Ovislink AirLive WIAS-1000G User Manual

$LU/LYH:,$6*

0ESV,QWHUQHW$FFHVV6HUYHU



i

Copyright

The intellectual property rights and copyright of this manual belong to OvisLink Co., Ltd. and are protected by the

Taiwan, Republic of China (R.O.C.) copyright laws and international copyright laws. No part or entirety of this

manual may be transshipped, transmitted, duplicated, distributed, displayed, published, or broadcasted in any form

or by any means without the prior written permission of OvisLink Co., Ltd. The trademarks mentioned in the manual

belong to the owners of the respective registered companies or organizations.

Please contact OvisLink if you have any questions on copyright:

Tel.: +886-2-2218-6888

Fax: +886-2-2218-6988

E-mail: tech@ovislink.com.tw

ii

FCC CAUTION

This equipment has been tested and proven to comply with the limits for a class B digital device, pursuant to part 15

of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a

residential installation.

This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance

with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that

interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or

television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to

correct the interference by one or more of the following measures:

---Reorient or relocate the receiving antenna.

---Increase the separation between the equipment and receiver.

---Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

---Consult the dealer or an experienced radio/TV technician for help.

Installation and use of this Wireless AP/ Router must be in strict accordance with the instructions included in the user

documentation provided with the product. Any changes or modifications (including the antennas) made to this device

that are not expressly approved by the manufacturer may void the user’s authority to operate the equipment. The

manufacturer is not responsible for any radio or television interference caused by unauthorized modification of this

device, or the substitution of the connecting cables and equipment other than manufacturer specified. It is the

responsibility of the user to correct any interference caused by such unauthorized modification, substitution or

attachment. Manufacturer and its authorized resellers or distributors will assume no liability for any damage or

violation of government regulations arising from failing to comply with these guidelines.

The device contains a low power transmitter which will send out Radio Frequency (RF) signal when transmitting.

iii

CE CAUTION

European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2.400-2.4835

GHz; In France, the equipment must be restricted to the 2.4465-2.4835 GHz frequency range and must be restricted

to indoor use.

For the following equipment: Wireless AP/Router

!

098

4

is herewith confirmed to comply with the requirements set out in the Council Directive on the

Approximation of the Laws of the Member States relating to Electromagnetic Compatibility (89/336/EEC),

Low-voltage Directive (73/23/EEC) and the Amendment Directive (93/68/EEC), the procedures given in European

Council Directive 99/5/EC and 89/3360EEC.

The equipment was passed. The test was performed according to the following European standards:

y EN 300 328-2 V1.2.1 ( 2001-08)

y EN 301 489-17 V.1.2.1 (2002-04)

y EN 50371: 2002

y EN 60950: 2000

iv

Before You Read

Audience

This manual is intended for the system or network administrators with the networking knowledge to complete the

step by step instructions of this manual in order to use the OvisLink’s WIAS-1000G for a better manage of network

system and user data.

Document Signal

y For any caution or warning that requires special attention of readers, a highlight box with the eye-catching italic

font is used as below:

Warning: For security purposes, you should immediately change the Administrator’s password.

y indicates that clicking this button to go back the homepage of the section.

y

indicates that clicking this button to go back the previous page.

y

indicates that clicking this button to apply all of your settings.

y

indicates that clicking this button to clear what you set before these settings are applied.

i

Table of Contents

1. Introduction ......................................................................................... 1

1.1 Package Contents..................................................................................... 1

1.2 Panel Function Descriptions ....................................................................... 2

1.3 Specification............................................................................................ 4

1.3.1 Hardware Specification .............................................................................4

1.3.2 Technical Specification..............................................................................4

2. Installation ........................................................................................... 6

2.1 System Requirements............................................................................... 6

2.2 Installation Steps ..................................................................................... 6

3. Configuration........................................................................................ 7

3.1 System Concept....................................................................................... 7

3.2 LAN Configuration on PC ........................................................................... 8

3.2.1 Internet Connection Setup ........................................................................9

3.2.2 TCP/IP Network Setup ............................................................................ 13

3.3 Quick Configuration ................................................................................ 22

3.4 External Network Access ......................................................................... 32

4. System Configuration ......................................................................... 35

4.1 System Configuration ............................................................................. 36

4.1.1 Configuration Wizard.............................................................................. 36

4.1.2 System Information ............................................................................... 37

4.1.3 WAN Configuration.................................................................................39

4.1.4 LAN1 & LAN2 Configuration ..................................................................... 40

4.1.5 LAN3 & LAN4 Configuration ..................................................................... 44

4.1.6 Wireless Configuration............................................................................ 47

4.2 User Authentication ................................................................................ 53

4.2.1 Authentication Configuration ................................................................... 53

4.2.2 Black List Configuration .......................................................................... 69

4.2.3 Policy Configuration ............................................................................... 71

4.2.4 Guest User Configuration ........................................................................75

4.2.5 Roaming Configuration ........................................................................... 76

4.2.6 Additional Configuration..........................................................................77

4.3 Network Configuration ............................................................................ 84

4.3.1 Network Address Translation ................................................................... 84

4.3.2 Privilege List ......................................................................................... 87

4.3.3 Monitor IP List.......................................................................................90

4.3.4 Walled Garden List................................................................................. 91

4.3.5 Proxy Server Properties ..........................................................................92

4.3.6 Dynamic DNS........................................................................................ 92

ii

4.4 Utilities................................................................................................. 93

4.4.1 Change Password ..................................................................................94

4.4.2 Backup/Restore Strategy ........................................................................ 95

4.4.3 Firmware Upgrade ................................................................................. 96

4.4.4 Restart................................................................................................. 96

4.5 Status .................................................................................................. 97

4.5.1 System Status.......................................................................................98

4.5.2 Interface Status ....................................................................................99

4.5.3 Current Users...................................................................................... 102

4.5.4 Traffic History...................................................................................... 102

5. Technical Support ............................................................................. 105

6. Appendix -- Console Interface .......................................................... 106

1

1. Introduction

WIAS-1000G is an all-in-one product specially designed for Hotspot environment. It integrates “access control” and

“wireless network access” into one system to fulfill the needs in Hotspot. WIAS-1000G supports 802.11b and

802.11g dual wireless transmission mode, at the same time, it incorporates “convenience”, “efficiency”, “friendly” and

other useful characteristics for services.

Quick Installation Online Immediately

Θ

The installation and setup of WIAS-1000G are easy without changing the present existing network architecture. You

can install and log in the system within a short time and establish the security mechanism. With the protection by

WIAS-1000G, users must be authenticated before logging in the network, and the administrator can assign a

fine-grained priority to each user stratifying the scope and right of using network resources.

Friendly Management and Application Interfaces

WIAS-1000G is not only easy to install, but also has friendly multilingual management interface with operation logic.

You can use all the functions of the system with clicks. The full web-based management interface allows you to

operate and manage the system online via a browser. For users to get on the Public LAN (LAN1/LAN2) is also

easy to log in via the browser with any software installation.

Integrating the Existing User Password Database

In general, most organizations use specific database system to centralize and manage user passwords before

introducing the wireless network into the organization. WIAS-1000G supports Local, POP3 (+SSL), RADIUS and

LDAP external Public LAN (LAN1/LAN2) mechanisms, and allows you to integrate the current user password

database. This system also provides a built-in user database, so that the administrator can create or upload the

Public LAN (LAN1/LAN2) data by a batch processing.

1.1 Package Contents

The standard package of WIAS-1000G includes:

1. WIAS-1000G x 1

2. CD-ROM x 1

3. Quick Installation Guide x 1

4. Power Adaptor (DC 12V) x 1

5. Cross Over Ethernet Cable x 1

6. Console Cable x 1

7. 2dbi Omni-antenna x 2

2

1.2 Panel Function Descriptions

Front Panel

3

Back Panel

y DC IN: The power adaptor attaches here.

y RESET: Presses this button to restart the system. If your settings are applied or saved, the system will restore to

the factory defaults or the previous setting status.

y WAN: The WAN port is connected to a network which is not managed by the WIAS-1000G, and this port can be

used to connect the ATU-Router of ADSL, the port of Cable Modem, or the Switch or Hub on the LAN of a

company.

y LAN1/LAN2: The two LAN ports are connected to the managed network or WLAN. They can be selected to

require or not require authentication to access network resources and Internet.

y LAN3/LAN4: The two LAN ports are connected to a trustful network where the computer or users can use the

network resources without authentication. This port can be connected to a server such as File Server or a

Database Server, etc.

y Console: You can configure the system via HyperTerminal. For example, if you need to set the Administrator’s

Password, you can connect a PC to this port as a Console Serial Port via a terminal connection program (such

as the super terminal with the parameters of 9600, 8, N, 1, None flow control) to change the Administrator’s

Password.

4

1.3 Specification

1.3.1 Hardware Specification

y Dimensions: 14.9cm(W) x 4.7cm(H) x 24.8cm(L)

y Weight: 470g

y Power: DC12V/1A 5.5ĭ

y Operating Temperature: 5-45°C

y 5 Fast Ethernet RJ 45 Connectors

y 1 Console Port

y Supports 10/100Mbps Full / Half Duplex Transfer Speed

1.3.2 Technical Specification

y Standards

This system supports IEEE 802.1x, 802.11b and 802.11g

y Networking

WAN interface supports Static IP, DHCP client, and PPPoE client

Interface supports static IP

Supports NAT mode and router mode

Built-in DHCP server

Built-in NTP client

Supports Redirect of network data

Supports IPSec (ESP), PPTP and H.323 pass through (under NAT)

Customizable static routing table

Supports Virtual Server

Supports DMZ Server

Supports machine operation status monitoring and reporting system

Supports roaming across networks

y Firewall

Provides Several DoS protection mechanisms

Customizable packet filtering rules

Customizable walled garden (free surfing area)

y User Management

Supports at least 500 on-line users concurrently

Supports Local, POP3 (+SSL), RADIUS, and LDAP LAN1/LAN2 mechanisms

Supports LAN1& LAN2 mechanisms simultaneously

Can choose MAC address locking for built-in user database

Can set the time for the user to log in to the system

Can set the user’s idle time

5

Can specify the MAC addresses to enter the managed network without authentication

Can specify the IP addresses to enter the managed network without authentication

Supports the setting to pass or block all the connections when the WAN interface failed

Supports web-based login

Supports several friendly logout methods

Supports RADIUS accounting protocol to generate the billing record on RADIUS server

y Administration

Provides online status monitoring and history traffic

Supports SSL encrypted web administration interface and user login interface

Customizable user login & logout web interface

Customizable redirect after users are successfully authenticated during login & logout

Supports Console management interface

Supports SSH remote administration interface

Supports web-based administration interface

Supports SNMP v2

Supports user’s bandwidth restriction

Supports remote firmware upgrade

y Accounting

Supports built-in user database and RADIUS accounting

6

2. Installation

2.1 System Requirements

y Standard 10/100BaseT including five network cables with RJ-45 connectors

y All PCs need to install the TCP/IP network protocol

2.2 Installation Steps

Please follow the following steps to install WIAS-1000G :

1. Connect the DC power adapter to the Power Connector on the rear panel. Plug the other end of the power

adapter to a socket. If the connection is lived, the Power LED will be on.

2. Connect the straight-through Ethernet cable to the WAN Port on the rear panel. Connect the other end of the

Ethernet cable to ADSL modem, cable modem or a switch/hub of the internal network. If the connection is lived,

7

the WAN LED will be on.

3. Connect a cross over Ethernet cable to the LAN3/LAN4 Port on the rear panel. Connect the other end of the

Ethernet cable to a client’s PC. The LED of LAN3/LAN4 should be on to indicate a proper connection. All users

connected to the LAN3 or LAN4 Port may access the network without authentication.

4. Connect a straight-through Ethernet cable to the LAN1/LAN2 Port on the rear panel. Connect the other end of

the Ethernet cable to an AP or switch. The LED of LAN1/LAN2 should be on to indicate a proper connection. All

users connected to the LAN1 or LAN2 Port must be authenticated before accessing the network.

3. Configuration

3.1 System Concept

WIAS-1000G is responsible for user authentication, authorization and management. The user account information is

stored in the local database, or a specified external databases server. The user authentication is processed via the

SSL encrypted web interface. This interface is compatible to most desktop devices and the palm computers. The

following figure for example, WIAS-1000G is set to control a part of the company’s intranet. The whole managed

network includes the cable network users and the wireless network users.

8

The user located at the managed network is unable to access the network resource without permission. The user

attempt to connect a website with a browser, such as Internet Explorer, will be redirected to the user log in webpage.

The user must enter a username and password to log in on the LAN1/LAN2. After being authenticated, the user will

gain the proper access rights.

After the hardware of WIAS-1000G is installed completely, the system is ready to configure in the following sections.

We will guide you step by step to set up the system consist of a single WIAS-1000G to manage the network.

3.2 LAN Configuration on PC

After WIAS-1000G is installed, the following must be set up for the PC within the LAN1/LAN2 and the LAN3/LAN4

sections:

y Internet Connection Setup

y TCP/IP Network Setup

9

3.2.1 Internet Connection Setup

y Windows 9x/2000

1. Choose Start > Control Panel > Internet Options.

2. Choose the “Connections” label, and then click

“Setup”.

3. Choose “I want to set up my Internet connection

manually, or I want to connect through a local

Area network (LAN)”, and then click “Next”.

10

4. Choose “I connect through a local area network

(LAN)” and click “Next”.

5. DO NOT choose any option in the following LAN

window for Internet configuration, and just click

“Next”.

6. Choose “No”, and click “Next”

.

11

7. Finally, click “Finish” to exit the Internet

Connection Wizard. Now, you have completed the

setup.

y Windows XP

1. Choose Start > Control Panel > Internet Option.

2. Choose the “Connections” label, and then click

“Setup”.

12

3. Click “Next” when Welcome to the New

Connection Wizard screen appears.

4. Choose “Connect to the Internet” and then click

“Next”.

5. Choose “Set up my connection manually”, and

then click “Next”.

13

6. Choose “Connect using a broadband

connection that is always on”, and then click

“Next”.

7. Finally, click “Finish” to exit the Connection

Wizard. Now, you have completed the setup.

3.2.2 TCP/IP Network Setup

If the operating system of your PC is Windows 95/98/ME/2000/XP, then you just need to keep the default setting

without any change to directly start/restart the system. With the factory default settings, during the process of

starting the system, WIAS-1000G with DHCP function will automatically assign an appropriate IP address and

related information for each PC. If the Windows operating system is not a server version, the default settings of the

TCP/IP will regard the PC as a DHCP client, and this function is called “Obtain an IP address automatically”.

If you want to check the TCP/IP setup or to use the static IP in the LAN1/LAN2 or LAN3/LAN4 section, please follow

the following steps.

y Check the TCP/IP Setup of Window 9x/ME

14

1. Choose Start > Console > Network.

2. Choose “Configuration” label and select “TCP/IP

-> AMD PCNET Family Ethernet Adapter

(PCI-ISA)”, and then click “Properties”. Now, you

can choose to use DHCP or specific IP address,

please follow the following steps.

3-1. Using DHCP: If you want to use DHCP, please

choose “Obtain an IP Address Automatically”

on the “IP Address” label and click “OK”. This

is also the default setting of Windows. Then,

reboot the PC to make sure an IP address is

obtained from WIAS-1000G.

15

3-2. Using Specific IP Address: If you want to use specific IP address, you have to ask the network

administrator for the information of WIAS-1000G: IP address, Subnet Mask, New gateway and DNS

server address.

Caution: If you have completed the setup for your PC, please inform the network administrator before modifying the

following setup.

y Please choose “Specify an IP address:”

and enter the information given from the

network administrator in “IP Address:” and

“Subnet Mask:” on the “IP Address” label

and then click “OK”.

y Choose “Gateway” label and enter the

gateway address of WIAS-1000G in the

“New gateway:”, and then click “Add” and

“OK”.

16

y Choose “DNS Configuration” label. If the

DNS Server column is blank, please click

“Enable DNS”, and then enter the DNS

address or the DNS address provided by

ISP. Then, click “Add” and click “OK”.

y Check the TCP/IP Setup of Window 2000

1. Select Start > Console > Network and Dial-up

Connections.

2. Click the right button of the mouse on “Local Area

Connection” icon and then select “Properties”.

17

3. Select “Internet Protocol (TCP/IP)” and then click

“Properties”. Now, you can choose to use DHCP

or specific IP address, please follow the following

steps.

4-1. Using DHCP: If you want to use DHCP, please

choose “Obtain an IP Address Automatically”

and click “OK”. This is also the default setting of

Windows. Then, reboot the PC to make sure an

IP address is obtained from WIAS-1000G.

4-2. Using Specific IP Address: If you want to use specific IP address, you have to ask the network

administrator for the information of WIAS-1000G: IP address, Subnet Mask, New gateway and DNS

server address.

Caution: If you have completed the setup for your PC, please inform the network administrator before modifying the

following setup.

18

y Please choose “Use the following IP

address:” and enter the information given

from the network administrator in “IP

address:” and “Subnet mask:” If the DNS

Server column is blank, please choose

“Using the following DNS Server

Address:” and then enter the DNS address

or the DNS address provided by ISP and

then click “OK”

y Then, click “Advanced” in the window of

Internet Protocol (TCP/IP).

y Choose the “IP Settings” label and click

“Add” below the “Default Gateways”

column and the “TCP/IP Gateway

Address” window will appear. Enter the

gateway address of WIAS-1000G in the

“Gateway:” of “TCP/IP Gateway

Address” window, and then click “Add”.

After back to the “IP Settings” label, click

“OK” to finish.

19

y Check the TCP/IP Setup of XP

1. Select Start > Console > Network Connection.

2. Click the right button of the mouse on the “Local

Area Connection” icon and select “Properties”

20

3. Select “General” label and choose “Internet

Protocol (TCP/IP)” and then click “Properties”.

Now, you can choose to use DHCP or specific IP

address, please follow the following steps.

4-1. Using DHCP: If you want to use DHCP, please

choose “Obtain an IP Address Automatically”

and click “OK”. This is also the default setting of

Windows. Then, reboot the PC to make sure an

IP address is obtained from WIAS-1000G.

4-2. Using Specific IP Address: If you want to use specific IP address, you have to ask the network

administrator for the information of WIAS-1000G: IP address, Subnet Mask, New gateway and DNS

server address.

Caution: If you have completed the setup for your PC, please inform the network administrator before modifying the

following setup.

21

y Please choose “Use the following IP

address:” and enter the information given

from the network administrator in “IP

address:” and “Subnet mask:” If the DNS

Server column is blank, please choose

“Using the following DNS Server

Address:” and then enter the DNS address

or the DNS address provided by ISP and

then click “OK”

y Then, click “Advanced” in the window of

Internet Protocol (TCP/IP).

y Choose the “IP Settings” label and click

“Add” below the “Default Gateways”

column and the “TCP/IP Gateway

Address” window will appear. Enter the

gateway address of WIAS-1000G in the

“Gateway:” of “TCP/IP Gateway

Address” window, and then click “Add”.

After back to the “IP Settings” label, click

“OK” to finish.

22

3.3 Quick Configuration

After the previous setup is completed, you can continue to set WIAS-1000G. There are two ways for configuration:

using Configuration Wizard or setting by demands. Now, we will introduce Configuration Wizard firstly. For the

detailed and further configuration of functions, please refer to 4. System Configuration.

The Wizard provides a simple and easy way to guide you through the setup of WIAS-1000G. You just need to follow

the procedures and instructions given by the Wizard to enter the required information step by step, and then restart

WIAS-1000G to activate the settings, you can start to use WIAS-1000G. There will be 7 steps as listed below:

1. Change Admin’s Password

2. Choose System’s Time Zone

3. Set System Information

4. Select the Connection Type for WAN Port

5. Set Authentication Methods

6. Set Wireless – Access Point Connection

7. Save and Restart WIAS-1000G

23

Please follow the following steps to complete the quick configuration

1. Use the network cable of the 10/100BaseT to connect PC to the LAN3/LAN4 port, and then start a browser

(such as Microsoft IE). Next, enter the administrator’s URL, the default is https://192.168.2.254

. In the opened

webpage, you will see the login screen. Choose your desired language first and the screen will change to your

desired language.

2. Then, enter “admin”, the default username and password, in the User Name and Password column. Click

“Enter” to log in.

Caution: If you can’t get the login screen, you may have not set your PC to obtain an IP address automatically from

LAN3/LAN4 LAN port or the IP address used does not have the same subnet as used in the URL. Please use

default IP address such as 192.168.2.xx in your network and then do it again.

24

3. After successfully logging into WIAS-1000G, you can enter the web management interface and see the

welcome screen.

4. On the welcome screen, there are two

buttons on the upper right corner, Logout

and Help. Click Logout, you will

immediately log out the system and go back

to the login screen. If you don’t save your

settings in advance, all of them will lose.

Click Help to get the introduction of the

administration system: System

Configuration, User Authentication,

Network Configuration, Utilities and

Status.

25

5. Then, you can run the configuration wizard to help you complete the configuration. Click “System

configuration” to the System Configuration homepage.

6. Click “Configuration Wizard” button, the Configuration Wizard screen will show. Click “Run Wizard” and

the Configuration Wizard will guide you to complete the setup through 7 steps.

27

7. Configuration Wizard

First of all, you will see a welcome screen to briefly

introduce the 7 steps. After a brief check-over of the

whole process, click “Next” to begin.

y Step 1: Change Admin’s Password

Enter a new password for the admin account and

retype it in the verify password field

(twenty-character maximum and no spaces). Click

“Next” to continue.

y Step 2: Choose System’s Time Zone

Select your time zone and click “Next” to

continue.

28

y Step 3: Set System Information

Home Page: Enter the URL that users should be

directed to when successfully authenticated or

use the default.

NTP Server: Enter the URL of external time

server for the system time synchronization or use

the default.

DNS Server: Enter a DNS Server provided by

your ISP. Contact your ISP if you are not sure of

the DNS IP Address or use the default.

Click “Next” to continue.

y Step 4: Select the Connection Type for WAN

Port

Three are three types of WAN port to select:

Static IP Address, Dynamic IP Address and

PPPoE Client.

After you select any one of them depending on

your demand, click “Next” to continue.

¾Dynamic IP Address

If you select this option, you will automatically

be assigned an appropriate IP address and

related information. Click “Next” to continue.

¾Static IP Address: Set WAN Port’s Static IP

Address

Enter the IP Address, Subnet Mask and

Default Gateway provided by your ISP. Click

“Next” to continue.

29

¾PPPoE Client: Set PPPoE Client’s

Information

Enter the “Username” and “Password”

provided by your ISP. Click “Next” to

continue.

y Step 5: Select Authentication Methods

Set the user’s information in advance. Enter an

easily identified name as the postfix name in the

Policy Name field (e.g. Local), and select a policy

to assign to (you can use the default). After you

select any one of them depending on your

demand, click “Next” to continue.

¾Local User: Cont. Add User

You can add a new user to the local user data

base. If you want to add a user here, enter the

Username (e.g. test), Password (e.g. test),

MAC (optional) and assign it a group (you can

use the default). Click “ADD” to add a user.

Click “Next” to continue. If there is no group

selected, the system will assign the user to

the group which is specified in the previous

page

30

¾POP3 User: Cont. POP3

Enter IP/Domain Name and server port of the

POP3 server provided by your ISP, and then

choose enable SSL or not. Click “Next” to

continue.

¾RADIUS User: Cont. RADIUS

Enter RADIUS server IP/Domain Name,

authentication port, accounting port and

secret key. Then choose to enable

accounting service or not, and choose the

desired authentication method. After finishing,

please click “Next” to continue.

¾LDAP User: Cont. LDAP

You can add a new user to the LDAP user

data base. Enter the LDAP Server, Server

Port, and Base DN. Click “Next” to continue.

31

¾NT Domain User: Cont. NT Domain

Enter the server IP address and choose

enable the transparent login for domain

server authentication or not. Then click

“Next” to continue

y Step 6: Set Wireless – Access Point

Connection

SSID: Enter a SSID for your system. The default

is WIAS-1000G.

Channel: If you choose Auto Channel Selection,

this item selection will be disabled. If you choose

disable Auto Channel Selection, you have to

select a channel manually. (Note: Different

region would provide different number of

channel. For instance, in Taiwan, you will have

channel 1 ~ 11 to select Here).

Transmission Mode: You can select 802.11b,

802.11g or Mixed modes for your system.

Click “Next” to continue.

y Step 7: Restart

Click Restart to save the current settings and

restart the system. The Setup Wizard is

completed.

32

y Please wait for 70 seconds to restart and the

system will go back to the Configuration Wizard

screen.

Caution: In every step, if you want to go back to modify the settings, please just click the “Back” button to go back

the previous step.

3.4 External Network Access

If you have finished the configuration properly and completely (by wizard or by demands), you can go a step further

to access the network managed by WIAS-1000G through the LAN3/LAN4 port.

1. First, connect a user-end device to LAN3/LAN4 port of

the WIAS-1000G, and set the dynamical access

network. After the user end obtains the network

address, please open an Internet browser and the

default login webpage will appear on the Internet

browser.

Key in the username and password created in the local

user account or the on-demand user account in the interface and then click “Submit” button. Here, we key in

the local user account (e.g. test@Local for the username and test for the password) to connect the network.

33

2. When you log in successfully, you will see a “Login

Successfully” screen and it means your previous

settings are correct. Then, you can start to surf Internet

under a managed network environment.

3. But if you see the following screen with a sentence,

“Sorry, this feature is available for on-demand user

only”, it means you click the wrong button, the

“Remaining” button. This button is only for

on-demand users and if you are not an on-demand

user, please just click the “Submit” button.

4. If you are an on-demand user, you can enter the

username and password in the “User Login Page”

and then click the “Remaining” button to know the

remaining time or data size of the account.

5. When you, an on-demand user, log in successfully, you

will see the following “Login Successfully” screen

and it is a little different from the non-on-demand user’s

login successfully screen. There are an extra line

showing “Remaining usage” and a “Redeem”

button.

34

y Remaining usage: Show the rest of use time that

the on-demand user can surf Internet.

y Redeem: When the remaining time or data size is

insufficient, the user has to pay for adding credit at

the counter, and then, the user will get a new

username and password. After clicking the

“Redeem” button, you will see the following

screen. Please enter the new username and

password you got and click “Redeem” button to

merge the two accounts and add up the available

use time and data size by the system, and then,

you will see the total available use time and data size after adding credit.

Caution: The maximum session time/data transfer is 24305 days/2003 Mbyte. If the redeem amount exceeds this

number, the system will automatically reject the redeem process.

35

4. System Configuration

This chapter will guide you how to configure detailed settings. The following table shows all of the options and

functions of WIAS-1000G.

OPTION

System

Configuration

User

Authentication

Network

Configuration

Utilities Status

Configuration

Wizard

Authentication

Configuration

Network Address

Translation

Change Password System Status

System

Information

Black List

Configuration

Privilege List

Backup/Restore

Strategy

Interface Status

WAN

Configuration

Policy

configuration

Monitor IP List

Firmware

Upgrade

Current Users

LAN1 & LAN2

Configuration

Guest User

Configuration

Walled Garden

List

Restart Traffic History

LAN3 & LAN4

Configuration

Roaming

Configuration

Proxy Server

Properties

Notify

Configuration

FUNCTION

Wireless

Configuration

Additional

configuration

Dynamic DNS

Caution: After finishing your settings, please click “Apply” to automatically use the current settings without

restarting the system. All of the on-line users will be disconnected during updating.

36

4.1 System Configuration

This option includes the following functions: Configuration Wizard, System Information, WAN Configuration,

LAN1 & LAN2 Configuration, LAN3 & LAN4 Configuration and Wireless Configuration.

4.1.1 Configuration Wizard

Configuration Wizard has 7 steps to provide a simple and easy way for a quick configuration of the system. It has

been introduced and described, so please refer to 3.3 Quick Configuration.

37

4.1.2 System Information

This part is related to the main data about WIAS-1000G. Please refer to the following description to enter these

blanks.

y System Name: Set the system’s name and or use the default.

y Administrator Info: Enter the Administrator’s information here, such as administrator’s name, telephone

number, e-mail address, etc. If users have the problem in the connection of the WAN port when connecting to

the system, the information will show on the user login screen.

y Home Page: Enter the website of a Web Server to be a homepage. When you log in successfully, the

homepage will be linked to the website you set. Usually, the homepage is set to a website of a company, such as

http://www.ovislink.com.tw

. No matter which web page you set as homepage originally in your computer, you will

be redirect to this home page you set here when you log in.

y Access History IP: Specify an IP address of the administrator’s computer or a billing system to connect

WIAS-1000G to get billing history information.

y Remote Manage IP: Set the IP block with a system which is able to connect the web management interface via

38

the non-private port. For example, 10.2.3.0/24 means that as long as you are at the IP address of 10.2.3.0/24,

you can execute the functions to control WIAS-1000G. Another example is 10.0.0.3, as long as you are at the IP

address of 10.0.0.3, you can execute the function by connecting the WAN port and manage WIAS-1000G.

y SNMP: WIAS-1000G supports SNMP v2 read only data access. If you enable the function, you have to assign

the IP address and the SNMP community name used to access the management information base (MIB) of the

system.

y User logon SSL: Enable to activate https (encryption) or disable to activate http (non encryption) as login page.

y Time: WIAS-1000G supports NTP communication protocol to synchronize the network time. Please specify the

IP address of a server on the system configuration interface for adjust the time automatically. (Universal Time is

Greenwich Mean Time, GMT). You also can set the time manually when you select “Set Device Date and

Time”. Please enter the date and time by these field.

39

4.1.3 WAN Configuration

There are 3 methods of obtaining IP from the WAN Port: Static IP Address, Dynamic IP Address, and PPPoE.

yStatic IP Address: Manually specifying the IP address of the WAN Port is applicable for the network

environment where the DHCP service is unavailable. The fields with red start are necessary to enter. Please

enter these necessary conditions.

IP address: the IP address of the WAN port.

Subnet mask: the subnet mask of the WAN port.

Default gateway: the gateway of the WAN port.

Preferred DNS Server: the first DNS Server of the WAN port.

Alternate DNS Server: the substitute DNS Server of the WAN port. This is not necessary to enter.

yDynamic IP address: It is only applicable for the network environment where the DHCP Server is available in

the network. Click the “Renew” button to get an IP address.

yPPPoE Client: When the WAN Port uses PPPoE to connect the network, please select PPPoE, and set the

“User Name” and “Password”. There is a Dial on demand function under PPPoE option. If you enable this

function, you can set an idle time. When the idle time is out, the system will automatically disconnect.

40

4.1.4 LAN1 & LAN2 Configuration

The two LAN ports can be enabled or disabled for user authentication.

41

y LAN1 & LAN2 Port

IP PNP: When you enable this function, the user can set the PC with a static IP to access Internet through

LAN1/LAN2 from WIAS-1000G and get the network resources properly with the proper IP address, Subnet Mask,

Default Gateway and DNS.

User Authentication: You can choose to Enable or Disable this function. If you disable “User Authentication”,

you can access Internet without authentication.

Operation Mode: You can choose one of these to mode, NAT mode and Router mode, by the requirements.

IP Address: Enter your desired IP address for the LAN1 & LAN2 port.

Subnet Mask: Enter your desired subnet mask for the LAN1 & LAN2 port.

y DHCP Server Configuration

There are three methods to set the DHCP server: Disable DHCP Server, Enable DHCP Server and Enable

DHCP Relay.

1. Disable DHCP Server: Disable the function of DHCP Server.

42

2. Enable DHCP Server: Choose “Enable DHCP Sever” function and you have to set the appropriate

configuration for the DHCP server. These fields with red stars are necessary to enter. Please enter the

appropriate information in these fields.

DHCP Scope: Enter the “Start IP Address” and the “End IP Address” of this DHCP scope which means

the IP address you can get is among this scope.

Preferred DNS Server: The first DNS server for the DHCP.

Alternate DNS Server: The substitute DNS server for the DHCP.

Domain Name: Enter the domain name.

WINS IP Address: Enter the IP address of WINS

Lease Time: Choose the time to change the DHCP.

Reserved IP Address List: For reserved IP address settings in detail, please click the hyperlink of

“Reserved IP Address”. If there are several IP addresses which can not be the DHCP IP address, please

enter these IP address in this table with the MAC and the Description (optional). Then click “Apply” to

complete the settings.

43

3. Enable DHCP Relay: When you need to use this function, please specify an IP address of a DHCP server.

44

4.1.5 LAN3 & LAN4 Configuration

In this section, you can set the related configuration about LAN3/LAN4 port and DHCP server.

y LAN3 & LAN4 Port

Specific Route Profile: From the pull-down menu to select your desired specific route profile rule. The default

value is “None”.

Operation Mode: You can choose one of these to mode, NAT mode and Router mode, by the requirements.

IP Address: Enter your desired IP address for the LAN3 & LAN4 port.

Subnet Mask: Enter your desired subnet mask for the LAN3 & LAN4 port.

45

y DHCP Server Configuration

There are three methods to set the DHCP server: Disable DHCP Server, Enable DHCP Server and Enable

DHCP Relay.

1. Disable DHCP Server: Disable the function of DHCP Server.

2. Enable DHCP Server: Choose “Enable DHCP Sever” function and you have to set the appropriate

configuration for the DHCP server. These fields with red stars are necessary to enter. Please enter the

appropriate information in these fields.

DHCP Scope: Enter the Start IP Address and the End IP Address of this DHCP scope which means the

IP address you can get is among this scope.

Preferred DNS Server: The first DNS server for the DHCP.

Alternate DNS Server: The substitute DNS server for the DHCP.

Domain Name: Enter the domain name.

WINS IP Address: Enter the IP address of WINS.

Lease Time: Choose the time to change the DHCP.

Reserved IP Address List: For reserved IP address settings in detail, please click the hyperlink of

“Reserved IP Address”. If there are several IP addresses which can not be the DHCP IP address, please

enter these IP address in this table with the MAC and the Description (optional). Then click “Apply” to

complete the settings.

46

3. Enable DHCP Relay: When you need to use this function, please specify an IP address of a DHCP server.

47

4.1.6 Wireless Configuration

This section is to set related configurations about wireless port.

48

y Wireless Configuration

SSID: The SSID is the unique name shared among all devices in a wireless network. The SSID must be the

same for all devices in the wireless network. It is case sensitive, must not exceed 32 characters and may be any

character on the keyboard.

Sync to Ticket: Synchronize the SSID of ticket with this system.

Channel: Select the appropriate channel from the list to correspond with your network settings; for example, 1

to 11 channels are suitable for the North America area. All points in your wireless network must use the same

channel in order to make sure its correct functioning.

Transmission Mode: There are 3 modes you can select, 802.11b (2.4G, 1~11Mbps), 802.11g (2.4G, 54Mbps)

and Mix mode (b and g).

SSID Broadcast: Select this option to enable the SSID to be broadcast in your network. When configuring the

network, you may want to enable this function, but make sure to disable it when you finished. With this is

enabled, someone could easily obtain the SSID information with the site survey software and get unauthorized

access to your network. With this is disabled to increase network security and prevent the SSID from being seen

on networked.

Layer2 Client Isolation: You can enable this function to isolate two different domains or just change the system

default settings. Ex : 10.2.3.4 can’t see 10.2.4.4.

Security: For security settings in detail, please click the hyperlink of “Security” to get in the Security screen.

Choose “Enable” to configure the setting.

49

1. WEP Key: Wired Equivalent Privacy. If you want to use this function, please choose “Enable”.

2. WEP Key Encryption: This is a data privacy mechanism based on a 64-bit, 128-bit, or 256-bit shared key

algorithm.

3. Mode: There are two types, HEX and ASCII, you can select. After selecting one of them, please enter the

related information in the blanks below.

Advance: For advance settings in detail, please click the hyperlink of “Advance” to get in the Advance screen.

1. Authentication Type: The default value is Auto. When you select Auto, it will auto-detect to authenticate

by Shared Key type or Open System type. Shared Key is when both the sender and the recipient share a

WEP key for authentication. Open Key is when the sender and the recipient do not share a WEP key for

authentication. All points on your network must use the same authentication type.

2. Transmission Rates: The default value is Auto. The range is from 1 to 54Mbps. The rate of data

transmission should be set depending on the speed of your wireless network. You can select from a range

of transmission speeds, or you can keep the default setting, Auto, to have the Access Point automatically

use the fastest possible data rate and enable the Auto-Fallback feature. Auto-Fallback will negotiate the

best possible connection speed between the Access Point and a wireless client.

3. CTS Protection Mode: The default value is Disable. When you select “Enable”, a protection mechanism

50

will ensure that your 802.11b devices still can connect to Access Point and will not be affected by many

802.11g devices’ existing. However, performance of your 802.11g devices may decrease.

4. Basic Rate: The basic rate offer three options, All, Set1 and Set2 and the default value is Set1. Depending

on the wireless mode you have selected, WIAS-1000G will deliver a pre-defined data rate. You can select

“All” to activate all kinds of transmission rate to be compatible with the majority of the devices.

5. Beacon Interval: Enter a value between 20 and 100 msec. The default value is 100 msec. The time you

enter means how often the signal between the access point and the wireless network transmits.

6. RTS Threshold: The range is 256 to 2346 and the default is “OFF”. The administrator could set the

threshold and it is recommended that the value should be remained in the range of 256 to 2346.

7. Fragmentation Threshold: The range is 256 to 2346 and the default is “OFF”. The value specifies the

maximum size of packet before data is fragmented into multiple packets. It should be remained in the range

of 256 to 2346. A smaller value creates smaller packets but with a larger numbers of packets during

transmission.

8. DTIM Interval: This function indicates the interval of the Delivery Traffic Indication Message (DTIM), to

choose from 1~255 msec. DTIM is a countdown field informing clients to listen to broadcast and multicast

messages. When an Access Point has buffered broadcast or multicast message from associate client, it

sends the next DTIM at this interval rate, the client will hear the beacons.

y Wireless Configuration

IP PNP: When you enable this function, the user can set the PC with a static IP to access Internet through any

the Public LAN (LAN1/LAN2) from WIAS-1000G and get the network resources properly with the proper IP

address, Subnet Mask, Default Gateway and DNS.

User Authentication: You can choose to Enable or Disable this function. If you disable “User Authentication”,

you have to define “Specific Route Profile” for the user to access Internet.

Operation Mode: You can choose one of these to mode, NAT mode and Router mode, by the requirements.

IP Address: Enter your desired IP address for the LAN1/LAN2 port.

Subnet Mask: Enter your desired subnet mask for the LAN1/LAN2 port.

51

y DHCP Server Configuration

There are three methods to set the DHCP server: Disable DHCP Server, Enable DHCP Server and Enable

DHCP Relay.

1. Disable DHCP Server: Disable the function of DHCP Server.

2. Enable DHCP Server: Choose “Enable DHCP Sever” function and you have to set the appropriate

configuration for the DHCP server. These fields with red stars are necessary to enter. Please enter the

appropriate information in these fields.

DHCP Scope: Enter the Start IP Address and the End IP Address of this DHCP scope which means the

IP address you can get is among this scope.

Preferred DNS Server: The first DNS server for the DHCP.

Alternate DNS Server: The substitute DNS server for the DHCP.

Domain Name: Enter the domain name.

WINS IP Address: Enter the IP address of WINS.

Lease Time: Choose the time to change the DHCP.

Reserved IP Address List: For reserved IP address settings in detail, please click the hyperlink of

“Reserved IP Address”. If there are several IP addresses which can not be the DHCP IP address, please

enter these IP address in this table with the MAC and the Description (optional). Then click “Apply” to

complete the settings.

52

3. Enable DHCP Relay: When you need to use this function, please specify an IP address of a DHCP server.

y WDS configuration

This function can extend the function of accessing the network. You have to work with WIAS-1000G.

WIAS-1000G is a repeater and a peripheral supporting WIAS-1000G to extend the wireless access by receiving

requests from APs or clients and passing the requests to WIAS-1000G to obtain authentication.

If you enable this function, please enter the MAC address of WIAS-1000G in the blanks. A maximum of three

WIAS-1000G is supported.

53

4.2 User Authentication

This option includes the following functions: Authentication Configuration, Black List Configuration, Policy

Configuration, Guest User Configuration, Roaming Configuration and Additional Configuration.

4.2.1 Authentication Configuration

This section is to configure the settings about 802.1x authentication, authentication server and on-demand user

authentication.

54

y 802.1x Authentication Configuration

There are three kinds of 802.1x authentication methods: 802.1x, WPA x/802.1x and WPA-PSK. Click the

hyperlink of 802.1x Authentication Configuration to get in and set the related configurations. After completing

and clicking “Apply” to save your settings, you can go back to the previous screen to check the item to enable

this function.

1. 802.1x: Enable 802.1x authentication method. The fields with red star are necessary to enter.

Authentication Server IP: The IP address/domain name of the Authentication server.

Authentication Port: The port of the authentication server. The default value is 1812.

Secret Key: The secret key of the authentication sever for encryption and decryption.

Accounting Server IP: The IP address/domain name of the accounting server.

Account Port: The port of the accounting server. The default value is 1813.

Secret Key: The secret key of the accounting sever for encryption and decryption.

Accounting Service: Enable or disable this function.

Policy Name: There are three policies provided to select.

55

2. WPA x/802.1x: Support WPA-Enterprise, Wireless Protection Access with 802.1x.

Authentication Server IP: The IP address/domain name of the Authentication server.

Authentication Port: The port of the authentication server. The default value is 1812.

Secret Key: The secret key of the authentication sever for encryption and decryption.

Accounting Server IP: The IP address/domain name of the accounting server.

Account Port: The port of the accounting server. The default value is 1813.

Secret Key: The secret key of the accounting sever for encryption and decryption.

Accounting Service: Enable or disable this function.

Policy Name: There are three policies provided to select.

Group Re-key Time: Time interval for re-keying broadcast/multicast keys in seconds. The maximum is

6000 sec.

3. WPA-PSK: Support WPA-SOHO, Wireless Protection Access-PreShared Key.

56

Group Re-key Time: Time interval for re-keying broadcast/multicast keys in seconds. The maximum is

6000 sec.

PSK: Pre-Shared key, 64 hexadecimal.

Passphrase: 8~63 ASCII characters.

y Authentication Server Configuration

The system provides three servers and one on-demand user that the administrator can apply to each policy

group to have different combinations. Click the hyperlink of Server1~3 or On-demand User to get in and set the

related configurations. After completing and clicking “Apply” to save your settings, you can go back to the

previous screen to choose which server to be the default and check the item to enable these functions.

1. Server 1~3: there are five kinds of authentication methods, Local User, POP3, RADIUS, LDAP and

NTDomain, you can select.

Server Name: Set a name for the server. Except for number (0 to 9), alphabet (a to z or A to Z), and the

dash (-), underline (_) and dot (.), all other letters are not allowed.

Sever Status: On the main screen of User Authentication, you can check to enable or disable the server

and the status will show in this field.

Postfix: Set a postfix easy to distinguishable (e.g. Local) for the server. Except for number (0 to 9), alphabet

(a to z or A to Z), and the dash (-), underline (_) and dot (.), all other letters are not allowed.

Warning: The Policy Name cannot use these words: GRIC, MAC, IP.

57

Black List: There are five groups of the blacks list. You can select one of them or choose “None”. Please

refer to 4.2.2 Black List Configuration

Authentication Methods: There are five authentication methods for selection: Local, POP3, RADUUS,

LDAP and NT Domain. Select the desired method and then you can click the hyperlink besides the

selection to get in for the related configuration. For more details, please refer to 4.2.1.1~5 Authentication

Method.

Notice: Don’t choose the same authentication method for the three servers at the same time or the hyperlink of the

method setting will not work.

Policy Name: there are three policies you can choose. Please choose your desired one.

2. On-demand User: On-demand User is for the customer’s need in a store. When the customers need to

use wireless Internet in the store, they have to get a printed receipt with username and password form the

store to log in the system. There are 2000 On-demand User accounts available.

Server Status: The status shows the server is enabled or disabled.

Postfix: You can set the postfix in this field with the maximum of 20 characters, for example: ovislink. Only

number (0 to 9), alphabet (a to z, A t0 Z), and the dash (-), underline (_) and dot (.), will be accepted.

Receipt Header: There are two fields, Receipt Header 1 and Receipt Header 2, to the receipt’s header.

You can enter your own receipt header message or use the default.

Receipt Footer: Set the receipt footer message here or use the default.

Printer Baud Rate: Select the desired transmission baud rate. The default value is 9600.

58

Monetary Unit: Select the desired monetary unit for different region.

Policy Name: Select a policy for the on-demand user.

WLAN ESSID: Enter the ESSID of the AP.

WEP Key: Enter the WEP key of the AP.

Remark: Enter the remark and it will show at the bottom of the receipt.

Billing Notice Interval: While the on-demand user logs in successfully, the system will update the billing

notice of the login successfully page by the time you select.

Twin Ticket: Enable this function to print duplicate receipt.

User List: Click the hyperlink of Users List to enter the On-demand User List screen. In the On-demand

User List, you can set the user information configurations.

¾Search: Enter a keyword of a username you want to search, click this button, and then the username

only including the keyword will show on the table.

¾Username: The login name of the user.

¾Password: The login password of the user.

¾Remain Time/Volume: The total time/Volume that the user can use.

¾Status: The status of the account. Normal indicates the account is not enabled and not overdue. Online

indicates the account is enabled and not overdue. Expire indicates the account is overdue and can’t be

to use.

¾Expire Time: The expiration time of the account.

¾Del All: You can use the “Del All” button to delete all of the users at a time.

¾Delete: Click “Delete” to delete the users individually.

59

Billing Configuration: Click the hyperlink of Billing Configuration to enter the Billing Configuration

screen. In Billing Configuration screen, Administrator may configure up to 10 billing rules.

¾Status: Select to enable or disable this billing rule.

¾Ty pe: Set the billing rule by Data (the maximum volume is 2002 Mbyte) or Time (the maximum day is

24305 days).

¾Expired Info: If the user doesn’t activate the account by the time, after the time-limit, the account will

expire.

¾Valid Duration: If the account is activated before the expired time, the time will be accumulated since

the first login.

¾Price: The price for the online access.

60

Create On-demand User: Click the hyperlink of Create On-demand User to enter the Create

On-demand User screen. Click the hyperlink of Create On-demand User and you will see the

On-demand User Generate screen. By default, the On-demand user database is empty.

While you press the Create button by the desired rule, an On-demand user will be created, then click

Printout to print a receipt which will contain this on-demand user’s information.

61

4.2.1.1 Authentication Method – Local User Setting

Choose Local User in the Authentication Method field, the hyperlink besides the selection will become “Local

User Setting”.

Click the hyperlink to get in for further configuration.

y Edit Local User List: Click the hyperlink to get in the “Local User List” screen.

Add User: Click “Add User” above the User List to enter the Add User interface, and enter your desired

information such as “Username” and “Password” (necessary), “MAC” and “Remark” (optional). Then, click

on the “Apply” button to complete the insertion. If adding user successfully, you will see the words stands for

success show above the Add User table.

62

63

Del All: You can click the “Del All” button to delete all of the users once.

Delete: Click the “Delete” to delete the users individually.

Edit User: If you want to edit the content of individual user account, please directly click the hyperlink of the

desired user account to enter the “Edit User” Interface, and then enter your desired information such as

“Username” and “Password” (necessary), “MAC” and “Remark” (optional). Then, click “Apply” to complete

the modification.

64

y Radius Roaming Out / 802.1x Authentication: Enable the two function separately and the hyperlink of Radius

Client List.

Click the hyperlink of Radius Client List to enter the Radius Client Configuration interface. Choose the

desired type, Disable, Roaming Out or 802.1x and key in the related data and then click “Apply” to complete

the settings.

Roaming Out: This is the Radius Roaming Out function that our company cooperates with III (Institute for

Information Industry). When you select Roaming Out, the local user can login from other site.

802.1x: This system support PEAP (Protracted Extensible Authentication Protocol) function. When you select

802.1x, the system is provided with this function. 802.1x function must be used in LAN.

65

4.2.1.2 Authentication Method – POP3

Choose POP3 in the Authentication Method field, the hyperlink besides the selection will become “POP3

Setting”.

Click the hyperlink to get in for further configuration. Enter the related information in the primary server or the

secondary server (the secondary server is not necessary to enter) and the blanks with red start are necessary to

enter. Then, click “Apply” button, the configuration will be enabled immediately.

y Server IP: Enter the IP address/domain name offered from your ISP.

y Port: Enter the Port offered from your ISP, and the default value is 100.

y Enable SSL Connection: if you select this option, POP3 Protocol will do the authentication.

66

4.2.1.3 Authentication Method – Radius

Choose Radius in the Authentication Method field, the hyperlink besides the selection will become “Radius

Setting”.

Click the hyperlink to get in for further configuration. The Radius server sets the external authentication for user

accounts. Enter the related information in the primary server or the secondary server (the secondary server is not

necessary to enter) and the blanks with red start are necessary to enter. Then, click “Apply” button, the

configuration will be enabled immediately.

67

y 802.1X Authentication: Enable this function, the hyperlink of Radius Client List will show. Click the hyperlink

to get in the Radius Client Configuration list and set the further configuration. Please see Radius Roaming

Out/802.1x Authentication in 4.2.1.1 Authentication Method – Local User.

y Trans Full Name: If you select “Enable”, the ID and postfix will be transferred to RADIUS server to

authenticate. If you select “Disable”, only ID will be transferred to RADIUS server to authenticate.

y Server IP: Enter the IP address/domain name of the RADIUS server.

y Authentication Port: Enter the authentication port of the RADIUS server and the default value is 1812.

y Accounting Port: Enter the accounting port of the RADIUS server and the default value is 1813.

y Secret Key: Enter the key for encryption and decryption.

y Accounting Service: You can select to enable Accounting Service or not.

y Authentication Method: There are to methods for selection, CHAP and PAP.

4.2.1.4 Authentication Method – LDAP

Choose LDAP in the Authentication Method field, the hyperlink besides the selection will become “LDAP

Setting”.

68

Click the hyperlink to get in for further configuration. Enter the related information in the primary server or the

secondary server (the secondary server is not necessary to enter) and the blanks with red start are necessary to

enter. Then, click “Apply” button, the configuration will be enabled immediately.

y Server IP: Enter the IP address/domain name of the LDAP server.

y Port: Enter the Port of the LDAP server, and the default value is 389.

y Base DN: Enter the distinguished name of the LDAP server.

y Account Attribute: Enter the account attribute of the LDAP server.

4.2.1.5 Authentication Method – NTDomain

Choose “LDAP” in the Authentication Method field, the hyperlink besides the selection will become “LDAP

Setting”.

69

Click the hyperlink to get in for further configuration. Enter the server IP address and decide to enable the

transparent login function or not. After clicking “Apply” button, the configuration will be enabled immediately.

y Server IP address: Please enter the server IP address of the domain controller.

y Transparent Login: If the function is enabled, when users log in the Windows domain, they will log in

WIAS-1000G automatically and concededly.

4.2.2 Black List Configuration

In the black list function, the administrator can add, delete, or edit the black list. Each black list can include 40 users

at most. If a user in the black list wants to log in the system, the user’s access will be blocked. The administrator can

use the pull-down menu to select the desired black list.

y Select Black List: There are 5 groups and you can select the desired black list.

y Name: Set the black list name and it will show on the pull-down menu above.

y Add User to List: Click the hyperlink to add user to the selected specific black list.

70

After entering the username in the “Username” blank and the related information you want to mention in the

“Remark” blank (not necessary), click “Apply” to add the user.

If adding user successfully, you will see the words stands for success show above the Add User to Blacklist table.

If you want to delete a user from the black list, just select the “Delete” check box and then click the “Delete” button.

71

4.2.3 Policy Configuration

Every Policy has three profiles, Firewall Profile, Specific Route Profile, Schedule Profile, and one Bandwidth to

set.

y Firewall Profile

Click the hyperlink of Setting of Firewall Profile, the Firewall Profiles list will show.

72

Click the number of Filter Rule Item to edit and click apply to use your settings. The rule status will show on the

list above. You can check “Active” to enable the rule.

Rule Item: This is the Filter Rule Name you click to enter here.

Rule Name: You can rename the rule name.

Enable this Rule: After you check this item, the rule will be enabled.

Action: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit

packets passing.

Protocol: There are three protocols to select, TCP, UDP and ICMP, or you can choose ALL

Source MAC Address: The MAC address of the source IP address. This is for specific MAC address filter.

Source/Destination Interface: There are four interfaces to choose, WAN, Wireless, Public LAN (LAN1/LAN2)

and Private LAN (LAN3/LAN4).

Source/Destination IP: Enter the source and destination IP addresses.

Source/Destination Subnet Mask: Enter the source and destination subnet masks.

Source/Destination Start/End Port: Enter the range of source and destination ports

y Specific Route Profile

73

Click the hyperlink of Setting of Specific Route Profile, the Specific Route Profile list will show.

Profile Name: You can rename the profile name here.

IP Address: The destination IP address of the host or the network.

Subnet Netmask: Select a destination subnet netmask of the host or the network.

IP Address: The IP address of the next router to the destination.

Default: Check this option to apply the default value.

y Schedule Profile

Click the hyperlink of Setting of Schedule Profile to enter the Schedule Profile list. Select “Enable” to show

the list.

74

This function is to set the time the users can log in. Please check the desired time and click “Apply” to save the

settings in WIAS-1000G.

y Bandwidth

Choose one bandwidth for this. The bandwidth will go with the policy.

75

4.2.4 Guest User Configuration

This function can permit the guest logging in the system. Select “Enable Guest User” and click “Apply” to save

your settings.

y Guest User List: WIAS-1000G offer ten guest users to log in. When you want to activate the guest user, just

enter the password in the corresponding “Password” blank.

y Session Length: It restricts the connecting time of the guest user. The default session length is 6 hours, and the

time range is from 1 to 12 hours.

y Idle Time: If the guest user has been idled and not used the network for a while, the system will automatically

log out the user. The logout time can be set in the range of 1~1440 minutes, and the default logout time is 10

minutes.

76

4.2.5 Roaming Configuration

Enable this function and set properly, the user of GRIC Server can roam through WIAS-1000G. These settings will

enable immediately when you click the “Apply” button.

y Radius Server: Enter the IP address/domain name of the GRIC server.

y Authentication Port: Enter the authentication port of the GRIC server.

y Accounting Port: Enter the accounting port of the GRIC server.

y Secret Key: Enter the key for encryption and decryption.

y Accounting Service: You can select to enable Accounting Service or not.

y Authentication Method: There are to methods for selection, CHAP and PAP.

y Default Policy: There are three policies provided to select.

The GRIC user also can use offer the username, password, IP and MAC on the gric.shtml webpage to get the

authentication and authorization from WIAS-1000G. The example is as follows.

y The IP address of the authentication port of WIAS-1000G: 192.168.1.254

y IP address: 192.168.1.100

y Username: xyz

y Password: xyz

y MAC address: 00:4F:61:67:89:ab

y The gric.shtml:

https://192.168.1.254/loginpages/gric.shtml?uname=xyz&uip=192.168.1.100&upwd=xyz&umac=01:23:45:67:89

:ab

User also can enter the login screen via the browser through the LAN1/LAN2 and enter “GRIC\username” or

“username@GRIC” in the ID field and user’s password to authenticate.

77

4.2.6 Additional Configuration

y User Control: This function applies the rules for the general users.

Idle Timer: If a user has been idled and not used the network for a while, the system will automatically log out

the user. The logout time can be set in the range of 1~1440 minutes, and the default logout time is 10 minutes.

Multiple Login: After you select this function, you can log in from different computers with the same ID. (This

function doesn’t support on-demand user and RADIUS accounting.)

Friendly Logout: When a user logs in, a small window will appear to show the user’s information and there is a

logout button for the logout. If you check to enable the friendly logout, when you close the small window, there

will be a popup window to confirm if the user really wants to log out. If you do not select this option, closing the

window will not have the popup window and will not log out the user

y Roaming Out Timer

Session Timeout: The time that the user can use. When the time is up, the user will be kicked out.

Idle Timeout: If the use has been idled and not used for the time you key in, the system will automatically log

out the use.

Interim Update: The system will report back a record to update the using record every other the time you set.

y Internet Connection Detection: Enter a specific URL or IP address and WIAS-1000G can detect the network

connection by dropping packets directly to the specific URL or IP address.

78

y Upload File

1. Certification: Users can upload their own private key and customer certification. After uploading, please

click “Apply” to use these files.

Click “Use Default Page”, the certification will restore to the default.

2. Login Page: The user can use their own login interface here.

79

If you want to use user-defined interface on WIAS-1000G, please enter or browse the filename of the login

webpage in the File Name on the Upload Login Page and then click “Submit”.

If you want to restore the factory default setting of the login interface, click the “Use Default Page” button

After the upload is completed, you can preview your user-defined login user interface by clicking “Preview”

at the bottom of this page.

The user-defined login interface must include the following HTML codes to provide an area for the user to

enter username and password.

80

If the user-defined login interface includes an image file, the image file path in the HTML code must be the

image file you will upload.

Then, enter or browse the filename of the images you want to upload in the Upload Images field on the

Upload Images Files and then click “Submit”. The system will show the used space and the maximum

size of the image file is 512K. If you want to restore the factory default setting of the login interface, click the

“Use Default Page” button. After the upload is completed, you can preview your user-defined login user

interface by clicking “Preview” at the bottom of this page. If you want to restore the factory default setting of

the login interface, click the “Use Default Page” button.

After the image file is uploaded, the file name will show on the Existing Image Files field. You can check

the file and click “Delete” to delete the file.

3. Logout Page: You can apply your own logout page here. The process is similar to that of Login Page.

81

The different part is the HTML code of your user-defined logout interface must include the following HTML

code that the user can enter the username and password. After the upload is completed, you can preview

your user-defined login user interface by clicking “Preview” at the bottom of this page. If you want to restore

the factory default setting of the login interface, click the “Use Default Page” button.

4. Login Succeed Page: You can apply your own login succeed page here. The process is similar to that of

Login Page. After the upload is completed, you can preview your user-defined login user interface by

clicking “Preview” at the bottom of this page. If you want to restore the factory default setting of the login

interface, click the “Use Default Page” button.

82

5. Logout Succeed Page: You can apply your own logout succeed page here. The process is similar to that of

Login Page. After the upload is completed, you can preview your user-defined login user interface by

clicking “Preview” at the bottom of this page. If you want to restore the factory default setting of the login

interface, click the “Use Default Page” button.

y Credit Reminder: The administrator can enable the function to remind the on-demand users before their credit

running out. There are two kinds of reminder, Volum e and Time. The default reminding trigger level of Volume

is 1Mbyte and the level of Time is 5 minutes.

83

y POP3 Message: Before the user logs in by the username and password, the user can accept the welcome mail

from WIAS-1000G. If the administrator wants to edit the content of the mail, please edit from the following

message.

y Enhance User Authentication: When the function is enabled, the users using MAC address just can log in

WIAS-1000G. If this function is disabled, the MAC users can’t log in. There will be only 40 MAC users at most

can log in. Please select “Enable”, enter the MAC address and then click “Apply”.

Caution: The format of the MAC address is: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.

84

4.3 Network Configuration

This option includes the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled

Garden List, Proxy Server Properties and Dynamic DNS.

4.3.1 Network Address Translation

There are three parts, Static Assignment, Public Accessible Server and Port and Redirect, need to be set.

85

y Static Assignment

There are 40 sets of static Internal IP Address and External IP Address to be set. You can assign these static

IP address to any host which needs a static IP address to access the network through WAN port. These settings

will be effective immediately after you click the “Apply” button.

y Public Accessible Server

This function allows the administrator to set 40 virtual servers at most, so that the computers not belonging to

the managed network can access the servers in the managed network. Please enter the External Service Port,

Local Server IP Address and Local Server Port. According to the different services provided, the network

service can be provided by the TCP protocol or the UDP protocol. In the Enable column, check the desired to

enable this server. These settings will be effective immediately after you click “Apply”.

86

y Port and IP Redirect

This function allows the administrator to set 40 sets of the IP addresses at most for the redirect condition. When

the user attempts to connect the destination IP address in this interface, the connection packet will be converted

to the corresponding destination. Please enter the IP Address and Port of Destination, and the IP Address

and Port of Translated to Destination. According to the different services provided, you can choose the TCP

protocol or the UDP protocol. These settings will be effective immediately after you click “Apply”.

87

4.3.2 Privilege List

There are two parts, Privilege IP Address List and Privilege MAC Address List, need to be set.

88

y Privilege IP Address List

If there are some servers belonging to the managed server need to access the network without authentication,

you can enter IP addresses of these servers in this list. The “Remark” blank is not necessary to enter.

WIAS-1000G allows 100 privilege IP addresses at most. These settings will become effect immediately after you

click “Apply”.

Warning: Permitting specific IP addresses to have network access rights without going through standard

authentication process at the Public LAN (LAN1/LAN2) may cause security problems.

89

y Privilege MAC Address List

In addition to the IP address, you also can enter the MAC address of the servers which need to access the

network without authentication in this list. WIAS-1000G allows 100 privilege MAC addresses at most. Please

enter the MAC address (the format is xx:xx:xx:xx:xx:xx) and the remark (remark is not necessary to enter) and

select the desired group. These settings will be effective immediately after you click “Apply”.

Warning: Permitting specific MAC addresses to have network access rights without going through standard

authentication process at the Public LAN (LAN1/LAN2) may cause security problems.

90

4.3.3 Monitor IP List

The system will send out the packet regularly to monitor the connection status of the IP addresses on the list. If the

monitored IP address does not respond, the system will send an e-mail to the administrator. After enter the related

information and click “Apply”, these settings will be effective immediately. You can click “Monitor” to check the

current status of all the monitored IP. The system provides 40 IP addresses a most on the “Monitor IP List” to set.

y Send From: The e-mail address of the administrator server in charge of the monitoring.

y Send To: The e-mail address of the user of the IP address under the monitoring.

y Interval: The time interval to send the e-mail report.

y SMTP Server: the IP address of the SMTP server.

y Auth Method: Provide four authentication methods, Plain, Login, CRAM-MD5 and NTLMv1, or you can

91

choose “None”.

y IP Address: the IP addresses under the monitoring.

y Monitor: Click this button to see the current status of the monitored IP address.

4.3.4 Walled Garden List

This function provides some free services to these users on this list to access some websites before logging in and

authentication. You can set up to 20 addresses or domain names of the websites in this list and then the users even

having not the network access right still can have a free chance to experience the actual network service. Please

enter the website IP address or domain name in the list and these settings will be effective immediately after clicking

“Apply”.

92

4.3.5 Proxy Server Properties

y External Proxy Server: Under the WIAS-1000G security management, only the port is set to 80 to be allowed

to pass and the login page will appear. If you have built a Proxy Server in your network environment and set the

browser to Proxy, you must set the IP address and port of your external proxy server in this list to function in the

proxy network environment. These settings will be effective immediately after you click “Apply”.

y Internal Proxy Server: WIAS-1000G has a built-in proxy server, if you enable this function, the end user can

specify WIAS-1000G as the proxy server, and doesn’t have to set the IP address and port.

4.3.6 Dynamic DNS

WIAS-1000G provides a convenient DNS function to translate the IP address of WAN port to a domain name that

helps the administrator memorize and connect to WAN port. If the DHCP is activated at WAN port, this function will

also update the newest IP address regularly to the DNS server. These settings will be effective immediately after you

click “Apply”.

93

y DDNS: Enable or disable this function.

y Provider: Select the DNS provider.

y Host name: the IP address/domain name of the WAN port.

y Username/E-mail: The register ID (username or e-mail) for the DNS provider.

y Password/Key: The register password for the DNS provider.

4.4 Utilities

Here provides four utilities to customize and maintain the system including Change Password, Backup/Restore

Strategy, Firmware Upload and Restart.

94

4.4.1 Change Password

You can change the passwords of the administrator and the manager here. Please enter the present password of

the administrator and then enter the new password twice to verify. Click “Apply” to activate the new password. The

steps to change the manager’s password are the same

Caution: If you lost or forgot the administrator’s password, you still can change the administrator’s password

through the text mode management interface on the serial port, console/printer port.