Page 2 - Federal Communication Commission Interference Statement; Reorient or relocate the receiving antenna.; FCC Radiation Exposure Statement
i Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pur-suant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential i...
Page 3 - Safety
ii R&TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal equipment and the mutual recognition of their conformity (R&TTE). The R&TTE ...
Page 4 - iii; Table of Contents
iii Table of Contents 1. Introduction ......................................................................................................................... 1 1.1. Overview ................................................................................................................... 1 1.2. F...
Page 5 - iv
iv 2.13.2. RADIUS ...................................................................................................... 55 2.13.3. Authentication Session Control .................................................................. 57 2.13.4. Authentication Page Customization.............................
Page 6 - IWE500-INJ POE Injector
1 1. Introduction 1.1. Overview The IWE3200-H Wireless HotSpot Gateway enables Telco operators, wireless ISPs, enterprises, government institutes, or school campuses to deploy WLANs with secured user authentication support. It generates the user log on/off information for back-end billing systems, a...
Page 12 - Alive. Blinks when the; RF; Wired Advanced
7 1.3. LED Definition z PWR : Power z ALV : Alive. Blinks when the IWE3200-H is working normally. z RF : IEEE 802.11b/g interface activity z WAN/LAN : Ethernet WAN/LAN interface activity Fig. 1. LED Indicator. 1.4. Feature Comparison IWE3200-H0S36X Wired Advanced IWE3200-H9S36X Wireless Advanced IEE...
Page 13 - First-Time Installation and Configuration; To power the
8 2. First-Time Installation and Configuration 2.1. Selecting a Power Supply Method The IWE3200-H can be powered by either the supplied AC power adapter or the optional IWE500-INJ POE Power Injector. The IWE3200-H automatically selects the suitable power de- pending on your decision. To power the IW...
Page 15 - File
10 2.3. Preparing for Configuration To configure a IWE3200-H , a managing computer with a Web browser is needed. For first-time con- figuration of a IWE3200-H , an Ethernet network interface card (NIC) should have been installed in the managing computer. For maintenance-configuration of a deployed I...
Page 16 - Computer; Windows Network Control Panel Applet; host name; root
11 2.3.2. Changing the TCP/IP Settings of the Managing Computer Use the Windows Network Control Panel Applet to change the TCP/IP settings of the managing computer, so that the IP address of the computer and the IP address of the IWE3200-H are in the same IP subnet. Set the IP address of the compute...
Page 17 - SETUP WIZARD; to quickly change the configuration of the gateway.; Mode
12 On the Home page, click the SETUP WIZARD to quickly change the configuration of the gateway. Fig. 8. The Home Page. 2.4.2. SETUP WIZARD Step 1: Selecting an Operational Mode Fig. 9. Operational modes.
Page 18 - private IP address; private IP address
13 2.4.3. SETUP WIZARD Step 2: Configuring TCP/IP Settings 2.4.3.1. Router with a PPPoE-Based DSL/Cable Connec- tion Fig. 10. TCP/IP settings for Router with a PPPoE-Based DSL/Cable Connection mode. In this mode, two IP addresses are needed—one for the Ethernet LAN interface and the other for the WA...
Page 20 - tings
15 Fig. 13. TCP/IP settings for Router with Multiple DSL/Cable Connections mode. Since the Internet connection can be PPPoE-based, DHCP-based, or Static-IP-based, the addressing settings of each WAN interface are the same as those of Router with a PPPoE-Based DSL/Cable Connection , DHCP-Based DSL/Ca...
Page 21 - AAA
16 puter and the SSID of the wireless access Router must be identical for them to communicate with each other. 2.4.6. Configuring User Authentication Settings The IWE3200-H supports both Web redirection-based and non-802.1x-based user and IEEE 802.1x-based user authentication. After the IP addressin...
Page 22 - To setup the Local Authentication method:
17 1.3.2. PAP 1.3.3. CHAP 2. Enable without Authentication – Enable only the Web-Redirection, but disable the user Authenti-cation mechanism. User will automatically redirect to the destination web page if the URL indi-cated. Fig. 18. Web redirection settings – Enable without Authentication 3. Disab...
Page 28 - hotspot; Client Computers; Log On
23 Both the wireless client computer and the deployed APs must have the same WEP settings for them to communicate with each other. Therefore, unless IEEE 802.1x EAP-TLS, which supports dynamic WEP key distribution, is used, it’s strongly suggested not to enable WEP functionality of the deployed APs ...
Page 29 - Click; within the log-off window to end the session.; Log Off; to end the session.
24 Fig. 28. User name and password for authentication. 5. If the user name and password are correct. Now you’ll be brought to the original page you have requested after waiting for a few seconds. Meanwhile, a window for log-off and session status appears. Fig. 29. Authentication success. Fig. 30. Lo...
Page 31 - Zero Client Reconfiguration.; Authentication, Authorization, and Accounting; Auth Page Customization.; authentication success
26 z TCP/IP. TCP/IP-related settings. Address. IP addressing settings for the Router to work in the TCP/IP networking world, or user name and password provided by the ISP. DNS. DNS (Domain Name System) proxy settings. NAT. Settings for the NAT (Network Address Translation) server on the Router...
Page 32 - red
27 Access Rules. Settings for the time frame policy to Permit/Deny administrator to access the IWE3200-H . LAN Device Management. Settings for the Router to know what LAN devices it has to manage. z Status. System monitoring information. Associated Wireless Clients. Display the status of all w...
Page 34 - Terminate; link so that this; Terminated Users Table; . Clicking the corresponding; Release; link puts a terminated user back
29 Any authenticated user can be terminated by clicking the corresponding Terminate link so that this user is blocked from using networking services provided by the Router. A terminated user is moved to the Terminated Users Table . Clicking the corresponding Release link puts a terminated user back ...
Page 35 - Add Device
30 Fig. 41. Latest incoming user traffic sessions. On this page, latest 50 outgoing and 50 incoming user traffic sessions are shown for monitoring net-work activity. 2.9.5. Managed LAN Devices Fig. 42. Managed LAN devices. On this page, the status of every managed LAN device is shown. The Offline st...
Page 36 - Addressing
31 Fig. 43. Operational modes. On this page, you can specify the operational mode for the Router. Currently, 5 modes are available: z Router with a PPPoE-based DSL/Cable Connection. In this mode, the Router assumes that a DSL or cable modem is connected to its Ethernet WAN interface. The client comp...
Page 37 - Browse; tings by HTTP
32 2.10.2. Changing Password Fig. 45. Password. On this page, you could change the user name and password of the administrator. The administrator can view and modify the configuration of the IWE3200-H . The new password must be typed twice for confirmation. 2.10.3. Managing Firmware Fig. 46. Firmwar...
Page 39 - To upgrade firmware of the access Router by TFTP:; On the computer, run a Web browser and click the; Trigger the firmware upgrade process by clicking; Upgrade; check box of
34 Fig. 51. Firmware upgrade by TFTP. To upgrade firmware of the access Router by TFTP: 1. Get a computer that will be used as a TFTP server and as a managing computer to trigger the upgrade process. 2. Connect the computer and one of the LAN Ethernet switch port with a normal Ethernet cable. 3. Con...
Page 40 - tings by TFTP; To restore configuration of the IWE3200-H by TFTP:
35 net. In this case, you must have configured the Router to be remotely manageable (see Section 2.13.1.1) and adjust the Timeout and Max no. of retries settings of TFTP Server for remote TFTP upgrade to succeed. 2.10.3.4. Backing up and Restoring Configuration Set- tings by TFTP Fig. 53. Configurat...
Page 42 - nection
37 2.11.1.1. Router with a PPPoE-Based DSL/Cable Con- nection Fig. 56. TCP/IP settings for Router with a PPPoE-Based DSL/Cable Connection mode. If the IWE3200-H was set to be in Router with a PPPoE-Based DSL/Cable Connection mode, two IP addresses are needed—one for the Ethernet LAN interface and th...
Page 44 - Router with a Static-IP DSL/Cable Connection
39 2.11.1.4. Router with Multiple DSL/Cable Connections Fig. 59. TCP/IP settings for Router with Multiple DSL/Cable Connections mode. Since the Internet connection can be PPPoE-based, DHCP-based, or Static-IP-based, the addressing settings of each WAN interface are the same as those of Router with a...
Page 45 - DeMilitarized Zone
40 2.11.2.2. Static DNS Mappings Fig. 61. Static DNS mappings. By Static DNS Mappings , an internal server can be given a domain name, so that other hosts on the intranet can access the server by its domain name instead of by its IP address. For example, an inter-nal Web server for the intranet, say...
Page 46 - virtual servers; To expose “preset” internal servers:
41 2.11.3.2. Virtual Server Mappings Fig. 63. Virtual server mappings. The gateway enables you to expose internal servers on the intranet through NAT to the Internet for public use. The exposed internal servers are called virtual servers because from perspective of hosts on the Internet, these serve...
Page 47 - one
42 2.11.4.2. Basic Fig. 64. Basic DHCP server settings. The Router can automatically assign IP addresses to client computers by DHCP. In this section of the management page, you can specify the Default Router , Subnet mask , Primary DNS server , and Secondary DNS server settings that will be sent to...
Page 48 - To always assign a static IP address to a specific DHCP client:; Select the corresponding; Enabled; The
43 To always assign a static IP address to a specific DHCP client: 1. Specify the MAC address of the DHCP client and the IP address to be assigned to it. Then, give a description for this mapping. 2. Select the corresponding Enabled check box. 2.11.5. Load Balancing The IWE3200-H provides the multip...
Page 51 - To enable a WDS link:; is
46 Fig. 71. Wireless Distribution System settings. To enable a WDS link: 1. Specify the MAC address of the AP or wireless bridge at the other end of the WDS link. 2. Select the corresponding Enabled check box. For example, assume you want a wireless access Router and an AP with MAC addresses 00-02-6...
Page 53 - master key
48 Fig. 76. Behavior of the “All APs on This Subnet” wireless client isolation option. As illustrated in Fig. when AP 1 and AP 2 are using the “This AP Only” option, wireless traffic be-tween STA 1 and STA 2 is blocked by AP 1, while wireless traffic between STA 2 and STA 3, which are associated wit...
Page 56 - Settings
51 2.13. Configuring AAA (Authentication, Authorization, Ac- counting) Settings 2.13.1. Web Redirection The IWE3200-H supports both IEEE 802.1x-based and Web redirection-based user authentication. Here is a brief description of how Web redirection works: When an unauthenticated wireless user is tryi...
Page 59 - walled garden; To add a link to the walled garden:; Web redirection
54 There are occasions on which you want some computers to be able to freely access the Internet with-out being authenticated first. For example, you may want your wired desktop computers connected with the Router to be uncontrolled by the Router while providing wireless Internet access service for ...
Page 61 - unique; Notify RADIUS server after reboot; pseudo user; Reboot user name
56 2.13.2.1. Basic Fig. 89. RADIUS basic settings. For the IWE3200-H , the RADIUS client component of the Router is shared by the IEEE 802.1x and Web redirection components. The RADIUS settings are for the RADIUS client to communicate with backend RADIUS servers. NOTE: The RADIUS server do not suppo...
Page 62 - disable; Authentication Failure Pages; authentication failure
57 2.13.3. Authentication Session Control Fig. 91. Authentication session control settings. Authentication session control settings are for controlling the lifetimes of user authentication sessions. The Idle timeout setting specifies how long a user can be idle without generating any traffic before ...
Page 63 - To specify an advertisement link:
58 Fig. 93. Authentication success page customization settings. Fig. 94. Authentication failure page customization settings. In addition to the Text alignment , HTML title , and Contents setting, two more settings are provided for specifying the size of the Log-Off window ( Windows width and Window ...
Page 66 - Default; switch on the housing of the Router.; Block ICMP PING from Internet; SPI can detect hacker attacks, including
61 NOTE: Set the rules with great care since incorrect rules would make the Router inaccessible. The last resort to restore the Router to service may be resetting its configuration to fac-tory-set values by pressing the Default switch on the housing of the Router. 2.15.1.2. VLAN Fig. 100. VALN setti...
Page 67 - To block HTTP traffic to an unwelcome Web site:
62 The IWE3200-H is capable of blocking HTTP traffic from the intranet to specified unwelcome Web sites. To block HTTP traffic to an unwelcome Web site: 1. Specify the URL (ex. www.xxx.com) of the unwelcome Web site. 2. Select the corresponding Enabled check box. NOTE: Do not type “http://” when spe...
Page 68 - BSD Syslog
63 UPnP (Universal Plug and Play) enables a Windows XP user to automatically discover peripheral de-vices by HTTP. When the UPnP functionality is enabled, you can see the Router in My Network Places of Windows XP. The Router can be given a friend name that will be shown in My Network Places. Double-...
Page 69 - To specify a trap target:; Type the IP address of the target host.
64 2.15.2.4. SNMP Fig. 106. SNMP settings. The IWE3200-H can be managed by SNMP (Simple Network Management Protocol), and the SNMP management functionality can be disabled. You can specify the name (used as a password ) of the read-only and read-write community. In addition, up to 5 SNMP trap target...
Page 71 - Appendix A; Press the; switch on the housing of a
66 Appendix A A-1: Default Settings TIP: Press the Default switch on the housing of a powered-on Router to reset the configura- tion settings to factory-set values. Setting Name Default Value Global User Name root Password root Operational Mode Gateway with a Static-IP DSL/Cable Connection WAN Inter...
Page 72 - Alive
67 DNS Proxy Static DNS Mappings Not set Filters/Firewall Packet Filters Not set URL Filters Not set VLAN Disabled WAN ICMP Request Blocking Disabled State Packet Inspection (SPI) Disabled Authentication Web Redirection Disabled RADIUS Not set RADIUS Robustness Reboot User Name reboot Session Contro...
Page 73 - Appendix B: Troubleshooting; Check the following first:; Device Manager; to disable unnecessary NICs.
68 Appendix B: Troubleshooting Check the following first: z Make sure that the power of the Router is on and the Ethernet cables are connected firmly to the RJ-45 jacks of the Router. z Make sure that the LED ALV of the Router is blinking to indicate the Router is working. z Make sure the types of t...
Page 74 - client computer
69 Solve the following problems in order: z The wireless client cannot pass Web redirection-based authentication. Are user name and password are correct? Check the user credential information stored on the RADIUS server. Is the RADIUS server correctly set up? Check whether the password for t...
Page 75 - infrastructure
70 Find out the answer on the start page of the Web-Based Network Manager. Is the NAT server functionality of the IWE3200-H enabled? Find out the answer on the start page of the Web-Based Network Manager. If you cannot find any incorrect settings of the IWE3200-H, the default Router of the I...
Page 77 - Appendix C: Technical Specifications; OFDM; Transmission output Power:; Removable Antenna with R-SMA connector; Access Point / WDS Static Wireless Bridge
72 Appendix C: Technical Specifications C-1: IWE3200-H Standards: 802.11b 802.11g 802.3 802.3u 802.3af Data rate & modulation: OFDM@54Mbps, CCK@11/5.5Mbps, DQPSK@2Mbps and DBSK@1Mbps Radio Technology: OFDM DSSS Operating Range: Up to 1,155 feet Channels: USA: 1-11 (FCC), Canada: 1-11 (IC), Europ...
Page 78 - WEP; Electromagnetic Compatibility:
73 Interface: 10/100 Mbps RJ-45 Connector RS-232c Serial Connector 802.11b/g WLAN Security: 64/128-bit WEP 802.1x WPA MAC address filtering Disabled SSID broadcast Wireless client isolation Configuration and Management: Web-browser TFTP SNMP Syslog Event Logging LEDs: Power LAN/WAN WLAN Alive Enviro...
