SMC Networks SMCWHSG44-G User Manual
SMCWHSG44-G
1
2
Copyright
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. How-ever, no responsibility is assumed by SMC for its use,
nor for any infringements of patents or other rights of third parties which
may result from its use. No license is granted by implication or otherwise
under any patent or patent rights of SMC. SMC reserves the right to change
specifications at any time without notice.
Copyright © 2004 by
SMC Networks, Inc.
38 Tesla
Irvine, California 92618
All rights reserved.
Trademarks
SMC is a registered trademark; and EliteConnect is a trademark of SMC
Networks. Other product and company names are trademarks or registered
trademarks of their respective holders.
3
LIMITED WARRANTY
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products
to be free from defects in workmanship and materials, under normal use and
service, for the applicable warranty term. All SMC products carry a standard
90-day limited warranty from the date of purchase from SMC or its Authorized
Reseller. SMC may, at its own discretion, repair or replace any product not
operating as warranted with a similar or functionally equivalent product, during
the applicable warranty term. SMC will endeavor to repair or replace any product
returned under warranty within 30 days of receipt of the product. The standard
limited warranty can be upgraded to a Limited Lifetime* warranty by registering
new products within 30 days of purchase from SMC or its Authorized Reseller.
Registration can be accomplished via the enclosed product registration card
or online via the SMC Web site. Failure to register will not affect the standard
limited warranty. The Limited Lifetime warranty covers a product during the
Life of that Product, which is defined as the period of time during which the
product is an “Active” SMC product. A product is considered to be “Active”
while it is listed on the current SMC price list. As new technologies emerge,
older technologies become obsolete and SMC will, at its discretion, replace an
older product in its product line with one that incorporates these newer
technologies. At that point, the obsolete product is discontinued and is no
longer an “Active” SMC product. A list of discontinued products with their
respective dates of discontinuance can be found at:
http://www.smc.com/index.cfm?action=customer_service_warranty.
All products that are replaced become the property of SMC. Replacement
products may be either new or reconditioned. Any replaced or repaired product
carries either a 30-day limited warranty or the remainder of the initial warranty,
whichever is longer. SMC is not responsible for any custom software or
firmware, configuration information, or memory data of Customer contained
in, stored on, or integrated with any products returned to SMC pursuant to any
warranty. Products returned to SMC should have any customer-installed
accessory or add-on components, such as expansion modules, removed prior
to returning the product for replacement. SMC is not responsible for these
items if they are returned with the product. Customers must contact SMC for
a Return Material Authorization number prior to returning any product to
SMC. Proof of purchase may be required. Any product returned to SMC without a
valid Return Material Authorization (RMA) number clearly marked on the outside
of the package will be returned to customer at customer's expense. For warranty
claims within North America, please call our toll-free customer support number
at (800) 762-4968.
Customers are responsible for all shipping charges from their facility to SMC.
SMC is responsible for return shipping charges from SMC to customer.
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS
WARRANTED ABOVE, CUSTOMER'S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC'S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN
LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED,
EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE,
INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR
AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY
IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF
ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS
TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE
PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER'S OR ANY
THIRD PERSON'S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING,
UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND
THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR
OTHER HAZARD. LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED
IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE
FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR
OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE
SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR
INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED
RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES
OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS
MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL
RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS
WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance
from the active SMC price list. Under the limited lifetime warranty, internal
and external power supplies, fans, and cables are covered by a standard
one-year warranty from date of purchase.
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
Warranty in EMEA and Asia Pacific:
For details regarding warranty in EMEA and Asia Pacific, please contact your
country sales representative. All contact information can be found at
www.smc.com
4
5
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a
Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are
designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses and can radiated radio
frequency energy and, if not installed and used in accordance with the
instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try to correct the interference by one of
the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to
which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
FCC Caution: To assure continued compliance, (example - use only shielded
interface cables when connecting to computer or peripheral devices). Any
changes or modifications not expressly approved by the party responsible
for compliance could void the user's authority to operate this equipment.
This transmitter must not be co-located or operating in conjunction with
any other antenna or transmitter.
FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an
uncontrolled environment. This equipment should be installed and operated
with minimum distance 20 cm between the radiator & your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to
the following two conditions: (1) This device may not cause harmful interference,
and (2) this device must accept any interference received, including interference
that may cause undesired operation.
Industry Canada - Class B
This digital apparatus does not exceed the Class B limits for radio noise
emissions from digital apparatus as set out in the interference-causing
equipment standard entitled “Digital Apparatus,” ICES-003 of Industry Canada.
Cet appareil numerique respecte les limites de bruits radioelectriques
applicables aux appareils umeriques de Classe B prescrites dans la norme
sur le material brouilleur: “Appareils Numeriques,” NMB-003 edictee par
l'Industrie.
6
EC Conformance Declaration
SMC contact for these products in Europe is:
SMC Networks Spain S.L.,
Edificio Conata II,
Calle Fructuós Gelabert 6-8, 2o, 4a,
08970 - Sant Joan Despí,
Barcelona, Spain.
Signed and dated Copy of the Declaration of Conformity can be found in the
product section of www.smc-europe.com
This RF product complies with R&TTE Directive 99/5/EC. For the evaluation
of the compliance with this Directive, the following standards were applied:
• Electromagnetic compatibility and radio spectrum matters (ERM)
EN300 328-1 (2001-12)
EN300 328-2 (2001-12)
• Electromagnetic Compatibility (EMC) Standard for radio equipment and services
EN301 489-1 V1.4.1 : 2002
EN301 489-17 V1.2.1 : 2002
•Safety Test
EN60950-1 : 2001
The conformity assesment procedure referred to in Article 10 and detailed in
Annex IV of the Directive 1999/5/EC has been followed related to Articles
3.2 with the involvement of the following Notified Body:
BTS-ETZ Certification GmBH, Storkkower Strasser 38c, D-15562,
Reichenwalde B, Berlin, Germany
Identification Mark
Countries of Operation & Conditions of Use in the European Community
This device is intended to be operated in all countries of the European
Community. Requirements for indoor vs. outdoor operation, license requirements
and allowed channels of operation apply in some countries as described below:
Note: The user must use the configuration utility provided with this product
to ensure the channels of operation are in conformance with the spectrum
usage rules for European Community countries as described below.
• This device requires that the user or installer properly enter the current
country of operation in the command line interface as described in the
user guide, before operating this device.
• This device will automatically limit the allowable channels determined by
the current country of operation. Incorrectly entering the country of
operation may result in illegal operation and may cause harmful interference
to other system. The user is obligated to ensure the device is operating
according to the channel limitations, indoor/outdoor restrictions and
license requirements for each European Community country as described
in this document.
• This device may be operated indoors or outdoors in all countries of the
European Community using the 2.4 GHz band: Channels 1 - 13, except
where noted below.
• In Italy the end-user must apply for a license from the national spectrum
authority to operate this device outdoors.
• In Belgium outdoor operation is only permitted using the 2.46 - 2.4835 GHz
band: Channel 13.
• In France outdoor operation is only permitted using the 2.4 - 2.454 GHz
band: Channels 1 - 7
Notified Countries for intended use:
Austria, Belgium, Denmark, Finland, France, Germany, Italy, Luxembourg,
Netherlands, Norway, Spain, Sweden Switzerland, United Kingdom, Portugal,
Greece, Ireland, Iceland
Safety Compliance
Power Cord Safety
Please read the following safety information carefully before installing the switch:
WARNING: Installation and removal of the unit must be carried out by
qualified personnel only.
• The unit must be connected to an earthed (grounded) outlet to comply
with international safety standards.
• Do not connect the unit to an A.C. outlet (power supply) without an earth
(ground) connection.
• The appliance coupler (the connector to the unit and not the wall plug) must
have a configuration for mating with an EN 60320/IEC 320 appliance inlet.
• The socket outlet must be near to the unit and easily accessible. You can
only remove power from the unit by disconnecting the power cord from
the outlet.
• This unit operates under SELV (Safety Extra Low Voltage) conditions
according to IEC 60950. The conditions are only maintained if the
equipment to which it is connected also operates under SELV conditions.
France and Peru only
This unit cannot be powered from IT supplies. If your supplies are of IT type,
this unit must be powered by 230 V (2P+T) via an isolation transformer ratio
1:1, with the secondary connection point labelled Neutral, connected directly
to earth (ground).
† Impédance à la terre
7
8
Important! Before making connections, make sure you have the correct cord
set. Check it (read the label on the cable) against the following:
Power Cord Set
U.S.A. and Canada The cord set must be UL-approved and CSA certified.
The minimum specifications for the flexible cord
are: - No. 18 AWG - not longer than 2 meters, or 16
AWG. - Type SV or SJ - 3-conductor
The cord set must have a rated current capacity
of at least 10 A
The attachment plug must be an earth-grounding
type with NEMA 5-15P (15 A, 125 V) or NEMA 615P (15 A, 250 V) configuration.
Denmark The supply plug must comply with Section 107-2-
D1, Standard DK2-1a or DK2-5a.
Switzerland The supply plug must comply with SEV/ASE 1011.
U.K. The supply plug must comply with BS1363 (3-pin
13 A) and be fitted with a 5 A fuse which complies
with BS1362.
The mains cord must be <HAR> or <BASEC>
marked and be of type HO3VVF3GO.75 (minimum).
Europe The supply plug must comply with CEE7/7
(“SCHUKO”).
The mains cord must be <HAR> or <BASEC>
marked and be of type HO3VVF3GO.75 (minimum).
IEC-320 receptacle.
Veuillez lire à fond l'information de la sécurité suivante avant
d'installer le Switch:
AVERTISSEMENT: L'installation et la dépose de ce groupe doivent être
confiés à un personnel qualifié.
• Ne branchez pas votre appareil sur une prise secteur (alimentation électrique)
lorsqu'il n'y a pas de connexion de mise à la terre (mise à la masse).
• Vous devez raccorder ce groupe à une sortie mise à la terre (mise à la
masse) afin de respecter les normes internationales de sécurité.
• Le coupleur d'appareil (le connecteur du groupe et non pas la prise murale)
doit respecter une configuration qui permet un branchement sur une
entrée d'appareil EN 60320/IEC 320.
9
• La prise secteur doit se trouver à proximité de l'appareil et son accès doit
être facile. Vous ne pouvez mettre l'appareil hors circuit qu'en débranchant
son cordon électrique au niveau de cette prise.
• L'appareil fonctionne à une tension extrêmement basse de sécurité qui est
conforme à la norme IEC 60950. Ces conditions ne sont maintenues que si
l'équipement auquel il est raccordé fonctionne dans les mêmes conditions.
France et Pérou uniquement:
Ce groupe ne peut pas être alimenté par un dispositif à impédance à la terre.
Si vos alimentations sont du type impédance à la terre, ce groupe doit être
alimenté par une tension de 230 V (2 P+T) par le biais d'un transformateur
d'isolement à rapport 1:1, avec un point secondaire de connexion portant l'appellation Neutre et avec raccordement direct à la terre (masse).
Cordon électrique- Il doit être agréé dans le pays d'utilisation
Etats-Unis et Canada: Le cordon doit avoir reçu l'homologation des
UL et un certificat de la CSA.
Les spe'cifications minimales pour un cable flexible
sont AWG No. 18, ouAWG No. 16 pour un cable de
longueur infe'rieure a` 2 me'tres. - type SV ou
SJ - 3 conducteurs
Le cordon doit être en mesure d'acheminer un
courant nominal d'au moins 10 A.
La prise femelle de branchement doit être du
type à mise à la terre (mise à la masse) et
respecter la configuration NEMA 5-15P (15 A, 125 V)
ou NEMA 6-15P (15 A, 250 V).
Danemark: La prise mâle d'alimentation doit respecter la
section 107-2 D1 de la norme DK2 1a ou DK2 5a.
Cordon électrique- Il doit être agréé dans le pays d'utilisation
Suisse: La prise mâle d'alimentation doit respecter la
norme SEV/ASE 1011.
Europe La prise secteur doit être conforme aux normes
CEE 7/7 (“SCHUKO”)
LE cordon secteur doit porter la mention <HAR>
ou <BASEC> et doit être de type HO3VVF3GO.75
(minimum).
Wichtige Sicherheitshinweise (Germany)
1. Bitte lesen Sie diese Hinweise sorgfältig durch.
2. Heben Sie diese Anleitung für den späteren Gebrauch auf.
3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Verwenden
Sie keine Flüs-sigoder Aerosolreiniger. Am besten eignet sich ein angefeuchtetes Tuch zur Reinigung.
4. Die Netzanschlu ßsteckdose soll nahe dem Gerät angebracht und leicht
zugänglich sein.
5. Das Gerät ist vor Feuchtigkeit zu schützen.
6. Bei der Aufstellung des Gerätes ist auf sicheren Stand zu achten. Ein
Kippen oder Fallen könnte Beschädigungen hervorrufen.
7. Die Belüftungsöffnungen dienen der Luftzirkulation, die das Gerät vor
Überhitzung schützt. Sorgen Sie dafür, daß diese Öffnungen nicht
abgedeckt werden.
8. Beachten Sie beim Anschluß an das Stromnetz die Anschlußwerte.
9. Verlegen Sie die Netzanschlußleitung so, daß niemand darüber fallen
kann. Es sollte auch nichts auf der Leitung abgestellt werden.
10. Alle Hinweise und Warnungen, die sich am Gerät befinden, sind zu beachten.
11. Wird das Gerät über einen längeren Zeitraum nicht benutzt, sollten Sie es
vom Stromnetz trennen. Somit wird im Falle einer Überspannung eine
Beschädigung vermieden.
12.Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder
Flüssigkeiten in das Gerät gelangen. Dies könnte einen Brand bzw. elektrischen Schlag auslösen.
13. Öffnen sie niemals das Gerät. Das Gerät darf aus Gründen der elek-
trischen Sicherheit nur von authorisiertem Servicepersonal geöffnet werden.
14.Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu
trennen und von einer qualifizierten Servicestelle zu überprüfen:
a. Netzkabel oder Netzstecker sind beschädigt.
b. Flüssigkeit ist in das Gerät eingedrungen.
c. Das Gerät war Feuchtigkeit ausgesetzt.
d. Wenn das Gerät nicht der Bedienungsanleitung entsprechend funktion-
iert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen.
e. Das Gerät ist gefallen und/oder das Gehäuse ist beschädigt.
f. Wenn das Gerät deutliche Anzeichen eines Defektes aufweist.
15.Stellen Sie sicher, daß die Stromversorgung dieses Gerätes nach der EN
60950 geprüft ist. Ausgangswerte der Stromversorgung sollten die Werte
von AC 7,5-8V, 50-60Hz nicht über oder unterschreiten sowie den minimalen Strom von 1A nicht unterschreiten.
10
Der arbeitsplatzbezogene Schalldruckpegel nach DIN 45 635 Teil 1000
beträgt 70dB(A) oder weniger.
Stromkabel. Dies muss von dem Land, in dem es be-nutzt wird geprüft werden:
U.S.A und Canada Der Cord muß das UL gepruft und war das CSA
beglaubigt.
Das Minimum spezifikation fur der Cord sind:
- Nu. 18 AWG - nicht mehr als 2 meter, oder 16 AWG.
- Der typ SV oder SJ
- 3-Leiter
Der Cord muß haben eine strombelast-barkeit aus
wenigstens 10 A
Dieser Stromstecker muß hat einer erdschluss mit
der typ NEMA 5-15P (15A, 125V) oder NEMA 6-15P
(15A, 250V) konfiguration.
Danemark Dieser Stromstecker muß die ebene 107-2-D1, der
standard DK2-1a oder DK2-5a Bestimmungen
einhalten.
Schweiz Dieser Stromstecker muß die SEV/ASE
1011Bestimmungen einhalten.
Europe Das Netzkabel muß vom Typ HO3VVF3GO.75
(Mindestanforderung) sein und die Aufschrift
<HAR> oder <BASEC> tragen.
Der Netzstecker muß die Norm CEE 7/7 erfüllen
(”SCHUKO”).
111213
Table of Contents
1. Introduction 17
1.1. Overview 18
1.2. Features 18
1.2.1 Package Checklist 22
1.3. LED Definition 22
1.4. Rear Panel 22
1.5. Selecting a Power Supply Method 23
1.6. Mounting the SMCWHSG44-G on a Wall 24
1.7. Preparing for Configuration 25
1.7.1. Connecting the Managing Computer and the SMCWHSG44-G 25
1.7.2. Changing the TCP/IP Settings of the Managing Computer 25
1.8. Configuring the SMCWHSG44-G 26
1.8.1. Entering the Password 26
1.8.2. SETUP WIZARD Step 1: Selecting an Operational Mode 27
1.8.3. SETUP WIZARD Step 2: Configuring TCP/IP Settings 28
1.8.3.1. Router with a PPPoE-Based DSL/Cable Connection 28
1.8.3.2. Router with a DHCP-Based DSL/Cable Connection 29
1.8.3.3. Router with a Static-IP DSL/Cable Connection 29
1.8.3.4. Router with Multiple DSL/Cable Connections 30
1.8.4. SETUP WIZARD Step 3: Configuring DHCP Server Settings 31
1.8.5. SETUP WIZARD Step 4: Configuring IEEE 802.11 Settings 31
1.8.6. Configuring User Authentication Settings 32
1.8.6.1. Web Redirection 32
1.8.6.2. Local Authentication Sever 33
1.8.6.3. How to Setup the Mini-POS Ticket Printer 35
1.8.6.4. IEEE 802.1x 36
1.8.6.5 Configuring RADIUS Settings 37
1.9. Deploying the SMCWHSG44-G 38
1.10. Setting up Client Computers 38
1.10.1. Configuring IEEE 802.11-Related Settings 39
14
1.11. Confirming the Settings of the SMCWHSG44-G and Client Computers 40
2. Using Web-Based Network Manager 42
2.1. Overview 42
2.1.1. Menu Structure 42
2.1.2. Save, Save & Restart, and Cancel Commands 44
2.1.3. Home and Refresh Commands 44
2.2. Status 44
2.2.1. Associated Wireless Clients 44
2.2.2. Authenticated Users 45
2.2.3. Account Table 45
2.2.4. Session List 46
2.2.5. Managed LAN Devices 46
2.3. SYSTEM 47
2.3.1. Specifying Operational Mode 47
2.3.2. Changing Password 48
2.3.3. Managing Firmware 48
2.3.3.1. Upgrading Firmware by HTTP 49
2.3.3.2. Backing up and Restoring Configuration Settings by HTTP 49
2.3.3.3. Upgrading Firmware by TFTP 50
2.3.3.4. Backing up and Restoring Configuration Settings by TFTP 51
2.3.3.5. Resetting Configuration to Factory Defaults 53
2.3.4. Time Zone 53
2.4. Configuring TCP/IP Related Settings 53
2.4.1. Address 53
2.4.1.1. Router with a PPPoE-Based DSL/Cable Connection 53
2.4.1.2. Router with a DHCP-Based DSL/Cable Connection 54
2.4.1.3. Router with a Static-IP DSL/Cable Connection 55
2.4.1.4. Router with Multiple DSL/Cable Connections 56
2.4.2. DNS 56
2.4.2.1. DNS Proxy 56
2.4.2.2. Host Address Resolution 57
2.4.3. NAT 57
15
2.4.3.1. Basic 57
2.4.3.2. Virtual Server Mappings 58
2.4.4. DHCP Server 58
2.4.4.1. DHCP Server 59
i. Basic 59
ii. Static DHCP Mappings 59
2.4.4.2. DHCP Relay 60
2.4.5. Load Balancing 60
2.4.6. Zero Client Reconfiguration 61
2.5. Configuring IEEE 802.11-Related Settings 61
2.5.1. Wireless 61
2.5.1.1. Basic 61
2.5.1.2. Wireless Distribution System 62
2.5.2. Security 64
2.5.2.1. Basic 64
2.5.2.2. MAC-Address-Based Access Control 66
2.5.3. IEEE 802.1x/RADIUS 67
2.6. Configuring Authentication Settings 69
2.6.1. AAA 70
2.6.1.1. Basic 70
2.6.1.2. Unrestricted Clients 72
2.6.1.3. Walled Garden 73
2.6.2. RADIUS 73
2.6.2.1. Basic 73
2.6.2.2. Robustness 74
2.6.3. Authentication Session Control 75
2.6.4. Authentication Page Customization 75
2.6.4.1. Log-On, Authentication Success, and Authentication Failure Pages 75
2.7. DDNS 77
2.8. Configuring Advanced Settings 78
2.8.1. Filters and Firewall 78
2.8.1.1. Packet Filters 78
16
2.8.1.2. VLAN 79
2.8.1.3. Firewall 79
2.8.1.4. URL Filters 80
2.8.2. Management 80
2.8.2.1. Basic 80
2.8.2.2. UPnP 81
2.8.2.3. System Log 81
2.8.2.4. SNMP 82
2.8.3. Access Rules 82
2.8.4. LAN Device Management 83
Appendix A 85
A-1: Default Settings 85
A-2: LED Definitions 86
Appendix B: Troubleshooting 86
B-1: TCP/IP Setting Problems 87
B-2: Wireless Settings Problems 89
B-3: Other Problems 89
Appendix C: Distances and Data Rates 90
Appendix D: Technical Specifications 91
D-1: SMCWHSG44-G 91
D-2: SMCWHS-POS 92
D-3: Keypad 92
Glossary 93
1. Introduction
The EliteConnect 2.4GHz 802.11g Wireless Hotspot Gateway (SMCWHSG44-G)
enables VARs, WISPs and System Integrators to install secure, easy to manage
Hotspots as a one-box solution. The features of the SMCWHSG44-G support
applications that are well suited for Hotspot environments such as coffee
shops and hotel lobbies as well as small to midsized transportation hubs
such as harbors, regional airports, train stations or bus stations where
Internet Access can be an added value for guest-services.
The SMCWHSG44-G Wireless Hotspot Gateway provides up to 4 DSL/CATV
connections, so it can support out-bound load-balancing and bandwidth
aggregation. The multiple WAN connections provide fail-over and connection
back-up capability to guarantee 'always-on-line' connections.
AP/WDS: The SMCWHSG44-G comes with a built-in 2.4GHz 802.11g 54Mbps
Access Point. WDS (Wireless Distribution System) provides a standard static
bridging function to extend wireless coverage within a LAN or to join LAN
segments that are physically separated(e.g., two or more buildings). Up to 6
WDS bridge links work with AP function simultaneously.
Radius and Local Authentication: For wireless service, SMCWHSG44-G
provides 2 kinds of user authentication methods: 802.1x/RADIUS and Local
Authentication Database. Authentication, Authorization and Accounting
(AAA) services are supported via 802.1x/RADIUS client and server devices,
while the Local Authentication Database provides more flexible authentication
procedure that allows non-802.1x wireless users to be authenticated.
SMCWHSG44-G also provides the capability to allow operators or venue
owners to display their Web or advertisement contents during the user login
period. For some unauthorized wireless users who want to access the
Internet, the venue owners can also limit such users to access certain levels
of Internet resources.
Ticket Printing: The SMCWHSG44-G Hotspot Gateway supports an external
ticket printer/keypad, so a Hotspot Venue can print a ticket that shows the
clients available access time, price and a username and password to log-on
to the Internet. SMC provides the Mini-POS Ticket Printer (SMCWHS-POS - sold
separately outside the US and Canada) for ticket printing and device control.
POE: For environments where power outlets are difficult to access due to
location or distance, the SMCWHSG44-G supports 802.11af compliant Power
over Ethernet. With the application of the SMCPWR-INJ3 Power Injector,
(sold separately) the Wireless Hotspot Gateway can be powered via CAT 5
Ethernet cable.
Detachable Antenna: The flexible R-SMA detachable antennas can be
replaced with high-gain directional/omni-directional antennas to increase
wireless signal range and coverage.
17
1.1. Overview
1.2. Features
• User Authentication, Authorization, and Accounting (AAA)
• Web redirection - When an unauthenticated wireless user is trying to
access a Web page, he/she is redirected to a logon page for entering the
user name and password. Then, the user credential information is sent
to a back-end RADIUS server for authentication or via the Local
Authentication Database.
• Local pages or external pages - The SMCWHSG44-G can be configured
to use log-on, log-off, authentication success, and authentication failure
pages, which are stored internally or stored in an external Web server
maintained by the WISP. The contents of the local authentication
pages can be customized.
• Advertisement links - The log-off authentication page can be configured
to show a sequence of advertisement banners.
• Unrestricted clients - Client computers with specific IP addresses or
MAC ad-dresses can bypass the Web redirection-based access control.
• Walled garden. Some specific URLs can be accessed without authentication.
These URLs can be exploited by WISPs or Hotspot Venues for advertisement purposes.
• IEEE 802.1x - If a wireless client computer supports IEEE 802.1x PortBased Network Access Control, the user of the computer can be authenticated by the Wireless Hotspot Gateway and wireless data can be encrypted
by 802.1x EAP authentication method combined with WEP encryption.
• RADIUS client - The SMCWHSG44-G communicates with a back-end
RADIUS server for wireless user authentication, authorization, and
accounting. Authentication methods, including EAP-MD5, EAP-TLS/EAPTTLS, PAP, and CHAP are supported.
• Internal Database - The Wireless Hotspot Gateway also supports an
Internal Database of users so that you do not have to add an additional
Radius Server. The Internal Database supports up to 2,000 user accounts.
• Robustness - To enhance AAA integrity, the Wireless Hotspot Gateway
can be configured to notify the RADIUS server after it reboots.
• Authenticated users - Shows the status and statistics of every
authenticated user. And an authenticated user can be terminated at
any time for management purposes.
• Authentication session control - Several mechanisms are provided for
the network administrator to control user authentication session lifetimes.
• IEEE 802.11b/g Compliant
• Wireless Operation
• Access Point - The AP enables IEEE 802.11 Stations (STAs) to automatically
associate with it via the standard IEEE 802.11 association process. In
addition, the IEEE 802.11 WDS (Wireless Distribution System) technology
can be used to manually establish wireless links between two APs.
18
• 64-bit and 128-bit WEP (Wired Equivalent Privacy) - For authentication
and data encryption.
• Enable/Disable SSID broadcast - The user can enable or disable the
SSID broadcasts functionality for security reasons. When the SSID
broadcast functionality is disabled, a client computer cannot associate
with the wireless AP with an “any” network name (SSID, Service Set
ID); the correct SSID has to be specified on client computers.
• MAC-address-based control - Blocks unauthorized wireless client
computers based on MAC (Media Access Control) addresses.
• Repeater - A wireless AP can communicate with other wireless APs via
WDS (Wireless Distribution System). Therefore, the wireless AP can
wirelessly forward packets from wireless clients to another wireless
AP, and then the later wireless AP forwards the packets to the
Ethernet network.
• Wireless client isolation - Wireless-to-wireless traffic can be blocked
so that the wireless clients cannot see each other. This capability can
be used in Hotspot applications to prevent wireless hackers from
attacking other wireless user´s computers.
• Transmit power control - Transmit power of the wireless AP's RF module
can be adjusted to change RF coverage of the wireless AP.
• Associated wireless clients - Shows the status of every wireless client
that is associated with the built in wireless AP.
• Replaceable antenna - The factory-mounted antenna can be replaced
with high-gain antennas for extending range or increasing wireless
coverage to a particular area.
• Internet Connection Sharing
• DNS proxy - The SMCWHSG44-G can forward DNS (Domain Name
System) requests from client computers to DNS servers on the Internet.
And DNS responses from the DNS servers can be forwarded back to the
client computers.
• Static DNS mappings - The network administrator can specify static
FQDN (Fully Qualified Domain Name) to IP address mappings.
Therefore, a host on the internal network can access a server also on
the intranet by a registered FQDN.
• DHCP server - The SMCWHSG44-G can automatically assign IP addresses
to client computers by DHCP (Dynamic Host Configuration Protocol).
• Static DHCP mapping capability - The network administrator can specify
static IP address to MAC address mappings so that the specified IP
addresses are always assigned to the hosts with the specified MAC
addresses.
• Current DHCP mappings - Shows which IP address is assigned to
which host identified by a MAC address.
•NAT Features - Client computers share a public IP address provided by
an ISP (Internet Service Provider) by NAT (Network Address Translation).
Our NAT server functionality supports the following:
19
• Virtual server - Exposing servers on the intranet to the Internet.
• PPTP, IPSec, and L2TP pass-through - Passing VPN (Virtual Private
Network) packets through the intranet-Internet boundary. PPTP
means Point-to-Point Tunneling Protocol, IPSec means IP Security,
and L2TP means Layer 2 Tunneling Protocol.
• DMZ (DeMilitarized Zone) - All unrecognized IP packets from the
Internet can be forwarded to a specific computer on the intranet.
• MSN Messenger support - Supporting Microsoft MSN Messenger for
chat, file transfer, and real-time communication applications.
• Session monitoring. Latest 50 incoming sessions and 50 outgoing
sessions are shown for monitoring user traffic.
• DSL/Cable Modem Support - Supporting dynamic IP address assignment by
PPPoE (Point-to-Point Protocol over Ethernet) or DHCP and static IP
address assignment.
• Multiple DSL/Cable connections support - Supporting up to 4 DSL/cable-
based In-ternet connections. All outgoing traffic load from the internal
network is shared among the multiple Internet connections, so that
total outgoing throughput is increased.
• Load Balancing - The SMCWHSG44-G provides multiple WAN port
Load Balancing mechanism for balancing the incoming data traffic
between every enabled WAN port. The balancing mechanism can also be
defined by Port or IP range policy.
• Zero Client Reconfiguration - The SMCWHSG44-G provides 'Zero Client
Reconfiguration' function to allow wireless clients that associate to the
SMCWHSG44-G the ability to not have to change any network setting.
• Network Security
• Packet address and port filtering - Filtering outgoing packets based on IP
address and port number. (Incoming packet filtering is performed by NAT.)
• URL filtering - Preventing client users from accessing defined Web sites.
The HTTP (Hyper Text Transfer Protocol) traffic to the specified Web
sites identified by URLs (Universal Resource Locators) is blocked.
• WAN ICMP request blocking - Some DoS (Denial of Service) attacks are
based on ICMP requests with large payloads. Such kind of attacks can
be blocked.
• Stateful Packet Inspection (SPI) - Analyzing incoming and outgoing packets
based on a set of criteria for abnormal content. Therefore, SPI can
detect hacker attacks, and can summarily reject an attack if the packet
fits a suspicious profile.
• Wireless-to-Ethernet-LAN traffic blocking capability - Traffic between
the wireless interface and the Ethernet LAN interface can be blocked.
• Configurable MAC Address of the Ethernet WAN Interface - Some ADSL
modems work only with Ethernet cards provided by the ISP. If SMCWHSG44-G
is used in such an environment, the MAC address of the WAN interface of
the Router has to be changed to the MAC address of the ISP-provided
Ethernet network card.
20
• SNTP - Support for system time by SNTP (Simple Network Time Protocol).
• Dynamic DNS - Support for dynamic DNS services provided by dyndns.org
and no-ip.com, so that the SMCWHSG44-G can be associated with a domain
name even if it obtains an IP address dynamically by PPP, PPPoE or DHCP.
• LAN Device Management - The Wireless Hotspot Gateway can pass
management requests from the Internet through its built-in NAT server to
devices on the private network. As a result, network devices (such as
access points) behind the NAT server can be managed from the Internet.
In this way, the Wireless Hotspot Gateway acts as a management proxy for
the LAN devices.
• Firmware Tools
• Firmware upgrade - The firmware can be upgraded, so that more
features can be added in the future.
• TFTP-based - Upgrading firmware by TFTP (Trivial File Transfer Protocol).
• HTTP-based - Upgrading firmware by HTTP (Hyper Text Transfer Protocol).
• Configuration backup. The configuration settings of the SMCWHSG44-G
can be backed up to a file via TFTP or HTTP for restoring later.
• Management
• Web-based Network Manager for configuring and monitoring the
SMCWHSG44-G - The management protocol is HTTP (Hyper Text Transfer
Protocol)-based. The SMCWHSG44-G can be configured to be managed:
• Only from the LAN side
• Both from the LAN side and WAN side
• Only from the WAN side
In addition, it can also be configured to accept management commands only
from specific hosts.
• UPnP - The SMCWHSG44-G responds to UPnP discovery messages so
that a Windows XP user can locate the Wireless Hotspot Gateway in My
Network Places and use a Web browser to configure it.
• SNMP - SNMP (Simple Network Management Protocol) MIB I, MIB II,
IEEE 802.1d, IEEE 802.1x, Private Enterprise MIB are supported.
• System log - For system operational status monitoring.
• Local log - System events are logged to the on-board RAM of the
Gateway and can be viewed using a Web browser.
• Remote log by SNMP trap - Systems events are sent in the form of
SNMP traps to a remote SNMP management server.
• LAN/WAN Configurable Ethernet Switch Ports - The SMCWHSG44-G provides
a 4-port Ethernet switch so that a stand-alone Ethernet hub/switch is not
necessary for connecting Ethernet client computers to the Router. These
Ethernet ports can be configured as WAN ports for multiple DSL/cablebased Internet connections support.
• Hardware Watchdog Timer - If the firmware gets stuck in an invalid state,
the hardware watchdog timer will detect this situation and restart the
gateway. Accordingly, the SMCWHSG44-G can provide continuous services.
21
• Configuration Reset - Reset the configuration settings to factory-set values.
1.2.1 Package Checklist
* Check that you have the following contents in the box:
• SMCWHSG44-G Wireless Hotspot Gateway
• User Guide
• Utility & Documentation CD
• Wallmount Kit
• Power Adapter
• 2 dBi Dipole Antenna
1.3. LED Definition
• PWR : Power
• ALIVE : Blinks when the SMCWHSG44-G is working normally.
• RF : IEEE 802.11b/g interface activity
• WAN/LAN : Ethernet WAN/LAN interface activity
Fig. 1. LED Indicator
1.4. Rear Panel
• +12V DC : AC/DC power jack (12VDC input)
• WAN/LAN : Ethernet WAN/LAN interface indication
• POE : POE-enabled LAN port interface
• COM : RS232 serial port for Printer/keypad
• RESET : Hardware reset button
Fig. 2. Rear Panel
22
1.5. Selecting a Power Supply Method
The SMCWHSG44-G can be powered by either the supplied AC power adapter or
the optional SMCPWR-INJ3 EliteConnect™ Power Injector. The SMCWHSG44-G
automatically selects the suitable power depending on your decision.
To power the SMCWHSG44-G by the supplied power adapter:
1. Plug the power adapter to an AC socket.
2. Plug the connector of the power adapter to the power jack of the
SMCWHSG44-G.
NOTE: This product is intended to be power-supplied by a Listed Power Unit,
marked “Class 2” or “LPS” and output rated “12V DC, 1.25 A minimum” or
equivalent statement.
To power the SMCWHSG44-G by SMCPWR-INJ3 Power Injector
(SMCPWR-INJ3 sold separately):
1. Connect the power cord cable from power outlet to the SMCPWR-INJ3
power connector.
Fig. 3. Connecting the power cord cable to SMCPWR-INJ3.
2. Check the “POWER” LED: if system is normal, the LED will be on (Green
light); otherwise, the “POWER” LED will be off.
3. Connect the Ethernet cable (RJ-45 Category 5) from Ethernet
Hub/Switch to the “DATA IN” port of SMCPWR-INJ3 Power Injector.
4. Connect another Ethernet cable (RJ-45 Category 5) from “POWER &
DATA OUT” port of the SMCPWR-INJ3 Power Injector to the
SMCWHSG44-G. Please note the indication on the panel of POE-enabled
RJ45 port of SMCWHSG44-G (LAN interface #4).
Fig. 4. POE enabled LAN Port Position.
23
Fig. 5. Connecting Ethernet cables to SMCPWR-INJ3.
5. Check the “ACTIVE” LED: if power is successfully fed into the
SMCWHSG44-G, the “ACTIVE” LED will be on (Red light); otherwise, the
“ACTIVE” LED will be off.
6. If the electricity current is over the normal condition (Io°÷1.0 A), the
“ACTIVE” LED will flash (Red light).
NOTE: SMCPWR-INJ3 is specially designed for SMC2582W-B, SMC2586W-G,
and SMCWHSG44-G. The use of SMCPWR-INJ3 with other Ethernet-ready
devices that are not compliant to IEEE 802.3af may cause damage to the
devices.
1.6. Mounting the SMCWHSG44-G on a Wall
The SMCWHSG44-G is wall-mountable.
1. Stick the supplied sticker for wall-mounting.
2. Use a ∆6.5mm driller to drill a 25mm-deep hole at each of the cross marks.
3. Plug in a supplied plastic conical anchor in each hole.
4. Screw a supplied screw in each plastic conical anchor for a proper depth
so that the SMCWHSG44-G can be hung on the screws.
5. Hang the SMCWHSG44-G on the screws.
Fig. 6. Mounting the SMCWHSG44-G on a wall.
24
1.7. Preparing for Configuration
To configure the Wireless Hotspot Gateway, a managing computer with a
Web browser is needed. For first-time configuration of a SMCWHSG44-G, an
Ethernet network interface card (NIC) should have been installed in the managing
computer. For maintenance/configuration of a deployed SMCWHSG44-G,
either a wireless computer or a wired computer can be employed as the
managing computer.
NOTE: If you are using the browser, Opera, to configure an SMCWHSG44-G,
click the menu item File, click Preferences... click File types, and edit the
MIME type, text/html, to add a file extension “.sht” so that Opera can work
properly with the Web management pages of the SMCWHSG44-G.
Since the configuration/management protocol is HTTP-based, you have to
make sure that the IP address of the managing computer and the IP address
of the managed SMCWHSG44-G are in the same IP subnet (the default IP
address of the SMCWHSG44-G is 192.168.2.1 and the default subnet mask is
255.255.255.0.) For ease of configuration you can set your computer to
“Obtain IP Address automatically” since the Wireless Hotspot Gateway has a
built in DHCP server.
1.7.1. Connecting the Managing Computer and the SMCWHSG44-G
To connect the managing computer and the SMCWHSG44-G for first-time
configuration, you have two choices as illustrated in Fig. 7.
Fig. 7. Connecting a managing computer and SMCWHSG44-G via Ethernet.
You can use either an Ethernet cable (included in the package) or a
switch/hub with 2 straight-through Ethernet cables.
1.7.2. Changing the TCP/IP Settings of the Managing Computer
Use the Windows Network Control Panel Applet to change the TCP/IP settings
of the managing computer, so that the IP address of the computer and the IP
address of the SMCWHSG44-G are in the same IP subnet. Set the IP
25
address of the computer to 192.168.2.xxx (the default IP address of the
SMCWHSG44-G is 192.168.2.1) and the subnet mask to 255.255.255.0.) It is
preferred to set the computer to “obtain an IP address automatically” so the
router will give your computer the correct settings automatically.
NOTE: For some versions of Windows, the computer needs to be restarted
for the changes of TCP/IP settings to take effect.
1.8. Configuring the SMCWHSG44-G
The SMCWHSG44-G is DHCP server enabled by default. After the IP
addressing is configured, launch a Web browser on the managing computer.
Then, go to “http://192.168.2.1” to log on to the Wireless Hotspot Gateway
for Web-based management.
1.8.1. Entering the Password
To log onto the Web based management interface, you will be prompted to
enter the password. For first-time configuration, default password is
“smcadmin”. And then, click the LOGIN button.
Fig. 9. Entering the Password.
NOTE: It is strongly recommended that the password be changed to another
value for security reasons. On the start page, go to the SYSTEM\Password
Settings page to change the value of the password (see Section 2.3.2 for
more information).
26
Fig. 10. Home Page.
1.8.2. SETUP WIZARD Step 1: Selecting an Operational Mode
Fig. 11. Operational Modes.
• If the Router is to be used with a DSL or cable modem and the IP address
assignment for the Ethernet WAN interface is achieved by PPPoE, select
Router with a PPPoE-Based DSL/Cable Connection.
• If the Router is to be used with a DSL or cable modem and the IP address
assignment for the Ethernet WAN interface is achieved by DHCP, select
Router with a DHCP-Based DSL/Cable Connection.
• If the Router is to be used with a DSL or cable modem and the IP address
27
of the Ethernet WAN interface has to be manually set, select Router with
a Static-IP DSL/Cable Connection.
• If you have multiple ADSL/cable connections, select Router with n
DSL/Cable Connections. Select the number of connections using the
drop-down list, and then specify the type, downlink date rate and uplink
data rate of each ADSL/cable connection. The specified data rates affect
the load-balancing engine of the SMCWHSG44-G.
1.8.3. SETUP WIZARD Step 2: Configuring TCP/IP Settings
1.8.3.1. Router with a PPPoE-Based DSL/Cable Connection
Fig. 12. TCP/IP Settings for Router with a PPPoE-Based
DSL/Cable Connection mode.
If the SMCWHSG44-G is set to be in Router with a PPPoE-Based DSL/Cable
Connection mode, two IP addresses are needed-one for the Ethernet LAN
interface and the other for the WAN interface. The LAN IP address must be
set manually to a private IP address, say 192.168.2.xxx. The default LAN IP
address is 192.168.2.1 and the default subnet mask is 255.255.255.0. In
most cases, these default settings need no change.
As for the WAN IP address, it is obtained automatically by PPPoE from the
ISP. Consult your ISP for the correct User name, Password, and Service
name settings.
The Trigger mode setting specifies the way a PPPoE connection is established.
Your PPPoE connection can be established and disconnected manually
(Manual) by clicking the Connect and Disconnect buttons on the Start page,
respectively. Or you can choose to let the device automatically (Auto) establish
a PPPoE connection at boot-up time. In Auto mode, if the connection is disrupted,
the device will omtry to reestablish the broken connection automatically.
28
1.8.3.2. Router with a DHCP-Based DSL/Cable Connection
Fig. 13. TCP/IP settings for Router with a DHCP-Based
DSL/Cable Connection mode.
If the SMCWHSG44-G is set to be in 'Router with a DHCP-Based DSL/Cable
Connection 'mode, two IP addresses are needed-one for the Ethernet LAN
interface and the other for the WAN interface. The LAN IP address must be
set manually to a private IP address, say 192.168.2.xxx. The default LAN IP
address is 192.168.2.1 and the default subnet mask is 255.255.255.0. In
most cases, these default settings need no change.
As for the WAN IP address, it is obtained by DHCP from the ISP. The Trigger
mode setting affects the behavior of the DHCP client of the Router. In Auto
mode, you don't have to worry about the DHCP process; the device takes
care of everything. In Manual mode, there are two buttons on the Start page
for you to manually release an obtained IP address (Release) and re-obtain a
new one from a DHCP server (Renew).
1.8.3.3. Router with a Static-IP DSL/Cable Connection
Fig. 14. TCP/IP settings for Router with a Static-IP
DSL/Cable Connection mode.
If the SMCWHSG44-G is set to be in 'Router with a Static-IP DSL/Cable
Connection' mode, two IP addresses are needed-one for the Ethernet LAN
interface and the other for the WAN interface. The LAN IP address must be
set manually to a private IP address, say 192.168.2.xxx. The default LAN IP
29
Loading...