4IPNET WHG201 User manual
Copyright Notification
4IPNET, INC.
This document contains proprietary information which is the property of 4IPNET, INC. and is strictly confidential. No part may be reproduced except as
authorized by written permission of the contributing companies.
User Manual
WHG-Series WLAN Gateway-Controller
HSG-Series Wireless Hotspot Gateway
Verion 3.43.00
1
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
Table of Content
14IPNET WLAN QUICK DEPLOYMENT..............................................................................................................................5
1.1 CHECK YOUR NETWORK ENVIRONMENT ................................................................................................................................5
1.2 HOW TO ENABLE YOUR SERVICE ZONE ..................................................................................................................................5
1.3 HOW TO ADD AN USER ACCOUNTS ......................................................................................................................................6
1.4 HOW TO ADD AN ACCESS POINT..........................................................................................................................................6
2HOW TO CONFIGURE SYSTEM SETUP ............................................................................................................................7
2.1 SYSTEM GENERAL SETTING.................................................................................................................................................7
2.2WMI MANAGEMENT ACCESS.............................................................................................................................................8
2.3 WAN CONFIGURATION .....................................................................................................................................................9
2.4 LAN CONFIGURATION .....................................................................................................................................................11
2.5 ADVANCED FEATURES IN SYSTEM .......................................................................................................................................11
3HOW TO CONFIGURE SERVICE ZONE ...........................................................................................................................13
3.1 VLAN/IP, ISOLATION,NAT/ROUTER MODE........................................................................................................................13
3.2 DHCP SERVER OPTION ...................................................................................................................................................14
3.3 AUTHENTICATION SETTINGS..............................................................................................................................................14
3.4 PAGE CUSTOMIZATION.....................................................................................................................................................15
4HOW TO ENABLE USER AUTHENTICATION DATABASES................................................................................................17
4.1 INTERNAL AUTHENTICATION .............................................................................................................................................17
Local User Database .............................................................................................................................................174.1.1
On-Demand User Database ..................................................................................................................................184.1.2
On-Demand Accounts Creation and List ...............................................................................................................284.1.3
Guest User Database ............................................................................................................................................304.1.4
One Time Password ..............................................................................................................................................324.1.5
4.2 HOW TO INTEGRATE 4IPNET WTG SERIES PRINTER (WTG-SERIES) ...........................................................................................33
4.3 EXTERNAL AUTHENTICATION.............................................................................................................................................43
POP3 .....................................................................................................................................................................434.3.1
LDAP .....................................................................................................................................................................434.3.2
RADIUS..................................................................................................................................................................434.3.3
NT Domain............................................................................................................................................................454.3.4
SIP .........................................................................................................................................................................45
4.3.5
Social Media .........................................................................................................................................................464.3.6
4.4 HOW TO APPLY SOCIAL MEDIA LOGIN.................................................................................................................................48
4.5 RADIUS AUTHENTICATION APPLICATION ............................................................................................................................51
802.1X Authentication/ WPA2-Enterprise Authentication....................................................................................514.5.1
Local/ On-Demand Account Roaming Out............................................................................................................534.5.2
WLAN Controller as an Internal RADIUS Server ....................................................................................................574.5.3
DM and CoA..........................................................................................................................................................594.5.4
MAC ACL in the WLAN Controller..........................................................................................................................614.5.5
MAC Address Authentication................................................................................................................................614.5.6
PPP Authentication ...............................................................................................................................................624.5.7
WISPr for ISP Roaming..........................................................................................................................................624.5.8
5HOW TO CONFIGURE USER POLICIES........................................................................................................................... 64
1.1 USER POLICY...........................................................................................................................................................64
2
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
1.2 GLOBAL POLICY ......................................................................................................................................................66
6HOW TO GENERATE YOUR SCENARIOS........................................................................................................................67
6.1 USER GROUPS,USER POLICIES,SERVICE ZONES AND SCHEDULE ..............................................................................................67
6.2 BLACKLISTS AND PRIVILEGE LISTS .......................................................................................................................................70
Blacklists ...............................................................................................................................................................706.2.1
IP Privilege List......................................................................................................................................................706.2.2
IPv6 Privilege List ..................................................................................................................................................706.2.3
MAC Privilege List .................................................................................................................................................716.2.4
MAC Access Control List........................................................................................................................................716.2.5
6.3 ADDITIONAL CONTROL ....................................................................................................................................................71
7HOW TO CONFIGURE ACCESS POINT IN LAPM.............................................................................................................73
7.1 AP LIST AND OVERVIEW ..................................................................................................................................................74
7.2 AP ADDING AND CONFIGURATION.....................................................................................................................................74
7.3 TEMPLATE.....................................................................................................................................................................75
7.4 AP FIRMWARE MANAGEMENT .........................................................................................................................................77
7.5 WDS MANAGEMENT......................................................................................................................................................77
7.6 ROGUE AP DETECTION....................................................................................................................................................78
7.7 AP LOAD BALANCING......................................................................................................................................................78
8HOW TO CONFIGURE ACCESS POINT IN WAPM...........................................................................................................80
8.1 AP LIST ........................................................................................................................................................................81
8.2 GRAPHICAL MONITORING ................................................................................................................................................81
Google Map Integration .......................................................................................................................................818.2.1
AP Grouping..........................................................................................................................................................888.2.2
8.3 AP ADDING AND CONFIGURATION......................................................................................................................................90
AP discovery..........................................................................................................................................................908.3.1
How to prepare CAPWAP application ...................................................................................................................918.3.2
CAPWAP with Complete Tunnel ............................................................................................................................938.3.3
CAPWAP with Split Tunnel ....................................................................................................................................958.3.4
8.4 TEMPLATE.....................................................................................................................................................................96
8.5 WDS MANAGEMENT......................................................................................................................................................99
8.6 AP FIRMWARE MANAGEMENT ..........................................................................................................................................99
Backup Configuration ...........................................................................................................................................998.6.1
Firmware...............................................................................................................................................................998.6.2
8.7 ROGUE AP DETECTION..................................................................................................................................................100
8.8 AP LOAD BALANCING....................................................................................................................................................100
9HOW TO CONFIGURE SWITCH MANAGEMENT .......................................................................................................... 102
9.1 SWITCH LIST................................................................................................................................................................102
9.2 POESCHEDULE TEMPLATE .............................................................................................................................................102
9.3 BACKUP CONFIGURATION...............................................................................................................................................103
10 HOW TO REALIZE WI-FI MONITOR............................................................................................................................. 104
10.1 ADD A FLOOR PLAN ......................................................................................................................................................104
10.2 SIMULATION AP...........................................................................................................................................................107
10.3 AP MONITORING ON FLOOR PLAN ..................................................................................................................................109
11 HOW TO ENABLE VPN FEATURE ................................................................................................................................110
11.1 REMOTE VPN PPTP.....................................................................................................................................................110
11.2 REMOTE VPN IKEV2....................................................................................................................................................110
3
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
11.3 SITE-TO-SITE VPN ........................................................................................................................................................111
12 HIGH AVAILABILITY ................................................................................................................................................... 112
13 PORT LOCATION MAPPING ....................................................................................................................................... 114
14 PMS INTEGRATION....................................................................................................................................................117
15 UTILITIES FOR WLAN CONTROLLER ...........................................................................................................................119
15.1 NETWORK UTILITIES......................................................................................................................................................119
IPv4 ................................................................................................................................................................11915.1.1
IPv6 ................................................................................................................................................................11915.1.2
Sniff................................................................................................................................................................12015.1.3
IP Discovery....................................................................................................................................................12015.1.4
15.2 CERTIFICATES...............................................................................................................................................................120
System Certificate ..........................................................................................................................................12115.2.1
Internal Root CA .............................................................................................................................................12115.2.2
Internally Issued Certificate ...........................................................................................................................12115.2.3
Trusted Certificate Authorities .......................................................................................................................12115.2.4
15.3 ADMINISTRATOR ACCOUNTS...........................................................................................................................................122
15.4 BACKUP/RESTORE CONFIGURATION.................................................................................................................................123
15.5 RESTART .....................................................................................................................................................................124
15.6 SYSTEM UPGRADES.......................................................................................................................................................125
16 ADVANCED SETTINGS FOR NETWORK ENVIRONMENT ..............................................................................................126
16.1 IPV4/ IPV6DUAL STACK NETWORK.................................................................................................................................126
16.2 NAT ..........................................................................................................................................................................127
16.3 MONITOR IP LIST .........................................................................................................................................................129
16.4 WALLED GARDEN AND ADVERTISEMENT ...........................................................................................................................129
16.5 VPN..........................................................................................................................................................................130
16.6 PROXY SERVER.............................................................................................................................................................130
16.7 LOCAL DNS RECORDS ...................................................................................................................................................132
16.8 DYNAMIC ROUTING ......................................................................................................................................................132
16.9 DDNS .......................................................................................................................................................................134
16.10 CLIENT MOBILITY .........................................................................................................................................................134
17 STATUS FOR LOGS AND REPORTS .............................................................................................................................. 136
17.1 DASHBOARD................................................................................................................................................................136
17.2 SYSTEM RELATED STATUS ...............................................................................................................................................137
System Summary............................................................................................................................................13717.2.1
Network Interface ...................................................................................................................................13817.2.2
Process Monitor .............................................................................................................................................13917.2.3
Routing...........................................................................................................................................................13917.2.4
DHCP Server ...................................................................................................................................................14017.2.5
17.3 CLIENT RELATED STATUS ................................................................................................................................................141
Online User ....................................................................................................................................................14117.3.1
Associated Non Login Users ...........................................................................................................................14217.3.2
Cross Gateway Roaming Users ......................................................................................................................14217.3.3
On-Demand Roaming Out User .....................................................................................................................14317.3.4
Session List .....................................................................................................................................................14317.3.5
17.4 LOGS AND REPORTS ......................................................................................................................................................144
System Related Logs and Reports ..................................................................................................................14417.4.1
User Events ....................................................................................................................................................14417.4.2
4
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
17.5 REPORTS AND NOTIFICATION ..........................................................................................................................................145
SMTP Settings ................................................................................................................................................146
17.5.1
SYSLOG Settings .............................................................................................................................................14617.5.2
FTP Settings....................................................................................................................................................14717.5.3
Notification Settings ......................................................................................................................................14717.5.4
APPENDIX A. HARDWARE OVERVIEW ................................................................................................................................149
5
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
14ipnet WLAN Quick Deployment
1.1 Check your Network Environment
Before installing the 4ipnet WLAN controller, careful network planning is required in order to meet the
networking needs with the most efficient utilization of network resources. IT staff of any organization
should assess the available network resources at hand, and design a suitable network topology with
resiliency, capacity, and survivability in mind.
Typically, organization networks today are a combination of manageable wired and wireless LANs,
sometimes even remote LANs. Designed to fulfill most deployment needs, the two main categories of
network topologies supported are:
Layer 2 Topology
Layer 3 Topology
Layer 2 Topology aims to build a managed Local Area Network (LAN) which consists of both wired and
wireless capabilities to provide network services to a limited physical area such as office building, hotel,
school premises, and etc.
-Always connect hierarchically. If there are multiple switches in a building, use an aggregation switch.
-Locate the aggregation switch close to the network core (e.g. mainframe housing)
-Locate edge switches close to users (e.g. one per floor)
Layer 3 Topology aims to build a managed Local Area Network (LAN) which consists of both wired and
wireless capabilities to provide network services to local and remote physical areas such as enterprise
buildings, hotel chains, college campuses, and etc.
-Always connect hierarchically whether in local LAN or remote LAN. If there are multiple switches in a
building, use an aggregation switch.
-Locate the aggregation switch close to the network core (e.g. mainframe housing)
-Locate edge switches close to users (e.g. one per floor)
-Remote site’s device (4ipnet AP or 4ipnet WHG Controller) uplink should either have a public IP
address or an IP address in the same subnet as the main WHG Controller’s WAN IP address.
1.2 How to enable your Service Zone
Service Zone is a logic partition of WLAN controller’s LAN. The concept of Service Zone is that it is a virtual
gateway with customizable login portal page with its own gateway properties (such as VLAN tag, LAN IP
address, DHCP server settings, authentication options, etc.). With up to nine independent Service Zone
profiles, the WLAN controller is capable of servicing multiple hotspot franchises with a single device.
Administrators are able to check the Service Zone status from “Main ›System ›Service Zone”and click the
6
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
hyperlink of Service Zone Name for further configuration about its own VLAN tag, LAN IP address, DHCP
server settings, authentication options, etc. For more details, please refer to “chapter 3 How to configure
Service Zone.”
1.3 How to add an User Accounts
Local User is a type of user whose account credential is stored in the WLAN controller’s built-in database
named “Local”. The WLAN controller’s “Local” database capacity varies with different model. A local user
account does not have an expiration date once they are created. If administrator wishes to delete local
accounts, this must be done manually from the Web Management Interface.
Administrators are able to check the existed Local User Accounts from “Main ›Users ›Internal
Authentication ›Local Authentication ›Local User List” and simply create one by clicking “Add”button
with desired Username and Password. For more details, please refer to “session 4.1.1 Local User
Database”
On-Demand User is a type of user whose account credential is stored in the WLAN controller’s built-in
database named “On-Demand”. The WLAN controller’s “On-Demand” database capacity varies with
different model. On-Demand User is designed for short term usage purpose; it has time or volume
constraints and an expiration period. An On-Demand account record will be recycled for creating new
On-Demand account if it has expired for over 15 days or has been deleted by the Administrator/Manager
manually.
Administrators need to generate an On-Demand billing plan first form “Main ›Users ›Internal
Authentication ›On-Demand Authentication ›Billing Configuration” by clicking the hyperlink of the billing
plan number. Furthermore, administrators are able to check the existed On-Demand User Accounts from
“Main ›Users ›On-Demand Accounts ›Account Creation”and simply create one or multiple accounts by
clicking “Create Single”or “Create Batch”button with desired Username and Password, respectively. For
more details, please refer to “session 4.1.2 On-Demand User Database”and “session 4.1.3 On-Demand
Account Creation”
1.4 How to add an Access Point
There are couples of methodology to add the access point into management by WLAN controller. It
depends on what network topology it is. Simply, LAPM is for Layer 2 network topology (”session 7.2 AP
adding and configuration”), WAPM without tunnel is for L3 network topology without client
authentication (”session 8.3.1 AP discovery”), WAPM with complete tunnel is for L3 network topology
with fully controlling clients traffic (”session 8.3.3 CAPWAP with complete tunnel”), while WAPM with split
tunnel is for L3 network topology with authentication and traffic flow optimization(”session 8.3.4 CAPWAP
with split tunnel”).
7
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
2How to configure System Setup
2.1 System General Setting
This section relates to fundamental system configuration.
The General displays the following tabs:
General Settings
System Time
General Settings
System Name: This is a mnemonic name admin can give to the controller. Once configured, it will show on
the web browser’s frame.
Contact Information: This is the email, cell phone, or other means of contact, displayed on the clients’ web
browser in the event of internet disconnection.
HTTPS Certificate: HTTPS network certificate as site safety verification, which is able to be uploaded and
selected from “Utilities > Certificates > System Certificate, chapter 15.2”.
User HTTPS Login: Presents the option to allow end users authenticated with HTTPS for encrypted content
transfer. The Disable option indicates the user will be redirected to HTTP login page, while the Enable
option to HTTPS login page. The Secure option supports only “High” encryption cipher suites i.e. SSLv3
and TLSv1.
HTTPS Automatic Redirects provides an option for allowing or denying HTTPS requests when a user first
connects to a network. When enabled, HTTPS traffic will be redirected but may prompt a certificate
security warning. When HTTPS is disabled, all HTTPS traffic is denied and will be timed-out. This option
will effectively prevent all security warnings being shown on the user’s devices. When HTTPS requests are
timed-out, some browsers may automatically request a HTTP webpage to redirect to a Captive Portal.
-Enable HTTPS Automatic Redirect: users browsing with HTTPS may be shown a certificate security alert
when browsing before they access the Captive Portal.
-Block HTTPS Automatic Redirect: users browsing with HTTPS will be timed-out, meaning their webpage
will appear blank since they never reach their destination
-Bypass non-HTTP Traffic Prior to Sign-In: all HTTPS websites are allowed for browsing even though the
user have not accepted the disclaimer page or completed the sign-in process on the Captive Portal.
Internal Domain Name: A fully qualified domain name (FQDN) of the system. Ideal for accessing the
Controller instead of remembering the IP address of the LAN interfaces. When the administrator enters a
desired domain name in the Internal Domain Name field, the entered Internal Domain Name will be
shown in the URL of the Login Success page instead of a LAN IP address. In addition, when HTTPS is
enabled, enter the domain name of the uploaded certificate will increase login speed and the URL in the
User Login page will be changed. On the Social Media Login, this Internal Domain Name help redirect the
login succeeded clients back the Login Success page.
Portal URL Exceptions (User Agent): The desired landing page may be directed after users’ initial login
except specific opened browsers listed here.
User Log Access IP Address: Once configured, user logs can only be accessed via the administrator
8
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
matching the entered IP.
UAM Filter: The Universal Access Method (UAM) Filter drops non-browser http requests from user agents
before authentication to prevent system overloading from excessive traffic.
Management IP Address List: This allows the network administrator to enter a selection of reserved IP
addresses/ range that are authorized to see the Web Management Interface, which is configured in
“System > General > Management IP Address List, chapter2.2”. The remote console interface is disabled
by default.
SNMP: Presents an option to enable or disabled system info retrieval via SNMP protocal. Administrators
can choose to assign specific port to transmit SNMP trap messages. Detailed thresholds such as CPU
Usage, Memory Usage, DHCP Scope, and Heart Beat Period may be configured.
Suspend Warning Message: A field for administrator to enter the message to users when a Service Zone’s
service is temporarily suspended
System Time
Current Time: The system time right away following below configuration.
Time Zone: a dropdown list to select the local time zone the system is.
Time Update (NTP): The system completes automatic time synchronization by specifying external NTP
servers in the order of NTP Server 1 to 5. The checkbox of Use this controller as an NTP server is checked
by default so as to synchronize the time of managed-APs.
Time Update (Manually Set Up): The system time is manually configured.
2.2 WMI Management Access
The administrator can grant access to the WMI by specifying a list specific IP addresses or ranges of IP
addresses, both from WAN or from LAN, in web-based or in console-based.
The Management IP List displays the following tabs:
Management Service
Management Service Zone List
Management IP Address List
Management Service
SSH Service: The encrypted remote console interface in port 22. For security purposes, SSH Service is
recommended to disable to prevent malicious users from accessing the system. However, if the remotely
troubleshooting is required by 4ipnet Support team, please help enable in advance.
Telnet Service: The non-encrypted remote console interface in port 23. For security purposes, Telnet
Service is disabled by default to prevent malicious users from accessing the system.
9
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
Management Service Zone List
Given the enabled Service Zone(s), which is configured in “System > Service Zone, chapter2.4”,
administrators could Active to let the devices matching the range of IP address could access the WMI of
the system.
Management IP Address List
For remote access purpose, the IP Address/ Segment could be customized for the administrators to access
the WMI of the system. Please confirm the entries are Active in the table by checking the checkboxes. For
example, entering "192.168.3.1" and "192.168.1.0/24" means that only the device at 192.168.3.1 and
devices in the range of 192.168.1.0 to 192.168.1.255 are able to reach the web management interface.
If administrators would like to type a specific IP address, there is not necessary to type the segment. (type
192.168.5.44, instead of 192.168.5.44/32)
2.3 WAN Configuration
The 4ipnet WHG-series Gateway-Controllers have at least 2 physical WAN ports for supporting most ISP. To
complete accessing the WAN IP address is important in the very beginning configuration.
The WAN screen displays the following tabs:
WAN Configuration
WAN2 Configuration
WAN2 Functions
WAN Configuration
Physical Mode: a drop-down list allows administrators to choose the speed and duplex of the WAN
connection. When Auto-Negotiation is ON, the system chooses the highest performance transmission
mode (speed/duplex/flow control) that both the system and the device connected to the interface
support.
Static: Manually specifying the IP address of the WAN port.
Dynamic: It is only applicable for a network environment where the DHCP server is available in the
upstream network. Renew button to get an IP address automatically.
PPPoE: It is for PPPoE dialup connection provided by your ISP, and the ISP will issue you an account with a
password so as to complete the configuration.
PPTP: Some IPSs (in European countries) may provide PPTP protocol for dialup connection. The issued
PPTP account and password for PPTP server are required.
Transmission Option (WHG711, WHG802 only): 4ipnet carrier grade models designed with SFP fiber ports,
which could be configured as
-Ether Port: Deploy the copper Ethernet WAN port for service.
-Fiber Port: Deploy the SFP fiber port for service.
10
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
-Fiber Port and Ether Port: Bridge Fiber port and Ethernet port, physically only connect one uplink
either via SFP port or Ether port.
-Bonding: Deploy both SFP port and copper Ethernet port for service. This option aggregates the two
connections and will result in aggregated higher throughput.
WAN2 Configuration
Physical Mode: a drop-down list allows administrators to choose the speed and duplex of the WAN
connection. When Auto-Negotiation is ON, the system chooses the highest performance transmission
mode (speed/duplex/flow control) that both the system and the device connected to the interface
support.
Static: Manually specifying the IP address of the WAN port.
Dynamic: It is only applicable for a network environment where the DHCP server is available in the
upstream network. Renew button to get an IP address automatically.
PPPoE: It is for PPPoE dialup connection provided by your ISP, and the ISP will issue you an account with a
password so as to complete the configuration.
Transmission Option (WHG711, WHG802 only): 4ipnet carrier grade models designed with SFP fiber ports,
which could be configured as
-Ether Port: Deploy the copper Ethernet WAN port for service.
-Fiber Port: Deploy the SFP fiber port for service.
-Fiber Port and Ether Port: Bridge Fiber port and Ethernet port, physically only connect one uplink
either via SFP port or Ether port.
-Bonding: Deploy both SFP port and copper Ethernet port for service. This option aggregates the two
connections and will result in aggregated higher throughput.
WAN Traffic Settings
Bandwidth Limitation: Disable by default. The limitation is combined for both WAN1 and WAN2, while the
bandwidth is still bounded by the network speed of the ISP operator.
Function of WAN2: these functions only when WAN2 is enabled
-Disable: WAN2 acts as another uplink for the system without Load Balancing and WAN Failover
-Load Balancing: Select the option for administrator to spread the system traffic across WAN1 and
WAN2 ports based on percentage load, calculated using session, bytes, or packets.
-WAN Failover: Select the option for WAN2 taking into service the traffic originally handled by WAN1 if
WAN1 is down. If the nested option is selected, service will be returned to WAN1 link if it is up again.
This feature is not available to be used concurrently with Load Balancing.
Address for Detecting Internet Connection: Up to three outbound sites as detection target for verifying
whether the uplink service is alive or down. A field of warning message text may be customized which will
be displayed on the user’s web browser when all three detecting targets fail to respond.
11
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
2.4 LAN Configuration
The LAN of WLAN controller is managed by 4ipnet unique Service Zone, which is configured in “System >
Service Zone, chapter2.4”, while administrators could decide one of the Service Zone modes to serve in
this page.
The LAN screen displays the following tabs:
LAN Ports
Management Port
Note: If HA feature is in Enabled status, LAN1 will be transformed into a dedicated HA port and will not be
able to service any Service Zone.
LAN Ports
LAN Port Mode: select the option for identifying the port and Service Zone mapping
-Port-based: Each physical LAN port can be mapped to an enabled Service Zone or disabled from
providing service. Noted that the maximum amount of Service Zones available to actually provide
service is determined by the number of LAN ports on the Controller.
-Tag-based: Different Service Zones are identified by VLAN ID no matter which physical LAN ports. This
means that Tag-Based mode dynamically maps a client to a Service zone based on the VLAN ID tagged
on the traffic packet.
Port –Service Zone Mapping: the configuration of the physical LAN port by enabled Service Zone when
Port-based mode is selected.
Management Port (WHG711, WHG802 only)
An open WMI available in default IP 172.30.0.1/16 when administrators connect to the physical MGMT
port.
2.5 Advanced features in System
There are several powerful features applied for different advanced application. For details on a specific
page, refer to the appropriate chapter
High Availability (HA), refer to “chapter 12 High Availability”
PMS Interface, refer to “chapter 14 PMS Integration”
Utilities for WLAN Controller, refer to “chapter 15 Utilities for WLAN Controller”
12
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
Advanced Settings for Network Environment, refer to “chapter 16 Advanced Settings for Network
Environment”
13
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
3How to configure Service Zone
Service Zones are virtual partitions of the physical LAN side of a 4ipnet Controller. Similar to VLANs, they
can be separately managed and defined, having their own user landing pages, network interface settings,
DHCP servers, authentication options, policies and security settings, and so on. By associating a unique
VLAN Tag (when it is tag-based) and an SSID with its Service Zone, administrator can flexibly separate the
wired and wireless networks easily.
There are dozens of features for each Service Zone
VLAN, Isolation, NAT/Router Mode
DHCP Server Option
Authentication Settings
Page Customization
3.1 VLAN/IP, Isolation, NAT/Router Mode
VLAN/IP
IP address will act as the Controller IP to a user connected to this Service Zone. Subnet mask defines the
size of your Service Zone network and defines the range of IP’s allowed to access this Service Zone. To
allow users using addresses that are out of range, enter the IP’s in the Network Alias List and check Enable.
Always remember to click Apply upon completion.
Isolation
-Inter-VLAN Isolation: 2 clients within the same VLAN will not see each other when coming in from
different ports. Note that Isolation is done when traffic passes through the gateway. When a switch or
AP is being deployed, Station Isolation has to be enabled on the AP/switch.
-Clients Isolation: All clients on the same Layer 2 network are isolated from one another in this Service
Zone.
-None: No isolation will be applied to clients in this Service Zone.
Note that when “None” is selected, a switch port connecting to the LAN port of the WLAN controller may
be shut down if the switch has loop protection enabled and there are more than 2 VLANs belong to one
Service Zone.
NAT/Router Mode
NAT is the acronym for Network Address Translation which translates private IP addresses for devices on
the LAN side of a controller to routable IP before forwarding into uplink network. Private IP addresses are
invisible to devices or routers on the WAN side of the controller, only the controller deploying the NAT
knows their corresponding translation. This mode not only protects users on the LAN from being ‘seen’ by
external devices but also solves the problem of limited public IP’s.
14
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
Router mode as the name suggests, is a network operating without address translation in and out of the
Controller. Router mode is selected when using public IP or under circumstances where the downstream
devices requires a routable IP address to upstream routers.
3.2 DHCP Server Option
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically
assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given
network. WLAN controllers supports independent DHCP settings for each Service Zone profile. Options
include Disable DHCP option, Enable built-in DHCP server or DHCP Relay.
-DHCP Server Configuration –The default setting for DHCP Server is “Enable”. Select other options
from the drop-down list.
-Define the IP range for issuing when using Enable DHCP Server (built-in). There are a total of six DHCP
pools for configuration.
-Lease Time at each pool cannot be smaller than the twice value of Idle Timeout.
-Reserving IP addresses –A configuration list for reserving certain IP’s within the DHCP Server IP range
for specific devices, for example an internal file server.
-DHCP lease protection –This is an optional checking mechanism on the Controller when Enabled, will
check to see if the lease expired IP is currently online. If yes, the Controller will halt the issuing of this
IP address until the user session terminates.
-Click “Apply” to activate changes.
3.3 Authentication Settings
Once the administrator has properly configured the authentication servers under the Main Menu, each
Service Zone can select the authentication option preferred to downstream clients for login. Note that
Authentication is always enabled by default.
15
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
Authentication Options: Administrators can designate configured auth servers for use. Postfix will be used
as auth server identifier when more than one auth server is enabled for service.
Portal URL: The specification of a desired landing page may be configured here. When enabled, the
administrator can choose to set the URL of an opened browser after users’initial login.
MAC Authentication: RADIUS MAC authentication feature once enabled, if the connected device has its
MAC address entered in the configured RADIUS Server, the Controller will automatically authenticate and
grant access immediately if authentication succeeds. Users will experience transparent login.
PPP Authentication: Point-to-Point Protocol (PPP) is a data link protocol commonly used in establishing a
direct connection between two networking nodes. When this feature is enabled for service, end users
may configure a dial-up connection setting with a valid username and password (support only Local and
RADIUS users). Once the dial-up connection has been established, the user would have been
authenticated successfully without further UAM login.
IP Address Range Assignment field configures the starting IP range which PPP can assign IP addresses to
dial-up virtual interfaces. The assigned interface IP address is used to route between the networks on
both side of the tunnel.
3.4 Page Customization
Each Service Zone can be configured to have unique Login Pages or Message Pages. There are 3 types of
Login Pages: The General Login Page, PLM Open Type Login Page (for Port Location Mapping free access),
and PMS Billing Plan Selection Page. A Service Disclaimer page can be enabled if required. These pages
are fully customizable to give administrators complete flexibility. Message Pages can also be customized
and message pages include: Login Success Pages, Login Success Page for On-Demand Users, Login Fail
Page, Device Logout Page, Logout Success Page, Logout Failed Page, and Online Device List.
There are three customization options to choose from apart from the 4ipnet Default Page: Customize with
Template, Upload Your Own, and Use External Page.
4ipnet Default: The gateway has a standard 4ipnet Default Login Page with the 4ipnet logo and
Administrators can choose to enable a Service Disclaimer if needed.
Customize with Template: For this option, a template is prepared for the administrator's easy
customization. The general layout has been set for the administrator but the contents can be customized
to his preference. A color theme and a logo can be uploaded, and contents field such as Service Disclaimer,
text colors can entered within the template presentation layout.
Upload Your Own: The Administrator has the option to upload a html file as the Login Page. The
"Download HTML Sample File" gives administrators a sample HTML code to edit from. Once this sample
HTML code is downloaded, open the file with any browser, right click and select "View Page Source". You
may edit the HTML code with any text editor as long as the file is saved in .html format.
Use External Page: The Login Page can be a defined external URL. This option requires extensive
knowledge of URL parameter utilization that works together with the Message Pages and should be
organized carefully. For more details on External Login Page customization, please refer to the Technical
Guide.
16
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
For a Preview of the custom page, click “Apply” followed by the “Preview” button. Similarly, the four
options are available for Message Pages.
17
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
4How to enable User Authentication Databases
4.1 Internal Authentication
Internal authentication database is a storage device where users’ credentials in the system may be
inquired for validity. Each type has its own application in different scenarios
Local User Database
On-Demand User Database
Guest User Database
Local User Database4.1.1
This type of authentication method checks the local database that stores user, often the staff and
credentials internally. The Local user database is designed to store static accounts which will not be
deleted unless manually performed by administrator.
Local User List
-Add: To create one or multiple accounts with account information, including Username, Password,
MAC Address, Group, Account Span, and Remark
Note:
1. The fields with red asterisk are mandatory fields while the others are optional.
2. MAC Address field once configured will bind this particular account under the condition that it may
only be granted access using the device specified.
3. The Group field specifies the group profile of the account being created.
4. Remark is for any additional note administrator would like to stress. It will be shown on the user list.
5. You can check the Enable Local VPN checkbox to build up a secure VPN tunnel between the device
using the account and the controller.
6. Expiration is optional time constraints which may be enforced to this account if the Account Span
option is checked. This is a useful attribute if used in complement with Multiple Login, ideal to
provide network access to a group of people for a specified amount of time, for instance during a
seminar event.
-Delete: To deleted individually or entirely by selecting the “Select All” checkbox
-Backup: To export user credentials as a text file in csv format in a new window.
-Upload: To import the accounts back into the Local user database which is a convenient way to create
a great amount of Local accounts.
-Edit Account Information: For existing user accounts, further modification is possible simply by clicking
the username hyperlink on the page to reconfigure account attributes.
18
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
Note:
1. The txt files generated may be inter-used by all WLAN controller series as the defined csv format is
consistent for all models.
2. Duplicated accounts will result in upload failure and a warning message will be displayed.
Account Roaming Out
802.1X Authentication
On-Demand User Database4.1.2
The On-Demand user database is designed for guest user account provisioning with time or traffic volume
constraints. Ideal for deployment needs of Hotels, Hotspot venues, Enterprise visitor reception, and more.
The On-Demand Authentication option offers plenty of options for customization. POS/Web tickets can be
customized to businesses’ needs, and multiple payment options are also available on the WLAN
controllers.
On-Demand Billing Plans
On-Demand Authentication
Web Printout
POS Tickets and Terminal Server
Payment Gateway
SMS Gateway
Email Verification
Account Roaming Out
On-Demand Billing Plans
Usage-time: Users can access internet as long as account is valid with remaining quota (usable time).
Users need to activate the purchased account within a given time period by logging in. This is ideal for
short term usage such as in coffee shops, airport terminals etc. Quota is deducted only while in use,
however the count down to Expiration Time is continuous regardless of logging in or out. Account expires
when Expiration has been used up or quota depleted as expiration time is enabled,
-Activation is the time period for which the user must execute a first login. Failure to do so in the time
period set in Account Activation will result in account expiration.
-Expiration is the valid time period for using. After this time period, even with remaining quota the
account will still expire.
-Quota is the total period of time (xx days yy hrs zz mins), during which On-Demand users are allowed
to access the network. The total maximum quota is “364Days 23hrs 59mins 59secs” even after
redeeming.
-Unit Price is the unit price of this plan.
-Group will be the applied Group to users created from this plan.
19
User Manual ENGLISH
WHG-Series Wireless WLAN Controller
Copyright © 2017, 4ipnet, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
-Reference field allows administrator to input additional information.
Volume: Users can access internet as long as account is valid with remaining quota (traffic volume).
Account expires when Valid Period is used up or quota is depleted. This is ideal for small quantity
applications such as sending/receiving mail, transferring a file etc. Count down of Valid Period is
continuous regardless of logging in or out.
-Activation is the time period for which the user must execute a first login. Failure to do so in the time
period set in Account Activation will result in account expiration.
-Expiration is the valid time period for using. After this time period, the account expires even with
quota remaining.
-Quota is the total Mbytes (1~1000000), during which On-Demand users are allowed to access the
network.
-Number of devices is to define the number of allowed simultaneous logged in devices per account. (0:
unlimited)
-Unit Price is the unit price of this plan.
-Group will be the applied Group to users created from this plan.
-Reference field allows administrator to input additional information.
Hotel Cut-off-time is the clock time (normally check-out time) at which the On-demand account is cut off
(made expired) by the system on the following day or many days later.
-Cut-off Time: On the account creation UI of this plan, operator can enter a Unit value which is the
number of days to Cut-off-time according to customer stay time. For example: Unit = 2 days, Cut-off
Time = 13:00 then account will expire on 13:00 two days later.
-Grace Period is an additional, short period of time after the account is cut off that allows user to
continue to use the On-Demand account to access the Internet without paying additional fee.
-Number of Devices is to define the number of allowed simultaneous logged in devices per account.
-Unit Price is a daily price of this billing plan. This is mainly used in hotel venues to provide internet
service according to guests’ stay time.
-Group will be the applied Group to users created from this plan.
-Reference field allows administrator to input additional information.
Duration Time with Elapsed Time: Account is activated upon account creation. Count down begins
immediately after account is created and is continuous regardless of logging in or out. Account expires
once the Elapsed Time is reached. This is ideal for providing internet service immediately after account
creation throughout a specific period of time.
-Begin Time is the time that the account will be activated for use. It is set to account creation time.
-Elapsed Time is the time interval for which the account is valid for internet access (xx hrs yy mins).
-Number of Devices is to define the number of allowed simultaneous logged in devices per account.
-Price is the unit price of this plan.
-Group will be the applied Group to users created from this plan.
-Reference field allows administrator to input additional information.
This manual suits for next models
2
Table of contents
Other 4IPNET Gateway manuals
4IPNET
4IPNET HSG327 User manual
4IPNET
4IPNET WHG315 User manual
4IPNET
4IPNET HSG100 User manual
4IPNET
4IPNET HSG200 User manual
4IPNET
4IPNET HSG3200 User manual
4IPNET
4IPNET HSG326 User manual
4IPNET
4IPNET HSG320 User manual
4IPNET
4IPNET HSG326 User manual
4IPNET
4IPNET HSG1250 Operator's manual
4IPNET
4IPNET HSG1250 User manual
Popular Gateway manuals by other brands
Teletronics International
Teletronics International Gateway TTTM5800X user manual
Honeywell
Honeywell Lyric LCP300-L User reference guide
Banner
Banner SureCross DX80 Network manual
OpenVox
OpenVox SWG-2016C user manual
Grandstream Networks
Grandstream Networks GXW-410x user manual
HELVAR
HELVAR DIGIDIM EnOcean 434 installation guide