Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHG Product Training Oct 2011 For authorized partners only

Similar presentations


Presentation on theme: "WHG Product Training Oct 2011 For authorized partners only"— Presentation transcript:

1 WHG Product Training Oct 2011 For authorized partners only
Secure WLAN Solution WHG Product Training Oct 2011 For authorized partners only

2 Agenda WHG Overview, Installation and Application
EAP Overview, Installation and Application

3 Overview About WHG WHG Series is designed for wired and wireless network environments with multi-functional, enterprise-class, and high performance network management devices. Different models are suitable for different scale of WLAN (wireless local area network) environments. All models support Gigabit interface can manage a large number of users and services quickly and effectively. The product combines integrated management, security, data transfer, billing and payment functions, with a simple built-in web-based management interface for system administrators to monitor wired and wireless users effectively. With a centralized management interface from wireless AP management function, administrators can easily search, set, monitor and upgrade all managed AP devices.

4 Overview Product features-1
Customizable certification standards, including Web-based login (UAM) and 802.1X (RADIUS), customizable portal and Walled-Garden Ads. Establishment and management of user groups. Support for multiple authentication methods  (Local, On-demand, RADIUS, POP3, LDAP, NTDS). Virtual local area network (Service Zone) and Policy Management. On-demand Account (accounting by time or volume ) Integration of external payment gateways, including PayPal, Authorize.net, SecurePay and WorldPay. User account roaming

5 Overview Product features - 2
Support wireless roaming between APs and AP management. Virtual Private Network (VPN) tunneling technology. Support Quality of Service (QoS) Dual Uplink (WAN) to improve reliability and Load Balancing Firewall, DoS (Denial of Service) attack protection Status monitoring and reporting of network and on-line users Support as a network gateway, including NAT, DHCP, DMZ, Firewall and Port Forwarding

6 Overview System Overview - 1 WHG-401

7 Overview System Overview - 2 AAA Gateway
Authentication, Authorization and Accounting Authentication: Support for internal or external database servers Authorization : User Group policy Accounting: User Account management and Billing Built-in multiple Service Zones AP centralized management system

8 Setup and Maintenance Instruction
WHG support web management interface To access the web management interface, connect a PC to any LAN Port, and then launch a browser. Make sure you have set DHCP in TCP/IP of your PC to get an IP address automatically. The default gateway IP address is “http:// ” Access the web management interface via LAN port

9 Setup and Maintenance Instruction
For the first time, there will be a “Certificate Error”

10 Setup and Maintenance Instruction
The administrator login page will appear.

11 Setup and Maintenance Instruction
After a successful login, a System Home page will appear on the screen.

12 Setup and Maintenance Instruction
Setup Wizard - 1 To quickly configure WHG311 by using the Setup Wizard to set up New Password, Time Zone, WAN1 Interface and Local User Account.

13 Setup and Maintenance Instruction
Setup Wizard - 2

14 Setup and Maintenance Instruction
Setup Wizard - 3

15 Setup and Maintenance Instruction
Setup Wizard - 4

16 Setup and Maintenance Instruction
System Overview An Integration of the overall status of the current system

17 Setup and Maintenance Instruction
Quick Links page Provides administrator with frequently used links.

18 Setup and Maintenance Instruction
System Main Menu

19 Setup and Maintenance Instruction
Main Menu –System – WAN1 Static -1

20 Setup and Maintenance Instruction
Main Menu – System – WAN1 Dynamic -1

21 Setup and Maintenance Instruction
Main Menu –System – WAN1 PPPoE -1

22 Service Zone

23 The Concept of Service Zone
9 Service Zones in total A Service Zone is acting like a virtual Gateway. Multiple Service Zones are equal to multiple virtual Gateways.

24 The Concept of Service Zone
Under LAN Port Mapping, there are two modes for Service Zone: Port-based Tag-based

25 LAN Port Configuration
Port Based: For each LAN port, select a Service Zone to which the LAN port is to be mapped from the drop-down list box.

26 LAN Port Configuration
Port-Based Application Example

27 LAN Port Configuration
Configure LAN Port Mapping as Tag-Based

28 LAN Port Configuration
Tag-Based: A Service Zone can be associated with multiple VLAN Tags

29 LAN Port Configuration
Tag-Based Application Example

30 LAN Port Configuration
*Deploy two Service Zones: Employee and Guest Service Zone 1 – Employee: SSID: SZ1-Employee VLAN Tag: 1111 Default Authentication: Radius server Applied Policy: #1 Service Zone 2 – Guest: SSID: SZ2-Guest VLAN Tag: 2222 Default Authentication: On-Demand User Applied Policy: #2 WHG-401 Requirements for this deployment example: 1. Regardless of the location in the office, all users should be divided into two groups (Employee and Guest) for the purpose of authentication differences. 2. Each service zone (VLAN) must setup its own SSID to let users to access the wireless network using the specific ID. The system will give a unique Session ID to authenticated users when they start new sessions. 3. Both groups, Employees and Guests, will be redirected to different login portal pages and will be authenticated against different authentication database. 4. Apply different access control policies to separated groups Employee and Guests. Configurations for the deployment example: Service Zone #1 (Employee): SSID: SZ1-Employee VLAN Tag: 1111 Default Authentication: Local Applied Policy: #1 Service Zone #2 (Guest): SSID: SZ2-Guest VLAN Tag: 2222 Default Authentication: On-Demand User Applied Policy: #2

31 Setup and Maintenance Instruction
Configuration of Server Zone

32 Setup and Maintenance Instruction
SZ1 - Basic Settings IP, DHCP, VLAN Tag Customize Login Page

33 Setup and Maintenance Instruction
SZ1 - Basic Settings - 2 DHCP Server (Enable DHCP Server – DHCP Server Configuration)

34 Setup and Maintenance Instruction
SZ1 - Authentication Settings Authentication Required For the Zone & Authentication Options

35 Setup and Maintenance Instruction
SZ1 -Authentication Settings - 2 Custom Pages

36 Setup and Maintenance Instruction
SZ1 - Authentication Settings -3 Login Page of Custom Pages (Default Page)

37 Setup and Maintenance Instruction
SZ1 - Authentication Settings - 4 Login Page of Custom Pages (Template Page)

38 Setup and Maintenance Instruction
SZ1 -Authentication Settings- 5 Login Page of Custom Pages (Upload Page)

39 Setup and Maintenance Instruction
SZ1 -Authentication Settings - 6 Login Page of Custom Pages (External Page)

40 Setup and Maintenance Instruction
SZ1 - Wireless Settings SSID Security Access Control

41 Setup and Maintenance Instruction
SZ1 - Managed AP(s) in this Service Zone

42 Group & Policy

43 The Concept of Policy In addition to Global Policy, the Policy contains four functions of other Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. Specific Route Profile: The default gateway of WAN1, WAN2, or a desired IP address can be defined in a policy. When Specific Default Route is enabled, all clients applied this policy will access the Internet through this default gateway. Schedule Profile: The Schedule table in a 7X24 format is used to control the clients’ login time. When Schedule is enabled, clients applied policies are only allowed to login the system at the time which is checked in the applied policy. Maximum Concurrent Sessions: Set the maximum concurrent sessions for each client .

44 The Concept of Policy Policy Configuration Page

45 The Concept of Group A Group which is allowed to access a Service Zone can be applied with a Policy within this zone. Group Configuration supports: QoS Profile: Configure QoS (Quality of Service ) Privilege Profile : When Change Password Privilege is enabled, the authenticated local users within this Group are allowed to change their password via the Login Success Page

46 The Concept of Group The relation between Group and Service Zone from the perspective of Group Group 1 users have 5 x Service Zone access (Service Zone 0, 1, 4, 6, 8). Policy 1 is applied to Service Zone 0, 6, 8 Policy 3 is applied to Service Zone 1 Policy 8 is applied to Service Zone 4

47 The Concept of Group Users have same authentication method are belong same group

48 The Concept of Group The relation between Group and Policy from the perspective of Service Zone

49 The Concept of Group This example indicates the Service Zone 1 can be access only from User Group 1 (policy 3), User Group 2 (policy 9) and User Group 3 (policy 11)

50 Case Study Any Perfect Solutions? Tom owns a SMB with 40 employees
Environment: Wide wireless environment Questions: 1. How to prevent employees in the workplace spending too much time surfing on the internet rather then working? 2. The staff in Jimmy’s department have more authority than other departments.

51 Example #2 Requirements
Policy Policy 1 Highest Authority Policy 2 Policy 3 Lower Authority Policy 4 Lowest Authority Firewall 1. allow 2. FTP 3. Web Browsing Specific Route WAN1 WAN2 Login Schedule Weekend Allow 2 hrs Weekday Office Hours Weekday Overtime Concurrent Sessions 10 ~ Unlimited 500 300 100 50 Access control policies: there are 4 kinds of priority for different users.

52 User Management – Policy
Access Control Policy Options Max Concurrent Sessions Firewall Rules Routing Login Schedule Policy 1 Policy 2 Policy 3 All Users Policy 3 User Categorization and Policy-based Access Control User Group Controlled by Policy 3

53 Policy 1 Highest Priority
Group 1 Group 2 Group 3 Group 4 Group 5 Group 6 Boss RD PM Finance Sales Guests Policy 1 Policy 1 Policy 4 Policy 1 Highest Priority Policy 2 Higher Priority Policy 3 Lower Priority Policy 4 Lowest Priority Guest Area SZ 6 Boss SZ 1 Policy 1 Policy 1 Policy 2 Policy 2 Policy 3 User Categorization and Policy-based Access Control: 1. Boss group users always enjoy the highest priority (Poicy 1) wherever they go. 2. Most employees have higher priority (Policy 2) in their department service zone; on the other hand, they will have lower priority (Policy 3) when they move to different service zone that does not belong to their department. 3. Guest users can only get online with the lowest priority (Policy 4) in the Guest zone. Policy 2 Policy 1 Policy 3 Policy 2 Policy 1 Policy 3 Sales Dep. SZ 5 RD Dep. SZ 2 PM Dep. SZ 3 Finance Dep. SZ 4

54 Authentication

55 Setup and Maintenance Instruction
User Authentication – Local - 1

56 Setup and Maintenance Instruction
User Authentication – Local - 2

57 Setup and Maintenance Instruction
User Authentication – Local - 3

58 Setup and Maintenance Instruction
User Authentication – Radius - 1

59 Setup and Maintenance Instruction
User Authentication – Radius – 2

60 Setup and Maintenance Instruction
User Authentication – Radius – 3 The usage of Postfix “.” Radius Server 有時擁有不只一組 domain name Postfix 設定成 “.” 再設定 Username Format 於 Leave Unmodified User 可以透過完整登入帳號 密碼 即可完成登入動作~

61 Setup and Maintenance Instruction
User Authentication – LDAP - 1

62 Setup and Maintenance Instruction
User Authentication – LDAP - 2

63 Setup and Maintenance Instruction
User Authentication – On-demand – 1 On-demand Main Page

64 Setup and Maintenance Instruction
User Authentication – On-demand – 2 Billing Plans

65 Setup and Maintenance Instruction
User Authentication – On-demand – 3 On-Demand Account Creation

66 Setup and Maintenance Instruction
Network – Privilege

67 Setup and Maintenance Instruction
Network – Privilege - Privilege IP Address List

68 Setup and Maintenance Instruction
Network – Privilege - Privilege MAC Address List

69 Setup and Maintenance Instruction
Network – Monitor IP

70 Setup and Maintenance Instruction
Network – Walled Garden Advertisement hyperlinks are displayed on the user’s login page. Clients who click on it will be redirected to the listed advertisement websites.

71 Setup and Maintenance Instruction
Utilities – Password Change Change Admin, Manager & Operator’s password

72 Setup and Maintenance Instruction
Utilities – Backup & Restore Backup System Settings : Click Backup to create a .db database backup file and save it on disk. Restore System Settings :click Restore to restore to the same settings at the time when the backup file was saved. (Keep WAN1 setting and Management IP Address List.) Reset to the Factory Default : Click Reset to load the factory default settings.

73 Setup and Maintenance Instruction
Utilities – Restart : This function allows the administrator to safely restart

74 Setup and Maintenance Instruction
Utilities – Network Utilities Wake-on-LAN : IPv4 : IPv4 Network Utilities (included Ping, Trace Route, ARPing & Show ARP Table) IPv6 : IPv6 Network Utilities (Included Ping6, Trace Route 6, Neighbor Discovery & Show Neighbor Cache) Sniff : Capture Packet in specified Interface Status : Display operation status Result : Display result

75 Setup and Maintenance Instruction
Status System : System Status Interface : This section provides an overview of the interface for the administrator including WAN1, WAN2, SZ Default~8. Hardware : Hardware Status (CPU, Memory, Storage) Routing Table : All the Policy Route rules and Global Policy Route rules will be listed here. Online User : Online User’s information Non-Login Users : Non-Login User’s information Session List : Session information User Logs : User’s traffic history information Logs : Other traffic history (System & Web Logs) DHCP Lease : DHCP IP release record & SYSLOG : Receive System Status record information via , Syslog Server & FTP Server.

76 Setup and Maintenance Instruction

77 Setup and Maintenance Instruction
Status - System

78 Setup and Maintenance Instruction
Status – Interface Display WAN and nine Service Zones’ status interface.

79 Setup and Maintenance Instruction
Status – Interface 1

80 Setup and Maintenance Instruction
Status – Interface 2

81 Setup and Maintenance Instruction
Status – Interface 3

82 Setup and Maintenance Instruction
Status – Hardware Information Hardware Usage Information

83 Setup and Maintenance Instruction
Status – Routing Table All the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface.

84 Setup and Maintenance Instruction
Status – Online User Display Online User’s detailed information.

85 Setup and Maintenance Instruction
Status – User Logs Users Log : User’s traffic history record On-demand Users Log : On-demand User’s access records Roaming Out User Log : Roaming Out User’s access records Roaming In User Log : Roaming In User’s access records SIP Call Usage Log : SIP User’s log-in/out record Monthly Network Usage of Local User : Monthly record of Local User’s log-in/out history Status – User Logs - Users Log

86 Setup and Maintenance Instruction
Status – Logs System Logs: System Information Web Logs: Web record

87 Setup and Maintenance Instruction
Status – DHCP Lease DHCP Logs Statistics List DHCP Lease Log DHCP Lease List

88 Setup and Maintenance Instruction
Status – DHCP Lease - DHCP Logs Statistics List DHCP Lease Log

89 Setup and Maintenance Instruction
Status – Report and Notification Main Menu > Status > Report and Notification SMTP Settings : Configure SMTP Server; Logs will be sent via SYSLOG Settings :Configure SYSLOG Server; Logs will be delivered to Syslog Server FTP Settings : Configure FTP Server; Logs will be delivered to Syslog Server Notification Settings: When the above setting is completed, needing more detailed configurations, and sending Logs by those three ways mentioned above. System Report: Graphical system report (1Hr, 1Day, 1Week etc…)

90 Console Connect to the Console Via Console Port (baud rate 9600)
Via SSH (Link to GW IP and login with admin/admin)

91 Local Area AP Management

92 Local AP Management Interface
Features: Reboot, Enable, Disable and Delete the checked AP if desired Apply Template Apply Service Zone Background AP Discovery Add AP Manually Firmware upgrade and management

93 Overview Page (signal radio)
AP Type List AP number. Online AP number, Offline AP number and Number of Client.

94 AP Template Setting Template is a model that can be copied to every AP and not necessary to configure the AP individually. . General setting Wireless setting

95 AP Discovery Discovery Settings Factory Default (Auto) &Manual
Background AP Discovery

96 AP Discovery Tag-based Can be applied to multiple Service Zones.

97 AP List AP status Change AP setting AP Status Change AP Setting

98 Wide Area AP Management

99 Wide AP Management System Interface
Features: Detect and manage all of the APs in the network Show APs’ corresponding on Google Maps WDS Setup Adding APs manually Firmware Upgrade and Management GRE Tunnel setup and manage the User Traffic of Wide AP

100 Wide Area AP Management
Main Menu

101 Wide Area AP Management
Map - 1 Need to apply Google Maps API Key from Google Maps Then enter the Key

102 Wide Area AP Management
Map - 2

103 Wide Area AP Management
Map – 3 Google will provide the Google Maps API Key

104 Wide Area AP Management
Map – 4 Click Main Menu -> Access Point -> Wide Area AP Management -> Map -> Edit this Map

105 Wide Area AP Management
Map – 5 Enter the Google Maps API Key

106 Wide Area AP Management
Discover Auto discover AP and list to Device Results

107 Wide Area AP Management
List AP List Add to Map Restore Setting Firmware Upgrade Configuration GRE Tunnel Building

108 GRE Tunnel GRE Tunnel Setup Procedure - 1

109 GRE Tunnel GRE Tunnel Setup Procedure - 3

110 GRE Tunnel GRE Tunnel Setup Procedure – 4
Back to GRE Tunnel Editing page to configure VAP mapping.

111 AP Setup & Maintenance Interface

112 EAP Overview

113 Setup and Maintenance Instruction
EAP including: System: System Setting Wireless: Wireless Setting Firewall: Layer2 Firewall Utilities: Password Setting, Backup/Restore Settings and upgrade etc Status: System Status

114 Thank You Website :


Download ppt "WHG Product Training Oct 2011 For authorized partners only"

Similar presentations


Ads by Google