4IPNET WHG301L001 WLAN Controller User Manual 1 of 2

4IPNET, INC. WLAN Controller 1 of 2

UserManual.wiki >

WHG301L001 User Manual >

User manual 1 of 2

Contents

1. User manual 1 of 2
2. User manual 2 of 2

User manual 1 of 2

V1.00 4ipnet WHG301 User’s Manual

Copyright The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission of 4IPNET, INC. Disclaimer 4IPNET, INC. does not assume any liability arising out the application or use of any products, or software described herein. Neither does it convey any license under its parent rights not the parent rights of others. 4IPNET further reserves the right to make changes in any products described herein without notice. The publication is subject to change without notice. Trademarks 4IPNET (4ipnet) is a registered trademark of 4IPNET, INC. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

© 2008 4IPNET, INC. 3 4ipnet WHG301 User’s Manual FCC CAUTION This equipment has been tested and proven to comply with the limits for a class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: ---Reorient or relocate the receiving antenna. ---Increase the separation between the equipment and receiver. ---Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. ---Consult the dealer or an experienced radio/TV technician for help. Any changes or modifications (including the antennas) made to this device that are notexpressly approved by the manufacturer may void the user's authority to operate the equipment. 

© 2008 4IPNET, INC. i4ipnet WHG301 User’s Manual Table of Contents 1. Before You Start.................................................................................................................................................1 1.1 Preface...................................................................................................................................................1 1.2 Document Conventions..........................................................................................................................1 2. System Overview ...............................................................................................................................................2 2.1 Introduction of 4ipnet WHG301..............................................................................................................2 2.2 System Concept.....................................................................................................................................2 2.3 Specification...........................................................................................................................................3 2.3.1 Hardware Specification..................................................................................................................3 2.3.2 Technical Specification...................................................................................................................3 3. Installation..........................................................................................................................................................6 3.1 Hardware Installation..............................................................................................................................6 3.1.1 System Requirements....................................................................................................................6 3.1.2 Package Contents..........................................................................................................................6 3.1.3 Panel Function Descriptions..........................................................................................................7 3.1.4 Installation Steps............................................................................................................................8 3.2 Quick Software Configuration.................................................................................................................9 4. Web Interface Configuration...........................................................................................................................19 4.1 System Configuration...........................................................................................................................21 4.1.1 Configuration Wizard...................................................................................................................22 4.1.2 System Information......................................................................................................................23 4.1.3 WAN1 Configuration....................................................................................................................25 4.1.4 WAN2 Configuration....................................................................................................................27 4.1.5 WAN Traffic Settings....................................................................................................................29 4.1.6 LAN Port Mapping........................................................................................................................31 4.1.7 Service Zones..............................................................................................................................34 4.2 User Authentication..............................................................................................................................39 4.2.1 Authentication Configuration........................................................................................................40 4.2.2 Black List Configuration...............................................................................................................65 4.2.3 Group Configuration.....................................................................................................................67 4.2.4 Policy Configuration.....................................................................................................................71 4.2.5 Additional Configuration...............................................................................................................78 4.3 AP Management...................................................................................................................................81 4.3.1 AP List..........................................................................................................................................82 4.3.2 AP Discovery...............................................................................................................................86 4.3.3 Manual Configuration...................................................................................................................88 4.3.4 Template Settings........................................................................................................................89 4.3.5 Firmware Management................................................................................................................90

© 2008 4IPNET, INC. ii4ipnet WHG301 User’s Manual 4.3.6 AP Upgrade.................................................................................................................................90 4.3.7 WDS Management.......................................................................................................................91 4.4 Network Configuration..........................................................................................................................92 4.4.1 Network Address Translation.......................................................................................................93 4.4.2 Privilege List.................................................................................................................................96 4.4.3 Monitor IP List..............................................................................................................................98 4.4.4 Walled Garden List......................................................................................................................99 4.4.5 Proxy Server Properties.............................................................................................................100 4.4.6 Dynamic DNS............................................................................................................................101 4.4.7 IP Mobility...................................................................................................................................101 4.4.8 VPN Configuration.....................................................................................................................102 4.5 Utilities................................................................................................................................................104 4.5.1 Change Password......................................................................................................................105 4.5.2 Backup/Restore Settings...........................................................................................................106 4.5.3 Firmware Upgrade.....................................................................................................................107 4.5.4 Restart........................................................................................................................................108 4.5.5 Network Utilities.........................................................................................................................109 4.6 Status..................................................................................................................................................110 4.6.1 System Status.............................................................................................................................111 4.6.2 Interface Status..........................................................................................................................113 4.6.3 Routing Table.............................................................................................................................115 4.6.4 Current Users.............................................................................................................................116 4.6.5 Traffic History.............................................................................................................................117 4.6.6 Notify Configuration...................................................................................................................120 4.7 Help....................................................................................................................................................122 Appendix A. Accepting Payment via Authorize.Net.......................................................................................123 Appendix B. Accepting Payment via PayPal ..................................................................................................132 Appendix C. Service Zone Deployment Example...........................................................................................141 Appendix D. Proxy Setting................................................................................................................................150 Appendix E. Session Limit and Session Log .................................................................................................155 Appendix F. Network Configuration on PC & User Login.............................................................................157 Appendix G. Console Interface ........................................................................................................................173 Appendix H. Local VPN.....................................................................................................................................176 Appendix I. Customizable Pages....................................................................................................................180

© 2008 4IPNET, INC. 1 4ipnet WHG301 User’s Manual 1. Before You Start 1.1 Preface This manual is for hotspot owners or network administrators to set up a network environment using the 4ipnet WHG301 system. It contains step-by-step procedures and graphic examples to guide MIS staff or individuals with slight network system knowledge to complete the installation. 1.2 Document Conventions Represents essential steps, actions, or messages that should not be ignored. 8 Note: Contains related information that corresponds to a topic. Indicates that clicking this button will return to the homepage of this section. Indicates that clicking this button will return to the previous page. Indicates that clicking this button will apply all of your settings. Indicates that clicking this button will clear what you have set before these settings are applied.

© 2008 4IPNET, INC. 2 4ipnet WHG301 User’s Manual 2. System Overview 2.1 Introduction of 4ipnet WHG301 4ipnet WHG301 is an all-in-one product specially designed for wired and wireless data network environments in small to middle scaled businesses and hotspots. It features integrated management, secured data transmission, and enhanced accounting and billing. System administrators can effectively monitor wired or wireless users, including employees and guest users via its user management interface. Moreover, administrators can discover, configure, monitor, and upgrade all managed Access Points (APs) from a single, centralized AP management interface. 2.2 System Concept 4ipnet WHG301 is capable of managing user authentication, authorization and accounting. The user account information is stored in the local database or a specified external database server. Featured with user authentication and integrated with external payment gateway, WHG301 allows users to easily pay the fee and enjoy the Internet service using credit cards through Authorize.net or PayPal. With centralized AP management feature, the administrator does not need to worry about how to manage multiple wireless access point devices. Furthermore, WHG301 introduces the concept of Service Zones - multiple virtual networks, each with its own definable access control profiles. This is very useful for hotspot owners seeking to provide different customers or staff with different levels of network services. The following diagram is an example of WHG301 set to manage the Internet and network access services at a hotspot venue. Figure-1: An example of managed network

© 2008 4IPNET, INC. 3 4ipnet WHG301 User’s Manual 2.3 Specification 2.3.1 Hardware Specification General Ø Form Factor: Mini-desktop Ø Dimensions (W x D x H): 9.6" x 5.9" x 1.8" (243 mm x 150 mm x 45.5 mm) Ø Weight: 2.8 lbs (1.29 kg) Ø Operating Temperature: 0 ~ 45 ℃ Ø Storage Temperature: 0 ~ 65 ℃ Ø Power: 110~220 VAC, 50/60 Hz Ø Ethernet Interfaces: 10 x Fast Ethernet (10/100 Mbps) Connectors and Display Ø WAN Ports: 2 x 10BASE-T/100BASE-TX RJ-45 Ø LAN Ports: 8 x 10BASE-T/100BASE-TX RJ-45 Ø Console Port: 1 x RJ-11 Ø LED Indicators: 1 x Power, 1 x Status, 2 x WAN, 8 x LAN 2.3.2 Technical Specification Networking Ø Support NAT or Router mode Ø Support Static IP, DHCP, PPPoE on WAN interface Ø Choose freely which LAN is authentication-enabled LAN Ø Support NAT (a) IP/Port destination redirection (b) DMZ server mapping (c) virtual server mapping (d) H.323 pass-through Ø Built-in with DHCP Server and support DHCP relay Ø Support walled garden (free surfing zone) Ø Support SMTP redirection Ø Support MAC-address and IP-address pass-through Ø Support HTTP Proxy Ø Support IP Plug and Play (IP PnP) Ø Support configurable static routes Ø Contain built-in hardware-based VPN accelerator Ø Support dual uplinks, outbound load balancing and failover for more reliable Internet connection Ø Support SIP pass-through NAT Service Zones Ø The network is divided into maximum eight Service Zones (plus one default zone), each defined by a pair of VLAN tag and ESSID Ø Each service zone has its own (a) login portal page (b) redirected home page (c) authentication options (d) LAN interface IP address (e) DHCP address range

© 2008 4IPNET, INC. 4 4ipnet WHG301 User’s Manual Ø Each service zone allows access to the selected groups Ø Each service zone assigns a network policy to each user group User Management and Guest Accounts Ø Authentication methods supported: Local and On-demand accounts, POP3, LDAP, RADIUS, Windows Domain, and SIP authentication Ø Single-Sign-On for Windows Domain Ø Allow MAC address and user identity binding for local user authentication Ø Support MAC Access Control List Ø Support auto-expired guest accounts Ø Users can be divided into user groups Ø Each user group has its own network properties, including bandwidth, QoS, accessible service zones, and other privileges Ø Support QoS and WMM traffic types: Voice, Video, Best Effort and Background Ø Each group (role) may get different network policies in different service zones Ø Max concurrent user session (tcp/udp) limit Ø A setting for user-idle-timeout Ø Configurable user Black List Ø Instant guest account generation by authorized users Ø Export/Import local users list to/from a text file Ø Definable session limit in policy puts a cap to each user’s concurrent sessions (tcp/udp) Security Features Ø Support data encryption: WEP(64/128-bit), WPA, WPA2, IPSec VPN Ø Support various authentication methods: WPA-PSK, WPA2-PSK, IEEE 802.1x (EAP-MD5, EAP-TLS, CHAP, PEAP) Ø Provide VPN termination of IPSec tunnels Ø Support VPN pass-through (IPSec and PPTP) Ø Built-in DoS attack protection Ø AP Management Ø Provide centralized remote management via HTTP/SNMP interface Ø Auto Discovery for Managed APs Ø Enable or disable APs easily via user interface Ø Templates for Managed APs Ø Monitoring Managed AP for its status, the number of associated clients, and RF info Ø Recover APs automatically when the system fails Ø Upgrade managed APs centrally, including bulk upgrade Ø Monitor 3rd party non-integrated AP

© 2008 4IPNET, INC. 5 4ipnet WHG301 User’s Manual Monitoring and Reporting Ø Status monitoring of online users Ø IP-based monitoring of network devices Ø Uplink (WAN) connection failure alert Ø Support Syslog for diagnosis and troubleshooting Ø User traffic history logging Ø Traffic history report via email to administrator Ø Users’ session log can be sent to ftp or Syslog server Accounting and Billing Ø Support local on-demand and external RADIUS server Ø Contain ten configurable billing plans for on-demand accounts Ø Support credit card billing system by Authorize.net and PayPal Ø Provide session expiration control for on-demand accounts Ø Provide detailed per-user network traffic history for both local and on-demand user accounts Ø Support automatic e-mail to report network traffic history System Administration Ø Support web-based management user interface Ø Provide customizable login and logout portal page Ø SSH remote management Ø Remote firmware upgrade Ø NTP time synchronization Ø Menu driven console management interface Ø Utilities to backup and restore the system database

© 2008 4IPNET, INC. 6 4ipnet WHG301 User’s Manual 3. Installation 3.1 Hardware Installation 3.1.1 System Requirements Ÿ Standard 10/100BaseT including five network cables with RJ-45 connectors Ÿ All PCs need to install the TCP/IP network protocol 3.1.2 Package Contents The standard package of 4ipnet WHG301 includes: Ÿ 4ipnet WHG301 x 1 Ÿ Quick Installation Guide (QIG) x 1 Ÿ CD-ROM (with User’s Manual and QIG) x 1 Ÿ DC 12V Power Adaptor x 1 Ÿ Console Cable x 1 Ÿ Core x 1 It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance. (Don't Remove the core of Console Cable)

© 2008 4IPNET, INC. 7 4ipnet WHG301 User’s Manual 3.1.3 Panel Function Descriptions Front Panel ① LED: There are four kinds of LED, Power, Status, WAN and LAN, to indicate different status of the system. Ø Power: LED ON indicates power on. Ø Status: While system power is on, status OFF indicates BIOS is running; BLINKING indicates the OS is running, and ON indicates system is ready. Ø WAN: LED ON indicates connection to the WAN port. Ø LAN: LED ON indicates connection to the LAN port. ② WAN1/WAN2: Two WAN ports (10 Base-T / 100Base-TX RJ-45) are available on the system. ③ LAN1~LAN8: Client machines connect to WHG301 via LAN ports (10 Base-T / 100Base-TX RJ-45). 8 Note: By default, all LAN ports are set with Port-based Default Service Zone; for Service Zone configuration, please refer to 4.1.7. Service Zones. Rear Panel ① Reset: Press this button to restart the system ② Console: The system can be configured via a serial console port. The administrator can use a terminal emulation program such as Microsoft’s HyperTerminal to login to the configuration console interface to change admin password or monitor system status, etc. ③ Power Socket: The power adapter attaches here.

© 2008 4IPNET, INC. 8 4ipnet WHG301 User’s Manual 3.1.4 Installation Steps Please follow the steps below to install 4ipnet WHG301: 1. Connect the 12V power adapter to the power socket on the rear panel. The Power LED should be on to indicate a proper connection. 2. Connect an Ethernet cable to the WAN1 Port on the front panel. Connect the other end of the Ethernet cable to an xDSL/cable modem, or a switch/hub on the LAN of a company/organization. The LED of this port should be on to indicate a proper connection. 3. Connect an Ethernet cable to one of the LAN1~LAN8 Ports on the front panel. Per your needs, connect the other end of the Ethernet cable to an administrator PC for configuring the WHG301 system, an AP for extending wireless coverage, a switch for connecting more wired clients, or a client PC. The LED of the connected port should be on to indicate a proper connection. WHG301 supports Auto Sensing MDI/MDIX. You may use either a straight-through or a cross-over Ethernet cable to connect the Ethernet port.

© 2008 4IPNET, INC. 9 4ipnet WHG301 User’s Manual 3.2 Quick Software Configuration 4ipnet WHG301 supports web-based configuration. Upon the completion of hardware installation, WHG301 can be configured via web browsers with JavaScript enabled such as Internet Explorer version 6.0 and above or Firefox. There are two ways to configure the 4ipnet WHG301 system: using the online Configuration Wizard or changing the settings by commands manually. The Configuration Wizard comprises of six basic steps as follows. Follow the instructions of Configuration Wizard to enter the required information step by step, save your settings, and restart WHG301. The 6 steps of Configuration Wizard are listed below: Step 1. Change Admin’s Password Step 2. Choose System’s Time Zone Step 3. Set System Information Step 4. Select Connection Type for WAN Port Step 5. Add Local User Account (Optional) Step 6. Save and Restart 4ipnet WHG301 Please follow the following steps to complete the quick configuration: 1. To access the web management interface, connect a PC to one of the LAN1~8 ports, and then launch a browse. Make sure you have set DHCP in TCP/IP of your PC to get an IP address dynamically. Next, enter the gateway IP address of WHG301 at the address field. The default gateway IP address is“https://192.168.1.254” (“https” is used for a secured connection). The administrator login page will appear. Enter “admin”, the default username, and “admin”, the default password, in the User Name and Password fields. Click Enter to log in. After a successful login, a “Welcome to System Administration” page will appear on the screen.

© 2008 4IPNET, INC. 10 4ipnet WHG301 User’s Manual For the first time, if WHG301 is not using a trusted SSL certificate, there will be a “Certificate Error”, because the browser treats WHG301 as an illegal website. Please press “Continue to this website” to continue. The default user login page will then appear in the browser. For more information, please see 4.2.5 Additional Configuration. If you can’t get the login screen, the reasons may be: (1) The PC is set incorrectly so that the PC can’t obtain the IP address automatically from the LAN port; (2) The IP address and the default gateway are not under the same network segment. Please use default IP address such as 192.168.1.xx in your network and then try it again. For the configuration on PC, please refer to Appendix F. 4ipnet WHG301 supports three kinds of account interface. You can log in as admin, manager or operator. The default usernames and passwords show as follows: Admin: The administrator can access all configuration pages of WHG301. User Name: admin Password: admin

© 2008 4IPNET, INC. 11 4ipnet WHG301 User’s Manual Manager: The manager can only access the configuration pages under User Authentication to manage the user accounts, but without the permission to change the settings of the profiles of Firewall, Specific Route and Schedule. User Name: manager Password: manager Operator: The operator can only access the configuration page of Create On-demand User to create new on-demand user accounts and print out the on-demand user account receipts. User Name: operator Password: operator

© 2008 4IPNET, INC. 12 4ipnet WHG301 User’s Manual After a successful login to WHG301, a web management interface with a welcome message will appear. 8 Note: To logout, simply click the Logout icon on the upper right corner of the interface to return to the login screen. 2. Now you are ready to run the Wizard. To quickly configure WHG301 by using the Configuration Wizard, click System Configuration from the top menu to go to the System Configuration page. Then, click Configuration Wizard on the left. Click the Run Wizard button to begin the Configuration Wizard. The Configuration Wizard will appear in a pop-up browser window. Click Next to begin.

© 2008 4IPNET, INC. 13 4ipnet WHG301 User’s Manual 3. Running Configuration Wizard A welcome screen that briefly introduces the 6 steps will appear. Click Next to begin. 8 Note: During every step of the wizard, if you wish to go back to modify the settings, please click the Back button to go back to the previous step. Ÿ Step 1. Change Admin’s Password † Enter a New Password for the admin account and retype it in the Verify Password field (20-character maximum and no spaces). For security concern, it is strongly recommended to change the administrator's password. † Click Next to continue.

© 2008 4IPNET, INC. 14 4ipnet WHG301 User’s Manual Ÿ Step 2. Choose System’s Time Zone † Select a proper time zone from the drop-down list box. † Click Next to continue. Ÿ Step 3. Set System Information † Home Page: Enter the URL that users should be initially directed to when successfully authenticated to the network. † NTP Server: Enter the URL of the external time server for 4ipnet WHG301 time synchronization or use the default setting. † DNS Server: Enter the IP Address of a DNS Server provided by your ISP (Internet Service Provider). Contact the ISP if the DNS IP Address is unknown. † Click Next to continue.

© 2008 4IPNET, INC. 15 4ipnet WHG301 User’s Manual Ÿ Step 4. Select Connection Type for WAN Port Three are three types of WAN port to be selected from: Static IP Address, Dynamic IP Address and PPPoE Client. Select a proper Internet connection type and click Next to continue. Ø Dynamic IP Address If this option is selected, an appropriate IP address and related information will automatically be assigned. Click Next to continue. Ø Static IP Address: Set WAN Port’s Static IP Address Enter the “IP Address”, “Subnet Mask” and “Default Gateway” provided by your ISP. Click Next to continue.

© 2008 4IPNET, INC. 16 4ipnet WHG301 User’s Manual Ø PPPoE Client: Set PPPoE Client’s Information Enter the “Username” and “Password” provided by your ISP. Click Next to continue.

© 2008 4IPNET, INC. 17 4ipnet WHG301 User’s Manual Ÿ Step 5. Add Local User Account (Optional) Ø A new user can be added to the Local User database. To add a user here, enter the Username (e.g. test), Password (e.g. test), MAC Address (optional) and assign an Applied Group to this particular user (or use the default None). Ø More users can be added to this authentication method by clicking the Add Now button. Ø Click Next to continue. Ÿ Step 6. Save and Restart 4ipnet WHG301 Ø Click Restart to save current settings and restart 4ipnet WHG301. The Setup Wizard is now complete.

© 2008 4IPNET, INC. 18 4ipnet WHG301 User’s Manual Ÿ Restart: When WHG301 is restarting, a “Restarting now. Please wait for a moment.” message will appear on the screen. Please do NOT interrupt WHG301 restart process until the Configuration Wizard pop-up window has disappeared—which indicates the restart process has been completed. If all steps are done properly, you can start working on the system or refer to the user’s manual for advanced settings.

© 2008 4IPNET, INC. 19 4ipnet WHG301 User’s Manual 4. Web Interface Configuration This chapter will guide you through further detailed settings. The following table shows all the functions of 4ipnet WHG301.

© 2008 4IPNET, INC. 20 4ipnet WHG301 User’s Manual OPTION System Configuration User Authentication AP Management Network Configuration Utilities Status Configuration Wizard Authentication Configuration AP List Network Address Translation Change Password System Status System Information Black List Configuration AP Discovery Privilege List Backup/Restore Settings Interface Status WAN1 Configuration Group Configuration Manual Configuration Monitor IP List Firmware Upgrade Routing Table WAN2 Configuration Policy Configuration Template Settings Walled Garden List Restart Current Users WAN Traffic Settings Additional Configuration Firmware Management Proxy Server Properties Network Utilities Traffic History LAN Port Mapping AP Upgrade Dynamic DNS Notification Configuration Service Zones WDS Management IP Mobility FUNCTION VPN Configuration After finishing the configuration of the settings, please click Apply and pay attention to see if a RESTART message appears on the screen. If such message appears, the system must be restarted to allow the new settings to take effect. All on-line users will be disconnected during restart.

© 2008 4IPNET, INC. 21 4ipnet WHG301 User’s Manual 4.1 System Configuration This section includes the following functions: Configuration Wizard, System Information, WAN1 Configuration, WAN2 Configuration, WAN Traffic Settings, LAN Port Mapping and Service Zones.

© 2008 4IPNET, INC. 22 4ipnet WHG301 User’s Manual 4.1.1 Configuration Wizard There are two ways to configure the 4ipent WHG301 system: using the online Configuration Wizard or changing the settings by commands manually. The Configuration Wizard comprises of 6 basic steps, providing a simple and easy way to go through the basic setups of WHG301. Please refer to 3.2 Quick Software Configuration for the detailed description of Configuration Wizard.

© 2008 4IPNET, INC. 23 4ipnet WHG301 User’s Manual 4.1.2 System Information Main information about 4ipnet WHG301 is shown as follows: Ÿ System Name: Set the system’s name or use the default. Ÿ Device Name: FQDN (Fully-Qualified Domain Name). This is the domain name of the WHG301 as seen on client machines connected on LAN ports. A user on client machine can use this domain name to access WHG301 instead of its IP address. In addition, when “Use the name on the security certificate” option is checked, the system will use the CN (Common Name) value of the uploaded SSL certificate as the domain name. Ÿ Home Page: Enter the URL of a Web server as the homepage. Once logged in successfully, users will be directed to this homepage, such as http://www.4ipnet.com, regardless of the original homepage set in their computers. Ÿ Access History IP: Specify an IP address of the administrator’s computer or a billing system to get billing history information of WHG301with the predefined URLs. An example is provided as follows:

© 2008 4IPNET, INC. 24 4ipnet WHG301 User’s Manual Traffic History：https://10.2.3.213/status/history/2005-02-17 On-demand History：https://10.2.3.213/status/ondemand_history/2005-02-17 Ÿ Management IP Address List: The IP address or subnet of remote management PCs. Only PCs within this IP range on the list are allowed to access the system's web management interface. For example, 10.2.3.0/24 means that as long as an administrator is using a computer with the IP address range of 10.2.3.0/24, he or she can access the web management page. Another example is 10.0.0.3: if an administrator is using a computer with the IP address of 10.0.0.3, he or she can access the web management page. Ÿ SNMP: If this function is enabled, the Manager IP and the community can be assigned to access to access the Management Information Base (MIB) of the system. Ÿ User logon SSL: Enable to activate https (encryption) or disable to activate http (non encryption) login page. Ÿ Time: NTP (Network Time Protocol) communication protocol can be used to synchronize the system time with remote time server. Please specify the local time zone and the IP address of at least one NTP server for adjusting the time automatically (Universal Time is Greenwich Mean Time, GMT). The time can also be manually configured by selecting “Set Device Date and Time” and then entering the date and time in these fields.

© 2008 4IPNET, INC. 25 4ipnet WHG301 User’s Manual 4.1.3 WAN1 Configuration There are 4 connection types for the WAN1 Port: Static IP Address, Dynamic IP Address, PPPoE and PPTP Client. Ÿ Static IP Address: Manually specifying the IP address of the WAN Port. The fields with red asterisks are required to be filled in. IP Address: The IP address of the WAN1 port. Subnet Mask: The subnet mask of the WAN1 port. Default Gateway: The gateway of the WAN1 port. Preferred DNS Server: The primary DNS server used by the system. Alternate DNS Server: The substitute DNS server used by the system. This is an optional field. Ÿ Dynamic IP Address: It is only applicable for the network environment where the DHCP server is available on the network. Click the Renew button to get an IP address automatically. Ÿ PPPoE Client: When selecting PPPoE to connect to the network, please set the “User Name”, “Password”, “MTU” and “CLAMPMSS”. There is a Dial on demand function under PPPoE. If this function is enabled, a Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself.

© 2008 4IPNET, INC. 26 4ipnet WHG301 User’s Manual Ÿ PPTP Client: Select STATIC to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically. The fields with red asterisks are required to be filled in. There is a Dial on demand function under PPPoE. If this function is enabled, a Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself.

© 2008 4IPNET, INC. 27 4ipnet WHG301 User’s Manual 4.1.4 WAN2 Configuration Select None to disable this WAN2 interface, or there are 3 connection types for the WAN2 port: Static IP Address, Dynamic IP Address, and PPPoE Client. Ÿ None: The WAN2 Port is disabled. Ÿ Static IP Address: Manually specifying the IP address of the WAN port. The red asterisks indicate required fields to be filled in. IP address: the IP address of the WAN2 port. Subnet mask: the subnet mask of the network WAN2 port connects to. Default gateway: a gateway of the network WAN2 port connects to. Preferred DNS Server: The primary DNS server used by the system. Alternate DNS Server: The substitute DNS server used by the system. This is an optional field. Ÿ Dynamic IP address: It is only applicable for the network environment where a DHCP server is available. Click the Renew button to get an IP address. Ÿ PPPoE Client: When selecting PPPoE to connect to the network, please set the “User Name” and “Password”. There is a Dial on demand function under PPPoE. If this function is enabled, Maximum Idle Time can be set. When the idle time is reached, the system will automatically disconnect itself.

© 2008 4IPNET, INC. 28 4ipnet WHG301 User’s Manual

© 2008 4IPNET, INC. 29 4ipnet WHG301 User’s Manual 4.1.5 WAN Traffic Settings The section is for administrators to configure the control over the entire system’s traffic though the WAN interface (WAN1 and WAN2 ports). Available Bandwidth on WAN Interface: Ÿ Uplink: It specifies the maximum uplink bandwidth that can be shared by clients of the system. Ÿ Downlink: It specifies the maximum downlink bandwidth that can be shared by clients of the system. Connection Detection & WAN Failover: Ÿ Target for detecting Internet connection: These URLs are used by the system as the targets to detect Internet connection, for alerting Internet disconnection and WAN Failover. At least one URL is required to enable WAN Failover. Ÿ Enable Load Balancing: Outbound load balancing is supported by the system. When enabled, the system will allocate traffic between WAN1 and WAN2 dynamically according to designed algorithms based on the weight ratio. Ø WAN1 Weight: The percentage of traffic through WAN1. (Range: 1~99; by default, it is 50) Ø Base: The weight ratio between WAN1 and WAN2 can be based on Sessions, Packets or Bytes. Packets and Bytes are based on historic data. New connection sessions will be distributed between WAN1 and WAN2 by a weight ratio using random number. Ÿ Enable WAN Failover: Normally a Service Zone uses WAN1 as it primary WAN interface. When enabled and WAN2 is available, WAN1's traffic will be routed to WAN2 when WAN1 connection is down. On the other hand, a Service Zone’s policy could also use WAN2 as its interface; in that case, if WAN2 is down, the WAN2's traffic under its policy will also be routed to WAN1. Ø Fall back to WAN1 when WAN1 is available again: If WAN Failover is enabled, the traffic will be routed to WAN2 automatically when WAN1 connection fails. When fall back to WAN1 is enabled, the routed traffic will be connected back to WAN1 when WAN1 connection is recovered. Ÿ Warning of Internet Disconnection: When enabled, there is a text box available for the administrator to enter

© 2008 4IPNET, INC. 30 4ipnet WHG301 User’s Manual a reminding message. This reminding message will appear on clients' screens when Internet connection is down. SIP authentication is exempt from Load Balancing and WAN Failover. A fixed WAN port is used for SIP traffic.

© 2008 4IPNET, INC. 31 4ipnet WHG301 User’s Manual 4.1.6 LAN Port Mapping WHG301 supports multiple Service Zones in either of the two VLAN modes, Port-Based or Tag-Based, but not concurrently. In Port-Base mode, each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports. In Tag-Based mode, each LAN port can serve traffic from any Service Zone as each Service Zone is identified by VLAN tags carried within message frames. By default, the system is in Port-Based mode with Default Service Zone enabled and all LAN ports are mapped to Default Service Zone. Compare the two figures below to see the differences. 【Port-Based】【Tag-Based】

© 2008 4IPNET, INC. 32 4ipnet WHG301 User’s Manual It is recommended that the administrator decides which mode is better for a multiple-service-zone deployment before proceeding further with the system configuration. Settings for the two VLAN modes are slightly different, for example, the VLAN Tag setting is required for Tag-Based mode. Ÿ Select Service Zone Mode: Select a VLAN mode, either Port-Based or Tag-Based. The switches deployed under WHG301 in Port-Based mode must be Layer2 Switches only. The switch deployed under WHG301 in Tag-Based mode must be a VLAN switch only. Ø Port-Based: When Port-Based mode is selected, traffic from different virtual Service Zones will be distinguished by physical LAN ports. Each LAN port can be mapped to a Service Zone in the form of a many-to-one mapping between ports and Service Zones. o Specify a desired Service Zone for each LAN Port: For each LAN port, select a Service Zone to which the LAN port is to be mapped from the drop-down list box. By factory default, all LAN ports are mapped to Default Service Zone; therefore, the administrator can enter the web management interface via any LAN port upon the first power up of the system. From the drop-down list box, all disabled Service Zones are gray-out; to activate any desired Service Zone, please configure the desired Service Zone under the Service Zone tab and enable its Service Zone Status (refer to 4.1.7. Service Zones).

© 2008 4IPNET, INC. 33 4ipnet WHG301 User’s Manual Ø Tag-Based: When the Tag-Based mode is selected, traffic from different virtual Service Zones will be distinguished by VLAN tagging, instead of by physical LAN ports. Select Tag-Based and then click Apply to activate the Tag-Based VLAN function. When a restart message screen appears, do NOT restart the system until you have completed the configuration under the Service Zones tab first. 8 Note: For more information on enabling and configuring Service Zones, please refer to Appendix C.

© 2008 4IPNET, INC. 35 4ipnet WHG301 User’s Manual Click Configure button to configure each Service Zone: Basic Settings, SIP Interface Configuration, Authentication Settings, Wireless Settings, and Managed AP in Each Service Zone. 1) Service Zone Settings – Basic Settings Ø Service Zone Status: Each service zone can be enabled or disabled except for the default service zone. Ø Service Zone Name: The name of service zone could be input here. Ø Network Settings: o Operation Mode: Contains NAT mode and Router mode. When NAT mode is chosen, the service zone runs in NAT mode. When Router mode is chosen this service zone runs in Router mode. o IP address: The IP Address of this service zone. o Subnet Mask: The subnet Mask of this service zone. Ø DHCP Server Settings: Related information needed on setting up the DHCP Server is listed here. Please note that when “Enable DHCP Relay” is enabled, the IP address of clients will be assigned by an external DHCP server. The system will only relay DHCP information from the external DHCP server to downstream clients of this service zone. o Start IP Address / End IP Address: A range of IP addresses that built-in DHCP server will assign to clients. Note: please change the Management IP Address List accordingly (at System Configurationà System Information à Management IP Address List) to permit the administrator to access the WHG301 admin page after the default IP address of the network interface is changed. o Preferred DNS Server: The primary DNS server that is used by this Service Zone. o Alternate DNS Server: The substitute DNS server that is used by this Service Zone. o Domain Name: Enter the domain name for this service zone.

© 2008 4IPNET, INC. 37 4ipnet WHG301 User’s Manual 3) Service Zone Settings – Authentication Settings Ø Authentication Status: When enabled, users must be authenticated before they get access to the network within this Service Zone. Ø Authentication Options: There are total seven types of authentication database (LOCAL, POP3, RADIUS, LDAP, NTDOMAIN, ONDEMAND, and SIP) that are supported by the entire system. For each Service Zone, up to six authentication options can be enabled, and one of them can be set as the default option – so that users do not have to type in the postfix string while entering username during login. Ø Custom Pages: Related login and logout pages can be customized by administrators for each service zone. Please refer to Appendix I. Customizable Pages for more details. Ø Group Permission for this Service Zone: For each Service Zone, the administrator can set up multiple groups for that Service Zone. For each group, an associated policy can be assigned. Therefore, users in the same group follow the same policy and have the same privileges. To configure Group permission based on the role of this Service Zone. Click Configure to have further configuration or view the details. Click Enabled of the desired Group option(s) to allow the clients of the selected Group(s) to log into this Service Zone after a successful authentication. Moreover, a pre-defined Policy can be applied to any Group in this Service Zone. Click the hyperlink of the respective Group names in the Edit Group Option column to enter the Group Configuration tab, where zone permission and policy assignment can be further configured (refer to 4.2.3. Group Configuration).

© 2008 4IPNET, INC. 39 4ipnet WHG301 User’s Manual 4.2 User Authentication This section includes the following functions: Authentication Configuration, Black List Configuration, Group Configuration, Policy Configuration and Additional Configuration.

© 2008 4IPNET, INC. 41 4ipnet WHG301 User’s Manual Ÿ Authentication Server Configuration WHG301 provides four authentication servers and one on-demand server that the administrator can apply with different policy. Click on the server name to set the configuration for that particular server. After completing and clicking Apply to save the settings, go back to the previous page to select a server to be the default server and enable or disable any server on the list. Users can log into the default server without the postfix to allow faster login process. Server 1~4: There are 5 authentication methods, Local User, POP3, RADIUS, LDAP and NTDomain, to select from. Server Name: Set a name for the authentication option by using numbers (0~9), alphabets (a~z or A ~Z), dash (-), underline (_), space and dot (.) only. The length of this field is up to 40 characters. This name is used for the administrator to identify the authentication options easily such as HQ-RADIUS. Postfix: A postfix is used to inform the system which authentication option to be used for authenticating an account (e.g. bob@BostonLdap or tim@TaipeiRadius) when multiple options are concurrently in use. One of authentication option can be assigned as default. For authentication assigned as default, the postfix can be omitted. For example, if "BostonLdap" is the postfix of the default option, Bob can login as "bob" without having to type in "bob@BostonLdap”. Set a postfix that is easy to distinguish (e.g. Local) and the server numbers (0~9), alphabets (a~z or A~Z), dash (-), underline (_) and dot (.) within a maximum of 40 characters. All other characters are not allowed. The Policy Name cannot contain these words: MAC and IP. Black List: There are 5 sets of black lists provided by the system. A user account listed in the black list is not allowed to log into the system, the client's access will be denied. The administrator may select one black list from the drop-down menu and this black list will be applied to this specific authentication option. Group: Select one Group from the drop-down list box for this specific authentication option. Authentication Method: Select Local from the drop-down list box and then click Local User Setting button to enter the Local User Settings. Then, click the hyperlink of Edit Local User List. Enabling two or more servers of the same authentication method is NOT allowed.

© 2008 4IPNET, INC. 42 4ipnet WHG301 User’s Manual 4.2.1.1 Authentication Method – Local Choose “Local User” from the Authentication Method field, the button besides the pull-down menu will become “Local User Setting”. Click the button of Local User Setting for further configuration. Ÿ Edit Local User List: It let the administrator view / add, and delete local user account. The Upload User button is for importing a list of user account from a text file. The Download User button is for exporting all local user accounts into a text file. Clicking on each user account leads to a page for configuring the individual local account. Local user account can be assigned a policy and applied Local VPN individually. Check the check box of individual local user account in the Enable Local VPN column to enable individually. MAC address of a networking device can be bound with a local user as well.

© 2008 4IPNET, INC. 43 4ipnet WHG301 User’s Manual o Add User: Click this button to enter into the Adding User(s) to the List interface. Fill in the necessary information such as “Username”, “Password”, “MAC”, and “Remark”. Select a desired Group to classify local users. Check to enable Local VPN in the Enable Local VPN column. Click Apply to complete adding the user(s). For more information on Group configuration, please refer to 4.2.3. Group Configuration. o Upload User: Click Upload User to enter the Upload User from File interface. Click the Browse button to select the text file for uploading user accounts, then click Upload to complete the upload process. When uploading a file, any format error or duplicated username will terminate the uploading process and no account will be uploaded. Please correct the format in the uploading file or delete the duplicated user account in the database, and then, try again. The unit of data transfer is byte. The unit of session length is second. ID (Username) and Password must be given in upper case.

© 2008 4IPNET, INC. 44 4ipnet WHG301 User’s Manual Ÿ Download User: Use this function to create a .txt file with all built-in user account information and then save it on disk. Ÿ Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Ÿ Del All: Click on this button to delete all the users at once and click on Delete to delete the user individually.

© 2008 4IPNET, INC. 46 4ipnet WHG301 User’s Manual 4.2.1.2 Authentication Method – POP3 Choose “POP3” from the Authentication Method field, the button beside the pull-down menu will become “POP3 Setting”. Click the button of POP3 Setting for further configuration. Enter the information for the primary server and/or the secondary server (the secondary server is not required). The fields with red asterisk are necessary information. These settings will become effective immediately after clicking the Apply button. Ÿ Server IP: The IP address of the external POP3 Server. Ÿ Port: The authentication port of the external POP3 Server. Ÿ SSL Setting: The system supports POP3S. Check the check box beside to Enable SSL Connection to POP3.

© 2008 4IPNET, INC. 47 4ipnet WHG301 User’s Manual 4.2.1.3 Authentication Method – RADIUS Choose “RADIUS” from the Authentication Method field, the button beside the pull-down menu will become “Radius Setting”. Click the button of Radius Setting for further configuration. The RADIUS server sets the external authentication for user accounts. Enter the information for the primary server and/or the secondary server (the secondary server is not required). The fields with red asterisk are necessary information. These settings will become effective immediately after clicking the Apply button. 802.1X Authentication: The system supports 802.1X. When 802.1X Authentication is enabled, the Local Authentication Database will be used as a RADIUS database for connection with 802.1X enabled devices such as access points or switches. When the option is enabled, the hyperlink of Radius Client List will appear.

© 2008 4IPNET, INC. 48 4ipnet WHG301 User’s Manual Click the hyperlink of Radius Client List to enter the Radius Client Configuration page. Choose a desired type from Disable, Roaming Out or 802.1X. Enter the IP Address, Segment (Subnet Mask), and Secret Key of 802.1X clients. Click Apply to complete the settings. Ÿ Trans Full Name: When Complete option is checked, both the username and postfix will be transferred to the RADIUS server for authentication. On the other hand, when Only ID option is checked, only the username will be transferred to the external RADIUS server for authentication. Ÿ NASID: The Network Access Server (NAS) Identifier of the system for the external RADIUS server. Ÿ Class-Group Mapping Ÿ This function is to assign a Group to a RADIUS class attribute sent from the RADIUS server. When the clients classified by RADIUS class attributes log into the system via the RADIUS server, each client will be mapped to its assigned Group. Ÿ Server IP: The IP address of the external RADIUS server. Ÿ Authentication Port: Enter the authentication port of the RADIUS server. Ÿ Accounting Port: The accounting port of the external RADIUS server. Ÿ Secret Key: The Secret Key for RADIUS authentication. Ÿ Accounting Service: The system supports RADIUS accounting that can be enabled or disabled. Ÿ Authentication Protocol: The configuration of the system must match with that of the remote RADIUS server. PAP (Password Authentication Protocol) transmits passwords in plain text without encryption. CHAP (Challenge Handshake Authentication Protocol) is a more secure authentication protocol with hash encryption. 8 Note: If the RADIUS Server does not assign idle-timeout value, the WHG301 will use the local idle-timeout.

© 2008 4IPNET, INC. 49 4ipnet WHG301 User’s Manual 4.2.1.4 Authentication Method – LDAP Choose “LDAP” from the Authentication Method field, the button beside the pull-down menu will become “LDAP Setting”. Click the button of LDAP Setting for further configuration. Enter the information for the primary server and/or the secondary server (the secondary server is not required). The blanks with red asterisk are necessary information which should be filled in. These settings will become effective immediately after clicking the Apply button. Ÿ Server IP: The IP address of the external LDAP server. Ÿ Port: The authentication port of the external LDAP server. Ÿ Base DN: The Distinguished Name for the navigation path of LDAP account. Ÿ Account Attribute: The attribute of LDAP accounts. Ÿ Attribute-Group Mapping: This function is to assign a Group to a LDAP attribute sent from the LDAP server. When the clients classified by LDAP attributes log into the system via the LDAP server, each client will be mapped to its assigned Group. To get and show the attribute name and value from the configured LDAP server, enter Username and Password and click Show Attribute. Then, the table of attribute will be displayed. Enter the Attribute Name and Attribute Value chosen from the attribute table, and select a Group from the drop-down list box.

© 2008 4IPNET, INC. 50 4ipnet WHG301 User’s Manual

© 2008 4IPNET, INC. 51 4ipnet WHG301 User’s Manual 4.2.1.5 Authentication Method – NTDomain Choose “NTDomain” from the Authentication Method field, the button beside the pull-down menu will become “NT Domain Setting”. Click the button of NT Domain Setting for further configuration. Enter the server IP address and enable/disable the transparent login function. These settings will become effective immediately after clicking the Apply button. Ÿ Server IP: The IP address of the external NT Domain Server. Ÿ Transparent Login: This function refers to Windows NT Domain single sign on. When Transparent Login is enabled, clients will log in to the system automatically after they have logged in to the NT domain, which means that clients only need to log in once.

© 2008 4IPNET, INC. 52 4ipnet WHG301 User’s Manual 4.2.1.6 Authentication Method – On-demand User On-demand User Server Configuration: The administrator can enable and configure this authentication method to create on-demand user accounts. This function is designed for hotspot owners to provide temporary users with free or paid wireless Internet access in the hotspot environment. Major functions include accounts creation, users monitoring list, billing plan, billing report statistics, and external payment gateway support. 1) General Settings This is the common setting for the On-demand User authentication option. The generated on-demand users and all accounts related information such as postfix and unit will be shown in this list. Ÿ Postfix: Postfix is used to inform the system which type of authentication database to be used for authentication when multiple databases are concurrently in use. Enter the postfix used for on-demand users. Ÿ Monetary Unit: Select the desired monetary unit or specified the unit by users. Ÿ Group Name: Select the desired group for on-demand user. Ÿ WLAN ESSID: The administrator can enter the defined wireless ESSID in this field and it will be printed on the receipt for on-demand users’ reference when accessing the Internet via wireless LAN service. The ESSIDs given here should be those of the Service Zones enabled for On-demand Users. Ÿ Wireless Key: The administrator can enter the defined wireless key such as WEP or WPA in the field. The Wireless Key will be printed on the receipt for the on-demand users’ reference when accessing the Internet via wireless LAN service. Ÿ Remaining Volume Sync Internal: While the on-demand user is still logged in, the system will update the

© 2008 4IPNET, INC. 53 4ipnet WHG301 User’s Manual billing notice of the login successful page by the time interval defined here. Ÿ Number of Tickets: Print one or duplicate receipts, when pressing the print button of the ticket printer which connected to serial port. 2) Ticket Customization On-demand account ticket can be customized here and previewed on the screen. Ÿ Receipt Header: There are two receipt headers supported by the system. The entered content will be printed on the receipt. These headers are optional. Ÿ Receipt Footer: The entered content will be printed on the receipt. This footer is optional. Ÿ Background Image: You can choose to customize the ticket by uploading your own background image for the ticket, or choose the default image or none. Click Browse to select the image file and then click upload. The background image file size limit is 100 Kbytes. No limit for the dimensions of the image is set, but a 460x480 image is recommended. Ÿ Preview: Click Preview button, the ticket will be shown including the information of username and password with the selected background. Print the ticket here.

© 2008 4IPNET, INC. 54 4ipnet WHG301 User’s Manual 3) Billing Plans Administrators can configure several billing plans. Click Edit button to enter the page of Editing Billing Plan. Click Apply to save the plan that manually set up by the administrators. Go back to the screen of Billing Plans, click Enable button, and then the plan is activated. Ÿ Plan: The number of the specific plan. Ÿ Type: This is the type of the plan, based on which it defines how the account can be used. Ÿ Quota: The limit on how On-demand users are allowed to access the network. Ÿ Enable: Click the radio button to activate the plan. Ÿ Function: Click the button Edit to add one billing plan. o Time: Total period of time (xx hrs yy mins), during which On-demand users are allowed to access the network. o Volume: Total traffic volume (xx Mbytes), up to which on-demand users are allowed to transfer data.

© 2008 4IPNET, INC. 55 4ipnet WHG301 User’s Manual o Cut-off Time: The time of day at which the on-demand account is cut off (made expired) by the system on that day. Please note that the “Grace Period” is an additional, short period of time after the account is cut off, during which a user is allowed to continue to use the on-demand account to access the Internet without paying additional fee. 4) External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on-line. The three options are Authorize.Net, PayPal and Disable. § Authorize.Net Before setting up “Authorize.Net”, it is required that the merchant owners have a valid Authorize.Net account. Please see Appendix A. Accepting Payments via Authorize.Net for more information about opening an Authorize.Net account, relevant maintenance functions, and an example for end users. Ø Authorize.Net Payment Page Configuration Merchant ID: This is the “Login ID” that comes with the Authorize.Net account Merchant Transaction Key: The merchant transaction key is similar to a password and is used by Authorize.Net to authenticate transactions. Payment Gateway URL: This is the default website address to post all transaction data.

© 2008 4IPNET, INC. 56 4ipnet WHG301 User’s Manual Verify SSL Certificate: This is to help protect the system from accessing a website other than Authorize.Net. Test Mode: In this mode, merchants can post test transactions for free to check if the payment function works properly. MD5 Hash: If transaction responses need to be encrypted by the Payment Gateway, enter and confirm a MD5 Hash Value and select a reactive mode. The MD5 Hash security feature enables merchants to verify that the results of a transaction, or transaction response, received by their server were actually sent from the Authorize.Net. Ø Service Disclaimer Content/ Choose Billing Plan for Authorize.Net Payment Page/Client’s Purchasing Record Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer. Choose Billing Plan for Authorize.Net Payment Page These 10 plans are the plans configured in Billing Plans page, and all previously enabled plans can be further enabled or disabled here, as needed. Client’s Purchasing Record Starting Invoice Number: An invoice number may be provided as additional information with a transaction. The number will be incremented automatically for each following transaction. Click the

© 2008 4IPNET, INC. 57 4ipnet WHG301 User’s Manual “Change the Number” checkbox to change it. Description (Item Name): This is the item information to describe the product (for example, Internet Access). Email Header: Enter the information that should appear in the header of the invoice. Ø Authorize.Net Payment Page Fields Configuration/ Authorize.Net Payment Page Remark Content Ø Authorize.Net Payment Page Fields Configuration Item: Check the box to show this item on the customer’s payment interface. Displayed Text: Enter what needs to be shown for this field. Required: Check the box to indicate this item as a required field. Credit Card Number: Credit card number of the customer. The Payment Gateway will only accept card numbers that correspond to the listed card types. Credit Card Expiration Date: Month and year expiration date of the credit card. This should be entered in the format of MMYY. For example, an expiration date of July September 2009 should be entered as 0709. Card Type: This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer’s credit card company. A code and narrative description are provided indicating the results returned by the processor.

© 2008 4IPNET, INC. 58 4ipnet WHG301 User’s Manual Card Code: The three- or four-digit code assigned to a customer’s credit card number (found either on the front of the card at the end of the credit card number or on the back of the card). E-mail: An email address may be provided along with the billing information of a transaction. This is the customer’s email address and should contain an @ symbol. Customer ID: This is an internal identifier for a customer that may be associated with the billing information of a transaction. This field may contain any format of information. First Name: The first name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter John in the First Name field indicating this customer’s name. Last Name: The last name of a customer associated with the billing or shipping address of a transaction. In the case when John Doe places an order, enter Doe in the Last Name field indicating this customer’s name. Company: The name of the company associated with the billing or shipping information entered on a given transaction. Address: The address entered either in the billing or shipping information of a given transaction. City: The city is associated with either the billing address or shipping address of a transaction. State: A state is associated with both the billing and shipping address of a transaction. This may be entered as either a two-character abbreviation or the full text name of the state. Zip: The ZIP code represents the five or nine digit postal code associated with the billing or shipping address of a transaction. This may be entered as five digits, nine digits, or five digits and four digits. Country: The country is associated with both the billing and shipping address of a transaction. This may be entered as either an abbreviation or full value. Phone: A phone number is associated with both a billing and shipping address of a transaction. Phone number information may be entered as all number or it may include parentheses or dashes to separate the area code and number. Fax: A fax number may be associated with the billing information of a transaction. This number may be entered as all number or contain parentheses and dashes to separate the area code and number. Ø Authorizie.Net Payment Page Remark Content Enter additional details for the transaction such as Tax, Freight and Duty Amounts, Tax Exempt status, and a Purchase Order Number, if applicable.

© 2008 4IPNET, INC. 59 4ipnet WHG301 User’s Manual § PayPal Before setting up “PayPal”, it is required that the hotspot owners have a valid PayPal “Business Account”. Please see Appendix B. Accepting Payments via PayPal for more information about setting up a PayPal Business Account, relevant maintenance functions, and an example for clients. After opening a PayPal Business Account, the hotspot owners should find the “Identity Token” of this PayPal account to continue “PayPal Payment Page Configuration”. Ø External Payment Gateway / PayPal Payment Page Configuration Business Account: The “Login ID” (an email address) that is associated with the PayPal Business Account. Payment Gateway URL: The default website address to post all transaction data. Identity Token: This is the key used by PayPal to validate all the transactions. Verify SSL Certificate: This is to help protect the system from accessing a website other than PayPal Currency: The currency to be used for the payment transactions. Ø Service Disclaimer Content / Billing Configuration for Payment Page

© 2008 4IPNET, INC. 60 4ipnet WHG301 User’s Manual Service Disclaimer Content: View the service agreement and fees for the standard payment gateway services as well as add or edit the service disclaimer content here. Choose Billing Plan for PayPal Payment Page: These 10 plans are the plans in Billing Configuration, and the desired plan(s) can be enabled. Ø Client’s Purchasing Record / PayPal Payment Page Remark Content Client’s Purchasing Record: Invoice Number: An invoice number may be provided as additional information against a transaction. This is a reference field that may contain any kind of information. Description: Enter the product/service description (e.g. wireless access service). Title for Message to Seller: Enter the information that will appear in the header of the PayPal payment page. PayPal Payment Page Remark Content: The message content will be displayed as a special notice to end customers in the page of “Rate Plan”. For example, it can describe the cautions for making a payment via PayPal.

© 2008 4IPNET, INC. 61 4ipnet WHG301 User’s Manual 5) On-demand Account Creation On-demand accounts are listed and related. When at least one plan is enabled, the administrator can generate on-demand user accounts here. Click this to enter the On-demand Account Creation screen. Click on the Create button of the desired plan and an on-demand user account will be created. Click Print to print a receipt which will contain the on-demand user’s information, including the username and password. 8 Note: If no Billing plan is enabled, accounts cannot be created by clicking Create button. Please goes back to Billing Plans to active at least one Billing plan by clicking Edit button and Apply the setting to activate the plan. The printer used by Print is a pre-configured printer connected to the administrator’s computer. Ÿ Plan: The number of a specific plan. Ÿ Type: Show one type of the plan in Time, Volume or Cut-off. Ÿ Quota: The Time Volume is how long the on-demand user is allowed to access the Internet. Ÿ Price: The unit price of each plan. Ÿ Status: Show the status in enabled or disabled. Ÿ Function: Press Create button for the desired plan; an On-demand user account will be created, and then click Printout to print a receipt which will contain this on-demand user’s information.

© 2008 4IPNET, INC. 62 4ipnet WHG301 User’s Manual

© 2008 4IPNET, INC. 63 4ipnet WHG301 User’s Manual 6) On-demand Account List All created On-demand accounts are listed and related information on is also provided. Ÿ Search: Enter a keyword of a username to be searched in the text filed and click this button to perform the search. All usernames matching the keyword will be listed. Ÿ Username: The login name of the user. Ÿ Password: The login password of the user. Ÿ Remaining Quota: The remaining time or volume that the user can continue to use to access the network. Ÿ Status: The status of the account. o Normal: the account is not currently in use and also does not exceed the quota limit. o Online: the account is currently in use. o Expired: the account is not valid any more, even there is remaining quota to be used. o Out of Quota: the account has exceeded the quota limit o Redeemed: the account has been applied for account renewal. Ÿ Delete All: This will delete all the users at once. Ÿ Delete: This will delete the users individually.

© 2008 4IPNET, INC. 64 4ipnet WHG301 User’s Manual 4.2.1.7 Authentication Method – SIP The system provides SIP proxy for SIP clients (devices or soft clients) pass through NAT. After enable SIP proxy server, all SIP traffic can pass through NAT with a selective but fixed WAN interface. Administrator will be able to add trusted SIP Registrars up to four of them. A group can be chosen to govern SIP traffic. Ÿ SIP: SIP authentication supports 4 Trusted SIP Registrar. Ÿ IP Address: The IP address of the Trusted SIP Registrar. Ÿ Remark: The administrator can enter extra information in this field for remark. Ÿ Group: A Group option can be applied to the clients who login with SIP Authentication. Be noted that the specific route of the applied Policy for the selected Group cannot conflict with the assigned WAN interface for SIP authentication.

© 2008 4IPNET, INC. 65 4ipnet WHG301 User’s Manual 4.2.2 Black List Configuration The administrator can add, delete, or edit the black list for user access control. Each black list can include up to 40 users. Users’ accounts that appear in the black list will be denied of network access. The administrator can use the pull-down menu to select the desired black list. Ÿ Select Black List: There are 5 lists to select from for the desired black list. Ÿ Name: Set the black list name and it will show on the pull-down menu above. Ÿ Add User to List: Click the hyperlink to add users to the selected black list. After entering the usernames in the “Username” blanks and the related information in the “Remark” blank (not required), click Apply to add the users. If removing a user from the black list is desired, select the user’s “Delete” check box and then click the Delete button to remove that user from the black list.

© 2008 4IPNET, INC. 66 4ipnet WHG301 User’s Manual

© 2008 4IPNET, INC. 69 4ipnet WHG301 User’s Manual Ø Name: The name of Service Zones and Remote VPN. Ø Enabled: Select Enabled to allow clients of this Group to log into the selected Service Zones. For example, the above figure shows that users in Group 1 can access network services via every Service Zone as well as Remote VPN under constraints of Policy 1. Ø Policy: Select a Policy that the Group will be applied with when accessing respective Service Zones. Ø Edit Group Permission: The relation between Group and Service Zone is many to many; every Group can access network services via more than one Service Zone, and meanwhile, each Service Zone can serve more than one Group. Click the hyperlink in the Edit Group Permission column to enter the Group Configuration interface, which is based on the role of Service Zone, to configure the relation between Group and Zone. o Group Option: The name of Group options available for selection. o Enabled: Select Enabled to allow clients of the enabled Groups to log in to this Service Zone under

© 2008 4IPNET, INC. 70 4ipnet WHG301 User’s Manual constraints of the selected Policies. Check Enabled of each individual Group to assign it to the Service Zone listed. For example, the above figure shows, clients in Group 1~8 can access Default Service Zone, where they are governed by Policy 1~8 respectively. o Policy: Select a Policy that the Group will be applied with when accessing this Service Zone. o Edit Group Option: Click the hyperlink in the Edit Group Option column to enter Zone Permission Configuration & Policy Assignment interface, which is based on the role of Group, to configure the relation between Group and Zone.

© 2008 4IPNET, INC. 78 4ipnet WHG301 User’s Manual 4.2.5 Additional Configuration Ÿ User Control: Functions under this section apply to all general users. Idle Timer: If a user has idled with no network activities, the system will automatically kick out the user. The logout timer can be set between 1~1440 minutes, and the default logout time is 10 minutes. Multiple Login: When enabled, a user can log in from different computers with the same account. (This function doesn’t support On-demand users and RADIUS authentication.) Ÿ Roaming Out Timer: Session Timeout: The time that the user can access the network while roaming. When the time is up, the user will be kicked out automatically. Idle Timeout: If a user has idled with no network activities, the system will automatically kick out the user. Interim Update: The system will update the users’ current status and usage according to this time period. Ÿ Upload File Certificate: A data record used for authenticating network entities such as a server or a client. A certificate contains X.509 information pieces about its owner (called the subject) and the signing Certificate Authority (called the issuer), plus the owner's public key and the signature made by the CA. Network entities verify these signatures using CA certificates. You can apply for a SSL certificate at CAs such as VeriSign. If you already have an SSL Certificate, please Click Browse to select the file and upload it. Click Apply to complete the upload process.

© 2008 4IPNET, INC. 79 4ipnet WHG301 User’s Manual Without a valid certificate, users may encounter the following problem in IE7 when they try to open the login page. Click “Continue to this website” to access the user login page. To Use Default Certificate: Click Use Default Certificate to use the default certificate and key. Click restart to validate the changes. Ÿ Credit Reminder: The administrator can enable this function to remind the on-demand users before their credit run out. There are two kinds of reminder, Volume and Time. The default reminding trigger level for Volume is 1Mbyte and the level for Time is 5 minutes.

© 2008 4IPNET, INC. 80 4ipnet WHG301 User’s Manual Ÿ Enhance User Authentication: With this function, only the users with their MAC addresses in this list can log into WHG301. There are 40 users maximum allowed in this MAC address list. User authentication is still required for these users. Please enter the Permit MAC Address List to fill in these MAC addresses, select Enable, and then click Apply. The format of the MAC address is: xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.

© 2008 4IPNET, INC. 81 4ipnet WHG301 User’s Manual 4.3 AP Management WHG301 supports to manage up to 12 access points (AP), and they can be configured in this section. This section includes the following functions: AP List, AP Discovery, Manual Configuration, Template Settings, Firmware Management, AP Upgrade and WDS Management.

© 2008 4IPNET, INC. 82 4ipnet WHG301 User’s Manual 4.3.1 AP List All of the APs under the management of WHG301 will be shown in the list. The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status. Check any AP and then click the button below to Reboot, Enable, Disable and Delete the checked AP if desired. Click Apply Template to select one template to apply to the AP.

© 2008 4IPNET, INC. 83 4ipnet WHG301 User’s Manual Ÿ AP Name Click AP Name and enter the interface about related settings. There are four kinds of settings, General Settings, LAN Interface Setting, Wireless Interface Setting and Access Control Setting. Click the hyperlink to go on the configuration. Ø General Setting: Click Setting to enter the General Setting interface. Firmware information can be observed here. Ø LAN Setting: Click LAN to enter the LAN Setting interface. Input the data of LAN including IP address, Subnet Mask and Default Gateway of AP.

© 2008 4IPNET, INC. 84 4ipnet WHG301 User’s Manual Ÿ Wireless LAN: Click Wireless LAN to enter the Wireless interface. Ø Access Control: In this function, when the status is “Allowed”, only these clients whose MAC addresses are listed in this list can be allowed to connect to the AP; on the other hand, when the status is “Denied”, the clients whose MAC addresses are listed in the list will be denied to connect to the AP. When “Disabled” is selected, all clients can connect to the AP. The default is Disabled. o User Limit: Limit the number of users connected to that AP. Ÿ Status After clicking the hyperlink in the Status column, there are two areas of information shown: AP Status Summary and AP Status Details. AP Status Summary includes AP Name, AP Type, LAN Interface MAC address, Wireless Interface MAC address, Report Time, SSID, and Number of Associated Clients. AP Status Details include System Status, LAN Status, Wireless LAN Status, Access Control Status Associated Client Status and Local Log Status.

© 2008 4IPNET, INC. 85 4ipnet WHG301 User’s Manual

© 2008 4IPNET, INC. 86 4ipnet WHG301 User’s Manual 4.3.2 AP Discovery Use this function to detect and manage all of the APs in the network segments. Note that WHG301 can only manage APs that are connected to its LAN ports. Therefore, the AP discovery function is for adding locally connected APs to its management list. The administrator must know the local IP addresses of the APs he/she wishes to discover. Ÿ To discover AP manually, please fill in the required data. Ø AP Type: Choose the type of AP you wish to discover. Ø Interface: Set to default. Ø Admin Settings Used to Discover: Choose from Factory Default or Manual. Ø IP Addresses of APs after Discovery: Start assigning from this IP address to discovered APs. Then click the Scan Now button and the APs match the given settings will show in the list below. If one of the IP addresses intended is used, a warning message will show up. In this case, please change the IP range and then click Scan Now again. Input the desired name and password for the AP. Select one template check it and then click Add to add it under the managed list. (About the template, please see 4.3.4 Template Settings). When the matched AP is discovered, it will show up in the list below and be given a new IP address set here (ex: 192.168.1.1). Check the Add box to add the AP and it will be listed to the AP list. When an AP is added, its MAC address will be automatically recorded into MAC Privilege List (please see 4.4.2 Privilege List) so its management page can be accessed.

© 2008 4IPNET, INC. 87 4ipnet WHG301 User’s Manual Click Configuring to go on the related configuration. For the details, please refer to 4.3.1 AP List. Ÿ Background AP Discovery: Click Configure to enter Background AP Discovery interface to go on related configuration. The Interface and AP Access configuration is the same as the settings mentioned above. When Background AP Discovery function is enabled, the system will scan once every 10 minutes or according to the time set by the administrator. If any AP is discovered and “Auto-Add AP” is enabled, it will be assigned an available IP from the starting IP address and apply the selected template. You can also set the channel the AP would use. The scanning process may take a long time if the IP range assigned to scan is too wide.

© 2008 4IPNET, INC. 88 4ipnet WHG301 User’s Manual 4.3.3 Manual Configuration The AP also can be added manually even though when it is offline. Input the related data of the AP and select a Template. After clicking Add, the AP will be added to the managed list.

© 2008 4IPNET, INC. 89 4ipnet WHG301 User’s Manual 4.3.4 Template Settings Template is a model that can be copied to every AP and not necessary to configure the AP individually. There are three templates provided. Click Edit to go on configuration. Before configure the template, copy the configuration mode of an AP to the template by selecting a Source AP, and without configuring the template from the beginning, administrators can also revise some settings for demand. If copy is not desired, please select NONE. Input the Template Name and Template Remark and click the button of Configure to go on configuration. After entering the interface, revise the configuration for demand and change administrator’s password if desired. About other function settings, please refer to 4.3.1 AP List. Ÿ Template Editing The administrator can set the template configuration manually. Click Configure button to have detailed configurations.

© 2008 4IPNET, INC. 90 4ipnet WHG301 User’s Manual 4.3.5 Firmware Management Firmware Upload displays the current version of the AP’s firmware. New firmware can be uploaded here to update the current firmware. To upload, click Browse to select the file and then click Upload. 4.3.6 AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware, and click Apply to upgrade firmware.

© 2008 4IPNET, INC. 91 4ipnet WHG301 User’s Manual 4.3.7 WDS Management WDS Management (Wireless Distribution System) is a function used to connect APs (Access Points) wirelessly. The WDS management function of the system can help administrators to setup a “Tree” structure of WDS network. Ÿ WDS Status: Status shows the added APs in the WDS Tree with the Security and Channel settings. The WDS could be set up more than one tree. Click the Edit is to change the WDS connection settings for the associated WDS Tree. Ÿ WDS Update: Update the WDS connection with the following operations. Ø Add: Add a new WDS connection with a Child AP not in the WDS and a Parent AP from the AP List. A new WDS Tree will be added if the selected Parent AP is not in any of the current WDS Trees. Click Edit is to change the WDS connection settings for the new added WDS Tree. Ø Move: Update a WDS connection with a Child AP from WDS and a Parent AP which could be anymore from WDS, and the previous WDS connection of the Child AP to the previous Parent AP will be deleted. Ø Delete: All the WDS connections of the selected AP will be deleted including the WDS connections to its Child APs, and the Child APs without wired connection will become unreachable.

© 2008 4IPNET, INC. 92 4ipnet WHG301 User’s Manual 4.4 Network Configuration This section includes the following functions: Network Address Translation, Privilege List, Monitor IP List, Walled Garden List, Proxy Server Properties, Dynamic DNS, IP Mobility and VPN Configuration.