IP address that allows administrators to see the HSG on
the network. Use this address when you need to make a network connection with
the HSG.

The network interface and subscriber interface addresses must be on the
same subnet.

5. When prompted, enter a valid network interface IP address.

After assigning the network interface IP address, the system displays the current
subscriber interface IP address (the default is 10.0.0.11). The IP addresses from
subscribers that are on a subnet different from the HSG (for example,
misconfigured) are translated by Nomadix’ Dynamic Address Translation (DAT)
patented technology to the

6. Enter a valid subscriber interface IP address.

Subscriber IP Address.

After assigning the subscriber interface IP address, the system displays the
current subnet mask (the default mask is 255.255.255.0). The subnet mask
defines the number of IP addresses that are available on the routed subnet where
the HSG is located.

The subscriber interface acts as a multifunctional “translator.” For
example, if a subscriber’ s computer is setup statically for a network with
a gateway address of 10.1.1.1, the HSG emulates the gateway to
accommodate this subscriber while emulating other gateways to
accommodate other subscribers.

Installing the HSG 47

HOTSPOT GATEWAY

7. Enter a valid subnet mask.

After assigning the subnet mask, the system displays the current default gateway
IP address (the factory default is 10.0.0.1). This is the IP address of the router that
the HSG uses to transmit data to the Internet.

8. Enter a valid default gateway IP address.

9. After establishing all “Location” settings, you must reboot the HSG for your

changes to take effect.

Sample Screen Response

Configuration>loc
Please enter your company name [companyname]: newname
Please enter your site name [sitename]: Coffee House
Please enter your address <Line 1> [line1address]: newline1

<Line 2> [line2address]: newline2
<City> [city ]: newcity
<State> [state ]: newstate
<Zip/Postal Code>[zip ]: newzip

<Country> [country ]: newcountry
Please enter your email address [em@em.com]: mail@email.com
Please select the venu type that most reflects your location

1. Apartment

2. Bar/Coffeeshot/Restaurant

3. Convention Center

4. Corporate Guest Access

5. Education

6. Hospitality

7. Marina/Camp Ground

8. Public Space

9. Public Transport

10. Airport

11. Truckstop / Rest Area

12. Car Rental Facility

13. Club

14. Health Club

15. Bar

16. Retail Business

17. Marina

18. Arena

19. Theatre

20. Metro Area / HotZone

21. Indoor Public Space / Hospital / Museum / Library

22. Gas Station

23. Resort

24. Lab / T est

48 Installing the HSG

HOTSPOT GATEWAY

25. Other

Please enter a number from the above list [ 1]:

Select Network Interface Configuration Mode:

0 - Static
1 - DHCP Client
2 - PPPoE Client

Select the Network Interface Configuration Mode: [0]:

Enter network interface IP [ ]:
Enter subnet mask [ ]:
Enter default gateway IP [ ]:
Please enter your ISO country code [US]: US
Please enter your phone country code [1]: 1
Please enter your calling area code [818]: 818
Please enter your network SSID/Zone [ ]:samplezonename

The system must be reset to function properly. Reboot? [yes/no]: y

Your new settings are displayed and the HSG reboots. When the system restarts,
the Telnet interface is enabled (based on your new configuration settings which
are saved to the HSG’s on-board flash memory).

The start up configuration is now complete; however, before connecting
the HSG to the customer’s network, you must power down the system.

Go to “Logging Out and Powering Down the System” on page 50.

Installing the HSG 49

HOTSPOT GATEWAY

Logging Out and Powering Down the System

Use this procedure to log out and power down the HSG.

1. Enter l (logout) at the HSG Menu. Your serial session closes automatically.

Sample Screen Response

HSG >l
Serial session 1 closing

2. Turn off the HSG and disconnect the power cord.

3. Disconnect the serial cable between the HSG and your computer.

50 Installing the HSG

HOTSPOT GATEWAY

Connecting the HSG to the Customer’s Network

Use this procedure to connect the HSG to the customer’s network (after the start up
configuration parameters have been established).

1. Choose an appropriate physical location that allows a minimum clearance of 4cm

either side of the unit (for adequate airflow).

2. Connect the HSG to the router, then connect the HSG to the customer’s

subscriber port.

Rear Panel

To

Subscriber Port

3. Connect the power cord and turn on the HSG.

4. Go to “Establishing the Basic Configuration for Subscribers” on page 52.

To

Router

Installing the HSG 51

HOTSPOT GATEWAY

Establishing the Basic Configuration for Subscribers

When you have successfully established the start up configuration and installed the
unit onto the customer’s network, connect to the HSG via Telnet. You must now set up
the basic configuration parameters for subscribers, including:

z Setting the DHCP Options – DHCP (Dynamic Host Configuration Protocol)

allows you to assign IP addresses automatically (to subscribers who are
DHCP enabled). The HSG can “relay” the service through an external DHCP
server or it can be configured to act as its own DHCP server.

z Setting the DNS Options – DNS (Domain Name System) allows subscribers

to enter meaningful URLs into their browsers (instead of complicated
numeric IP addresses). DNS converts the URLs into the correct IP addresses
automatically.

Setting the DHCP Options

When a device connects to the network, the DHCP server assigns it a “dynamic” IP
address for the duration of the session. Most users have DHCP capability on their
computer. To enable this service on the HSG, you can either enable the DHCP relay
(routed to an external DHCP server IP address), or you can enable the HSG to act as
its own DHCP server. In both cases, DHCP functionality is necessary if you want to
automatically assign IP addresses to subscribers.

The HSG’s adaptive configuration technology provides Dynamic
Address Translation (DAT) functionality. DAT is automatically
configured to facilitate “plug-and-play” access to subscribers who are
misconfigured with static (permanent) IP addresses, or subscribers that
do not have DHCP capability on their computers. DAT allows all users
to obtain network access, regardless of their computer’s network
settings.

1. Enter c (configuration) at the HSG Menu.

The Configuration menu appears.

2. Enter dh (dhcp).

By default, the HSG is configured to act as its own DHCP server and the
relay feature is “disabled.”. Pl ease verify that your DHCP Server
supports DHCP packets before enabling the relay. Not all devices
containing DHCP servers (for example, routers) support DHCP Relay
functionality.

52 Installing the HSG

HOTSPOT GATEWAY

When assigning a DHCP Relay Agent IP address for the DHCP
Relay, ensure that the IP address you use does not conflict with
devices on the network side of the HSG.

Although you cannot enable the DHCP relay and the DHCP service at
the same time, it is possible to “disable” both functions from the
Command Line Interface. In this case, a warning message informs
you that no DHCP services are available to subscribers.

3. Follow the on-screen instructions to set up your DHCP options. For example:

Sample Screen Response

Configuration>dh
Enable/Disable IP Upsell [disabled ]:

Enable/Disable DHCP Relay[disabled]:
Enable/Disable DHCP Server[enabled]:
Enter external Subnet-based DHCP Service [disabled]:

IP Upsell Disabled
DHCP Relay Disabled
External DHCP Server IP0.0.0.0
DHCP Relay Agent IP0.0.0.0
DHCP ServerEnabled
DHCP Server Subnet-based Disabled

Server-IPServer-NetmaskStart-IPEnd-IPLeaseTypeIPUp

208.11.0.4255.255.0.0208.11.0.5208.11.0.720PRIVNO

10.0.0.4255.255.255.010.0.0.510.0.0.25030PRIVNO *
* Default IP Pool
DHCP IP Pools Configuration:
0 - Show IP Pools
1 - Add a new IP Pool
2 - Modify an IP Pool
3 - Remove an IP Pool
4 - Exit this menu
Select the DHCP Pool configuration mode[0]:

After setting up your DHCP options, the system must be rebooted for
your changes to take effect.

Installing the HSG 53

HOTSPOT GATEWAY

Setting the DNS Options

DNS allows subscribers to enter meaningful URLs into their browsers (instead of
complicated numeric IP addresses) by automatically converting the URLs into the
correct IP addresses. You can assign a primary, secondary, or tertiary (third) DNS
server. The HSG utilizes whichever server is currently available.

You must configure DNS if you want to enter meaningful URLs instead
of numeric IP addresses into any of the HSG’s configuration screens.

Use the following procedure to set the DNS configuration optio ns.

1. Enter c (configuration) at the HSG Menu.

The Configuration menu appears.

2. Enter dn (dns) at the Configuration menu.

The system displays the current domain (the default is “nomadix”).

3. Enter a valid domain name (the Internet domain that DNS requests will utilize).

4. Enter the host name (the DNS name of the HSG). The host name must not contain

any spaces.
After assigning the host name, the system requests IP addresses for the primary,

secondary, and tertiary DNS servers (the default for the DNS primary address is

0.0.0.2).

The secondary and tertiary DNS servers are only utilized if the primary
DNS server is unavailable.

5. Enter the IP addresses for the DNS servers (located at the Customer’s Network

Operating Center where DNS requests are sent).

54 Installing the HSG

HOTSPOT GATEWAY

6. You must now reboot the system for your settings to take effect. Enter y (yes) to

reboot the HSG.

Sample Screen Response

Configuration>dn
Enter domain[domainname ]: newdomainname
Enter host name <no spaces>[dnshostname]: newhostname
Enter primary DNS[0.0.0.2 ]: 20.21.22.23
Enter secondary DNS[0.0.0.0 ]: 21.22.23.24
Enter tertiary DNS[0.0.0.0 ]: 22.23.24.25

The system must be reset to function properly. Reboot? [yes/no]: y
Domain newdomainname

Host Name newhostname
Primary DNS20.21.22.23
Secondary DNS21.22.23.24
Tertiary DNS22.23.24.25
Rebooting ...

The DNS options have been established. DNS will now convert subscriber
browser URLs into the correct IP addresses automatically.

Installing the HSG 55

HOTSPOT GATEWAY

Archiving Your Configuration Settings

Once you have installed your HSG and established the configuration settings, you
should write the settings to an archive file. If you ever experience problems with the
system, your archived settings can be restored at any time.

Refer to the following procedures:

z “Exporting Configuration Settings to the Archive File {Export}” on

page 219.

z “Importing Configuration Settings from the Archive File {Import}” on

page 226.

Installing the Nomadix Private MIB

The Nomadix Private MIB is supplied on the “Accessories” CD-ROM, delivered with
your HSG. After importing the nomadix.mib file from the CD-ROM you will be able
to view and manage SNMP objects on your HSG.

1. Import the nomadix.mib file into your SNMP client manager.

2. Connect to the HSG from a node on the network that is accessible via the HSG’s

network port (Internet, LAN, etc.). Be sure to enable the SNMP daemon on the
HSG (available on the HSG’s CLI or Web Management Interface, under the
Configuration menu –

3. All variables defined by Nomadix start with the following prefix:

snmp).

iso.org.dod.internet.private.enterprises.nomadix

4. You should now be able to define queries and set the SNMP values on your HSG .

If necessary, consult this User’s Guide or your SNMP client manager’s
documentation for further details.

We recommend that you change the predefined community strings in
order to maintain a secure environment for your HSG.

56 Installing the HSG

HOTSPOT GATEWAY

System Administration

This chapter provides all the instructions and procedures necessary for system
administrators to manage the HSG on the customer’ s network (after a successful
installation).

The system administration procedures in this chapter are organized as they are listed
under their respective Web Management Interface (WMI) menus:

z Configuration Menu
z Network Info Menu
z Port-Location Menu
z Subscriber Administration Menu
z Subscriber Interface Menu
z System Menu

Now that the HSG has been installed and configured successfully, this
User’s Guide moves away from the Command Line Interface (CLI) and
documents the HSG from the Web Management Interface (WMI).

2

Choosing a Remote Connection

Once installed and configured for the customer’s network, the HSG can be managed
and administered remotely with any of the following interface options:

z Using the Web Management Interface (WMI) – providing a powerful and

flexible Web interface for network administrators.

z Using an SNMP Manager – allowing remote “Windows” management using

an SNMP client manager (for example, HP OpenView). However, before
you can use SNMP to access the HSG, you must set up the appropriate
SNMP communities. For more information , refe r to “Managing the SNMP

Communities {SNMP}” on page 128.

z Using a Telnet Clien t – for “character-based” administration and

management, using the Command Line Interface (CLI).

To use any of the remote connections (Web, SNMP, or Telnet), the
network interface IP address for the HSG must be established (you did
this during the installation process).

Choose an interface connection, based on your preference.

System Administration 57

HOTSPOT GATEWAY

Using the Web Management Interface (WMI)

The Web Management Interface (WMI) is a “graphical” version of the Command
Line Interface, comprised of HTML files. The HTML files are embedded in the HSG
and are dynamically linked to the system’s functional command sets. You can access

the WMI from any Web browser.

Your browser preferences or Internet options should be set to compare
loaded pages with cached pages.

To connect to the Web Management Interface, do the following:

1. Establish a connection to the Internet.

2. Open your Web browser.

3. Enter the network interface IP address of the HSG (set up during the installation

process).

4. Log in as usual (supplying your user name and password).

To access any menu item from the WMI, simply click on the item you want. The
corresponding work screen then appears in the right side frame. From here you can
control the features and settings related to your selection. Although the appearance is
very different from the Command Line Interface, the information displayed to you is
basically the same. The only difference between the two interfaces is in the method
used for making selections and applying your changes (selections are checkable
boxes, and applying your changes is achieved by pressing the
Pressing the

Reset button resets the screen to its previous state (clearing all your

changes without applying them).

Submit button).

58 System Administration

HOTSPOT GATEWAY

Using an SNMP Manager

Once the SNMP communities are established, you can connect to the HSG via the
Internet using an SNMP client manager (for example, HP OpenView). SNMP is the
standard protocol used in the Network Management (NM) system. This system
contains two primary elements:

z Manager – The console (client) through which system administrators

perform network management functions.

z Agent – An SNMP-compliant device which stores data about itself in a

Management Information Base (MIB). The HSG is an example of such a
device.

The HSG contains managed objects that directly relate to its current operational state.
These objects include hardware configuration parameters and performance statistics.

Managed objects are arranged into a virtual information database, called a
Management Information Base (MIB). SNMP enables managers and agents to
communicate with each other for the purpose of accessing these MIBs and retrieving
data. See also, “Installing the Nomadix Privat e MIB” on pa ge 56.

The following example shows a (partial) SNMP screen response.

Using a Telnet Client

There are many T elnet clients that you can us e to connect with the HSG. Using Telnet
provides a simple terminal emulation that allows you to see and interact wi th the
HSG’s Command Line Interface (as if you were connected via the serial interface).
As with any remote connection, the network interface IP address for the HSG must be
established (you did this during the installation process).

System Administration 59

HOTSPOT GATEWAY

Logging In

To access the HSG’s Web Management Interface, use the Manager or Operator login
user name and password you defined during the installation process (See “Assigning

Login User Names and Passwords” on page 42.).

User names and passwords are case-sensitive.

About Your Product License

Some features included in this chapter will not be available to you unless you have
purchased the appropriate product license from Noma dix. In this case, the following
statement will appear either immediately below the section heading or when the
feature is mentioned in the body text.

Your product license may not support this feature.

You can upgrade your product license at any time.

Configuration Menu

Defining the AAA Services {AAA}

This procedure shows you how to set up the AAA (Authentication, Authorization, and
Accounting) service options. AAA Services are used by the HSG to authenticate,
authorize, and subsequently bill subscribers for their use of the customer’s network.
The HSG currently supports several AAA models which are discussed in See

“Subscriber Management” on page 252..

1. From the Web Management Interface, click on Configuration, then AAA.

60 System Administration

HOTSPOT GATEWAY

The Authentication, Authorization, and Accounting Settings screen appears:

System Administration 61

Continued...

HOTSPOT GATEWAY

2. Enable or disable AAA Services. If you enable AAA Services, go to Step 3,

otherwise this feature is disabled and you can exit the procedure.

3. Enable or disable the XML Interface, as required.

XML (eXtensible Markup Language) is used by the HSG’s subscriber
management module for port location and user administration. Enabling the
XML interface allows the HSG to accept and process XML commands from an
external source. XML commands are sent over the network to the HSG. The HSG
parses the query string, executes the commands specified by the string, and
returns data to the system that initiated the comman d req u e st .

4. If you enabled the XML Interface feature, enter the XML IP (server) address.

62 System Administration

HOTSPOT GATEWAY

5. Enable or disable Print Billing Command, as required. This feature enables NSE

to support Driverless Print servers. If this feature is enabled, you must enable the
XML interface and enter the IP address for the XML interface (Step 3 and Step

4). With Print Billing enabled, print servers can bill subscribers’ rooms for
printing their documents without them having to install printe rs.

The DNS name print.server.com will internally resolve to the Configured Print
Server URL that is entered in the configuration. When subscribers are redirected
to the Print Server the NSE adds Parameters to that request, so that the Server is
able to charge the proper subscriber.

With these variables sent to the server it can now send the XML command to bill
the users properly.

Print Server IP needs to be entered as one of the XML server IP for the command
to successfully complete.

The XML command is:
<USG COMMAND="BILL_PRINT" IP_ADDR="">

<ROOM_NUM></ROOM_NUM>
<DOC_NAME></DOC_NAME>
<NUM_COPIES></NUM_COPIES>
<NUM_PAGES></NUM_PAGES>
<COST></COST>
<TIME_SUBMITTED></TIME_SUBMITTED>

</USG>
Subscribers could get to print.server.com by:

z ICC button link
z Printout in the hotel room
z Link from the hotel’s HPR Page.

Your product license may not support this feature.

6. Enable or disable the AAA Passthrough Port feature, as required.

System administrators can set the HSG to pass-through HTTPS traffic, in
addition to standard port 80 traffic, without being redirected. When access to a
non-HTTPS address (for example, a Search Engine or News site) has been
requested, the subscriber is then redirected as usual.

System Administration 63

HOTSPOT GATEWAY

7. If AAA passthrough is enabled, enter the corresponding port number.

The port number must be different than 80, 2111, 1111, or 1112.

8. Enable or disable the 802.1x Authentication Support feature, as required.

Both AAA and RADIUS Authentication must be enabled for 802.1x
Authentication support.

9. Enable or disable the Origin Server (OS) parameter encoding for Portal Page

and EWS

10. You can choose to Enable failover to Internal Web Server

feature, as required.

Authentication if Portal Pag e/External Web Server is n ot reachable by
placing a check in that box.

11. Enable or disable Port Based Billing Policies.

The Port Location capabilities on the NSE have been enhanced. It is now possible
to define a policy on a port. The billing methods (RADIUS, Credit Card, L2TP
Tunneling) and the billing plans available on each port can now be individually
configured. This ability allows for having different billing methods and billing
plans on different ports of the NSE. .

In order for the port-based policies to work, you must enable Port Based Billing
Policies. See also “Adding and Updating Port-Location Assignments {Add}” on

page 150.

64 System Administration

HOTSPOT GATEWAY

12. Depending on which authorization mode you choose, go to the following sub-

sections in this procedure:

z Enabling AAA Services with the Internal Web Server – The IWS is

“flashed” into the system’ s memory and the subscriber’s login page is served
directly from the HSG. In this mode, the login page consists of a simple
request for the subscriber’s ID (user name) and password.

z Enabling AAA Services with an External Web Server – In the EWS mode,

the HSG redirects the subscriber’s login request to an external server
(transparent to the subscriber). The login page served by the EWS reflects
the “look and feel” of the solution provider’s network and presents more
login options.

Enabling AAA Services with the Internal W eb Server

You are here because you want to enable the AAA Services with the HSG’s Internal
Web Server. The HSG maintains an internal database of authorized subscribers, based

on their MAC (hardware address) and user name (if enabled). By referring to its
database record, also known as an authorization table, the HSG instantly recognizes
new subscribers on the network.

You can configure the HSG to handle new subscribers in various ways (see the tab le
on this page). With the IWS, you also have the option of enabling SSL support (if
your license includes the SSL support feature and you have the certificate files

server.pem, cakey.pem and cacert.pem on the flash).

After selecting the Internal Web Server authorization mode, you have the option of
enabling or disabling the Usernames and New Subscribers features. These features
work in conjunction with each other to determine how new subscribers are handled.
Refer to the following table:

System Administration 65

HOTSPOT GATEWAY

Usernames

Disabled Enabled Allows new subscribers to enter the system

Enabled
(optional)

Enabled Disabled New subscribers are not allowed. Only

Disabled Disabled You will not use this combination unless you

1. Select the Internal Web Server.

2. Enable or disable the SSL Support feature, as required. If you enable SSL

Support, you must provide a valid

New

Subscribers

without giving a user name and password.

Enabled Allows new subscribers or authentication by

their user name and password.

existing subscribers are allowed after
authenticating their user name and password.

want to lock out all subscribers.

Certificate DNS Name.

System Response

For more information about setting up SSL, go to “Setting Up the SSL Feature”

on page 283.

SSL support allows for the creation of an end-to-end encrypted link between the
HSG and its clients by enabling the Internal Web Server (IWS) to display pages
under a secure link—important when transmitting AAA informati on in a
network.

Adding SSL support to the HSG requires service providers to obtain digital
certificates from VeriSign™ to create HTTPS pages. Instructions for obtaining
certificates are provided by Nomadix.

To enable SSL Support, your HSG’s flash must include the server.pem,
cakey.pem, and cacert.pem certificate files (the “cacert.pem” file is

provided with your HSG). For assistance, contact “Appendix A:

Technical Support” on page 311.

You must reboot the HSG every time you enable or disable SSL Support.

66 System Administration

HOTSPOT GATEWAY

3. If you want to designate a portal page, you must enable the Portal Page feature,

otherwise leave this feature disabled.

The Portal Page IP or DNS address ar e added to the IP passthr ough list
automatically.

4. If you enabled the Portal Page feature, provide the following supporting

information:

z Portal Page URL
z Parameter Passing (enabled or disabled)
z Portal XML POST URL
z Portal XML Post Port
z Support GIS Clients (enabled or disabled—see following note)
z Block IWS Login Page (enabled or disabled)

GIS stands for Generic Interface Specification, a document written by
iPass. Enabling the Smart Client option in the HSG automatically
supports all GIS compliant clients using the Internal Web Server.
Enabling “Support for GIS Clients” under the Portal Page feature
means that the HSG will defer the managment of the GIS clients to the
Portal Page server.

5. Enable or disable the Usernames feature, as required (refer to table in “Enabling

AAA Services with the Internal Web Server” on page 65).

Some subscribers may want additional account flexibility and securit y for their
services (for example, if they use more than one computer and their MAC
address changes, or if they move between port-locations). In this case, a
subscriber can define a unique user name and password which they can use from
any machine or location (without being re-charged). Subscribers who choose this
option are prompted for their user name and password whenever they try to
access the Internet. Solution providers can charge a fee for this service.

6. Enable or disable the New Subscribers feature (refer to table in “Enabling AAA

Services with the Internal Web Server” on page 65).

New Subscribers must be enabled before enabling the Credit Card
options.

7. If you enabled New Subscribers, enable or disable the Relogin After Timeout

option.

System Administration 67

HOTSPOT GATEWAY

8. You can now enable or disable the Credit Card Service. When this feature is

enabled, subscribers are prompted for their credit card information (for billing
purposes). The HSG is configured to use either Authorize.net or Chainfusion
(selected from a pull-down menu). You will need to open a merchant account
with Authorize.net, Chainfusion or Datacenter (Luxembourg) before this feature
can be used.

Please contact Nomadix Technical Support for assistance. Refer to “Contact

Information” on page 312.

All data communications between the HSG and the credit card server
are encrypted by the SSL (Secure Sockets Layer) protocol. The HSG
never “sees” subscriber credit card numbers. Your product license key
must support this feature.

9. If you enabled the Credit Card Service, define which service you require

(

Authorize.net or Chainfusion) from the pull-down menu.

DNS must be configured if you want to enter meaningful URLs instead
of numeric IP addresses into any of the HSG’s configuration screens
(for example, the Credit Card Server URL in the following step).

10. If the Credit Card Service is enabled, enter the information for the following

fields:

z Credit Card Server URL
z Credit Card Server IP
z Merchant ID (a valid ID issued by the credit card reconciliation service

provider – Authorize.net or Chainfusion).

11. Enable or disable the SIM Compliant feature, as required. With this feature

enabled, you can change the transaction key at your discretion. To change the
transaction key, si mply enter the key in the
re-enter the key in the

Verify Transaction Key box.

Change Transaction Key box, then

The SIM Compliant option refers to Authorize.net's Simple Integration
Method.

12. Enable or disable Smart Client Support, as required (if enabled, your license key

must support this feature).

68 System Administration

HOTSPOT GATEWAY

13. You can assign a session idle timeout parameter for subscribers (see following

note). T o assign an idle timeout, simply enter a numeric value (in s econds) in the

Subscriber Idle Timeout box (the default is 1200).

Subscriber Idle Timeout does not apply to RADIUS subscribers.

14. If you enabled or disabled SSL Support on this screen, you must click the check

box for

Reboot after changes are saved? (the HSG must be rebooted every

time the SSL Support feature is enabled or disabled).

15. Click on the Submit button to save your changes, or click on the Reset button if

you want to reset all the values to their previous state.

Enabling AAA Services with an External Web Server

You are here because you want to enable the AAA Services with an External Web
Server (EWS). In the EWS mode, the HSG redirects the subscriber’s login request to

an external server.

1. Select the External Web Server.

After enabling the External Web Server you must enter a Secret Key. The Secret
Key ensures that the response the HSG gets from the EWS is valid.

2. Enter the Secret Key (The HSG and the external authorization server must use

the same secret key).

DNS must be configured if you want to enter meaningful URLs instead
of numeric IP addresses into any of the HSG’s configuration screens
(for example, the External login page URL in the following step).

3. Enter the IP Address for the External Web Server.

4. Enter a valid External login page URL.

5. You can assign a session idle timeout parameter for subscribers (see fol lowing

note). T o assign an idle timeout, simply enter a numeric value (in s econds) in the

Subscriber Idle Timeout box (the default is 1200).

Subscriber Idle Timeout does not apply to RADIUS subscribers.

6. Click on the Submit button to save your changes, or click on the Reset button if

you want to reset all the values to their previous state (making changes to the
EWS settings does not require a system reboot).

System Administration 69

HOTSPOT GATEWAY

Establishing Secure Administration {Access Control}

The HSG allows you to block administrator access to interfaces (Telnet, WMI and
FTP) and incorporates a master access control list that checks the source (IP address)
of administrator logins. A login is permitted only to the interfaces that have not been
blocked, and only if a match is made with the master “Source IP” list contained on the
HSG. If a match is not made with the “Source IP list,” the login is denied, even if a
correct login name and password are supplied. The access control list for source IPs
supports up to 50 (fifty) entries in the form of a specific IP address or range of IP
addresses.

This procedure allows you to enable the “Access Control” feature and block
administrator access to specific interfaces, and add or remove administrator “Source
IP” addresses.

1. From the Web Management Interface, click on Configuration, then Access

Control.

The Access Control screen appears:

70 System Administration

HOTSPOT GATEWAY

2. Enable or disable administrator access to any of the following interfaces:

z Telnet
z Web Management
z FTP

Blocking or unblocking interface access will terminate the current
session.

Do not enable the blocking of all interfaces without setting up and
enabling SNMP. Enabling the blocking of all interfaces and
disabling SNMP will completely block access to the HSG
administration interface. For assistance, contact Nomadix Technical
Support.

3. Click the check box for Access Control if you want to enable this feature, then

click on the

Submit button to save your change.

If you enabled Access Control, administrator access is restricted only to the IP
addresses shown under the “Currently Access is Permitted for IPs” listing. If you
want to add to or remove IP addresses from the list, go to Step 4 through Step 8.

The Access Control list can contain up to 50 (fifty) valid administrator
IP addresses or up to 50 (fifty) ranges of IP addresses.

4. To add an IP address (or range of IP addresses) to the list, enter the “starting” IP

address in the

5. If you are adding a range of IP addresses to the access control list, you must now

Access Control Start IP field.

enter the “ending” IP address in the Access Control End IP field. If you are
adding a single IP address, enter “None” in the Access Control End IP field.

6. Click on the Add button to add the IP address (or range of IP addresses) to the

list.

7. To remove an IP addr ess (or range of IP addresses) from the list, enter the

“starting” IP address in the

Access Control Start IP field.

If you are removing a range of IP addresses from the access control list, you must
now enter the “ending” IP address in the

Access Control End IP field. If you are

removing a single IP address, enter “None” in the Access Control End IP field.

System Administration 71

HOTSPOT GATEWAY

8. Click on the Remove button to remove the IP address (or range of IP addresses)

from the list.

If you enabled Access Control and have “locked yourself out,” of the
system (for example, because you’ve forgotten your password), you
must establish a local serial connection with the CLI to disable the
Access Control feature, or change the range of allowed IP addresses
to access the management interfaces.

72 System Administration

HOTSPOT GATEWAY

Defining Automatic Configuration Settings {Auto Configuration}

The HSG allows you to define parameters to enable the automatic configuration of
the system. See also, “RADIUS-driven Auto Configuration” on page 16.

1. From the Web Management Interface, click on Configuration, then Auto

Configuration.

The Autoconfiguration Settings screen appears:

2. Enable or disable Autoconfiguration, as required.

3. If you enabled Autoconfiguration, you must enter the following information into

the corresponding fields:

z RADIUS Authentication Name
z Radius Password
z Confirm Password

4. Click on the check box for Reboot after changes are saved? to reboot the

system when you submit your changes.

5. Click on the Submit button to save your changes, or click or the Reset button to

reset all data to its previous state.

System Administration 73

HOTSPOT GATEWAY

Enabling Auto Configuration

As shown in the diagram below, two subsequent events drive the automatic
configuration of Nomadix devices:

1. A flow of RADIUS Authentication Request and Reply messages between the

Nomadix gateway and the centralized RADIUS server that specifies the location
of the meta configuration file (containing a listing of the individual configuration
files and their download frequency status) are downloaded from an FTP server
into the flash of the Nomadix device.

2. Defines the automated login into the centralized FTP server and the actual

download process into the flash.

St e p 1 : RADIUS Aut hen Re q/
Respo nse message to
dete rmine lo cation of meta
configuration file

Step 2: F TP download o f
configuration files ( secu re)

The Auto-Configuration setup requires a few basic steps to be completed by both the
field engineer and the NOC administrator:

z “Administrative Steps to Enable Auto-Config” on page 75
z “Administrative Steps to Enable Auto-Config for the NOC Administrator”

on page 75

74 System Administration

HOTSPOT GATEWAY

Administrative Steps to Enable Auto-Config

Typically, these tasks are performed either at a device pre-staging center or by the
field engineer.

1. Establish a WAN connection and electronically accept the EULA.

2. Setup RADIUS Server parameters (go to “Defining the RADIUS Client Settings

{RADIUS Client}” on page 115).

3. Setup Username and Password for RADIUS Authentication.

Administrative Steps to Enable Auto-Config for the NOC Administrator

1. Add NAS IP address.

2. Add Nomadix Auto-Config VSA to the Nomadix dictionary file on the RADIUS

server.

3. Create a RADIUS profile with the configuration VSA.

4. Create an FTP server with the configuration files.

5. The following diagram shows a sample RADIUS configuration file, meta file

and illustration of the FTP server setup.

System Administration 75

HOTSPOT GATEWAY

The Nomadix device will automatically initiate one reboot to enable the new settings.
Configuration updates for network maintenance can be accomplished by simply
enabling the Auto-Configuration option and rebooting the device (fo r example, using
SNMP). See also, “Defining Automatic Configuration Settings {Auto

Configuration}” on page 73.

76 System Administration

HOTSPOT GATEWAY

Setting Up Bandwidth Management {Bandwidth Management}

The HSG allows system administrators to manage the bandwidth for subscribers,
defined in Kbps (Kilobits per seconds) for both upstream and downstream data
transmissions. With the ICC feature enabled, subscribers can increase or decrease
their own bandwidth dynamically (by the minute, or on an hourly, daily, weekly, or
monthly basis), and also adjust the pricing plan for their service.

1. From the Web Management Interface, click on Configuration, then Bandwidth

Management.

The Bandwidth Management screen appears:

2. If required, click the check box for Bandwidth Management Enabled.

3. If you enabled Bandwidth Management, enter the uplink and downlink speeds

(in Kbps) in the appropriate fields.

Setting the uplink or downlink speeds to anything greater than 100,000
Kbps is meaningless, because communication with the HSG is
established at 100 Mbps (100,000 Kbps).

4. If you made any changes to the settings on this screen, you must click the check

box for

5. Click on the Submit button to save your changes and reboot the system, or click

on the

Reboot after changes are saved? (the HSG must be rebooted).

Reset button if you want to reset all the values to their previous state.

System Administration 77

HOTSPOT GATEWAY

Establishing Billing Records “Mirroring” {Bill Record Mirroring}

The Bill Record Mirroring feature contained in the Credit Card and
Hospitality optional modules is optional. Your product license may not
support this feature.

The HSG can send copies of credit card transaction to external servers that have been
previously defined by system administrators. The HSG assumes control of billing
transmissions and saving billing records. By “mirroring” the billing data, the HSG can
also send copies of billing records to predefined “carbon copy” servers. Additionally,
if the primary and secondary servers are down, the HSG can store up to 2,000 credit
card transaction records. When a connection is re-established (with either server), the
HSG sends the stored information to the server—no records are lost!

For more information about the bill record mirroring feature, go to “Mirroring Billing

Records” on page 300.

1. From the Web Management Interface, click on Configuration, then Bill Record

Mirroring

The Credit Card Mirroring Settings screen appears:

.

78 System Administration

HOTSPOT GATEWAY

2. If you want to enable the billing records “mirroring” functionality for credit card

transactions (and you have purchased the appropriate product license), click on
the check box for

3. Enter the property identification code in the Property ID field.

4. Enter the communication parameters for the primary server that is to be used for

Enable/Disable Mirroring.

mirroring, including:

z Primary IP
z URL

z Secret Key

The HSG and the “mirror” servers must use the same secret key.

5. Repeat Step 4 for the secondary server (if any) and all carbon copy servers.

6. Define the “fail-safe” provisions, including:

z Retransmit Method – Alternate, or do not alternate.
z Number of Retransmit Attempts – This tells the system how many times it

should attempt to retransmit billing records before suspending the task.

z Retransmit Delay – This specifies the time delay between each

retransmission.

7. Click on the Submit button to save your changes, or click on the Reset button if

you want to reset all the values to their previous state.

System Administration 79

HOTSPOT GATEWAY

Managing the DHCP Service Options {DHCP}

When a device connects to the network, the DHCP server assigns it a “dynamic” IP
address for the duration of the session. Most users have DHCP capability on their
computer. To enable this service on the HSG, you can either enable the DHCP relay
(routed to an external DHCP server IP address), or you can enable the HSG to act as
its own DHCP server. In both cases, DHCP functionality is necessary if you want to
automatically assign IP addresses to subscribers.

1. From the Web Management Interface, click on Configuration, then DHCP. The

DHCP Settings screen appears:

80 System Administration

HOTSPOT GATEWAY

Nomadix’ patented Dynamic Address T ranslation (DAT) functionality is
automatically configured to facilitate “plug-and-play” access to
subscribers who are misconfigured with static (permanent) IP
addresses, or subscribers that do not have DHCP capability on their
computers. DAT allows all users to obtain network access, regardless of
their computer’s network settings.

2. DHCP Services is enabled by default. Do not disable it unless you want to lose

all your DHCP services.

By default, the HSG is configured to act as its own DHCP server and the
relay featur e is “disabled.” If you want the HSG to act as its own DHCP
server, do not enable the relay. Go directly to Step 8.

3. To route DHCP throug h an external server, enable the DHCP Relay.

4. If you enabled the DHCP Relay feature, you must assign a valid DHCP Server IP

address (the default is 0.0.0.0) and a valid

DHCP Relay Agent IP address.

The DHCP Relay Agent allows the HSG to request a specifi c range of IP
addresses from different IP pools from the DHCP Server. Leaving these fields
blank forces the system to use the IP pool that contains IP addresses that are on
the same subnet as the HSG.

You must disable the DHCP server before enabling the DHCP relay.
Both features cannot be enabled concurrently.

If the DHCP Relay Agent IP address is set for an address that is
already used or the IP address of the server, the other system will get
an IP conflict and will not have Internet access.

5. If you want the HSG to act as its own DHCP Server (you did not enable the

DHCP Relay), enable it now.

6. If required, you can make the DHCP Server feature Subnet -based by checking

the appropriate box.

System Administration 81

HOTSPOT GATEWAY

7. If required, enable the IP Upsell feature.

System administrators can set two different DHCP pools for the same physical
LAN. When DHCP subscribers select a service plan with a public pool address,
the HSG associates their MAC address with their public IP address for the
duration of the service level agreement. The opposite is true if they select a plan
with a private pool address. This feature enables a competitive solution and is an
instant revenue generator for ISPs. The IP Upsell functionality solves a number
of connectivity problems, especially with regard to L2TP and certain video
conferencing and online gaming applications.

8. If you want to add a new DHCP Pool, click on the Add button. The Add DHCP

Pools screen appears:

9. Enter a valid DHCP Server IP address for the DHCP server.

82 System Administration

HOTSPOT GATEWAY

10. Enter th e DHCP Server Netmask.

11. Enter the starting and ending IP addresses for the DHCP address pool you want

to use:

z DHCP Pool Start IP
z DHCP Pool Stop IP

12. Enter th e DHCP Lease Minutes.

13. Select Public Pool or Private Pool, as required.

A “public” IP address will not be translated by DAT.

14. If required, make this an IP Upsell Pool and/or the Default Pool by checking the

appropriate boxes.

Do not allow pools to overlap.

15. When finished establishing your DHCP Pools, click on the Back to Main DHCP

Configuration Page

16. You must now reboot the system for the new settings to take effect. Click the

to return to the previous page.

check box for Reboot after changes are saved? then click on the Submit
button to save your changes and reboot the system, or click on the Reset button
if you want to reset all the values to their previous state.

When the system restarts, DHCP is enabled and configured. Skip the remaining
steps in this procedure and go to “Managing the DNS Options {DNS}” on

page 84.

17. The existing lease pool and lease table are deleted and the HSG reboots. The

HSG can issue IP addresses to any DHCP enabled subscriber who enters the
network.

System Administration 83

HOTSPOT GATEWAY

Managing the DNS Options {DNS}

DNS allows subscribers to enter meaningful URLs into their browsers (instead of
complicated numeric IP addresses) by automatically converting the URLs into the
correct IP addresses. You can assign a primary, secondary, or tertiary (third) DNS
server. The HSG utilizes whichever server is currently available.

Use the following procedure to set the DNS configuration optio ns.

1. From the Web Management Interface, click on Configuration, then DNS.

The Domain Name System (DNS) Settings screen appears:

2. Enter the Host Name (the DNS name of the HSG).

The host name must not contain any spaces.

3. Enter a valid Domain name (the Internet domain that DNS requests will utilize).

84 System Administration

HOTSPOT GATEWAY

4. Enter the IP addresses for the DNS servers (located at the customer’s network

operating center where DNS requests are sent). Servers include:

z Primary DNS Server
z Secondary DNS Server
z Tertiary DNS Sever

The secondary and tertiary DNS servers are only utilized if the primary
DNS server is unavailable.

5. When finished, you must reboot the system for the new settings to take effect.

Click on the check box for Reboot after changes are saved? to reboot the
system after saving your changes.

6. Click on the Submit button to save your changes and reboot the system, or click

on the

Reset button if you want to reset all the values to their previous state.

System Administration 85

HOTSPOT GATEWAY

Configuring Dynamic DNS {Dynamic DNS}

These settings can be accessed under the following menus:

WMI Configuration

z Go to Configuration->Dynamic DNS

CLI Configuration

z Go to Configuration->dyndns
z Go to Configuration->dyndns->configure for configurations

SNMP Configuration

z Go to ag->dyndns (enterprises.3309.1.3.50) for DDNS configuration branch

86 System Administration