AirLive IAS 2000 User manual
Table of Contents
IAS 2000
User’sManual
Internet Access Gateway
Table of Contents
Air Live IAS-2000 User’s Manual V1.0.
i
Table of Contents
0HTable of Contents.........................................................................................................................................................63Hi
1HChapter 1. Before You Start................................................................................................................................64H1
2H1.1 Audience...................................................................................................................................................65H1
3H1.2 Document Signal ......................................................................................................................................66H1
4H1.3 Glossary....................................................................................................................................................67H1
5HChapter 2. Overview..........................................................................................................................................68H15
6H2.1 Introduction of IAS-2000 .......................................................................................................................69H15
7H2.2 System Concept......................................................................................................................................70H15
8HChapter 3. Hardware Installation ....................................................................................................................71H18
9H3.1 Panel Function Descriptions...................................................................................................................72H18
10H3.2 Package Contents....................................................................................................................................73H19
11H3.3 System Requirement...............................................................................................................................74H20
12H3.4 Installation Steps.....................................................................................................................................75H20
13HChapter 4. Network Configuration on PC.......................................................................................................76H22
14H4.1 Internet Connection Setup ......................................................................................................................77H22
15H4.1.1 Windows 9x/2000 .................................................................................................................................78H22
16H4.1.2. Windows XP .........................................................................................................................................79H24
17H4.2 TCP/IP Network Setup ...........................................................................................................................80H27
18H4.2.1. Check the TCP/IP Setup of Window 9x/ME.........................................................................................81H27
19H4.2.2. Check the TCP/IP Setup of Window 2000............................................................................................82H30
20H4.2.3. Check the TCP/IP Setup of Window XP...............................................................................................83H33
21HChapter 5. Web Interface Configuration .........................................................................................................84H36
22H5.1 System Configuration.............................................................................................................................85H38
23H5.1.1 Configuration Wizard............................................................................................................................86H38
24H5.1.2 System Information...............................................................................................................................87H47
25H5.1.3 WAN1 Configuration ............................................................................................................................88H48
26H5.1.4 WAN2 Configuration ............................................................................................................................89H50
27H5.1.5 LAN1 / LAN2 Configuration................................................................................................................90H51
28H5.2 Network Configuration...........................................................................................................................91H56
29H5.2.1 Network Address Translation................................................................................................................92H56
30H5.2.2 Privilege List.........................................................................................................................................93H59
31H5.2.3 Monitor IP List......................................................................................................................................94H62
Table of Contents
Air Live IAS-2000 User’s Manual V1.0.
ii
32H5.2.4 Walled Garden List................................................................................................................................95H64
33H5.2.5 Proxy Server Properties.........................................................................................................................96H64
34H5.2.6 Dynamic DNS.......................................................................................................................................97H65
35H5.2.7 IP Mobility ............................................................................................................................................98H66
36H5.3 User Authentication................................................................................................................................99H66
37H5.3.1 Authentication Configuration................................................................................................................100H67
38H5.3.2 Policy Configuration.............................................................................................................................101H86
39H5.3.3 Black List Configuration.......................................................................................................................102H91
40H5.3.4 Guest User Configuration......................................................................................................................103H94
41H5.3.5 Additional Configuration ......................................................................................................................104H95
42H5.4 Utilities .................................................................................................................................................105H101
43H5.4.1 Change Password................................................................................................................................106H101
44H5.4.2 Backup/Restore Setting.......................................................................................................................107H102
45H5.4.3 Firmware Upgrade ..............................................................................................................................108H103
46H5.4.4 Restart .................................................................................................................................................109H104
47H5.5 Status ....................................................................................................................................................110 H105
48H5.5.1 System Status......................................................................................................................................111H106
49H5.5.2 Interface Status....................................................................................................................................112H108
50H5.5.3 Current Users ......................................................................................................................................113H 110
51H5.5.4 Traffic History.....................................................................................................................................114H111
52H5.5.5 Notification Configuration..................................................................................................................115H115
53H5.5.6 Online Report......................................................................................................................................116H116
54H5.6 Help ......................................................................................................................................................117H118
55HAppendix A External Network Access..............................................................................................................118H119
56HAppendix B Console Interface Configuration.................................................................................................119 H121
57HAppendix C Specifications................................................................................................................................120H124
58H1. Hardware Specification..................................................................................................................................121H124
59H2. Technical Specification..................................................................................................................................122H124
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
1
Chapter 1. Before You Start
1.1 Audience
This manual is intended for the system or network administrators with the networking knowledge to complete the
step by step instructions in order to use IAS-2000 for a better management of network system and user data.
1.2 Document Signal
For any caution or warning that requires special attention of readers, a highlight box with the eye-catching italic font
is used as below:
Warning: For security purposes, you should immediately change the Administrator’s password.
indicates that clicking this button will return to the homepage of this section.
indicates that clicking this button will return to the previous page.
indicates that clicking this button will apply all of your settings.
indicates that clicking this button will clear what you set before these settings are applied.
1.3 Glossary
802.11 standard
A family of wireless Local Area Network specifications. The 802.11b standard in particular is seeing widespread
acceptance and deployment in corporate campuses as well as commercial facilities such as airports and coffee
shops that want to offer wireless networking service to their patrons.
802.11a
An IEEE specification for wireless networking that operates in the 5 GHz frequency range (5.725 GHz to 5.850 GHz)
with a maximum of 54 Mbps data transfer rate. The 5 GHz frequency band is not as crowded as the 2.4 GHz
frequency, because the 802.11a specification offers more radio channels than the 802.11b. These additional
channels can help avoid radio and microwave interference.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
2
802.11b
International standard for wireless networking that operates in the 2.4 GHz frequency range (2.4 GHz to 2.4835 GHz)
and provides a throughput up to 11 Mbps. This is a very commonly used frequency. Microwave ovens, cordless
phones, medical and scientific equipment, as well as Bluetooth devices, all work within the 2.4 GHz frequency band.
802.11g
Similar to 802.11b, but this standard provides a throughput up to 54 Mbps. It also operates in the 2.4 GHz frequency
band but uses a different radio technology in order to boost overall bandwidth.
VLAN
Defines changes to Ethernet frames that will enable them to carry VLAN information. It allows switches to assign
end-stations to different virtual LANs, and defines a standard way for VLANs to communicate across switched
networks.
Four bytes have been added to the Ethernet frame for this purpose, causing the maximum Ethernet frame length to
increase from 1518 to 1522 bytes. In these 4 bytes, 3 bits allow for up to eight priority levels and 12 bits identify one
of 4,094 different VLANs. 802.3ac will define the specifics of these changes for Ethernet frames.
802.1x
802.1x is a security standard for wired and wireless LANs. It encapsulates EAP processes into Ethernet packets
instead of using the protocol's native PPP (Point-to-Point Protocol) environment, thus reducing some network
overhead. It also puts the bulk of the processing burden upon the client (called a supplicant in 802.1x parlance) and
the authentication server (such as a RADIUS), letting the "authenticator" middleman simply pass the packets back
and forth. Because the authenticator does so little, its role can be filled by a device with minimal processing power,
such as an access point on a wireless network.
802.3ad
802.3ad is an IEEE standard for bonding or aggregating multiple Ethernet ports into one virtual interface (also
known as trunking). The aggregated ports appear as a single IP address to your computer and applications. This
means no application changes are required. The advantages of aggregation are that the virtual interface provides
increased bandwidth by merging the bandwidth of the individual ports. The TCP connection load is then balanced
across the ports. In addition to load balancing, 802.3ad provides automatic fail-over in the event any port or cable
fails. All traffic that was being routed over the failed port is automatically re-routed to use one of the remaining ports.
This fail-over is completely transparent to the application software using the connection.
Access Point
A device that allows wireless-equipped computers and other devices to communicate with a wired network. It is also
used to expand the range of a wireless network.
Bandwidth
The amount of transmission capacity that is available on a network at any point in time. Available bandwidth
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
3
depends on several variables such as the rate of data transmission speed between networked devices, network
overhead, number of users, and the type of device used to connect PCs to a network. It is similar to a pipeline in that
capacity is determined by size: the wider the pipe, the more water can flow through it; the more bandwidth a network
provides, the more data can flow through it. Standard 802.11b provides a bandwidth of 11 Mbps; 802.11a and
802.11g provide a bandwidth of 54 Mbps.
Baud Rate
A measure of the number of times per second a signal in a communications channel changes state. The state is
usually voltage level, frequency, or phase angle.
Beacon Interval
The frequency interval of the beacon, which is a packet broadcast by a router to synchronize a wireless network.
Bit
A binary digit.
Boot
To start a device and cause it to load executing instructions.
Bridge
A product that connects a local area network (LAN) to another local area network that uses the same protocol (for
example, wireless, Ethernet or token ring). Wireless bridges are commonly used to link buildings in campuses.
Broadband
A comparatively fast Internet connection. Services such as ISDN, cable modem, DSL and satellite are all considered
broadband as compared to dial-up Internet access. There is no official speed definition of broadband but services of
100Kbps and above are commonly thought of as broadband.
Browser
A browser is an application program that provides a way to look at and interact with all the information on the World
Wide Web.
Cable Modem
A kind of converter used to connect a computer to a cable TV service that provides Internet access. Most cable
modems have an Ethernet out-cable that attaches to the user's Wi-Fi gateway.
Client devices
Clients are the end users. Wi-Fi client devices include PC Cards that slide into laptop computers, mini-PCI modules
embedded in laptop computers and mobile computing devices, as well as USB radios and PCI/ISA bus Wi-Fi radios.
Client devices usually communicate with hub devices like access points and gateways.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
4
CTS
Clear To Send. A signal sent by a device to indicate that it is ready to receive data.
Database
A collection of data that is organized so that its contents can easily be accessed, managed, and updated.
DDNS
Dynamic Domain Name System. The capability of having a website, FTP, or e-mail server with a dynamic IP
address using a fixed domain name.
Default Gateway
A device that forwards Internet traffic from your local area network.
DHCP
A utility that enables a server to dynamically assign IP addresses from a predefined list and limit their time of use so
that they can be reassigned. Without DHCP, an IT Manager would have to manually enter in all the IP addresses of
all the computers on the network. When DHCP is used, whenever a computer logs onto the network, it automatically
gets an IP address assigned to it.
DHCP Servers
Dynamic Host Configuration Protocol Servers. PCs and other network devices using dynamic IP addressing are
assigned a new IP address by a DHCP server. The PC or network device obtaining an IP address is called the
DHCP client. DHCP frees you from having to assign IP addresses manually every time a new user is added to your
network.
A DHCP server can either be a designated PC on the network or another network device, such as the Router. By
default, the Router’s DHCP server function is enabled.
If you already have a DHCP server running on your network, you must disable one of the two DHCP servers. If you
run more than one DHCP server on your network, you will experience network errors, such as conflicting IP
addresses.
Diversity Antenna
A type of antenna system that uses two antennas to maximize reception and transmission quality and reduce
interference.
DMZ
Demilitarized Zone. A computer or small subnetwork that sits between a trusted internal network, such as a
corporate private LAN, and an distrusted external network, such as the public Internet.
Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP
(e-mail) servers and DNS servers.
The term comes from military use, meaning a buffer area between two enemies.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
5
DNS
A program that translates URLs to IP addresses by accessing a database maintained on a collection of Internet
servers. The program works behind the scenes to facilitate surfing the Web with alpha versus numeric addresses. A
DNS server converts a name like mywebsite.com to a series of numbers like 107.22.55.26. Every website has its
own specific IP address on the Internet.
Domain Name
The unique name that identifies an Internet site. Domain Names always have 2 or more parts, separated by dots.
The part on the left is the most specific, and the part on the right is the most general.Agiven machine may have
more than one Domain Name but a given Domain Name points to only one machine.
DoS Attack
A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic.
Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For
all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by
the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers.
Download
To receive a file transmitted over a network.
DTIM
Delivery Traffic Indication Message. A message included in data packets that can increase wireless efficiency.
Dynamic IP Address
A temporary IP address assigned by a DHCP server.
Encryption
Encoding data to prevent it from being read by unauthorized people.
Encryption key
An alphanumeric (letters and/or numbers) series that enables data to be encrypted and then decrypted so it can be
safely shared among members of a network. WEP uses an encryption key that automatically encrypts outgoing
wireless data. On the receiving side, the same encryption key enables the computer to automatically decrypt the
information so it can be read.
ESSID
The identifying name of an 802.11 wireless network. When you specify your correct ESSID in your client setup you
ensure that you connect to your wireless network rather than another network in range. (See SSID.) The ESSID can
be called by different terms, such as Network Name, Preferred Network, SSID or Wireless LAN Service Area.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
6
Ethernet
International standard networking technology for wired implementations. Basic 10BaseT networks offer a bandwidth
of about 10 Mbps. Fast Ethernet (100 Mbps) and Gigabit Ethernet (1000 Mbps) are becoming popular.
Firewall
A system that secures a network and prevents access by unauthorized users. Firewalls can be software, hardware
or a combination of both. Firewalls can prevent unrestricted access into a network, as well as restrict data from
flowing out of a network.
Firmware
1. In network devices, the program that runs the device.
2. Program loaded into read-only memory (ROM) or programmable read-only memory (PROM) that cannot be
altered by end-users.
Fragmentation
Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size
of the packet.
FTP
File Transfer Protocol. A standard protocol for sending files between computers over a TCP/IP network and the
Internet.
Full Duplex
The ability of a networking device to receive and transmit data simultaneously.
Gateway
In the wireless world, a gateway is an access point with additional software capabilities such as providing NAT and
DHCP. Gateways may also provide VPN support, roaming, firewalls, various levels of security, etc.
Half Duplex
Data transmission that can occur in two directions over a single line, but only one direction at a time.
Hardware
The physical aspect of computers, telecommunications, and other information technology devices.
Hotspot
A place where you can access Wi-Fi service. This can be for free or for a fee. HotSpots can be inside a coffee shop,
airport lounge, train station, convention center, hotel or any other public meeting area. Corporations and campuses
are also implementing Hot Spots to provide wireless Internet access to their visitors and guests. In some parts of the
world, Hot Spots are known as Cool Spots.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
7
HTTP
HyperText Transport Protocol. The communications protocol used to connect to servers on the World Wide Web.
IEEE
Institute of Electrical and Electronics Engineers, New York, www.ieee.org. A membership organization that includes
engineers, scientists and students in electronics and allied fields. It has more than 300,000 members and is involved
with setting standards for computers and communications.
Internet appliance
A computer that is intended primarily for Internet access is simple to set up and usually does not support installation
of third-party software. These computers generally offer customized web browsing, touch-screen navigation, e-mail
services, entertainment and personal information management applications. An Internet appliance can be Wi-Fi
enabled or it can be connected via a cable to the local network.
Infrastructure
Currently installed computing and networking equipment.
Infrastructure Mode
Configuration in which a wireless network is bridged to a wired network via an access point.
IP
Internet Protocol. A set of rules used to send and receive messages at the Internet address level.
IP address
A 32-bit number that identifies each sender or receiver of information that is sent across the Internet. An IP address
has two parts: an identifier of a particular network on the Internet and an identifier of the particular device (which can
be a server or a workstation) within that network.
IPsec
IP Security. A set of protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec
has been deployed widely to implement Virtual Private Networks (VPNs).
IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion
(payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the
header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet.
For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a
protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which
allows the receiver to obtain a public key and authenticate the sender using digital certificates.
ISDN
Integrated Services Digital Network. A type of broadband Internet connection that provides digital service from the
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
8
customer's premises to the dial-up telephone network. ISDN uses standard POTS copper wiring to deliver voice,
data or video.
ISP
Internet Service Provider. A company that provides access to the Internet.
LAN
Local Area Network. A system of connecting PCs and other devices within the same physical proximity for sharing
resources such as an Internet connections, printers, files and drives. When Wi-Fi is used to connect the devices, the
system is known as a wireless LAN or WLAN.
LDAP
Lightweight Directory Access Protocol. A set of protocols for accessing information directories. LDAP is based on
the standards contained within the X.500 standard, but is significantly simpler. And unlike X.500, LDAP supports
TCP/IP, which is necessary for any type of Internet access. Because it's a simpler version of X.500, LDAP is
sometimes called X.500-lite.
Although not yet widely implemented, LDAP should eventually make it possible for almost any application running
on virtually any computer platform to obtain directory information, such as email addresses and public keys.
Because LDAP is an open protocol, applications need not worry about the type of server hosting the directory.
Local User
A user that has signed up for an account from a specific ezboard community, enabling the user to participate only in
that ezboard as a registered user. Global user registration from the ezboard home page is recommended for full
access to all ezboard communities and the Control Center.
MAC
Media Access Control. Every wireless 802.11 device has its own specific MAC address hard-coded into it. This
unique identifier can be used to provide security for wireless networks. When a network uses a MAC table, only the
802.11 radios that have had their MAC addresses added to that network's MAC table will be able to get onto the
network.
Mbps
Megabits Per Second. One million bits per second; a unit of measurement for data transmission.
NAT
Network Address Translation. A network capability that enables a houseful of computers to dynamically share a
single incoming IP address from a dial-up, cable or xDSL connection. NAT takes the single incoming IP address and
creates new IP address for each client computer on the network.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
9
Network
A series of computers or devices connected for the purpose of data sharing, storage, and/or transmission between
users.
Node
A network junction or connection point, typically a computer or work station.
Packet
A unit of data sent over a network.
Passphrase
Used much like a password, a passphrase simplifies the WEP encryption process by automatically generating the
WEP encryption keys for the company products.
POP
Post Office Protocol. Short for Post Office Protocol, a protocol used to retrieve e-mail from a mail server. Most e-mail
applications (sometimes called an e-mail client) use the POP protocol, although some can use the newer IMAP
(Internet Message Access Protocol).
There are two versions of POP. The first, called POP2, became a standard in the mid-80's and requires SMTP to
send messages. The newer version, POP3, can be used with or without SMTP.
POP3
Post Office Protocol 3. A standard protocol used to retrieve e-mail stored on a mail server.
Port
1. The connection point on a computer or networking device used for plugging in a cable or an adapter.
2. The virtual connection point through which a computer uses a specific application on a server.
PPPoE
Point-to- Point Protocol over Ethernet. PPPoE relies on two widely accepted standards: PPP and Ethernet. PPPoE
is a specification for connecting the users on an Ethernet to the Internet through a common broadband medium,
such as a single DSL line, wireless device or cable modem. All the users over the Ethernet share a common
connection, so the Ethernet principles supporting multiple users in a LAN combine with the principles of PPP, which
apply to serial connections.
PPTP
Point-to-Point Tunneling Protocol. A new technology for creating Virtual Private Networks (VPNs), developed jointly
by Microsoft Corporation, U.S. Robotics, and several remote access vendor companies, known collectively as the
PPTP Forum. A VPN is a private network of computers that uses the public Internet to connect some nodes.
Because the Internet is essentially an open network, the Point-to-Point Tunneling Protocol (PPTP) is used to ensure
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
10
that messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to their
corporate network via the Internet.
Plug and Play
A computer system feature that provides automatic configuration of add-ons and peripheral devices such as
wireless PC Cards, printers, scanners and multimedia devices.
Proxy server
Used in larger companies and organizations to improve network operations and security, a proxy server is able to
prevent direct communication between two or more networks. The proxy server forwards allowable data requests to
remote servers and/or responds to data requests directly from stored remote server data.
RADIUS
Remote Authentication Dial-In User Service. An authentication and accounting system used by many Internet
Service Providers (ISPs). When you dial in to the ISP you must enter your username and password. This
information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access
to the ISP system.
Though not an official standard, the RADIUS specification is maintained by a working group of the IETF.
Range
Most Wi-Fi systems will provide a range of a hundred feet or more. Depending on the environment and the type of
antenna used, Wi-Fi signals can have a range of up to mile.
RJ-45
Standard connectors used in Ethernet networks. Even though they look very similar to standard RJ-11 telephone
connectors, RJ-45 connectors can have up to eight wires, whereas telephone connectors have only four.
Roaming
Moving seamlessly from one AP coverage area to another with no loss in connectivity.
Router
A device that forwards data packets from one local area network (LAN) or wide area network (WAN) to another.
Based on routing tables and routing protocols, routers can read the network address in each transmitted frame and
make a decision on how to send it via the most efficient route based on traffic load, line costs, speed, bad
connections, etc.
RTS
Request To Send. A packet sent when a computer has data to transmit. The computer will wait for a CTS (Clear To
Send) message before sending data.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
11
Server
Any computer whose function in a network is to provide user access to files, printing, communications, and other
services.
SMTP
Simple Mail Transfer Protocol. The standard e-mail protocol on the Internet.
SNMP
Simple Network Management Protocol. A set of protocols for managing complex networks. The first versions of
SNMP were developed in the early 80s. SNMP works by sending messages, called protocol data units (PDUs), to
different parts of a network. SNMP-compliant devices, called agents, store data about themselves in Management
Information Bases (MIBs) and return this data to the SNMP requesters.
Software
Instructions for the computer. A series of instructions that performs a particular task is called a "program".
SOHO
Small Office/Home Office. A term generally used to describe an office or business with ten or fewer computers
and/or employees.
SSID
Service Set Identifier. A 32-character unique identifier attached to the header of packets sent over a WLAN that acts
as a password when a mobile device tries to connect to the BSS. (Also called ESSID.) The SSID differentiates one
WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the
same SSID. A device will not be permitted to join the BSS unless it can provide the unique SSID. Because an SSID
can be sniffed in plain text from a packet, it does not supply any security to the network. An SSID is also referred to
as a Network Name because essentially it is a name that identifies a wireless network.
SSH
Developed by SSH Communications Security Ltd., Secure Shell is a program to log into another computer over a
network, to execute commands in a remote machine, and to move files from one machine to another. It provides
strong authentication and secure communications over insecure channels. It is a replacement for rlogin, rsh, rcp,
and rdist.
SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. An attacker who
has managed to take over a network can only force ssh to disconnect. He or she cannot play back the traffic or
hijack the connection when encryption is enabled.
When using ssh's login (instead of rlogin) the entire login session, including transmission of password, is encrypted;
therefore it is almost impossible for an outsider to collect passwords.
SSH is available for Windows, Unix, Macintosh, and OS/2, and it also works with RSA authentication.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
12
SSL
Secure Sockets Layer. Commonly used encryption scheme used by many online retail and banking sites to protect
the financial integrity of transactions. When an SSL session begins, the server sends its public key to the browser.
The browser then sends a randomly generated secret key back to the server in order to have a secret key exchange
for that session.
Static IP Address
A fixed address assigned to a computer or device that is connected to a network.
Subnet Mask
An address code that determines the size of the network.
Subnetwork or Subnet
Found in larger networks, these smaller networks are used to simplify addressing between numerous computers.
Subnets connect to the central network through a router, hub or gateway. Each individual wireless LAN will probably
use the same subnet for all the local computers it talks to.
Switch
A type of hub that efficiently controls the way multiple devices use the same network so that each can operate at
optimal performance. A switch acts as a networks traffic cop: rather than transmitting all the packets it receives to all
ports as a hub does, a switch transmits packets to only the receiving port.
TCP
A protocol used along with the Internet Protocol (IP) to send data in the form of individual units (called packets)
between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care
of keeping track of the packets that a message is divided into for efficient routing through the Internet. For example,
when a web page is downloaded from a web server, the TCP program layer in that server divides the file into
packets, numbers the packets, and then forwards them individually to the IP program layer. Although each packet
has the same destination IP address, it may get routed differently through the network. At the other end, TCP
reassembles the individual packets and waits until they have all arrived to forward them as a single file.
TCP/IP
The underlying technology behind the Internet and communications between computers in a network. The first part,
TCP, is the transport part, which matches the size of the messages on either end and guarantees that the correct
message has been received. The IP part is the user's computer address on a network. Every computer in a TCP/IP
network has its own IP address that is either dynamically assigned at startup or permanently assigned. All TCP/IP
messages contain the address of the destination network as well as the address of the destination station. This
enables TCP/IP messages to be transmitted to multiple networks (subnets) within an organization or worldwide.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
13
TFTP
Trivial File Transfer Protocol. A version of the TCP/IP FTP protocol that uses UDP and has no directory or password
capability.
UDP
User Datagram Protocol. A network protocol for transmitting data that does not require acknowledgement from the
recipient of the data that is sent.
Upgrade
To replace existing software or firmware with a newer version.
Upload
To transmit a file over a network.
URL
Uniform Resource Locator. The address of a file located on the Internet.
VoIP
Voice transmission using Internet Protocol to create digital packets distributed over the Internet. VoIP can be less
expensive than voice transmission using standard analog packets over POTS (Plain Old Telephone Service).
VPN
Virtual Private Network. A type of technology designed to increase the security of information transferred over the
Internet. VPN can work with either wired or wireless networks, as well as with dial-up connections over POTS. VPN
creates a private encrypted tunnel from the end user's computer, through the local wireless network, through the
Internet, all the way to the corporate servers and database.
Walled Garden
On the Internet, a walled garden refers to a browsing environment that controls the information and Web sites the
user is able to access. This is a popular method used by ISPs in order to keep the user navigating only specific
areas of the Web, whether for the purpose of shielding users from information -- such as restricting children's access
to pornography -- or directing users to paid content that the ISP supports. America Online is a good example of an
ISP that places users in a walled garden.
Schools are increasingly using the walled garden approach in creating browsing environments in their networks.
Students have access to only limited Web sites, and teachers need a password in order to leave the walled garden
and browse the Internet in its entirety.
The term walled garden also commonly refers to the content that wireless devices such as mobile phones have
access to if the content provided by the wireless carrier is limited.
Chapter 1. Before You Start
Air Live IAS-2000 User’s Manual V1.0.
14
WAN
Wide Area Network. A communication system of connecting PCs and other computing devices across a large local,
regional, national or international geographic area. Also used to distinguish between phone-based data networks
and Wi-Fi. Phone networks are considered WANs and Wi-Fi networks are considered Wireless Local Area Networks
(WLANs).
WEP
Wired Equivalent Privacy. Basic wireless security provided by Wi-Fi. In some instances, WEP may be all a home or
small-business user needs to protect wireless data. WEP is available in 40-bit (also called 64-bit), or in 108-bit (also
called 128-bit) encryption modes. As 108-bit encryption provides a longer algorithm that takes longer to decode, it
can provide better security than basic 40-bit (64-bit) encryption.
Wi-Fi
Wireless Fidelity. An interoperability certification for wireless local area network (LAN) products based on the
Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards.
WLAN
Wireless Local Area Network. Also referred to as LAN. A type of local-area network that uses high-frequency radio
waves rather than wires to communicate between nodes.
WPA-Enterprise (Wi-Fi Protected Access)
Stands for Wi-Fi Protected Access – Enterprise. It is Wi-Fi’s encryption method that protects unauthorized network
access by verifying network users through a server.
WPA-Personal
Stands for Wi-Fi Protected Access – Personal. It is Wi-Fi’s encryption method that protects unauthorized network
access by utilizing a set-up password.
WPA2
Wi-Fi Protected Access version 2. The follow on security method to WPA for Wi-Fi networks that provides stronger
data protection and network access control.
Chapter 2. Overview
Air Live IAS-2000 User’s Manual V1.0.
15
Chapter 2. Overview
2.1 Introduction of IAS-2000
IAS-2000 is a Network Access Control System specially designed for simple small and middle-scaled wireless
network environments while retaining network efficiency. IAS-2000 delivers “manageability”, “efficiency” and
“friendly interface” and suits perfectly for campuses (or libraries, gymnasiums, etc.), small and middle enterprises,
factories, Hotspots and community hospitals.
Quick Installation‧Get Online Immediately
The installation and setup of IAS-2000 can be easily done without changing the existing network architecture. The
system can be installed and logged within a short amount of time to establish the security mechanism. With the
protection by IAS-2000, users must be authenticated before logging in to the network, and the administrator can
assign a fine-grained priority to each user stratifying the scope and right of using network resources.
Friendly Management and Application Interfaces
IAS-2000 is not only easy to install, but also has multilingual management interface with operation logic that is easy
to use. All of the functions of the system can be performed with a simple few clicks. The full web-based management
interface allows users to operate and manage the system online via a browser. Users can easily log on to the
authenticated LAN ports via the browser without any additional software installation.
Integrating the Existing User Password Database
In general, most organizations use specific database system to centralize and manage user passwords before
introducing the wireless network into the organization. IAS-2000 supports Local, POP3 (+SSL), RADIUS and LDAP
external Public LAN mechanisms, and allows integration of the current user password database. This system also
provides a built-in user database, so that the administrator can create or upload the Public LAN data by a batch
process.
2.2 System Concept
IAS-2000 is responsible for controlling all network data passing through the system. The users under the managed
network must be authenticated in order to obtain the right to access the network beyond the managed area. The
authentication mechanism at the user’s end is provided by the IAS-2000 server, and the SSL encryption is used to
protect the webpage. In the system, IAS-2000 is responsible for authentication, authorization, and management
Chapter 2. Overview
Air Live IAS-2000 User’s Manual V1.0.
16
functions. The user account information is stored in the IAS-2000 database, or other specified external
authentication databases.
The process of authenticating the user’s identity is executed via the SSL encrypted webpage. Using the web
interface, it can be ensured that the system is compatible to most desktop systems and palm computers. When a
user authentication is requested, the IAS-2000 server software will check the authentication database at the rear
end to confirm the user’s access right. The authentication database can be the local database of IAS-2000 or any
external database that IAS-2000 supports. If the user is not an authorized user, IAS-2000 will refuse the user’s
request for the access. In the meantime, IAS-2000 will also continue blocking the user from accessing the network.
If the user is an authorized user, then IAS-2000 will authorize the user with an appropriate access right, so that the
user can use the network. If the online user remains idle without using the network for a time exceeding a
predetermined idle time on IAS-2000 or the online user logs out of the system, IAS-2000 will exit the working stage
of such user and terminate the user’s access right of the network.
The following figure provides a simple example of setting up a small enterprise network. IAS-2000 is set to control a
part of the company’s intranet. The whole managed network includes cable network users and wireless network
users. In the beginning, any user located at the managed network is unable to access the network resource without
permission. If the access right to the network beyond the managed area is required, an Internet browser such as the
Internet Explorer must be opened and a connection to any website must be performed. When the browser attempts
to connect to a website, IAS-2000 will force the browser to redirect to the user login webpage. The user must enter
the username and password for authentication. After the identity is authenticated successfully, the user will gain
proper access right defined on IAS-2000.
Chapter 2. Overview
Air Live IAS-2000 User’s Manual V1.0.
17
Attention: Public LAN
is
referred to as
the LAN port with
the
authentication function
enabled
from
where
the
Authentication is required for the users to get access
of the network;
And,
Private LAN
is referred to as the LAN
port with the authentication function
disabled.
Another setup example is shown in the following figure. The WAN1 and WAN2 of IAS-2000 simultaneously supports
the Switch of 802.3ad (Support Port Trunk), and the bandwidth of the Switch will be the sum of the WAN1 and WAN2
bandwidths, which aims at eliminating the bottleneck caused by the narrow bandwidth between IAS-2000 and the
802.3ad Switch.
Table of contents
Other AirLive Gateway manuals
AirLive
AirLive MW-1000S User manual
AirLive
AirLive RS-3000 User manual
AirLive
AirLive RS-2500 User manual
AirLive
AirLive MW-2000S User manual
AirLive
AirLive MW-2000SV2 User manual
AirLive
AirLive IGR-1500 User manual
AirLive
AirLive IGR-2500 User manual
AirLive
AirLive RS-1200 User manual
AirLive
AirLive AirMax4GW User manual
AirLive
AirLive RS-2000 User manual
AirLive
AirLive IAS-2000 V2 User manual
AirLive
AirLive VOIP-111A User manual
AirLive
AirLive VH-4GW User manual
AirLive
AirLive RS-1200 User manual
AirLive
AirLive RS-2000 User manual
AirLive
AirLive AirMax4GW User manual
AirLive
AirLive AirMax4GW User manual
AirLive
AirLive RS-1200 User manual
AirLive
AirLive IGR-1500 User manual
AirLive
AirLive SKY-211 User manual
