GemTek Technology R950829G High Performance Hotspot Access Point User Manual BW1330 UG v1 0

Gemtek Technology Co., Ltd. High Performance Hotspot Access Point BW1330 UG v1 0

UserManual.wiki >

GemTek Technology >

R950829G User Manual >

Manual Part 1 HTML Version

Manual Part 1

BW1330

High Performance Hotspot Access Point

User Guide

Version 1.0

September, 2006

www.browan.com

this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated

into any language in any form by any means without the written permission of Browan

Communications.

Notice

Browan Communications reserves the right to change specifications without prior notice.

While the information in this manual has been compiled with great care, it may not be deemed an

assurance of product characteristics. Browan Communications shall be liable only to the degree

specified in the terms of sale and delivery.

The reproduction and distribution of the documentation and software supplied with this product and

the use of its contents is subject to written authorization from Browan Communications.

Trademarks

The product described in this book is a licensed product of Browan Communications.

Microsoft, Windows 95, Windows 98, Windows Millennium, Windows NT, Windows 2000, Windows

XP, and MS-DOS are registered trademarks of the Microsoft Corporation.

Novell is a registered trademark of Novell, Inc.

MacOS is a registered trademark of Apple Computer, Inc.

Java is a trademark of Sun Microsystems, Inc.

Wi-Fi is a registered trademark of Wi-Fi Alliance.

All other brand and product names are trademarks or registered trademarks of their respective

holders.

National Radio Regulations

The usage of wireless network components is subject to national and or regional regulations and laws.

Administrator must ensure that they select the correct radio settings according to their regulatory domain. Refer

to the B) Regulatory Domain/Channels chapter in the appendix to get more information on regulatory domains.

Please check the regulations valid for your country and set the parameters concerning frequency, channel, and

output power to the permitted values!

BROWAN Page

FCC Warning

This equipment has been tested and found to

comply with the limits for a Class B digital device,

pursuant to Part 15 of the FCC Rules. These limits

are designed to provide reasonable protection

against harmful interference in a residential

installation.

This equipment generates, uses and can radiate

radio frequency energy and, if not installed and

used in accordance with the instructions, may

cause harmful interference to radio communications.

However, there is no guarantee that interference

will not occur in a particular installation. If this

equipment does cause harmful interference to radio

or television reception, which can be determined by

turning the equipment off and on, the user is

encouraged to try to correct the interference by one

of the following measures:

 Reorient or relocate the receiving antenna.

 Increase the separation between the

equipment and receiver.

 Connect the equipment into an outlet on a

circuit different from that to which the

receiver is connected.

 Consult the dealer or an experienced

radio/TV technician for help.

This device complies with Part 15 of the FCC Rules.

Operation is subject to the following two conditions:

(1) This device may not cause harmful interference,

and (2) this device must accept any interference

received, including interference that may cause

undesired operation.

FCC Caution

To assure continued compliance, any changes or

modifications not expressly approved by the party

responsible for compliance could void the user's

authority to operate this equipment

FCC Radiation Exposure Statement

This equipment complies with FCC radiation

exposure limits set forth for an uncontrolled

environment. This equipment should be installed

and operated with minimum distance 20cm between

the radiator and your body. This transmitter must

not be co-located or operating in conjunction with

any other antenna or transmitter.

CE Mark Warning

This is a Class A product. In a domestic

environment this product may cause radio

interference in which case the user may be required

to take adequate measures.

R&TTE Compliance Statement

This equipment complies with all the requirements

of the Directive 1999/5/EC of the European

Parliament and the Council of 9 March 1999 on

Radio Equipment and Telecommunication Terminal

Equipment and the Mutual Recognition of their

Conformity (R&TTE).

The R&TTE Directive repeals and replaces in the

directive 98/13/EEC (Telecommunications Terminal

Equipment and Satellite Earth Station Equipment)

As of April 8, 2000.

Safety

This equipment is designed with the utmost care for

the safety of those who install and use it. However,

special attention must be paid to the dangers of

electric shock and static electricity when working

with electrical equipment. All guidelines of this

manual and of the computer manufacturer must

therefore be allowed at all times to ensure the safe

use of the equipment.

EU Countries Intended for Use

The ETSI version of this device is intended for

home and office use in Austria, Belgium, Denmark,

Finland, France (with Frequency channel

restrictions), Germany, Greece, Ireland, Italy,

Luxembourg, The Netherlands, Portugal, Spain,

Sweden and United Kingdom.

The ETSI version of this device is also authorized

for use in EFTA member states Iceland,

Liechtenstein, Norway and Switzerland.

EU Countries Not Intended for Use

None..

BROWAN Page

The availability of some specific channels and/or operational frequency bands are 

country dependent and are firmware programmed at the factory to match the 

intended destination. The firmware setting is not accessible by the end user.

User’s Guide Version 1.0

Copyright .............................................................................................................................................1

Notice ..................................................................................................................................................1

Trademarks .........................................................................................................................................1

National Radio Regulations.................................................................................................................1

FCC Warning.......................................................................................................................................2

CE Mark Warning ................................................................................................................................2

R&TTE Compliance Statement...........................................................................................................2

CONTENTS ............................................................................................................................................3

ABOUT THIS GUIDE..............................................................................................................................7

Purpose ...............................................................................................................................................7

Prerequisite Skills and Knowledge......................................................................................................7

Conventions Used in this Document...................................................................................................7

Help Us to Improve this Document! ....................................................................................................7

Browan Communications Technical Support......................................................................................7

CHAPTER 1 – INTRODUCTION............................................................................................................8

Product Overview................................................................................................................................8

Management Options..........................................................................................................................8

The BW1330 Features ........................................................................................................................9

CHAPTER 2 – INSTALLATION ...........................................................................................................10

The Product Package........................................................................................................................10

Hardware Introduction.......................................................................................................................11

General Overview..........................................................................................................................11

Back Panel.....................................................................................................................................12

LEDs ..............................................................................................................................................12

Connectors.....................................................................................................................................13

Stand..............................................................................................................................................14

Wall Mount.....................................................................................................................................14

Connecting the Access Controller.....................................................................................................15

Initialization........................................................................................................................................16

Access Your BW1330....................................................................................................................16

Software Introduction: KickStart ....................................................................................................17

Step by Step Setup ...........................................................................................................................20

CHAPTER 3 – UNIVERSAL ADDRESS TRANSLATION ...................................................................23

What is UAT ......................................................................................................................................23

UAT Principle ....................................................................................................................................23

UAT Limitation...................................................................................................................................23

CHAPTER 4 – USER PAGES (BASED ON XSL)................................................................................25

User Pages Overview........................................................................................................................25

Welcome Page...............................................................................................................................25

Login Page.....................................................................................................................................25

Logout Page...................................................................................................................................26

Help Page ......................................................................................................................................27

Unauthorized Page........................................................................................................................27

Example for External Pages ..........................................................................................................28

Example for Internal Pages ...........................................................................................................30

Extended UAM ..................................................................................................................................33

Parameters Sent to WAS...............................................................................................................35

Contents

BROWAN Page

User’s Guide Version 1.0

CHAPTER 5 – CUSTOMIZED USER PAGE (HTML)..........................................................................39

Determine Your Access Policy..........................................................................................................39

Configure Authentication-Free Access Policy...................................................................................39

FAQ ...................................................................................................................................................45

CHAPTER 6 – COMMAND LINE INTERFACE....................................................................................46

Introduction........................................................................................................................................46

Get Connection to CLI.......................................................................................................................46

Telnet Connection..........................................................................................................................46

SSH Connection ............................................................................................................................47

Terminal Connection......................................................................................................................47

Login..................................................................................................................................................47

Connection ........................................................................................................................................48

Network .............................................................................................................................................48

User...................................................................................................................................................51

Status ................................................................................................................................................52

System...............................................................................................................................................53

Telnet.................................................................................................................................................53

Reboot...............................................................................................................................................53

Reset .................................................................................................................................................53

Exit.....................................................................................................................................................53

CHAPTER 7 – SNMP MANAGEMENT................................................................................................54

Introduction........................................................................................................................................54

SNMP Versions .................................................................................................................................54

SNMP Agent......................................................................................................................................55

SNMP Community Strings.................................................................................................................55

Use SNMP to Access MIB.................................................................................................................55

BROAN Private MIB..........................................................................................................................56

CHAPTER 8 – REFERENCE MANUAL...............................................................................................57

Web Interface....................................................................................................................................57

Network Interface ..............................................................................................................................59

Network Interface | Configuration | Interface Configuration...........................................................59

Network Interface | Configuration | Bridge.....................................................................................60

Network Interface | Configuration | VLAN......................................................................................62

Network Interface | Configuration | Route......................................................................................63

Network Interface | Configuration | Port Forwarding .....................................................................64

Network Interface | Configuration | DHCP Relay...........................................................................65

Network Interface | Configuration | User ACL................................................................................65

Network Interface | Configuration | Management Subnet..............................................................66

Network Interface | DNS ................................................................................................................67

Network Interface | DHCP .............................................................................................................68

Network Interface | POP3 ..............................................................................................................70

Network Interface | RADIUS..........................................................................................................70

Network Interface | RADIUS | Settings..........................................................................................70

Network Interface | RADIUS | Servers...........................................................................................72

Network Interface | RADIUS | WISP..............................................................................................74

Network Interface | RADIUS | Proxy..............................................................................................75

Network Interface | RADIUS | Accounting Backup........................................................................76

Network Interface | Tunnels...........................................................................................................77

Network Interface | Tunnels | PPPoE/GRE ...................................................................................77

Network Interface | Tunnels | GRE Client for VPN........................................................................78

Network interface| wireless | Basic................................................................................................80

Network interface | wireless | Advance..........................................................................................82

Network Interface | Wireless | WDS ..............................................................................................85

Network interface | wireless | Sec WEP ........................................................................................86

BROWAN Page

User’s Guide Version 1.0

User Interface....................................................................................................................................87

User Interface | Configuration | Pages...........................................................................................87

User Interface | Configuration | Upload .........................................................................................88

User Interface | Configuration | Headers .......................................................................................88

User Interface | Configuration | Remote Authentication ................................................................89

User Interface | Configuration | Custom Uam................................................................................89

User Interface | Administrator........................................................................................................94

User Interface | Start Page ............................................................................................................95

User Interface | Walled Garden .....................................................................................................95

User Interface | Web Proxy............................................................................................................96

System...........................................................................................................................................97

System | Configuration | Syslog.....................................................................................................97

System | Configuration | Clock ......................................................................................................98

System | Configuration | NTP ........................................................................................................98

System | Configuration | Certificate ...............................................................................................99

System | Configuration | Save and Restore.................................................................................100

System | Configuration | Domain Name ......................................................................................101

System | Configuration | Share Username ..................................................................................102

System | Access | Access Control...............................................................................................102

System | Access | Telnet .............................................................................................................104

System | Access | AAA ................................................................................................................104

System | Access | UAT ................................................................................................................105

System | Access | Isolation..........................................................................................................106

System | Access | NAV................................................................................................................106

System | Access | SNMP.............................................................................................................106

System | Access | Web Auth........................................................................................................109

System | Access | Mac List..........................................................................................................110

System | Access | HTTPC ...........................................................................................................110

System | Status............................................................................................................................110

System | Reset.............................................................................................................................112

System | Update ..........................................................................................................................113

Connection ......................................................................................................................................115

Connection | Users ......................................................................................................................115

Connection | E-mail Redirection ..................................................................................................117

Connection | Station Supervision.................................................................................................117

Built-In AAA .....................................................................................................................................118

Built-in AAA | E-Billing .................................................................................................................118

Built-in AAA | E-Billing | User Control ..........................................................................................118

Built-in AAA | E-Billing | Band Class............................................................................................121

Built-in AAA | E-Billing | Bill setting..............................................................................................121

Built-in AAA | E-Billing| Power cut protection...............................................................................122

Built-in AAA | pre-paid .................................................................................................................123

Built-in AAA | pre-paid | user account..........................................................................................123

Built-in AAA | pre-paid | price/unit................................................................................................124

Built-in AAA | pre-paid | account life ............................................................................................124

Built-in AAA | pre-paid | receipts..................................................................................................124

Built-in AAA | pre-paid | timeunit..................................................................................................125

Built-in AAA | pre-paid | account reminder...................................................................................125

Built-in AAA | pre-paid | manage net print ...................................................................................125

Built-in AAA | Configuration .........................................................................................................126

Built-in AAA | Configuration | Language ......................................................................................126

Built-in AAA | Configuration | Backup and restore.......................................................................126

Built-in AAA | pre-paid | WEP key and SSID ...............................................................................126

Built-in AAA | Configuration | title.................................................................................................126

APPENDIX..........................................................................................................................................128

A) Access Controller Specification..................................................................................................128

BROWAN Page

Technical Data.............................................................................................................................128

User’s Guide Version 1.0

B) Regulatory Domain/Channels.....................................................................................................130

C) CLI Commands and Parameters................................................................................................131

Network Commands ....................................................................................................................131

User Commands..........................................................................................................................135

System Commands .....................................................................................................................137

Status Commands .......................................................................................................................140

Connection Commands ...............................................................................................................140

D) Location ID and ISO Country Codes..........................................................................................141

E) User Pages Templates Syntax ...................................................................................................145

GLOSSARY........................................................................................................................................150

BROWAN Page

User’s Guide Version 1.0

About this Guide

Purpose

This document provides information and procedures on hardware installation, setup, configuration,

and management of the Browan Communications high performance hotspot access point model

BW1330. The BW1330 is a highly integrated Access Controller with built-in AAA systems for public

access hotspot. We will call it AC later in the manual.

Prerequisite Skills and Knowledge

To use this document effectively, you should have a working knowledge of Local Area Networking

(LAN) concepts and wireless Internet access infrastructures. In addition, you should be familiar with

the following:

 Hardware installers should have a working knowledge of basic electronics and mechanical

assembly, and should understand related local building codes.

 Network administrators should have a solid understanding of software installation procedures for

network operating systems under Microsoft Windows 95, 98, Millennium, 2000, NT, and Windows

XP and general networking operations and troubleshooting knowledge.

Conventions Used in this Document

The following typographic conventions and symbols are used throughout this document:

Very important information. Failure to observe this may result in damage.

Important information that should be observed.

Additional information that may be helpful but which is not required.

Menu commands, buttons and input fields are displayed in bold

bold

code File names, directory names, form names, and system-generated output

such as error messages are displayed in constant-width type

<value> Placeholder for certain values, e.g. user inputs

[value] Input field format, limitations, and/or restrictions.

Help Us to Improve this Document!

If you should encounter mistakes in this document or want to provide comments to improve the

manual please send e-mail directly to:

manuals@browan.com

Browan Communications Technical Support

If you encounter problems when installing or using this product, please consult the Browan

Communications website at http://www.browan.com/ for:

 Direct contact to the Browan Communications support centers.

 Frequently Asked Questions (FAQ).

 Download area for the latest software, user documentation and product updates.

BROWAN Page

User’s Guide Version 1.0

Chapter 1 – Introduction

Thank you for choosing the Browan Communications High Performance Hopspot Access Point.

The BW1330 is a high performance and highly integrated Access Controller for public access

networks. It combines a high-speed wireless LAN Access Point, an IP Router, one LAN port and a

complete Access Controller for Wi-Fi Hotspot. One single BW1330 can serve up to 30 simultaneous

connected wireless client stations, takes control over authentication, accounting and routing to the

Internet as well as to the operator’s central network.

Product Overview

Authentication, Authorization & Accounting

The BW1330 supports multiple secure authentication methods from standard web browser login

(Universal Access Method), MAC authentication, to 802.1x/EAP with passwords, certificates or SIM

cards. The integrated real-time accounting system is based on standard RADIUS/EAP and supports

various billing plans from prepaid, pay-per-time, per-volume, per-use or flat rate. Integration into

existing OSS/BSS systems can be done with ease.

Service Differentiation

The integrated Web server of the BW1330 allows flexible interaction with common web application

servers, facilitating the provisioning of differentiated services with bandwidth management, location

based and personalized services. Inter-Provider roaming and multi-OSS support is guaranteed by the

persistent usage of standardized protocols and interfaces like RADIUS, HTTPS and XML. As all

BW1330 are compliant with the recommendations of the Wi-Fi Alliance WISP roaming group.

Remote Control

The BW1330 is placed at the edge of a broadband access network and allows operators to provide

cost effective public Wi-Fi services, by managing per user access control, device configuration, and

radio performance centrally from the operations centre. HTTPs, telnet, SSH or SNMP over VPN can

be used for secure remote management.

Privacy

BW1330 supports different levels of security and data encryption. Client stations can be separated on

link layer (Layer2 User Isolation), preventing intruders from accessing the hard discs of other users.

User credentials (passwords) are protected by SSL or EAP-based authentication methods. User traffic

can be encrypted by VPNs (pass-through). Operators and service providers can make use of the

integrated VPN/tunneling protocols to protect AAA and management traffic.

Management Options

You can use the Access Controller management systems through the following interfaces:

 Web-browser interface

 Command Line interface (CLI)

 Simple Network Management Protocol (SNMP v1, v2, v3)

The AC management system pages are organized the same way for the web-browser interface and

the CLI. This user manual provides detailed description of each management option.

BROWAN Page

User’s Guide Version 1.0

The BW1330 Features

WLAN

 802.11b+g compliant, 1-54Mbps with auto-fallback

 Wi-Fi compliant

 Support Multiple BSSID up to 16 "Virtual AP"

 Concurrent 802.11b and 802.11g access

 WDS support (concurrent bridge and AP mode)

 WPA/WPA2 (Wi-Fi Protected Access) support

 R-TNC connectors for external antennas

 RF output power

 High receiver sensivity (up to -91 dBm@1Mbps, 8%PER)

AAA

 Multiple authentication methods: UAM, 802.1x/EAP, RADIUS, MAC, Smart Client (e.g. iPass)

 Per LAN/VLAN AAA, IP policies

 WISPr compliant

 Internal and external accounting backups

 Internal or external web server

 Remote user login, logout, session status control via https/XML

 AAA proxy server (for simultaneous EAP and UAM)

 Per user bandwidth management

 Web proxy support

IP Router and IP address management

 Static IP routing table

 NAT/NAPT (IP masquerading)

 Port-forwarding

 802.1q VLAN support

 Transparent VPN client pass-through (PPTP, IPsec ESP)

 Selective source routing

 PPPoE client

 GRE Tunnel

 DHCP server, relay gateway (suboptions), DHCP client

 Multiple IP pools per user group

 UAT (Universal Address Translation)

 SMTP redirection (e-mail)

VPN

 GRE VPN client

Ethernet port

 One WAN port, One LAN port 10/100Mb, auto-sensing

Management

 Secure management via https, SSH, SNMP

 SNMP proxy

 SNMPv3 (incl. authentication and encryption)

 Management subnet for remote AP and switch management

 Remote firmware update

BROWAN Page

User’s Guide Version 1.0

Chapter 2 – Installation

This chapter provides installation instructions for the hardware and software components of the

Access Controller BW1330. It also includes the procedures for the following tasks:

 Hardware Introduction (LEDs, Connectors)

 Connecting the Access Controller

 First Configuration

 Step-by-Step Setup



The Product Package

The Access Controller comes with the following:

 High Performance Hopspot Access Point (model: BW1330)

 Detachable Antennas (Dipole Antenna with R-TNC plug connector, 2 units)

 External power supply (Input:100-240VAC, 50-60Hz, Output: 12VDC, 1 unit)

 Ethernet Patch Cable (STP, 1.5 m length, 1 unit)

 Installation CD containing:

 BW1330 User Guide in PDF format

 KickStart Utility

 Product Firmware

 Release Notes

 Adobe Acrobat Readers

 Printed Warranty Note(3 year)

 Console cable

 Screw bag

If any of these items are missing or damaged, please contact your reseller or

Browan Communications sales representative.

BROWAN Page

User’s Guide Version 1.0

Hardware Introduction

General Overview

Figure 1 –BW1330 Access Controller General View

The front panel of the Access Controller contains:

 A series of indicator lights (LEDs) that help describe the state of various networking and

connection operations.

The reverse panel of the Access Controller contains:

 Connectors which enable you to make different network connections for the controller

 Reset button enables you to reboot or reset the device configuration to the factory defaults

Press the Reset button for less than 3 seconds to reboot the controller.

Press the Reset button for more than 10 seconds to set the controller to factory

defaults.

BROWAN Page

User’s Guide Version 1.0

Back Panel

Figure 2 – Back Panel of the BW1330

The back panel of the Access Controller contains:

 Model and device name (see item 1 in figure above). The official device name is High

Performance Hopspot Access Point, model BW1330.

 MAC address of the device. The label (item 2 in figure above) shows the LAN interface MAC

address of the device. You can determine the WAN and WLAN(Up to 16 MBSSID) interfaces’

MAC addresses by a simple calculation:

 WAN interface MAC = LAN MAC + 1 (Hex)

 WLAN(MBSSID) interface MAC = LAN MAC + 1 (Hex) by sequence up to 16 MAC

LEDs

The Access Controller has several LEDs located on the front panel:

Figure 3 – LEDs of the BW1330

BROWAN Page

User’s Guide Version 1.0

The various states of the LEDs indicate different networking and connection operations as follows:

Item LED Color Status Indication

On system is active/working Green

Blinking system is booting

1 Power

Orange On Writing to FLASH memory

On PPPoE/PPTP/GRE tunnel for DSL is actived. 2 Online Green

Off PPPoE/PPTP/GRE tunnel for DSL is deactived.

On WAN active/working 3 WAN Green

Blinking Data transmitting

On 100 Mbps network connection exists Green

Blinking Data transmitting

On 10 Mbps network connection exists

4 LAN

Orange

Blinking Data transmitting

On WLAN active/working 5

WLAN Green

Blinking Data transmitting

Connectors

The Access Controller has several connectors on the rear panel:

Figure 4 – Connectors

Descriptions of the connectors are given in the following table:

BROWAN Page

Item Connector Description

Power For power supply 1

2 Reset Reboot or reset to factory defaults.

Press the reset button for less than 3 seconds to reboot the

controller. Press the reset button for more than 10 seconds

to set the controller to factory defaults

3 WAN For Internet connection and PoE input

4 LAN For enterprise applications use this port to connect your

company LAN, Intranet or to hotspot access points

5 RS232 Console port

6 Antenna The MAIN antenna

7 Antenna The AUX antenna

User’s Guide Version 1.0

Stand

The BW1330 is designed standing on the desk or wall mount. Refer to the direction of red arrow to

release and insert the stand at the back of BW1330.

figure 5 – release stand figure 6 – insert stand

Wall Mount

BW1330 is also designed for wall mounting.Refer to the step 1 and step 2 to fix the stand on the wall

and lock the BW1330 on it.

figure 7 － wall mount

BROWAN Page

User’s Guide Version 1.0

Connecting the Access Controller

Use the following procedure to prepare your network connection to your BW1330.

Use the enclosed power adapter for power supply of your BW1330.

Step 1 Place the Access Controller on a flat work surface.

Step 2 Connect one Ethernet patch cable to the LAN port of the Access Controller and to

a free hub port on your local network.

Step 3 Connect the WAN port of the Access Controller to an Ethernet port of a broadband

Internet modem or router.

Step 4 Connect the power adapter to the Access Controller.

Step 5 Wait 30 seconds until the boot process is finished and check to ensure that at least

the following LEDs are ON:

 Power LED (steady On)

 WAN LED

 LAN LED

 WLAN link LED

BROWAN Page

User’s Guide Version 1.0

Initialization

This paragraph describes how to access the Web configuration interface of the BW1330. After

unpacking and connecting the product for the first time it responds to a dynamic IP address given by

the DHCP server on LAN or WLAN interface.

The default network settings for your new access controller are:

Ixp1(WAN) port: IP 192.168.2.66 subnet 255.255.255.0

Br1 IP 192.168.3.1 subnet 255.255.255.0

Ixp0 (LAN) port: In Bridge

WLAN1_0(first virtual AP): In Bridge

For other management methods: SNMP and command line interface (CLI) please

refer to their respective chapters.

Access Your BW1330

After connecting the BW1330 device to network, try to access the BW1330 via one of the method:

Follow these instructions to access your BW1330 using the Web browser:

Step 1

● Access your device via LAN connected by RJ-45 cat.5 cable or wirelessly connect to

BW1330 by default SSID “BW1330” without any encryption. Waitting for DHCP server to

give an IP address 192.168.3.x to your client PC. Open the Web browser and type the IP

address of the BW1330:

https://192.168.3.1/a.rg

● Configure your PC with a static IP address on the 192.168.2.x subnet with mask

255.255.255.0. Connect the BW1330 WAN interface into the same physical network as

your PC. Open the web browser and type the default IP address of the BW1330:

https://192.168.2.66/a.rg

Step 2 Enter the BW1330 administrator login details to access the Web management.

The default administrator log on settings for all access point interfaces are:

User Name: admin

Password: admin01

figure 8 login page

Step 3 After successful administrator log on you will see the main page of the access

controller’s Web interface:

BROWAN Page

User’s Guide Version 1.0

figure 9 administrator page

Software Introduction: KickStart

 Another way is launch the KickStart utility that is provided with your product CD. The KickStart is

a software utility that is included on the Installation CD. The utility automatically detects access

points and access controllers installed on your network, regardless of its host IP address and lets

you configure each unit’s IP settings. The feature list for the KickStart utility is listed below:

 Scanning your subnet for all connected APs, ACs

 Quick access to your AC via HTTPS, telnet, SSH

 Setting new IP address of your AC

 Reset to factory default settings

 Default access (in case of lost administrator password)

 Firmware updates

To install the KickStart utility insert the Installation CD into your CD-ROM drive. Find and install the

utility from the product CD into the computer.

If the Installation CD does not start automatically, please run “autorun.exe”

manually from the root directory of the installation CD.

Step 1 Install the KickStart utility from the Installation CD. Click Start > Programs >

BROWAN > KickStart to launch the application. If the BW1330 device is

connected to your network, the utility will automatically find your AC:

BROWAN Page

User’s Guide Version 1.0

figure 10 kick start utility

Step 2 Select your controller and right click. Select Open WEB item to launch the web

management interface through the secure https connection:

figure 11 kick start utility

BROWAN Page

User’s Guide Version 1.0

Step 3 Enter the Access Controller administrator log on settings to access the web

management interface.

The default administrator log on settings for all controller interfaces are:

User name: admin

Password: admin01

Step 4 After successful administrator log on you will see the controller web interface. The

controller system statistics page is displayed by default:

figure 12 administrator page

If you cannot connect to the device via your web browser because of TCP/IP mis-

configuration, you can reset the product to the factory default. Press the reset

button for more than 10 seconds.

Now you are enabled to perform the initial controller configuration. Follow the next section for step-by-

step setup instruction to configure the device according to your needs.

BROWAN Page

User’s Guide Version 1.0

Step by Step Setup

Step 1. Interface Set-Up

In the network interface | configuration |interface configuration menu you can set the TCP/IP

settings. br1 is pre-configured as the WLAN port of your Access Controller, ixp1 is the WAN port. By

default the bridge interface br1 initially contains two interfaces: wlan1_0 and ixp0. Wlan1_0 is the first

virtual AP which you can configure up to 16 virtual AP(16 MBSSID) and ixp0 is the LAN port. Both

ixp0 and wlan1_0 are DHCP server enabled by default.

You can modify these settings according to your local network requirements. Make sure that IP

subnets do not overlap.

Figure 13 – Interface Configuration Settings

If DHCP client, or PPPoE,is selected as a dial-up protocol for the WAN interface

the WAN settings of this table will be overwritten by the values retrieved from the

Internet Provider.

Step 2. DNS Set-Up

In the network interface | DNS menu you can specify your local domain name server or enter the

DNS server provided by your ISP (Internet Service Provider).

Figure 14 – DNS Redirection

DNS is set automatically if provided by the ISP dynamically via DHCP, PPPoE.

Step 3. IP Address Management

For automatic IP assignments to client stations, set the DHCP settings in the network interface |

DHCP menu according to your TCP/IP configuration from step 1. Only use address ranges within the

corresponding IP subnet of the LAN interface. In addition you can switch on the Universal Address

Translation function in the system | access | UAT menu. With UAT users do not need to change their

local TCP/IP settings to log on to the Access Controller. The Access Controller will translate fixed IP

numbers used in private networks transparently for the user.

Please refer to Chapter 3 – Universal Address Translation for further details to

avoid IP conflicts.

Step 4. RADIUS Set-Up

In the network interface | RADIUS settings menu you can first define the local settings of the

integrated RADIUS client of the Access Controller. For example you can modify timeouts and the

NAS server ID (name of the RADIUS client):

BROWAN Page

User’s Guide Version 1.0

Figure 15 – RADIUS Settings

On the second page: network interface | RADIUS | servers you can specify up to 32 different

RADIUS servers for authentication and accounting (see Figure 16 – RADIUS Servers). One of the

RADIUS server entries can be specified as the default server. Thus, if a user cannot be associated to

any specific service provider by his login name, the Access Controller will send authentication and

accounting messages to the default RADIUS server.

Figure 16 – RADIUS Servers

Make sure that the RADIUS server is up and running and is able to receive authentication requests

from the Access Controller.

Step 5. Welcome/Login/Start pages

The most popular authentication method for public users is the UAM (Universal Access Method).

UAM can be enabled using the system | access | AAA menu. With UAM users can log-on to the

Access Controller using their web browser. As an operator of a wireless access service you can

provide a custom set of web pages to your subscribers.

 welcome page (default = Internal，Enabled) - the first page that is presented when users

start their web browser.

 login page (default = Internal) – the page containing the log-on fields for user name and

password. This page is presented as default when the welcome page is disabled.

 logout page (default = Internal) - the page that pops up after successful authentication. It

includes information about the online session such as online time and transferred data.

 help page (default = Internal) - the page with online help information for log-on.

 unauthorized page (default = Internal) - the page which appears if web login method is

disabled.

The default user login page looks like the picture below:

BROWAN Page

User’s Guide Version 1.0

Figure 17 – Example of a Simple Login Page

You have full flexibility to modify and adapt all these pages to your needs and personal designs. For

initial set up and testing we recommend you use the default configuration, which will present a simple

Enter any start page you like in the user interface | start page menu. In addition you can define a

number of free web sites in the walled garden table on the user interface menu.

For more information on how to build your own user pages please refer to Chapter

4 – User Pages.

Step 6. Change Administrator Password

Before saving your initial configuration don’t forget to change the administrator password in the user

interface | administrator menu.

Step 7. E-mail Redirection

If you have a SMTP mail server available for your subscribers enter its IP address and SMTP port

number in the connection menu under the item e-mail redirection. All outgoing e-mail passing

through the Access Controller will be redirected to this server.

Step 8. Save Configuration and Restart

Make sure you have saved your changes from each of the first seven steps and then press the save

and reboot button on the lower side of the web management screen. After 10-15 seconds you can

re-load the admin pages or start to log on to the Access Controller as a user.

Users connected to the LAN port of the Access Controller can type in any URL in their browser and

they will be redirected to your defined welcome (if enabled) and login pages. Administrators can

monitor connected users via the connection | users menu.

BROWAN Page

User’s Guide Version 1.0

Chapter 3 – Universal Address Translation

What is UAT

Universal Address Translation (UAT) allows Hotspot operators to offer true IP Plug&Play access for

their subscribers.

With UAT enabled, the Access Controller will automatically and transparently translate fixed IP

settings (IP address, gateway, DNS, proxy server) on a user’s PC enabling him to connect to the

broadband Internet service, even if the client’s IP overlaps the IP subnet of the WAN port.

Without UAT public access, subscribers are forced to switch their TCP/IP settings to DHCP

(automatic IP address assignment), potentially losing any fixed IP address settings they previously

entered.

UAT Principle

BW1330 acts as an ARP proxy to each client who has a fixed IP which not belong to the subnet of

LAN interface. As below figure descript, BW1330 will automatic reply a client’s ARP Request if its IP

doesn’t belong to its LAN subnet to pretend as if BW1330 is its Gateway; then inside BW1330, a

unicast router will be added for UAT client.

Figure 18 – UAT Principle

UAT Limitation

When using UAT operators have to be aware of some principal limitations:

If UAT mode is enabled on BW1330, BW1330 will act as an ARP Proxy under its LAN interface. If

there has a sub-net behind a router which under the LAN of BW1330 and there has a PC whose IP

belong to the sub-net as the figure show, the communication between PC2 and PC1 will be failed for

the reason of BW1330’s ARP proxy packet.

But if the router is working under NAT mode, the communication from PC2 to PC1 will be OK.

BROWAN Page

User’s Guide Version 1.0

figure 19 UAT Limitation

BROWAN Page

Figure 20 – another subnet under BW1330

User’s Guide Version 1.0

Chapter 4 – User Pages (Based on XSL)

This chapter describes what the user pages are and how to manage them. Detailed instructions on

how to change and upload new user pages are given below.

When launching his/her web browser the user's initial HTTP request will be redirected to an operator

defined set of web pages, further called the "user pages". User pages are:

 Welcome page– the first page presented to the user.

 Login page– subscriber authentication page, allows the user to login to the network.

 Logout page– small pop-up window for logged-on user statistics and log-out function.

 Help page – get help with the login process.

 Unauthorized page – this page is displayed when web login or EAP login methods are disabled

on the Access Controller for subscribers.



All further presented user pages are factory default. The Hotspot operator can

upload new templates for all user pages.

User Pages Overview

Welcome Page

Welcome page is the first page a Hotspot subscriber receives when he starts his web browser and

enters any URL. By default it’s a very simple page and provides only a link to the login page.

Figure 21 – Welcome Page

The Hotspot operator can change the welcome page according its needs. See

more details in section: Changing User Pages.

The subscriber gets to the login page after clicking the link on the welcome page. The login page is

loaded from the Access Controller. To get access to the network, the user should enter his

authentication settings: login name and password and click the login button:

Figure 22 – Simple Login Page

BROWAN Page

User’s Guide Version 1.0

The login name and password can be obtained from your Hotspot Operator. Login

format available for BW1330:

 username@WISPdomain

 WISPdomain/username

The login page also displays subscriber’s logical and physical network addresses (IP and MAC).

Once authenticated, a start page appears. In addition, a smaller logout window (page) pops up.

The Hotspot operator can change the login page according to its needs. See more

details in section: Changing User Pages.

Logout Page

Make sure the JavaScript is enabled on your Web browser; otherwise you will not

receive the logout page.

The Logout page contains the detailed subscriber’s session information and provides function for

logging out of the network:

Figure 23 – Logout Page

Detailed AC subscriber’s session information includes:

Logout button – click the button to logout from the network. The log-out pop-up window closes.

Bill button – display subscriber’s billing information (not include current session).

Passwd button – click the button to change subscriber’s password.

User – subscriber’s login name.

User IP – subscriber’s logical network name (IP address).

BROWAN Page

User’s Guide Version 1.0

MAC Address – subscriber’s physical network address.

time length– subscriber’s time length from client log on in format: [hours: minutes: seconds].

Download/upload bytes – subscriber’s session download and upload statistics in bytes.

Download/upload bytes left – session download and upload bytes left for subscriber limited from

RADIUS [in B, KB, MB, GB and unlimited].

Total bytes left – session total (download and upload) bytes left for subscriber limited form RADIUS

[in B, KB, MB, GB and unlimited].

time length left – time length left in format: [hours: minutes: seconds].

Bandwidth downstream/upstream – available upstream and downstream bandwidth for subscriber

limited from RADIUS [in bps].

Refresh button – click the button to refresh the subscriber session information.

The Hotspot operator can change the logout page interface according to its needs.

See more details in section: Changing User Pages.. All session details are further

accessible via the operator XML interface.

Help Page

Click on the get help link in the login page for help tips related to network registration. A page

appears similar to the following:

Figure 24 – Help Page

The Hotspot operator can change the help page according to its needs. See more

details in section: Changing User Pages.

Unauthorized Page

If web log-on method (UAM) or EAP-based authentication methods are disabled on the AC and the

subscriber attempts to login to the network, he will receive the following page:

Figure 25 – Unauthorized Page

The Hotspot operator can change the unauthorized page according to its needs.

See more details in section: Changing User Pages.

BROWAN Page

User’s Guide Version 1.0

Changing User Pages

As the Hotspot operator you can modify the user pages freely according to your personal needs and

preferences. User Page templates can be either stored locally on the AC or on an external web server.

Use the user interface | configuration menu to modify user pages. There are two ways to change

and store new user page templates:

 External – linking new user page templates from an external server.

 Internal – upload new templates to local memory.

Supported user pages template formats:

 XSL (Extensible Style sheet Language) for welcome/login/logout pages.

 HTML (Hypertext Markup Language for help/unauthorized pages.



The welcome, Login and logout pages must be in .XSL format.

The following image formats are supported for new templates. Other formats are not accepted:

 PNG

 GIF

 JPG

The following examples demonstrate the use of internal and external user pages.

User Pages templates samples can be found in the Installation CD delivered to

you with the product.

Example for External Pages

Step 1 Prepare your new user pages template for each user page:

welcome/login/logout/help/unauthorized.

Step 2 Under the user interface | configuration | pages menu select the user page you

want to change (e.g. login)

figure 26 configure external pages

Step 3 Choose the external option under the use column:

figure 27 configure external pages

BROWAN Page

User’s Guide Version 1.0

Step 4 Specify the new user page location in the location field

(http://servername/filelocation):

figure 28 configure external pages

Do not try to upload other than supported formats. Such uploaded pages will not be

displayed properly.

Step 5 Save entered changes with the apply changes button:

figure 29 configure external pages

Step 6 Check for new uploaded user page (e.g. login):

figure 30 new login page

If at anytime you wish to restore factory default user pages, click the reset button

under the system | reset menu.

BROWAN Page

User’s Guide Version 1.0

Example for Internal Pages

We will use the user pages templates from the Installation CD to show the example how to upload

the internal pages. Follow the steps below:

Step 1 Ensure that internal option is selected for all user pages you want to change. By

default internal option is defined for all pages:

figure 31 internal pages

Step 2 Under the user interface | configuration | upload menu click the upload button

to upload new prepared user pages:

Figure 32 upload page

The memory space in the AC for internal user pages is limited to 1 MB.

Step 3 Specify the location (Examples directory if you use the Installation CD) of new

user page templates by clicking the browse button or enter the location manually.

Specify the location for the additional files of new user page templates: images and

a cascading style sheet file (css) by clicking the browse button or enter the

location manually:

BROWAN Page

figure 33 upload template files

User’s Guide Version 1.0

Step 4 Click the upload button to upload specified templates and files.

You do not need to upload all additional files at once. You can repeat the upload

process a number of times until all necessary images are uploaded.

Step 5 Check for the newly uploaded user pages and images to ensure that everything is

uploaded and displayed correctly. Go to the link:

https://<device-IP-address>/ to get to the new user welcome page:

figure 34 customize welcome page

Click the here link or enter the link directly:

https://<device-IP-address>/login.user to get to the new user login

page:

BROWAN Page

User’s Guide Version 1.0

figure 35 customize login page

If at anytime you wish to restore the factory default user pages, click the reset

button under the system | reset menu.

BROWAN Page

User’s Guide Version 1.0

Extended UAM

The Extensions feature (user interface | configuration menu) allows an external Web Application

Server (WAS) to intercept/take part in the user authentication process externally log on and log off the

user as necessary. It provides means to query user session information as well.

See the following schemes to understand how the remote client authentication works.

Scheme 1:

The remote authentication method when client’s authentication request is re-directed to the external

server (WAS):

Client AC WAS RADIUS Server

1. Initial Request

3. Renders HTML

4. Direct client

communication

with WAS

5. Client sends

his/her login and

password

9. WAS reports

client status:

authenticated or

not

2. Fetch XSL

6. WAS tries to

authenticate

client

7. AC sends

request to

RADIUS

8. RADIUS reply

authenticated or

not

Figure 36 – Client Remote Authentication Scheme (1)

The Client initiates (1) authentication process. AC intercepts any access to the Internet via HTTP and

redirects the client to the welcome, or login URL on AC. In order to render the custom login screen

HTML page, the AC must be configured to (2) fetch .XSL script from a remote server, which in this

case is a Web Application Server (WAS), or have custom .XSL uploaded on the AC. There is the

ability to enable caching of .XSL scripts (see: User Interface | Configuration | Pages), thus avoiding

fetching of the same document every time a client requests authentication.

The AC (3) uses .XSL script to render HTML output, which is done by feeding a XML document to a

parsed and prepared for rendering .XSL script. The latter XML document contains all needed

information for Web Application Server like user name, password (if one was entered), user IP

address, MAC address and NAS-Id. Custom .XSL script must generate initial welcome/login screen

so that it embeds all the needed information in a HTML FORM element as hidden elements and

POST data not back to the AC, but to the Web Application Server (5). Thereafter the client

communicates directly with the Web Application Server.

Find more details on how to prepare the .XSL templates to renter the HTML in

Appendix: E) User Pages Templates Syntax.

BROWAN Page

User’s Guide Version 1.0

When the Web Application server has all needed data from the client, it must try to authenticate (6)

the client. Authentication is done by the RADIUS server but through the AC. At this step the shared

secret is used to make the connection between the WAS and the AC. The AC re-sends the

authentication request to the RADIUS server (7). Depending on the status, appropriate authentication

status must be returned back to the WAS but through the AC (8). In step (9), the Web Application

Server knows the client authentication status and reports success or failure back to the client.

The Web Application Server (WAS) must be configured as a free site in the Walled

Garden area.

There is an ability to skip the rendering initial user pages from the .XSL. See the following scheme

when the user initial request is redirected to the specified location.

Scheme 2:

The remote authentication method when client with proxy authentication request is re-directed to the

external server (WAS):

Client AC WAS RADIUS Server

1. Initial Request

2. Replay with

HTTP redirect

3. Direct client

communication

with WAS

4. Client sends

his/her login and

password

8. WAS reports

client status:

authenticated or

not

5. WAS tries to

authenticate

client

6. AC sends

request to

RADIUS

7. RADIUS replay

authenticated or

not

Figure 37 – Client Remote Authentication Scheme (2)

The initial client request (1) can be redirected to the specified location, as redirection URL on the

Web Application server. In such case the client who wants to authenticate gets the redirection from

AC (2). In other words the AC intercepts any access to the Internet via HTTP and redirects the client

to the defined welcome, or login URL on WAS (also see: User Interface | Configuration | Pages).

The further actions are the same as described in the Scheme 1 (Figure 36 – Client Remote

Authentication Scheme (1)).

The WAS location URL under welcome page redirect must be configured as a free

site in the Walled Garden area.

BROWAN Page

To define such redirection URL use the user interface | configuration | pages menu. Enable

welcome page, set the redirect setting and specify the redirect location for such authentication

process (also see: User Interface | Configuration | Pages).

User’s Guide Version 1.0

Parameters Sent to WAS

Parameters that are send to the external server (WAS) using the remote user authentication method

(UAM).

Parameter Description Comments

nasid NAS server ID value Can be specified under the

network interface | RADIUS |

RADIUS settings menu

nasip WAN IP address for WAS Can be changed or specified

under the network interface |

configuration | interface

configuration menu.

clientip Client IP address Cannot be defined manually.

mac Client MAC address Cannot be defined manually.

ourl Initial URL where not authorized client enter to

his/her browser and tries to browse. After

authentication the client is redirected in this URL

Optional.

sslport HTTPS port number of AC (by default: 443). Not configurable.

lang Parameter "accept-language" from client browser

request Optional.

The IP address of the LAN interface the user is

connected to. Can be changed or specified

under the network interface |

configuration | interface

configuration menu.

Lanip

In order to logon, log-off or get user status WAS submits POST request to the following URLs:

1. Remote user logon

 Script name: pplogon.user

 Parameters:

 secret shared secret, to protect page from accidental use

 ip IP address of user to be logged on.

 username Username of the user to be logged on.

 password Password of the user to be logged on.

All parameters are required.

Script call example:

https://BW1330/pplogon.user?secret=sharedSecret&ip=<user_IP_address>&userna

me=userName&password=UserPassword

Script produces XML output:

<logon>

<description>User logged on.</description>

<replymessage>Hello user!</replymessage>

</logon>

Response status and error codes:

status error description

OK 0 User is logged on.

Not checked 100 Logon information not checked.

No IP 101 No user IP address supplied.

BROWAN Page

User’s Guide Version 1.0

BROWAN Page

No username 102 No username supplied.

Disabled 103 Remote authentication is disabled.

Bad secret 104 Incorrect shared secret supplied.

No password 105 No user password.

OK 110 User already logged on.

Failed to authorize 111 Failed to authorize user.

Bad password 112 Incorrect username or/and password.

Network failed 113 Network connection failed.

Accounting error 114 Accounting error.

Too many users 115 Too many users connected.

Unknown authorization error 120 Unknown authorization error.

<replymessage> is RADIUS Reply-Message attribute value. If RADIUS responds with Reply-

Message(s), they are added to logon response. If RADIUS does not responds with Reply-Message,

<replymessage> attribute is not added to output XML.

2. Remote user log-off

 Script name: pplogoff.user

 Parameters:

 secret shared secret, to protect page from accidental use

 ip IP address of user to be logged off.

 username Username of the user to be logged off.

 mac AC address of the user to be logged off.

All parameters are required, except the IP and MAC. At least one of IP and MAC addresses should be

supplied. If supplied only IP, user is checked and logged off by username and IP. If IP and MAC

addresses are supplied, then user is checked and logged off by username, IP and MAC addresses.

Script call example:

https://BW1330/pplogoff.user?secret=sharedSecret&username=UserName&ip=<user

_IP_address>

Script produces XML output:

<description>User logged off.</description>

</logoff>

Response statuses and error codes:

status error Description

OK 0 User is logged off.

Not checked 100 Logoff information not checked.

No username 102 No username supplied.

Disabled 103 Remote authentication is disabled.

Bad secret 104 Incorrect shared secret supplied.

No IP/MAC 106 No user IP and/or MAC address

supplied.

No user by MAC 121 User with supplied MAC address not

User’s Guide Version 1.0

BROWAN Page

found.

No user by IP 122 User with supplied IP address and

username not found.

No user by IP and MAC 123 User with supplied IP, MAC

addresses and username not found.

Failed to logoff 131 Failed to logoff user.

Cannot resolve IP 132 Cannot resolve user IP.

Unknown logoff error 140 Unknown logoff error.

3. Remote user status

 Script name: ppstatus.user

 Parameters:

 secret shared secret, to protect page from accidental use

 ip IP address of user to get status.

 username Username of the user to get status.

All parameters are required.

Script call example:

https://BW1330/ppstatus.user?secret=sharedSecret&username=UserName&ip=<user

_IP_address>

Script produces XML output:

 XML output, when some error occurs:

<description>User with supplied IP address not found.</description>

</ppstatus>

Response statuses and error codes:

status error description

OK 0 User status is ok.

Not checked 100 Status information not checked.

No IP 101 No user IP address supplied.

No username 102 No username supplied.

Disabled 103 Remote authentication is disabled.

Bad secret 104 Incorrect shared secret supplied

No user by IP 122 User with supplied IP address not

found.

User with supplied IP address and

username not found.

No user by IP and username 141

 XML output when no errors and user statistics got successfully:

 <ppstatus>

<description>Got user status.</description>

User’s Guide Version 1.0

<entry id="7">0 bytes</entry>

<entry id="8">0 bytes</entry>

<entry id="9">testlab</entry>

<entry id="10">unlimited</entry>

<entry id="11">unlimited</entry>

<entry id="12">unlimited</entry>

</ppstatus>

Status detailed information by ID:

BROWAN Page

id description

1 User name

2 User IP address

3 User MAC address

4 Session time

5 Session ID

6 User idle time

7 Output bytes

8 Input bytes

9 User WISP name

10 Remaining bytes

11 Remaining output bytes

12 Remaining input bytes

13 Bandwidth upstream

14 Bandwidth downstream

15 Remaining session time

16 Authentication method

User’s Guide Version 1.0

This chapter will assist you on configuring BW13330 customized login/logout pages using the sample

templates in BW13330 CD. BW13330 CD includes four different styles of templates (based on HTML).

There are three authentication-enabled styles (coffee bar, general and hotel), and one authentication-

free hotel style. User can also create a personalized login/logout pages based on the provided sample

templates.

Chapter 5 – Customized User page (HTML)

Determine Your Access Policy

Determine if the BW13330 access policy requires user authentication:

Choose either the authentication-enabled policy (user authentication require) style template or

authentication-free policy (no user authentication require) style template as the base template. Step 2

will show how to configure authentication-free access policy on BW13330. User may use any HTML

editing tools to modify the template contents to create a new personalized login/logout page.

Configure Authentication-Free Access Policy

diagram below, edit the ip web auth method status and set to enabled.

Figure 38 – configure IP authentication.

Once the status of the ip web auth method is set to enabled, any end-user trying

to access to Internet from BW1330 will not require user authentication. More

detail please refer to the system | access | Web auth in chapter 8.

Step1. Configure and Upload Customized Login/Logout Page files

In order to configure BW1330 using the customized login/logout page, Customize Page status must

be set to enable.

To enable Customized Page, edit the Customize page status(user interface |configuration |custom

uam) and set to Enabled. See the diagram below:

Figure 39 – enable customize page status

BROWAN Page

User’s Guide Version 1.0

Figure 40 – customize page status is enabled

To start to upload the customized template files, click the upload button. (We will use the coffee bar

style template files in the BW1330 CD for this demonstration).

After clicking the upload button, an Update Custom UAM Files screen will appear. (See diagram

below).

Figure 41 – upload files

Enter the physical path and filename of the coffee template files, or click the “browse” button to search

the BW1330 CD where coffee template files are located.

The first two items are for login.html and logout.html files. Additional files are

for CSS and image files, such as jpg, gif, png and etc.

BROWAN Page

User’s Guide Version 1.0

Figure 42 – select example files

Figure 43 – upload login.html

After entering all the template files, press upload button to start the uploading files to BW1330.

Only ten Additional files can be uploaded at one time. To upload more additional

file, repeat the same upload process in step 2-4, but please be aware of the first

two items are only for login.html and logout.html files. Image files can only be

uploaded to Additional file fields

BROWAN Page

User’s Guide Version 1.0

Figure 44 – upload other files

Once all files are uploaded successfully, a list of Uploaded File List will show.

Figure 45 – files have been uploaded

Verify if all files are uploaded successfully

BROWAN Page

User’s Guide Version 1.0

Figure 46 – verify all files

Step2. Configure the pixels of logout window.

The README file in each template directory contains the information of the pixels settings for the

logout page. Enter the width size and height size setting of logout page and press the Save button.

E.g. the coffee bar template, the suggested size of logout page is 1024 x 768.

Figure 47 – set the pixels of logout window

Step3. Everything is ready

Now, any users that access the internet via the BW1330 will see the new personalized login and

logout pages.

Let’s look at the new appearance of login and logout page based on the coffee bar template.

BROWAN Page

User’s Guide Version 1.0

Figure 48 – example of coffee bar login page

Figure 49 – example of coffee bar logout page

BROWAN Page

User’s Guide Version 1.0

FAQ

1. Question: How to add some links that could be accessed without authentication?

Answer: These authentication-free sites for users are so called “walled garden ”area. Please

refer to the user’s guide to do the relating settings.

2. Question: How to hide the user login session information from my customers?

Answer: You can find these set of html code in logout.html we provided:

<td width="265" valign="top"><iframe src="logout.user?cmd=status" width="250"

height="240" marginwidth="0" marginheight="0" scrolling="yes"

frameborder="0"></iframe></td>

These set of code uses an embedded window to show the session data in logout window.

Comment them with HTML comments language “” will hide the session data in

logout window.

3. Question: If I don’t want the logout window to pop-up to users, how could I do?

Answer: Please login BW1330 and go to user interface | configuration | Custom UAM to

disable “pop logout page.”

4. Question: If I happen close the logout window, how can I logout?

Answer: 1. just un-plug you wireless card, or un-plug you network wire if you use a wired card.

2. Open a browser window, and input the URL: “logout.usr”, then you will be redirect to

logout window.

If you still have any question and any comments, please email to sse@browan.com

BROWAN Page

User’s Guide Version 1.0

Chapter 6 – Command Line Interface

Introduction

The CLI (Command Line Interface) software is a configuration shell for the Access Controller. Using

the CLI system operator can configure:

 User interface

 Network interface

 System

Using the CLI system operator can check:

 Status (device, network, service)

 Connection

All available key combinations in CLI mode are listed in the table below:

Key and/or Combination Function

? Get context-sensitive help

<TAB> Complete the current keyword or list all the options

<CTRL> <D> Break out the sub-shell

<CTRL> <A> Jump to the beginning of the line

<CTRL> <E> Jump to the end of the line

<CursUP>/<CursDOWN> Scroll through the history of commands

Get Connection to CLI

There are three different ways to get a connection to the CLI of the Access Controller, via the:

 Telnet

 SSH client

 Terminal

Telnet Connection

Make sure that default access status is allowed and telnet function is enabled on

the AC before trying to connect via telnet. Otherwise, no telnet connection will be

available.

Connect the Access Controller via LAN or WAN ports using the enclosed UTP cable and start a telnet

session (using a telnet application). For example, connect your device via the WAN port, and then

make a telnet connection as the following:

telnet 192.168.2.66

where 192.168.2.66 is the default WAN interface IP. Login to CLI mode and the prompt will be

displayed automatically. Enter the administrator login settings (refer to the Login section for details).

BROWAN Page

User’s Guide Version 1.0

SSH Connection

Make sure that default access status is set to allow on the AC before attempting

to connect via SSH. Otherwise no SSH connection will be available.

Connect the Access Controller via LAN or WAN ports using the enclosed UTP cable and start a SSH

session (using an application as PuTTY). For example connect your device via the WAN port and

then make a SSH connection to host IP: 192.168.2.66 (default WAN interface IP).

to the next section for details).

Terminal Connection

A serial console port RS-232 on the BW1330 enables a connection to PC or terminal directly.

1. Connect one of the connectors of the RS-232 cable directly to the console port on the BW1330.

2. Connect the other end of the cable to the COM port of the PC or the terminal running the

communication software.

The connection operates at 9600 baud, 8 data bits, 1 stop bit and no parity.

Enter the administrator login settings in the displayed CLI command prompt.

The default administrator login settings:

Password: admin01

Figure 50 – CLI Login

After a successful login command prompt is displayed, the CLI is ready for commands. Press ‘?’ to

get a list of main commands:

Figure 51 – Main CLI Commands

‘?’ will not appear on the screen. While pressing this character, the display changes

to the desired help page. To enter ‘?’ as character type ‘\?’.

BROWAN Page

User’s Guide Version 1.0

Connection

Connection is a category of command that is related to the user’s connection with the device.

A full list of all available connection commands/subcommands and its parameters

is available in the Appendix section: C) CLI Commands and Parameters.

In general, connection usage is as follows:

connection <command> <value>

To get a list of all available commands in the connection category type:

connection ?

Figure 52 – Connection Commands

Network

Network is a category of commands that configures controller interface settings, DNS, DHCP, UAT

and RADIUS settings.

A full list of all available network commands/subcommands and its parameters is

available in the Appendix section C) CLI Commands and Parameters.

The network commands themselves contain several subcommands and the subcommands again

contain several parameters. In general, network command usage is as follows:

network <command> <subcommand1> <subcommand2> [-parameter] <value>

To get a list of all available commands in the configure category, type:

network ?

Figure 53 – Network Commands List

To get a list of all-available subcommands for a specific command, type:

network <command> ?, (e.g. network radius ?)

All available subcommands for radius are displayed:

BROWAN Page

User’s Guide Version 1.0

Figure 54 – Configure Network (1)

Specific command contains several subcommands:

network <command> <subcommand1> ?, (e.g. network radius servers ?)

All available subcommands are displayed:

Figure 55 – Configure Network (2)

To get a list for available parameters on selected subcommand, type:

network <command> <subcommand1> <subcommand2> ?, (e.g. network radius

servers accounting ?)

All available parameters on entered subcommand are displayed:

Figure 56 – Configure Network (3)

To configure the desired controller interface setting, type all required parameters with values and

subcommands:

network <command> <subcommand1> <subcommand2> [-parameter] <value>

(e.g. network radius servers accounting 1 –a 127.0.0.2 –p 1814 –s

testing111), where parameters are as follows:

-a – RADIUS server IP address used for RADIUS accounting

-p – RADIUS server port number used for RADIUS accounting

-s – Shared secret key for accounting.

Figure 57 – Configure Network (4)

BROWAN Page

User’s Guide Version 1.0

If successful, a message regarding the successful completion is displayed;

otherwise, an error message is displayed.

In some cases, entered commands without parameters display current controller configuration or

settings:

network <command> <subcommad1> <subcommad2>, (e.g. radius servers

accounting), displays available RADIUS servers and its settings list (in this case, the RADIUS

accounting server which is already updated):

Figure 58 – Configure Network (5)

BROWAN Page

User’s Guide Version 1.0

User

User is a category of commands that configures controller interface settings, affecting the user’s

interface: redirection URL, free sites (walled garden), system management access, administrator

A full list of all available user commands/subcommands and their parameters is

available in the Appendix section: C) CLI Commands and Parameters.

In general, the user command usage is as follows:

user <command> <subcommand1> <subcommand2> [-parameter] <value>

To get the full list of the user commands, type:

user ?

Figure 59 – User Commands List

To get a list of all-available subcommands for a specific command, type:

user <command> ?, (e.g. user walled_garden ?)

All available subcommands for walled garden (free sites) are displayed:

Figure 60 – Configure User Interface (1)

To configure selected user interface settings, type:

User <command> <subcommand1> <subcommand2> [-parameter] <value>,

(e.g. user walled_garden url A -u www.gemtek-systems.com -s gemtek site),

where parameters are as follows:

A – action: add URL

-u – define URL address

-s – define URL description, visible for user:

Figure 61 – Configure User Interface (2)

If successful, a message regarding the successful completion is displayed;

otherwise, an error message is displayed.

BROWAN Page

User’s Guide Version 1.0

Status

Status is a category of commands that’s displays:

 General devices status (model, firmware version, uptime, memory)

 All interface network settings (IP address/netmask, MAC address, gateway, RX/TX statistics)

 Currently running services (DHCP, routes, port forward, telnet, SNMP, UAT, ..).

A full list of all available status commands/subcommands and their parameters is

available in the Appendix section: C) CLI Commands and Parameters.

In general the status command usage is as follows:

Status <command>

To get the full list of the status commands, type:

status ?

Figure 62 – System Status Commands List

To get the general device status information, type:

status device :

Figure 63 – Device Status

Here you can find the current firmware version of your AC. This is important

information for support requests and for preparing firmware uploads.

BROWAN Page

User’s Guide Version 1.0

System

System is a category of commands that configures access to controller (telnet, AAA methods, L2

isolation, SNMP, UAT) and configuration: clock, NTP, pronto, syslog, trace and firmware upgrade.

A list of all available system commands/subcommands and their parameters are

available in the Appendix section: C) CLI Commands and Parameters.

In general, the system command usage is as follows:

system <command> <subcommand1> <subcommand2> [-parameter] <value>

To get the full list of the system commands, type:

system

Figure 64 – System Commands List

Telnet

To make a telnet connection, type the telnet command in the command line:

telnet

The telnet client is activated and ready for a telnet session.

Figure 65 – Telnet Session

Quit the telnet to return to CLI interface.

Reboot

To stop the controller and reboot the device, type the reboot command in the command line. No

configuration changes are done. The last saved configuration is applied to the rebooted controller.

Reset

To reset the controller to factory defaults, type the reset command. The device is restarted and

defaults values are set.

Please note that even the administrator password will be set back to the factory

default.

Exit

To leave the CLI mode, type the Exit command in the command line.

BROWAN Page

User’s Guide Version 1.0

Chapter 7 – SNMP Management

Introduction

Another way to configure and monitor the Access Controller (BW1330) via a TCP/IP network is SNMP

(Simple Network Management Protocol).

SNMP is an application layer protocol that facilitates the exchange of management information

between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP)

protocol suite. SNMP enables network administrators to manage network performance, find and solve

network problems, and plan for network growth.

The SNMP agent and management information base (MIB) reside on the Access Controller. To

configure SNMP on the controller, you define the relationship between the Network Management

System (NMS) and the SNMP agent (our AC). The SNMP agent contains MIB and Browan

Communications private MIB variables whose values the SNMP manager can request or change. A

NMS can get a value from an agent or store a value into the agent. The agent gathers data from the

MIB, the repository for information about device parameters and network data. The agent can also

respond to a manager’s requests to get or set data.

In order to manage the device you have to provide your Network Management

System software with adequate MIB files. Please consult your management

software manuals on how to do that.

SNMP Versions

The BW1330 supports the following versions of SNMP:

 SNMPv1 – the Simple Network Management Protocol: A Full Internet Standard, defined in RFC

1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.)

Security is based on community strings.

 SNMPv2c – the community-string based Administrative Framework for SNMPv2. SNMPv2c (the

"C" stands for "community") is an Experimental Internet Protocol defined in RFC 1901, RFC 1905,

and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p

(SNMPv2 Classic), and uses the community-based security model of SNMPv1.

 SNMPv3 – SNMP v3 is based on version 2 with added security features. It addresses security

requirements through encryption, authentication, and access control rules.

Both SNMPv1 and SNMPv2c use a community-based form of security. The community of managers

able to access the agent's MIB is defined by an IP address access control list and password.

The Access Controller implementation of SNMP supports all MIB II variables (as described in RFC

1213) and defines all traps using the guidelines described in RFC 1215.The traps described in this

RFC are:

coldStart

A coldStart trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself

and that its configuration may have been altered.

WarmStart

A WarmStart trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself

and that its configuration is unaltered.

authenticationFailure

An authenticationFailure trap signifies that the SNMP entity, acting in an agent role, has

received a protocol message that is not properly authenticated.

BROWAN Page

User’s Guide Version 1.0

linkDown

A linkDown trap signifies that the SNMP entity, acting in an agent role, recognizes a failure in

one of the communication links represented in the agent's configuration.

linkUp

A linkUp trap signifies that the SNMP entity, acting in an agent role, recognizes that one of

the communication links represented in the agent's configuration has come up.

SNMP Agent

The SNMP agent responds to SNMP manager requests as follows:

 Get a MIB variable – the SNMP agent begins this function in response to a request from the

SNMP manager. The agent retrieves the value of the requested MIB variable and responds to the

manager with that value.

 Set a MIB variable – the SNMP agent begins this function in response to a message from the

SNMP manager. The SNMP agent changes the value of the MIB variable to the value requested

by the manager.

The SNMP agent also sends unsolicited trap messages to notify an SNMP manager that a significant

event has occurred (e.g. authentication failures) on the agent.

SNMP Community Strings

SNMP community strings authenticate access to MIB objects and function as embedded passwords.

In order for the SNMP manager to access the controller, the community string must match one of the

two community string definitions on the controller. A community string can be as follows:

 Read-only – gives read access to authorized management stations to all objects in the MIB

except the community strings, but does not allow write access.

 Read-write – gives read and write access to authorized management stations to all objects in the

MIB, but does not allow access to the community strings.

Use SNMP to Access MIB

As shown in the picture as below SNMP agent gathers data from the MIB. The agent can send traps

(notification of certain events) to the SNMP manager, which receives and processes the traps. Traps

are messages alerting the SNMP manager to a condition on the network such as improper user

authentication, restarts, link status (up or down), MAC address tracking, and so forth. The SNMP

agent also responds to MIB-related queries sent by the SNMP manager in get-request, get-next-

request, and set-request format.

MIB

SNMP Agent

P-560

SNMP Manager

get-response, traps

get-request, get-next-reguest, get-bulk, set-request

figure 66 SNMP Management

BROWAN Page

User’s Guide Version 1.0

BROAN Private MIB

In addition to standard SNMP MIBs, BW1330 supports the Browan Communications private MIB. The

private MIBs are enterprise specific and serve to extend the functionality of the standard MIBs. The

Private MIB identifies manageable objects and their properties that are specific to the managed

device. MIBs let you manage device not only by using WEB or Command Line Interface but also

using SNMP protocol. The descriptions and brief explanations of managed objects are available in the

MIB file. The MIB file is a specially formatted text file. It is using the so-called ASN.1 standard syntax.

BROWAN Page

User’s Guide Version 1.0

Chapter 8 – Reference Manual

This chapter contains BW1330 web management reference information.

The web management main menu consists of the following sub menus:

 Network Interface – device configuration settings affecting networking.

 User Interface – device configuration settings affecting the user interface.

 System – device system configuration settings directly applicable to the controller.

 Connection– device settings related to user’s connection with the BW1330.

 Built-In AAA – Built-in AAA system for web authentication and accounting.

 Exit – click exit and leave the web management then close your web-browser window.

Web Interface

The main web management menu is displayed at the top of the page after successfully logging into

the system (see the figure below). From this menu all essential configuration pages are accessed.

Figure 67 – Main Configuration Management Menu

By default the system | status menu is activated and the current AC system status is displayed. The

active menu is displayed in a different color.

The web management menu has the following structure:

Network Interface

Configuration – configuration page for all controller network interfaces

Interface configuration – network interfaces configuration

Bridge – bridge configuration

VLAN – define VLAN on your controller

Route – define new static route on the controller interface

Port forwarding – port-forwarding rules

DHCP Relay – DHCP relay server configuration

User ACL – define packet filter rules

Management subnet – access points (APs) management

DNS – define DNS server settings

DHCP – Dynamic Host Configuration Protocol services configuration

POP3 – POP3 server address configuration for client authentication

RADIUS – configuration set for RADIUS servers, includes menu:

RADIUS settings – NAS server ID, hotspot operator name and other settings

RADIUS servers – accounting, authentication RADIUS servers IP, port and other settings

WISP – add new WISP on the system.

Proxy – configure the AC to act as RADIUS server proxy.

Accounting backup – backup authentication logs in the remote or external server

Tunnels – set tunnels:

PPPoE/ GRE for DSL – connect to ISP via the PPPoE or GRE tunnel

GRE Client for VPN – set the GRE (Generic Routing Encapsulation) tunnels for the BW1330

Wireless – wireless interface configuration

Basic – primary SSID, regulatory domain, network mode, channels selection

Advanced – multiple SSID configuration

WDS – access point and WDS modes

SecWep – WEP and WPA

User Interface

Configuration –Welcome/Login/Logout/Help page customization

Pages – configure and upload user pages

BROWAN Page

User’s Guide Version 1.0

Upload – upload new internal user pages

Headers – define http headers encoding and language

Remote authentication –

Custom Uam – customized user login and logout page based by HTML page.

Administrator – administrator login and password change

Start page – define start page URL

Walled Garden – free web site list

Web Proxy – web proxy settings for clients

System

Configuration – system configuration utilities:

Syslog – specify address where to send system log file

Clock – system clock settings

NTP – get time from network time protocol service

Certificate– upload new certificates into the local controller memory

Save and restore – save current device configuration for backup

Domain Name – Configure BW1330 domain for uniform digital certificate.

Share Username - setting user account shared status

Access – configure access to your controller:

Access Control – set default access to your AC

Telnet – enable/disable telnet connections

AAA – define different AAA methods

UAT – enable/disable universal address translation

Isolation – restricts clients from communicating along Level 2 separation

NAV – NAT, authentication and visitor access control

SNMP – SNMP service and proxies

Web Auth – Settings for auth methods of Built-in AAA

MAC List －MAC ACL table.

HTTPC －Configure if client use HTTPS or HTTP for web authentication.

Status – AC system status

Reset – reset configuration to factory defaults values and/or reboot

Update – find out current software version and update with new firmware

Connection

Users – connected users’ statistics list and log-out user function

E-Mail Redirection – outgoing mail (SMTP) redirection settings

Station Supervision – monitor station availability with ARP-pings settings

Built-in AAA

E-Billing – Post paid built-in AAA system

User Control – management E-Billing (Built-in AAA) user account.

Band Class – band width management for E-Billing account.

Bill settings – configure the billing policy and price for E-Billing account

Power cut protection – setting for power off protection

Pre-paid －per-paid built-in AAA system

User account – show current generated pre-paid account

Price/unit –setting of price and unit

Account life –setting of receipts available life

Web key and SSID –setting Web key and SSID printed on receipts

Receipts – history of printed receipts and profit

Timeunit –define the charge time by hour or day for the pre-paid user

Account reminder – remind hot spot owner checking the income of prepaid account.

Manage net print –set up the network printer for BW1330.

Configuration － Billing Backup and restore; Receipt Language and title configuration.

Language – setting language of printed receipts

Backup and Restore – Backup and restore Built-in AAA account and billing records.

Title – setting of venue name

In the following sections, short references for all menu items are presented.

BROWAN Page

User’s Guide Version 1.0

Network Interface

Network Interface | Configuration | Interface Configuration

The SMB Public Access Controller contains two multi-purpose network interfaces: br1 and ixp1.

These interfaces can be configured to work as either local area network (LAN) or wide area network

(WAN) interfaces or wireless area network(WLAN) for Access Points. LAN is used to connect hubs,

switches, Access Points and subscribers. The WAN port connects to the Internet or the service

provider’s backbone network. The wlan1_0 is the first virtual AP for wireless network.

All these interfaces are listed in the interface configuration page. By default a bridge exists (labeled

br1) which contains two interfaces: wlan1 and ixp0.All network interfaces available in the SMB Public

Access Controller are shown in the following table:

Figure 68 – Interface Configuration Table

To change network interface configuration properties click the edit button in the action column. The

status can be changed now:

Figure 69 – Edit Interface Configuration Settings part.1

Interface - standard interface name. This name cannot be edited and is assigned by the operating

system during startup. Interface name cannot be changed because the hardware drivers define it.

Status – select the status of interface: [enabled/disabled].

Do not disable the interface through which you are connected to the BW1330.

Disabling such interface will lose your connection to the device.

Type – network type cannot be changed. There are two possible networking types:

LAN – interface is used as local area network (LAN) gateway, and is connected to a LAN;

WAN – interface is used to access the ISP network;

Change status or leave in the default state if no editing is necessary and click the continue button.

Then the following parameters can be changed:

Figure 70 – Edit Interface Configuration Settings part.2

IP Address – specify new interface IP address [in digits and dots notation, e.g. 192.168.5.1].

IP address of each interface should be from a different subnet; otherwise, you will

receive an error message.

Netmask – specify the subnet mask [[0-255].[0-255].[0-255].[0-255]].These numbers are a binary

mask of the IP address, which defines IP address order and the number of IP addresses in the subnet.

BROWAN Page

User’s Guide Version 1.0

Gateway – interface gateway. For LAN type interfaces, the gateway can only be defined as WAN

interface gateway. The gateway of the WAN interface is usually the gateway router of the ISP or other

WAN network. [Default gateway is marked with ‘*’].

Update – update old values with entered ones.

The DHCP server settings will be automatically adjusted to match the new network

settings.

Figure 71 – Apply or Discard Interface Configuration Changes

Apply changes – to save all changes made in the interface configuration table at once.

Discard changes – restore all previous values.

For such general changes as interface settings change, the Wireless PAC server needs to be

restarted. Request for restart server appears:

Figure 71 – Restart Server

Reboot – Click the button to restart the server and apply the changes.

Network Interface | Configuration | Bridge

A bridge transparently relays traffic between multiple network interfaces. This means that a bridge

connects two or more physical LAN interfaces together to form one bigger (logical) network interface.

There are some restrictions for bridge management that shall be taken into account:

 There is special bridge br1 in BW1330 that cannot be removed. This bridge initially contains

two interfaces: wlan1_0 and ixp0.

 Interfaces (physical, VLAN or GRE tunnel) can be included only in one bridge.

 The WAN interface cannot be included into a bridge.

 VLAN's cannot be created on bridge interfaces they can only be added to them.

 A Bridge cannot be included into another bridge.

By default the enabled bridge (ixp0 and wlan1_0) on br1 interface exists on the system:

figure 72 - Default Bridge

To set up bridge on the AC click edit button and enter following parameters:

figure73 - setting parameters

BROWAN Page

User’s Guide Version 1.0

Ageing – define the Ethernet (MAC) address ageing time, in seconds [0-65535]. The ageing time is

the number of seconds a MAC address will be kept in the forwarding database after having received a

packet from this MAC address. The entries in the forwarding database are periodically timed out to

ensure they won't stay around forever. Default value is 0.

Garbage – specify the interval in seconds between garbage collector runs [0-65535]. Garbage

collector periodically checks MAC table for timed out entries and removes them from the table. Default

value is 0.

STP –define the STP (Spanning Tree Protocol) status [enabled/disabled].

Priority – define the bridge’s priority [high,medium,low]. Default value is low.

Delay – specify the bridges’ forward delay time in seconds [0-65535]. Delay is the time spent in each

of the Listening and Learning states before the Forwarding state is entered. Default value is 0.

Hello Time – specify the interval between hello packets in seconds [0-65535]. Hello packets are used

to communicate information about the topology throughout the entire Bridged LAN. Default value is 0.

Max. Age – specify the maximum bridge message age in seconds [0-65535]. If the last received hello

packet is more than this value, the bridge in question will initiate the Root Bridge election procedure.

Default value is 0.

Click continue button to finish the parameters setting and click new button if needs new interfaces

adding into bridge.

figure – 74 bridge setting

Click new button to add interfaces into bridge and specify the bridge ports (interfaces):

figure – 75 add interface

Port (interface) – select the interface name to be bound into bridge .

Cost – specify the port’s path cost on this interface. This value is used in the designated port and root

port selection algorithms. Default value is low.

Priority – specify the priority of ports with equal cost. You can use this to control which port gets used

when there are redundant paths.

If you want to remove interface from bridge click delete button. e.g remove ixp0 from bridge.

Click delete button on the ixp0 column.

BROWAN Page

User’s Guide Version 1.0

figure 76 – remove interface

Click apply changes button and then reboot system to finish the removing.

figure 77- apply and reboot

Network Interface | Configuration | VLAN

Up to 4094 VLANs can be created in the system.

Virtual Local Area Networks (VLANs) are logical groupings of network resources. You can create your

own VLANs on your AC using the network interface | configuration | VLAN menu. By default no

VLANS are defined on the system:

Figure 78 – VLAN

To create a VLAN on the AC click the new button and enter following parameters:

Figure 79 – Create New VLAN

Interface – select interface for your VLAN network. VLANs cannot be created on a bridge.

Status – non-editable, by default is disabled.

ID – assign ID for your VLAN network [1 to 4094]. Client devices that associate using the ID are

grouped into this VLAN.

You can not create VLANs which interface includes in bridge such as ixp0.If you

want to create VLANs on the interface ixp0 you must separate ixp0 from bridge(br1

interface) via network interface| configuration| Bridge menu. Refer to Chapter 8

Network Interface | Configuration | Bridge

Please note after remove ixp0(LAN) it is DHCP server disabled as default.You will

connect BW1330 either via WAN port(fix IP:192.168.2.66) or wlan1_0 wireless

connected which DHCP server enabled(ip:192.168.3.x) as default.

Other VLAN settings cannot be changed. Click on the disabled link to continue specifying settings for

your VLAN. The network interface configuration page is opened and VLAN settings are ready for

editing:

BROWAN Page

User’s Guide Version 1.0

Figure 80 – Configure VLAN

Status – enable/disable your VLAN network. Select [enable] and click the continue button to

configure the VLAN settings:

Figure 81 – Configure VLAN

Type – cannot be edited, depends on selected interface for VLAN [ixp0].

IP Address – enter the network address of your VLAN [format: digits and dots].

Netmask – enter the netmask for your VLAN network [format: digits and dots].

Gateway – select gateway for VLAN network [default: ixp1].

Click the update and restart and apply changes to save your new VLAN. Check the interface |

configuration | VLAN menu for new created VLAN:

Figure 82– Enable New VLAN

Network Interface | Configuration | Route

Under the network interface | configuration | route menu, static routes for the Ethernet interfaces

can be set. By default no static routes are defined on the system:

Figure 83 – Route

A routing rule is defined by the target subnet (target IP address and subnet mask), interface and/or

gateway where to route the target traffic. A data packet that is directed to the target network is routed

to the specified AC interface or to another gateway router. To add a new static route for the system,

click the new button under the action column and specify the following parameters:

Figure 84 – Add New Route

If you want to set static routes on the interface ixp0 you must separate ixp0 from bridge

(br1 interface). Refer to Chapter 8 Network Interface | Configuration | Bridge

BROWAN Page

User’s Guide Version 1.0

Interface – choose device interface for the route: [br1/ixp0/ixp1/vlan[n]].

Status – set new static route status: [enabled/disabled].

Gateway – enter the gateway address for the route. 0.0.0.0 stands for the default gateway of the

selected interface [IP address].

Target IP Address – enter network address or host IP to be routed to [IP address].

Netmask – enter the target network netmask [dots and digits].

Save – save the new route.

Cancel – restore all previous values.

Figure 85 – Save New Route

Up to 255 static routes can be set between each interface.

Network Interface | Configuration | Port Forwarding

Port Forwarding is required when NAT is configured. NAT translates all internal addresses to one

official IP address (WAN IP address). With port forwarding enabled it is possible to access internal

services and workstations from the WAN interface.

Port forwarding forwards TCP or UDP traffic trough the BW1330 controller’s local port to the specified

remote port. Use the network interface | configuration | port forwarding menu to specify such a

port forwarding rule. By default no port forwards are defined on the controller:

Figure 86 – Port Forwarding Rules

Click the new button to add a port-forwarding rule:

Figure 87 – Add Port Forwarding Rule.

Status – select status: [enabled/disabled].

Type – select type of forwarding traffic: [TCP/UDP].

Local IP Address – BW1330 device interface address from which the selected traffic should be

forwarded.

Local Port –BW1330 device interface port from which the selected traffic should be forwarded.

Remote IP Address/Port – internal IP address and port no (LAN ports) to which the selected traffic

shall be forwarded.

Example:

Create rule as follow:

Type = TCP, local IP address/port = 192.168.2.248:8080 remote IP address/port = 1.2.3.4:8080.

With such a rule all traffic coming to port 8080 on the BW1330 interface local address 192.168.2.248

will be forwarded to port 8080 on the server (host) 1.2.3.4.

BROWAN Page

User’s Guide Version 1.0

Port forwarding is limited to 255 rules.

Network Interface | Configuration | DHCP Relay

If BW1330 use DHCP relay on its LAN interface, administrator can designate the DHCP relay server.

Figure 88 – DHCP Relay Server

The default value is “255.255.255.255”, it means BW1330 will broadcast client’s DHCP request to its

WAN interface. Administrator can designate an only server’s IP address.

Network Interface | Configuration | User ACL

User ACL provide high flexibility for administrator to define the rules for BW1330 to filter the packets

which will forward or masquerade by it.

Figure 89 – User ACL

To add a new rule, just click the “new” button

Figure 90 – Create a new rule (first step)

First step select the rule policy (drop/accept/masquerade) to deal with packet and the packet type

(all/TCP/UDP/ICMP).Then decide the incoming and outgoing interfaces(any/br1/ixp1).

Figure 91 – Create a new rule (second step)

Second step select the type of source IP and destination IP (special IP/any IP).

Figure 92 – Create a new rule (third step)

Third step choose the type of source port and destination port (any port/special port).

Figure 93 – Create a new rule (fourth step)

Fourth step, fill out the source IP address and destination IP address (including IP address and net

mask, if you choose “any IP” in second step, you do not need fill out the IP address); fill out the

source port and destination port (if you select any port in third step or select protocol ICMP/all, you do

not need fill out the port).

BROWAN Page

User’s Guide Version 1.0

Figure 94 – Create a new rule (fifth step)

After complete the rule configuration, click the “apply changes” button to save your configuration,

You can also re-order your rules if you have many rules configured and arrange the priority of them.

The rule with index 1 has the highest priority; with index 2 has the second high priority and so on.

Click the “sort” button to change the index.

Figure 95 – re-order rules

Click the “sort” button of one rule to re-order its priority and then select the index number; click “save”

button to save your changes.

Network Interface | Configuration | Management Subnet

Each network interface can have a management subnet. Use the network interface | configuration

| management subnet menu to configure this feature on selected interface.

When management subnet is enabled, port forwarding will NOT WORK when

connecting from IP addresses that are in the management subnet's remote

administrator's network. This is because the management subnet allows

connecting to the client computer without using port forwarding.

The administrator can enable or disable management subnet for each interface. By default no

management subnet is enabled on the controller:

Figure 96 – Management Subnet

To specify new subnet management click the edit button on the selected interface:

Figure 97 – Add Management Subnet

IP Address and Netmask – specify the IP address and netmask of the management subnet. IP

address will be set on the network interface as an alias, so you can connect to the BW1330 using this

address. This IP address should be used on access points as the gateway address.

Remote Network and Netmask –specify the remote network that is allowed to access the local

management subnet. Only addresses that are from the remote network will be accepted [dots and

digits].

If you do not specify any remote network all stations with IP addresses from the management LAN are

routed to the WAN port even without being authenticated.

BROWAN Page

User’s Guide Version 1.0

Clients using an IP address from the management subnet can browse the Internet without

authorization, and no accounting will be done. Thus, it is strongly recommended to allow traffic only

from the administrative remote network (no 0.0.0.0/0.0.0.0 in remote specification).

Example:

Interface configuration for ixp0:

type: LAN

IP address: 192.168.3.1

netmask: 255.255.255.0

gateway: ixp1

Management subnet on ixp0:

IP address: 10.0.0.1

netmask: 255.255.255.0

remote network: 10.10.0.1

remote netmask: 255.255.255.0

With these settings applied, the administrator will be able to connect to devices behind the BW1330

on interface ixp0, if these devices use address in the range: 10.0.0.2 ... 10.0.0.254. The administrator

is connecting via the Internet (from ixp1 interface).

The administrator’s computer can have an address from 10.10.0.1 to 10.10.0.254.

Please note that devices which are using 10.0.0.2. – 10.0.0.254 addresses have

access to the administrative network too!

In this example, the administrative network uses the reserved IP address (10.x.x.x) – they are not

routed in the Internet, so the administrator should setup routers in a path between the BW1330 and

the administrator's computer to recognize 10.x.x.x addresses and route them correctly. This is not

comfortable and sometimes it is impossible. There is a solution – the administrator can use GRE

tunnel(see: Network Interface | Tunnels) to setup a tunnel between the administrator's computer

and the BW1330. The only addresses visible on the Internet will be the BW1330 WAN IP address and

the administrator's computer (or router) IP address.

Network Interface | DNS

DNS (Domain Name Service) service allows AC subscribers to enter URLs instead of IP addresses

into their browser to reach the desired web site.

Figure 98 –- DNS Settings Configuration

You can enter the primary and secondary DNS servers settings under the network interface | DNS

menu.

Figure 99–Edit DNS Redirection Settings

The DNS server or DNS address can be obtained dynamically if DHCP, PPPoE (for DSL) service is

enabled. To add DNS server manually click the edit button in the action column and type in the DNS

server’s IP address:

IP address – enter the primary or secondary DNS server’s IP address [in digits and dots notation].

Save – click to save the new DNS server’s settings.

BROWAN Page

User’s Guide Version 1.0

Network Interface | DHCP

The BW1330 controller can act as a DHCP server and/or as a DHCP relay gateway. The DHCP

(Dynamic Host Configuration Protocol) service is supported on the LAN interfaces [ixp0/vlan[n]]. This

service enables clients on the LAN to request configuration information, such as an IP address, from

a server. This service can be viewed in the following table:

Figure 100 – DHCP Configuration

By default the AC is configured to act as a DHCP server.

Each LAN interface runs a different instance of the DHCP service. This service is configured by

defining an IP address range and WINS address for client workstations. Other settings, such as the

default gateway and DNS server address are configured automatically according to the interface

settings.

To see the complete DHCP service configuration, click the details button in the action column:

Figure 101 – DHCP Settings Details

To edit the DHCP service configuration [DHCP server/DHCP relay], click the edit button in the action

column:

Figure 102 – Edit DHCP Configuration Settings

Status – select status from drop-down menu:

Disabled – disable the DHCP service on the selected interface

DHCP Server – enabled by default

DHCP Relay – to route DHCP through the external server, enable relay service

Case 1 Configure the DHCP server

Select the interface on which you want to configure the DHCP service. Select the DHCP server and

click the update button specify the DHCP server parameters:

BROWAN Page

GemTek Technology R950829G High Performance Hotspot Access Point User Manual BW1330 UG v1 0

Gemtek Technology Co., Ltd. High Performance Hotspot Access Point BW1330 UG v1 0

Contents

Manual Part 1

Navigation menu

Namespaces

Views

Navigation