4ipnet Hsg326 User manual

User’s Manual

V1.00.00

HSG326

Wireless Hotspot Gateway

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

The contents of this publication may not be reproduced in any part or as a whole, stored,

transcribed in an information retrieval system, translated into any language, or transmitted in any

form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or

otherwise, without the prior written permission of 4IPNET, INC.

Disclaimer

4IPNET, INC. does not assume any liability arising out the application or use of any products, or

software described herein. Neither does it convey any license under its parent rights nor the parent

rights of others. 4IPNET further reserves the right to make changes in any products described herein

without notice. The publication is subject to change without notice.

Trademarks

4IPNET (4ipnet) is a registered trademark of 4IPNET, INC. Other trademarks mentioned in this

publication are used for identification purposes only and may be properties of their respective

owners.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

iii

Table of Contents

Chapter 1. Introduction ........................................................................ 6

1.1 4ipnet Solution Overview ........................................................................ 6

1.2 Key Terms & Concepts ............................................................................ 8

1.3 Recommended Configuration Sequence................................................... 11

1.3.1 Common Settings............................................................... 11

1.3.2 Advanced Settings and Application ....................................... 11

Chapter 2. WMI .................................................................................. 13

2.1. Web Management Interface ............................................................. 13

Chapter 3. Basic Network Settings ..................................................... 15

3.1. Network Planning ........................................................................... 15

3.1. Uplink (WAN) Configuration ............................................................. 16

3.2.1 WAN Settings .................................................................... 16

3.2.2. WAN Traffic Control ............................................................ 17

3.2.3. Uplink Detection & Failover.................................................. 18

3.3. Downlink (LAN side) VLAN option ..................................................... 19

3.3.1. Port-Based Service Zone ..................................................... 19

3.3.2. Tag-Based Service Zone ...................................................... 20

Chapter 4. User Authentication Database ........................................... 21

4.1. Authentication Database Configuration.............................................. 21

4.2. Built-in Authentication Databases ..................................................... 23

4.2.1. Local User Database ............................................................. 23

4.2.2. On-Demand User Database ................................................... 26

4.2.3. The Guest Authentication Option .......................................... 31

4.3. External Authentication Options........................................................ 36

4.3.1. RADIUS............................................................................. 36

4.3.2. Social Media ...................................................................... 39

Chapter 5. Group Attributes & Policy Rules......................................... 41

5.1 Overview of the Concept ................................................................. 41

5.2 Practical Setups of Group and Policies ............................................... 44

Chapter 6. Basic Service Zone Configuration ...................................... 50

6.1 The Concept of Service Zone ........................................................... 50

6.2 Service Zone Setup ........................................................................ 50

6.2.1. Tag-based or Port-based Service Zones ................................. 50

6.2.2. NAT Mode or Router Mode ................................................... 53

6.2.3. Service Zone Network Interface ........................................... 53

6.2.4. DHCP Server options........................................................... 54

6.2.5. Wireless Settings ............................................................... 55

6.2.6. Authentication Options........................................................ 55

6.2.7. Portal Customization ........................................................... 58

Chapter 7. Advance Settings for Network Environment ...................... 61

7.1 Network Utilities............................................................................. 61

7.2 Black List ...................................................................................... 63

7.3 Certification ................................................................................... 65

7.3.1 System Certificate ............................................................... 65

7.3.2 Internal Root CA ................................................................... 67

7.3.3 Internally Issued Certificate................................................. 68

7.3.4 Trusted Certificate Authorities .............................................. 69

7.4 Management Access ....................................................................... 69

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Chapter 8. Utilities for Controller Management................................... 70

8.1 Administrator Account Management.................................................. 70

8.2 Configuration Backup & Restore ....................................................... 73

8.3 Firmware Upgrade .......................................................................... 74

8.4 Restart.......................................................................................... 76

Chapter 9. Reports and Logs for Monitoring ....................................... 77

9.1 System Related Status.................................................................... 77

9.1.1 System Summary ............................................................... 77

9.1.2 Network Interface .............................................................. 79

9.1.3 Routing............................................................................. 80

9.1.4 DHCP Server ..................................................................... 80

9.2 Client Related Status ...................................................................... 82

9.2.1 Online User ....................................................................... 82

9.2.2 Associated Non Login Users ................................................. 83

9.2.3 Roaming Out Users............................................................. 83

9.2.4 Session List ....................................................................... 84

9.3 Logs and Reports ........................................................................... 85

9.3.1 System Related.................................................................. 85

9.3.2 User Events ....................................................................... 86

9.4 Reports & Notification ..................................................................... 87

Chapter 10. Hotspot Application ........................................................... 89

10.1 On-Demand Billing Plans ................................................................. 89

10.2 On-Demand Billing Plan Types.......................................................... 90

10.2.1 Usage-time with Expiration Time .......................................... 90

10.2.2 Usage-time with No Expiration Time ..................................... 92

10.2.3 Hotel Cut-off-time .............................................................. 94

10.2.4 Volume ............................................................................. 95

10.2.5 Duration-time with Elapsed Time.......................................... 97

10.2.6 Duration-time with Cut-off Time........................................... 99

10.2.7 Duration-time with Begin-and-End Time...............................100

10.3 Terminal Server Setup ...................................................................102

10.4 Customizing POS Tickets ................................................................112

10.5 Creating Accounts .........................................................................117

10.6 User Self Service...........................................................................119

Chapter 11. Account Roaming............................................................. 124

11.1 Roaming Related ...........................................................................124

11.2 WISPr for ISP Roaming ..................................................................124

11.3 Local / On-Demand Account Roaming Out ........................................126

Appendix A. Installation...................................................................... 129

Appendix B. External Pages ................................................................ 130

Appendix C. Useful Management & Evaluation Tools ............................ 143

Appendix D. On-Demand Account Types ............................................... 145

Appendix E. UI Reference Index ........................................................... 152

A. System....................................................................................153

1) General ...................................................................................153

2) WAN ..................................................................................... 155

3) WAN Traffic ..............................................................................156

4) LAN Ports ................................................................................156

5) Service Zones ..........................................................................157

B. Users ......................................................................................164

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

1) Groups ....................................................................................164

2) Internal Authentication..............................................................165

3) External Authentication .............................................................168

4) On-Demand Accounts................................................................169

5) Schedule .................................................................................170

6) Policies....................................................................................171

7) Blacklists .................................................................................172

8) Privilege Lists...........................................................................172

9) Additional Control .....................................................................173

C. Network ..................................................................................177

1) NAT ...................................................................................... 177

2) Monitor IP................................................................................179

3) Walled Garden and Walled Garden Ad..........................................180

4) Proxy Server ............................................................................181

5) Local DNS Record .....................................................................184

6) DDNS......................................................................................185

7) Client Mobility ..........................................................................185

F. Utilities ....................................................................................186

1) Administrator Account ...............................................................186

2) Backup & Restore .....................................................................190

3) Certificates ..............................................................................192

4) Network Utilities .......................................................................195

5) Restart ....................................................................................197

6) System Upgrade .......................................................................197

G. Status.....................................................................................198

1) System Summary .....................................................................198

2) Interface .................................................................................202

3) Monitor Users...........................................................................204

4) Process Monitor........................................................................204

5) Logs & Reports.........................................................................205

6) Reporting ................................................................................207

7) Session List .............................................................................212

8) DHCP Lease .............................................................................213

9) Routing Table ...........................................................................214

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Chapter 1.Introduction

1.1 4ipnet Solution Overview

4ipnet HSG & WHG are designed for network management over almost all current

network architectures, Layer 2 (Data Link Layer) and Layer 3 (Network Layer).

4ipnet HSG are suitable in Layer 2 network architecture, if you want to develop a

Layer 3 network, we strongly recommend you choose 4ipnet WHG Controller series.

Layer 2 networks are relative simple network deployment topology that span

physically under the LAN ports of 4ipnet HSG & WHG, we two deployment scenarios

are illustrated below.

【Layer 2 Network in Port Based Mode】

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

【Layer 2 Network in Tag Based Mode】

Layer 3 networks not only span physically under the LAN ports of 4ipnet WHG, it is

also capable of reaching over different IP networks to manage remote sites with

routable IP address via tunnels.

【Layer 3 Network with tunnels】

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

1.2 Key Terms & Concepts

Gateway is an edge device or network node where a small network attaches to a

bigger network. 4ipnet HSG Wireless Hotspot Gateways are in essence gateways in

a network environment. Conventionally, the bigger network is referred as the WAN

side or upstream network (physically connected via the WAN port), while the small

network is referred as the LAN side.

Local User is a type of user whose account credential is stored in the 4ipnet HSG

Wireless Hotspot Gateway’s built-in database named “Local”. The 4ipnet HSG

Wireless Hotspot Gateway’s “Local” database capacity varies with different model. A

local user account does not have an expiration date once they are created. If

administrator wishes to delete local accounts, this must be done manually from the

Web Management Interface. In addition, 4ipnet HSG Wireless Hotspot Gateway’s

Local database can be configured as an external RADIUS database for another

4ipnet HSG Wireless Hotspot Gateway for account roaming.

On-Demand User is a type of user whose account credential is stored in the

4ipnet HSG Wireless Hotspot Gateway’s built-in database named “On-Demand”. The

4ipnet HSG Wireless Hotspot Gateway’s “On-Demand” database capacity varies with

different model. On-Demand User is designed for short term usage purpose; it has

time or volume constraints and an expiration period. An On-Demand account record

will be recycled for creating new On-Demand account if it has expired for over 15

days or has been deleted by the Administrator/Manager manually. In addition,

4ipnet HSG Wireless Hotspot Gateway’s On-Demand database can be configured as

an external RADIUS database for another 4ipnet HSG Wireless Hotspot Gateway for

account roaming.

External Authentication Database is a user account database that is not built-in

the 4ipnet HSG Wireless Hotspot Gateway. Besides Local database and On-Demand

database, 4ipnet HSG Wireless Hotspot Gateway supports RADIUS for additional

types of External Authentication databases. External Authentication Database is

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

useful for both implementing account roaming and centralized account

management.

Service Zone is a logic partition of 4ipnet HSG Wireless Hotspot Gateway’s LAN.

The concept of Service Zone is that it is a virtual gateway with customizable login

portal page with its own gateway properties (such as LAN IP address, DHCP server

settings, authentication options, etc.). With up to nine independent Service Zone

profiles, 4ipnet HSG Wireless Hotspot Gateway is capable of servicing multiple

hotspot franchises with a single device.

LAN Port Mapping is the correspondence relationship of logical network partitions,

i.e. Service Zones to physical LAN ports on the 4ipnet HSG Wireless Hotspot

Gateway There are two modes of mapping available namely “Port-Based”, and “Tag-

Based”. Port-Based mode statically maps a Service Zone to clients down stream of a

physical LAN port. This mode will only service the maximum number of service

zones based on the amount of physical LAN ports. Tag-Based mode dynamically

maps a client to a service zone based on the VLAN ID tagged on the traffic packet.

Group is a user role profile which defines the accessibility of a user to different

Service Zones and in turn defines the QoS properties as well as network policy

when access is granted. Each and every connected user will belong to a Group,

determined by the type of user account used for authentication. If the administrator

does not assign a new account to any specific Group or for users not required to

authenticate, they will belong to a catch-all group named “None” by default.

Policy is the second tier of user control once a user’s Group profile has been

determined. Policy defines the firewall rules, privileges, login schedule, routing rules

and session limit which will be enforced to users of a particular Group. A user may

only belong to one Group but can be governed by different policies while accessing

different Service Zones.

For users belonging to the “None” group or users not explicitly assigned a network

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Policy, they will be governed by a default catch-all policy named ‘Global-Policy’. The

Global-Policy is a base policy which will be applied to all users if not applied with

another policy.

The following Figure is an example that depicts the relationship between Service

Zone, Group and Policy. In this example, Students and faculties logging into Service

Zone 1 will be governed by Policy-A. Guests only have access to Service Zone 3,

and will be bounded by Policy-C. Faculties have the access to both Service Zone 1

and Service Zone 2 under two different policies.

【Relationship of Service Zone, Group and Policy】

Service Zone 1 Service Zone 2 Service Zone 3

Policy-B

Group

Student Group

Faculty Group

Guest

Policy-CPolicy-A

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

1.3 Recommended Configuration Sequence

Set up system’s Time Zone, NTP server, DNS server and WAN address

Configure LAN address range for at least one Service Zone, and enable its

authentication.

Create user accounts to test the login page via wire line in the enabled Service

Zone.

Try to generate an On-Demand user and test the account.

Configure Wireless Settings of Service Zone.

Configure necessary Service Zones based on applications.

Set up Group and Policy (including Firewall rules and Session Limit).

Customize the portal login page and add walled garden Advertisement links if

needed.

Set up Payment gateway to allow end user credit card self payment for On-

Demand accounts if needed.

Load SSL certificate for the Web Server before operation.

Monitor generated status pages and reports.

Perform other advanced setting for other specific application.

1.3.1 Common Settings

For the most commonly deployed scenarios in a standard network, please refer to

Chapters 3 to 6.

Chapters 3 to 6contain configuration topics that encompass the most commonly

used features in a typical network environment. It is recommended for users to

start from Chapter 3 and proceed through Chapter 6 for any deployment.

1.3.2 Advanced Settings and Application

Chapters 7 to 11 discuss about security, system maintenance, and monitoring.

These contents are useful once you have successfully configured the necessary

functionalities and are for operation usage once your network is up and running.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Customers with needs to fulfill specific applications, integration with 3rd party

devices, customization etc., please refer to Chapters 11 and beyond for advanced

feature setup.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Chapter 2.WMI

2.1. Web Management Interface

The Web Management Interface (WMI) of the HSG Wireless Hotspot Gateway can

be accessed through a web browser (Firefox, Chrome, and Safari recommended) of

any PC connected to the LAN interface with the default IP address of

192.168.1.254.

The default administrator account and password is:

Username: “admin”

Password: “admin”

Upon the first login, the system prompts for the administrator to change password

to enforce system security. The password needs to be at least 6 characters long and

include at least one alphabet and one number.

You may refer to part F. of Appendix E for details on admin accounts configuration.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

The WMI Welcome page is as shown below after a successful administrator login.

NOTE

1. To logout, simply click the Logout icon on the upper right corner of the

interface to return to the login screen.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Chapter 3.Basic Network Settings

3.1. Network Planning

Before installing the 4ipnet HSG Wireless Hotspot Gateway, careful network

planning is required in order to meet the networking needs with the most efficient

utilization of network resources. Administrator of any organization should assess

the available network resources at hand, and design a suitable network topology

with resiliency, capacity, and survivability in mind.

Typically, organization networks today are a combination of manageable wired and

wireless LANs, sometimes even remote LANs. The main category of network

topologies supported by 4ipnet HSG Wireless Hotspot Gateway is Layer 2 Topology.

Layer 2 Topology

This network topology aims to build a managed Local Area Network (LAN) which

consists of both wired and wireless capabilities to provide network services to a

limited physical area such as office building, hotel, school premises, and etc.

【Graphical Illustration of Layer 2 Topology】

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Layer 2 Network Design Guidelines

Always connect hierarchically. If there are multiple switches in a building, use an

aggregation switch.

Locate the aggregation switch close to the network core (e.g. mainframe

housing)

Locate edge switches close to users (e.g. one per floor)

3.1. Uplink (WAN) Configuration

3.2.1 WAN Settings

Configuration Path: Main Menu >> System >> WAN

The WAN port supports three connection configurations Static, Dynamic and

PPPoE. These connection types are adequate enough to support most ISP. The

Physical Mode drop-down list allows administrators to choose the speed and

duplex of the WAN connection. When Auto-Negotiation is On, the System chooses

the highest performance transmission mode (speed/duplex/flow control) that both

the system and the device connected to the interface support.

Depending on ISP’s interfacing device the WAN port is connecting, you need to

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

select the connection type applicable to you. For example, if your ISP is Cable

modem issuing Dynamic address, then you would select Dynamic connection.

Static: Manually specifying the IP address of the WAN Port. The fields with red

asterisks are required to be filled in.

Dynamic: It is only applicable for a network environment where the DHCP server is

available on the upstream network. Click the Renew button to get an IP address

automatically.

PPPoE: If your ISP provides PPPoE Dialup connection, then the ISP will issue you

an account with a password. You would need to enter the account credential in the

WAN configuration page for dialing up to the ISP.

NOTE

1. When in doubt, please consult your ISP provider regarding details of your

subscribed uplink service.

3.2.2. WAN Traffic Control

The Uplink and Downlink bandwidth configured here is the bandwidth for WAN

interface. However, please note that the actual bandwidth is still bounded by the

network speed of your ISP operator. For instance, when the network speed of your

ISP is limited to 1Gbps, the total throughput under such constraint will not be

greater than 1Gbps even if you configure 2Gbps on the Controller.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

3.2.3. Uplink Detection & Failover

Uplink Detection

When the WAN interface has been configured with a valid uplink connection,

administrator may specify up to three outbound sites as detection target for

verifying whether the uplink service is alive or down. The controller will periodically

check the uplink status.

A field of warning message text may be customized by the administrator which will

be displayed on the user’s web browser when all three detection targets fail to

respond.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

3.3. Downlink (LAN side) VLAN option

The Downlink of HSG Wireless Hotspot Gateway is basically your managed network

deployed for service. There are two types of deployment mode for networks

attached to the LAN ports of the HSG Wireless Hotspot Gateway: Port-Based mode

and Tag-Based mode.

NOTE

1. If HA feature is in Enabled status, LAN1 will be transformed into a dedicated

HA port and will not be able to service any Service Zone.

Configuration Path: Main Menu >> System >> LAN Ports

3.3.1. Port-Based Service Zone

Port-Based mode operates with the principle that each physical LAN port can be

mapped to an enabled Service Zone or disabled from providing service. Operating

under port based mode therefore means the maximum amount of Service Zones

available to actually provide service is determined by the number of LAN ports on

the Controller.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

3.3.2. Tag-Based Service Zone

Tag-Based operation mode operates under the principle that different Service Zones

are identified by VLAN ID. This means that Tag-Based operation allows each

physical LAN port to accept traffic for any enabled Service Zones Traffic handling

will be processed internally according to the VLAN ID traffic packets carry.

Other manuals for HSG326

Table of contents

Other 4IPNET Gateway manuals

4IPNET

4IPNET HSG1250 User manual

4IPNET

4IPNET HSG327 User manual

4IPNET

4IPNET HSG1250 Operator's manual

4IPNET

4IPNET HSG3200 User manual

4IPNET

4IPNET HSG100 User manual

4IPNET

4IPNET HSG200 User manual

4IPNET

4IPNET HSG320 User manual

4IPNET

4IPNET WHG315 User manual

4IPNET

4IPNET HSG326 User manual

4IPNET

4IPNET WHG201 User manual

Popular Gateway manuals by other brands

AudioCodes

AudioCodes Mediant 1000 user manual

Autarco

Autarco S2.GPRS-BOX installation manual

Gamewell

Gamewell FPT-DACR-GW Installation & operation manual

Panasonic

Panasonic KX-TDA0484 Programming guide

RTA

RTA 460DFM-NNA1 Product user guide

Amaranten

Amaranten F1800 Series Installation and setup guide

Extron electronics

Extron electronics ShareLink 200 Setup guide

ZyXEL Communications

ZyXEL Communications 35 Series user guide

Polycom

Polycom DOC2237A Hardware installation guide

2N EasyRoute How-to

Onset

Onset HOBO MX quick start

Naviecare

Naviecare MG9310-E user manual

Yeastar Technology

Yeastar Technology TA1610 user manual

MICROTRONIX

MICROTRONIX access 1000 series quick start guide

ORiNOCO

ORiNOCO BG-2000 user manual

RTA

RTA 460MRSBC-N700 Product user guide

BEGA

BEGA Gateway 70 588 Installation and start-up instructions

Avaya

Avaya Media Gateway G250 Backup and Restore Configuration Guide