Pheenet Wms-308n User manual

Network Access Control

Gateway / Controller

User's Manual Ver.1.0.0 WMS-308N

TableofContents

Chapter 1. Before You Start ...............................................................................................................5

1.1 Preface.................................................................................................................................................... 5

1.2 Package Contents................................................................................................................................... 5

Chapter 2. System Overview..............................................................................................................6

2.1 Introduction of WMS-308N ...................................................................................................................... 6

2.2 System Concept...................................................................................................................................... 6

2.3 Specification ............................................................................................................................................ 7

Chapter 3. Base Installations ...........................................................................................................1

3.1 Installations ........................................................................................................................................... 14

3.1.1 System Requirements .............................................................................................................. 14

3.1.2 Panel Function Descriptions..................................................................................................... 14

3.1.3 Hardware Installation................................................................................................................ 16

3.2 Software Configuration.......................................................................................................................... 17

3.2.1 Getting Start ............................................................................................................................. 17

3.2.2 Quick Configuration.................................................................................................................. 19

3.2.3 Access Internet......................................................................................................................... 22

Chapter 4. Web Interface Configuration .........................................................................................23

4.1 Connect WMS-308N to the external Network...................................................................................... 24

4.1.1 Network Requirement............................................................................................................... 24

4.1.2 Configure WAN Port ................................................................................................................. 24

4.1.3 Configure WAN Traffic .............................................................................................................. 27

4.1.4 Configure Dynamic DNS .......................................................................................................... 29

4.1.5 Configure Local(LAN/VLAN) Network....................................................................................... 30

4.2 Manage the System .............................................................................................................................. 36

4.2.1 Configure System Time ............................................................................................................ 36

4.2.2 Configure Management ............................................................................................................ 37

4.2.3 Configure SNMP....................................................................................................................... 40

4.2.4 Backup / Restore and Reset to Factory.................................................................................... 41

4.2.5 Firmware Upgrade.................................................................................................................... 42

4.2.6 Network Utility .......................................................................................................................... 43

4.2.7 USB Storage Setup .................................................................................................................. 44

4.2.8 Format Database...................................................................................................................... 45

4.2.8 Reboot...................................................................................................................................... 46

4.3 Access To External Network With Service Domain ............................................................................... 47

4.3.1 Configure Service Domain........................................................................................................ 48

4.3.2 Configure Authentication .......................................................................................................... 53

4.3.2.1 Authentication Management .........................................................................................53

4.3.2.2 Configure Pregenerated Tickets ...................................................................................54

4.3.2.3 Configure On-Demand..................................................................................................59

4.3.2.3.1 Create Billing Plans..........................................................................................60

4.3.2.3.2 Create On-Demand Users ...............................................................................62

4.3.2.3.3 Configure External Payment Gateway .............................................................65

4.3.2.3.4 Configure Thermal Printer................................................................................68

4.3.2.3.5 Billing Plan Report ...........................................................................................73

4.3.2.3.6 Ticket Customization........................................................................................74

4.3.2.4 Configure Local Radius Accounts .................................................................................75

4.3.2.5 Configure Remote Radius Server.................................................................................78

4.3.2.6 Configure LDAP Server ................................................................................................79

4.3.2.7 Configure POP3 Server ................................................................................................80

4.3.3 Configure Privilege List............................................................................................................. 81

4.3.4 Configure Walled Garden ......................................................................................................... 82

4.3.5 Configure Notification ............................................................................................................... 84

4.3.6 Monitor Online Users................................................................................................................ 89

4.3.7 Log Information ........................................................................................................................ 90

4.4 Control your Managed AP ..................................................................................................................... 93

4.4.1 Discovery Managed AP ............................................................................................................ 93

4.4.2 Managed AP's Profiles Management........................................................................................ 96

4.4.3 Managed AP Batch Setup ........................................................................................................ 99

4.4.4 Managed AP Group Management .......................................................................................... 102

4.4.5 AP Group Status..................................................................................................................... 108

4.4.6 Group Status ...........................................................................................................................110

4.4.7 Rogue AP Detection ................................................................................................................112

4.4.6 Website Monitor ........................................................................................................................114

4.5 Restrain the Users and Sharing Your Internal Service ........................................................................ 115

4.5.1 Configure Time Policy..............................................................................................................115

4.5.2 IP Filter ....................................................................................................................................116

4.5.3 MAC Filter ...............................................................................................................................117

4.5.4 Virtual Server (Port/ IP Forwarding).........................................................................................118

4.5.5 Configure Blacklist...................................................................................................................119

4.5.6 DMZ........................................................................................................................................ 121

4.5.7 IP Routing............................................................................................................................... 122

4.6 Observer the Status............................................................................................................................. 124

4.6.1 Overview ................................................................................................................................ 124

4.6.2 Extra Info ................................................................................................................................ 125

4.6.3 Event Log ............................................................................................................................... 127

Appendix A. Web GUI valid Characters ....................................................................................128

Appendix B. System Manager Privileges .................................................................................134

Appendix D. Examples of Making Payments for End Users ...................................................140

Appendix E. Issue Refund for PayPal.......................................................................................143

Appendix F. Example of AP Device Connection With VLAN ................................................147

Appendix G. Use Template to setup Managed APs..................................................................150

Appendix H. Use Auto Recovery To Setup Managed AP.........................................................153

Chapter1.BeforeYouStart

1.1Preface

The WMS-308N is a full-featured Network Access Control Gateway / Controller that aggregates up to

120 access points (APs), built-in 5000 local accounts/ on-demand accounts and delivers centralized

control and security for wireless deployments.

The WMS-308N is designed for applications in which a compact, cost-effective”all-in-one” networking

solution is required. The WMS-308N included a policy forced firewall, Intelligent Dual-WAN Load

balance, Wireless LAN controller, IP sharing, and 4-Port Giga Ethernet switch in a desktop-mount

enclosure. This device centrallized configuration and management model enables the controllers to be

deployed, monitored, and controlled without local IT staff.

1.2PackageContents

WMS-308N x 1

CD-ROM (With User Manual and QIG) x 1

Power Adapter DC 12V 1.5A x 1

RJ-45 Ethernet Cable x 1

It is highly recommended to use all the supplies in the package instead of substituting any components by

other suppliers to guarantee best performance.

Chapter2.SystemOverview

2.1IntroductionofWMS-308N

The WMS-308N – applies to public access network such as WiFi-Hotspot, network management guest

access, hospitality deployments – which requires reliability, efficiency, and security. It combines an IP

Router / Firewall, Multi-WAN / QoS enforcement and Access Controller for use in wireless

environments. One single WMS-308N can serve up to 500 simultaneous users, takes control over

authentication, authorization, accounting and routing to the Internet as well as to the operating central.

Built-in AAA system allows the owners set up public access services without extra RADIUS server.

2.2SystemConcept

WMS-308N Network Access Gateway / Controller provides authentication, authorization and accounting

for a wired/or wireless networks. Hotspot technology allows Internet providers to offer Internet access to

customers, while applying certain Internet use rules and limitation. It is convenient for Internet cafes,

hotels, airports, schools and universities. The Internet provider gets complete tracking records of per

customer time spent on the network, data amount sent/ received, real-time accounting and more.

To begin browsing, a client must go through a registration process with the provider, and then enter a

Passcode/Username of access ticket in a browser Login window that appears on the attempt to open a

webpage. Hotspot technology proposes providers to establish and administrate a user database, which

can be useful for enterprise such as airports, hotels or universities that offer wireless or Ethernet

Internet connectivity to employees, students, guests or other groups of users.

WMS-308N Network Access Control Gateway

User's Manual

2.3Specification

¾Access Point Management and Support

ÎWMS-308N Network Access Gateway / Controller Support

Max: 120 Access Points per Controller

Max: 500 wireless client per Controller

Provide Local Account : 5000

ÎAP Management – Control - Monitoring

Centralized AP Management

9AP Group management –maintain a set of setting templates that simplify the task to assign the

same setting to multiple APs

9AP-Automatic configuration and provisioning by WMS-308N

9Locally maintained configuration profiles for managed APs

9Auto discovery for managed APs

9Automatic recovery of APs in case of system failure

9Central firmware Upgrade-Select multiple APs and upgrade their firmware at the same time ,

including bulk upgrade

9Remote Firmware upgrade

9Zero Configuration technology to restore defective AP’s setting onto the replacement AP

Central AP Control

9Provides MAC address Control list of client stations for each managed APs

9Access Filter

9Time-based AP access control

9Single UI for upgrading and restoring managed APs’ firmware

9WLAN Partition – if enabled, WLAN clients are not allowed to exchange data through the AP

(WAP-854NP, WAP-954GP, WAP-1954NP, WAP-1954NP-C, CPE-2010G / CPE-2000GN-1, WLO-

15814N / WLO-15802N, WLO-12400N / WLO-12410N)

9Max allowed APs

9Support Roaming – Intra-Switch , Inter-band , Inter-Switch

Central AP Monitoring

9Monitor AP Status

9The number of associated clients to the AP

9The AP RF information

9Associated Station List

9Monitoring IP List

9Load balancing based on number of users

9Load balancing based on utilization

WMS-308N Network Access Control Gateway

User's Manual

9AP User Statistic – Maintain all wireless clients connection history and depict statics in diagrams

9Support Monitor IP on third-party APs

9System alarms and status reports on managed APs

9Topology Monitor-list monitored device; periodically updates devices’ status

9AP life check-real time tracking monitors APs status (AP Health Checking)

9Provide centralized remote management via HTTP/SNMP interface

9SYSLOG support including remote servers

ÎRadio Resource Management

Automatic Channel Assignment and power setting for controlled APs

Simultaneous air monitoring and end user service

Self-healing coverage based on dynamic RF condition

Dense deployment options for capacity optimizations

Multiple BSSID per Radio: 8

Hot Standby at AP mode (supports fail-over as a standby AP)

Load Balance with another available AP (Real-time users limitation)

Radio Management

Coverage interference detection

ÎWireless Encryption

WPA personal and enterprise

WPA2 personal and enterprise

AES(CCMP): 128bit (FIP-197)

WEP40/64 and 104/128-bit

TKIP: RC4-40

SSL and TLS: RC4 128-bit and RSA1024 and 2048 bit

EAP-TLS, EAP-TTL/MSCHAPv2

ÎWireless Security

IEEE802.1X network login user authentication (EAP-MD5/TLS/TTLs)

EAP over LAN (EAPoL) transport with PEAP and EAP-TLS authentication

RADIUS server authentication (RFC2618)

IEEE802.1X user authentication of controller management on controller Telnet and console sessions

Multiple access privilege levels

Hierarchical management and password protection for management interface

EAP offload for AAA server scalability and survivability

Stateful 802.1X authentication for standalone APs

SSID and Location based authentication

Multi-SSID support for operation of Multiple WLANs

Simultaneous Centralized and distributed WLAN support

ÎIdentity –Based Security

802.1X Authentication with WPA,WAP2 and 802.11i

Local Accounts of 802.1X Authentication

WMS-308N Network Access Control Gateway

User's Manual

Support RADIUS /LDAP/POP3 for AAA server

User Name and encryption key binding for strong network identity creation

Local User Data Base for AAA fail-over protection

ÎWireless Roaming Support

Inter AP roaming

Fast roaming

L2 roaming

¾User Management

ÎSupport 500 simultaneous authentication users

ÎMax 5000 Pregenerated/ On-Demand/ Local RADIUS/ authentication users

ÎUsers Session Management

ÎConfigurable user Black list (with schedule)

ÎAllows MAC address and user identity binding for local user authentication

ÎAuthentication methods supported: Pregenerated/ On-Demand, Local RADIUS, LDAP, and Remote

RADIUS and POP3

ÎSSL protected login portal page

ÎSession and account expiration control

ÎUser Log and traffic statistic notification via automatically email service

ÎSession limit control

ÎReal-Time Online Users Traffic Statistic Reporting

ÎSupport local account roaming

ÎSeamless Mobility: User-centric networking manages wired and wireless users as they roam between ports

or wireless APs

¾Service Domain

ÎIntegrating with WAP-854NP/ WAP-954GP and other PheeNet products to have Service Domain feature

and each Service Domain can have its own settings:

ÎThe network is divided into maximum of 8 groups, each defined by VLAN Tag

ÎEach Domain has its own (1) login portal page (2) authentication options (3) LAN/VLAN interface IP

address range (4) Session number limit control (5) Traffic shaping (6) IP Plug and Play (IP PnP) (7)

Multiple Authentication

ÎEnable DHCP or not, and DHCP address range

ÎEnable authentication or not

ÎTypes of authentication options (Local, POP3, RADIUS, LDAP, On-Demand and Pregenerated)

ÎWeb login/ logout/ redirected page (customizable)

ÎDefault Policy

NAT or Route Mode

Specific Route (WAN1 or WAN2 , or a specified gateway)

Login schedule

Bandwidth (max/min)

WMS-308N Network Access Control Gateway

User's Manual

¾Authentication

ÎAuthentication : single sign-on (SSO) client with authentication integrated into the local authentication

environment through local/domain, LDAP, RADIUS, POP3, MAC authentication

ÎCustomizable Login and Logout Portal Pages

ÎCustomizable Advertisement Links on Login Portal Page

ÎUser authentication with UAM (Universal Access Method), 802.1X/EAPoLAN, MAC address

ÎAllow MAC address and user identity binding for local user authentication

ÎNo. Of Registered RADIUS Servers: 2

ÎSupport MAC control list (ACL)

ÎSupport Multiple Login service on one Accounts

ÎSupport auto-expired guest accounts

ÎUsers can be divided into user groups

ÎEach group (role) may get different network policies in different service zones

ÎMax simultaneous user session (TCP/UDP) limit

ÎExport/Import local users list to/from a text file

ÎWeb-based Captive Portal for SSL browser-based authentication

ÎAuthentication type

IEEE802.1X (EAP, LEAP, EAP-TLS, EAP-TTLS, EAP-GTC, EAP-MD5)

ÎRFC2865 RADIUS Authentication

ÎRFC3579 RADIUS Support for EAP

ÎRFC3748 Extensible Authentication Protocol

ÎMAC Address authentication

ÎWeb-based captive portal authentication

¾Authorization

Authorization: access control to network resource such as protected network with Intranet, Internet, bandwidth, VPN,

and full stateful packet firewall

¾Accounting

ÎProvides billing plans for Pregenerated accounts

ÎProvides billing plans for On-Demand accounts

ÎEnables session expiration control for On-Demand accounts by time (hour) and data volume (MB)

ÎDetailed per-user traffic history based on time and data volume for both local and on-demand accounts

ÎSupport local RADIUS and external RADIUS server

ÎContain 10 configurable billing plans for on-demand accounts

ÎSupport credit card billing system by PayPal

ÎSupport automatic email network traffic history

¾Dual WAN

ÎLoad Balancing

Outbound Fault Tolerance

Outbound load balance

Other manuals for WMS-308N

Table of contents

Other PheeNet Gateway manuals

PheeNet

PheeNet WAS-101 User manual

PheeNet

PheeNet WAS-105R User manual

PheeNet

PheeNet WMS-208 User manual

PheeNet

PheeNet WMS-308N User manual

PheeNet

PheeNet WAS-103R User manual

PheeNet

PheeNet WAS-103R User manual

Popular Gateway manuals by other brands

Telecom FM

Telecom FM onestream gfx Programming guide

UfiSpace

UfiSpace LoRa GPE810U Quick setup guide

Merak

Merak MMk-736F Quick setup guide

Robustel

Robustel R3010 user guide

turck

turck BL20-PG-EN-V3 user manual

IBM

IBM Security Web Gateway Appliance quick start guide

SSS Siedle

SSS Siedle Smart Gateway Commissioning instructions

ADTRAN

ADTRAN 424RG Installation

Chorus

Chorus Hyperfibre XGS-250WX-A user guide

Dragino

Dragino G308 user manual

Data Domain

Data Domain DD690g Installation and setup guide

Raritan

Raritan Laptop Release notes

Haivision

Haivision Torpedo quick start guide

ATCOM

ATCOM AG-268 user manual

LST

LST M500RFE-AS Specification sheet

Vega

Vega VEGA BS-3 user manual

Kinnex

Kinnex Media Gateway quick start guide

2N Telekomunikace

2N Telekomunikace 2N StarGate user manual