PheeNet WMS-308N User manual
Network Access Control
Gateway / Controller
User's Manual Ver.1.0.0 WMS-308N
TableofContents
Chapter 1. Before You Start ...............................................................................................................5
1.1 Preface.................................................................................................................................................... 5
1.2 Package Contents................................................................................................................................... 5
Chapter 2. System Overview..............................................................................................................6
2.1 Introduction of WMS-308N ...................................................................................................................... 6
2.2 System Concept...................................................................................................................................... 6
2.3 Specification ............................................................................................................................................ 7
Chapter 3. Base Installations ...........................................................................................................1
4
3.1 Installations ........................................................................................................................................... 14
3.1.1 System Requirements .............................................................................................................. 14
3.1.2 Panel Function Descriptions..................................................................................................... 14
3.1.3 Hardware Installation................................................................................................................ 16
3.2 Software Configuration.......................................................................................................................... 17
3.2.1 Getting Start ............................................................................................................................. 17
3.2.2 Quick Configuration.................................................................................................................. 19
3.2.3 Access Internet......................................................................................................................... 22
Chapter 4. Web Interface Configuration .........................................................................................23
4.1 Connect WMS-308N to the external Network...................................................................................... 24
4.1.1 Network Requirement............................................................................................................... 24
4.1.2 Configure WAN Port ................................................................................................................. 24
4.1.3 Configure WAN Traffic .............................................................................................................. 27
4.1.4 Configure Dynamic DNS .......................................................................................................... 29
4.1.5 Configure Local(LAN/VLAN) Network....................................................................................... 30
4.2 Manage the System .............................................................................................................................. 36
4.2.1 Configure System Time ............................................................................................................ 36
4.2.2 Configure Management ............................................................................................................ 37
4.2.3 Configure SNMP....................................................................................................................... 40
4.2.4 Backup / Restore and Reset to Factory.................................................................................... 41
4.2.5 Firmware Upgrade.................................................................................................................... 42
4.2.6 Network Utility .......................................................................................................................... 43
4.2.7 USB Storage Setup .................................................................................................................. 44
4.2.8 Format Database...................................................................................................................... 45
4.2.8 Reboot...................................................................................................................................... 46
4.3 Access To External Network With Service Domain ............................................................................... 47
4.3.1 Configure Service Domain........................................................................................................ 48
4.3.2 Configure Authentication .......................................................................................................... 53
4.3.2.1 Authentication Management .........................................................................................53
4.3.2.2 Configure Pregenerated Tickets ...................................................................................54
4.3.2.3 Configure On-Demand..................................................................................................59
4.3.2.3.1 Create Billing Plans..........................................................................................60
4.3.2.3.2 Create On-Demand Users ...............................................................................62
4.3.2.3.3 Configure External Payment Gateway .............................................................65
4.3.2.3.4 Configure Thermal Printer................................................................................68
4.3.2.3.5 Billing Plan Report ...........................................................................................73
4.3.2.3.6 Ticket Customization........................................................................................74
4.3.2.4 Configure Local Radius Accounts .................................................................................75
4.3.2.5 Configure Remote Radius Server.................................................................................78
4.3.2.6 Configure LDAP Server ................................................................................................79
4.3.2.7 Configure POP3 Server ................................................................................................80
4.3.3 Configure Privilege List............................................................................................................. 81
4.3.4 Configure Walled Garden ......................................................................................................... 82
4.3.5 Configure Notification ............................................................................................................... 84
4.3.6 Monitor Online Users................................................................................................................ 89
4.3.7 Log Information ........................................................................................................................ 90
4.4 Control your Managed AP ..................................................................................................................... 93
4.4.1 Discovery Managed AP ............................................................................................................ 93
4.4.2 Managed AP's Profiles Management........................................................................................ 96
4.4.3 Managed AP Batch Setup ........................................................................................................ 99
4.4.4 Managed AP Group Management .......................................................................................... 102
4.4.5 AP Group Status..................................................................................................................... 108
4.4.6 Group Status ...........................................................................................................................110
4.4.7 Rogue AP Detection ................................................................................................................112
4.4.6 Website Monitor ........................................................................................................................114
4.5 Restrain the Users and Sharing Your Internal Service ........................................................................ 115
4.5.1 Configure Time Policy..............................................................................................................115
4.5.2 IP Filter ....................................................................................................................................116
4.5.3 MAC Filter ...............................................................................................................................117
4.5.4 Virtual Server (Port/ IP Forwarding).........................................................................................118
4.5.5 Configure Blacklist...................................................................................................................119
4.5.6 DMZ........................................................................................................................................ 121
4.5.7 IP Routing............................................................................................................................... 122
4.6 Observer the Status............................................................................................................................. 124
4.6.1 Overview ................................................................................................................................ 124
4.6.2 Extra Info ................................................................................................................................ 125
4.6.3 Event Log ............................................................................................................................... 127
Appendix A. Web GUI valid Characters ....................................................................................128
Appendix B. System Manager Privileges .................................................................................134
Appendix D. Examples of Making Payments for End Users ...................................................140
Appendix E. Issue Refund for PayPal.......................................................................................143
Appendix F. Example of AP Device Connection With VLAN ................................................147
Appendix G. Use Template to setup Managed APs..................................................................150
Appendix H. Use Auto Recovery To Setup Managed AP.........................................................153
Chapter1.BeforeYouStart
1.1Preface
The WMS-308N is a full-featured Network Access Control Gateway / Controller that aggregates up to
120 access points (APs), built-in 5000 local accounts/ on-demand accounts and delivers centralized
control and security for wireless deployments.
The WMS-308N is designed for applications in which a compact, cost-effective”all-in-one” networking
solution is required. The WMS-308N included a policy forced firewall, Intelligent Dual-WAN Load
balance, Wireless LAN controller, IP sharing, and 4-Port Giga Ethernet switch in a desktop-mount
enclosure. This device centrallized configuration and management model enables the controllers to be
deployed, monitored, and controlled without local IT staff.
1.2PackageContents
WMS-308N x 1
CD-ROM (With User Manual and QIG) x 1
Power Adapter DC 12V 1.5A x 1
RJ-45 Ethernet Cable x 1
It is highly recommended to use all the supplies in the package instead of substituting any components by
other suppliers to guarantee best performance.
Chapter2.SystemOverview
2.1IntroductionofWMS-308N
The WMS-308N – applies to public access network such as WiFi-Hotspot, network management guest
access, hospitality deployments – which requires reliability, efficiency, and security. It combines an IP
Router / Firewall, Multi-WAN / QoS enforcement and Access Controller for use in wireless
environments. One single WMS-308N can serve up to 500 simultaneous users, takes control over
authentication, authorization, accounting and routing to the Internet as well as to the operating central.
Built-in AAA system allows the owners set up public access services without extra RADIUS server.
2.2SystemConcept
WMS-308N Network Access Gateway / Controller provides authentication, authorization and accounting
for a wired/or wireless networks. Hotspot technology allows Internet providers to offer Internet access to
customers, while applying certain Internet use rules and limitation. It is convenient for Internet cafes,
hotels, airports, schools and universities. The Internet provider gets complete tracking records of per
customer time spent on the network, data amount sent/ received, real-time accounting and more.
To begin browsing, a client must go through a registration process with the provider, and then enter a
Passcode/Username of access ticket in a browser Login window that appears on the attempt to open a
webpage. Hotspot technology proposes providers to establish and administrate a user database, which
can be useful for enterprise such as airports, hotels or universities that offer wireless or Ethernet
Internet connectivity to employees, students, guests or other groups of users.
WMS-308N Network Access Control Gateway
User's Manual
7
2.3Specification
¾Access Point Management and Support
ÎWMS-308N Network Access Gateway / Controller Support
Max: 120 Access Points per Controller
Max: 500 wireless client per Controller
Provide Local Account : 5000
ÎAP Management – Control - Monitoring
Centralized AP Management
9AP Group management –maintain a set of setting templates that simplify the task to assign the
same setting to multiple APs
9AP-Automatic configuration and provisioning by WMS-308N
9Locally maintained configuration profiles for managed APs
9Auto discovery for managed APs
9Automatic recovery of APs in case of system failure
9Central firmware Upgrade-Select multiple APs and upgrade their firmware at the same time ,
including bulk upgrade
9Remote Firmware upgrade
9Zero Configuration technology to restore defective AP’s setting onto the replacement AP
Central AP Control
9Provides MAC address Control list of client stations for each managed APs
9Access Filter
9Time-based AP access control
9Single UI for upgrading and restoring managed APs’ firmware
9WLAN Partition – if enabled, WLAN clients are not allowed to exchange data through the AP
(WAP-854NP, WAP-954GP, WAP-1954NP, WAP-1954NP-C, CPE-2010G / CPE-2000GN-1, WLO-
15814N / WLO-15802N, WLO-12400N / WLO-12410N)
9Max allowed APs
9Support Roaming – Intra-Switch , Inter-band , Inter-Switch
Central AP Monitoring
9Monitor AP Status
9The number of associated clients to the AP
9The AP RF information
9Associated Station List
9Monitoring IP List
9Load balancing based on number of users
9Load balancing based on utilization
WMS-308N Network Access Control Gateway
User's Manual
8
9AP User Statistic – Maintain all wireless clients connection history and depict statics in diagrams
9Support Monitor IP on third-party APs
9System alarms and status reports on managed APs
9Topology Monitor-list monitored device; periodically updates devices’ status
9AP life check-real time tracking monitors APs status (AP Health Checking)
9Provide centralized remote management via HTTP/SNMP interface
9SYSLOG support including remote servers
ÎRadio Resource Management
Automatic Channel Assignment and power setting for controlled APs
Simultaneous air monitoring and end user service
Self-healing coverage based on dynamic RF condition
Dense deployment options for capacity optimizations
Multiple BSSID per Radio: 8
Hot Standby at AP mode (supports fail-over as a standby AP)
Load Balance with another available AP (Real-time users limitation)
Radio Management
Coverage interference detection
ÎWireless Encryption
WPA personal and enterprise
WPA2 personal and enterprise
AES(CCMP): 128bit (FIP-197)
WEP40/64 and 104/128-bit
TKIP: RC4-40
SSL and TLS: RC4 128-bit and RSA1024 and 2048 bit
EAP-TLS, EAP-TTL/MSCHAPv2
ÎWireless Security
IEEE802.1X network login user authentication (EAP-MD5/TLS/TTLs)
EAP over LAN (EAPoL) transport with PEAP and EAP-TLS authentication
RADIUS server authentication (RFC2618)
IEEE802.1X user authentication of controller management on controller Telnet and console sessions
Multiple access privilege levels
Hierarchical management and password protection for management interface
EAP offload for AAA server scalability and survivability
Stateful 802.1X authentication for standalone APs
SSID and Location based authentication
Multi-SSID support for operation of Multiple WLANs
Simultaneous Centralized and distributed WLAN support
ÎIdentity –Based Security
802.1X Authentication with WPA,WAP2 and 802.11i
Local Accounts of 802.1X Authentication
WMS-308N Network Access Control Gateway
User's Manual
9
Support RADIUS /LDAP/POP3 for AAA server
User Name and encryption key binding for strong network identity creation
Local User Data Base for AAA fail-over protection
ÎWireless Roaming Support
Inter AP roaming
Fast roaming
L2 roaming
¾User Management
ÎSupport 500 simultaneous authentication users
ÎMax 5000 Pregenerated/ On-Demand/ Local RADIUS/ authentication users
ÎUsers Session Management
ÎConfigurable user Black list (with schedule)
ÎAllows MAC address and user identity binding for local user authentication
ÎAuthentication methods supported: Pregenerated/ On-Demand, Local RADIUS, LDAP, and Remote
RADIUS and POP3
ÎSSL protected login portal page
ÎSession and account expiration control
ÎUser Log and traffic statistic notification via automatically email service
ÎSession limit control
ÎReal-Time Online Users Traffic Statistic Reporting
ÎSupport local account roaming
ÎSeamless Mobility: User-centric networking manages wired and wireless users as they roam between ports
or wireless APs
¾Service Domain
ÎIntegrating with WAP-854NP/ WAP-954GP and other PheeNet products to have Service Domain feature
and each Service Domain can have its own settings:
ÎThe network is divided into maximum of 8 groups, each defined by VLAN Tag
ÎEach Domain has its own (1) login portal page (2) authentication options (3) LAN/VLAN interface IP
address range (4) Session number limit control (5) Traffic shaping (6) IP Plug and Play (IP PnP) (7)
Multiple Authentication
ÎEnable DHCP or not, and DHCP address range
ÎEnable authentication or not
ÎTypes of authentication options (Local, POP3, RADIUS, LDAP, On-Demand and Pregenerated)
ÎWeb login/ logout/ redirected page (customizable)
ÎDefault Policy
NAT or Route Mode
Specific Route (WAN1 or WAN2 , or a specified gateway)
Login schedule
Bandwidth (max/min)
WMS-308N Network Access Control Gateway
User's Manual
10
¾Authentication
ÎAuthentication : single sign-on (SSO) client with authentication integrated into the local authentication
environment through local/domain, LDAP, RADIUS, POP3, MAC authentication
ÎCustomizable Login and Logout Portal Pages
ÎCustomizable Advertisement Links on Login Portal Page
ÎUser authentication with UAM (Universal Access Method), 802.1X/EAPoLAN, MAC address
ÎAllow MAC address and user identity binding for local user authentication
ÎNo. Of Registered RADIUS Servers: 2
ÎSupport MAC control list (ACL)
ÎSupport Multiple Login service on one Accounts
ÎSupport auto-expired guest accounts
ÎUsers can be divided into user groups
ÎEach group (role) may get different network policies in different service zones
ÎMax simultaneous user session (TCP/UDP) limit
ÎExport/Import local users list to/from a text file
ÎWeb-based Captive Portal for SSL browser-based authentication
ÎAuthentication type
IEEE802.1X (EAP, LEAP, EAP-TLS, EAP-TTLS, EAP-GTC, EAP-MD5)
ÎRFC2865 RADIUS Authentication
ÎRFC3579 RADIUS Support for EAP
ÎRFC3748 Extensible Authentication Protocol
ÎMAC Address authentication
ÎWeb-based captive portal authentication
¾Authorization
Authorization: access control to network resource such as protected network with Intranet, Internet, bandwidth, VPN,
and full stateful packet firewall
¾Accounting
ÎProvides billing plans for Pregenerated accounts
ÎProvides billing plans for On-Demand accounts
ÎEnables session expiration control for On-Demand accounts by time (hour) and data volume (MB)
ÎDetailed per-user traffic history based on time and data volume for both local and on-demand accounts
ÎSupport local RADIUS and external RADIUS server
ÎContain 10 configurable billing plans for on-demand accounts
ÎSupport credit card billing system by PayPal
ÎSupport automatic email network traffic history
¾Dual WAN
ÎLoad Balancing
Outbound Fault Tolerance
Outbound load balance
WMS-308N Network Access Control Gateway
User's Manual
11
Multiple Domain Support
By Traffic
ÎBandwidth Management by individual and distribution on different network(Service Domain)
ÎWAN Connection Detection
¾Firewall
ÎBuilt-in DoS attack protection
ÎInspection Full stateful packet filter
ÎAccess Control List
ÎMultiple Domain Support
ÎActive Firewall Session – 16,000
¾Network
ÎSupport NAT or Router Mode
ÎSupport Static IP, Dynamic IP (DHCP Client), PPPoE and PPTP on WAN connection
ÎDHCP Server per Interface; Multiple DHCP Networks
Î802.3 Bridging
ÎProxy DNS/Dynamic DNS
ÎIP/Port destination redirection
ÎDMZ server mapping
ÎVirtual server mapping
ÎH.323 pass-through
ÎBuilt-in with DHCP server
ÎSupport Static Routing
ÎSupport RIP and OSPF Dynamic Routing
ÎBinding VLAN with Ethernet interface
ÎSupport MAC Filter
ÎSupport IP Filter
ÎSupport Layer-7 protocol Filter and Web Content Filter
ÎSupport Walled garden (free surfing zone)
ÎSupport MAC-address and IP –address pass through
ÎSupport IP Plug and Play (IP PnP)
¾System Administration
ÎThree administrator accounts
ÎProvide customizable login and logout portal page
ÎCLI access (Remote Management) via Telnet and SSH
ÎRemote firmware upgrade (via the Web)
ÎUtilities to backup and restore the system configuration
ÎFull Statistics and Status Reporting
ÎReal-time traffic monitoring
ÎPing Watchdog
WMS-308N Network Access Control Gateway
User's Manual
12
¾Network Management
ÎEvent Syslog
ÎStatus monitoring of on-line users
ÎIP-based monitoring of network devices
ÎInterface connection status
ÎSupport Syslog for diagnosing and troubleshooting
ÎUser traffic history logging
ÎUser’s session log can be sent to Syslog server
ÎRemote Syslog reporting to external server
ÎTraffic Analysis and Statistics
ÎSNMP v1, v2c, v3
ÎSNMP Traps to a list of IP Addresses
ÎSupport MIB-II
ÎNTP Time Synchronization
ÎAdministrative Access : HTTP / HTTPS
WMS-308N Network Access Control Gateway
User's Manual
13
WMS-308N Hardware Specifications
Base Platform 32-bit , MIPS24K Processor
CPU Clock Speed 680 MHz
Serial Port 1 (DB-9)
USB Port 1 ( Optional 3G interface radio with major brands – ODM only)
Reset Switch Built-in Push-button momentary contact switch
Ethernet Configuration 10/100/1000 BASE-TX auto-negotiation Ethernet port x 6 (RJ-45 connector)
WAN * 2
LAN * 4
DRAM On board : 256Mbytes
Flash On board : 32 Mbytes
CF Socket 1 (reserved for option)
Built-In LED Indicators 1 * Power ; 1 * Status, 1 * Net Status ( This is for AP management, when system
can't detect managed AP )
Environmental & Mechanical Characteristics
Operating Temperature 0 °C ~ 55 °C
Storage Temperature -20 °C ~ 75 °C
Operating Humidity 10% to 80% Non-Condensing
Storage Humidity 5% to 90% Non-Condensing
Power Supply 110 – 220V AC Power; 12 VDC, 1.5A input.
Unit Dimensions 243 x 150 x 45.5 (mm) (Width x Depth x Height)
Unit Weight 1.4 Kg
Form Factor Wall Mountable , Metal case
Certifications FCC/CE
WMS-308N Network Access Control Gateway
User's Manual
14
Chapter3.BaseInstallations
3.1Installations
3.1.1SystemRequirements
¾Standard 10/100/1000Base T including five network cables with RJ-45 connectors
¾All PCs need to install the TCP/IP network protocol
3.1.2PanelFunctionDescriptions
Front Panel
1. Power/Status :
ÎLED Green ON indicates power on, OFF indicates power off.
ÎWhen system restart, LED Amber will flash three times after system up.
ÎLED Amber ON indicate the Flash is busy(For example, format database, create or delete accounts...etc)
2. Console : The serial RS-232 DB9 cable attaches here.
3. Reset : Press and hold the button for more than 10 seconds until Power/Status LED Amber FLASH to reset
the system to default configurations. After you release button, the LED Amber will ON and system’s
database will be formatted until LED Green ON to restart system.
4. WAN1/WAN2 : Two WAN ports are available on the system. LED Green ON indicates 10/100-Mbps link is
established on the port. LED Amber ON indicates 1000-Mbps link is established on the port.
5. LAN : Clients devices connect to WMS-308N via LAN ports
WMS-308N Network Access Control Gateway
User's Manual
15
Rear Panel
1. Power SOCKET (12V DC) : Attach the power socket here.
WMS-308N Network Access Control Gateway
User's Manual
16
3.1.3HardwareInstallation
Please follow the steps mentioned below to install the hardware of WMS-308N
1. Place the WMS-308N at a best location.
The best location for WMS-308N is usually at the center of your wireless network.
2. Connect WMS-308N to your outbound network device.
Connect one end of the Ethernet cable to the WAN1/WAN2 port of WMS-308N on the front panel. On your
environment, connect the other end of the cable to the external Internet . The WAN1/WAN2 LED indicator should be
ON to indicate a proper connection.
3. Connect WMS-308N to your network device.
Connect one end of the Ethernet cable to LAN port of WMS-308N on the front panel. Connect the other end of
cable to a PC for configuring the system. The LAN LED indicator should be ON to indicate a proper connection.
4. Connect the DC power adapter to the WMS-308N power socket on the rear panel.
Please only use the power adapter supplied with the WMS-308N package. Using a different power
adapter may damage this system
Now, the hardware installation is completed.
To double verify the wired connection between WMS-308N and your switch/router/hub, please check the
LED status indication of these network devices.
WMS-308N Network Access Control Gateway
User's Manual
17
3.2SoftwareConfiguration
3.2.1GettingStart
Step :
1. Once the hardware installation is done, set DHCP in TCP/IP of the administrator's PC to get an IP address
automatically. Connect the PC to the LAN port of WMS-308N. An IP address will be assigned to the PC
automatically via the WMS-308N.
2. Launch a web browser to access the web GUI of WMS-308N by entering “http://192.168.2.254” in the
address field.
3. The following Administrator Login Page will appear. Enter “root” in the Username field, and “default” in the
Password field. Click OK button to login.
If you can't get the login screen, you may have incorrectly set your PC to obtain an IP address
automatically from LAN port or the IP address used does not have the same subnet as the URL.
Please use default IP address such as 192.168.2.x in your network and then try it again.
WMS-308N Network Access Control Gateway
User's Manual
18
You can login as root, admin or operator. The default username and password as follows.
¾Root : The administrator can access all area of the WMS-308N
Username : root
Password : default
¾admin : The admin can access the area under Service Domain, Wireless and Advanced setting (Please see
Appendix B.)
Username : admin
Password : admin
¾operator : The operator only can access the area of On-Demand authentication to create, edit and print out
the new on-demand user accounts. (Please see Appendix B.)
Username : operator
Password : 1234
4. After a successful login, the “Home Page” will appear on the screen.
WMS-308N Network Access Control Gateway
User's Manual
19
3.2.2QuickConfiguration
WMS-308N provides wireless and wired network service with authentication required for clients in Service Domain.
Clients in the each Service Domain are isolated with each other. WMS-308N supports 8 Service Domains, Domain-
0 to Domain-7. Administrator can select authentication type on each Service Domain. If Authentication Required is
enabled, the clients are required to get authenticated successfully before access the Internet.
Configuration Steps :
Step 1 : Change Root's Password
ÎClick System -> Management, the Management Setup page will appear.
ÎEnter a New Root Password for the Root account ad retype in the Check Root Password field. (4-30
alphanumeric and specific characters; not support Space)
ÎClick Save button.
For security concern, it is strongly recommended to change the Root password.
Step 2 : Select Connection Type for WAN1 Port and Set DNS Server
ÎClick System -> WAN, the WAN Setup page will appear.
ÎSelect the appropriate Connection Type for WAN1 port, there are four types of WAN1 connections to be
selected from: Static IP, Dynamic IP, PPPoE Client and PPTP Client.
ÎEnter the IP Address of a DNS Server provided by your ISP(Internet Service Provider). Contact the ISP if the
DNS IP Address is unknown.
ÎClick Save button.
WMS-308N Network Access Control Gateway
User's Manual
20
Step 3 : Choose System's Time
ÎClick System -> Time Server, the Time Server Setup page will appear.
ÎSelect the appropriate setting and Click Save button.
Before Hotspot service active, make sure the Local Time is correctly.
Step 4 : Select Authentication Type for Service Domain
ÎClick Service Domain →Service Domain0, the Service Domain0 Setup page will appear, for each Service
Domain, authentication type can be selected in Pregenerated Ticket, On-Demand, Local RADIUS, Remote
RADIUS Server, LDAP Server and POP3, and select one authentication type for Default Auth Type. Below
depicts an example for Local RADIUS.
Other manuals for WMS-308N
1
Table of contents
Other PheeNet Gateway manuals
Popular Gateway manuals by other brands
MVC-Data
MVC-Data AccessZone GC1000 Series installation manual
SST Automation
SST Automation GT100-MQ-IE user manual
ZyXEL Communications
ZyXEL Communications Prestige P-662HW-61 user guide
Dispel
Dispel Wicket user manual
Mennekes
Mennekes eMobility-Gateway Professional+ OPERATING AND INSTALLATION Manual
Spelso
Spelso L operating manual
