4ipnet Hsg326 User manual

User’s Manual

V1.00.00

HSG326

Wireless Hotspot Gateway

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

The contents of this publication may not be reproduced in any part or as a whole, stored,

transcribed in an information retrieval system, translated into any language, or transmitted in any

form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or

otherwise, without the prior written permission of 4IPNET, INC.

Disclaimer

4IPNET, INC. does not assume any liability arising out the application or use of any products, or

software described herein. Neither does it convey any license under its parent rights nor the parent

rights of others. 4IPNET further reserves the right to make changes in any products described herein

without notice. The publication is subject to change without notice.

Trademarks

4IPNET (4ipnet) is a registered trademark of 4IPNET, INC. Other trademarks mentioned in this

publication are used for identification purposes only and may be properties of their respective

owners.

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

iii

Table of Contents

Chapter 1. Introduction ........................................................................ 6

1.1 4ipnet Solution Overview ........................................................................ 6

1.2 Key Terms & Concepts ............................................................................ 8

1.3 Recommended Configuration Sequence................................................... 11

1.3.1 Common Settings............................................................... 11

1.3.2 Advanced Settings and Application ....................................... 11

Chapter 2. WMI .................................................................................. 13

2.1. Web Management Interface ............................................................. 13

Chapter 3. Basic Network Settings ..................................................... 15

3.1. Network Planning ........................................................................... 15

3.1. Uplink (WAN) Configuration ............................................................. 16

3.2.1 WAN Settings .................................................................... 16

3.2.2. WAN Traffic Control ............................................................ 17

3.2.3. Uplink Detection & Failover.................................................. 18

3.3. Downlink (LAN side) VLAN option ..................................................... 19

3.3.1. Port-Based Service Zone ..................................................... 19

3.3.2. Tag-Based Service Zone ...................................................... 20

Chapter 4. User Authentication Database ........................................... 21

4.1. Authentication Database Configuration.............................................. 21

4.2. Built-in Authentication Databases ..................................................... 23

4.2.1. Local User Database ............................................................. 23

4.2.2. On-Demand User Database ................................................... 26

4.2.3. The Guest Authentication Option .......................................... 31

4.3. External Authentication Options........................................................ 36

4.3.1. RADIUS............................................................................. 36

4.3.2. Social Media ...................................................................... 39

Chapter 5. Group Attributes & Policy Rules......................................... 41

5.1 Overview of the Concept ................................................................. 41

5.2 Practical Setups of Group and Policies ............................................... 44

Chapter 6. Basic Service Zone Configuration ...................................... 50

6.1 The Concept of Service Zone ........................................................... 50

6.2 Service Zone Setup ........................................................................ 50

6.2.1. Tag-based or Port-based Service Zones ................................. 50

6.2.2. NAT Mode or Router Mode ................................................... 53

6.2.3. Service Zone Network Interface ........................................... 53

6.2.4. DHCP Server options........................................................... 54

6.2.5. Wireless Settings ............................................................... 55

6.2.6. Authentication Options........................................................ 55

6.2.7. Portal Customization ........................................................... 58

Chapter 7. Advance Settings for Network Environment ...................... 61

7.1 Network Utilities............................................................................. 61

7.2 Black List ...................................................................................... 63

7.3 Certification ................................................................................... 65

7.3.1 System Certificate ............................................................... 65

7.3.2 Internal Root CA ................................................................... 67

7.3.3 Internally Issued Certificate................................................. 68

7.3.4 Trusted Certificate Authorities .............................................. 69

7.4 Management Access ....................................................................... 69

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Chapter 8. Utilities for Controller Management................................... 70

8.1 Administrator Account Management.................................................. 70

8.2 Configuration Backup & Restore ....................................................... 73

8.3 Firmware Upgrade .......................................................................... 74

8.4 Restart.......................................................................................... 76

Chapter 9. Reports and Logs for Monitoring ....................................... 77

9.1 System Related Status.................................................................... 77

9.1.1 System Summary ............................................................... 77

9.1.2 Network Interface .............................................................. 79

9.1.3 Routing............................................................................. 80

9.1.4 DHCP Server ..................................................................... 80

9.2 Client Related Status ...................................................................... 82

9.2.1 Online User ....................................................................... 82

9.2.2 Associated Non Login Users ................................................. 83

9.2.3 Roaming Out Users............................................................. 83

9.2.4 Session List ....................................................................... 84

9.3 Logs and Reports ........................................................................... 85

9.3.1 System Related.................................................................. 85

9.3.2 User Events ....................................................................... 86

9.4 Reports & Notification ..................................................................... 87

Chapter 10. Hotspot Application ........................................................... 89

10.1 On-Demand Billing Plans ................................................................. 89

10.2 On-Demand Billing Plan Types.......................................................... 90

10.2.1 Usage-time with Expiration Time .......................................... 90

10.2.2 Usage-time with No Expiration Time ..................................... 92

10.2.3 Hotel Cut-off-time .............................................................. 94

10.2.4 Volume ............................................................................. 95

10.2.5 Duration-time with Elapsed Time.......................................... 97

10.2.6 Duration-time with Cut-off Time........................................... 99

10.2.7 Duration-time with Begin-and-End Time...............................100

10.3 Terminal Server Setup ...................................................................102

10.4 Customizing POS Tickets ................................................................112

10.5 Creating Accounts .........................................................................117

10.6 User Self Service...........................................................................119

Chapter 11. Account Roaming............................................................. 124

11.1 Roaming Related ...........................................................................124

11.2 WISPr for ISP Roaming ..................................................................124

11.3 Local / On-Demand Account Roaming Out ........................................126

Appendix A. Installation...................................................................... 129

Appendix B. External Pages ................................................................ 130

Appendix C. Useful Management & Evaluation Tools ............................ 143

Appendix D. On-Demand Account Types ............................................... 145

Appendix E. UI Reference Index ........................................................... 152

A. System....................................................................................153

1) General ...................................................................................153

2) WAN ..................................................................................... 155

3) WAN Traffic ..............................................................................156

4) LAN Ports ................................................................................156

5) Service Zones ..........................................................................157

B. Users ......................................................................................164

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

1) Groups ....................................................................................164

2) Internal Authentication..............................................................165

3) External Authentication .............................................................168

4) On-Demand Accounts................................................................169

5) Schedule .................................................................................170

6) Policies....................................................................................171

7) Blacklists .................................................................................172

8) Privilege Lists...........................................................................172

9) Additional Control .....................................................................173

C. Network ..................................................................................177

1) NAT ...................................................................................... 177

2) Monitor IP................................................................................179

3) Walled Garden and Walled Garden Ad..........................................180

4) Proxy Server ............................................................................181

5) Local DNS Record .....................................................................184

6) DDNS......................................................................................185

7) Client Mobility ..........................................................................185

F. Utilities ....................................................................................186

1) Administrator Account ...............................................................186

2) Backup & Restore .....................................................................190

3) Certificates ..............................................................................192

4) Network Utilities .......................................................................195

5) Restart ....................................................................................197

6) System Upgrade .......................................................................197

G. Status.....................................................................................198

1) System Summary .....................................................................198

2) Interface .................................................................................202

3) Monitor Users...........................................................................204

4) Process Monitor........................................................................204

5) Logs & Reports.........................................................................205

6) Reporting ................................................................................207

7) Session List .............................................................................212

8) DHCP Lease .............................................................................213

9) Routing Table ...........................................................................214

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Chapter 1.Introduction

1.1 4ipnet Solution Overview

4ipnet HSG & WHG are designed for network management over almost all current

network architectures, Layer 2 (Data Link Layer) and Layer 3 (Network Layer).

4ipnet HSG are suitable in Layer 2 network architecture, if you want to develop a

Layer 3 network, we strongly recommend you choose 4ipnet WHG Controller series.

Layer 2 networks are relative simple network deployment topology that span

physically under the LAN ports of 4ipnet HSG & WHG, we two deployment scenarios

are illustrated below.

【Layer 2 Network in Port Based Mode】

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

【Layer 2 Network in Tag Based Mode】

Layer 3 networks not only span physically under the LAN ports of 4ipnet WHG, it is

also capable of reaching over different IP networks to manage remote sites with

routable IP address via tunnels.

【Layer 3 Network with tunnels】

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

1.2 Key Terms & Concepts

Gateway is an edge device or network node where a small network attaches to a

bigger network. 4ipnet HSG Wireless Hotspot Gateways are in essence gateways in

a network environment. Conventionally, the bigger network is referred as the WAN

side or upstream network (physically connected via the WAN port), while the small

network is referred as the LAN side.

Local User is a type of user whose account credential is stored in the 4ipnet HSG

Wireless Hotspot Gateway’s built-in database named “Local”. The 4ipnet HSG

Wireless Hotspot Gateway’s “Local” database capacity varies with different model. A

local user account does not have an expiration date once they are created. If

administrator wishes to delete local accounts, this must be done manually from the

Web Management Interface. In addition, 4ipnet HSG Wireless Hotspot Gateway’s

Local database can be configured as an external RADIUS database for another

4ipnet HSG Wireless Hotspot Gateway for account roaming.

On-Demand User is a type of user whose account credential is stored in the

4ipnet HSG Wireless Hotspot Gateway’s built-in database named “On-Demand”. The

4ipnet HSG Wireless Hotspot Gateway’s “On-Demand” database capacity varies with

different model. On-Demand User is designed for short term usage purpose; it has

time or volume constraints and an expiration period. An On-Demand account record

will be recycled for creating new On-Demand account if it has expired for over 15

days or has been deleted by the Administrator/Manager manually. In addition,

4ipnet HSG Wireless Hotspot Gateway’s On-Demand database can be configured as

an external RADIUS database for another 4ipnet HSG Wireless Hotspot Gateway for

account roaming.

External Authentication Database is a user account database that is not built-in

the 4ipnet HSG Wireless Hotspot Gateway. Besides Local database and On-Demand

database, 4ipnet HSG Wireless Hotspot Gateway supports RADIUS for additional

types of External Authentication databases. External Authentication Database is

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

useful for both implementing account roaming and centralized account

management.

Service Zone is a logic partition of 4ipnet HSG Wireless Hotspot Gateway’s LAN.

The concept of Service Zone is that it is a virtual gateway with customizable login

portal page with its own gateway properties (such as LAN IP address, DHCP server

settings, authentication options, etc.). With up to nine independent Service Zone

profiles, 4ipnet HSG Wireless Hotspot Gateway is capable of servicing multiple

hotspot franchises with a single device.

LAN Port Mapping is the correspondence relationship of logical network partitions,

i.e. Service Zones to physical LAN ports on the 4ipnet HSG Wireless Hotspot

Gateway There are two modes of mapping available namely “Port-Based”, and “Tag-

Based”. Port-Based mode statically maps a Service Zone to clients down stream of a

physical LAN port. This mode will only service the maximum number of service

zones based on the amount of physical LAN ports. Tag-Based mode dynamically

maps a client to a service zone based on the VLAN ID tagged on the traffic packet.

Group is a user role profile which defines the accessibility of a user to different

Service Zones and in turn defines the QoS properties as well as network policy

when access is granted. Each and every connected user will belong to a Group,

determined by the type of user account used for authentication. If the administrator

does not assign a new account to any specific Group or for users not required to

authenticate, they will belong to a catch-all group named “None” by default.

Policy is the second tier of user control once a user’s Group profile has been

determined. Policy defines the firewall rules, privileges, login schedule, routing rules

and session limit which will be enforced to users of a particular Group. A user may

only belong to one Group but can be governed by different policies while accessing

different Service Zones.

For users belonging to the “None” group or users not explicitly assigned a network

User’s Manual

HSG326 Wireless Hotspot Gateway ENGLISH

Policy, they will be governed by a default catch-all policy named ‘Global-Policy’. The

Global-Policy is a base policy which will be applied to all users if not applied with

another policy.

The following Figure is an example that depicts the relationship between Service

Zone, Group and Policy. In this example, Students and faculties logging into Service

Zone 1 will be governed by Policy-A. Guests only have access to Service Zone 3,

and will be bounded by Policy-C. Faculties have the access to both Service Zone 1

and Service Zone 2 under two different policies.

【Relationship of Service Zone, Group and Policy】

Service Zone 1 Service Zone 2 Service Zone 3

Policy-B

Group

Student Group

Faculty Group

Guest

Policy-CPolicy-A

Other manuals for HSG326

Table of contents

Other 4IPNET Gateway manuals

4IPNET

4IPNET HSG1250 Operator's manual

4IPNET

4IPNET HSG327 User manual

4IPNET

4IPNET HSG320 User manual

4IPNET

4IPNET WHG315 User manual

4IPNET

4IPNET HSG200 User manual

4IPNET

4IPNET HSG326 User manual

4IPNET

4IPNET WHG201 User manual

4IPNET

4IPNET HSG1250 User manual

4IPNET

4IPNET HSG100 User manual

4IPNET

4IPNET HSG3200 User manual

Popular Gateway manuals by other brands

Telecom FM

Telecom FM onestream gfx Programming guide

UfiSpace

UfiSpace LoRa GPE810U Quick setup guide

Merak

Merak MMk-736F Quick setup guide

Robustel

Robustel R3010 user guide

turck

turck BL20-PG-EN-V3 user manual

IBM

IBM Security Web Gateway Appliance quick start guide

SSS Siedle

SSS Siedle Smart Gateway Commissioning instructions

ADTRAN

ADTRAN 424RG Installation

Chorus

Chorus Hyperfibre XGS-250WX-A user guide

Dragino

Dragino G308 user manual

Data Domain

Data Domain DD690g Installation and setup guide

Raritan

Raritan Laptop Release notes

Haivision

Haivision Torpedo quick start guide

ATCOM

ATCOM AG-268 user manual

LST

LST M500RFE-AS Specification sheet

Vega

Vega VEGA BS-3 user manual

Kinnex

Kinnex Media Gateway quick start guide

2N Telekomunikace

2N Telekomunikace 2N StarGate user manual