Atel Iwe1200a-g User manual

,:($*

USER’S MANUAL

IEEE 802.11b

Hotspot Access Gateway

(Wired and Wireless Editions)

User’s Guide

Version: 1.8

Last Updated: 11/24/2004

Federal Communication Commission Interference Statement

This equipment has been tested and found to comply with the limits for a Class B digital device, pur-

suant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against

harmful interference in a residential installation. This equipment generates, uses and can radiated ra-

dio frequency energy and, if not installed and used in accordance with the instructions, may cause

harmful interference to radio communications. However, there is no guarantee that interference will

not occur in a particular installation. If this equipment does cause harmful interference to radio or

television reception, which can be determined by turning the equipment off and on, the user is en-

couraged to try to correct the interference by one of the following measures:

Reorient or relocate the receiving antenna.



Increase the separation between the equipment and receiver.

Connect the equipment into an outlet on a circuit different from that to which the receiver is con-

nected.

Consult the dealer or an experienced radio/TV technician for help.

FCC Caution: To assure continued compliance, (example – use only shielded interface cables when

connecting to computer or peripheral devices). Any changes or modifications not expressly approved

by the party responsible for compliance could void the user’s authority to operate this equipment.

FCC Radiation Exposure Statement

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environ-

ment. This equipment should be installed and operated with minimum distance 20 cm between the ra-

diator & your body.

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two condi-

tions: (1) This device may not cause harmful interference, and (2) this device must accept any inter-

ference received, including interference that may cause undesired operation.

R&TTE Compliance Statement

This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN

PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication

terminal equipment and the mutual recognition of their conformity (R&TTE).

The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Termi-

nal Equipment and Satellite Earth Station Equipment) as of April 8, 2000.

Safety

This equipment is designed with the utmost care for the safety of those who install and use it. How-

ever, special attention must be paid to the dangers of electric shock and static electricity when work-

ing with electrical equipment. All guidelines of this and of the computer manufacture must therefore

be allowed at all times to ensure the safe use of the equipment.

EU Countries Intended for Use

The ETSI version of this device is intended for home and office use in Austria, Belgium, Denmark,

Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, Portugal, Spain, Sweden, The Neth-

erlands, and United Kingdom.

The ETSI version of this device is also authorized for use in EFTA member states Norway and Swit-

zerland.

EU Countries Not Intended for Use

None.

Table of Contents

1. Introduction ......................................................................................................................... 1

1.1. Overview...................................................................................................................1

1.2. Features.................................................................................................................... 1

1.3. Feature Comparison ................................................................................................. 6

1.4. LED Definitions ......................................................................................................... 6

2. First-Time Installation and Configuration ............................................................................ 8

2.1. Powering the WLAN Hotspot Access Gateway ........................................................ 8

2.2. Mounting the WLAN Hotspot Access Gateway on a Wall ........................................ 8

2.3. Preparing for Configuration....................................................................................... 8

2.3.1. Connecting the Managing Computer and the WLAN Hotspot Access

Gateway ................................................................................................................... 9

2.3.2. Changing the TCP/IP Settings of the Managing Computer ............................ 9

2.4. Configuring the WLAN Hotspot Access Gateway................................................... 10

2.4.1. Entering the User Name and Password ....................................................... 10

2.4.2. ConfigWizard Step 1: Selecting an Operational Mode ................................. 12

2.4.3. ConfigWizard Step 2: Configuring TCP/IP Settings...................................... 13

2.4.3.1. Gateway with a PPPoE-Based DSL/Cable Connection ..................... 13

2.4.3.2. Gateway with a DHCP-Based DSL/Cable Connection....................... 13

2.4.3.3. Gateway with a Static-IP DSL/Cable Connection............................... 14

2.4.3.4. Gateway with Multiple DSL/Cable Connections ................................. 15

2.4.4. ConfigWizard Step 3: Configuring IEEE 802.11 Settings ............................. 15

2.4.5. ConfigWizard Step 4: Reviewing and Applying Settings .............................. 16

2.4.6. Configuring User Authentication Settings..................................................... 17

2.4.6.1. Web Redirection................................................................................. 17

2.4.6.2. IEEE 802.1x ....................................................................................... 17

2.4.7. Configuring RADIUS Settings....................................................................... 18

2.5. Deploying the WLAN Hotspot Access Gateway ..................................................... 19

2.6. Setting up Client Computers................................................................................... 19

2.6.1. Configuring IEEE 802.11b-Related Settings ................................................ 20

2.6.2. Configuring TCP/IP-Related Settings ........................................................... 20

2.7. Confirming the Settings of the WLAN Hotspot Access Gateway and Client

Computers ..................................................................................................................... 20

3. Using Web-Based Network Manager................................................................................ 23

3.1. Overview................................................................................................................. 23

3.1.1. Menu Structure ............................................................................................. 23

3.1.2. Save, Save & Restart, and Cancel Commands............................................ 25

3.1.3. Home and Refresh Commands .................................................................... 26

3.2. Viewing Status ........................................................................................................ 27

3.2.1. Associated Wireless Clients ......................................................................... 27

3.2.2. Authenticated Users ..................................................................................... 27

3.2.3. Current DHCP Mappings.............................................................................. 28

3.2.4. System Log................................................................................................... 29

3.2.5. Outgoing and Incoming User Traffic Sessions ............................................. 29

3.2.6. Managed LAN Devices................................................................................. 30

3.3. General Operations ................................................................................................ 30

3.3.1. Specifying Operational Mode ....................................................................... 30

3.3.2. Changing Password ..................................................................................... 31

3.3.3. Managing Firmware...................................................................................... 31

3.3.3.1. Upgrading Firmware by HTTP............................................................ 32

3.3.3.2. Backing up and Restoring Configuration Settings by HTTP............... 32

3.3.3.3. Upgrading Firmware by TFTP ............................................................ 33

3.3.3.4. Backing up and Restoring Configuration Settings by TFTP ............... 34

iii

3.3.3.5. Resetting Configuration to Factory Defaults....................................... 36

3.3.3.6. Uploading a Certificate and a Private Key File................................... 36

3.3.4. Setting Time Zone ........................................................................................ 36

3.4. Configuring TCP/IP Related Settings ..................................................................... 37

3.4.1. Addressing.................................................................................................... 37

3.4.1.1. Gateway with a PPPoE-Based DSL/Cable Connection ..................... 37

3.4.1.2. Gateway with a DHCP-Based DSL/Cable Connection....................... 38

3.4.1.3. Gateway with a Static-IP DSL/Cable Connection............................... 38

3.4.1.4. Gateway with Multiple DSL/Cable Connections ................................. 39

3.4.2. DNS Proxy/Server ........................................................................................ 39

3.4.2.1. Basic................................................................................................... 40

3.4.2.2. Host Address Resolution.................................................................... 40

3.4.3. NAT Server................................................................................................... 41

3.4.3.1. Basic................................................................................................... 41

3.4.3.2. Static NAT Mappings.......................................................................... 41

3.4.3.3. Virtual Server Mappings ..................................................................... 42

3.4.4. DHCP Server................................................................................................ 43

3.4.4.1. Basic................................................................................................... 43

3.4.4.2. Static DHCP Mappings....................................................................... 44

3.4.5. Dynamic DNS ............................................................................................... 44

3.4.6. Bandwidth Management............................................................................... 45

3.4.6.1. LAN-to-WAN Load Balancing............................................................. 45

3.4.6.2. Client Bandwidth Control.................................................................... 46

3.4.7. PPTP Client .................................................................................................. 48

3.4.7.1. Basic................................................................................................... 49

3.4.7.2. Virtual Second LAN ............................................................................ 49

3.4.8. Zero Client Reconfiguration.......................................................................... 49

3.5. Configuring IEEE 802.11b-Related Settings........................................................... 50

3.5.1. Communication............................................................................................. 50

3.5.1.1. Basic................................................................................................... 50

3.5.1.2. AP Load Balancing............................................................................. 50

3.5.1.3. Wireless Distribution System.............................................................. 51

3.5.2. Security......................................................................................................... 52

3.5.2.1. Basic................................................................................................... 52

3.5.2.2. MAC-Address-Based Access Control ................................................ 54

3.5.2.3. IEEE 802.1x ....................................................................................... 55

3.6. Configuring Authentication Settings........................................................................ 56

3.6.1. Web Redirection ........................................................................................... 56

3.6.1.1. Basic................................................................................................... 56

3.6.1.2. Unrestricted Clients ............................................................................ 59

3.6.1.3. Walled Garden ................................................................................... 60

3.6.2. RADIUS ........................................................................................................ 61

3.6.2.1. Basic................................................................................................... 61

3.6.2.2. Robustness ........................................................................................ 62

3.6.3. Authentication Session Control .................................................................... 62

3.6.4. Authentication Page Customization.............................................................. 63

3.6.4.1. Selecting an Authentication Page to Edit ........................................... 63

3.6.4.2. Log-On, Authentication Success, and Authentication Failure Pages . 63

3.7. Configuring Advanced Settings .............................................................................. 66

3.7.1. Filters and Firewall ....................................................................................... 66

3.7.1.1. Packet Filters...................................................................................... 66

3.7.1.2. VLAN .................................................................................................. 67

3.7.1.3. Firewall ............................................................................................... 67

3.7.1.4. URL Filters ......................................................................................... 68

3.7.2. Management................................................................................................. 68

3.7.2.1. Basic................................................................................................... 68

3.7.2.2. UPnP .................................................................................................. 69

3.7.2.3. System Log ........................................................................................ 69

3.7.2.4. SNMP ................................................................................................. 70

3.7.3. Auto Recovery .............................................................................................. 70

3.7.3.1. Link Integrity Detection....................................................................... 70

3.7.3.2. Periodical Restart ............................................................................... 71

3.7.4. LAN Device Management............................................................................. 71

Appendix A: Default Settings ................................................................................................ 73

Appendix B: Troubleshooting................................................................................................ 75

B-1: TCP/IP Settings Problems ..................................................................................... 75

B-2: Other Problems ...................................................................................................... 77

Appendix C: Additional Information....................................................................................... 79

C-1: Firmware Upgrade Using Xmodem Upgrade......................................................... 79

C-2: Distances and Data Rates ..................................................................................... 80

1. Introduction

1.1. Overview

The IEEE 802.11b Hotspot Access Gateway enables wireless ISPs, enterprises, or schools to deploy

WLANs with user authentication support. Authentication can be achieved using the Web redirection

technology or IEEE 802.1x Port-Based Network Access Control.

Based on the Web redirection technology, when an unauthenticated wireless user is trying to access a

Web page, a logon page is shown instead of the requested page, so that the user can type his/her user

name and password for authentication. Based on IEEE 802.1x, after a wireless client computer asso-

ciates with the built-in access point of the access gateway, the wireless client computer uses the

logged-on user’s user credential for authentication. The user credential can be user name/password (if

EAP-MD5 is used) or digital certificate (if EAP-TLS is used).

After the access gateway acquires the user credential either through Web redirection or IEEE 802.1x,

it sends the user credential to a back-end RADIUS (Remote Authentication User Dial-In Service)

server to see if the wireless user is allowed to access the Internet. Furthermore, if a user is IEEE

802.1x EAP-TLS authenticated, wireless data transmitted between the access gateway and the wire-

less client computer can be encrypted for better security.

In Chapter 2, we describe the steps to install and configure a newly acquired WLAN hotspot access

gateway. Following the steps, the WLAN hotspot access gateway can be quickly set up to work. In

Chapter 3, detailed explanations of each Web management page are given for the user to understand

how to fine-tune the settings of a WLAN hotspot access gateway to meet his or her specific needs. In

the remainder of this guide, a WLAN hotspot access gateway is referred to as a gateway for short.

1.2. Features





User Authentication, Authorization, and Accounting (AAA)

Web redirection. When an unauthenticated wireless user is trying to access a Web page,

he/she is redirected to a logon page for entering the user name and password. Then, the

user credential information is sent to a back-end RADIUS server for authentication.

Local pages or external pages. The access gateway can be configured to use

log-on, log-off, authentication success, and authentication failure pages, which are

stored in itself or stored in an external Web server maintained by the WISP. The con-

tents of local authentication pages can be customized.



CGI-Based Authentication. Username/password information can be sent by di-

rectly calling a CGI (Common Gateway Interface) function on the access gateway.

This feature is useful for authentication automation achieved by a specifically de-

signed program running on the wireless client computer.

Advertisement links. The log-off authentication page can be configured to show a

sequence of advertisement banners.

Unrestricted clients. Client computers with specific IP addresses or MAC ad-

dresses can bypass the Web redirection-based access control. The MAC address list

can be uploaded by TFTP.

Walled garden. Some specific URLs can be accessed without authentication. These

URLs can be exploited by WISPs for advertisement purposes.



SSL username/password protection. Username/password information sent by

a wireless client to the access gateway can be encrypted by SSL (Secure Socket

Layer).

IEEE 802.1x. If a wireless client computer supports IEEE 802.1x Port-Based Network

Access Control, the user of the computer can be authenticated by the access gateway and

wireless data can be encrypted when the digital-certificate-based EAP-TLS authentication

method is selected.



RADIUS client. The WLAN hotspot access gateway communicates with a back-end

RADIUS server for wireless user authentication, authorization, and accounting. Authenti-

cation methods, including EAP-MD5, EAP-TLS/EAP-TTLS, PAP, and CHAP are sup-

ported.



Robustness. To enhance AAA integrity, the access gateway can be configured to

notify the RADIUS server after it reboots.

Showing authenticated users. Showing the status and statistics of every RA-

DIUS-authenticated user. And an authenticated user can be terminated at any time for

management purposes.

Authentication session control. Several mechanisms are provided for the network

administrator to control user authentication session lifetimes.







IEEE 802.11b

Access point. The wireless access gateway is equipped with a built-in Access Point (AP),

which bridges packets between the wireless IEEE 802.11b network interface and the wired

Ethernet interface

64-bit and 128-bit WEP (Wired Equivalent Privacy). For authentication and data

encryption.



Enabling/disabling SSID broadcasts. The user can enable or disable the SSID

broadcasts functionality for security reasons. When the SSID broadcasts functionality is

disabled, a client computer cannot associate the wireless AP with an “any” network name

(SSID, Service Set ID); the correct SSID has to be specified on client computers.



MAC-address-based access control. Blocking unauthorized wireless client com-

puters based on MAC (Media Access Control) addresses.



Repeater. A wireless AP can communicate with other wireless APs via WDS (Wireless

Distribution System). Therefore, the wireless AP can wirelessly forward packets from

wireless clients to another wireless AP, and then the later wireless AP forwards the packets

to the Ethernet network.



Wireless client isolation. Wireless-to-wireless traffic can be blocked so that the wire-

less clients cannot see each other. This capability can be used in hotspots applications to

prevent wireless hackers from attacking other wireless users’ computers.



AP load balancing. Several wireless APs can form a load-balancing group. Within a

group, wireless client associations and traffic load can be shared among the wireless APs.



Transmit power control. Transmit power of the wireless AP’s RF module can be ad-

justed to change RF coverage of the wireless AP.



Associated wireless clients status. Showing the status of every wireless client that is

associated with the wireless AP.



Detachable antennas. The factory-mounted antennas can be replaced with high-gain

antennas for different purposes.







Internet Connection Sharing

DNS proxy. The WLAN hotspot access gateway can forward DNS (Domain Name Sys-

tem) requests from client computers to DNS servers on the Internet. And DNS responses

from the DNS servers can be forwarded back to the client computers.

Host address resolution. The network administrator can specify static FQDN

(Fully Qualified Domain Name) to IP address mappings. Therefore, a host on the in-

ternal network can access a server also on the intranet by a registered FQDN.



DHCP server. The WLAN hotspot access gateway can automatically assign IP addresses

to client computers by DHCP (Dynamic Host Configuration Protocol).



Static DHCP mappings. The network administrator can specify static IP address

to MAC address mappings so that the specified IP addresses are always assigned to

the hosts with the specified MAC addresses.

Showing current DHCP mappings. Showing which IP address is assigned to

which host identified by an MAC address.

NAT server. Client computers can share a public IP address provided by an ISP (Internet

Service Provider) by NAT (Network Address Translation). And our NAT server function-

ality supports the following:



Virtual server. Exposing servers on the intranet to the Internet.

PPTP, IPSec, and L2TP passthrough. Passing VPN (Virtual Private Network)

packets through the intranet-Internet boundary. PPTP means Point-to-Point Tunneling

Protocol, IPSec means IP Security, and L2TP means Layer 2 Tunneling Protocol.

DMZ (DeMilitarized Zone). All unrecognized IP packets from the Internet can be

forwarded to a specific computer on the intranet.

Multiple public IP addresses support. An ISP may provide several public IP

addresses to a customer. The WLAN hotspot access gateway can map each of the

public IP addresses to a host with a private IP address on the intranet.

H.323 passthrough. Passing H.323 packets through the intranet-Internet boundary

so that users on the intranet can use VoIP (Voice over IP) applications.

MSN Messenger support. Supporting Microsoft MSN Messenger for chat, file

transfer, and real-time communication applications.

Session monitoring. Latest 50 incoming sessions and 50 outgoing sessions are

shown for monitoring user traffic.

DSL/Cable Modem Support. Supporting dynamic IP address assignment by PPPoE

Table of contents

Other Atel Gateway manuals

Atel

Atel AER-W80 User manual

Atel

Atel AXIS V810A Installation guide

Popular Gateway manuals by other brands

Telecom FM

Telecom FM onestream gfx Programming guide

UfiSpace

UfiSpace LoRa GPE810U Quick setup guide

Merak

Merak MMk-736F Quick setup guide

Robustel

Robustel R3010 user guide

turck

turck BL20-PG-EN-V3 user manual

IBM

IBM Security Web Gateway Appliance quick start guide

SSS Siedle

SSS Siedle Smart Gateway Commissioning instructions

ADTRAN

ADTRAN 424RG Installation

Chorus

Chorus Hyperfibre XGS-250WX-A user guide

Dragino

Dragino G308 user manual

Data Domain

Data Domain DD690g Installation and setup guide

Raritan

Raritan Laptop Release notes

Haivision

Haivision Torpedo quick start guide

ATCOM

ATCOM AG-268 user manual

LST

LST M500RFE-AS Specification sheet

Vega

Vega VEGA BS-3 user manual

Kinnex

Kinnex Media Gateway quick start guide

2N Telekomunikace

2N Telekomunikace 2N StarGate user manual

Atel IWE1200A-G User manual

Popular Gateway manuals by other brands