Transcript Setup and Maintenance Instruction

Secure WLAN Solution
WHG Product Training
Oct 2011
For authorized partners only
Agenda
• WHG Overview, Installation and Application
• EAP Overview, Installation and Application
Overview
•
About WHG
– WHG Series is designed for wired and wireless network environments with
multi-functional, enterprise-class, and high performance network
management devices. Different models are suitable for different scale of
WLAN (wireless local area network) environments.
– All models support Gigabit interface can manage a large number of users and
services quickly and effectively.
– The product combines integrated management, security, data transfer, billing
and payment functions, with a simple built-in web-based management
interface for system administrators to monitor wired and wireless users
effectively.
– With a centralized management interface from wireless AP management
function, administrators can easily search, set, monitor and upgrade all
managed AP devices.
Overview
•
Product features-1
– Customizable certification standards, including Web-based login (UAM) and
802.1X (RADIUS), customizable portal and Walled-Garden Ads.
– Establishment and management of user groups.
– Support for multiple authentication methods (Local, On-demand, RADIUS,
POP3, LDAP, NTDS).
– Virtual local area network (Service Zone) and Policy Management.
– On-demand Account (accounting by time or volume )
– Integration of external payment gateways, including PayPal, Authorize.net,
SecurePay and WorldPay.
– User account roaming
Overview
•
Product features - 2
– Support wireless roaming between APs and AP management.
– Virtual Private Network (VPN) tunneling technology.
– Support Quality of Service (QoS)
– Dual Uplink (WAN) to improve reliability and Load Balancing
– Firewall, DoS (Denial of Service) attack protection
– Status monitoring and reporting of network and on-line users
– Support as a network gateway, including NAT, DHCP, DMZ, Firewall and Port
Forwarding
Overview
• System Overview - 1
WHG-401
Overview
• System Overview - 2
• AAA Gateway
Authentication, Authorization and Accounting
 Authentication:
Support for internal or external database servers
 Authorization :
User Group policy
 Accounting:
User Account management and Billing
• Built-in multiple Service Zones
• AP centralized management system
Setup and Maintenance Instruction
•
WHG support web management interface
To access the web management interface, connect a PC to any LAN Port, and then launch
a browser. Make sure you have set DHCP in TCP/IP of your PC to get an IP address
automatically. The default gateway IP address is “http://192.168.1.254”
Access the web management interface via LAN port
Setup and Maintenance Instruction
•
For the first time, there will be a “Certificate Error”
Setup and Maintenance Instruction

The administrator login page will appear.
Setup and Maintenance Instruction

After a successful login, a System Home page will appear on the screen.
Setup and Maintenance Instruction
•
Setup Wizard - 1
– To quickly configure WHG311 by using the Setup Wizard to set up New Password,
Time Zone, WAN1 Interface and Local User Account.
Setup and Maintenance Instruction
•
Setup Wizard - 2
Setup and Maintenance Instruction
•
Setup Wizard - 3
Setup and Maintenance Instruction
•
Setup Wizard - 4
Setup and Maintenance Instruction
•
System Overview
– An Integration of the overall status of the current system
Setup and Maintenance Instruction

Quick Links page
 Provides administrator with frequently used links.
Setup and Maintenance Instruction
•
System Main Menu
Setup and Maintenance Instruction
•
Main Menu –System – WAN1
– Static -1
Setup and Maintenance Instruction
•
Main Menu – System – WAN1
– Dynamic -1
Setup and Maintenance Instruction
•
Main Menu –System – WAN1
– PPPoE -1
Service Zone
The Concept of Service Zone
9 Service Zones in total


A Service Zone is acting like a virtual Gateway.
Multiple Service Zones are equal to multiple virtual Gateways.
The Concept of Service Zone
•
Under LAN Port Mapping, there are two modes for Service Zone:
– Port-based
– Tag-based
LAN Port Configuration
•
Port Based: For each LAN port, select a Service Zone to which the LAN port is to be
mapped from the drop-down list box.
LAN Port Configuration
•
Port-Based Application Example
LAN Port Configuration
•
Configure LAN Port Mapping as Tag-Based
LAN Port Configuration
•
Tag-Based: A Service Zone can be associated with multiple VLAN Tags
LAN Port Configuration
•
Tag-Based Application Example
LAN Port Configuration
*Deploy two Service Zones: Employee and Guest
Service Zone 1 – Employee:
Service Zone 2 – Guest:

SSID: SZ1-Employee

SSID: SZ2-Guest

VLAN Tag: 1111

VLAN Tag: 2222

Default Authentication:

Default Authentication:
Radius server

Applied Policy: #1
On-Demand User
WHG-401

Applied Policy: #2
Setup and Maintenance Instruction
•
Configuration of Server Zone
Setup and Maintenance Instruction
•
SZ1 - Basic Settings
– IP, DHCP, VLAN Tag
– Customize Login Page
Setup and Maintenance Instruction
•
SZ1 - Basic Settings - 2
– DHCP Server (Enable DHCP Server – DHCP Server Configuration)
Setup and Maintenance Instruction
•
SZ1 - Authentication Settings
– Authentication Required For the Zone & Authentication Options
Setup and Maintenance Instruction
•
SZ1 -Authentication Settings - 2
– Custom Pages
Setup and Maintenance Instruction
•
SZ1 - Authentication Settings -3
– Login Page of Custom Pages (Default Page)
Setup and Maintenance Instruction
•
SZ1 - Authentication Settings - 4
– Login Page of Custom Pages (Template Page)
Setup and Maintenance Instruction
•
SZ1 -Authentication Settings- 5
– Login Page of Custom Pages (Upload Page)
Setup and Maintenance Instruction
•
SZ1 -Authentication Settings - 6
– Login Page of Custom Pages (External Page)
Setup and Maintenance Instruction
•
SZ1 - Wireless Settings
– SSID
– Security
– Access Control
Setup and Maintenance Instruction
•
SZ1 - Managed AP(s) in this Service Zone
Group & Policy
The Concept of Policy

In addition to Global Policy, the Policy contains four functions of other

Firewall Profile: Click Setting for Firewall Profile. The Firewall
Configuration will appear. Click Predefined and Custom Service Protocols to
edit the protocol list. Click Firewall Rules to edit the rules.

Specific Route Profile: The default gateway of WAN1, WAN2, or a desired
IP address can be defined in a policy. When Specific Default Route is
enabled, all clients applied this policy will access the Internet through this
default gateway.

Schedule Profile: The Schedule table in a 7X24 format is used to control
the clients’ login time. When Schedule is enabled, clients applied policies
are only allowed to login the system at the time which is checked in the
applied policy.

Maximum Concurrent Sessions: Set the maximum concurrent sessions
for each client .
The Concept of Policy

Policy Configuration Page
The Concept of Group


A Group which is allowed to access a Service Zone can be applied with a Policy within
this zone.
Group Configuration supports:

QoS Profile: Configure QoS (Quality of Service )

Privilege Profile : When Change Password Privilege is enabled, the
authenticated local users within this Group are allowed to change their
password via the Login Success Page
The Concept of Group

The relation between Group and Service Zone from the perspective of Group
The Concept of Group
The Concept of Group

The relation between Group and Policy from the perspective of Service Zone
The Concept of Group
Case Study
Tom owns a SMB with 40 employees
Environment: Wide wireless environment
Questions:
1. How to prevent employees in the workplace spending too
much time surfing on the internet rather then working?
2. The staff in Jimmy’s department have more authority than
other departments.
Any
Perfect
Solutions?
Example #2 Requirements
Policy 1
Policy 2
Highest Authority
Highest Authority
1. Email
allow
allow
2. FTP
allow
allow
3. Web Browsing
allow
allow
WAN1
allow
allow
Policy
Firewall
Specific Route
Login
Schedule
Concurrent
Sessions
WAN2
Weekend
allow
Weekday Office Hours
allow
allow
Weekday
Overtime
allow
allow
10 ~ Unlimited
500
300
Policy 3
Lower
Authority
Policy 4
Lowest Authority
allow
allow
allow
allow
allow
allow
allow
Allow
2 hrs
100
50
User Management – Policy
Access Control
Policy Options
Firewall Rules
Routing
Max Concurrent
Login Schedule
Sessions
Policy 1
Policy 2
Policy 3
Policy 3
User Group
Controlled by Policy 3
All Users
Group 1
Group 2
Group 3
Group 4
Boss
RD
PM
Finance
Policy 1
Group 5
Group 6
Sales
Policy 1
Guests
Policy 4
Policy 1
Highest
Priority
Policy 2
Policy 3
Policy 4
Higher Priority
Lower Priority
Lowest Priority
Boss SZ 1
Policy 1
Policy 1
Policy 2
Policy 3
Guest Area SZ 6
Policy 2
Policy 2 Policy 3
Policy 1
Policy 2 Policy 1
Policy 3
Sales Dep. SZ 5
RD Dep.
SZ 2
PM Dep.
SZ 3
Finance Dep.
SZ 4
Authentication
Setup and Maintenance Instruction
•
User Authentication – Local - 1
Setup and Maintenance Instruction
•
User Authentication – Local - 2
Setup and Maintenance Instruction
•
User Authentication – Local - 3
Setup and Maintenance Instruction
•
User Authentication – Radius - 1
Setup and Maintenance Instruction
•
User Authentication – Radius – 2
Setup and Maintenance Instruction
•
User Authentication – Radius – 3
– The usage of Postfix “.”
Setup and Maintenance Instruction
•
User Authentication – LDAP - 1
Setup and Maintenance Instruction
•
User Authentication – LDAP - 2
Setup and Maintenance Instruction
•
User Authentication – On-demand – 1
– On-demand Main Page
Setup and Maintenance Instruction
•
User Authentication – On-demand – 2
– Billing Plans
Setup and Maintenance Instruction
•
User Authentication – On-demand – 3
– On-Demand Account Creation
Setup and Maintenance Instruction
•
Network – Privilege
Setup and Maintenance Instruction
•
Network – Privilege - Privilege IP Address List
Setup and Maintenance Instruction
•
Network – Privilege - Privilege MAC Address List
Setup and Maintenance Instruction
•
Network – Monitor IP
Setup and Maintenance Instruction
•
Network – Walled Garden
– Advertisement hyperlinks are displayed on the user’s login page. Clients who click on it
will be redirected to the listed advertisement websites.
Setup and Maintenance Instruction
•
Utilities – Password Change
– Change Admin, Manager & Operator’s password
Setup and Maintenance Instruction
•
Utilities – Backup & Restore
– Backup System Settings : Click Backup to create a .db database backup file and save it
on disk.
– Restore System Settings :click Restore to restore to the same settings at the time
when the backup file was saved.
(Keep WAN1 setting and Management IP Address List.)
– Reset to the Factory Default : Click Reset to load the factory default settings.
Setup and Maintenance Instruction

Utilities – Restart : This function allows the administrator to safely restart
Setup and Maintenance Instruction
•
Utilities – Network Utilities
– Wake-on-LAN :
– IPv4 : IPv4 Network Utilities (included Ping, Trace Route, ARPing & Show ARP Table)
– IPv6 : IPv6 Network Utilities (Included Ping6, Trace Route 6, Neighbor Discovery &
Show Neighbor Cache)
– Sniff : Capture Packet in specified Interface
– Status : Display operation status
– Result : Display result
Setup and Maintenance Instruction
•
Status
– System : System Status
– Interface : This section provides an overview of the interface for the administrator
including WAN1, WAN2, SZ Default~8.
– Hardware : Hardware Status (CPU, Memory, Storage)
– Routing Table : All the Policy Route rules and Global Policy Route rules will be listed
here.
– Online User : Online User’s information
– Non-Login Users : Non-Login User’s information
– Session List : Session information
– User Logs : User’s traffic history information
– Logs : Other traffic history (System & Web Logs)
– DHCP Lease : DHCP IP release record
– E-mail & SYSLOG : Receive System Status record information via E-mail, Syslog
Server & FTP Server.
Setup and Maintenance Instruction
Setup and Maintenance Instruction
•
Status - System
Setup and Maintenance Instruction
•
Status – Interface
– Display WAN and nine Service Zones’ status interface.
Setup and Maintenance Instruction
•
Status – Interface 1
Setup and Maintenance Instruction
•
Status – Interface 2
Setup and Maintenance Instruction
•
Status – Interface 3
Setup and Maintenance Instruction
•
Status – Hardware Information
– Hardware Usage Information
Setup and Maintenance Instruction
•
Status – Routing Table
– All the Policy Route rules and Global Policy Route rules will be listed here. Also it will
show the System Route rules specified by each interface.
Setup and Maintenance Instruction
•
Status – Online User
– Display Online User’s detailed information.
Setup and Maintenance Instruction
•
Status – User Logs
– Users Log : User’s traffic history record
– On-demand Users Log : On-demand User’s access records
– Roaming Out User Log : Roaming Out User’s access records
– Roaming In User Log : Roaming In User’s access records
– SIP Call Usage Log : SIP User’s log-in/out record
– Monthly Network Usage of Local User : Monthly record of Local User’s log-in/out
history

Status – User Logs - Users Log
Setup and Maintenance Instruction
•
Status – Logs
– System Logs: System Information
– Web Logs: Web record
Setup and Maintenance Instruction
•
Status – DHCP Lease
– DHCP Logs
• Statistics List
• DHCP Lease Log
– DHCP Lease List
Setup and Maintenance Instruction
•
Status – DHCP Lease - DHCP Logs
– Statistics List
– DHCP Lease Log
Setup and Maintenance Instruction
•
Status – Report and Notification
– Main Menu > Status > Report and Notification
– SMTP Settings : Configure SMTP Server; Logs will be sent via E-mail
– SYSLOG Settings :Configure SYSLOG Server; Logs will be delivered to Syslog Server
– FTP Settings : Configure FTP Server; Logs will be delivered to Syslog Server
– Notification Settings: When the above setting is completed, needing more detailed
configurations, and sending Logs by those three ways mentioned above.
– System Report: Graphical system report (1Hr, 1Day, 1Week etc…)
Console
•
Connect to the Console
– Via Console Port (baud rate 9600)
– Via SSH (Link to GW IP and login with admin/admin)
AP Management
Local Area AP Management
Local AP Management Interface
•
Features：
–
–
–
–
–
–
Reboot, Enable, Disable and Delete the checked AP if desired
Apply Template
Apply Service Zone
Background AP Discovery
Add AP Manually
Firmware upgrade and management
Overview Page (signal radio)
•
AP Type List
–
AP number. Online AP number, Offline AP number and Number of Client.
AP Template Setting
•
Template is a model that can be copied to every AP and not necessary to configure the
AP individually. .
–
–
General setting
Wireless setting
AP Discovery
•
Discovery Settings
–
–
Factory Default (Auto) ＆Manual
Background AP Discovery
AP Discovery
•
Tag-based
–
Can be applied to multiple Service Zones.
AP List
•
•
AP status
Change AP setting
AP Status
Change AP Setting
AP Management
Wide Area AP Management
Wide AP Management System Interface
•
Features：
– Detect and manage all of the APs in the network
– Show APs’ corresponding on Google Maps
– WDS Setup
– Adding APs manually
– Firmware Upgrade and Management
– GRE Tunnel setup and manage the User Traffic of Wide AP
Wide Area AP Management
•
Main Menu
Wide Area AP Management
•
Map - 1
– Need to apply Google Maps API Key from Google Maps
– Then enter the Key
Wide Area AP Management
•
Map - 2
Wide Area AP Management
•
Map – 3
– Google will provide the Google Maps API Key
Wide Area AP Management
•
Map – 4
– Click Main Menu -> Access Point -> Wide Area AP Management -> Map -> Edit this
Map
Wide Area AP Management
•
Map – 5
– Enter the Google Maps API Key
Wide Area AP Management
•
Discover
– Auto discover AP and list to Device Results
Wide Area AP Management
•
List
– AP List
• Add to Map
• Restore Setting
• Firmware Upgrade
• Configuration
• GRE Tunnel Building
GRE Tunnel
•
GRE Tunnel Setup Procedure - 1

GRE Tunnel Setup Procedure - 2
GRE Tunnel

GRE Tunnel Setup Procedure - 3
GRE Tunnel

GRE Tunnel Setup Procedure – 4
 Back to GRE Tunnel Editing page to configure VAP mapping.
AP Setup & Maintenance
Interface
EAP Overview
Setup and Maintenance Instruction
•
EAP including:
– System: System Setting
– Wireless: Wireless Setting
– Firewall: Layer2 Firewall
– Utilities: Password Setting, Backup/Restore Settings and upgrade etc
– Status: System Status
Thank You
Email : [email protected]
Website : www.level1.com