Nomadix Access Gateways User Manual
  1. Manuals
  2. Brands
  3. Nomadix Manuals
  4. Gateway
  5. Access Gateways
  6. User manual

Nomadix Access Gateways User Manual

Access gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Access Gateways and is the answer not in the manual?

Questions and answers

Related Manuals for Nomadix Access Gateways

Summary of Contents for Nomadix Access Gateways

  • Page 2 CCESS ATEWAY Access Gateway Copyright © 2010 Nomadix, Inc. All Rights Reserved. This product also includes software developed by: The University of California, Berkeley and its contributors; Carnegie Mellon University, Copyright © 1998 by Carnegie Mellon University All Rights Reserved; Go Ahead Software, Inc., Copyright ©...
  • Page 3 ATEWAY Trademarks symbol, and Nomadix Service Engine™ are trademarks of Nomadix, Inc. All other trademarks and brand names are marks of their respective holders. Product Information Telephone: +1.818.597.1500 Fax: +1.818.597.1502 For technical support information, see the Appendix in this User Guide.
  • Page 4 CCESS ATEWAY CAUTION WARNING Read the instruction manual prior to operation. Risk of electric shock; do not open; no user-serviceable parts inside. ATTENTION AVERTISSEMENT Lire le mode d’emploi avant utilisation. Risque de choc electrique; ne pas ouvrir; ne pas tenter de demontre l’appareil.
  • Page 5 CCESS ATEWAY...
  • Page 6 CCESS ATEWAY This page intentionally left blank.

  • Page 7: Table Of Contents

    CCESS ATEWAY Table of Contents Table of Contents ......................vii Chapter 1: Introduction ....................1 About this Guide ........................1 Organization..........................1 Welcome to the Access Gateway....................2 Product Configuration and Licensing ................2 Key Features and Benefits ......................2 Platform Reliability......................
  • Page 8 Secure XML API....................... 17 Session Rate Limiting (SRL)..................... 18 Session Termination Redirect................... 18 Smart Client Support ......................18 SNMP Nomadix Private MIB ................... 18 Static Port Mapping ......................19 Tri-Mode Authentication ....................19 URL Filtering ........................19 Walled Garden ......................... 19 Web Management Interface .....................
  • Page 9 CCESS ATEWAY Archiving Your Configuration Settings.................. 48 Installing the Nomadix Private MIB..................48 Chapter 3: System Administration................51 Choosing a Remote Connection....................51 Using the Web Management Interface (WMI) ..............52 Using an SNMP Manager....................52 Using a Telnet Client ....................... 53 Logging In..........................
  • Page 10 CCESS ATEWAY Network Info Menu ....................... 141 Displaying ARP Table Entries {ARP}................141 Displaying DAT Sessions {DAT} ................... 141 Displaying the Host Table {Hosts} ................142 Displaying ICMP Statistics {ICMP} ................143 Displaying the Network Interfaces {Interfaces}............. 143 Displaying the IP Statistics {IP} ..................145 Viewing IPSec Tunnel Status {IPSec} ................
  • Page 11 CCESS ATEWAY Defining Subscriber UI Buttons {Subscriber Buttons} ..........200 Defining Subscriber UI Labels {Subscriber Labels} ............. 201 Defining Subscriber Error Messages {Subscriber Errors} ........... 203 Defining Subscriber Messages {Subscriber Messages} ..........205 System Menu......................... 208 Adding an ARP Table Entry {ARP Add}................ 208 Deleting an ARP Table Entry {ARP Delete} ..............
  • Page 12 Authentication-Request ....................268 Authentication-Reply (Accept) ..................268 Accounting-Request......................269 Selected Detailed Descriptions ..................270 Nomadix Vendor Specific Attributes ................271 Setting Up the SSL Feature ....................273 Prerequisites........................273 Obtain a Private Key File (cakey.pem) ................273 Installing Cygwin and OpenSSL on a PC ..............274 Private Key Generation....................

  • Page 13: Chapter 1: Introduction

    Interface. This section provides an overview and sample scenario for the Access Gateway’s subscriber interface. It also includes an outline of the authorization and billing processes utilized by the system, and the Nomadix Information and Control Console. Chapter 4 –...

  • Page 14: Welcome To The Access Gateway

    Public-LAN, and Residential segments. Product Configuration and Licensing All Nomadix Access Gateway products are powered by our patented and patent-pending suite of embedded software, called the Nomadix Service Engine™ (NSE). The Access Gateway employs our NSE core software package and comes pre-packaged with the option to purchase additional modules to expand the product’s functionality.

  • Page 15: Platform Reliability

    CCESS ATEWAY aggregation equipment (two for subscriber side) within the network. It also incorporates an RS232 serial port for connecting to a Property Management System (PMS) and for system management and administration, while maintaining one billing relationship with their chosen provider.

  • Page 16: Transparent Connectivity

    CCESS ATEWAY Transparent Connectivity Resolving configuration conflicts is difficult and time consuming for network users who are constantly on the move, and costly to the solution provider. In fact, most users are reluctant to make changes to their computer’s network settings and won’t even bother. This fact alone has prevented the widespread deployment of broadband network services.

  • Page 17: Access Control And Authentication

    Session Rate Limiting (SRL) feature, and MAC filtering for improved network reliability. 5-Step Service Branding A network enabled with the Nomadix Access Gateway offers a 5-Step service branding methodology for service providers and their partners, comprising: Initial Flash Page branding.

  • Page 18: Nse Core Functionality

    PMS). NSE Core Functionality Powering Nomadix’ family of Access Gateways, the Nomadix Service Engine (NSE) delivers a full range of features needed to successfully deploy public access networks. These “core” features solve issues of connectivity, security, billing, and roaming in a Wi-Fi public access network.

  • Page 19: Access Control

    Secure Socket Layer (SSL)  Secure XML API  Session Rate Limiting (SRL)  Session Termination Redirect  Smart Client Support  SNMP Nomadix Private MIB  Static Port Mapping  Tri-Mode Authentication  URL Filtering  Walled Garden ...

  • Page 20: Bandwidth Management

    With the Nomadix ICC feature enabled, subscribers can increase or decrease their own bandwidth and pricing plans for their service dynamically.

  • Page 21: Command Line Interface

    The Command Line Interface (CLI) is a character-based user interface that can be accessed remotely or via a direct cable connection. Until your Nomadix product is up and running on the network, the CLI is the Network Administrator’s window to the system. Software upgrades can only be performed from the CLI.

  • Page 22: End User Licensee Count

     complex billing plans. Recycle existing Web page content for the centrally hosted portal page.  If you choose to use the EWS interface, Nomadix Technical Support can provide you with sample scripts. See also, “Contact Information” on page 297.

  • Page 23: Information And Control Console

    Dramatically heightens the reusability factor of costly public IP addresses.  Information and Control Console The Nomadix ICC is a HTML-based pop-up window that is presented to subscribers with their Web browser. The ICC allows subscribers to select their bandwidth and billing options quickly Introduction...

  • Page 24: Internal Web Server

    CCESS ATEWAY and efficiently from a simple pull-down menu. For credit card accounts, the ICC displays a dynamic “time” field to inform subscribers of the time remaining on their account. Information and Control Console (ICC) Additionally, the ICC contains multiple opportunities for an operator to display its branding or the branding of partners during the user’s session, as well as display advertising banners and present a choice of redirection options to their subscribers.

  • Page 25: International Language Support

    CCESS ATEWAY International Language Support The NSE allows you to define the text displayed to your users by the IWS without any HTML or ASP knowledge. The language you select determines the language encoding that the IWS instructs the browser to use. See also, “Internal Web Server”...

  • Page 26: Mac Filtering

    CCESS ATEWAY MAC Filtering MAC Filtering enhances Nomadix' access control technology by allowing system administrators to block malicious users based on their MAC address. Up to 50 MAC addresses can be blocked at any one time. See also, “Session Rate Limiting (SRL)” on page...

  • Page 27: Radius-Driven Auto Configuration

    Once configured, this methodology can also be effectively used to centrally manage configuration profiles for all Nomadix devices in the public access network.

  • Page 28: Realm-Based Routing

    NSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption. Establishing the IPSec tunnel not only allows for the secure management of the Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for...

  • Page 29: Secure Socket Layer (Ssl)

    Nomadix gateway. See also, “Defining IPSec Tunnel Settings” on page 139. Two subsequent events drive the secure management function of the Nomadix gateway and the devices behind it: Establishing an IPSec tunnel to a centralized IPSec termination server (for example, Nortel Contivity).

  • Page 30: Session Rate Limiting (Srl)

    XML enables solution providers to customize and enhance their product installations. This feature allows the operator to use Nomadix' popular XML API using the built-in SSL certificate functionality in the NSE so that parameters passed between the Gateway and the centralized Web server are secured via SSL.

  • Page 31: Static Port Mapping

    For example, in addition to supporting the secure browser-based Universal Access Method (UAM) via SSL, Nomadix is the only company to simultaneously support port-based authentication using IEEE 802.1x and authentication mechanisms used by Smart Clients.

  • Page 32: Web Management Interface

    PMS system whenever a subscriber purchases Internet service and decides to post the charges to their room. Nomadix’ Access Gateways are equipped with a serial PMS interface port to facilitate connectivity with a customer’s Property Management System.

  • Page 33: Network Architecture (Sample)

    CCESS ATEWAY This module allows a secondary Nomadix Access Gateway to be placed in the network that can take over if the primary device fails, ensuring Wi-Fi service remains uninterrupted. Network Architecture (Sample) The Access Gateway can be deployed effectively in a variety of wireless and wired broadband environments where there are many users—usually mobile—who need high speed access to...

  • Page 34: Online Help (Webhelp)

    CCESS ATEWAY The following example shows a potential Hospitality application: Phone Laptop DSL Modem DSLAM Router Online Help (WebHelp) The Access Gateway incorporates an online Help system called “WebHelp” which is accessible through the Web Management Interface (when a remote Internet connection is established following a successful installation).

  • Page 35: Notes, Cautions, And Warnings

    CCESS ATEWAY WebHelp is useful when you have an Internet connection to the Access Gateway and you want to access information quickly and efficiently. It contains all the information you will find in this User Guide. For more information about WebHelp and other online documentation resources, go to “Online Documentation and Help”...
  • Page 36 CCESS ATEWAY Introduction...

  • Page 37: Chapter 2: Installing The Access Gateway

     “Archiving Your Configuration Settings” on page 48  “Installing the Nomadix Private MIB” on page 48  Once you have installed your Access Gateway and established the configuration settings, you should write the settings to an archive file. If you ever experience problems with the system, your archived settings can be restored at any time.

  • Page 38: Unpacking The Access Gateway

    Screw 4-40 5/16” flathead 100 deg Plastic bumper feet Universal mounting bracket Quick Start Guide “Accessories” CD-ROM (containing this User Guide, README file, NOMADIX Enterprise MIB file, and any other useful accessories) Customer letter End User License Agreement (EULA) Packing materials (polystyrene end caps)

  • Page 39: Installation Workflow

    When prompted, accept to the Nomadix End User License Agreement (EULA). You must accept the EULA before the AG can connect with the Nomadix License Key Server. When the key is successfully received from the server, your AG will reboot.

  • Page 40: Powering Up The System

    CCESS ATEWAY Powering Up the System Use this procedure to establish a direct cable connection between the Access Gateway and your laptop computer, and to power up the system. Place the Access Gateway on a flat and stable work surface. Connect the power cord.

  • Page 41: Logging In To The Command Line Interface

    CCESS ATEWAY Logging In to the Command Line Interface Use this procedure to initialize the system and log in to the Access Gateway’s Command Line Interface (CLI). The character-based CLI is used at initial start-up. Start a HyperTerminal™ session to connect to the Access Gateway. Use the following HyperTerminal settings: Bits per second 9600...
  • Page 42 CCESS ATEWAY a license key from the Nomadix License Key Server, you must accept the Nomadix End User License Agreement (EULA).. Installing the Access Gateway...

  • Page 43: The Management Interfaces (Cli And Web)

    CCESS ATEWAY The Management Interfaces (CLI and Web) The Access Gateway supports various methods for managing the system remotely. These include, an embedded graphical Web Management Interface (WMI), an SNMP client, or Telnet. However, until the unit is installed and running, system management is performed from the Access Gateway’s embedded CLI via a direct serial cable connection.

  • Page 44: Menu Organization (Web Management Interface)

    CCESS ATEWAY When using the CLI, if a procedure asks you to “enter sn,” this means you must type press the key. The system does not accept data or commands until you hit the Enter key. Enter Menu Organization (Web Management Interface) When you have successfully installed and configured the Access Gateway from the CLI, you can then access the Access Gateway from its embedded Web Management Interface (WMI).
  • Page 45 CCESS ATEWAY Note: Your browser preferences or Internet options should be set to compare loaded pages with cached pages. Installing the Access Gateway...

  • Page 46: Inputting Data - Maximum Character Lengths

    CCESS ATEWAY Inputting Data – Maximum Character Lengths The following table details the maximum allowable character lengths when inputting data: Data Field Max. Characters All Messages (billing options) All Messages (subscriber error messages) All Messages (subscriber login UI) All Messages (subscriber “other” messages) Description of Service (billing options Plan) Home Page URL Host Name and Domain Name (DNS settings)

  • Page 47: Online Documentation And Help

    Help system Other online documentation resources, available from our corporate Web site (www.nomadix.com), include a full PDF version of this User Guide (viewable with Acrobat™ Reader), white papers, technical notes, and business cases. The PDF version of this User Guide and associated README files are also available on the “Accessories”...

  • Page 48: Quick Reference Guide

    CCESS ATEWAY Quick Reference Guide This manual contains a“Quick Reference Guide” on page 36 which provides information to help you navigate and use the management interfaces (CLI and Web) quickly and efficiently. It also contains the product specifications, a listing of the factory default settings, sample log reports, listings of commands (by menu and alphabetical), HyperTerminal settings, and some common keyboard shortcuts.

  • Page 49: Assigning Login User Names And Passwords

    CCESS ATEWAY Assigning the Location Information and IP Addresses:  Assigning the Network Interface IP Address - This is the public IP  address that allows administrators and subscribers to see the Access Gateway on the network. Use this address when you need to make a network connection with the Access Gateway.

  • Page 50: Setting The Snmp Parameters (Optional)

    If you enabled the SNMP daemon, you must reboot the system for your changes to take effect. In this case, enter (yes) to reboot your Access Gateway. Sample Screen Response: Configuration>sn Enable the SNMP Daemon? [Yes]: Enter new system contact: newname@domainname.com [Nomadix, Newbury Park, CA] Installing the Access Gateway...

  • Page 51: Enabling The Logging Options (Recommended)

    CCESS ATEWAY Enter new system location: Office, Newbury Park, CA Enter read/get community [public]: Enter write/set community [private]: Enter IP of trap recipient [0.0.0.0]: 10.11.12.13 SNMP Daemon: Enabled System contact: newname@domainname.com System location: Office, Newbury Park, CA Get (read) community: public Set (write) community: private Trap recipient: 10.11.12.13 Reboot to enable new changes? [yes/no] y...
  • Page 52 CCESS ATEWAY Sample Screen Response: Configuration>log Enable/disable System Log [disabled ]: enable Enter System Log Number (0-7) [0 ]: 2 Enter System Log Filter 0: Emergency 1: Alert 2: Critical 3: Error 4: Warning 5: Notice 6: Info 7: Debug Select an option from above [7]: 7 Enter System Log Server IP...
  • Page 53 CCESS ATEWAY 7: Debug Select an option from above [6]: 7 Enter RADIUS History Log Server IP [255.255.255.255]: 10.10.10.10 Enable/disable RADIUS History Log Save to file [disabled ]: enable Enable/disable System Report Log [disabled ]: enable Enter System Report Log Number (0-7) [0 ]: 2 Enter System Report Log Server IP [255.255.255.255]: 10.10.10.10...

  • Page 54: Assigning The Location Information And Ip Addresses

    When prompted, enter a valid network interface IP address. The IP addresses from subscribers that are on a subnet different from the Access Gateway (for example, misconfigured) are translated by Nomadix’ Dynamic Address Translation (DAT). Enter a valid subnet mask.
  • Page 55 CCESS ATEWAY Sample Screen Response: Configuration>loc Please enter your company name [companyname]: newname Please enter your site name [sitename]: Coffee House Please enter your address <Line 1> [line1address]: newline1 <Line 2> [line2address]: newline2 <City> [city]: newcity <State> [state]: newstate <Zip/Postal Code> [zip]: newzip <Country>...

  • Page 56: Logging Out And Powering Down The System

    CCESS ATEWAY Enter network interface IP Enter subnet mask Enter default gateway IP Please enter your ISO country code [US]: Please enter your phone country code [1]: Please enter your calling area code [818]: Please enter your network SSID/Zone [ samplezonename The system must be reset to function properly.

  • Page 57: Establishing The Basic Configuration For Subscribers

    CCESS ATEWAY Rear View To Subscribers To Network Connect the power cord and turn on the Access Gateway. Go to “Establishing the Basic Configuration for Subscribers” on page Establishing the Basic Configuration for Subscribers When you have successfully established the start up configuration and installed the unit onto the customer’s network, connect to the Access Gateway via Telnet.
  • Page 58 CCESS ATEWAY server. In both cases, DHCP functionality is necessary if you want to automatically assign IP addresses to subscribers. The Access Gateway’s adaptive configuration technology provides Dynamic Address Translation (DAT) functionality. DAT is automatically configured to facilitate “plug-and-play” access to subscribers who are misconfigured with static (permanent) IP addresses, or subscribers that do not have DHCP capability on their computers.

  • Page 59: Setting The Dns Options

    Enter (dns) at the Configuration menu. The system displays the current domain (the default is “nomadix”). Enter a valid domain name (the Internet domain that DNS requests will utilize). Enter the host name (the DNS name of the Access Gateway). The host name must not contain any spaces.

  • Page 60: Archiving Your Configuration Settings

    Installing the Nomadix Private MIB The Nomadix Private MIB is supplied on the “Accessories” CD-ROM, delivered with your Access Gateway. After importing the nomadix.mib file from the CD-ROM you will be able to view and manage SNMP objects on your Access Gateway.
  • Page 61 Access Gateway (available on the Access Gateway’s CLI or Web Management Interface, under the Configuration menu – snmp All variables defined by Nomadix start with the following prefix: iso.org.dod.internet.private.enterprises.nomadix You should now be able to define queries and set the SNMP values on your Access Gateway.
  • Page 62 CCESS ATEWAY Installing the Access Gateway...

  • Page 63: Chapter 3: System Administration

    CCESS ATEWAY System Administration This section provides all the instructions and procedures necessary for system administrators to manage the Access Gateway on the customer’s network (after a successful installation). The system administration procedures in this section are organized as they are listed under their respective Web Management Interface (WMI) menus: “Configuration Menu”...

  • Page 64: Using The Web Management Interface (Wmi)

    CCESS ATEWAY Using the Web Management Interface (WMI) The Web Management Interface (WMI) is a “graphical” version of the Command Line Interface, comprised of HTML files. The HTML files are embedded in the Access Gateway and are dynamically linked to the system’s functional command sets. You can access the WMI from any Web browser.

  • Page 65: Using A Telnet Client

    User names and passwords are case-sensitive. About Your Product License Some features included in this section will not be available to you unless you have purchased the appropriate product license from Nomadix. In this case, the following statement will System Administration...

  • Page 66: Configuration Menu

    CCESS ATEWAY appear either immediately below the section heading or when the feature is mentioned in the body text: Your product license may not support this feature. You can upgrade your product license at any time. Configuration Menu Defining the AAA Services {AAA} This procedure shows you how to set up the AAA (Authentication, Authorization, and Accounting) service options.
  • Page 67 CCESS ATEWAY From the Web Management Interface, click on Configuration , then . The Authentication, Authorization, and Accounting Settings screen appears: System Administration...
  • Page 68 CCESS ATEWAY Enable or disable . If you enable AAA Services, go to Step 3, otherwise this AAA Services feature is disabled and you can exit the procedure. Select a address from the drop-down list. The list contains IP address that can Logout IP be used as the logout IP address.
  • Page 69 CCESS ATEWAY Link from the hotel’s HPR Page.  Your product license may not support this feature. Enable or disable the feature, as required. System administrators AAA Passthrough Port can set the Access Gateway to pass-through HTTPS traffic, in addition to standard port 80 traffic, without being redirected.
  • Page 70 CCESS ATEWAY Enabling AAA Services with an External Web Server – In the EWS mode, the Access  Gateway redirects the subscriber’s login request to an external server (transparent to the subscriber). The login page served by the EWS reflects the “look and feel” of the solution provider’s network and presents more login options.
  • Page 71 Adding SSL support to the Access Gateway requires service providers to obtain digital certificates from VeriSign™ to create HTTPS pages. Instructions for obtaining certificates are provided by Nomadix. To enable SSL Support, your Access Gateway’s flash must include the server.pem, cakey.pem, and cacert.pem certificate files (the “cacert.pem” file is provided with your Access Gateway).
  • Page 72 Access Gateway is configured to use either Authorize.net or Chainfusion (selected from a pull-down menu). You will need to open a merchant account with Authorize.net, Chainfusion or Datacenter (Luxembourg) before this feature can be used. Please contact Nomadix Technical Support for assistance. Refer to “Contact Information” on page 297.
  • Page 73 CCESS ATEWAY Enable or disable the SIM Compliant feature, as required. With this feature enabled, you can change the transaction key at your discretion. To change the transaction key, simply enter the key in the box, then re-enter the key in the Change Transaction Key Verify box.
  • Page 74 CCESS ATEWAY Configure the options. Parameter Signing Redirection Parameter Signing for more information about parameter signing. Click on the button to save your changes, or click on the button if you want Submit Reset to reset all the values to their previous state (making changes to the EWS settings does not require a system reboot).

  • Page 75: Establishing Secure Administration {Access Control

    In order to utilize the parameter signing feature, the EWS or Portal Page Server used must be configured to correctly parse and verify the signing information. Documentation that includes guidelines for configuring a server to support signing can be obtained by contacting Nomadix Technical Support.
  • Page 76 CCESS ATEWAY If the required certificates are not resident on the flash, an attempted https connection will generate an error syslog. From the Web Management Interface, click on , then Configuration Access Control. Access Control screen appears. System Administration...
  • Page 77 SNMP. Enabling the blocking of all interfaces and disabling SNMP will completely block access to the Access Gateway administration interface. For assistance, contact Nomadix Technical Support. Enable or disable subscriber-side interface blocking for any of the following interfaces enables/disables blocking of Telnet access from the subscriber-side ...

  • Page 78: Defining Automatic Configuration Settings {Auto Configuration

    CLI to disable the Access Control feature, or change the range of allowed IP addresses to access the management interfaces. If you have changed the serial port to act as a PMS interface, please contact Nomadix technical support. In this case, refer to “Contact Information” on page 297.
  • Page 79 As shown in the diagram below, two subsequent events drive the automatic configuration of Nomadix devices: A flow of RADIUS Authentication Request and Reply messages between the Nomadix gateway and the centralized RADIUS server that specifies the location of the meta...
  • Page 80 Administrative Steps to Enable Auto-Config for the NOC Administrator: Add NAS IP address. Add Nomadix Auto-Config VSA to the Nomadix dictionary file on the RADIUS server. Create a RADIUS profile with the configuration VSA. Create an FTP server with the configuration files.

  • Page 81: Setting Up Bandwidth Management {Bandwidth Management

    The following diagram shows a sample RADIUS configuration file, meta file and illustration of the FTP server setup. The Nomadix device will automatically initiate one reboot to enable the new settings. Configuration updates for network maintenance can be accomplished by simply enabling the Auto-Configuration option and rebooting the device (for example, using SNMP).

  • Page 82: Establishing Billing Records "Mirroring" {Bill Record Mirroring

    CCESS ATEWAY From the Web Management Interface, click on , then Configuration Bandwidth The Bandwidth Management screen appears: Management. If required, click the check box for (this field is not Bandwidth Management Enabled available on the AG 2300 platform because Bandwidth Management is always enabled). If you enabled Bandwidth Management, enter the uplink and downlink speeds (in Kbps) in the appropriate fields.
  • Page 83 CCESS ATEWAY established (with either server), the Access Gateway sends the stored information to the server—no records are lost! For more information about the bill record mirroring feature, go to “Mirroring Billing Records” on page 286. From the Web Management Interface, click on , then Configuration Bill Record...

  • Page 84: Managing The Dhcp Service Options {Dhcp

    CCESS ATEWAY The Access Gateway and the “mirror” servers must use the same secret key. Repeat Step 4 for the secondary server (if any) and all carbon copy servers. Define the “fail-safe” provisions, including: Retransmit Method – Alternate, or do not alternate. ...
  • Page 85 DHCP . The DHCP Settings screen appears: Nomadix’ patented Dynamic Address Translation (DAT) functionality is automatically configured to facilitate “plug-and-play” access to subscribers who are misconfigured with static (permanent) IP addresses, or subscribers that do not have DHCP capability on their computers. DAT allows all users to obtain network access, regardless of their computer’s network settings.
  • Page 86 CCESS ATEWAY To route DHCP through an external server, enable the DHCP Relay If you enabled the DHCP Relay feature, you must assign a valid address DHCP Server IP (the default is 0.0.0.0) and a valid address. DHCP Relay Agent IP The DHCP Relay Agent allows the Access Gateway to request a specific range of IP addresses from different IP pools from the DHCP Server.
  • Page 87 CCESS ATEWAY If you want to add a new DHCP Pool, click on the button. The Add DHCP Pools screen appears: Enter a valid DHCP Server IP address for the DHCP server. Enter the DHCP Server Netmask Enter the starting and ending IP addresses for the DHCP address pool you want to use: DHCP Pool Start IP ...

  • Page 88: Managing The Dns Options {Dns

    CCESS ATEWAY If required, make this an and/or the by checking the IP Upsell Pool Default Pool appropriate boxes. Do not allow pools to overlap. Optional, if the gateway router for the DHCP Pool is other than that of the DHCP Server IP, select and enter the IP address of the gateway router of choice.

  • Page 89: Managing The Dynamic Dns Options {Dynamic Dns

    CCESS ATEWAY The secondary and tertiary DNS servers are only utilized if the primary DNS server is unavailable. Enter a DNS Redirection Port and a Proxy DNS Port When finished, you must reboot the system for the new settings to take effect. Click on the check box for to reboot the system after saving your Reboot after changes are saved?

  • Page 90: Gre Tunneling {Gre Tunneling

    CCESS ATEWAY Enter the Provider Info Select the provider protocol from the menu. Currently, only  Protocol dyndns.org dyndns.org (secure) are supported. The default setting is dyndns.org (secure) In the field, enter the server name to which the client sends updates to the ...

  • Page 91: Setting The Home Page Redirection Options {Home

    CCESS ATEWAY Click the checkbox for GRE Tunneling to enable this feature. Enter the . This is the IP address of the remote server. VPN Concentrator IP Address Enter the . This is the IP of the local GRE interface on the GRE Interface IP Address Access Gateway.

  • Page 92: Enabling Intelligent Address Translation (Inat™)

    Our patented iNAT™ feature contains an advanced, real-time translation engine that analyzes all data packets being communicated between the private and public address domains. The Nomadix iNAT™ engine performs a defined mode of network address translation based on packet type and protocol (for example, GRE, IKE etc…).
  • Page 93 CCESS ATEWAY Enable or disable the feature, as required. iNAT ™ If you enabled iNAT , you have the option of enabling or disabling the following VPN protocols: PPTP  PPTP CALL ID  IPSEC   Click on the Submit button to save your options.

  • Page 94: Defining Ipsec Tunnel Settings {Ipsec

    CCESS ATEWAY Defining IPSec Tunnel Settings {IPSec} From the Web Management Interface, click on , then . The IPSec Configuration IPSec Tunnel Settings screen appears: Check the Enable IPsec checkbox to enable IPsec. Note that you will have to reboot for IPsec to take effect.
  • Page 95 CCESS ATEWAY Managing IPSec Tunnel Peers You can add a new IPSec tunnel peer or modify the settings of an existing IPSec tunnel peer from the IPSec Tunnel Settings screen. Adding a new IPSec tunnel peer Click the button in the table.
  • Page 96 CCESS ATEWAY Note that the files must exist on flash first. In the section, select the following settings: IKE Channel Security Parameters s – Check the and/or checkboxes (you  Acceptable Encryption Algorithm 3DES must check at least one option). –...
  • Page 97 CCESS ATEWAY Adding a New IPSec Security Policy In the IPSec Security Policies table, click the button to add an entry. The IPsec Tunnel Security Policy Settings screen opens. Select the tunnel peer IP address for which you would like to add a security policy from menu.
  • Page 98 CCESS ATEWAY Next you will define selectors of the Security Policy. All selectors must match for the policy to be applied. Define the following selectors for the Remote End – Enter the IP address of the remote network secured by the IPSec Remote IP/Subnet ...
  • Page 99 CCESS ATEWAY – See Setting joint ESP and AH parameters to set parameters that pertain to both  ESP and AH policies. Setting joint ESP and AH parameters These parameters affect both ESP and AH policies. Select all the by putting a check in the ...

  • Page 100: Establishing Your Location {Location

    CCESS ATEWAY Establishing Your Location {Location} This command sets up your location and the corresponding IP addresses for the network interface, subscriber interface, subnet, and default gateway. You *must* provide your full location information. From the Web Management Interface, click on Configuration , then Location.
  • Page 101 CCESS ATEWAY Enter your location information in the following fields: Company Name  Site Name  Address (Line 1 and Line 2)  City, State, Zip, and Country  E-mail Address  ISO Country Code  Phone Country Code  Calling Area Code ...
  • Page 102 CCESS ATEWAY All IP addresses must be established, otherwise the Access Gateway will not be “visible” on the network. Make a selection for . This determines how the Access Network Configuration Method Gateway receives its IP address to work on the network. If the Access Gateway receives its IP address from a , select DHCP.

  • Page 103: Managing The Log Options {Logging

    CCESS ATEWAY The IP addresses from subscribers that are on a subnet different from the Access Gateway (for example, misconfigured) are translated by Nomadix’ Dynamic Address Translation (DAT) patented technology to the Subscriber IP Address. The subscriber interface acts as a multifunctional “translator.” For example, if a subscriber’s computer is setup statically for a network with a gateway address of...
  • Page 104 CCESS ATEWAY From the Web Management Interface, click on , then The Log Configuration Logging. Settings screen appears: System Administration...
  • Page 105 CCESS ATEWAY If required, click on the check box for System Log to enable system logging. When system logging is enabled, the standard SYSLOG protocol (UDP) is used to send all message logs generated by the Access Gateway to the specified SYSLOG server. Enter a unique number (between 0 and 7) in the field.
  • Page 106 CCESS ATEWAY Subscriber Tracking Log Enabling this checkbox enables the Subscriber Tracking log. Use this to track the network usage of specific Subscribers on the network by receiving a syslog of every Session that is opened by each subscriber. Each new DAT session that is created for subscribers is logged in these syslogs.
  • Page 107 CCESS ATEWAY PageFaults are stored in the file named “lograw.txt” in the /flash directory and is not viewable on the web management interface. Check the option to enable or disable the Subscriber Subscriber Tracking Log tracking log. Note: NTP must be enabled on the NSE for Subscriber tracking log to be enabled.

  • Page 108: Enabling Mac Authentication {Mac Authentication

    CCESS ATEWAY Check the option to save the syslogs locally to Subscriber Tracking Log save to file the NSE flash. Note: Not recommended. Check the option to include the first 25 characters of Include User Name Reporting the username in the Syslog. Check the option and Port Location: Include Port Reporting...

  • Page 109: Assigning Passthrough Addresses (Passthrough Addresses)

    CCESS ATEWAY RADIUS server must use the same format. The options are: aa-bb-cc-dd-ee-ff , or . The default setting is aa:bb:cc:dd:ee:ff aabbccddeeff aa-bb-cc-dd-ee-ff Select the . This setting specifies, in the MAC addresses Case of Hex-Alpha Characters in RADIUS username and password attributes, whether the hex-alpha characters A-F will be uppercase or lower case.

  • Page 110: Assigning A Pms Service {Pms

    IP address or DNS name of the pass-through you want IP/DNS Name to add or remove from the system. The system only accepts route DNS names (for example, www.nomadix.com). Do not include protocol, port, or path information. If adding this pass-through, click on the...
  • Page 111 Micros POS system. This functionality allows hotels to seamlessly deploy wireless networks (or alternatively use low-cost wired access concentration equipment) that either do not support port-ID or do so in a proprietary format that Nomadix does not currently support— and still be able to bill directly to the room.
  • Page 112  Ramesys ImagInn PMS  OnQ (System 21)  Xeta Virtual XL  Nomadix offers the following standards-based interfaces, generally used to establish an interface to any of the PMS systems that are not proprietary: HOBIC-RSI  HOBIC-TSPS  HOBIC-1BT2 ...
  • Page 113 CCESS ATEWAY From the Web Management Interface, click on Configuration , then PMS. The Property Management System Settings screen appears: System Administration...
  • Page 114 You also have the following check box options (see note): Match Last Name Only  Skip First Char in Last Name  OnQ Compliant (Enable this option if you want to use Nomadix Micros POS  emulation to query & post to Hilton Corporation's OnQ PMS system). System Administration...
  • Page 115 Reset Based on the HOBIC interface standards, Nomadix, Inc. has also certified interoperability with a number of other PMS and call accounting solutions such as Ramesys’ ImagInn, Xeta Virtual XL, and Hilton’s proprietary standard OnQ.

  • Page 116: Setting Up Port Locations {Port-Location

    CCESS ATEWAY Setting Up Port Locations {Port-Location} Port-Location allows you to establish the mode of operation for devices. From the Web Management Interface, click on , then Configuration Port-Location. Port-Location Settings screen appears: System Administration...
  • Page 117 CCESS ATEWAY System administrators can set the properties for each room from the subscriber side of the Access Gateway. The system automatically detects which port number the administrator is using and allows them to enter the fields for the room corresponding to the port they are using.
  • Page 118 CCESS ATEWAY These options enable an SNMP query to “ask” the access concentration device which card, slot, or port the information is coming from. The information can then be “sent to” and “billed by” the PMS. You must enter the (not name), , and IP address...
  • Page 119 CCESS ATEWAY In Room Port Mapping This section shows In Room Port Mapping from the subscriber side, when the In Room Port Mapping feature is enabled. Access Gateway multiple VLAN tagged systems can use the same tags and be placed on different Subscriber ports. Although it is technically possible to place two different VLAN tagged switches (one on each Subscriber side) that have the same VLAN tags designated, this configuration can cause problems.
  • Page 120 CCESS ATEWAY Enter your user name and password, then click on the button. The In Room Port Mapping screen appears: Enter the room number and a description for this room. Select the access mode you want to assign to this room: Room Free Access ...

  • Page 121: Setting Up Quality Of Service {Qos

    CCESS ATEWAY Setting up Quality of Service {QoS} The Quality of Service feature allows subscriber traffic to be classified so that it can then be acted upon by devices that support QoS prioritization or other QoS capabilities. This requires the use of 802.1q-based VLANS on the network, as it is based on 802.1p Class of Service (CoS) marking.

  • Page 122: Defining The Radius Client Settings {Radius Client

    The “Usernames” function must be enabled for a RADIUS login. See also, “Defining the AAA Services {AAA}” on page Nomadix offers an integrated RADIUS client, allowing service providers to track or bill users based on the number of connections, location of the connection, bytes sent and received, connect time, etc.
  • Page 123 CCESS ATEWAY client authenticates the customer with the RADIUS server, applies associated attributes stored in that customer's profile, and logs their activity (including bytes transferred, connect time, etc.). The Access Gateway's RADIUS implementation also handles vendor specific attributes (VSAs), required by WISPs that want to enable more advanced services and billing schemes, such as a per device/per month connectivity fee.
  • Page 124 CCESS ATEWAY For additional RADIUS information, see also: “Defining the RADIUS Proxy Settings {RADIUS Proxy}” on page 114  “Defining the Realm-Based Routing Settings {Realm-Based Routing}” on page 118  “RADIUS Attributes” on page 267  From the Web Management Interface, click on Configuration , then RADIUS Client.
  • Page 125 CCESS ATEWAY Fixed (for routing to predefined RADIUS servers)  Select the Default RADIUS Service Profile from the pull-down menu. Enter a Local Authentication Port and a Local Accounting Port. Select whether Later Login Supersedes Previous . This will alow a secondary form of authentication to override MAC authentication if necessary, and use the credentials of the last login to succeed.

  • Page 126: Defining The Radius Proxy Settings {Radius Proxy

    CCESS ATEWAY If required, check the box to create a link that users can go Enable Forget your Password to (and is added to the passthrough list) so they can run a page at their ISP to get their password. If required, check the box to allow the 802.1 q tag to Enable RADIUS Based WAN VLAN...
  • Page 127 CCESS ATEWAY From the Web Management Interface, click on Configuration , then RADIUS Proxy. RADIUS Proxy Settings screen appears: Enable or disable , as required, by clicking on the appropriate RADIUS Proxy Services check box. If you enabled RADIUS Proxy Services, you must provide the Authentication Server Port and the references.
  • Page 128 CCESS ATEWAY Adding an Upstream RADIUS NAS If you want to add a new Upstream RADIUS NAS (for example, an 802.11 Access Point on the subscriber side of the Access Gateway), click on the button. The Add Upstream RADIUS NAS screen appears: To make this entry the “active”...
  • Page 129 CCESS ATEWAY Place a check in the box of the Nomadix VSAs to be enforced by the Proxy for this entry The Radius VSA for Bandwidth-Up will be passed on  Enforce Bandwidth-Up VSA: to the Upstream NAS when enabled.

  • Page 130: Defining The Realm-Based Routing Settings {Realm-Based Routing

    CCESS ATEWAY The Upstream RADIUS NAS definition you just added appears in the list. You can add up to 10 definitions. Repeat Steps 5 through 11 to add more Upstream RADIUS NAS definitions, as required. To view your configured RADIUS Service Profiles and Realm Routing Policies, click on the link: Click here to see configured RADIUS service profiles and Realm Routing Policies...
  • Page 131 CCESS ATEWAY “RADIUS Attributes” on page 267  From the Web Management Interface, click on Configuration , then Realm-Based Routing. The Realm-Based Routing Settings screen appears: Define RADIUS Service Profiles RADIUS service profiles are used to direct username access requests for both plain RADIUS users and users who supply realm/domain in their username.
  • Page 132 CCESS ATEWAY To add a RADIUS Service Profile, click on the appropriate button. The Add RADIUS Service Profile screen appears: Enter a name of your choice for this service profile in the field. Unique Name Authentication This category requires input for enabling RADIUS authentication and requires you to define IP addresses, ports, and secret keys for the primary and secondary RADIUS servers (the secondary server is optional).
  • Page 133 CCESS ATEWAY keys must match for communication between the server and the client to continue. The secret key is a valuable and necessary security measure. The Access Gateway and the RADIUS servers must use the same secret key. Repeat Steps 2 through 4 for the secondary RADIUS authentication server (if used). Accounting This category requires input for enabling the RADIUS accounting service, and also requires the necessary IP addresses, ports and secret keys for the primary and secondary RADIUS...
  • Page 134 CCESS ATEWAY Define Tunnel Profiles Tunnel profiles can be defined when L2TP tunnel parameters are known and it is not necessary to send an access request to a RADIUS server to obtain those parameters or for accounting purposes. Create a tunnel profile for each L2TP tunnel whose parameters are known. The tunnel parameters that the profile contains are the IP address of the LNS and the tunnel password.
  • Page 135 CCESS ATEWAY The tunnel server in this case is configured to authenticate users via another RADIUS server that handles a single realm. Since it handles a single realm, no realm information is needed for users and so must be stripped. In this case, it is stripped by the NSE, but it could easily have been stripped by the tunnel server, or by the tunnel server’s RADIUS server.
  • Page 136 CCESS ATEWAY System Administration...
  • Page 137 CCESS ATEWAY The following screen shows a realm routing policy that handles suffix-based usernames using a tunnel profile. This differences in this example are that the realm name is “tcisp.com”, “Suffix match only” is enabled (the delimiter in this case is “@”), and a tunnel profile, “LNSOne”, is selected instead of a RADIUS service profile.
  • Page 138 CCESS ATEWAY The “Local hostname” field is also blank is this example which means that the NSE will use the default value of “usg_lac” during tunnel negotiation. Configure RADIUS Client The NSE RADIUS client must be setup for realm-based routing mode since realm information will be used by the NSE’s L2TP tunnel feature to determine how to handle usernames that contain realm information.

  • Page 139: Managing Smtp Redirection {Smtp

    CCESS ATEWAY Managing SMTP Redirection {SMTP} When SMTP redirection is enabled (for misconfigured or properly configured subscribers), the Access Gateway redirects the subscriber’s E-mail through a dedicated SMTP server, including SMTP servers which support login authentication. To the subscriber, sending and receiving E- mail is as easy as it’s always been.

  • Page 140: Managing The Snmp Communities {Snmp

    CCESS ATEWAY Managing the SNMP Communities {SNMP} You can address the Access Gateway using an SNMP client manager (for example, HP OpenView). SNMP is the standard protocol that regulates network management over the Internet. To do this, you must set up the SNMP communities and identifiers. For more information about SNMP, see “Using an SNMP Manager”...

  • Page 141: Enabling Dynamic Multiple Subnet Support (Subnets)

    You can now use your SNMP client to manage the Access Gateway via the Internet. Enabling Dynamic Multiple Subnet Support (Subnets) Nomadix’ dynamic multiple subnet support allows you to create flexible and cost-effective IP pool solutions to meet the demands of complex networks in large residential and public access networks.
  • Page 142 CCESS ATEWAY From the Web Management Interface, click on , then The Public Configuration Subnets. Subnets Settings screen appears: Click on the button to add a new public subnet. The Add Public Subnets screen appears: Enter a valid IP address for this subnet in the Subnet field.

  • Page 143: Displaying Your Configuration Settings {Summary

    For additional information about the multiple subnet feature, go to “Contact Information” on page 297 for Nomadix Technical Support. Displaying Your Configuration Settings {Summary} You can display a summary listing of all your current Configuration settings. To view the summary listing, go to the Web Management Interface, click on...

  • Page 144: Setting The System Date And Time {Time

    CCESS ATEWAY The Summary of Configuration Settings screen appears (partial screen shown here): More listings ... Setting the System Date and Time {Time} This procedure shows you how to set the system date and time. System Administration...
  • Page 145 CCESS ATEWAY From the Web Management Interface, click on Configuration , then Time. The Set Date and Time screen appears: if you Select to use the local hardware time or select Internal Time External Time Server want to use NTP instead of the internal clock of the NSE If you select , enter the new date and time parameters in the relevant fields Internal Time...

  • Page 146: Setting Up Traffic Descriptors

    CCESS ATEWAY If you select External Time In the field, enter the number of seconds before the NSE gives up on  Server Timeout receiving a time response from the NTP server. In the fields, enter up to 4 different NTP servers to query for the ...

  • Page 147: Setting Up Url Filtering {Url Filtering

    CCESS ATEWAY Select to create a new Traffic Descriptor, or select a link to an existing descriptor to modify it. The Add Traffic Descriptor screen appears. Enter a name for the descriptor in the field. Unique Name Enter a brief summary about the descriptor in the field.

  • Page 148: Selecting User Agent Filtering Settings

    CCESS ATEWAY DNS domain name (for example, *.yahoo.com, meaning all sites under the  yahoo.com hierarchy, such as finance.yahoo.com, sports.yahoo.com, etc.). The system administrator can dynamically add or remove specific IP addresses and domain names to be filtered for each property. From the Web Management Interface, click on , then Configuration...

  • Page 149: Zone Migration

    CCESS ATEWAY From the Web Management Interface, click on Configuration , then User Agent Filtering. The User Agent Filtering Settings screen appears: Enable to use the filtering capabilities for the User-Agents. User-Agent Filtering Add the names of the different User-Agents that you want to filter to the HTTP User- Agent name field.
  • Page 150 CCESS ATEWAY From the Web Management Interface, click on , then Configuration Zone Migration. Zone Migraton Settings screen appears: Select to enable the Zone Migration feature. Relogin after migration Add a new Zone In the section, new zones can be added and initially configured, using Zone-Based Migration the following parameter fields: –...

  • Page 151: Defining Ipsec Tunnel Settings

    As part of Nomadix’ commitment to provide outstanding carrier-class network management capabilities to its family of public access gateways, we offer secure management through the NSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption. Establishing the IPSec tunnel not only allows for the secure management of the Nomadix gateway using any preferred management protocol, but also the secure management of third party devices (for example, WLAN Access Points and 802.3 switches) on private subnets on...
  • Page 152 CCESS ATEWAY Two subsequent events drive the secure management function of the Nomadix gateway and the devices behind it: Establishing an IPSec tunnel to a centralized IPSec termination server (for example, Nortel Contivity). As part of the session establishment process, key tunnel parameters are exchanged (for example, Hash Algorithm, Security Association Lifetimes, etc.).

  • Page 153: Network Info Menu

    CCESS ATEWAY Network Info Menu Displaying ARP Table Entries {ARP} You can display a table that shows the current status of the ARP (Address Resolution Protocol) assignments. ARP is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address.

  • Page 154: Displaying The Host Table {Hosts

    CCESS ATEWAY The DAT Session Table screen appears: Click on the Delete all sessions button to clear all current subscriber sessions. Deleting DAT sessions will cause all misconfigured subscribers to lose their Internet connection for a short period of time. Displaying the Host Table {Hosts} You can display a table which lists the hosts that are currently configured.

  • Page 155: Displaying Icmp Statistics {Icmp

    CCESS ATEWAY The Host Table screen appears: Displaying ICMP Statistics {ICMP} You can display the current ICMP (Internet Control Message Protocol) statistics. ICMP is a standard Internet protocol that delivers error and control messages from hosts to message requestors. These statistics are presented as a listing which details the current status of each ICMP transmission element.
  • Page 156 CCESS ATEWAY The Network Interfaces screen appears: System Administration...

  • Page 157: Displaying The Ip Statistics {Ip

    CCESS ATEWAY Displaying the IP Statistics {IP} You can display the IP (Internet Protocol) statistics which are presented as a detailed listing of all IP elements and their current status. With IP transmissions, data is broken up into packets which are then sent over the network. By using IP addressing, Internet Protocol ensures that the data reaches its destination, even though different packets may “pass through”...

  • Page 158: Displaying The Active Ip Connections {Sockets

    CCESS ATEWAY To view the Routing Tables, go to the Web Management Interface, click on , then Network Info click on Routing. The Routing Tables screen appears: Displaying the Active IP Connections {Sockets} You can display a table which provides a detailed listing of all currently active IP (Internet Protocol) connections.

  • Page 159: Displaying The Static Port Mapping Table {Static Port-Mapping

    CCESS ATEWAY The Socket Table screen appears: Displaying the Static Port Mapping Table {Static Port-Mapping} You can display a table which provides a detailed listing of the currently active static port mapping scheme. To view the Static Port-Mapping Table, go to the Web Management Interface, click on , then click on Network Info Static Port-Mapping.

  • Page 160: Displaying Tcp Statistics {Tcp

    CCESS ATEWAY Displaying TCP Statistics {TCP} You can display the TCP (Transmission Control Protocol) statistics which are presented as a detailed listing of all TCP elements and their current status. TCP is a standard protocol that manages data transmissions across networks. To view the TCP Statistics, go to the Web Management Interface, click on Network Info , then...

  • Page 161: Displaying Udp Statistics {Udp

    CCESS ATEWAY Displaying UDP Statistics {UDP} You can display the UDP (User Datagram Protocol) statistics which are presented as a detailed listing of all UDP elements and their current status. UDP is an Internet standard transport layer protocol. It is a connectionless protocol which adds a level of reliability and multiplexing to the Internet Protocol (IP).

  • Page 162: Adding And Updating Port-Location Assignments {Add

    CCESS ATEWAY Adding and Updating Port-Location Assignments {Add} Port-locations can be assigned at any level (for example, a specific room in a hotel or apartment building, a floor number, wing, or building). There may even be multiple ports assigned to a single room or location. The Access Gateway uses a port-location authorization table to manage the assigned ports and ensure accurate billing for the services used by a particular port.
  • Page 163 CCESS ATEWAY Adding a Port-Location Assignment This procedure shows you how to add a port-location assignment. If you want to update an existing assignment, go to Updating a Port-Location Assignment. From the Web Management Interface, click on Port-Location, then Add. The Add Port- Location Assignments screen appears: System Administration...
  • Page 164 CCESS ATEWAY Enter a location identifier in the Location field. Locations can be assigned as an alpha, numeric, or alpha-numeric value unless a PMS interface is used (see note). If you are using a PMS interface, ensure that the "Location" field consists only of numbers (no alpha characters or symbols).

  • Page 165: Deleting All Port-Location Assignments {Delete All

    CCESS ATEWAY Please note that while it is possible to set the value of a per-port configuration parameter independently of the value of the corresponding global parameter, the feature itself is disabled for a port unless both the per-port and global parameters are set to enabled. Thus: RADIUS authentication for a port is enabled only if the RADIUS Client is globally ...

  • Page 166: Deleting Port-Location Assignments By Location {Delete By Location

    CCESS ATEWAY From the Web Management Interface, click on , then The Delete Port-Location Delete All. All Port-Location Assignments screen appears: Click on the button to delete all Port-Location assignments. Delete All Deleting Port-Location Assignments by Location {Delete by Location} This procedure shows you how to delete a port-location assignment, based on its location.

  • Page 167: Deleting Port-Location Assignments By Port {Delete By Port

    CCESS ATEWAY Deleting Port-Location Assignments by Port {Delete by Port} This procedure shows you how to delete a port-location assignment, based on its port. The Access Gateway prompts you to confirm this action before deleting the requested port- location. If you are unsure which port-locations are currently mapped to the system, you can view a list at “Displaying the Port-Location Mappings {List}”...

  • Page 168: Finding Port-Location Assignments By Description {Find By Description

    CCESS ATEWAY From the Web Management Interface, click on , then The Export Port-Location Export. Port-Location Assignments screen appears: Click on the button to export port-location assignment to the /flash/location.txt. Export file. Finding Port-Location Assignments by Description {Find by Description} This procedure shows you how to find a port-location assignment, based on its description.

  • Page 169: Finding Port-Location Assignments By Location {Find By Location

    CCESS ATEWAY Finding Port-Location Assignments by Location {Find by Location} This procedure shows you how to find a port-location assignment, based on its location. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their description or port.

  • Page 170: Finding Port-Location Assignments By Port {Find By Port

    CCESS ATEWAY Finding Port-Location Assignments by Port {Find by Port} This procedure shows you how to find a port-location assignment, based on its port. This procedure is useful if you want to review the details of a specific port-location. You can also find port-locations based on their description or location.

  • Page 171: Importing Port-Location Assignments {Import

    CCESS ATEWAY Importing Port-Location Assignments {Import} This procedure shows you how to import port-location assignments from the “location.txt” file. The location.txt file is stored in: /flash/location.txt (resident in the Access Gateway’s flash memory). If you have never exported port-location assignments (since installing the Access Gateway at this site), the location.txt is empty.
  • Page 172 CCESS ATEWAY Creating a “location.txt” File You can create your own “location.txt” file and upload the file to the Access Gateway’s flash memory at [IP address]/flash/location.txt. Use the following format when creating the file: “1”,1,00:00:00:00:00:00,0.0.0.0,0, “Room 101” The 4 (four) fields used in the format represent the standard format for port-location assignments (location, port, modem MAC address for RiverDelta, subnet, state, description).

  • Page 173: Displaying The Port-Location Mappings {List

    CCESS ATEWAY Displaying the Port-Location Mappings {List} You can display a listing of all port-locations assigned to this system. To view the listing of port-location assignments, go to the Web Management Interface, click , then click on The List Port-Location Assignments screen appears: Network Info List.
  • Page 174 CCESS ATEWAY Adding a Subscriber Type Profile From the Web Management Interface, click on , then Subscriber Administration Add. The Add a Subscriber Profile to the Database screen appears: Choose the account type. Subscriber Define the DHCP Address Type: (only used when the IP Upsell feature Public Private is enabled, otherwise leave this set to “private”).
  • Page 175 CCESS ATEWAY In the Username field, enter a user name for this subscriber. If you entered a MAC address and you do not want to assign a user name, skip Step 9 (password). User names and passwords are case-sensitive. Having a user name and password is an optional service that subscribers may request (for example, if they are using more than one machine, or moving between locations and they want an additional level of security).
  • Page 176 CCESS ATEWAY Adding a Device Type Profile From the Web Management Interface, click on , then Subscriber Administration Add. The Add a Subscriber Profile to the Database screen appears: Choose the account type for this profile. Device If required, enable the feature.
  • Page 177 CCESS ATEWAY Select a policy from the QoS Policy menu. See “Setting up Quality of Service {QoS}” on page 109 for more information. Enable to allow the specified user to have their SMTP traffic STMP Redirection redirected by the global SMTP redirect configuration. Click on the button to add this device to the database, or click on the button if you...
  • Page 178 CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Administration Add. The Add a Subscriber Profile to the Database screen appears: Choose the type for this profile. Group Account Define the DHCP Address Type: (only used when the IP Upsell feature Public Private is enabled, otherwise leave this set to “private”).

  • Page 179: Displaying Current Subscriber Connections {Current

    CCESS ATEWAY Define the Min Upstream Bandwidth Max Upstream Bandwidth range for this subscriber (in Kbps). Define the range for this Min Downstream Bandwidth Max Downstream Bandwidth subscriber (in Kbps). Enter the for the subscriber account. Maximum users per group Select a policy from the menu.

  • Page 180: Deleting Subscriber Profiles By Mac Address {Delete By Mac

    CCESS ATEWAY The Subscriber Statistics screen appears, showing the usage statistics for all subscribers currently connected to the system: Click on a link to view the associated subscriber In the State field, “Valid” denotes that the subscriber has been authenticated. “Pending”...

  • Page 181: Deleting Subscriber Profiles By User Name {Delete By User

    CCESS ATEWAY From the Web Management Interface, click on Subscriber Administration , then Delete The Delete a Subscriber Profile (by MAC) screen appears: by MAC. In the field, enter the MAC address of the profile you want to delete. Enter MAC Address Click on the button to delete this subscriber profile, or click on the button if...

  • Page 182: Displaying The Currently Allocated Dhcp Leases {Dhcp Leases

    CCESS ATEWAY Displaying the Currently Allocated DHCP Leases {DHCP Leases} You can display a listing of the DHCP (Dynamic Host Configuration Protocol) leases that are currently active on the system’s DHCP server. DHCP is a standard method for assigning IP addresses automatically to network devices.

  • Page 183: Finding Subscriber Profiles By Mac Address {Find By Mac

    CCESS ATEWAY Click on the button to remove all expired profiles. Finding Subscriber Profiles by MAC Address {Find by MAC} This procedure shows you how to find a subscriber profile from the Access Gateway’s database of authorized subscribers, based on the profile’s MAC address. Use this procedure when you want to see the statistics corresponding to the MAC address.

  • Page 184: Listing Subscriber Profiles By Mac Address {List By Mac

    CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Administration Find by The Find a Subscriber Profile screen appears: User. In the field, enter the user name of the subscriber you want to find. Enter Username Click on the button to view this subscriber profile, or click on the button if Show...

  • Page 185: Listing Subscriber Profiles By User Name {List By User

    CCESS ATEWAY -1 indicates a subscriber added by Admin or XML useradd with no associated plans. Listing Subscriber Profiles by User Name {List by User} You can display the currently active database of authorized subscribers, based on user names. To view the list of Authorized Subscriber Profiles, go to the Web Management Interface, click Subscriber Administration , then click on List by User.

  • Page 186: Viewing Radius Proxy Accounting Logs {Radius Session History

    CCESS ATEWAY Viewing RADIUS Proxy Accounting Logs {RADIUS Session History} These settings are available under Subscriber Administration/RADIUS Session History menu. Enable Logfile checkbox When this setting is enabled any RADIUS proxy accounting messages sent or received by the RADIUS proxy application are logged into a file named “RADHIST.RAD” in the /flash directory.

  • Page 187: Displaying Current Profiles And Connections {Statistics

    CCESS ATEWAY Displaying Current Profiles and Connections {Statistics} You can view the total number of profiles and connections currently stored in the Access Gateway’s database of authorized subscribers. The displayed list includes the number of subscribers currently in the database (Current Table) and a numerical breakdown of how the subscribers can utilize the system (for example, free access, credit card, etc.).
  • Page 188  charge. In addition to credit card billing, Property Management Systems used by hotels are also supported along with the internal data base of the Access Gateway and billing via Nomadix' secure XML API. See also, “Assigning a PMS Service {PMS}” on page 98 (see following note).
  • Page 189 CCESS ATEWAY From the Web Management Interface, click on Subscriber Interface , then Billing . The Internal Billing Options Setup screen appears: Options Review the billing plans (normal plans and X over Y plans) that are currently active. To view or edit a billing plan, simply click on the button opposite the View/Edit/Delete corresponding plan.
  • Page 190 CCESS ATEWAY The Internal Billing Options Plan Setup or Internal Billing Options XoverY Plan Setup screen appears for the billing plan (and type) you selected. System Administration...
  • Page 191 CCESS ATEWAY Sample of Internal Billing Options XoverY Plan Setup Screen Depending on the type of plan you want to set up, go to: “Setting Up a “Normal” Billing Plan” on page 180.  System Administration...
  • Page 192 CCESS ATEWAY “Setting Up an X over Y Billing Plan” on page 181.  Setting Up a “Normal” Billing Plan If required, click on the check box to enable (make active) this billing plan. Enable Define a “label” for this billing plan in the field.
  • Page 193 CCESS ATEWAY Define the messages you want to present to subscribers, including: Introduction Message  Offer Message  Policy Message  Define the (Minute, Hour, Day, Week, or Month) you want to make Units of Access available to subscribers. If you want to allow free access to subscribers, you can define the following free billing options: Default Free Access Time (in days) ...

  • Page 194: Setting Up The Information And Control Console {Icc Setup

    (previous) screen. Setting Up the Information and Control Console {ICC Setup} The Nomadix ICC is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing plan options quickly and efficiently, and displays a dynamic “time”...
  • Page 195 CCESS ATEWAY (described above). The pop-up Logout Console offers the opportunity to display the elapsed/ count-down time and one logo for intra-session service branding. Featured Logout Console This procedure allows you to set up how the ICC is displayed to subscribers. For more information about the ICC, go to “Information and Control Console (ICC)”...
  • Page 196 CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Interface ICC Setup The ICC Setup screen appears: System Administration...
  • Page 197 If you enabled either of the ICC pop-up options, you can choose a unique name for the console. Simply type a meaningful name in the field. Title Define the physical location where you want the Nomadix Logout Console to appear on the subscriber’s screen. Choose one of the following options: Upper Left Corner ...
  • Page 198 CCESS ATEWAY – The name of the button and the mouse-over text. The mouse-over text is  Name/Text the text that appears in the ICC’s Message Bar when your mouse pointer “rolls” over a button image. Message – Where subscribers are sent when they click on the button. Target URL ...
  • Page 199 CCESS ATEWAY Assigning Banners From the Subscriber Console (Information and Control Console - ICC) Setup screen, click on the link. The Subscriber Console (Information and Control Configure Banners Console - ICC) Banners Setup screen appears: Click here to return to the previous screen You can display up to 5 banners, but they must be defined here.
  • Page 200 CCESS ATEWAY Define the parameters for your banner(s): Name/Text  Target URL  Image Name (see following note)  Duration (secs)  Start Time (Optional)  Stop Time (Optional)  If you assign (or change) button images or banner images, the Access Gateway must be rebooted for your changes to take effect.

  • Page 201: Defining Languages {Language Support

    CCESS ATEWAY Banner (373 x 32 pixels) Small Buttons (45 x 26 pixels) ISP Button (98 x 26 pixels) Time Formats Use the following formats when defining times: Duration for Banners – 1 through 9999, or more  Start or Stop times for Banners –...
  • Page 202 CCESS ATEWAY French  German  Japanese (Shift_JIS)  Spanish  Other, with drop-down menu (see note)  From the Web Management Interface, click on , then Subscriber Interface Language Support . The Language Support screen appears: Select the language you want to use (see notes). There are currently 6 (six) “pre-translated”...

  • Page 203: Enable Serving Of Local Web Pages {Local Web Server

    CCESS ATEWAY If sufficient space is available, the Access Gateway’s Internal Web Server also supports multiple languages at the same time. The following sample image shows the Web Management Interface (WMI) displayed with Asian language characters. Enable Serving of Local Web Pages {Local Web Server} Here are the quick setup instructions to enable serving of local web pages.
  • Page 204 CCESS ATEWAY The pages can now be served by referencing the URL http://nseip:1111/web/<filename> or at https://nseip:1112/web/<filename> for preauthenticated end users. The post-authentication pages and images are available at http://nseip:3111/web/ <filename> These settings are available under Subscriber Interface/Local Web Server menu. Web Page File Name This text box lets you add or remove the names of the web pages that you intend to serve to the end users.

  • Page 205: Defining The Subscriber's Login Ui {Login Ui

    CCESS ATEWAY Defining the Subscriber’s Login UI {Login UI} This procedure allows you to set up the presentation and content of the subscriber’s login User Interface (UI). System Administration...
  • Page 206 CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Interface Login UI. Subscriber Login User Interface Settings screen appears: Define the messages you want subscribers to see when they log in. Keep messages brief and to the point. Available message categories include: Service Selection Message ...
  • Page 207 CCESS ATEWAY Existing Username Message  New Username Message  Contact Message  PMS Username Message  If any of your devices do not support Java™ scripts, you have the option of disabling the Access Gateway’s JavaScript™ support (JavaScript support is enabled by default). If necessary (and if JavaScript support is already enabled), click on the check box for Enable to disable this feature.
  • Page 208 CCESS ATEWAY Take care when mixing font and background colors. You may want to experiment before establishing these settings to ensure that your chosen color scheme is both presentable and readable to subscribers (see notes). You must reboot the Access Gateway for the “Image File Name” or “Partner Image File Name”...

  • Page 209: Defining The Post Session User Interface (Post Session Ui)

    CCESS ATEWAY Subscriber Login Screen (Sample) The following sample shows a subscriber login screen: Defining the Post Session User Interface (Post Session UI) The Post Session UI (Goodbye Page) can be defined either as a RADIUS VSA or be driven by the Access Gateway’s Internal Web Server (IWS).
  • Page 210 CCESS ATEWAY Freely configurable hypertext link (in case the ISP wants to link the user back to a  sign-up/help page). Sample of Post Session UI (Goodbye Page) System Administration...
  • Page 211 CCESS ATEWAY From the Web Management Interface, click on Subscriber Interface , then Post Session The Subscriber Post Session User Interface Settings screen appears: System Administration...

  • Page 212: Defining Subscriber Ui Buttons {Subscriber Buttons

    CCESS ATEWAY Click on the check box to enable (or disable) the IWS Enable IWS Goodbye Page Goodbye Page, as required. If you enabled the IWS Goodbye Page, select your preferred display options by checking the corresponding boxes: Display IP Address ...

  • Page 213: Defining Subscriber Ui Labels {Subscriber Labels

    CCESS ATEWAY From the Web Management Interface, click on Subscriber Interface , then Subscriber The Subscriber Page -- Control Button Definitions screen appears: Buttons. Caution Enter the definitions you want for each control button in the corresponding fields. Only the Login button should be named “Login.” Do not assign this name to any other button.
  • Page 214 CCESS ATEWAY From the Web Management Interface, click on , then Subscriber Interface Subscriber The Subscriber Page -- Field Label Definitions screen appears: Labels. Enter the definitions you want for each label in the corresponding fields. Click on the button to save your changes, or click on the button if you want Submit Reset...

  • Page 215: Defining Subscriber Error Messages {Subscriber Errors

    CCESS ATEWAY Defining Subscriber Error Messages {Subscriber Errors} This procedure allows you to define how error messages are displayed to subscribers. There are 2 (two) pages of error messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber Errors, 1 of 2.
  • Page 216 CCESS ATEWAY If you want to reset all field values to their default state, click on the button. Revert Repeat Steps 1 – 3 for page 2 of 2 (see following screen): System Administration...

  • Page 217: Defining Subscriber Messages {Subscriber Messages

    CCESS ATEWAY Defining Subscriber Messages {Subscriber Messages} This procedure allows you to define how “other” subscriber messages are displayed. There are 3 (three) pages of subscriber messages available. From the Web Management Interface, click on , then Subscriber Interface Subscriber The Subscriber Page -- Other Message Definitions, 1 of 3 screen Messages, 1 of 3.
  • Page 218 CCESS ATEWAY Enter the definitions you want for each subscriber message in the corresponding fields. Click on the button to save your changes, or click on the button if you want Submit Reset to reset all the values to their previous state. If you want to reset all field values to their default state, click on the button.
  • Page 219 CCESS ATEWAY Repeat Steps 1 – 3 for page 3 of 3 (see following screen): System Administration...

  • Page 220: System Menu

    CCESS ATEWAY System Menu Adding an ARP Table Entry {ARP Add} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting.

  • Page 221: Deleting An Arp Table Entry {Arp Delete

    CCESS ATEWAY Deleting an ARP Table Entry {ARP Delete} ARP (Address Resolution Protocol) is used to dynamically bind a high level IP address to a low level physical hardware (MAC) address. ARP is limited to a single physical network that supports hardware broadcasting.

  • Page 222: Exporting Configuration Settings To The Archive File {Export

    CCESS ATEWAY This procedure shows you how to enable the Bridge Mode option. From the Web Management Interface, click on , then The Bridge System Bridge Mode. Mode (Passthrough) Settings screen appears: Click on the check box for to enable this feature. Bridge Mode The Access Gateway should be rebooted if this setting is changed.

  • Page 223: Importing The Factory Defaults {Factory

    CCESS ATEWAY From the Web Management Interface, click on System , then Export. The Export Configuration screen appears: Click here to view the Click here to view the “archive.txt” file “current.txt” file Click on the button to export the current authentication settings to the archive.txt file. Importing the Factory Defaults {Factory} This procedure shows you how to replace the current authentication settings with the settings that were established at the factory.

  • Page 224: Defining The Fail Over Options {Fail Over

    Many large scale networks require fail-over support for all devices in the public access network. The Fail Over Options feature allows two Nomadix Gateways to act as siblings, where one device will take up the users should the other device become disconnected from the network.

  • Page 225: Viewing The History Log {History

    Secondary will wait while not receiving messages from the Primary before it takes over. Click on the check box for Reboot after changes are saved? If you are using RADIUS, it is recommended to add both Nomadix gateways to the RADIUS server. Click on the...

  • Page 226: Establishing Icmp Blocking Parameters {Icmp

    CCESS ATEWAY To view the history log, go to the Web Management Interface and click on , then System The Uptime and Access/Reboot History screen appears: History. Uptime Indicator More listings ... The “Uptime” field displays the time (in days, hours, minutes, and seconds) that the system has been up and running.

  • Page 227: Importing Configuration Settings From The Archive File {Import

    CCESS ATEWAY (walled garden) list. The default setting for this option is “disabled” because ICMP pass- through is a useful end-user troubleshooting feature and is also required by certain smart clients (for example, GRIC). From the Web Management Interface, click on , then The ICMP screen System...

  • Page 228: Establishing Login Access Levels {Login

    CCESS ATEWAY From the Web Management Interface, click on , then The Import System Import. Configuration screen appears: Click here to view the Click here to view the “archive.txt” file “current.txt” file Click on the button to replace the current system configuration settings with the settings contained in the archive.txt file (see notes above).
  • Page 229 CCESS ATEWAY Telnet  Command Line Interface (CLI) – serial  Web Management Interface (WMI)  FTP and SFTP (no operator access allowed)  SSH Shell Access   Only managers can assign a username and password for the remote RADIUS testing login option.
  • Page 230 RADIUS server—following the same basic rules as if the request was from a user. The URL for the test page is http://<Nomadix Access Gateway IP>/radtest/testradius.htm and can be accessed from the network side of the Access Gateway. You must open a separate browser to utilize this feature.

  • Page 231: Defining The Mac Filtering Options {Mac Filtering

    Reset Defining the MAC Filtering Options {Mac Filtering} MAC Address filtering enhances Nomadix' access control technology by allowing System Administrators to block malicious users based on their MAC address. Up to 600 MAC addresses can be blocked at any one time (see caution).

  • Page 232: Rebooting The System {Reboot

    CCESS ATEWAY From the Web Management Interface, click on , then The MAC System MAC Filtering. Filtering screen appears: Click on the check box for MAC Filtering to enable (or disable) this feature, as required. Enter a MAC address in the field, then click on the button to add this address to the “blocked”...

  • Page 233: Adding A Route {Route Add

    CCESS ATEWAY From the Web Management Interface, click on System , then Reboot. The Reboot Device screen appears: Click on to reboot the operating system. Adding a Route {Route Add} This procedure shows you how to add a route into the Access Gateway’s routing table. This is accomplished by establishing the route’s destination IP address, and by setting the gateway or router IP address by which the route’s destination can be reached.

  • Page 234: Deleting A Route {Route Delete

    CCESS ATEWAY Click on the button to add this route to the routing table, or click on the button Reset if you want to reset all the values to their previous state. Deleting a Route {Route Delete} This procedure shows you how to delete a route to a specific IP destination. From the Web Management Interface, click on , then The Delete...

  • Page 235: Adding Static Ports {Static Port-Mapping Add

    CCESS ATEWAY From the Web Management Interface, click on System , then Session Limit. The Session Rate Limiting screen appears: Click on the check box for to enable (or disable) this feature, as Session Rate Limiting required. Enter values for the following session “limiting” parameters: Mean Rate ...
  • Page 236 CCESS ATEWAY From the Web Management Interface, click on , then System Static Port-Mapping Add. The Add Static Port-Mapping Entries screen appears: Enter the Internal IP Address Ensure that the device with the Internal IP Address has been added to the subscriber’s table.

  • Page 237: Deleting Static Ports {Static Port-Mapping Delete

    CCESS ATEWAY Select the protocol ( ) from the pull-down menu. Click on the button to add this static port, or click on the button to reset all Reset values to their previous state. For more information about Static Port-Mapping, see also: “Displaying the Static Port Mapping Table {Static Port-Mapping}”...

  • Page 238: Blocking A Subscriber Interface {Subscriber Interfaces

    Updating the Access Gateway Firmware {Upgrade} Upgrading the Access Gateway firmware is performed from the Access Gateway’s Command Line Interface (CLI) only. Refer to the Firmware Upgrade Procedure (separate document available from Nomadix Technical Support). System Administration...

  • Page 239: Chapter 4: The Subscriber Interface

    CCESS ATEWAY The Subscriber Interface This chapter provides an overview of the Access Gateway’s Subscriber Interface and sections outlining the authorization and billing processes, subscriber management modles, and the ICC. Overview The Subscriber Interface is the window to the solution provider’s Web site, and much more than that.

  • Page 240: Authorization And Billing

    CCESS ATEWAY Authorization and Billing As a gateway device, the Access Gateway enables plug-and-play access to broadband networks. Broadband network solution providers can now offer their subscribers a wide range of high speed services, including access to the Internet. Of course, a high speed Internet connection is not free –...

  • Page 241: The Aaa Structure

    CCESS ATEWAY Subscriber Launch browser Enter credit card details Network access Billing mirror server Authorize this subscriber External Web server system bank account Solution Provider The AAA Structure The Access Gateway’s Authentication, Authorization, and Accounting (AAA) module enables the solution provider to provision, track, and bill new or returning subscribers. This includes: Allowing the solution provider (for example, a hotel) to bill its guests for the high ...
  • Page 242 CCESS ATEWAY Subscriber Login Subscriber Management Internal Web Server External Web Server Internal Web Management Interface (on flash for login pages) (for login & portal pages) Authentication Internal User Database Authorization Table Internal User Database Credit Card Server PMS System Internal Accounting Log (AAA) Accounting Billing Mirror Server(s)
  • Page 243 CCESS ATEWAY The initial login page can be presented in various ways, depending on the system’s configuration. The Access Gateway supports any of the following methods and tools: Internal and external Web pages.  External “portal” page for redirection.  User name and MAC-based logins (simultaneous or stand-alone).

  • Page 244: Process Flow (Aaa)

    CCESS ATEWAY Process Flow (AAA) The following flowchart outlines the AAA and billing process. All actions depicted in the chart are administered and tracked by the Access Gateway. AG detects connection and verifies user against authorization table New User Existing Subscriber Login Page Specify lease time Lease time...

  • Page 245: Internal And External Web Servers

    CCESS ATEWAY Internal and External Web Servers The Access Gateway supports both internal and external Web servers which act as a login interface between subscribers and the solution provider’s network, including the Internet. The internal Web server is “flashed” into the system’s memory and the login page is served directly from the Access Gateway.

  • Page 246: Subscriber Management

    CCESS ATEWAY Subscriber Management The Access Gateway provides several subscriber management models, including: Free access (for example, no AAA functionality)  MAC address  Port-Location ID (for example, by room or unit number)  User name and password  Credit card ...

  • Page 247: Configuring The Subscriber Management Models

    CCESS ATEWAY Configuring the Subscriber Management Models Model What You Need To Do Free access Disable the AAA services. MAC address Enable the AAA services and add a subscriber profile to the database for each MAC address you want to enable. User Name and Password Enable the AAA services and Usernames.

  • Page 248: Information And Control Console (Icc)

    CCESS ATEWAY Information and Control Console (ICC) The ICC is a HTML pop-up window that is presented to subscribers, allowing them to select their bandwidth and billing options quickly and efficiently, and displays a dynamic “time” field to inform them of the time remaining on their account. The ICC also offers service providers an opportunity to display advertising banners and provide a choice of redirection options.

  • Page 249: Logout Console

    CCESS ATEWAY Logout Console The Access Gateway allows System Administrators to define a simple HTML-based pop-up window for explicit logout that can be used as an alternative to the more fully featured ICC. The pop-up Logout Console can display the elapsed/count-down time and one logo for intra- session service branding.
  • Page 250 CCESS ATEWAY The Subscriber Interface...

  • Page 251: Chapter 5: Quick Reference Guide

    CCESS ATEWAY Quick Reference Guide This chapter contains product reference information, organized by topic. Use this chapter to locate the information you need quickly and efficiently. Web Management Interface (WMI) Menus The following tables contain a listing and brief explanation of all menus and menu items contained in the Access Gateway’s Web Management Interface (WMI), listed as they appear on screen.

  • Page 252: Configuration Menu Items

    (IP address) of administrator logins. A login is permitted only if a match is made with the master list contained on the Nomadix Access Gateway. If a match is not made, the login is denied, even if a correct login name and password are supplied.
  • Page 253 CCESS ATEWAY Item Description Location Sets up your location and IP addresses for the network, subscriber, subnet mask, and default gateway. Logging Enables logging options for the system and AAA functions. MAC Authentication Enables MAC authentication, retry frequency, MAC address format, MAC address hex-alpha case, and RADIUS service profile.

  • Page 254: Network Info Menu Items

    CCESS ATEWAY Network Info Menu Items Item Description Displays the ARP table, including the destination IP address and the gateway MAC address. Displays the DAT session table. Hosts Displays the host table, including host names, associated IP addresses and any assigned aliases. ICMP Displays the ICMP (Internet Control Message Protocol) performance statistics.
  • Page 255 CCESS ATEWAY Items Description Export Exports specified port-location assignments to the location.txt file. Find by Description Finds a port-location assignment, based on a unique description. Find by Location Finds a port-location assignment, based on a specified location. Find by Port Finds a port-location assignment, based on a specified port.

  • Page 256: Subscriber Administration Menu Items

    CCESS ATEWAY Subscriber Administration Menu Items Items Description Adds subscriber profiles to the database. Current Displays a list of all currently connected subscribers. Delete by MAC Deletes a subscriber, based on a specific MAC address. Delete by User Deletes a subscriber, based on a specific user name. DHCP Leases Sets up the current subscriber DHCP leases.

  • Page 257: System Menu Items

    Factory Imports the factory default settings. FailOver Sets up a “sibling” Nomadix Gateway, allowing one device to take up the users should the other device become disconnected from the network. History Displays a history log of the system’s activity, including Access, Reboot and Uptime.
  • Page 258 Reboot Reboots the Nomadix Access Gateway. Route Add Adds a route into the Nomadix Access Gateway’s routing table. Route Delete Deletes a route to a specific IP destination. Session Limit Limits the number sessions any one user can take over a given time period and, if necessary, then blocks malicious users.
  • Page 259 CCESS ATEWAY Items Description FailOver Sets up a “sibling” Nomadix Gateway, allowing one device to take up the users should the other device become disconnected from the network. History Displays a history log of the system’s activity, including Access, Reboot and Uptime.

  • Page 260: Alphabetical Listing Of Menu Items (Wmi)

    CCESS ATEWAY Alphabetical Listing of Menu Items (WMI) The menu items listed here are for a fully featured Nomadix Access Gateway (with all optional modules included). Refer to, “About Your Product License” on page Item DescriptionMenu AAA ........Set AAA options..............Configuration Access Control ......Enables secure administration of the Access Gateway ..Configuration...
  • Page 261 CCESS ATEWAY Route Add......Add a route to the routing table ..........System Route Delete ......Delete a route from the routing table ........System Routing ......... Display routing performance statistics and tables ....Network Info Session Limit......Limits subscriber sessions............System SMTP ........

  • Page 262: Default (Factory) Configuration Settings

    Network Interface IP 10.0.0.10 Subnet Mask 255.255.255.0 Default Gateway IP 10.0.0.1 DHCP Client Enabled Admin IP 172.30.30.172 Domain nomadix. Host Name AGxxxx (depending on product) Primary DNS 0.0.0.2 Secondary DNS 0.0.0.0 Tertiary DNS 0.0.0.0 DHCP Relay Disabled External DHCP Server IP 0.0.0.0...
  • Page 263 CCESS ATEWAY Function Default Setting AAA Logging Disabled AAA Log Server Number AAA Log Server IP 0.0.0.0 SYSLOG (System Logging) Disabled SYSLOG Server Number SYSLOG Server IP 0.0.0.0 AAA Services Disabled Internal Authorization Enabled New Subscribers Enabled Credit Card Service Enabled Parameter Passing Disabled...

  • Page 264: Product Specifications

    CCESS ATEWAY Product Specifications AG 2300 Specifications NSE M VAILABLE ODULES High Availability - Fail Over ERFORMANCE User Support: Up to 50 users concurrently Throughput: up to 20Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL 1U rack space in a 19” rack 10.00”(L) x 10.00”(D) x 1.73”(H) 254mm(L) x 254mm(D) x 44mm(H) Weight: 5.0 lbs.
  • Page 265 CCESS ATEWAY AG 2300 Specifications NVIRONMENTAL Operating temperature: 5°C to 40° C Storage temperature: 0°C to 70° C Operating humidity: 20 - 90% RH non-condensing Storage humidity: 5 - 95% RH Altitude: Up to 15,000ft OMPLIANCE UL (US and Canada) FCC Class A EN 55022: 2006 + A1: 2007 EN 55024: 1998 + A1: 2001 + A2: 2003...
  • Page 266 CCESS ATEWAY AG 2300 Specifications ETWORK ANAGEMENT Multi-Level Administration Controls Integrated VPN Client (IPSec) for secure connection to an NOC Access Control Lists Web Administration UI CLI via Telnet and Serial Port SNMPv2c Secure XML API Auto Configuration and Upgrades Syslog/AAA log ETWORKING IEEE 802.3 / 3u...
  • Page 267 CCESS ATEWAY AG 3100 Specifications NSE M VAILABLE ODULES High Availability - Fail Over Hospitality Module - Property Management Interface (PMS) ERFORMANCE User Support: Up to 200 users concurrently Throughput: up to 85Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL 1U rack space in a 19"...
  • Page 268 CCESS ATEWAY AG 3100 Specifications NVIRONMENTAL Operating temperature: 5°C to 40° C Storage temperature: 0°C to 70° C Operating humidity: 20 - 90% RH non-condensing Storage humidity: 5 - 95% RH Altitude: Up to 15,000ft OMPLIANCE FCC Class A, Part 15 CE Mark CENELEC EN 55022: 1998 + A1: 2000 + A2: 2003, Class A CENELEC EN 61000-3-2:2000...
  • Page 269 CCESS ATEWAY AG 5500 Specifications NSE M VAILABLE ODULES High Availability - Fail Over Hospitality Module - Property Management Interface (PMS) ERFORMANCE User Support: Up to 2000 users concurrently Throughput: up to 100Mbits/s* *As defined by RFC1242, Section 3.17 HYSICAL 1U rack space in a 19”...
  • Page 270 CCESS ATEWAY AG 5500 Specifications NVIRONMENTAL Operating temperature: 5°C to 40° C Storage temperature: 0°C to 70° C Operating humidity: 20 - 90% RH non-condensing Storage humidity: 5 - 95% RH Altitude: Up to 15,000ft OMPLIANCE COMPLIANCE FCC Class A, Part 15 CE Mark CENELEC EN 55022: 1998 + A1: 2000 + A2: 2003, Class A CENELEC EN 61000-3-2:2000...
  • Page 271 CCESS ATEWAY AG 5500 Specifications ETWORKING IEEE 802.3 / 3u IEEE 802.1d DHCP Server DHCP Relay RADIUS Client (MD-5, PAP, CHAP, MS-CHAPv1, v2) Quick Reference Guide...
  • Page 272 CCESS ATEWAY AG 5600 Specifications NSE M VAILABLE ODULES High Availability - Fail Over Hospitality Module - Property Management Interface (PMS) ERFORMANCE User Support: Up to 2000 users concurrently Throughput: up to 750Mbits/s* *As defined by RFC1242, Section 3.18 HYSICAL 1U rack space in a 19”...
  • Page 273 CCESS ATEWAY AG 5600 Specifications OMPLIANCE UL (US and Canada) FCC Class A EN 55022: 2006 + A1: 2007 EN 55024: 1998 + A1: 2001 + A2: 2003 IEC 61000-4-2: 1995 +A1: 1998 + A2: 2000 IEC 61000-4-3: 2006 IEC 61000-4-4: 2004 IEC 61000-4-5: 2005 IEC 61000-4-6: 2007 IEC 61000-4-8: 1993 : A1: 2000...
  • Page 274 CCESS ATEWAY AG 5600 Specifications ETWORKING IEEE 802.3/ 3u/ 3ab IEEE 802.1d DHCP Server DHCP Relay RADIUS Client (MD-5, PAP, CHAP, MS-CHAPv1, v2) Quick Reference Guide...

  • Page 275: Sample Aaa Log

    Date Time Gateway Log Message ration Code Name Data Address Time 18:23:10 nomad237 INFO AAA: AAA_Authentication 00:00:0E:32:2 2 hrs .nomadix 4207 Successful C:BC 1 min .com 18:23:26 nomad237 INFO AAA: AAA_Authentication 00:10:5A:61:40 12 hrs .nomadix 4207 Successful 0 min .com...

  • Page 276: Sample Syslog Report

    CCESS ATEWAY Message Definition AAA_lookup Subscriber profile has been recognized and the Added_in_memory_table_pending Access Gateway is waiting to authenticate the user. AAA_Interface Subscriber profile was manually added to the Added_by_administrator authorization table. AAA_Interface Subscriber profile was updated. Updated_by_administrator AAA_Interface Subscriber profile was manually removed from the Removed_by_administrator authorization table.

  • Page 277: Sample History Log

    CCESS ATEWAY Sample History Log A history log is generated by the Access Gateway which includes the system’s activity (Access, Reboot and Uptime). More listings ... Quick Reference Guide...

  • Page 278: Keyboard Shortcuts

    CCESS ATEWAY Keyboard Shortcuts The following table shows the most common keyboard shortcuts. Action Keyboard Shortcut Cut selected data and place it on the clipboard. Ctrl + X Copy selected data to the clipboard. Ctrl + C Paste data from the clipboard into a document (at Ctrl + V the insertion point).

  • Page 279: Radius Attributes

    CCESS ATEWAY RADIUS Attributes RADIUS (Remote Authentication Dial-In User Service) was originally created to allow remote authentication to the dial-in networks of corporations and dial-up ISPs. It is defined and standardized by the IETF (Internet Engineering Task Force) and several RADIUS server packages exist in both the public domain and for commercial sale.

  • Page 280: Authentication-Request

    CCESS ATEWAY The Nomadix Access Gateway RADIUS functionality can be broken down into the following categories: Authentication-Request  Authentication-Reply (Accept)  Accounting-Request  Selected Detailed Descriptions  Nomadix Vendor Specific Attributes  Authentication-Request Username  Password  Service-Type  NAS-Port (port number) ...

  • Page 281: Accounting-Request

    CCESS ATEWAY Class  Session-Timeout  Idle-Timeout  EAP-Packet (used for 802.1x)  Message-Authenticator (used for 802.1x)  Acct-Interim-Interval  Nomadix VSAs:  Nomadix-Bw-Up  Nomadix-Bw-Down  Nomadix-URL-Redirection  Nomadix-IP-Upsell  Nomadix-MaxBytesUp  Nomadix-MaxBytesDown  Nomadix-Net-VLAN  Nomadix-Session-Terminate-End-Of-Day  Nomadix-Subnet ...

  • Page 282: Selected Detailed Descriptions

    CCESS ATEWAY Acct-Session-Time (Stop)  Terminate-Cause (Stop)  NAS ID  NAS-IP Address  NAS-Port-Type  NAS-Port  Framed-IP Address  Acct-Delay-Time  Called-Station-ID  Calling-Station-ID  Selected Detailed Descriptions Acct-Session-ID The Acct-Session-ID is created when the RADIUS authentication request is built. It is transmitted in both the Access-Request and the Accounting-Request.

  • Page 283: Nomadix Vendor Specific Attributes

    Octets and Acct-Input-Octets. If you plan to implement RADIUS, go to “Contact Information” on page 297 Nomadix Technical Support. Nomadix Vendor Specific Attributes Nomadix-Bw-Up This attribute value (in Kbps) restricts the speed at which uploads are performed. Quick Reference Guide...
  • Page 284 CCESS ATEWAY Nomadix-Bw-Down This attribute value (in Kbps) restricts the speed at which downloads are performed. Nomadix-URL-Redirection This attribute allows the administrator to redirect the user to a page of the administrators choice each time the user logs in. Nomadix-IP-Upsell This attribute allows the user to receive a public address from a DHCP pool when the Access Gateway has the IP-Upsell feature enabled.

  • Page 285: Setting Up The Ssl Feature

    VeriSign). These files are put in as file1:file2:file3:file4:file5 in the key generation command. Downloading Cygwin There are several sources for obtaining “Cygwin” to install OpenSSL. One popular source is: http://sources.redhat.com/cygwin/. Nomadix used Cygwin version 1.3.2 for generating this section of the User Guide. Quick Reference Guide...

  • Page 286: Installing Cygwin And Openssl On A Pc

    CCESS ATEWAY Installing Cygwin and OpenSSL on a PC The example in this document is based on downloading the software with Netscape 4.75. The procedure starts from the Cygwin Net Release Setup Program screen: Click on the Next button. The following screen appears: Click on the button to display the next setup screen.
  • Page 287 CCESS ATEWAY Click on the Next button to display the next setup screen. Click on the button to display the next setup screen. Next Click on the Next button to display the next setup screen. Quick Reference Guide...
  • Page 288 Select a location and click on the button. Next For the purposes of this document, Nomadix used: ftp://planetmirror.com. In the following screens, please skip all packages except “cygwin” and “openssl,” then click on the Next when you are done. At the time of this writing, there are more than 70 packages to install. Please ensure that you “skip”...

  • Page 289: Private Key Generation

    CCESS ATEWAY Click on the Next button to start the “download” process. Wait for the download process to complete. Click on the button to start the “install” process. Wait for the install process to complete. Next There will be a pop-up dialog to inform you that the installation process is completed. At the pop-up dialog, click on the button.
  • Page 290 CCESS ATEWAY Run the “command” prompt from Windows, then click on the button. Go to the c:\cygwin\bin\ directory and run the following command: >openssl genrsa -rand file1:file2:file3:file4:file5 1024 > cakey.pem The following table provides an explanation of the command elements: Quick Reference Guide...
  • Page 291 CCESS ATEWAY openssl “openssl” command. genrsa A parameter for “openssl” to generate an RSA key. Rand A parameter for “openssl” to generate a random number from the files list. file1:file2…:file5 These five large random files are residing on the workstation (large compressed log files recommended by VeriSign).

  • Page 292: Create A Certificate Signing Request (Csr) File

    CCESS ATEWAY Here is the output of cakey.pem: Create a Certificate Signing Request (CSR) File Run the following command to generate the certificate signing request: >openssl req -new -key cakey.pem > server.csr Quick Reference Guide...

  • Page 293: Create A Public Key File (Server.pem)

    CCESS ATEWAY The following table provides an explanation of the command elements: openssl “openssl” command A parameter for creating a request Defining a “new” request … … from private key > Output to … server.csr … the output file Fill in your company information. If “States” or “Province” names do not exist in your country, please repeat the “Locality Name.”...
  • Page 294 CCESS ATEWAY This is the procedure to get a 40-bit encryption or 128-bit Public Key from VeriSign. With IE or Netscape, go to www.verisign.com/products/site/index.html. Select for Secure Site Service. Quick Reference Guide...
  • Page 295 Some older versions of popular browsers only support 40-bit or 56-bit encryption. Since it impossible to forecast the browsers that may be used in a visitor-based network, Nomadix recommends implementing a 40-bit Public Key. During the process, VeriSign will ask for your business information and verification. There are several ways to proof the existence of your business.

  • Page 296: Setting Up Access Gateway For Ssl Secure Login

    CCESS ATEWAY The file, “server.pem” will look like this: You have now finished the process of obtaining a public key. Setting Up Access Gateway for SSL Secure Login FTP the “cakey.pem” and “server.pem” files into the Access Gateway platform's flash directory.

  • Page 297: Setting Up The Portal Page

    CCESS ATEWAY Setting Up the Portal Page System administrators can create login button(s) on the Portal Page, and can setup “http” links for regular logins, secure logins, or both. When subscribers enter the Portal Page, they can then choose either a regular login or a secure login. To setup the Portal Page, add the following: For Regular Logins: http://Access Gateway_ip:1111/usg/login?OS=http://after_login_finished_page.html For Secure Logins:...

  • Page 298: Mirroring Billing Records

    CCESS ATEWAY Mirroring Billing Records Multiple Access Gateway units can send copies of credit card billing records to a number of external servers that have been previously defined by system administrators. The Access Gateway assumes control of billing transmissions and saving billing records. By effectively “mirroring”...

  • Page 299: Xml Interface

    CCESS ATEWAY XML Interface XML for the External Server The Access Gateway sends a string of XML commands according to specifications. HTTP headers are added to the XML packets that are built, as the billing “mirroring” information is Content-length has also been sent to the external server in HTTP compliant XML format.
  • Page 300 CCESS ATEWAY The packet after the HTTP headers added looks like this: XML to Access Gateway The Access Gateway accepts a single line of XML text in the specified format. The XML string is a command sent by the External Server to the Access Gateway product. In this case, the acknowledgement received from the External Server forms the command.
  • Page 301 RESULT_VALUE:OK or ERROR IP:Standard IP format (123.123.123.123) ERROR_CODE1 for OK, or any other number Please contact Nomadix Technical Support for the complete XML DTD. Refer to “Contact Information” on page 297. For more information about Billing Records Mirroring, see also: “Billing Records Mirroring”...
  • Page 302 CCESS ATEWAY Quick Reference Guide...

  • Page 303: Chapter 6: Troubleshooting

    CCESS ATEWAY Troubleshooting This chapter provides information to help you resolve common hardware and software problems. It also contains a list of known error messages associated with the Management Interface. General Hints and Tips  Management Interface Error Messages  Common Problems ...

  • Page 304: Management Interface Error Messages

    CCESS ATEWAY Management Interface Error Messages The following table contains the error messages associated with the Management Interface (CLI and Web). All messages are listed alphabetically. Error Message Cause AAA must be enabled before adding a You are attempting to add a subscriber profile subscriber to the profile database.
  • Page 305 When upgrading the software, the system FTP a valid boot image to the flash. needs the new boot image file. You must FTP the file from NOMADIX™ to your local hard drive. Warning: no DHCP services are available to This message is displayed because you have subscribers.

  • Page 306: Common Problems

    CCESS ATEWAY Common Problems If you are having problems, you may find the answers here. Problem Possible Cause Solution When using the internal AAA The internal AAA login server Enable communications with login Web server, you cannot communicates with Authorize.Net on port 1111. communicate with Authorize.Net on a specified Authorize.Net.
  • Page 307 CCESS ATEWAY Problem Possible Cause Solution When a subscriber logs in for Home page redirection is not Enable home page the first time, their browser is enabled in the Access redirection. not redirected to the specified Gateway. home page. The home page URL was Re-enter the correct URL.
  • Page 308 CCESS ATEWAY This page intentionally left blank. Troubleshooting...

  • Page 309: Appendix A: Technical Support

    The serial number is located on the bottom panel of your Access Gateway. Contact Information You can contact us by Email, fax, telephone, or regular mail. Telephone ++1.818.575.2590 E-mail support@nomadix.com ++1.818.597.1502 Address Nomadix, Inc. 30851 Agoura Rd, Suite 102 Agoura Hills, CA 91301 Attn: Technical Support...
  • Page 310 CCESS ATEWAY This page intentionally left blank.

  • Page 311: Glossary Of Terms

    10/100 Ethernet See Ethernet. (Authentication, Authorization, and Accounting) A combination of commands used by Nomadix Gateways to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. When a subscriber logs into the system, their unique MAC address is placed into an authorization table. The system then authenticates the subscriber’s MAC address and billing information before allowing them to access the Internet and make online...
  • Page 312 (ACKnowledgment) If all the transmitted data is present and correct, the receiving device sends an ACK signal, which acts as a request for the next data packet. Adaptive Configuration Technology A Nomadix, Inc. patented technology that enables Dynamic Address Translation. See also, DAT. ad-hoc mode 802.11x networking framework in which devices or stations communicate directly with each other, without the use of an Access Point (AP).
  • Page 313 (permanent) IP addresses, or subscribers that do not have DHCP functionality on their computers. DAT is a Nomadix, Inc. patented technology that allows all users to obtain network access, regardless of their computer’s network settings. See also, DHCP.
  • Page 314 CCESS ATEWAY Dynamic IP Address A temporary IP address that is assigned by the DHCP server to a device. Devices retain dynamic IP addresses only for the duration of their networking session. When a device disconnects from the network, the IP address is recaptured by the DHCP server and becomes available for reassignment to another device.
  • Page 315 For example, if a user in California accesses a computer in New York, the computer in New York is considered the host. (Home Page Redirection) Nomadix Gateways enable solution providers to redirect subscribers to a “portal” home page of their choice. This allows the solution provider to generate online advertising revenues and increase business Home Page.
  • Page 316 In particular, the IEEE 802 standards for Local Area Networks are widely followed. iNAT™ (Intelligent Network Address Translation) Nomadix’ iNAT™ feature creates an intelligent mapping of IP addresses and their associated tunnels allowing multiple tunnels to be established to the same server—creating a...
  • Page 317 Whenever a subscriber logs on, your Nomadix Gateway automatically translates their computer’s network settings to provide them with seamless access to the broadband network. Subscribers no longer need to alter their computer’s settings. See also,...
  • Page 318 Misconfigured User A Nomadix, Inc. term used to describe users who have IP address configurations that are different from the current network. For example, if the current network is 123.45.67.89 but the user’s IP address is 10.10.10.15, then this user is considered to be “misconfigured.”...
  • Page 319 CCESS ATEWAY Packet Switching Network Refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at its destination, they are recompiled into the original message.
  • Page 320 CCESS ATEWAY Protocol A standard process consisting of a set of rules and conditions that regulates data transmissions between computing devices. Some examples of protocols include HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), TCP/IP (Transmission Control Protocol/Internet Protocol), and POP (Post Office Protocol). All these protocols are responsible for regulating the transmission of their specific data file types.
  • Page 321 Normally, a solution provider is offering a solution that isn’t readily available on the open market. For example, NOMADIX™ is a solution provider to its customers (broadband network service providers), and those customers are solution providers to their end users (network subscribers).
  • Page 322 CCESS ATEWAY Subnet Address The subnet portion of an IP address that is dedicated to the subnet. In a subnetted network, the host portion of an IP IP Address address is split into a subnet portion and a host portion using an address (subnet) mask. See also, Subnet.
  • Page 323 CCESS ATEWAY Tunneling A technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsoft's PPTP technology enables organizations to use the Internet to transmit data across a Virtual Private Network (VPN). It does TCP/IP this by embedding its own network protocol within the TCP/IP packets carried by the Internet.
  • Page 324 HTML. For example, XML supports links that point to multiple documents, as opposed to HTML links, which can reference just one destination each. For all Nomadix Gateways, XML is used by the subscriber management module for port location and user administration. Enabling the XML interface allows your Nomadix Gateway to accept and process XML commands from an external source.

  • Page 325: Index

    ARP tables types of adding entries connectivity deleting entries contacting NOMADIX authentication 5, Copyright authorization 54, Credit Card and billing auto configuration DAT 4, bandwidth management 8, DAT sessions basic configuration...
  • Page 326 CCESS ATEWAY Dynamic DNS assigning banners assigning buttons pixel sizes time formats end user count inputting data error messages 203, in-room port mapping Installation exporting configuration settings powering up the Access Gateway External Web Server 10, workflow interfaces Internal Web Server factory settings Internal Web server importing...
  • Page 327 CCESS ATEWAY System report log interval logging optional NSE modules High Availability Module Hospitality Module logging in 29, 37, logging options 39, login PageFaults screen passthrough addresses subscriber sample PMS integration login access levels pop-up window Login UI port assignments 151, Logout Console 182, adding logout console...
  • Page 328 Smart Client support Proxy DNS Port SMTP redirection Public Key File SNMP communities SNMP manager SNMP parameters SNMP support Quick Reference Guide SNMPv2c Nomadix MIB Configuration menu sockets default configuration settings Main page SSL 17, Network Info menu setting up Port-Location menu...
  • Page 329 CCESS ATEWAY deleting all expired hints and tips deleting by MAC deleting by user displaying 174, UDP statistics finding by MAC UI buttons finding by user UI labels listing by MAC updating firmware listing by user URL filtering Subscriber tracking log user session time adjustment Log settings Subscriber tracking log...
  • Page 330 CCESS ATEWAY...

This manual is also suitable for:

Ag 2300Ag 3100Ag 5500Ag5600

Table of Contents