PLANET WSG-404 User Manual

Hot Spot

Wireless Subscriber Gateway

WSG-404

User’s Manual

Copyright (C) 2007 PLANET Technology Corp. All rights reserved. The products and programs described in this User’s Manual are licensed products of PLANET Technology, This User’s Manual contains proprietary information protected by copyright, and this User’s Manual and all accompanying hardware, software, and documentation are copyrighted. No part of this User’s Manual may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form by any means by electronic or mechanical. Including photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal use, and without the prior express written permission of PLANET Technology.

Disclaimer

PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred. Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described in this User’s Manual, at any time without notice. If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.

FCC Warning

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the Instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

CE mark Warning

The is a class B device, In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.

Trademarks

The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies.

WEEE Warning

To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of electrical and electronic equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately.

Revision

User’s Manual for PLANET Hot Spot Wireless Subscriber Gateway Model: WSG-404 Rev: 1.0 Part No.: EM-WSG404v1 (2081-B41070-000)

WSG-404 User Guide

Table of Contents

1. Introduction..............................................................................................................................5

1.1 Package Contents...............................................................................................................5

1.2 Features .............................................................................................................................6

1.3 Precautions.........................................................................................................................7

1.4 Outlook ...............................................................................................................................7

1.4.1 Top Panel....................................................................................................................7

1.4.2 Rear Panel..................................................................................................................8

1.5 Technical Specifications ....................................................................................................10

1.5.1 Hardware Specifications ...........................................................................................10

1.5.2 Software Specifications.............................................................................................11

2. Installation..............................................................................................................................13

2.1 Installation Requirements..................................................................................................13

2.1.1 System Requirements...............................................................................................13

2.1.2 ISP Requirements.....................................................................................................13

2.1.3 Your PC Requirements .............................................................................................14

2.2 Hardware Connection and Installation...............................................................................15

2.2.1 Physical Installation ..................................................................................................15

2.3 Software Configuration......................................................................................................16

2.3.1 Quick Configuration ..................................................................................................16

2.3.2 External Network Access ..........................................................................................24

3. Web Interface Configuration .................................................................................................27

3.1 System Configuration........................................................................................................28

3.1.1 Configuration Wizard ................................................................................................28

3.1.2 System Information...................................................................................................29

3.1.3 WAN Configuration ...................................................................................................31

3.1.4 LAN1 & LAN2 Configuration .....................................................................................33

3.1.5 LAN3 & LAN4 Configuration .....................................................................................36

3.1.6 Wireless Configuration..............................................................................................39

3.2 User Authentication...........................................................................................................45

3.2.1 Authentication Configuration .....................................................................................45

3.2.1.1 Authentication Method - Local User Setting ...........................................................66

3.2.1.2 Authentication Method - POP3...............................................................................71

3.2.1.3 Authentication Method - RADIUS...........................................................................72

3.2.1.4 Authentication Method - LDAP...............................................................................74

3.2.1.5 Authentication Method - NTDomain .......................................................................75

3.2.2 Black List Configuration ............................................................................................76

3.2.3 Policy Configuration..................................................................................................78

3.2.4 Guest User Configuration..........................................................................................82

3.2.5 Additional Configuration............................................................................................83

3.3 Network Configuration ....................................................................................................100

3.3.1 Network Address Translate .....................................................................................100

Wireless Subscriber Gateway

3.3.2 Privilege Configuration............................................................................................104

3.3.3 Monitor IP Configuration .........................................................................................105

3.3.4 Walled Garden List .................................................................................................107

3.3.5 Proxy Server Properties..........................................................................................108

3.3.6 Dynamic DNS.........................................................................................................109

3.4 Utilities............................................................................................................................ 110

3.4.1 Change Password .................................................................................................. 110

3.4.2 Backup/Restore Settings ........................................................................................ 112

3.4.3 Firmware Upgrade.................................................................................................. 113

3.4.4 Restart....................................................................................................................113

3.5 Status..............................................................................................................................114

3.5.1 System Status.........................................................................................................114

3.5.2 Interface Status.......................................................................................................116

3.5.3 Concurrent Users.................................................................................................... 118

3.5.4 Traffic History..........................................................................................................118

3.5.5 Notify Configuration ................................................................................................120

3.6 Help ................................................................................................................................121

4. Appendix A --- Console Interface ........................................................................................122

5. Appendix B --- Configuration on Authorize.Net .................................................................125

6. Appendix C --- Proxy Setting for Hotspot...........................................................................130

7. Appendix D --- Proxy Setting for Enterprise.......................................................................133

8. Appendix E --- Disclaimer for On-Demand Users ..............................................................138

WSG-404 User Guide

1. Introduction

The PLANET Wireless Subscriber Gateway WSG-404 is a compact intelligent gateway integrated with a four-port port-based switch. It provides Plug & Play Internet access, advanced security and network management.

The WSG-404 is designed for service providers, system integrator or hotspot venue operator without backend-RADIUS-Server to have integrated solution for rapid deployment, which can start hotspot service quickly and easily and enhance service performance.

The WSG-404 is an ideal solution for hotel lobbies, coffee bars, airport lounges, conference facilities and other sites that commonly host business travelers, and offers instant high-speed Internet connections. With its IP Plug and Play technology, it accepts any client configuration login, when client open browser the WSG-404 immediately recognizes new end-user and redirects their browser to customized Web pages. There’s no need for end-user to change any of their default network (Static IP), e-mail (SMTP Server behind firewall), or browser settings (HTTP Proxy) or load any special software to access hotspot service. It’s completely Plug’ Play with any browser.

1.1 Package Contents

Please inspect your package. The following items should be included in the WSG-404 packages:

 1x WSG-404 unit  1x Power Adapter  1x User’s Manual CD  1x Quick Installation Guide  1x RJ-45 Cable  1x RS-232  2x Antenna

If any of the above items are damaged or missing, please contact your dealer immediately.

Optional Product that can co-work with WSG-404: WSG-ACG4 Account Generator Printer

 1x Power Adapter  1x RJ-11 Cable  1x Quick Installation Guide

This Account Generator is an optional device that can work with WSG-404. With this Account Generator it is much easier for operator to create the accounts for any guests. Without the Account Generator, all the account generation can be done through Administrator’s Web management page. The demand of this Account Generator can vary on the install site

Wireless Subscriber Gateway

1.2 Features



Ideal Hot Spot solution

Via the integrated 802.11g wireless interface, mobile users can establish high speed Internet access without any configuration.



Zero configuration (Plug-n-Play) Internet access

WSG-404 translates proper IP address information for Internet access, all IP configurations, either DHCP, Private IP or Static IP information will be turned into Internet-ready configurations. Subscribers won’t feel the difference, and no need to face to the inconvenience of IP reconfigurations.



Built-in proprietary AAA mechanism and billing system

PLANET WSG-404 integrates Web-based Authentication (including subscriber SSL logon page), selective Web-based Accounting, and proprietary billing mechanism, which can help you to prepare a billing mechanism in a very short time and bring most convenience, the least efforts for billing applications.



RADIUS AAA support

WSG-404 provides standard based Radius Client to communicate with any standard based Radius server, in order to support AAA (Authentication, Authorization and Accounting).



Exclusive Printer Accounting (Optional)

Machine operators may customize the printout information for different billing application.



Security and Firewall

With built-in 64/128-bit RC4 WEP Encryption, VLAN Security for Wireless, subscriber SSL Login Page / Admin Page, VPN (IPSec/PPTP) Pass through…various security features, PLANET WSG-404 bring you an ease-of-use and most comfort safe Internet access environment.



Ease-of-Use and Management

The built-in web management interface in WSG-404 brings most convenience to system administrators or machine operators while configuring machine or setting up subscriber privileges in movements. With time increments, clerks or machine operators may print out, billing and other user information with time increments are conveniently printed on the button-operated printer included with the PLANET WSG-404. Time increments may be compiled simply by pressing the printer button multiple times. No computers or complex back-end subscriber management systems are required for deployment.



Virtual Server & DMZ Capability

The standard and user-defined Virtual server gives the WSG-404 has the most flexibility to share local resources like Email, FTP or HTTP servers to the Internet in a more secure way. The DMZ (De-Militarized Zone) capability helps LAN users to act like an independent Internet node that communicates to the Internet in both directions while maintaining security for LAN users.

Note:

The "PnP" Function only can be used with TCP/IP-based Network.

WSG-404 User Guide

1.3 Precautions

 Never remove or open the cover. You may suffer serious injury if you touch these parts.  Never install the system in the wet locations.  Use only the original fitting AC power adapter otherwise there is a danger of severe electrical

shock.

 Avoid exposing the WSG-404 to direct sunlight or another heat source.  Choose a well-ventilated area to position your WSG-404.

1.4 Outlook

Figure 1-1 WSG-404 Outlook

1.4.1 Top Panel

The top panel of the WSG-404 is shown below.

Figure 1-2 WSG-404 Top Panel

Wireless Subscriber Gateway

LEDs Indication

LED Color Status Description PWR Green

WLAN Green

WAN Green

LAN 1~4

Green

Off On

Off On Flashing

The device is turned off The device is turned on

The wireless is not ready The wireless is ready The wireless data transmission The WAN is not connected The WAN has a successful (10/100Mbps) Ethernet connection The WAN is sending or receiving packet The LAN is not connected The LAN has a successful (10/100Mbps) Ethernet connection The LAN is sending or receiving packet

Note:

1. Use only the bundled DC adapter for the power system, other power adapter could damage the device permantly.

2. During the firmware upgrade process, please do not power off the device, otherwise it could damage the device permantly.

1.4.2 Rear Panel

The rear panel of the WSG-404 is shown below.

WAN ConsoleLAN

Figure 1-4 WSG-404 Rear Panel

WAN 1 2 3 4

Port Indication

Powe

Printed

Housin

Interfac

Power Button RJ-45 RJ-45 RJ-45 RJ-45 RJ-45 RJ-11

12V

12V DC

RESET



Reset WAN LAN 1 LAN 2 LAN 3 LAN 4

RESE

1 2 3 4

Consol

WSG-404 User Guide

POWER:

The power adaptor plugs here.

RESET:

Used for restarting the system.

WAN:

One RJ-45 port is used for connecting xDSL or Cable Mode to the Internet/Intranet.

LAN1~2:

Used for Connecting to the public LAN. It can be chosen to require authentication to access network resource and the Internet.

LAN3~4:

Used for Connecting to the private LAN. Authentication is not required to access the network resource from here.

Console:

Used for configuring the system via Hyper Terminal or connecting to the WSG-ACG4 (Ticket Printer).

Wireless Subscriber Gateway

1.5 Technical Specifications

1.5.1 Hardware Specifications

Ports

Wireless Data rate Up to 54Mbps with Auto fall back with 802.11b Wireless Encryption WEP 64/128 bit

Wireless Authentication IEEE 802.1x (EAP-MD5, EAP-TLS, CHAP, PEAP)

Wireless Antenna Type 2dBi (Max) Dual detachable diversity antenna with reverse SMA Wireless Operating Range Open Space: 100~300m

LED Indicators 1 x POWER LED

Environmental Operating

Electrical External Power Adaptor

Regulatory Compliance FCC part 15 Class B

Dimension 230 x 150 x 45.5 mm (W x D x H) Weight 1.4 Kg

LAN 4 x RJ45 (10Base-T/100Base-TX, Auto-Negotiation, Auto MDI/MDI-X)

1 x 802.11g wireless AP interface WAN 1 x RJ45 (10Base-T/100Base-TX, Auto-Negotiation) Console 1 x RJ11

WPA with TKIP

WPA-PSK

Indoors: 35~100m

1 x WLAN Link/Activity LED

1 x WAN Link/Activity LED

4 x LAN Link/Activity LEDs

Temperature: 5 ~ 45 °C

Relative Humidity: 10 ~ 80 % (non-condensing)

Storage

Temperature: - 25 ~ 55 °C

Relative Humidity: 5 ~ 90 % (non-condensing)

Power Input: 12V DC, 1.5A

CE Mark Class B

WSG-404 User Guide

1.5.2 Software Specifications

demand, LDAP,

Network

WAN Connection Type

AAA / Billing

Security

Management

IEEE802.3 10BaseT Ethernet

IEEE802.3u 100BaseTX Fast Ethernet

IEEE802.11b 11Mbps

IEEE802.11g 54Mbps

Supports 50 Simultaneous Users

IP Plug and Play (IP PnP)

Supports External HTTP Proxy Servers; Built-in Proxy Server

WEP Data Encryption 64/128 bit

WPA with TKIP; Radius

SMTP Server Redirection

DHCP Server

DHCP Relay

NAT

IP Routing

Dynamic DNS

Walled Garden: Up to 20

Session Number: Max. 16384

Supports NTP (Network Time Protocol)

DHCP WAN Client

PPPoE WAN Client

PPTP WAN Client

Static IP WAN Client

Built-in Authentication

Exclusive Printer Accounting without PC operating

Web-based Login Page Authentication

Web-based Accounting

Flexible Billing Profiles and Price Plan

Flexible Billing Mechanism

Flexible Time Mechanism (Time to Finish and Accumulation)

External DB25 Support (WSG-ACG4)

RADIUS Authentication

Credit Card Support (Authorize.net, *PayPal)

10 Customizable Billing Profile

Remaining Credit Reminder

Accumulation Billing

Account log

*Future feature

Layer 2 Isolation

SSL Login Page

SSL Administration

VPN Pass through (IPSec/PPTP)

Pass through Destination IP/URL

Pass through Source IP/MAC

Restricted Destination Filtering IP/URL

Share LAN Resources

Customize SSL Certificate

DoS Attack Protection

IEEE 802.1x (EAP-MD5, EAP-TLS, CHAP, PEAP)

Supports Multiple Authentication Methods (Local and On-

POP3(s), RADIUS, NT Domain)

Wireless Subscriber Gateway

Supports Multiple Logins with One Single Account

SSL Protected Login Portal Page

Administrator/Manager/Operator Management Access

Local Account: Max. 500

Supports Guest Accounts: Up to 10

Customize Login/Logout Page

Remote Browser-based Configuration and Management

Policy-based Access Control

IP-based/MAC-based Privilege List

Friendly Notification E-mail

Backup/Restore/Factory Default Setting

Remote Firmware Upgrade

System Information Table

Per-user Traffic History Log

Support External Syslog Server

Billing Report Summary

Bandwidth Control

Session Idle Timer

Session/Account Expiration Control

Secure Remote via PPTP VPN

Supports SNMP V2

SSL Certificate Upload

WSG-404 User Guide

2. Installation

The followings are instructions for setting up the WSG-404. Refer to the illustration and follow the simple steps below to quickly install your WSG-404.

2.1 Installation Requirements

Before installing the WSG-404, make sure your network meets the following requirements.

2.1.1 System Requirements

 Cable modem or DSL/ADSL modem.  Network cables: Use standard 10/100Base-TX network (UTP) cables with RJ45 connectors.  Subscriber PC installed with Wireless adapter that complied with 802.11b, or 802.11g.  Workstations of subscribers running Windows 95/98/ME, NT4.0, 2000/XP, MAC OS9 or later,

Linux, UNIX or other platform compatible with TCP/IP protocols.

 <Optional> Account generator (Model No.: WSG-ACG4).

2.1.2 ISP Requirements

Verify whether your ISP use fixed or dynamic IP. If it is a fixed IP, be sure to get the IP from your ISP. For dynamic IP, which is mostly used, the PC will get the IP automatically whenever it hooks up on the modem.

Dynamic IP

 Dynamic IP Setting

Fixed IP

 Your fixed IP address for the WSG-404  Your subnet mask for the WSG-404  Your default gateway IP address  Your DNS IP address

PPPoE

 Your user name from your ISP  Your password from your ISP

Wireless Subscriber Gateway

PPTP

 PPTP Server IP Address from your ISP  PPTP Local IP address from your ISP  PPTP Local IP subnet mask from your ISP  Your user name from your ISP  Your password from your ISP

2.1.3 Your PC Requirements

The Static IP settings for the PC

 Your PC’s fixed IP address  Your PC’s subnet mask  Your PC’s default gateway IP address  Your PC’s primary DNS IP address

Note:

1. The gateway’s default IP address setting is “LAN1&LAN2: 192.168.2.254, LAN3&LAN4:

192.168.1.254”

2. The gateway’s default subnet mask setting is “255.255.255.0”

The Dynamic IP settings for the PC

We recommend that you leave your IP settings as automatically assigned. By default, the WSG-404 is a DHCP server, and it will give your PC the necessary IP settings.

Note:

Before turn on the WSG-404, make sure there is no other DHCP server in the LAN network; otherwise it will influence the whole network operation.

WSG-404 User Guide

2.2 Hardware Connection and Installation

2.2.1 Physical Installation

Physical connection of WSG-404

1. Ensure the WSG-404 and the Cable/DSL modem are powered OFF before commencing. Leave your Cable/DSL modem connected to its wall socket (phone line or cable input).

2. Use Ethernet cables to connect to the LAN1/LAN2 port on the rear panel. Connect the other end of the Ethernet cable to an AP or Switch. (Note: Authentication is required for the clients to access the network via LAN1/LAN2 port. The LAN port with authentication function is referred to as Public LAN).

3. Use Ethernet cables to connect to the LAN3/LAN4 port on the rear panel. Connect the other end of the Ethernet cable to a PC. (Note: Authentication is NOT required for the clients to access the network via LAN3/LAN4 port. The LAN port with authentication function is referred to as Private LAN).

4. Connect your Cable/DSL Modem to the WAN port on the rear panel. Use the cable supplied with your Cable/DSL modem. If no cable was supplied with your modem, use a standard network cable. Please make sure the connection is established (LED is on).

5. Connect the Power Adapter. Use only the unit provided.

6. Power ON. The PWR LED should stay on (If your network is connected, the WAN/WLAN/LAN LED will be on, too).

7. Power on the PC that connected to the WSG-404.

Wireless Subscriber Gateway

2.3 Software Configuration

2.3.1 Quick Configuration

There are two ways to configure the system: using Configuration Wizard or change the setting by demands manually. The Configuration Wizard has 7 steps providing a simple and easy way to guide you through the setup of PLANET WSG-404. Follow the procedures and instructions given by the Wizard to enter the required information step by step. After saving and restarting PLANET WSG-404, it is ready to use. There will be 7 steps as listed below:

1. Change Admin’s Password

2. Choose System’s Time Zone

3. Set System Information

4. Select the Connection Type for WAN Port

5. Set Authentication Methods

6. Set Wireless – Access Point Connection

7. Save and Restart PLANET WSG-404

To access the web management interface, connect the PC and WSG-404 in advance via the Private Port of WSG-404. Then, launch the web browser and enter the IP address of the gateway for that port in the address field then pres Enter. Default IP address of the default gateway of the Private Port is https://192.168.2.254 (Note: https is used for a secured connection).

The administrator login page will appear. Enter default username “admin” & default password “admin” in the User Name and Password fields. Click Enter to login.

WSG-404 User Guide

After successfully logging into WSG-404, a web management interface with a welcome message will appear.

Click System Configuration to the System Configuration screen and run the Configuration Wizard to help you complete the configuration.

Wireless Subscriber Gateway

Click Run Wizard to begin the Configuration Wizard

After clicking Run Wizard, the Configuration Wizard will appear in a pop-up browser window. Click “Next” to begin.

Step 1: Change Admin’s Password

Enter a new password for the admin account and retype it in the verify password field (Twenty characters maximum and no spaces allowed). Click “Next” to continue.

WSG-404 User Guide

Step 2: Choose System’s Time Zone

Select a proper time zone via the drop-down menu. Click “Next” to continue.

Step 3: Set System Information Home Page: Enter the URL that users should be initially directed to when successfully

authenticated to the network. NTP Server: Enter the URL of external time server for WSG-404 time synchronization or use the default server. DNS Server: Enter a DNS Server provided by your ISP. Contact the ISP if the DNS IP Address is unknown. Click “Next” to continue.

Wireless Subscriber Gateway

Step 4: Select the Connection Type for WAN Port Three are three types of WAN port to select from: Static IP Address, Dynamic IP Address and PPPoE Client. Select a proper Internet connection type. Click “Next” to continue.

Step 4(Cont): Set Static IP Address Information

Enter the IP Address, Subnet Mask and Default Gateway as the examples provided by the ISP. Click “Next” to continue.

WSG-404 User Guide

Step 4(Cont): Set PPPoE Client’s Information after selecting PPPoE Client

Enter the Username and Password provided by the ISP. Click “Next” to continue.

Step 5: Select Authentication Methods

Please specify the policy name for this authentication method. The Postfix field (e.g. Local) will be used as the postfix name (e.g. username@Local). An authentication method has to be selected from one of the five options appeared in this window (Local User is selected for this setup example). Local User is an authentication method that uses the built-in user account database supported by WSG-404. Click “Next” to continue.

Wireless Subscriber Gateway

Step 5(Cont.): Add User

A new user can be added to the local user data base. To add a user here, enter the Username (e.g. test), Password (e.g. test) and MAC (optional) and assign a policy to this particular user (or use the default). Upon completing adding a user, more users can be added to this authentication method by clicking the ADD bottom. Click “Next” to continue.

Step 6: Set Wireless Access-Point Connection SSID: Enter a SSID (Up to 32 characters) for the system. The default is WSG-404. SSID is a unique

identifier used for the wireless users’ devices to associate with WSG-404. Transmission Mode: WSG-404 supports two transmission modes, 802.11b and 802.11(b+g). Select the appropriate transmission mode to work with the wireless clients in the network. Channel: If the default channel used by many other APs, it is necessary to select another channel form the Channel field for a better performance. Click “Next” to continue.

WSG-404 User Guide

Step 7: Save and Restart WSG-404

Click Restart to save the current settings and restart WSG-404. The Setup Wizard is now completed.

During PLANET WSG-404 restart, a “Restarting now. Please wait for a moment...” message will appear on the screen. Please do not interrupt PLANET WSG-404 until the Configuration Wizard window has disappeared. This indicates that the restart process has completed

Note:

If you wish go back to modify the setting during every steps of the wizard. Please click the Back button to go back to the previous step.

Wireless Subscriber Gateway

2.3.2 External Network Access

If all the steps are set properly, PLANET WSG-404 can be further connected to the managed network to experience the controlled network access environment. Firstly, connect an end-user device to the network at PLANET WSG-404’s LAN1/LAN2 and set to obtain an IP address automatically. After the network address is obtained at the user end, open an Internet browser and link to any website. Then, the default logon webpage will appear in the Internet browser.

1. First, connect a user-end device to LAN1/LAN2 port of the PLANET WSG-404, and set the dynamical access network. After the user end obtains the network address, please open an Internet browser and the default login webpage will appear on the Internet browser. Key in the username and password created in the local user account or the on-demand user account in the interface and then click Submit button. Here, we key in the local user account (e.g. test@Local for the username and test for the password) to connect the network.

2. Login page appearing means PLANET WSG-404 has been installed and configured successfully. Now, the user can browse the network or surf the Internet.

WSG-404 User Guide

3. If the screen shows “Sorry, this feature is available for on-demand user only”, the “Remaining” button has been clicked. This button is only for on-demand users. For users other than on-demand users, please click the Submit button.

4. An on-demand user can enter the username and password in the “User Login Page” and click the Remaining button to view the remaining time the account.

5. When an on-demand user logs in successfully, the following Login Successfully screen will appear. There is an extra line showing “Remaining usage” and a “Redeem” button.

Wireless Subscriber Gateway

 Remaining usage: Show the rest of use time that the on-demand user can surf Internet.  Redeem: When the remaining time or data size is insufficient, the user has to pay for adding

credit at the counter, and then, the user will get a new username and password. After clicking the Redeem button, a login screen will appear. Please enter the new username and password obtained and click Redeem button. The total available use time and data size after adding credit will show up.

Note:

The system will automatically reject the redeem process when the redeem amount exceeds the maximum time/data volume provided by PLANET WSG-404.

WSG-404 User Guide

3. Web Interface Configuration

This chapter will guide you through further detailed settings. The following table shows all the functions of PLANET WSG-404.

OPTION

FUNCTION

System

Configuration

Wizard

System

Information

WAN

Configuration

LAN1 & LAN2

Configuration

LAN3 & LAN4

Configuration

Wireless

Configuration

User

Authentication

Configuration

Black List

Configuration

Policy

Configuration

Guest User

Configuration

Additional

Configuration

Dynamic DNS

Network

Configuration

Network Address

Translation

Privilege

List

Monitor IP

List

Walled Garden

List

Proxy Server

Properties

Utilities Status

Change

Password

Backup/Restore

Settings

Firmware

Upgrade

Restart

Configuration

System

Status

Interface

Status

Current

Users

Traffic

History

Notify

Wireless Subscriber Gateway

3.1 System Configuration

This section includes the following functions:

Configuration Wizard, System Information, WAN Configuration, LAN1 & LAN2 Configuration, LAN3 & LAN4 Configuration and Wireless Configuration.

3.1.1 Configuration Wizard

There are two ways to configure the system: using Configuration Wizard or change the setting by demands manually. The Configuration Wizard has 7 steps providing a simple and easy way to go through the basic setups of PLANET WSG-404 and is served as Quick Configuration. Please refer to 2.3.1 Quick Configuration for the introduction and description of Configuration Wizard.

WSG-404 User Guide

3.1.2 System Information

These are some main information about PLANET WSG-404. Please refer to the following description for these blanks:

 System Name: Set the system’s name or use the default.  Administrator Info: Enter the Administrator’s information here, such as administrator’s name,

telephone number, e-mail address, etc. If users encountered problems in the connection of the WAN port to the system, this information will appear on the user’s login screen.

 Home Page: Enter the website of a Web Server to be the homepage. When users log in

successfully, they will be directed to the homepage set, such as http://www.yahoo.com. Regardless of the original webpage set in the users’ computers, they will be redirect to this page after login.

 Access History IP: Specify an IP address of the administrator’s computer or a billing system to

get billing history information of PLANET WSG-404. An example is provided as follows and “10.2.3.213” is the WAN IP of PLANET WSG-404.

Wireless Subscriber Gateway

Traffic Historyhttps://10.2.3.213/status/history/2005-02-17

On-demand Historyhttps://10.2.3.213/status/ondemand_history/2005-02-17

 Remote Manage IP: Set the IP block with a system which is able to connect to the web

management interface via the authenticated port. For example, 10.2.3.0/24 means that as long as you are within the IP address range of 10.2.3.0/24, you can reach the administration page of PLANET WSG-404.

 SNMP: PLANET WSG-404 supports SNMPv2. If the function is enabled, administrators can

assign the Manager IP address and the SNMP community name used to access the management information base (MIB) of the system.

 User logon SSL: Enable to activate https (encryption) or disable to activate http (non encryption)

 Time: PLANET WSG-404 supports NTP communication protocol to synchronize the network

time. Please specify the IP address of a server in the system configuration interface for adjusting the time automatically. (Universal Time is Greenwich Mean Time, GMT). Time can be set manually by selecting “Set Device Date and Time”. Please enter the date and time for these fields.

WSG-404 User Guide

3.1.3 WAN Configuration

There are 4 methods of obtaining IP address for the WAN Port: Static IP Address, Dynamic IP Address, PPPoE and PPTP Client.

 Static IP Address: Manually specifying the IP address of the WAN Port is applicable for the

network environment where the DHCP service is unavailable. The fields with red asterisks are required to be filled in.

IP address: the IP address of the WAN port. Subnet mask: the subnet mask of the WAN port. Default gateway: the gateway of the WAN port. Preferred DNS Server: the primary DNS Server of the WAN port. Alternate DNS Server: The substitute DNS Server of the WAN port. This is not required.

 Dynamic IP address: It is only applicable for the network environment where the DHCP Server

is available in the network. Click the Renew button to get an IP address.

Wireless Subscriber Gateway

 PPPoE Client: When selecting PPPoE to connect to the network, please set the “User Name”,

“Password”, “MTU” and “CLAMPMSS”. There is a Dial on demand function under PPPoE. If

this function is enabled, a Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself.

 PPTP Client: Select STATIC to specify the IP address of the PPTP Client manually or select

DHCP to get the IP address automatically. The fields with red asterisks are required to be filled in. There is a Dial on demand function under PPPoE. If this function is enabled, a Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect

itself.

WSG-404 User Guide

3.1.4 LAN1 & LAN2 Configuration

User authentication for the two LAN ports can be enabled or disabled.

 LAN1 & LAN2 Port

IP PNP: Users can use static IP address to connect to the system. Regardless of what the IP

address at the user end is, users can still be authenticated through PLANET WSG-404 and access the network.

Wireless Subscriber Gateway

User Authentication: Choose to enable or disable this function. If “User Authentication” is disabled, users can access Internet without being authenticated. Operation Mode: Choose one of the two modes, NAT mode and Router mode, by the requirements.

IP Address: Enter the desired IP address for the LAN1 & LAN2 port. Subnet Mask: Enter the desired subnet mask for the LAN1 & LAN2 port.

 DHCP Server Configuration

There are three methods to set the DHCP server: Disable DHCP Server, Enable DHCP Server and Enable DHCP Relay.

1. Disable DHCP Server: Disable DHCP Server function.

2. Enable DHCP Server: Choose “Enable DHCP Sever” function and set the appropriate configuration for the DHCP server. The fields with red asterisks are required to be filled in.

DHCP Scope: Enter the “Start IP Address” and the “End IP Address” of this DHCP block. These fields define the IP address range that will be assigned to the Public LAN clients.

Preferred DNS Server: The primary DNS server for the DHCP. Alternate DNS Server: The substitute DNS server for the DHCP. Domain Name: Enter the domain name. WINS IP Address: Enter the IP address of WINS Lease Time: Choose the time to change the DHCP.

WSG-404 User Guide

Reserved IP Address List: For reserved IP address settings in detail, please click the hyperlink of Reserved IP Address. If using the Reserved IP Address List function for IP address outside the DHCP range is desired, click on the Reserved IP Address List on the management interface. Then, the setup of the Reserved IP Address List as shown in the following figure will appear. Enter the related Reserved IP Address, MAC, and some description (not mandatory). Click Apply to complete the setup.

3. Enable DHCP Relay: If enabling this function is desired, other DHCP Server IP address must be specified. See the following figure.

Wireless Subscriber Gateway

3.1.5 LAN3 & LAN4 Configuration

In this section, set the related configuration for LAN3/LAN4 port and DHCP server.

 LAN3 & LAN4 Port

Operation Mode: Choose one of the two modes, NAT mode and Router mode, by the requirements. IP Address: Enter the desired IP address for the LAN3 & LAN4 port. Subnet Mask: Enter the desired subnet mask for the LAN3 & LAN4 port.

WSG-404 User Guide

 DHCP Server Configuration

There are three methods to set the DHCP server: Disable DHCP Server, Enable DHCP Server and Enable DHCP Relay.

1. Disable DHCP Server: Disable DHCP Server function.

2. Enable DHCP Server: Choose “Enable DHCP Sever” function and set the appropriate configuration for the DHCP server. The fields with red asterisks are required to be filled in.

DHCP Scope: Enter the “Start IP Address” and the “End IP Address” of this DHCP block. These fields define the IP address range that will be assigned to the Private LAN clients.

hyperlink of Reserved IP Address. If using the Reserved IP Address List function for IP address outside the DHCP range is desired, click the Reserved IP Address List on the management interface. The setup of the Reserved IP Address List as shown in the following figure will appear. Enter the related Reserved IP Address, MAC, and some description (not mandatory). Click Apply to complete the setup.

Wireless Subscriber Gateway

3. Enable DHCP Relay: If enabling this function is desired, other DHCP Server IP address must be specified. See the following figure.

WSG-404 User Guide

3.1.6 Wireless Configuration

This section is for setting related configurations for the wireless port.

Wireless Subscriber Gateway

 Basic Configuration

SSID: The SSID is the unique name shared among all devices in a wireless network. The SSID

must be the same for all devices in the wireless network. It is case sensitive, must not exceed 32 characters and may be any character on the keyboard. Administrators can give a new name in this field or use the default name.

Sync to Ticket: Synchronize the SSID of ticket with this system. Channel: Select the appropriate channel from the list to correspond to the network settings; for

example, 1 to 11 channels are suitable for the North America area. All points in the wireless network must use the same channel in order to make sure correct connection.

Transmission Mode: There are 2 modes to select from, 802.11b (2.4G, 1~11Mbps) and 802.11

(b+g) (2.4G, 1~11Mbps and 2.4G, 54Mbps).

SSID Broadcast: Select to enable the SSID broadcast in the network. When configuring the

network, this function may be enabled but should be disabled when configuration is finished. Since when SSID Broadcast is enabled, someone could easily obtain the SSID information with the site survey software and get unauthorized access to the network.

Layer2 Client Isolation: This function can be enabled to isolate any client from each other.

Security: For security settings in detail, please click the hyperlink Security to go into the Security page. Choose “Enable” to configure the setting.

WSG-404 User Guide

1. WEP Key: Wired Equivalent Privacy. If using this function is desired, please choose “Enable”.

2. WEP Key Encryption: This is a data privacy mechanism based on a 64-bit or 128-bits

shared key algorithm.

3. Mode: There are two types of encryption, HEX and ASCII. After selecting one of them, please enter the related information in the blanks below.

Advance: For advance settings in detail, please click the hyperlink Advance to go into the Advance page.

1. Authentication Type: The default value is Auto. When “Auto” is selected, it will auto-detect to authenticate by Shared Key type or Open System type. Shared Key is used such that both the sender and the recipient share a WEP key for authentication. Open Key is that the sender and the recipient do not share a WEP key for authentication. All points on the network must use the same authentication type.

2. Transmission Rates: The default value is Auto. The range is from 1 to 54Mbps. The rate of

data transmission should be set depending on the speed of this particular wireless network. Select from a range of transmission speeds or keep the default setting, Auto, to make the Access Point use the fastest possible data rate automatically.

Wireless Subscriber Gateway

3. CTS Protection Mode: The default value is Disable. When enabled, a protection

mechanism will ensure that the 802.11b devices can connect to Access Point and not be affected by many other 802.11g devices existing at the same time. However, the performance of this 802.11g devices may decrease.

4. Basic Rate: The basic rate offers three options, All, Set1 and Set2 and the default value is Set1. Depending on the wireless mode selected, PLANET WSG-404 will deliver a pre-defined data rate. Select “All” to activate all transmission rates to be compatible with the majority of the devices.

5. Beacon Interval: Enter a value between 20 and 1000 msec. The default value is 100 milliseconds. The entered time means how often the signal transmission occurs between the access point and the wireless network.

6. RTS Threshold: Ready To Send threshold. The range is from 256 to 2346 and the default is OFF. The administrator could set the value which is the time to wait before sending another packet. It is recommended that the value remains in the range of 256 to 2346.

7. Fragmentation Threshold: The range is from 256 to 2346 and the default is OFF. The value specifies the maximum size of packet allowed before data is fragmented into multiple packets. It should be remained in the range of 256 to 2346. A smaller value results smaller packets but with a larger numbers of packets in transmission.

8. DTIM Interval: This function indicates the interval of the Delivery Traffic Indication Message (DTIM). DTIM is a countdown function to inform clients to listen to broadcast and multicast messages. When an Access Point has buffered broadcast or multicast message from an associated client, it sends the next DTIM at this interval rate (from 1~255), the client will hear the beacons.

 Wireless Port

IP PNP: Use any IP address to connect to the system. Regardless of what the IP address at the

users end is, they can still be authenticated through PLANET WSG-404 and access the network. User Authentication: If “User Authentication” is disabled, “Specific Route Profile” needs to be specified for the users to access Internet. Operation Mode: Choose one of the two modes, NAT mode and Router mode, by the requirements. IP Address: Enter desired IP address for the wireless port.

WSG-404 User Guide

Subnet Mask: Enter desired subnet mask for the wireless port.

 DHCP Server Configuration

There are three methods to set the DHCP server: Disable DHCP Server, Enable DHCP Server and Enable DHCP Relay.

1. Disable DHCP Server: Disable the DHCP Server function.

2. Enable DHCP Server: Choose “Enable DHCP Sever” function and set the appropriate configuration for the DHCP server. The fields with red asterisks are required to be filled in.

DHCP Scope: Enter the “Start IP Address” and the “End IP Address” of this DHCP block. These fields define the IP address range that will be assigned to the Wireless LAN clients.

Wireless Subscriber Gateway

Reserved IP Address List: For reserved IP address settings in detail, please click the hyperlink of Reserved IP Address. If using the Reserved IP Address List function for IP address outside the DHCP range is desired, click on the Reserved IP Address List on the management interface. The setup of the Reserved IP Address List as shown in the following figure will appear. Enter the related Reserved IP Address, MAC, and some description (not mandatory). Click Apply to complete the setup.

3. Enable DHCP Relay: If enabling this function is desired, other DHCP Server IP address must be specified. See the following figure.

 WDS configuration

This function can extend the range of accessing the network. It has to work with a repeater. A repeater is a peripheral device supporting PLANET WSG-404 to extend the wireless access by receiving requests from APs or clients and passing the requests to PLANET WSG-404 to obtain authentication.

When “Enable” is clicked, there will be a warning box showing up.

WSG-404 User Guide

If this function is enabled, please enter the MAC address of repeater in the blanks. A maximum of three repeaters are supported.

3.2 User Authentication

This section includes the following functions: Authentication Configuration, Black List Configuration, Policy Configuration, Guest User Configuration and Additional Configuration.

3.2.1 Authentication Configuration

This function is to configure the settings for 802.1x authentication, authentication server, and on-demand user authentication.

Wireless Subscriber Gateway

 802.1x Authentication Configuration

There are two kinds of 802.1x authentication methods and one encryption mechanism: 802.1x, WPA w/ 802.1x and WPA-PSK. Click the hyperlink 802.1x Authentication Configuration to set the related configurations. After completing and clicking Apply to save the settings, go back to the previous page to check the item box next to 802.1x Authentication Configuration to enable this function. When using 802.1x authentications, the RADIUS attributes such as idle timeout or session timeout have no effect.

1. 802.1x: Enable the 802.1x authentication method. The fields with red asterisks are required to be filled in.

WSG-404 User Guide

Authentication Server IP: The IP address or domain name of the Authentication server. Authentication Port: The port of the authentication server. The default value is 1812. Secret Key: The secret key of the authentication sever for encryption and decryption. Accounting Server IP: The IP address or domain name of the accounting server. Account Port: The port of the accounting server. The default value is 1813. Secret Key: The secret key of the accounting sever for encryption and decryption. Accounting Service: Enable or disable accounting service. Policy: There are three policies to select from.

2. WPA x/802.1x: Enable the supported WPA-Enterprise, Wireless Protection Access with

802.1x.

maximum is 6000 sec.

Wireless Subscriber Gateway

3. WPA-PSK: Wireless Protection Access-PreShared Key, a kind of encryption mechanism supporting WPA-SOHO. When using WPA-PSK, there is no user authentication required.

Group Re-key Time: Time interval for re-keying broadcast/multicast keys in seconds. The maximum is 6000 sec.

PSK: The Pre-Shared Key uses 64 hexadecimal. Passphrase: A kind of password using 8 to 63 ASCII characters.

Note: After clicking Apply, there will be a restart message. You must click Restart to apply the settings.

 Authentication Server Configuration

The system provides 3 servers and one on-demand server that the administrator can apply with different policy. Click on the server name to set the related configurations for that particular server. After completing and clicking Apply to save the settings, go back to the previous page to choose a server to be the default server and enable or disable any server on the list. Users can log into the default server without the postfix to allow faster login process.

WSG-404 User Guide

Server 1~3: There are 5 kinds of authentication methods, Local User, POP3, RADIUS, LDAP and NTDomain to setup from.

Server Name: Set a name for the server using numbers (0 to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed.

Sever Status: The status shows that the server is enabled or disabled. Postfix: Set a postfix that is easy to distinguish (e.g. Local) for the server using numbers (0

to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed.

Note:

The Policy Name cannot contain these words: MAC and IP.

Black List: There are 5 sets of the black lists. Select one of them or choose “None”. Please refer to 4.2.2 Black List Configuration.

Authentication Methods: There are 5 authentication methods, Local, POP3, RADIUS, LDAP and NT Domain to configure from. Select the desired method and click the link

besides the pull-down menu for more advanced configuration. For more details, please refer to 4.2.1.1~5 Authentication Method.

Note:

Enabling two or more servers of the same authentication method is not allowed.

Policy: There are 3 policies to choose from to apply to this particular server.

Wireless Subscriber Gateway

1. On-demand User: This is for the customer’s need in a store environment. When the customers need to use wireless Internet in the store, they have to get a printed receipt with username and password from the store to log in the system for wireless access. There are 2000 On-demand User accounts available.

Server Status: The status shows that the server is enabled or disabled. Postfix: Set a postfix that is easy to distinguish (e.g. Local) for the server using numbers (0

to 9), alphabets (a to z or A to Z), dash (-), underline (_) and dot (.) with a maximum of 40 characters, all other letters are not allowed. Receipt Header: There are two fields, Receipt Header 1 and Receipt Header 2, for the receipt’s header. Enter receipt header message or use the default.

Receipt Footer: Enter receipt footer message here or use the default. Printer Baud Rate: Select the desired transmission baud rate. The default value is 9600. Monetary Unit: Select the desired monetary unit. Policy Name: Select a policy for the on-demand user. WLAN ESSID: Enter the ESSID of the AP. Administrators can supply a new name or use the

default name.

Wireless Key: Enter the Wireless key of the AP such as WEP or WPA. Remark: Enter any additional information that will appear at the bottom of the receipt. Billing Notice Interval: While the on-demand user is still logged in, the system will update

the billing notice of the login successful page by the time interval defined here. Twin Ticket: Enable this function to print duplicate receipts.

WSG-404 User Guide

Users List: Click to enter the On-demand Users List page. In the On-demand Users List, detailed information will be documented here. By default, the On-demand user database is empty.

 Upload User: Click this to enter the Upload User interface. Click the Browse button to

select the text file for the user account upload. Then click Submit to complete the upload process.

Wireless Subscriber Gateway

The uploading file should be a text file and the format of each line is " ID (Username),

Password, Type, Status, Available Data transfer or Session length, Activation

deadline (Date), Expired Date, Validity duration, Plan, Price, Total Data transfer or

Session length when bought, Generated Date, First Login Date, Last Logout Date, Logout Cause” without the quotes. The separator between two columns in a line is a

comma. When uploading a file, any format error or duplicated username will terminate the uploading process and no account will be uploaded. Please correct the format in the uploading file or delete the duplicated user account in the database, then try again. The unit of data transfer is byte. The unit of session length is second. ID (Username) and Password must be given in upper case.

Example1: For Session Length type The Type must be written as TIME, Set Status must be set as 0. Set Session Length in seconds. Activation Deadline must be in the format of yyyy/mm/dd hh:mm:ss. Set Validity Duration as 1, and give a Plan that’s already been generated and enabled from Billing Configuration page. Provide a price in any monetary unit defined in

On-demand User Server Configuration page. Finally, set Session Length when bought the same as Session Length. Leave other fields blank.

Example2: For Total Data Transfer type The Type must be written as DATA, Set Status must be set as 0. Set Total Data Transfer in bytes. Activation Deadline must be in the format of yyyy/mm/dd hh:mm:ss. Set Validity Duration as 1, and give a Plan that’s already been generated and enabled from Billing Configuration page. Provide a price in any monetary unit defined in

On-demand User Server Configuration page. Finally, set Total Data Transfer when bought the same as Session Length. Leave other fields blank.

WSG-404 User Guide

 Download User: Click this to create a .txt file and then save it on disk.

 Search: Enter a keyword of a username that needs to be searched in the text field and

click this button to perform the search. All usernames matching the keyword will be listed.

 Username: The login name of the on-demand user.  Password: The login password of the on-demand user.  Remaining Time/Volume: The total time/Volume that the user can use currently.  Status: The status of the account. Normal indicates that the account is not in-use and

not overdue. Online indicates that the account is in-use and not overdue. Expire indicates that the account is overdue and cannot be used.

 Expiration Time: The expiration time of the account.  Del All: This will delete all the users at once.  Delete: This will delete the users individually.

Wireless Subscriber Gateway

Billing Configuration: Click this to enter the Billing Configuration page. In the Billing Configuration screen, Administrator may configure up to 10 billing plans.

 Status: Select to enable or disable this billing plan.  Type: Set the billing plan by “Data” (the maximum volume allowed is 9,999,999 Mbyte)

or “Time” (the maximum days allowed is 999 days).

 Expiration time: This is the duration of time that the account has to be activated after

generation of the account. If the account is not activated during this duration the account will self-expire

 Valid Duration: This is the duration of time that the user can use the Internet after

activation of the account. After this duration, the account will self-expires.

 Price: The price charged for this billing plan.

WSG-404 User Guide

Create On-demand User: Click this to enter the On-demand User Generate page.

Pressing the Create button for the desired rule, an On-demand user will be created, then click Printout to print a receipt that will contain this on-demand user’s information.

Wireless Subscriber Gateway

Billing Report: Click this to enter the On-demand Summary report page. In On-demand users Summary report page, Administrator can get a complete report or a report of a

particular period.

 Report All: Click this to get a complete report including all the on-demand records. This

report shows the total expenses and individual accounting of each plan for all plans available.

WSG-404 User Guide

 Search: Select a time period to get a period report. The report tells the total expenses

and individual accounting of each plan for all plans available for that period of time.

Wireless Subscriber Gateway

Credit Card: Click this to enter the Credit Card Configuration page. This section is about how independent HotSpot owners can enable the credit card billing function, making the HotSpot an e-commerce environment for end users to pay for and get Internet access using their credit cards. Before the “Credit Card” and related functions can be managed appropriately, PLANET WSG-404 requires the merchant owners to have a valid Authorize.Net (www.authorize.net) account, since Authorize.Net is the on-line payment gateway that PLANET WSG-404 supports now. Please see Appendix B. The Configuration on Authorize.Net to setup an Aurthourize.Net account and other necessary information.

Note:

A payment gateway “Paypal” will be supported in the future.

WSG-404 User Guide

After getting an Authorize.Net account, set the following configuration in Credit Card Configuration of PLANET WSG-404.

 Credit Card General Configuration

Credit Card Payment: Click Enable to turn on this function or click Disable to turn off

this function.

 Credit Card Payment Page Configuration

Merchant ID: The merchant ID is similar to a username and is used by the Payment

Gateway to authenticate transactions. Merchant Transaction Key: The merchant transaction key is similar to a password and is used by the Payment Gateway to authenticate transactions. Payment Gateway URL: The Payment Gateway verifies the URL specified in the post string against the URLs in this field. Verify SSL Certificate: Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:. Test Mode: It is possible to submit a test transaction to the payment gateway. Transactions that are submitted while Test Mode is enabled are NOT actually processed. The example as follows:

Wireless Subscriber Gateway

Click Submit to send out this transaction. There will be a confirm dialog box showing up. Check the data again and the click OK to go on the transaction or click Cancel to revise the data or cancel this transaction.

WSG-404 User Guide

After clicking OK, there will be another dialog box showing up to confirm this transaction again. Click OK to complete the process or click Cancel to revise the data or cancel this transaction.

Click OK to complete the transaction and a welcome screen will show up.

Wireless Subscriber Gateway

Click Start Internet Access to begin to use the Internet.

MD5 Hash: If transaction responses need to be encrypted by the Payment Gateway, enter and confirm a MD5 Hash Value and select a reactive mode. The MD5 Hash security feature enables merchants to verify that the results of a transaction, or transaction response, received by their server were actually sent from the Payment Gateway.

WSG-404 User Guide

 Service Disclaimer Content

View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer.

 Credit Card Payment Page Billing Configuration

These 10 plans are the plans in Billing Configuration, and desired plan can be enabled.

 Client’s Purchasing Record

Invoice Number: An invoice number may be provided as additional information against

a transaction. This is a reference field that may contain any format of information.

Description: Narrative text entered by a user to describe the nature of a transaction. Email Header: Enter the information that should appear in the header of the invoice.

Wireless Subscriber Gateway

 Credit Card Payment Page Fields Configuration

Display: Check the box to show this item on the customer’s payment interface. Displayed Text: Enter what needs to be shown for this field. Mandatory: Check the box to indicate this item as a required field. Credit Card Number: Credit card number of the customer. The Payment Gateway will

only accept card numbers that correspond to the listed card types.

Credit Card Expiration Date: Month and year expiration date of the credit card. This should be entered in the format of MMYY. For example, an expiration date of July 2005 should be entered as 0705. Card Type: This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer’s credit card company. A code and narrative description are provided indicating the results returned by the processor. Card Code: The three- or four-digit code assigned to a customer’s credit card number (found either on the front of the card at the end of the credit card number or on the back of the card). Email: An email address may be provided along with the billing information of a transaction. This is the customer’s email address and should contain an @ symbol.

WSG-404 User Guide

Customer ID: This is an internal identifier for a customer that may be associated with the billing information of a transaction. This field may contain any format of information. First Name: The first name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter John in the First Name field indicating this customer’s name. Last Name: The last name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter Doe in the Last Name field indicating this customer’s name. Company: The name of the company associated with the billing or shipping information entered on a given transaction. Address: The address entered either in the billing or shipping information of a given transaction. City: The city is associated with either the billing address or shipping address of a transaction. State: A state is associated with both the billing and shipping address of a transaction. This may be entered as either a two-character abbreviation or the full text name of the state. Zip: The ZIP code represents the five or nine digit postal code associated with the billing or shipping address of a transaction. This may be entered as five digits, nine digits, or five digits and four digits. Country: The country is associated with both the billing and shipping address of a transaction. This may be entered as either an abbreviation or full value. Phone: A phone number is associated with both a billing and shipping address of a transaction. Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number. Fax: A fax number may be associated with the billing information of a transaction. This number may be entered as all number or contain parentheses and dashes to separate the area code and number.

 Credit Card Payment Page Remark Content

Enter additional details for the transaction such as Tax, Freight and Duty Amounts, Tax Exempt status, and a Purchase Order Number, if applicable.

Wireless Subscriber Gateway

3.2.1.1 Authentication Method - Local User Setting

Choose “Local User” in the Authentication Method field, the hyperlink besides the pull-down menu will become “Local User Setting”.

Click the hyperlink for further configuration.

 Edit Local User List: Click this to enter the “Local User List” screen.

Add User: Click the hyperlink of Add User to enter the Add User interface. Fill in the

necessary information such as “Username”, “Password”, “MAC” (optional) and “Remark” (optional). Then, select a desired Policy and click Apply to complete adding the user or users.

WSG-404 User Guide

Input the users and enter the necessary information.

Wireless Subscriber Gateway

After inputting the users and all the information desired, click Apply.

Upload User: Click this to enter the Upload User interface. Click the Browse button to select the text file for the user account upload. Then click Submit to complete the upload process.

The uploading file should be a text file and the format of each line is "ID, Password, MAC, Policy, Remark" without the quotes. There must be no spaces between the fields and commas. The MAC field could be omitted but the trailing comma must be retained. When adding user accounts by uploading a file, the existing accounts in the embedded database will not be replaced by new ones.

WSG-404 User Guide

Download User: Click this to enter the Users List page and the system will directly show a list of all created user accounts. Click Download to create a .txt file and then save it on disk.

Wireless Subscriber Gateway

Refresh: Click this to renew the user list.

Search: Enter a keyword of a username to be searched in the text field and click this button to

perform the search. All usernames matching the keyword will be listed.

Del All: This will delete all the users at once. Delete: This will delete the users individually. Edit User: If editing the content of individual user account is desired, click the username of the

desired user account to enter the Edit User Interface for that particular user, and then modify or add any desired information such as “Username”, “Password”, “MAC” (optional) and “Remark” (optional). Then, click Apply to complete the modification.

WSG-404 User Guide

3.2.1.2 Authentication Method - POP3

Choose “POP3” in the Authentication Method field, the hyperlink beside the pull-down menu will become “POP3 Setting”.

Click the hyperlink for further configuration. Enter the related information for the primary server and/or the secondary server (the secondary server is not required). The blanks with red star are necessary information. These settings will become effective immediately after clicking the Apply button.

Wireless Subscriber Gateway

 Server IP: Enter the IP address/domain name given by the ISP.  Port: Enter the Port given by the ISP. The default value is 100.  Enable SSL Connection: If this option is enabled, the POP3 protocol will perform the

authentication.

3.2.1.3 Authentication Method - RADIUS

Choose “Radius” in the Authentication Method field, the hyperlink beside the pull-down menu will become “Radius Setting”.

WSG-404 User Guide

Click the hyperlink for further configuration. The Radius server sets the external authentication for user accounts. Enter the related information for the primary server and/or the secondary server (the secondary server is not required). The blanks with red star are necessary information. These settings will become effective immediately after clicking the Apply button.

 802.1X Authentication: Enable this function and the hyperlink of Radius Client List will appear.

Click the hyperlink to get into the Radius Client Configuration list for further configuration. In the Radius Client Configuration table, the clients, which are using 802.1X as the authentication method, shall be put into this table. PLANET WSG-404 will forward the authentication request from these clients to the configured Radius Servers.

Wireless Subscriber Gateway

 Trans Full Name: When enabled, the ID and postfix will be transferred to the RADIUS server for

authentication. When disabled, only the ID will be transferred to RADIUS server for authentication.

 NASID: Enter the NASID of the PLANET WSG-404 for the external RADIUS authentication

server.

 Server IP: Enter the IP address/domain name of the RADIUS server.  Authentication Port: Enter the authentication port of the RADIUS server and the default value

is 1812.

 Accounting Port: Enter the accounting port of the RADIUS server and the default value is

1813.

 Secret Key: Enter the key for encryption and decryption.  Accounting Service: Select this to enable or disable the “Accounting Service” for accounting

capabilities.

 Authentication Protocol: There are two methods, CHAP and PAP for selection.

3.2.1.4 Authentication Method - LDAP

Choose “LDAP” in the Authentication Method field, the hyperlink beside the pull-down menu will become “LDAP Setting”.

WSG-404 User Guide

 Server IP: Enter the IP address or domain name of the LDAP server.  Port: Enter the Port of the LDAP server, and the default value is 389.  Base DN: Enter the distinguished name of the LDAP server.  Account Attribute: Enter the account attribute of the LDAP server.

3.2.1.5 Authentication Method - NTDomain

Choose “NTDomain” in the Authentication Method field, the hyperlink beside the pull-down menu will become “NTDomain Setting”.

Wireless Subscriber Gateway

Click the hyperlink for further configuration. Enter the server IP address and enable/disable the transparent login function. These settings will become effective immediately after clicking the Apply button.

 Server IP address: Enter the server IP address of the domain controller.  Transparent Login: If the function is enabled, users will log into PLANET WSG-404

automatically when they log into the Windows domain.

3.2.2 Black List Configuration

The administrator can add, delete, or edit the black list for user access control. Each black list can include 40 users at most. If a user in the black list wants to log into the system, the user’s access will be denied. The administrator can use the pull-down menu to select the desired black list.

 Select Black List: There are 5 lists to select from for the desired black list.  Name: Set the black list name and it will show on the pull-down menu above.  Add User to List: Click the hyperlink to add users to the selected black list.

WSG-404 User Guide

After entering the usernames in the “Username” blanks and the related information in the “Remark” blank (not required).

Click Apply to add the users.

Wireless Subscriber Gateway

If removing a user from the black list is desired, select the user’s “Delete” check box and then click the Delete button to remove that user from the black list.

3.2.3 Policy Configuration

Every Policy has three profiles, Firewall Profile, Specific Route Profile, and Schedule Profile as well as one Bandwidth setting for that policy.

WSG-404 User Guide

 Firewall Profile

Click the hyperlink of Setting for Firewall Profile, the Firewall Profiles list will appear. Click the numbers of Filter Rule Item to edit individual rules and click Apply to save the settings. The rule status will show on the list. Check “Active” to enable that rule.

Rule Item: This is the rule selected. Rule Name: The rule name can be changed here. Enable this Rule: After checking this function, the rule will be enabled. Action: There are two options, Block and Pass. Block is to prevent packets from passing and Pass is to permit packets passing. Protocol: There are three protocols to select, TCP, UDP and ICMP, or choose ALL to use all

three protocols.

Wireless Subscriber Gateway

Source MAC Address: The MAC address of the source IP address. This is for specific MAC address filter.

Source/Destination Interface: There are five interfaces to choose, ALL, WAN, Wireless, Public LAN (LAN1/LAN2) and Private LAN (LAN3/LAN4). Source/Destination IP: Enter the source and destination IP addresses. Source/Destination Subnet Mask: Enter the source and destination subnet masks. Source/Destination Start/End Port: Enter the range of source and destination ports.

 Specific Route Profile

Click the hyperlink of Setting for Specific Route Profile, the Specific Route Profile list will appear.

Profile Name: The profile name can be changed here. IP Address: The destination IP address of the host or the network. Subnet Netmask: Select a destination subnet netmask of the host or the network. IP Address: The IP address of the next router to the destination. Default: Check this option to apply the default value.

WSG-404 User Guide

 Schedule Profile

Click the hyperlink of Setting for Schedule Profile to enter the Schedule Profile list. Select “Enable” to show the list. This function is used to restrict the time the users can log in. Please enable/disable the desired time slot and click Apply to save the settings. These settings will become effective immediately after clicking the Apply button.

 Bandwidth

Choose one bandwidth limit for that particular policy.

Wireless Subscriber Gateway

3.2.4 Guest User Configuration

This function can permit guests to log into the system. Select “Enable Guest User” and click Apply to save the settings.

 Guest User List: PLANET WSG-404 offers 10 guest users for log in. To activate a guest user,

just enter the password in the corresponding “Password” text field for that guest account. Guest accounts with blank password will not be activated.

 Policy: Select one policy to apply to.  Session Length: This restricts the connection time of the guest users. The default session

length is 6 hours and the available session time ranges from 1 to 12 hours or unlimited.

 Idle Timer: If a guest user has been idled with no network activities at all, the system will

automatically kick out the user. The Idle timer can be set in the range of 1~1440 minutes, and the default idle timer is 10 minutes.

WSG-404 User Guide

3.2.5 Additional Configuration

 User Control: Functions under this section applies for all general users.  Idle Timer: If a user has been idled with no network activities at all, the system will automatically

kick out the user. The Idle timer can be set in the range of 1~1440 minutes, and the default Idle timer is 10 minutes.

 Multiple Login: When enabled, a user can log in from different computers with the same

account. (This function doesn’t support On-demand users and RADIUS authentication method.)

 Friendly Logout: When a user logs into the system, a small window will appear to show the

user’s information and there is a logout button for users to logout. If enabled. When the users try to close the small window, there will be a new popup window to confirm the action in case the users close the login succeed page by accident.

 Internet Connection Detection: Enter a specific URL or IP address and PLANET WSG-404

will try to detect the network connection by sending packets directly to that specific URL or IP address. If there is a problem in the connection of the WAN port of the system such that the URL or IP address specified cannot be reached, there will be a message showing that can be set in the Administrator Info in System Information section on the users’ screen.

 Upload File

Wireless Subscriber Gateway

1. Certificate: The administrator can upload new private key and customer certification. Click the Browse button to select the file for the certificate upload. Then click Submit to complete the upload process.

Click Use Default Certificate to use the default certificate and key.

2. Login Page: The administrator can use the default login page or get the customized login page by setting the template page, uploading the page or downloading from the specific website. After finishing the setting, click Preview to see the login page.

a. Choose Default Page to use the default login page.

WSG-404 User Guide

b. Choose Template Page to make a customized login page here. Click Select to pick

up a color and then fill in all of the blanks. Click Preview to see the result first.

Wireless Subscriber Gateway

c. Choose Uploaded Page to upload new login page. Click the Browse button to select

the file for the login page upload. Then click Submit to complete the upload process.

After the upload process is completed, the new login page can be previewed by clicking Preview button at the bottom.

WSG-404 User Guide

The user-defined login page must include the following HTML codes to provide the necessary fields for username and password.

If the user-defined login page includes an image file, the image file path in the HTML code must be the image file to be uploaded.

Then, enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K. If the administrator wishes to restore the factory default of the login page, click the Use Default Page button to restore it to default.

After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file and click Delete to delete the file.

Wireless Subscriber Gateway

In PLANET WSG-404, the end user first gets a login page when she/he opens its web browser right after associating with an access point. However, in some situations, the hotspot owners or MIS staff may want to display “terms of use” or announcement information before the login page. Hotspot owners or MIS staff can design a new disclaimer/announcement page and save the page in their local server. After the agreement shown on the page is read, users are asked whether they agree or disagree with the disclaimer. By clicking I agree, users are able to log in. If users choose to decline, they will get a popup window saying they are unable to log in. The basic design is to have the disclaimer and login function in the same page but with the login function hidden until users agree with the disclaimer.

For more details about the codes of the disclaimer, please refer to Appendix E.

If the page is successfully loaded, an upload success page will show up.

“Preview” can be clicked to see the uploaded page.

WSG-404 User Guide

If user checks “I agree” and clicks Next, then he/she is prompted to fill in the login name and password.

If user checks “I disagree” and clicks Next, a window will pop up to tell user that he/she cannot log in

Wireless Subscriber Gateway

d. Choose the External Page selection and get the login page from the specific

website. Enter the website address in the “External Page Setting” field and then click Apply.

The External Page prepared to be loaded here needs to have the following code as well to let the system work properly

After applying the setting, the new login page can be previewed by clicking Preview button at the bottom of this page.

WSG-404 User Guide

3. Logout Page: The users can apply their own logout page here. The process is similar to that of Logout Page.

The different part is the HTML code of the user-defined logout interface must include the following HTML code that the user can enter the username and password. After the upload is completed, the user-defined login user interface can be previewed by clicking Preview at the bottom of this page. If want to restore the factory default setting of the logout interface, click the “Use Default Page” button.

4. Login Succeed Page: The administrator can use the default login succeed page or get the customized login succeed page by setting the template page, uploading the page or downloading from the specific website. After finishing the setting, click Preview to see the login succeed page.

a. Choose Default Page to use the default login succeed page.

Wireless Subscriber Gateway

b. Choose Template Page to make a customized login succeed page here. Click Select to

pick up a color and then fill in all of the blanks. Click Preview to see the result first.

c. Choose Uploaded Page and upload the login succeed page. Click the Browse button to

select the file for the login succeed page upload. Then click Submit to complete the upload process.

WSG-404 User Guide

After the upload process is completed, the new login succeed page can be previewed by clicking Preview button at the bottom.

Enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K. If the administrator wishes to restore the factory default of the login succeed page, click the Use Default Page button to restore it to default.

After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file and click Delete to delete the file.

d. Choose the External Page selection and get the login succeed page from the specific

website. Enter the website address in the “External Page Setting” field and then click Apply. After applying the setting, the new login succeed page can be previewed by clicking Preview button at the bottom of this page.

5. Login Succeed Page for On-Demand: The administrator can use the default login succeed page for On-Demand or get the customized login succeed page for On-Demand by setting the template page, uploading the page or downloading from the specific website. After finishing the setting, click Preview to see the login succeed page for On-Demand.

Wireless Subscriber Gateway

a. Choose Default Page to use the default login succeed page for On-Demand.

b. Choose Template Page to make a customized login succeed page for On-Demand here.

Click Select to pick up a color and then fill in all of the blanks. Click Preview to see the result first.

WSG-404 User Guide

c. Choose Uploaded Page and click the Browse button to select the file for the login

succeed page for On-Demand upload. Then click Submit to complete the upload process.

After the upload process is completed, the new login succeed page for On-Demand can be previewed by clicking Preview button at the bottom. If the user-defined login succeed page for On-Demand includes an image file, the image file path in the HTML code must be the image file to be uploaded.

Enter or browse the filename of the images to upload in the Upload Images field on the Upload Images Files page and then click Submit. The system will show the used space and the maximum size of the image file of 512K. If the administrator wishes to restore the factory default of the login succeed page for On-Demand, click the Use Default Page button to restore it to default.

Wireless Subscriber Gateway

After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file and click Delete to delete the file.

d. Choose the External Page selection and get the login succeed page for On-Demand

from the specific website. Enter the website address in the “External Page Setting” field and then click Apply. After applying the setting, the new login succeed page for On-Demand can be previewed by clicking Preview button at the bottom of this page.

6. Logout Succeed Page: The administrator can use the default logout succeed page or get the customized login succeed page by setting the template page, uploading the page or downloading from the specific website. After finishing the setting, click Preview to see the logout succeed page.

a. Choose Default Page to use the default logout succeed page.

WSG-404 User Guide

b. Choose Template Page to make a customized logout succeed page here. Click Select

to pick up a color and then fill in all of the blanks. Click Preview to see the result first.

c. Choose Uploaded Page and click the Browse button to select the file for the logout

succeed page upload. Then click Submit to complete the upload process.

Wireless Subscriber Gateway

After the upload process is completed, the new logout succeed page can be previewed by clicking Preview button at the bottom. If the user-defined logout succeed page includes an image file, the image file path in the HTML code must be the image file to be uploaded.

After the image file is uploaded, the file name will show on the “Existing Image Files” field. Check the file and click Delete to delete the file.

d. Choose the External Page selection and get the logout succeed page from the specific

website. Enter the website address in the “External Page Setting” field and then click Apply. After applying the setting, the new logout succeed page can be previewed by clicking Preview button at the bottom of this page.

WSG-404 User Guide

 Credit Reminder: The administrator can enable this function to remind the on-demand users

before their credit run out. There are two kinds of reminder, Volume and Time. The default reminding trigger level for Volume is 1Mbyte and the level for Time is 5 minutes.

 POP3 Message: Before the users log into the network with their usernames and passwords, the

users will receive a welcome mail from PLANET WSG-404. The administrator can edit the contents.

 Enhance User Authentication: With this function, only the users with their MAC addresses in

this list can log into PLANET WSG-404. However, user authentication is still required for these users. Please enter the MAC Address to fill in these MAC addresses, select Enable, and then click Apply.

Note:

The format of the MAC address is: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.

Wireless Subscriber Gateway

100

3.3 Network Configuration

This section includes the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled Garden List, Proxy Server Properties and Dynamic DNS.

3.3.1 Network Address Translate

There are three parts, Static Assignment, Public Accessible Server and Port and Redirect, need to be set.

WSG-404 User Guide

PLANET WSG-404 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual