GemTek Technology R950829G High Performance Hotspot Access Point User Manual BW1330 UG v1 0

Gemtek Technology Co., Ltd. High Performance Hotspot Access Point BW1330 UG v1 0

Contents

Manual Part 1

BW1330
High Performance Hotspot Access Point
User Guide
Version 1.0
September, 2006
www.browan.com
Copyright©2006 BROWAN Communications, Inc.
Copyright
© 2002-2006 Browan Communications.
This user’s guide and the software described in it are copyrighted with all rights reserved. No part of
this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form by any means without the written permission of Browan
Communications.
Notice
Browan Communications reserves the right to change specifications without prior notice.
While the information in this manual has been compiled with great care, it may not be deemed an
assurance of product characteristics. Browan Communications shall be liable only to the degree
specified in the terms of sale and delivery.
The reproduction and distribution of the documentation and software supplied with this product and
the use of its contents is subject to written authorization from Browan Communications.
Trademarks
The product described in this book is a licensed product of Browan Communications.
Microsoft, Windows 95, Windows 98, Windows Millennium, Windows NT, Windows 2000, Windows
XP, and MS-DOS are registered trademarks of the Microsoft Corporation.
Novell is a registered trademark of Novell, Inc.
MacOS is a registered trademark of Apple Computer, Inc.
Java is a trademark of Sun Microsystems, Inc.
Wi-Fi is a registered trademark of Wi-Fi Alliance.
All other brand and product names are trademarks or registered trademarks of their respective
holders.
National Radio Regulations
The usage of wireless network components is subject to national and or regional regulations and laws.
Administrator must ensure that they select the correct radio settings according to their regulatory domain. Refer
to the B) Regulatory Domain/Channels chapter in the appendix to get more information on regulatory domains.
Please check the regulations valid for your country and set the parameters concerning frequency, channel, and
output power to the permitted values!
BROWAN Page
1
FCC Warning
This equipment has been tested and found to
comply with the limits for a Class B digital device,
pursuant to Part 15 of the FCC Rules. These limits
are designed to provide reasonable protection
against harmful interference in a residential
installation.
This equipment generates, uses and can radiate
radio frequency energy and, if not installed and
used in accordance with the instructions, may
cause harmful interference to radio communications.
However, there is no guarantee that interference
will not occur in a particular installation. If this
equipment does cause harmful interference to radio
or television reception, which can be determined by
turning the equipment off and on, the user is
encouraged to try to correct the interference by one
of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the
equipment and receiver.
Connect the equipment into an outlet on a
circuit different from that to which the
receiver is connected.
Consult the dealer or an experienced
radio/TV technician for help.
This device complies with Part 15 of the FCC Rules.
Operation is subject to the following two conditions:
(1) This device may not cause harmful interference,
and (2) this device must accept any interference
received, including interference that may cause
undesired operation.
FCC Caution
To assure continued compliance, any changes or
modifications not expressly approved by the party
responsible for compliance could void the user's
authority to operate this equipment
FCC Radiation Exposure Statement
This equipment complies with FCC radiation
exposure limits set forth for an uncontrolled
environment. This equipment should be installed
and operated with minimum distance 20cm between
the radiator and your body. This transmitter must
not be co-located or operating in conjunction with
any other antenna or transmitter.
CE Mark Warning
This is a Class A product. In a domestic
environment this product may cause radio
interference in which case the user may be required
to take adequate measures.
R&TTE Compliance Statement
This equipment complies with all the requirements
of the Directive 1999/5/EC of the European
Parliament and the Council of 9 March 1999 on
Radio Equipment and Telecommunication Terminal
Equipment and the Mutual Recognition of their
Conformity (R&TTE).
The R&TTE Directive repeals and replaces in the
directive 98/13/EEC (Telecommunications Terminal
Equipment and Satellite Earth Station Equipment)
As of April 8, 2000.
Safety
This equipment is designed with the utmost care for
the safety of those who install and use it. However,
special attention must be paid to the dangers of
electric shock and static electricity when working
with electrical equipment. All guidelines of this
manual and of the computer manufacturer must
therefore be allowed at all times to ensure the safe
use of the equipment.
EU Countries Intended for Use
The ETSI version of this device is intended for
home and office use in Austria, Belgium, Denmark,
Finland, France (with Frequency channel
restrictions), Germany, Greece, Ireland, Italy,
Luxembourg, The Netherlands, Portugal, Spain,
Sweden and United Kingdom.
The ETSI version of this device is also authorized
for use in EFTA member states Iceland,
Liechtenstein, Norway and Switzerland.
EU Countries Not Intended for Use
None..
BROWAN Page
2
The availability of some specific channels and/or operational frequency bands are 
country dependent and are firmware programmed at the factory to match the 
intended destination. The firmware setting is not accessible by the end user.
User’s Guide Version 1.0
Copyright .............................................................................................................................................1
Notice ..................................................................................................................................................1
Trademarks .........................................................................................................................................1
National Radio Regulations.................................................................................................................1
FCC Warning.......................................................................................................................................2
CE Mark Warning ................................................................................................................................2
R&TTE Compliance Statement...........................................................................................................2
CONTENTS ............................................................................................................................................3
ABOUT THIS GUIDE..............................................................................................................................7
Purpose ...............................................................................................................................................7
Prerequisite Skills and Knowledge......................................................................................................7
Conventions Used in this Document...................................................................................................7
Help Us to Improve this Document! ....................................................................................................7
Browan Communications Technical Support......................................................................................7
CHAPTER 1 – INTRODUCTION............................................................................................................8
Product Overview................................................................................................................................8
Management Options..........................................................................................................................8
The BW1330 Features ........................................................................................................................9
CHAPTER 2 – INSTALLATION ...........................................................................................................10
The Product Package........................................................................................................................10
Hardware Introduction.......................................................................................................................11
General Overview..........................................................................................................................11
Back Panel.....................................................................................................................................12
LEDs ..............................................................................................................................................12
Connectors.....................................................................................................................................13
Stand..............................................................................................................................................14
Wall Mount.....................................................................................................................................14
Connecting the Access Controller.....................................................................................................15
Initialization........................................................................................................................................16
Access Your BW1330....................................................................................................................16
Software Introduction: KickStart ....................................................................................................17
Step by Step Setup ...........................................................................................................................20
CHAPTER 3 – UNIVERSAL ADDRESS TRANSLATION ...................................................................23
What is UAT ......................................................................................................................................23
UAT Principle ....................................................................................................................................23
UAT Limitation...................................................................................................................................23
CHAPTER 4 – USER PAGES (BASED ON XSL)................................................................................25
User Pages Overview........................................................................................................................25
Welcome Page...............................................................................................................................25
Login Page.....................................................................................................................................25
Logout Page...................................................................................................................................26
Help Page ......................................................................................................................................27
Unauthorized Page........................................................................................................................27
Example for External Pages ..........................................................................................................28
Example for Internal Pages ...........................................................................................................30
Extended UAM ..................................................................................................................................33
Parameters Sent to WAS...............................................................................................................35
Contents
BROWAN Page
3
User’s Guide Version 1.0
CHAPTER 5 – CUSTOMIZED USER PAGE (HTML)..........................................................................39
Determine Your Access Policy..........................................................................................................39
Configure Authentication-Free Access Policy...................................................................................39
FAQ ...................................................................................................................................................45
CHAPTER 6 – COMMAND LINE INTERFACE....................................................................................46
Introduction........................................................................................................................................46
Get Connection to CLI.......................................................................................................................46
Telnet Connection..........................................................................................................................46
SSH Connection ............................................................................................................................47
Terminal Connection......................................................................................................................47
Login..................................................................................................................................................47
Connection ........................................................................................................................................48
Network .............................................................................................................................................48
User...................................................................................................................................................51
Status ................................................................................................................................................52
System...............................................................................................................................................53
Telnet.................................................................................................................................................53
Reboot...............................................................................................................................................53
Reset .................................................................................................................................................53
Exit.....................................................................................................................................................53
CHAPTER 7 – SNMP MANAGEMENT................................................................................................54
Introduction........................................................................................................................................54
SNMP Versions .................................................................................................................................54
SNMP Agent......................................................................................................................................55
SNMP Community Strings.................................................................................................................55
Use SNMP to Access MIB.................................................................................................................55
BROAN Private MIB..........................................................................................................................56
CHAPTER 8 – REFERENCE MANUAL...............................................................................................57
Web Interface....................................................................................................................................57
Network Interface ..............................................................................................................................59
Network Interface | Configuration | Interface Configuration...........................................................59
Network Interface | Configuration | Bridge.....................................................................................60
Network Interface | Configuration | VLAN......................................................................................62
Network Interface | Configuration | Route......................................................................................63
Network Interface | Configuration | Port Forwarding .....................................................................64
Network Interface | Configuration | DHCP Relay...........................................................................65
Network Interface | Configuration | User ACL................................................................................65
Network Interface | Configuration | Management Subnet..............................................................66
Network Interface | DNS ................................................................................................................67
Network Interface | DHCP .............................................................................................................68
Network Interface | POP3 ..............................................................................................................70
Network Interface | RADIUS..........................................................................................................70
Network Interface | RADIUS | Settings..........................................................................................70
Network Interface | RADIUS | Servers...........................................................................................72
Network Interface | RADIUS | WISP..............................................................................................74
Network Interface | RADIUS | Proxy..............................................................................................75
Network Interface | RADIUS | Accounting Backup........................................................................76
Network Interface | Tunnels...........................................................................................................77
Network Interface | Tunnels | PPPoE/GRE ...................................................................................77
Network Interface | Tunnels | GRE Client for VPN........................................................................78
Network interface| wireless | Basic................................................................................................80
Network interface | wireless | Advance..........................................................................................82
Network Interface | Wireless | WDS ..............................................................................................85
Network interface | wireless | Sec WEP ........................................................................................86
BROWAN Page
4
User’s Guide Version 1.0
User Interface....................................................................................................................................87
User Interface | Configuration | Pages...........................................................................................87
User Interface | Configuration | Upload .........................................................................................88
User Interface | Configuration | Headers .......................................................................................88
User Interface | Configuration | Remote Authentication ................................................................89
User Interface | Configuration | Custom Uam................................................................................89
User Interface | Administrator........................................................................................................94
User Interface | Start Page ............................................................................................................95
User Interface | Walled Garden .....................................................................................................95
User Interface | Web Proxy............................................................................................................96
System...........................................................................................................................................97
System | Configuration | Syslog.....................................................................................................97
System | Configuration | Clock ......................................................................................................98
System | Configuration | NTP ........................................................................................................98
System | Configuration | Certificate ...............................................................................................99
System | Configuration | Save and Restore.................................................................................100
System | Configuration | Domain Name ......................................................................................101
System | Configuration | Share Username ..................................................................................102
System | Access | Access Control...............................................................................................102
System | Access | Telnet .............................................................................................................104
System | Access | AAA ................................................................................................................104
System | Access | UAT ................................................................................................................105
System | Access | Isolation..........................................................................................................106
System | Access | NAV................................................................................................................106
System | Access | SNMP.............................................................................................................106
System | Access | Web Auth........................................................................................................109
System | Access | Mac List..........................................................................................................110
System | Access | HTTPC ...........................................................................................................110
System | Status............................................................................................................................110
System | Reset.............................................................................................................................112
System | Update ..........................................................................................................................113
Connection ......................................................................................................................................115
Connection | Users ......................................................................................................................115
Connection | E-mail Redirection ..................................................................................................117
Connection | Station Supervision.................................................................................................117
Built-In AAA .....................................................................................................................................118
Built-in AAA | E-Billing .................................................................................................................118
Built-in AAA | E-Billing | User Control ..........................................................................................118
Built-in AAA | E-Billing | Band Class............................................................................................121
Built-in AAA | E-Billing | Bill setting..............................................................................................121
Built-in AAA | E-Billing| Power cut protection...............................................................................122
Built-in AAA | pre-paid .................................................................................................................123
Built-in AAA | pre-paid | user account..........................................................................................123
Built-in AAA | pre-paid | price/unit................................................................................................124
Built-in AAA | pre-paid | account life ............................................................................................124
Built-in AAA | pre-paid | receipts..................................................................................................124
Built-in AAA | pre-paid | timeunit..................................................................................................125
Built-in AAA | pre-paid | account reminder...................................................................................125
Built-in AAA | pre-paid | manage net print ...................................................................................125
Built-in AAA | Configuration .........................................................................................................126
Built-in AAA | Configuration | Language ......................................................................................126
Built-in AAA | Configuration | Backup and restore.......................................................................126
Built-in AAA | pre-paid | WEP key and SSID ...............................................................................126
Built-in AAA | Configuration | title.................................................................................................126
APPENDIX..........................................................................................................................................128
A) Access Controller Specification..................................................................................................128
BROWAN Page
Technical Data.............................................................................................................................128
5
User’s Guide Version 1.0
B) Regulatory Domain/Channels.....................................................................................................130
C) CLI Commands and Parameters................................................................................................131
Network Commands ....................................................................................................................131
User Commands..........................................................................................................................135
System Commands .....................................................................................................................137
Status Commands .......................................................................................................................140
Connection Commands ...............................................................................................................140
D) Location ID and ISO Country Codes..........................................................................................141
E) User Pages Templates Syntax ...................................................................................................145
GLOSSARY........................................................................................................................................150
BROWAN Page
6
User’s Guide Version 1.0
About this Guide
Purpose
This document provides information and procedures on hardware installation, setup, configuration,
and management of the Browan Communications high performance hotspot access point model
BW1330. The BW1330 is a highly integrated Access Controller with built-in AAA systems for public
access hotspot. We will call it AC later in the manual.
Prerequisite Skills and Knowledge
To use this document effectively, you should have a working knowledge of Local Area Networking
(LAN) concepts and wireless Internet access infrastructures. In addition, you should be familiar with
the following:
Hardware installers should have a working knowledge of basic electronics and mechanical
assembly, and should understand related local building codes.
Network administrators should have a solid understanding of software installation procedures for
network operating systems under Microsoft Windows 95, 98, Millennium, 2000, NT, and Windows
XP and general networking operations and troubleshooting knowledge.
Conventions Used in this Document
The following typographic conventions and symbols are used throughout this document:
Very important information. Failure to observe this may result in damage.
Important information that should be observed.
Additional information that may be helpful but which is not required.
Menu commands, buttons and input fields are displayed in bold
bold
code File names, directory names, form names, and system-generated output
such as error messages are displayed in constant-width type
<value> Placeholder for certain values, e.g. user inputs
[value] Input field format, limitations, and/or restrictions.
Help Us to Improve this Document!
If you should encounter mistakes in this document or want to provide comments to improve the
manual please send e-mail directly to:
manuals@browan.com
Browan Communications Technical Support
If you encounter problems when installing or using this product, please consult the Browan
Communications website at http://www.browan.com/ for:
Direct contact to the Browan Communications support centers.
Frequently Asked Questions (FAQ).
Download area for the latest software, user documentation and product updates.
BROWAN Page
7
User’s Guide Version 1.0
Chapter 1 – Introduction
Thank you for choosing the Browan Communications High Performance Hopspot Access Point.
The BW1330 is a high performance and highly integrated Access Controller for public access
networks. It combines a high-speed wireless LAN Access Point, an IP Router, one LAN port and a
complete Access Controller for Wi-Fi Hotspot. One single BW1330 can serve up to 30 simultaneous
connected wireless client stations, takes control over authentication, accounting and routing to the
Internet as well as to the operator’s central network.
Product Overview
Authentication, Authorization & Accounting
The BW1330 supports multiple secure authentication methods from standard web browser login
(Universal Access Method), MAC authentication, to 802.1x/EAP with passwords, certificates or SIM
cards. The integrated real-time accounting system is based on standard RADIUS/EAP and supports
various billing plans from prepaid, pay-per-time, per-volume, per-use or flat rate. Integration into
existing OSS/BSS systems can be done with ease.
Service Differentiation
The integrated Web server of the BW1330 allows flexible interaction with common web application
servers, facilitating the provisioning of differentiated services with bandwidth management, location
based and personalized services. Inter-Provider roaming and multi-OSS support is guaranteed by the
persistent usage of standardized protocols and interfaces like RADIUS, HTTPS and XML. As all
BW1330 are compliant with the recommendations of the Wi-Fi Alliance WISP roaming group.
Remote Control
The BW1330 is placed at the edge of a broadband access network and allows operators to provide
cost effective public Wi-Fi services, by managing per user access control, device configuration, and
radio performance centrally from the operations centre. HTTPs, telnet, SSH or SNMP over VPN can
be used for secure remote management.
Privacy
BW1330 supports different levels of security and data encryption. Client stations can be separated on
link layer (Layer2 User Isolation), preventing intruders from accessing the hard discs of other users.
User credentials (passwords) are protected by SSL or EAP-based authentication methods. User traffic
can be encrypted by VPNs (pass-through). Operators and service providers can make use of the
integrated VPN/tunneling protocols to protect AAA and management traffic.
Management Options
You can use the Access Controller management systems through the following interfaces:
Web-browser interface
Command Line interface (CLI)
Simple Network Management Protocol (SNMP v1, v2, v3)
The AC management system pages are organized the same way for the web-browser interface and
the CLI. This user manual provides detailed description of each management option.
BROWAN Page
8
User’s Guide Version 1.0
The BW1330 Features
WLAN
802.11b+g compliant, 1-54Mbps with auto-fallback
Wi-Fi compliant
Support Multiple BSSID up to 16 "Virtual AP"
Concurrent 802.11b and 802.11g access
WDS support (concurrent bridge and AP mode)
WPA/WPA2 (Wi-Fi Protected Access) support
R-TNC connectors for external antennas
RF output power
High receiver sensivity (up to -91 dBm@1Mbps, 8%PER)
AAA
Multiple authentication methods: UAM, 802.1x/EAP, RADIUS, MAC, Smart Client (e.g. iPass)
Per LAN/VLAN AAA, IP policies
WISPr compliant
Internal and external accounting backups
Internal or external web server
Remote user login, logout, session status control via https/XML
AAA proxy server (for simultaneous EAP and UAM)
Per user bandwidth management
Web proxy support
IP Router and IP address management
Static IP routing table
NAT/NAPT (IP masquerading)
Port-forwarding
802.1q VLAN support
Transparent VPN client pass-through (PPTP, IPsec ESP)
Selective source routing
PPPoE client
GRE Tunnel
DHCP server, relay gateway (suboptions), DHCP client
Multiple IP pools per user group
UAT (Universal Address Translation)
SMTP redirection (e-mail)
VPN
GRE VPN client
Ethernet port
One WAN port, One LAN port 10/100Mb, auto-sensing
Management
Secure management via https, SSH, SNMP
SNMP proxy
SNMPv3 (incl. authentication and encryption)
Management subnet for remote AP and switch management
Remote firmware update
BROWAN Page
9
User’s Guide Version 1.0
Chapter 2 – Installation
This chapter provides installation instructions for the hardware and software components of the
Access Controller BW1330. It also includes the procedures for the following tasks:
Hardware Introduction (LEDs, Connectors)
Connecting the Access Controller
First Configuration
Step-by-Step Setup
The Product Package
The Access Controller comes with the following:
High Performance Hopspot Access Point (model: BW1330)
Detachable Antennas (Dipole Antenna with R-TNC plug connector, 2 units)
External power supply (Input:100-240VAC, 50-60Hz, Output: 12VDC, 1 unit)
Ethernet Patch Cable (STP, 1.5 m length, 1 unit)
Installation CD containing:
BW1330 User Guide in PDF format
KickStart Utility
Product Firmware
Release Notes
Adobe Acrobat Readers
Printed Warranty Note(3 year)
Console cable
Screw bag
If any of these items are missing or damaged, please contact your reseller or
Browan Communications sales representative.
BROWAN Page
10
User’s Guide Version 1.0
Hardware Introduction
General Overview
Figure 1 –BW1330 Access Controller General View
The front panel of the Access Controller contains:
A series of indicator lights (LEDs) that help describe the state of various networking and
connection operations.
The reverse panel of the Access Controller contains:
Connectors which enable you to make different network connections for the controller
Reset button enables you to reboot or reset the device configuration to the factory defaults
Press the Reset button for less than 3 seconds to reboot the controller.
Press the Reset button for more than 10 seconds to set the controller to factory
defaults.
BROWAN Page
11
User’s Guide Version 1.0
Back Panel
Figure 2 – Back Panel of the BW1330
The back panel of the Access Controller contains:
Model and device name (see item 1 in figure above). The official device name is High
Performance Hopspot Access Point, model BW1330.
MAC address of the device. The label (item 2 in figure above) shows the LAN interface MAC
address of the device. You can determine the WAN and WLAN(Up to 16 MBSSID) interfaces’
MAC addresses by a simple calculation:
WAN interface MAC = LAN MAC + 1 (Hex)
WLAN(MBSSID) interface MAC = LAN MAC + 1 (Hex) by sequence up to 16 MAC
LEDs
The Access Controller has several LEDs located on the front panel:
Figure 3 – LEDs of the BW1330
BROWAN Page
12
User’s Guide Version 1.0
The various states of the LEDs indicate different networking and connection operations as follows:
Item LED Color Status Indication
On system is active/working Green
Blinking system is booting
1 Power
Orange On Writing to FLASH memory
On PPPoE/PPTP/GRE tunnel for DSL is actived. 2 Online Green
Off PPPoE/PPTP/GRE tunnel for DSL is deactived.
On WAN active/working 3 WAN Green
Blinking Data transmitting
On 100 Mbps network connection exists Green
Blinking Data transmitting
On 10 Mbps network connection exists
4 LAN
Orange
Blinking Data transmitting
On WLAN active/working 5
WLAN Green
Blinking Data transmitting
Connectors
The Access Controller has several connectors on the rear panel:
Figure 4 – Connectors
Descriptions of the connectors are given in the following table:
BROWAN Page
13
Item Connector Description
Power For power supply 1
2 Reset Reboot or reset to factory defaults.
Press the reset button for less than 3 seconds to reboot the
controller. Press the reset button for more than 10 seconds
to set the controller to factory defaults
3 WAN For Internet connection and PoE input
4 LAN For enterprise applications use this port to connect your
company LAN, Intranet or to hotspot access points
5 RS232 Console port
6 Antenna The MAIN antenna
7 Antenna The AUX antenna
User’s Guide Version 1.0
Stand
The BW1330 is designed standing on the desk or wall mount. Refer to the direction of red arrow to
release and insert the stand at the back of BW1330.
figure 5 – release stand figure 6 – insert stand
Wall Mount
BW1330 is also designed for wall mounting.Refer to the step 1 and step 2 to fix the stand on the wall
and lock the BW1330 on it.
figure 7 wall mount
BROWAN Page
14
User’s Guide Version 1.0
Connecting the Access Controller
Use the following procedure to prepare your network connection to your BW1330.
Use the enclosed power adapter for power supply of your BW1330.
Step 1 Place the Access Controller on a flat work surface.
Step 2 Connect one Ethernet patch cable to the LAN port of the Access Controller and to
a free hub port on your local network.
Step 3 Connect the WAN port of the Access Controller to an Ethernet port of a broadband
Internet modem or router.
Step 4 Connect the power adapter to the Access Controller.
Step 5 Wait 30 seconds until the boot process is finished and check to ensure that at least
the following LEDs are ON:
Power LED (steady On)
WAN LED
LAN LED
WLAN link LED
BROWAN Page
15
User’s Guide Version 1.0
Initialization
This paragraph describes how to access the Web configuration interface of the BW1330. After
unpacking and connecting the product for the first time it responds to a dynamic IP address given by
the DHCP server on LAN or WLAN interface.
The default network settings for your new access controller are:
Ixp1(WAN) port: IP 192.168.2.66 subnet 255.255.255.0
Br1 IP 192.168.3.1 subnet 255.255.255.0
Ixp0 (LAN) port: In Bridge
WLAN1_0(first virtual AP): In Bridge
For other management methods: SNMP and command line interface (CLI) please
refer to their respective chapters.
Access Your BW1330
After connecting the BW1330 device to network, try to access the BW1330 via one of the method:
Follow these instructions to access your BW1330 using the Web browser:
Step 1
Access your device via LAN connected by RJ-45 cat.5 cable or wirelessly connect to
BW1330 by default SSID “BW1330” without any encryption. Waitting for DHCP server to
give an IP address 192.168.3.x to your client PC. Open the Web browser and type the IP
address of the BW1330:
https://192.168.3.1/a.rg
Configure your PC with a static IP address on the 192.168.2.x subnet with mask
255.255.255.0. Connect the BW1330 WAN interface into the same physical network as
your PC. Open the web browser and type the default IP address of the BW1330:
https://192.168.2.66/a.rg
Step 2 Enter the BW1330 administrator login details to access the Web management.
The default administrator log on settings for all access point interfaces are:
User Name: admin
Password: admin01
figure 8 login page
Step 3 After successful administrator log on you will see the main page of the access
controller’s Web interface:
BROWAN Page
16
User’s Guide Version 1.0
figure 9 administrator page
Software Introduction: KickStart
Another way is launch the KickStart utility that is provided with your product CD. The KickStart is
a software utility that is included on the Installation CD. The utility automatically detects access
points and access controllers installed on your network, regardless of its host IP address and lets
you configure each unit’s IP settings. The feature list for the KickStart utility is listed below:
Scanning your subnet for all connected APs, ACs
Quick access to your AC via HTTPS, telnet, SSH
Setting new IP address of your AC
Reset to factory default settings
Default access (in case of lost administrator password)
Firmware updates
To install the KickStart utility insert the Installation CD into your CD-ROM drive. Find and install the
utility from the product CD into the computer.
If the Installation CD does not start automatically, please run “autorun.exe
manually from the root directory of the installation CD.
Step 1 Install the KickStart utility from the Installation CD. Click Start > Programs >
BROWAN > KickStart to launch the application. If the BW1330 device is
connected to your network, the utility will automatically find your AC:
BROWAN Page
17
User’s Guide Version 1.0
figure 10 kick start utility
Step 2 Select your controller and right click. Select Open WEB item to launch the web
management interface through the secure https connection:
figure 11 kick start utility
BROWAN Page
18
User’s Guide Version 1.0
Step 3 Enter the Access Controller administrator log on settings to access the web
management interface.
The default administrator log on settings for all controller interfaces are:
User name: admin
Password: admin01
Step 4 After successful administrator log on you will see the controller web interface. The
controller system statistics page is displayed by default:
figure 12 administrator page
If you cannot connect to the device via your web browser because of TCP/IP mis-
configuration, you can reset the product to the factory default. Press the reset
button for more than 10 seconds.
Now you are enabled to perform the initial controller configuration. Follow the next section for step-by-
step setup instruction to configure the device according to your needs.
BROWAN Page
19
User’s Guide Version 1.0
Step by Step Setup
Step 1. Interface Set-Up
In the network interface | configuration |interface configuration menu you can set the TCP/IP
settings. br1 is pre-configured as the WLAN port of your Access Controller, ixp1 is the WAN port. By
default the bridge interface br1 initially contains two interfaces: wlan1_0 and ixp0. Wlan1_0 is the first
virtual AP which you can configure up to 16 virtual AP(16 MBSSID) and ixp0 is the LAN port. Both
ixp0 and wlan1_0 are DHCP server enabled by default.
You can modify these settings according to your local network requirements. Make sure that IP
subnets do not overlap.
Figure 13 – Interface Configuration Settings
If DHCP client, or PPPoE,is selected as a dial-up protocol for the WAN interface
the WAN settings of this table will be overwritten by the values retrieved from the
Internet Provider.
Step 2. DNS Set-Up
In the network interface | DNS menu you can specify your local domain name server or enter the
DNS server provided by your ISP (Internet Service Provider).
Figure 14 – DNS Redirection
DNS is set automatically if provided by the ISP dynamically via DHCP, PPPoE.
Step 3. IP Address Management
For automatic IP assignments to client stations, set the DHCP settings in the network interface |
DHCP menu according to your TCP/IP configuration from step 1. Only use address ranges within the
corresponding IP subnet of the LAN interface. In addition you can switch on the Universal Address
Translation function in the system | access | UAT menu. With UAT users do not need to change their
local TCP/IP settings to log on to the Access Controller. The Access Controller will translate fixed IP
numbers used in private networks transparently for the user.
Please refer to Chapter 3 – Universal Address Translation for further details to
avoid IP conflicts.
Step 4. RADIUS Set-Up
In the network interface | RADIUS settings menu you can first define the local settings of the
integrated RADIUS client of the Access Controller. For example you can modify timeouts and the
NAS server ID (name of the RADIUS client):
BROWAN Page
20
User’s Guide Version 1.0
Figure 15 – RADIUS Settings
On the second page: network interface | RADIUS | servers you can specify up to 32 different
RADIUS servers for authentication and accounting (see Figure 16 – RADIUS Servers). One of the
RADIUS server entries can be specified as the default server. Thus, if a user cannot be associated to
any specific service provider by his login name, the Access Controller will send authentication and
accounting messages to the default RADIUS server.
Figure 16 – RADIUS Servers
Make sure that the RADIUS server is up and running and is able to receive authentication requests
from the Access Controller.
Step 5. Welcome/Login/Start pages
The most popular authentication method for public users is the UAM (Universal Access Method).
UAM can be enabled using the system | access | AAA menu. With UAM users can log-on to the
Access Controller using their web browser. As an operator of a wireless access service you can
provide a custom set of web pages to your subscribers.
welcome page (default = InternalEnabled) - the first page that is presented when users
start their web browser.
login page (default = Internal) – the page containing the log-on fields for user name and
password. This page is presented as default when the welcome page is disabled.
logout page (default = Internal) - the page that pops up after successful authentication. It
includes information about the online session such as online time and transferred data.
help page (default = Internal) - the page with online help information for log-on.
unauthorized page (default = Internal) - the page which appears if web login method is
disabled.
The default user login page looks like the picture below:
BROWAN Page
21
User’s Guide Version 1.0
Figure 17 – Example of a Simple Login Page
You have full flexibility to modify and adapt all these pages to your needs and personal designs. For
initial set up and testing we recommend you use the default configuration, which will present a simple
login window with input fields for user name and password.
Enter any start page you like in the user interface | start page menu. In addition you can define a
number of free web sites in the walled garden table on the user interface menu.
For more information on how to build your own user pages please refer to Chapter
4 – User Pages.
Step 6. Change Administrator Password
Before saving your initial configuration don’t forget to change the administrator password in the user
interface | administrator menu.
Step 7. E-mail Redirection
If you have a SMTP mail server available for your subscribers enter its IP address and SMTP port
number in the connection menu under the item e-mail redirection. All outgoing e-mail passing
through the Access Controller will be redirected to this server.
Step 8. Save Configuration and Restart
Make sure you have saved your changes from each of the first seven steps and then press the save
and reboot button on the lower side of the web management screen. After 10-15 seconds you can
re-load the admin pages or start to log on to the Access Controller as a user.
Users connected to the LAN port of the Access Controller can type in any URL in their browser and
they will be redirected to your defined welcome (if enabled) and login pages. Administrators can
monitor connected users via the connection | users menu.
BROWAN Page
22
User’s Guide Version 1.0
Chapter 3 – Universal Address Translation
What is UAT
Universal Address Translation (UAT) allows Hotspot operators to offer true IP Plug&Play access for
their subscribers.
With UAT enabled, the Access Controller will automatically and transparently translate fixed IP
settings (IP address, gateway, DNS, proxy server) on a user’s PC enabling him to connect to the
broadband Internet service, even if the client’s IP overlaps the IP subnet of the WAN port.
Without UAT public access, subscribers are forced to switch their TCP/IP settings to DHCP
(automatic IP address assignment), potentially losing any fixed IP address settings they previously
entered.
UAT Principle
BW1330 acts as an ARP proxy to each client who has a fixed IP which not belong to the subnet of
LAN interface. As below figure descript, BW1330 will automatic reply a client’s ARP Request if its IP
doesn’t belong to its LAN subnet to pretend as if BW1330 is its Gateway; then inside BW1330, a
unicast router will be added for UAT client.
Figure 18 – UAT Principle
UAT Limitation
When using UAT operators have to be aware of some principal limitations:
If UAT mode is enabled on BW1330, BW1330 will act as an ARP Proxy under its LAN interface. If
there has a sub-net behind a router which under the LAN of BW1330 and there has a PC whose IP
belong to the sub-net as the figure show, the communication between PC2 and PC1 will be failed for
the reason of BW1330’s ARP proxy packet.
But if the router is working under NAT mode, the communication from PC2 to PC1 will be OK.
BROWAN Page
23
User’s Guide Version 1.0
figure 19 UAT Limitation
BROWAN Page
24
Figure 20 – another subnet under BW1330
User’s Guide Version 1.0
Chapter 4 – User Pages (Based on XSL)
This chapter describes what the user pages are and how to manage them. Detailed instructions on
how to change and upload new user pages are given below.
When launching his/her web browser the user's initial HTTP request will be redirected to an operator
defined set of web pages, further called the "user pages". User pages are:
Welcome page– the first page presented to the user.
Login pagesubscriber authentication page, allows the user to login to the network.
Logout page– small pop-up window for logged-on user statistics and log-out function.
Help page – get help with the login process.
Unauthorized page – this page is displayed when web login or EAP login methods are disabled
on the Access Controller for subscribers.
All further presented user pages are factory default. The Hotspot operator can
upload new templates for all user pages.
User Pages Overview
Welcome Page
Welcome page is the first page a Hotspot subscriber receives when he starts his web browser and
enters any URL. By default it’s a very simple page and provides only a link to the login page.
Figure 21 – Welcome Page
The Hotspot operator can change the welcome page according its needs. See
more details in section: Changing User Pages.
Login Page
The subscriber gets to the login page after clicking the link on the welcome page. The login page is
loaded from the Access Controller. To get access to the network, the user should enter his
authentication settings: login name and password and click the login button:
Figure 22 – Simple Login Page
BROWAN Page
25
User’s Guide Version 1.0
The login name and password can be obtained from your Hotspot Operator. Login
format available for BW1330:
username@WISPdomain
WISPdomain/username
The login page also displays subscriber’s logical and physical network addresses (IP and MAC).
Once authenticated, a start page appears. In addition, a smaller logout window (page) pops up.
The Hotspot operator can change the login page according to its needs. See more
details in section: Changing User Pages.
Logout Page
Make sure the JavaScript is enabled on your Web browser; otherwise you will not
receive the logout page.
The Logout page contains the detailed subscriber’s session information and provides function for
logging out of the network:
Figure 23 – Logout Page
Detailed AC subscriber’s session information includes:
Logout button – click the button to logout from the network. The log-out pop-up window closes.
Bill button – display subscriber’s billing information (not include current session).
Passwd button – click the button to change subscriber’s password.
User – subscriber’s login name.
User IP – subscriber’s logical network name (IP address).
BROWAN Page
26
User’s Guide Version 1.0
MAC Address – subscriber’s physical network address.
time length– subscriber’s time length from client log on in format: [hours: minutes: seconds].
Download/upload bytes – subscriber’s session download and upload statistics in bytes.
Download/upload bytes left – session download and upload bytes left for subscriber limited from
RADIUS [in B, KB, MB, GB and unlimited].
Total bytes left – session total (download and upload) bytes left for subscriber limited form RADIUS
[in B, KB, MB, GB and unlimited].
time length left – time length left in format: [hours: minutes: seconds].
Bandwidth downstream/upstream – available upstream and downstream bandwidth for subscriber
limited from RADIUS [in bps].
Refresh button – click the button to refresh the subscriber session information.
The Hotspot operator can change the logout page interface according to its needs.
See more details in section: Changing User Pages.. All session details are further
accessible via the operator XML interface.
Help Page
Click on the get help link in the login page for help tips related to network registration. A page
appears similar to the following:
Figure 24 – Help Page
The Hotspot operator can change the help page according to its needs. See more
details in section: Changing User Pages.
Unauthorized Page
If web log-on method (UAM) or EAP-based authentication methods are disabled on the AC and the
subscriber attempts to login to the network, he will receive the following page:
Figure 25 – Unauthorized Page
The Hotspot operator can change the unauthorized page according to its needs.
See more details in section: Changing User Pages.
BROWAN Page
27
User’s Guide Version 1.0
Changing User Pages
As the Hotspot operator you can modify the user pages freely according to your personal needs and
preferences. User Page templates can be either stored locally on the AC or on an external web server.
Use the user interface | configuration menu to modify user pages. There are two ways to change
and store new user page templates:
External – linking new user page templates from an external server.
Internal – upload new templates to local memory.
Supported user pages template formats:
XSL (Extensible Style sheet Language) for welcome/login/logout pages.
HTML (Hypertext Markup Language for help/unauthorized pages.
The welcome, Login and logout pages must be in .XSL format.
The following image formats are supported for new templates. Other formats are not accepted:
PNG
GIF
JPG
The following examples demonstrate the use of internal and external user pages.
User Pages templates samples can be found in the Installation CD delivered to
you with the product.
Example for External Pages
Step 1 Prepare your new user pages template for each user page:
welcome/login/logout/help/unauthorized.
Step 2 Under the user interface | configuration | pages menu select the user page you
want to change (e.g. login)
figure 26 configure external pages
Step 3 Choose the external option under the use column:
figure 27 configure external pages
BROWAN Page
28
User’s Guide Version 1.0
Step 4 Specify the new user page location in the location field
(http://servername/filelocation):
figure 28 configure external pages
Do not try to upload other than supported formats. Such uploaded pages will not be
displayed properly.
Step 5 Save entered changes with the apply changes button:
figure 29 configure external pages
Step 6 Check for new uploaded user page (e.g. login):
figure 30 new login page
If at anytime you wish to restore factory default user pages, click the reset button
under the system | reset menu.
BROWAN Page
29
User’s Guide Version 1.0
Example for Internal Pages
We will use the user pages templates from the Installation CD to show the example how to upload
the internal pages. Follow the steps below:
Step 1 Ensure that internal option is selected for all user pages you want to change. By
default internal option is defined for all pages:
figure 31 internal pages
Step 2 Under the user interface | configuration | upload menu click the upload button
to upload new prepared user pages:
Figure 32 upload page
The memory space in the AC for internal user pages is limited to 1 MB.
Step 3 Specify the location (Examples directory if you use the Installation CD) of new
user page templates by clicking the browse button or enter the location manually.
Specify the location for the additional files of new user page templates: images and
a cascading style sheet file (css) by clicking the browse button or enter the
location manually:
BROWAN Page
figure 33 upload template files
30
User’s Guide Version 1.0
Step 4 Click the upload button to upload specified templates and files.
You do not need to upload all additional files at once. You can repeat the upload
process a number of times until all necessary images are uploaded.
Step 5 Check for the newly uploaded user pages and images to ensure that everything is
uploaded and displayed correctly. Go to the link:
https://<device-IP-address>/ to get to the new user welcome page:
figure 34 customize welcome page
Click the here link or enter the link directly:
https://<device-IP-address>/login.user to get to the new user login
page:
BROWAN Page
31
User’s Guide Version 1.0
figure 35 customize login page
If at anytime you wish to restore the factory default user pages, click the reset
button under the system | reset menu.
BROWAN Page
32
User’s Guide Version 1.0
Extended UAM
The Extensions feature (user interface | configuration menu) allows an external Web Application
Server (WAS) to intercept/take part in the user authentication process externally log on and log off the
user as necessary. It provides means to query user session information as well.
See the following schemes to understand how the remote client authentication works.
Scheme 1:
The remote authentication method when client’s authentication request is re-directed to the external
server (WAS):
Client AC WAS RADIUS Server
1. Initial Request
3. Renders HTML
4. Direct client
communication
with WAS
5. Client sends
his/her login and
password
9. WAS reports
client status:
authenticated or
not
2. Fetch XSL
6. WAS tries to
authenticate
client
7. AC sends
request to
RADIUS
8. RADIUS reply
authenticated or
not
Figure 36 – Client Remote Authentication Scheme (1)
The Client initiates (1) authentication process. AC intercepts any access to the Internet via HTTP and
redirects the client to the welcome, or login URL on AC. In order to render the custom login screen
HTML page, the AC must be configured to (2) fetch .XSL script from a remote server, which in this
case is a Web Application Server (WAS), or have custom .XSL uploaded on the AC. There is the
ability to enable caching of .XSL scripts (see: User Interface | Configuration | Pages), thus avoiding
fetching of the same document every time a client requests authentication.
The AC (3) uses .XSL script to render HTML output, which is done by feeding a XML document to a
parsed and prepared for rendering .XSL script. The latter XML document contains all needed
information for Web Application Server like user name, password (if one was entered), user IP
address, MAC address and NAS-Id. Custom .XSL script must generate initial welcome/login screen
so that it embeds all the needed information in a HTML FORM element as hidden elements and
POST data not back to the AC, but to the Web Application Server (5). Thereafter the client
communicates directly with the Web Application Server.
Find more details on how to prepare the .XSL templates to renter the HTML in
Appendix: E) User Pages Templates Syntax.
BROWAN Page
33
User’s Guide Version 1.0
When the Web Application server has all needed data from the client, it must try to authenticate (6)
the client. Authentication is done by the RADIUS server but through the AC. At this step the shared
secret is used to make the connection between the WAS and the AC. The AC re-sends the
authentication request to the RADIUS server (7). Depending on the status, appropriate authentication
status must be returned back to the WAS but through the AC (8). In step (9), the Web Application
Server knows the client authentication status and reports success or failure back to the client.
The Web Application Server (WAS) must be configured as a free site in the Walled
Garden area.
There is an ability to skip the rendering initial user pages from the .XSL. See the following scheme
when the user initial request is redirected to the specified location.
Scheme 2:
The remote authentication method when client with proxy authentication request is re-directed to the
external server (WAS):
Client AC WAS RADIUS Server
1. Initial Request
2. Replay with
HTTP redirect
3. Direct client
communication
with WAS
4. Client sends
his/her login and
password
8. WAS reports
client status:
authenticated or
not
5. WAS tries to
authenticate
client
6. AC sends
request to
RADIUS
7. RADIUS replay
authenticated or
not
Figure 37 – Client Remote Authentication Scheme (2)
The initial client request (1) can be redirected to the specified location, as redirection URL on the
Web Application server. In such case the client who wants to authenticate gets the redirection from
AC (2). In other words the AC intercepts any access to the Internet via HTTP and redirects the client
to the defined welcome, or login URL on WAS (also see: User Interface | Configuration | Pages).
The further actions are the same as described in the Scheme 1 (Figure 36 – Client Remote
Authentication Scheme (1)).
The WAS location URL under welcome page redirect must be configured as a free
site in the Walled Garden area.
BROWAN Page
To define such redirection URL use the user interface | configuration | pages menu. Enable
welcome page, set the redirect setting and specify the redirect location for such authentication
process (also see: User Interface | Configuration | Pages).
34
User’s Guide Version 1.0
Parameters Sent to WAS
Parameters that are send to the external server (WAS) using the remote user authentication method
(UAM).
Parameter Description Comments
nasid NAS server ID value Can be specified under the
network interface | RADIUS |
RADIUS settings menu
nasip WAN IP address for WAS Can be changed or specified
under the network interface |
configuration | interface
configuration menu.
clientip Client IP address Cannot be defined manually.
mac Client MAC address Cannot be defined manually.
ourl Initial URL where not authorized client enter to
his/her browser and tries to browse. After
authentication the client is redirected in this URL
Optional.
sslport HTTPS port number of AC (by default: 443). Not configurable.
lang Parameter "accept-language" from client browser
request Optional.
The IP address of the LAN interface the user is
connected to. Can be changed or specified
under the network interface |
configuration | interface
configuration menu.
Lanip
In order to logon, log-off or get user status WAS submits POST request to the following URLs:
1. Remote user logon
Script name: pplogon.user
Parameters:
secret shared secret, to protect page from accidental use
ip IP address of user to be logged on.
username Username of the user to be logged on.
password Password of the user to be logged on.
All parameters are required.
Script call example:
https://BW1330/pplogon.user?secret=sharedSecret&ip=<user_IP_address>&userna
me=userName&password=UserPassword
Script produces XML output:
<logon>
<status>Ok</status>
<error>0</error>
<description>User logged on.</description>
<replymessage>Hello user!</replymessage>
</logon>
Response status and error codes:
status error description
OK 0 User is logged on.
Not checked 100 Logon information not checked.
No IP 101 No user IP address supplied.
BROWAN Page
35
User’s Guide Version 1.0
BROWAN Page
No username 102 No username supplied.
Disabled 103 Remote authentication is disabled.
Bad secret 104 Incorrect shared secret supplied.
No password 105 No user password.
OK 110 User already logged on.
Failed to authorize 111 Failed to authorize user.
Bad password 112 Incorrect username or/and password.
Network failed 113 Network connection failed.
Accounting error 114 Accounting error.
Too many users 115 Too many users connected.
Unknown authorization error 120 Unknown authorization error.
<replymessage> is RADIUS Reply-Message attribute value. If RADIUS responds with Reply-
Message(s), they are added to logon response. If RADIUS does not responds with Reply-Message,
<replymessage> attribute is not added to output XML.
2. Remote user log-off
Script name: pplogoff.user
Parameters:
secret shared secret, to protect page from accidental use
ip IP address of user to be logged off.
username Username of the user to be logged off.
mac AC address of the user to be logged off.
All parameters are required, except the IP and MAC. At least one of IP and MAC addresses should be
supplied. If supplied only IP, user is checked and logged off by username and IP. If IP and MAC
addresses are supplied, then user is checked and logged off by username, IP and MAC addresses.
Script call example:
https://BW1330/pplogoff.user?secret=sharedSecret&username=UserName&ip=<user
_IP_address>
Script produces XML output:
<logoff>
<status>Ok</status>
<error>0</error>
<description>User logged off.</description>
</logoff>
Response statuses and error codes:
status error Description
OK 0 User is logged off.
Not checked 100 Logoff information not checked.
No username 102 No username supplied.
Disabled 103 Remote authentication is disabled.
Bad secret 104 Incorrect shared secret supplied.
No IP/MAC 106 No user IP and/or MAC address
supplied.
No user by MAC 121 User with supplied MAC address not
36
User’s Guide Version 1.0
BROWAN Page
found.
No user by IP 122 User with supplied IP address and
username not found.
No user by IP and MAC 123 User with supplied IP, MAC
addresses and username not found.
Failed to logoff 131 Failed to logoff user.
Cannot resolve IP 132 Cannot resolve user IP.
Unknown logoff error 140 Unknown logoff error.
3. Remote user status
Script name: ppstatus.user
Parameters:
secret shared secret, to protect page from accidental use
ip IP address of user to get status.
username Username of the user to get status.
All parameters are required.
Script call example:
https://BW1330/ppstatus.user?secret=sharedSecret&username=UserName&ip=<user
_IP_address>
Script produces XML output:
XML output, when some error occurs:
<ppstatus>
<status>No user by IP</status>
<error>122</error>
<description>User with supplied IP address not found.</description>
</ppstatus>
Response statuses and error codes:
status error description
OK 0 User status is ok.
Not checked 100 Status information not checked.
No IP 101 No user IP address supplied.
No username 102 No username supplied.
Disabled 103 Remote authentication is disabled.
Bad secret 104 Incorrect shared secret supplied
No user by IP 122 User with supplied IP address not
found.
User with supplied IP address and
username not found.
No user by IP and username 141
XML output when no errors and user statistics got successfully:
<ppstatus>
<status>Ok</status>
<error>0</error>
<description>Got user status.</description>
37
User’s Guide Version 1.0
<entry id="1">g17</entry>
<entry id="2">192.168.2.117</entry>
<entry id="3">200347C92B63</entry>
<entry id="4">00:00:05</entry>
<entry id="5">3E64C7967A36</entry>
<entry id="6">00:01:10</entry>
<entry id="7">0 bytes</entry>
<entry id="8">0 bytes</entry>
<entry id="9">testlab</entry>
<entry id="10">unlimited</entry>
<entry id="11">unlimited</entry>
<entry id="12">unlimited</entry>
<entry id="13">32 Mbps</entry>
<entry id="14">32 Mbps</entry>
<entry id="15">04:59:55</entry>
<entry id="16">EAP</entry>
</ppstatus>
Status detailed information by ID:
BROWAN Page
38
id description
1 User name
2 User IP address
3 User MAC address
4 Session time
5 Session ID
6 User idle time
7 Output bytes
8 Input bytes
9 User WISP name
10 Remaining bytes
11 Remaining output bytes
12 Remaining input bytes
13 Bandwidth upstream
14 Bandwidth downstream
15 Remaining session time
16 Authentication method
User’s Guide Version 1.0
This chapter will assist you on configuring BW13330 customized login/logout pages using the sample
templates in BW13330 CD. BW13330 CD includes four different styles of templates (based on HTML).
There are three authentication-enabled styles (coffee bar, general and hotel), and one authentication-
free hotel style. User can also create a personalized login/logout pages based on the provided sample
templates.
Chapter 5 – Customized User page (HTML)
Determine Your Access Policy
Determine if the BW13330 access policy requires user authentication:
Choose either the authentication-enabled policy (user authentication require) style template or
authentication-free policy (no user authentication require) style template as the base template. Step 2
will show how to configure authentication-free access policy on BW13330. User may use any HTML
editing tools to modify the template contents to create a new personalized login/logout page.
Configure Authentication-Free Access Policy
Login BW13330 as super administrator and go to system | access | Web auth menu. From the
diagram below, edit the ip web auth method status and set to enabled.
Figure 38 – configure IP authentication.
Once the status of the ip web auth method is set to enabled, any end-user trying
to access to Internet from BW1330 will not require user authentication. More
detail please refer to the system | access | Web auth in chapter 8.
Step1. Configure and Upload Customized Login/Logout Page files
Login BW1330 as super administrator and go to user interface | configuration | Custom UAM.
In order to configure BW1330 using the customized login/logout page, Customize Page status must
be set to enable.
To enable Customized Page, edit the Customize page status(user interface |configuration |custom
uam) and set to Enabled. See the diagram below:
Figure 39 – enable customize page status
BROWAN Page
39
User’s Guide Version 1.0
Figure 40 – customize page status is enabled
To start to upload the customized template files, click the upload button. (We will use the coffee bar
style template files in the BW1330 CD for this demonstration).
After clicking the upload button, an Update Custom UAM Files screen will appear. (See diagram
below).
Figure 41 – upload files
Enter the physical path and filename of the coffee template files, or click the “browse” button to search
the BW1330 CD where coffee template files are located.
The first two items are for login.html and logout.html files. Additional files are
for CSS and image files, such as jpg, gif, png and etc.
BROWAN Page
40
User’s Guide Version 1.0
Figure 42 – select example files
Figure 43 – upload login.html
After entering all the template files, press upload button to start the uploading files to BW1330.
Only ten Additional files can be uploaded at one time. To upload more additional
file, repeat the same upload process in step 2-4, but please be aware of the first
two items are only for login.html and logout.html files. Image files can only be
uploaded to Additional file fields
BROWAN Page
41
User’s Guide Version 1.0
Figure 44 – upload other files
Once all files are uploaded successfully, a list of Uploaded File List will show.
Figure 45 – files have been uploaded
Verify if all files are uploaded successfully
BROWAN Page
42
User’s Guide Version 1.0
Figure 46 – verify all files
Step2. Configure the pixels of logout window.
The README file in each template directory contains the information of the pixels settings for the
logout page. Enter the width size and height size setting of logout page and press the Save button.
E.g. the coffee bar template, the suggested size of logout page is 1024 x 768.
Figure 47 – set the pixels of logout window
Step3. Everything is ready
Now, any users that access the internet via the BW1330 will see the new personalized login and
logout pages.
Let’s look at the new appearance of login and logout page based on the coffee bar template.
BROWAN Page
43
User’s Guide Version 1.0
:
Figure 48 – example of coffee bar login page
Figure 49 – example of coffee bar logout page
BROWAN Page
44
User’s Guide Version 1.0
FAQ
1. Question: How to add some links that could be accessed without authentication?
Answer: These authentication-free sites for users are so called “walled garden ”area. Please
refer to the user’s guide to do the relating settings.
2. Question: How to hide the user login session information from my customers?
Answer: You can find these set of html code in logout.html we provided:
<td width="265" valign="top"><iframe src="logout.user?cmd=status" width="250"
height="240" marginwidth="0" marginheight="0" scrolling="yes"
frameborder="0"></iframe></td>
These set of code uses an embedded window to show the session data in logout window.
Comment them with HTML comments language “<!--“ and “//-->” will hide the session data in
logout window.
3. Question: If I don’t want the logout window to pop-up to users, how could I do?
Answer: Please login BW1330 and go to user interface | configuration | Custom UAM to
disable “pop logout page.”
4. Question: If I happen close the logout window, how can I logout?
Answer: 1. just un-plug you wireless card, or un-plug you network wire if you use a wired card.
2. Open a browser window, and input the URL: “logout.usr”, then you will be redirect to
logout window.
If you still have any question and any comments, please email to sse@browan.com
BROWAN Page
45
User’s Guide Version 1.0
Chapter 6 – Command Line Interface
Introduction
The CLI (Command Line Interface) software is a configuration shell for the Access Controller. Using
the CLI system operator can configure:
User interface
Network interface
System
Using the CLI system operator can check:
Status (device, network, service)
Connection
All available key combinations in CLI mode are listed in the table below:
Key and/or Combination Function
? Get context-sensitive help
<TAB> Complete the current keyword or list all the options
<CTRL> <D> Break out the sub-shell
<CTRL> <A> Jump to the beginning of the line
<CTRL> <E> Jump to the end of the line
<CursUP>/<CursDOWN> Scroll through the history of commands
Get Connection to CLI
There are three different ways to get a connection to the CLI of the Access Controller, via the:
Telnet
SSH client
Terminal
Telnet Connection
Make sure that default access status is allowed and telnet function is enabled on
the AC before trying to connect via telnet. Otherwise, no telnet connection will be
available.
Connect the Access Controller via LAN or WAN ports using the enclosed UTP cable and start a telnet
session (using a telnet application). For example, connect your device via the WAN port, and then
make a telnet connection as the following:
telnet 192.168.2.66
where 192.168.2.66 is the default WAN interface IP. Login to CLI mode and the prompt will be
displayed automatically. Enter the administrator login settings (refer to the Login section for details).
BROWAN Page
46
User’s Guide Version 1.0
SSH Connection
Make sure that default access status is set to allow on the AC before attempting
to connect via SSH. Otherwise no SSH connection will be available.
Connect the Access Controller via LAN or WAN ports using the enclosed UTP cable and start a SSH
session (using an application as PuTTY). For example connect your device via the WAN port and
then make a SSH connection to host IP: 192.168.2.66 (default WAN interface IP).
Login to CLI mode prompt will be displayed automatically. Enter the administrator login settings (refer
to the next section for details).
Terminal Connection
A serial console port RS-232 on the BW1330 enables a connection to PC or terminal directly.
1. Connect one of the connectors of the RS-232 cable directly to the console port on the BW1330.
2. Connect the other end of the cable to the COM port of the PC or the terminal running the
communication software.
The connection operates at 9600 baud, 8 data bits, 1 stop bit and no parity.
Login
Enter the administrator login settings in the displayed CLI command prompt.
The default administrator login settings:
Login: admin
Password: admin01
Figure 50 – CLI Login
After a successful login command prompt is displayed, the CLI is ready for commands. Press ‘?’ to
get a list of main commands:
Figure 51 – Main CLI Commands
?’ will not appear on the screen. While pressing this character, the display changes
to the desired help page. To enter ‘?’ as character type ‘\?’.
BROWAN Page
47
User’s Guide Version 1.0
Connection
Connection is a category of command that is related to the user’s connection with the device.
A full list of all available connection commands/subcommands and its parameters
is available in the Appendix section: C) CLI Commands and Parameters.
In general, connection usage is as follows:
connection <command> <value>
To get a list of all available commands in the connection category type:
connection ?
Figure 52 – Connection Commands
Network
Network is a category of commands that configures controller interface settings, DNS, DHCP, UAT
and RADIUS settings.
A full list of all available network commands/subcommands and its parameters is
available in the Appendix section C) CLI Commands and Parameters.
The network commands themselves contain several subcommands and the subcommands again
contain several parameters. In general, network command usage is as follows:
network <command> <subcommand1> <subcommand2> [-parameter] <value>
To get a list of all available commands in the configure category, type:
network ?
Figure 53 – Network Commands List
To get a list of all-available subcommands for a specific command, type:
network <command> ?, (e.g. network radius ?)
All available subcommands for radius are displayed:
BROWAN Page
48
User’s Guide Version 1.0
Figure 54 – Configure Network (1)
Specific command contains several subcommands:
network <command> <subcommand1> ?, (e.g. network radius servers ?)
All available subcommands are displayed:
Figure 55 – Configure Network (2)
To get a list for available parameters on selected subcommand, type:
network <command> <subcommand1> <subcommand2> ?, (e.g. network radius
servers accounting ?)
All available parameters on entered subcommand are displayed:
Figure 56 – Configure Network (3)
To configure the desired controller interface setting, type all required parameters with values and
subcommands:
network <command> <subcommand1> <subcommand2> [-parameter] <value>
(e.g. network radius servers accounting 1 –a 127.0.0.2 –p 1814 –s
testing111), where parameters are as follows:
-a – RADIUS server IP address used for RADIUS accounting
-p – RADIUS server port number used for RADIUS accounting
-s – Shared secret key for accounting.
Figure 57 – Configure Network (4)
BROWAN Page
49
User’s Guide Version 1.0
If successful, a message regarding the successful completion is displayed;
otherwise, an error message is displayed.
In some cases, entered commands without parameters display current controller configuration or
settings:
network <command> <subcommad1> <subcommad2>, (e.g. radius servers
accounting), displays available RADIUS servers and its settings list (in this case, the RADIUS
accounting server which is already updated):
Figure 58 – Configure Network (5)
BROWAN Page
50
User’s Guide Version 1.0
User
User is a category of commands that configures controller interface settings, affecting the user’s
interface: redirection URL, free sites (walled garden), system management access, administrator
login/password.
A full list of all available user commands/subcommands and their parameters is
available in the Appendix section: C) CLI Commands and Parameters.
In general, the user command usage is as follows:
user <command> <subcommand1> <subcommand2> [-parameter] <value>
To get the full list of the user commands, type:
user ?
Figure 59 – User Commands List
To get a list of all-available subcommands for a specific command, type:
user <command> ?, (e.g. user walled_garden ?)
All available subcommands for walled garden (free sites) are displayed:
Figure 60 – Configure User Interface (1)
To configure selected user interface settings, type:
User <command> <subcommand1> <subcommand2> [-parameter] <value>,
(e.g. user walled_garden url A -u www.gemtek-systems.com -s gemtek site),
where parameters are as follows:
A – action: add URL
-u – define URL address
-s – define URL description, visible for user:
Figure 61 – Configure User Interface (2)
If successful, a message regarding the successful completion is displayed;
otherwise, an error message is displayed.
BROWAN Page
51
User’s Guide Version 1.0
Status
Status is a category of commands that’s displays:
General devices status (model, firmware version, uptime, memory)
All interface network settings (IP address/netmask, MAC address, gateway, RX/TX statistics)
Currently running services (DHCP, routes, port forward, telnet, SNMP, UAT, ..).
A full list of all available status commands/subcommands and their parameters is
available in the Appendix section: C) CLI Commands and Parameters.
In general the status command usage is as follows:
Status <command>
To get the full list of the status commands, type:
status ?
Figure 62 – System Status Commands List
To get the general device status information, type:
status device :
Figure 63 – Device Status
Here you can find the current firmware version of your AC. This is important
information for support requests and for preparing firmware uploads.
BROWAN Page
52
User’s Guide Version 1.0
System
System is a category of commands that configures access to controller (telnet, AAA methods, L2
isolation, SNMP, UAT) and configuration: clock, NTP, pronto, syslog, trace and firmware upgrade.
A list of all available system commands/subcommands and their parameters are
available in the Appendix section: C) CLI Commands and Parameters.
In general, the system command usage is as follows:
system <command> <subcommand1> <subcommand2> [-parameter] <value>
To get the full list of the system commands, type:
system
Figure 64 – System Commands List
Telnet
To make a telnet connection, type the telnet command in the command line:
telnet
The telnet client is activated and ready for a telnet session.
Figure 65 – Telnet Session
Quit the telnet to return to CLI interface.
Reboot
To stop the controller and reboot the device, type the reboot command in the command line. No
configuration changes are done. The last saved configuration is applied to the rebooted controller.
Reset
To reset the controller to factory defaults, type the reset command. The device is restarted and
defaults values are set.
Please note that even the administrator password will be set back to the factory
default.
Exit
To leave the CLI mode, type the Exit command in the command line.
BROWAN Page
53
User’s Guide Version 1.0
Chapter 7 – SNMP Management
Introduction
Another way to configure and monitor the Access Controller (BW1330) via a TCP/IP network is SNMP
(Simple Network Management Protocol).
SNMP is an application layer protocol that facilitates the exchange of management information
between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP)
protocol suite. SNMP enables network administrators to manage network performance, find and solve
network problems, and plan for network growth.
The SNMP agent and management information base (MIB) reside on the Access Controller. To
configure SNMP on the controller, you define the relationship between the Network Management
System (NMS) and the SNMP agent (our AC). The SNMP agent contains MIB and Browan
Communications private MIB variables whose values the SNMP manager can request or change. A
NMS can get a value from an agent or store a value into the agent. The agent gathers data from the
MIB, the repository for information about device parameters and network data. The agent can also
respond to a manager’s requests to get or set data.
In order to manage the device you have to provide your Network Management
System software with adequate MIB files. Please consult your management
software manuals on how to do that.
SNMP Versions
The BW1330 supports the following versions of SNMP:
SNMPv1 – the Simple Network Management Protocol: A Full Internet Standard, defined in RFC
1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.)
Security is based on community strings.
SNMPv2c – the community-string based Administrative Framework for SNMPv2. SNMPv2c (the
"C" stands for "community") is an Experimental Internet Protocol defined in RFC 1901, RFC 1905,
and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p
(SNMPv2 Classic), and uses the community-based security model of SNMPv1.
SNMPv3 – SNMP v3 is based on version 2 with added security features. It addresses security
requirements through encryption, authentication, and access control rules.
Both SNMPv1 and SNMPv2c use a community-based form of security. The community of managers
able to access the agent's MIB is defined by an IP address access control list and password.
The Access Controller implementation of SNMP supports all MIB II variables (as described in RFC
1213) and defines all traps using the guidelines described in RFC 1215.The traps described in this
RFC are:
coldStart
A coldStart trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself
and that its configuration may have been altered.
WarmStart
A WarmStart trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself
and that its configuration is unaltered.
authenticationFailure
An authenticationFailure trap signifies that the SNMP entity, acting in an agent role, has
received a protocol message that is not properly authenticated.
BROWAN Page
54
User’s Guide Version 1.0
linkDown
A linkDown trap signifies that the SNMP entity, acting in an agent role, recognizes a failure in
one of the communication links represented in the agent's configuration.
linkUp
A linkUp trap signifies that the SNMP entity, acting in an agent role, recognizes that one of
the communication links represented in the agent's configuration has come up.
SNMP Agent
The SNMP agent responds to SNMP manager requests as follows:
Get a MIB variable – the SNMP agent begins this function in response to a request from the
SNMP manager. The agent retrieves the value of the requested MIB variable and responds to the
manager with that value.
Set a MIB variable – the SNMP agent begins this function in response to a message from the
SNMP manager. The SNMP agent changes the value of the MIB variable to the value requested
by the manager.
The SNMP agent also sends unsolicited trap messages to notify an SNMP manager that a significant
event has occurred (e.g. authentication failures) on the agent.
SNMP Community Strings
SNMP community strings authenticate access to MIB objects and function as embedded passwords.
In order for the SNMP manager to access the controller, the community string must match one of the
two community string definitions on the controller. A community string can be as follows:
Read-only – gives read access to authorized management stations to all objects in the MIB
except the community strings, but does not allow write access.
Read-write – gives read and write access to authorized management stations to all objects in the
MIB, but does not allow access to the community strings.
Use SNMP to Access MIB
As shown in the picture as below SNMP agent gathers data from the MIB. The agent can send traps
(notification of certain events) to the SNMP manager, which receives and processes the traps. Traps
are messages alerting the SNMP manager to a condition on the network such as improper user
authentication, restarts, link status (up or down), MAC address tracking, and so forth. The SNMP
agent also responds to MIB-related queries sent by the SNMP manager in get-request, get-next-
request, and set-request format.
MIB
SNMP Agent
P-560
SNMP Manager
get-response, traps
get-request, get-next-reguest, get-bulk, set-request
+
figure 66 SNMP Management
BROWAN Page
55
User’s Guide Version 1.0
BROAN Private MIB
In addition to standard SNMP MIBs, BW1330 supports the Browan Communications private MIB. The
private MIBs are enterprise specific and serve to extend the functionality of the standard MIBs. The
Private MIB identifies manageable objects and their properties that are specific to the managed
device. MIBs let you manage device not only by using WEB or Command Line Interface but also
using SNMP protocol. The descriptions and brief explanations of managed objects are available in the
MIB file. The MIB file is a specially formatted text file. It is using the so-called ASN.1 standard syntax.
BROWAN Page
56
User’s Guide Version 1.0
Chapter 8 – Reference Manual
This chapter contains BW1330 web management reference information.
The web management main menu consists of the following sub menus:
Network Interface – device configuration settings affecting networking.
User Interface – device configuration settings affecting the user interface.
System – device system configuration settings directly applicable to the controller.
Connection– device settings related to user’s connection with the BW1330.
Built-In AAA – Built-in AAA system for web authentication and accounting.
Exit – click exit and leave the web management then close your web-browser window.
Web Interface
The main web management menu is displayed at the top of the page after successfully logging into
the system (see the figure below). From this menu all essential configuration pages are accessed.
Figure 67 – Main Configuration Management Menu
By default the system | status menu is activated and the current AC system status is displayed. The
active menu is displayed in a different color.
The web management menu has the following structure:
Network Interface
Configuration – configuration page for all controller network interfaces
Interface configuration – network interfaces configuration
Bridge – bridge configuration
VLAN – define VLAN on your controller
Route – define new static route on the controller interface
Port forwarding – port-forwarding rules
DHCP Relay – DHCP relay server configuration
User ACL – define packet filter rules
Management subnet – access points (APs) management
DNS – define DNS server settings
DHCP – Dynamic Host Configuration Protocol services configuration
POP3 – POP3 server address configuration for client authentication
RADIUS – configuration set for RADIUS servers, includes menu:
RADIUS settings – NAS server ID, hotspot operator name and other settings
RADIUS servers – accounting, authentication RADIUS servers IP, port and other settings
WISP – add new WISP on the system.
Proxy – configure the AC to act as RADIUS server proxy.
Accounting backup – backup authentication logs in the remote or external server
Tunnels – set tunnels:
PPPoE/ GRE for DSL – connect to ISP via the PPPoE or GRE tunnel
GRE Client for VPN – set the GRE (Generic Routing Encapsulation) tunnels for the BW1330
Wireless – wireless interface configuration
Basic – primary SSID, regulatory domain, network mode, channels selection
Advanced – multiple SSID configuration
WDS – access point and WDS modes
SecWep – WEP and WPA
User Interface
Configuration –Welcome/Login/Logout/Help page customization
Pages – configure and upload user pages
BROWAN Page
57
User’s Guide Version 1.0
Upload – upload new internal user pages
Headers – define http headers encoding and language
Remote authentication
Custom Uam – customized user login and logout page based by HTML page.
Administrator – administrator login and password change
Start page – define start page URL
Walled Garden – free web site list
Web Proxy – web proxy settings for clients
System
Configuration – system configuration utilities:
Syslog – specify address where to send system log file
Clock – system clock settings
NTP – get time from network time protocol service
Certificate– upload new certificates into the local controller memory
Save and restore – save current device configuration for backup
Domain Name – Configure BW1330 domain for uniform digital certificate.
Share Username - setting user account shared status
Access – configure access to your controller:
Access Control – set default access to your AC
Telnet – enable/disable telnet connections
AAA – define different AAA methods
UAT – enable/disable universal address translation
Isolation – restricts clients from communicating along Level 2 separation
NAV – NAT, authentication and visitor access control
SNMP – SNMP service and proxies
Web Auth – Settings for auth methods of Built-in AAA
MAC List MAC ACL table.
HTTPC Configure if client use HTTPS or HTTP for web authentication.
Status – AC system status
Reset – reset configuration to factory defaults values and/or reboot
Update – find out current software version and update with new firmware
Connection
Users – connected users’ statistics list and log-out user function
E-Mail Redirection – outgoing mail (SMTP) redirection settings
Station Supervision – monitor station availability with ARP-pings settings
Built-in AAA
E-Billing – Post paid built-in AAA system
User Control management E-Billing (Built-in AAA) user account.
Band Class band width management for E-Billing account.
Bill settings configure the billing policy and price for E-Billing account
Power cut protection – setting for power off protection
Pre-paid per-paid built-in AAA system
User account – show current generated pre-paid account
Price/unit –setting of price and unit
Account lifesetting of receipts available life
Web key and SSID –setting Web key and SSID printed on receipts
Receipts – history of printed receipts and profit
Timeunit –define the charge time by hour or day for the pre-paid user
Account reminder – remind hot spot owner checking the income of prepaid account.
Manage net print –set up the network printer for BW1330.
Configuration Billing Backup and restore; Receipt Language and title configuration.
Language setting language of printed receipts
Backup and Restore Backup and restore Built-in AAA account and billing records.
Title setting of venue name
In the following sections, short references for all menu items are presented.
BROWAN Page
58
User’s Guide Version 1.0
Network Interface
Network Interface | Configuration | Interface Configuration
The SMB Public Access Controller contains two multi-purpose network interfaces: br1 and ixp1.
These interfaces can be configured to work as either local area network (LAN) or wide area network
(WAN) interfaces or wireless area network(WLAN) for Access Points. LAN is used to connect hubs,
switches, Access Points and subscribers. The WAN port connects to the Internet or the service
provider’s backbone network. The wlan1_0 is the first virtual AP for wireless network.
All these interfaces are listed in the interface configuration page. By default a bridge exists (labeled
br1) which contains two interfaces: wlan1 and ixp0.All network interfaces available in the SMB Public
Access Controller are shown in the following table:
Figure 68 – Interface Configuration Table
To change network interface configuration properties click the edit button in the action column. The
status can be changed now:
Figure 69 – Edit Interface Configuration Settings part.1
Interface - standard interface name. This name cannot be edited and is assigned by the operating
system during startup. Interface name cannot be changed because the hardware drivers define it.
Status – select the status of interface: [enabled/disabled].
Do not disable the interface through which you are connected to the BW1330.
Disabling such interface will lose your connection to the device.
Type – network type cannot be changed. There are two possible networking types:
LAN – interface is used as local area network (LAN) gateway, and is connected to a LAN;
WAN – interface is used to access the ISP network;
Change status or leave in the default state if no editing is necessary and click the continue button.
Then the following parameters can be changed:
Figure 70 – Edit Interface Configuration Settings part.2
IP Address – specify new interface IP address [in digits and dots notation, e.g. 192.168.5.1].
IP address of each interface should be from a different subnet; otherwise, you will
receive an error message.
Netmask – specify the subnet mask [[0-255].[0-255].[0-255].[0-255]].These numbers are a binary
mask of the IP address, which defines IP address order and the number of IP addresses in the subnet.
BROWAN Page
59
User’s Guide Version 1.0
Gateway – interface gateway. For LAN type interfaces, the gateway can only be defined as WAN
interface gateway. The gateway of the WAN interface is usually the gateway router of the ISP or other
WAN network. [Default gateway is marked with ‘*’].
Update – update old values with entered ones.
The DHCP server settings will be automatically adjusted to match the new network
settings.
Figure 71 – Apply or Discard Interface Configuration Changes
Apply changes – to save all changes made in the interface configuration table at once.
Discard changes – restore all previous values.
For such general changes as interface settings change, the Wireless PAC server needs to be
restarted. Request for restart server appears:
Figure 71 – Restart Server
Reboot – Click the button to restart the server and apply the changes.
Network Interface | Configuration | Bridge
A bridge transparently relays traffic between multiple network interfaces. This means that a bridge
connects two or more physical LAN interfaces together to form one bigger (logical) network interface.
There are some restrictions for bridge management that shall be taken into account:
There is special bridge br1 in BW1330 that cannot be removed. This bridge initially contains
two interfaces: wlan1_0 and ixp0.
Interfaces (physical, VLAN or GRE tunnel) can be included only in one bridge.
The WAN interface cannot be included into a bridge.
VLAN's cannot be created on bridge interfaces they can only be added to them.
A Bridge cannot be included into another bridge.
By default the enabled bridge (ixp0 and wlan1_0) on br1 interface exists on the system:
figure 72 - Default Bridge
To set up bridge on the AC click edit button and enter following parameters:
figure73 - setting parameters
BROWAN Page
60
User’s Guide Version 1.0
Ageing – define the Ethernet (MAC) address ageing time, in seconds [0-65535]. The ageing time is
the number of seconds a MAC address will be kept in the forwarding database after having received a
packet from this MAC address. The entries in the forwarding database are periodically timed out to
ensure they won't stay around forever. Default value is 0.
Garbage – specify the interval in seconds between garbage collector runs [0-65535]. Garbage
collector periodically checks MAC table for timed out entries and removes them from the table. Default
value is 0.
STP –define the STP (Spanning Tree Protocol) status [enabled/disabled].
Priority – define the bridge’s priority [high,medium,low]. Default value is low.
Delay – specify the bridges’ forward delay time in seconds [0-65535]. Delay is the time spent in each
of the Listening and Learning states before the Forwarding state is entered. Default value is 0.
Hello Time – specify the interval between hello packets in seconds [0-65535]. Hello packets are used
to communicate information about the topology throughout the entire Bridged LAN. Default value is 0.
Max. Age – specify the maximum bridge message age in seconds [0-65535]. If the last received hello
packet is more than this value, the bridge in question will initiate the Root Bridge election procedure.
Default value is 0.
Click continue button to finish the parameters setting and click new button if needs new interfaces
adding into bridge.
figure – 74 bridge setting
Click new button to add interfaces into bridge and specify the bridge ports (interfaces):
figure – 75 add interface
Port (interface) – select the interface name to be bound into bridge .
Cost – specify the port’s path cost on this interface. This value is used in the designated port and root
port selection algorithms. Default value is low.
Priority – specify the priority of ports with equal cost. You can use this to control which port gets used
when there are redundant paths.
If you want to remove interface from bridge click delete button. e.g remove ixp0 from bridge.
Click delete button on the ixp0 column.
BROWAN Page
61
User’s Guide Version 1.0
figure 76 – remove interface
Click apply changes button and then reboot system to finish the removing.
figure 77- apply and reboot
Network Interface | Configuration | VLAN
Up to 4094 VLANs can be created in the system.
Virtual Local Area Networks (VLANs) are logical groupings of network resources. You can create your
own VLANs on your AC using the network interface | configuration | VLAN menu. By default no
VLANS are defined on the system:
Figure 78 – VLAN
To create a VLAN on the AC click the new button and enter following parameters:
Figure 79 – Create New VLAN
Interface – select interface for your VLAN network. VLANs cannot be created on a bridge.
Status – non-editable, by default is disabled.
ID – assign ID for your VLAN network [1 to 4094]. Client devices that associate using the ID are
grouped into this VLAN.
You can not create VLANs which interface includes in bridge such as ixp0.If you
want to create VLANs on the interface ixp0 you must separate ixp0 from bridge(br1
interface) via network interface| configuration| Bridge menu. Refer to Chapter 8
Network Interface | Configuration | Bridge
Please note after remove ixp0(LAN) it is DHCP server disabled as default.You will
connect BW1330 either via WAN port(fix IP:192.168.2.66) or wlan1_0 wireless
connected which DHCP server enabled(ip:192.168.3.x) as default.
Other VLAN settings cannot be changed. Click on the disabled link to continue specifying settings for
your VLAN. The network interface configuration page is opened and VLAN settings are ready for
editing:
BROWAN Page
62
User’s Guide Version 1.0
Figure 80 – Configure VLAN
Status – enable/disable your VLAN network. Select [enable] and click the continue button to
configure the VLAN settings:
Figure 81 – Configure VLAN
Type – cannot be edited, depends on selected interface for VLAN [ixp0].
IP Address – enter the network address of your VLAN [format: digits and dots].
Netmask – enter the netmask for your VLAN network [format: digits and dots].
Gateway – select gateway for VLAN network [default: ixp1].
Click the update and restart and apply changes to save your new VLAN. Check the interface |
configuration | VLAN menu for new created VLAN:
Figure 82– Enable New VLAN
Network Interface | Configuration | Route
Under the network interface | configuration | route menu, static routes for the Ethernet interfaces
can be set. By default no static routes are defined on the system:
Figure 83 – Route
A routing rule is defined by the target subnet (target IP address and subnet mask), interface and/or
gateway where to route the target traffic. A data packet that is directed to the target network is routed
to the specified AC interface or to another gateway router. To add a new static route for the system,
click the new button under the action column and specify the following parameters:
Figure 84 – Add New Route
If you want to set static routes on the interface ixp0 you must separate ixp0 from bridge
(br1 interface). Refer to Chapter 8 Network Interface | Configuration | Bridge
BROWAN Page
63
User’s Guide Version 1.0
Interface – choose device interface for the route: [br1/ixp0/ixp1/vlan[n]].
Status – set new static route status: [enabled/disabled].
Gateway – enter the gateway address for the route. 0.0.0.0 stands for the default gateway of the
selected interface [IP address].
Target IP Address – enter network address or host IP to be routed to [IP address].
Netmask – enter the target network netmask [dots and digits].
Save – save the new route.
Cancel – restore all previous values.
Figure 85 – Save New Route
Up to 255 static routes can be set between each interface.
Network Interface | Configuration | Port Forwarding
Port Forwarding is required when NAT is configured. NAT translates all internal addresses to one
official IP address (WAN IP address). With port forwarding enabled it is possible to access internal
services and workstations from the WAN interface.
Port forwarding forwards TCP or UDP traffic trough the BW1330 controller’s local port to the specified
remote port. Use the network interface | configuration | port forwarding menu to specify such a
port forwarding rule. By default no port forwards are defined on the controller:
Figure 86 – Port Forwarding Rules
Click the new button to add a port-forwarding rule:
Figure 87 – Add Port Forwarding Rule.
Status – select status: [enabled/disabled].
Type – select type of forwarding traffic: [TCP/UDP].
Local IP Address – BW1330 device interface address from which the selected traffic should be
forwarded.
Local Port –BW1330 device interface port from which the selected traffic should be forwarded.
Remote IP Address/Port – internal IP address and port no (LAN ports) to which the selected traffic
shall be forwarded.
Example:
Create rule as follow:
Type = TCP, local IP address/port = 192.168.2.248:8080 remote IP address/port = 1.2.3.4:8080.
With such a rule all traffic coming to port 8080 on the BW1330 interface local address 192.168.2.248
will be forwarded to port 8080 on the server (host) 1.2.3.4.
BROWAN Page
64
User’s Guide Version 1.0
Port forwarding is limited to 255 rules.
Network Interface | Configuration | DHCP Relay
If BW1330 use DHCP relay on its LAN interface, administrator can designate the DHCP relay server.
Figure 88 – DHCP Relay Server
The default value is “255.255.255.255”, it means BW1330 will broadcast client’s DHCP request to its
WAN interface. Administrator can designate an only server’s IP address.
Network Interface | Configuration | User ACL
User ACL provide high flexibility for administrator to define the rules for BW1330 to filter the packets
which will forward or masquerade by it.
Figure 89 – User ACL
To add a new rule, just click the “new” button
Figure 90 – Create a new rule (first step)
First step select the rule policy (drop/accept/masquerade) to deal with packet and the packet type
(all/TCP/UDP/ICMP).Then decide the incoming and outgoing interfaces(any/br1/ixp1).
Figure 91 – Create a new rule (second step)
Second step select the type of source IP and destination IP (special IP/any IP).
Figure 92 – Create a new rule (third step)
Third step choose the type of source port and destination port (any port/special port).
Figure 93 – Create a new rule (fourth step)
Fourth step, fill out the source IP address and destination IP address (including IP address and net
mask, if you choose “any IP” in second step, you do not need fill out the IP address); fill out the
source port and destination port (if you select any port in third step or select protocol ICMP/all, you do
not need fill out the port).
BROWAN Page
65
User’s Guide Version 1.0
Figure 94 – Create a new rule (fifth step)
After complete the rule configuration, click the “apply changes” button to save your configuration,
You can also re-order your rules if you have many rules configured and arrange the priority of them.
The rule with index 1 has the highest priority; with index 2 has the second high priority and so on.
Click the “sort” button to change the index.
Figure 95 – re-order rules
Click the “sort” button of one rule to re-order its priority and then select the index number; click “save”
button to save your changes.
Network Interface | Configuration | Management Subnet
Each network interface can have a management subnet. Use the network interface | configuration
| management subnet menu to configure this feature on selected interface.
When management subnet is enabled, port forwarding will NOT WORK when
connecting from IP addresses that are in the management subnet's remote
administrator's network. This is because the management subnet allows
connecting to the client computer without using port forwarding.
The administrator can enable or disable management subnet for each interface. By default no
management subnet is enabled on the controller:
Figure 96 – Management Subnet
To specify new subnet management click the edit button on the selected interface:
Figure 97 – Add Management Subnet
IP Address and Netmask – specify the IP address and netmask of the management subnet. IP
address will be set on the network interface as an alias, so you can connect to the BW1330 using this
address. This IP address should be used on access points as the gateway address.
Remote Network and Netmask –specify the remote network that is allowed to access the local
management subnet. Only addresses that are from the remote network will be accepted [dots and
digits].
If you do not specify any remote network all stations with IP addresses from the management LAN are
routed to the WAN port even without being authenticated.
BROWAN Page
66
User’s Guide Version 1.0
Clients using an IP address from the management subnet can browse the Internet without
authorization, and no accounting will be done. Thus, it is strongly recommended to allow traffic only
from the administrative remote network (no 0.0.0.0/0.0.0.0 in remote specification).
Example:
Interface configuration for ixp0:
type: LAN
IP address: 192.168.3.1
netmask: 255.255.255.0
gateway: ixp1
Management subnet on ixp0:
IP address: 10.0.0.1
netmask: 255.255.255.0
remote network: 10.10.0.1
remote netmask: 255.255.255.0
With these settings applied, the administrator will be able to connect to devices behind the BW1330
on interface ixp0, if these devices use address in the range: 10.0.0.2 ... 10.0.0.254. The administrator
is connecting via the Internet (from ixp1 interface).
The administrator’s computer can have an address from 10.10.0.1 to 10.10.0.254.
Please note that devices which are using 10.0.0.2. – 10.0.0.254 addresses have
access to the administrative network too!
In this example, the administrative network uses the reserved IP address (10.x.x.x) – they are not
routed in the Internet, so the administrator should setup routers in a path between the BW1330 and
the administrator's computer to recognize 10.x.x.x addresses and route them correctly. This is not
comfortable and sometimes it is impossible. There is a solution – the administrator can use GRE
tunnel(see: Network Interface | Tunnels) to setup a tunnel between the administrator's computer
and the BW1330. The only addresses visible on the Internet will be the BW1330 WAN IP address and
the administrator's computer (or router) IP address.
Network Interface | DNS
DNS (Domain Name Service) service allows AC subscribers to enter URLs instead of IP addresses
into their browser to reach the desired web site.
Figure 98 –- DNS Settings Configuration
You can enter the primary and secondary DNS servers settings under the network interface | DNS
menu.
Figure 99–Edit DNS Redirection Settings
The DNS server or DNS address can be obtained dynamically if DHCP, PPPoE (for DSL) service is
enabled. To add DNS server manually click the edit button in the action column and type in the DNS
server’s IP address:
IP address – enter the primary or secondary DNS server’s IP address [in digits and dots notation].
Save – click to save the new DNS server’s settings.
BROWAN Page
67
User’s Guide Version 1.0
Network Interface | DHCP
The BW1330 controller can act as a DHCP server and/or as a DHCP relay gateway. The DHCP
(Dynamic Host Configuration Protocol) service is supported on the LAN interfaces [ixp0/vlan[n]]. This
service enables clients on the LAN to request configuration information, such as an IP address, from
a server. This service can be viewed in the following table:
Figure 100 – DHCP Configuration
By default the AC is configured to act as a DHCP server.
Each LAN interface runs a different instance of the DHCP service. This service is configured by
defining an IP address range and WINS address for client workstations. Other settings, such as the
default gateway and DNS server address are configured automatically according to the interface
settings.
To see the complete DHCP service configuration, click the details button in the action column:
Figure 101 – DHCP Settings Details
To edit the DHCP service configuration [DHCP server/DHCP relay], click the edit button in the action
column:
Figure 102 – Edit DHCP Configuration Settings
Status – select status from drop-down menu:
Disabled – disable the DHCP service on the selected interface
DHCP Server – enabled by default
DHCP Relay – to route DHCP through the external server, enable relay service
Case 1 Configure the DHCP server
Select the interface on which you want to configure the DHCP service. Select the DHCP server and
click the update button specify the DHCP server parameters:
BROWAN Page
68

Navigation menu