Presentation on theme: "WHG Product Training Oct 2011 For authorized partners only"— Presentation transcript:
1WHG Product Training Oct 2011 For authorized partners only Secure WLAN SolutionWHG Product TrainingOct 2011For authorized partners only
2Agenda WHG Overview, Installation and Application EAP Overview, Installation and Application
3OverviewAbout WHGWHG Series is designed for wired and wireless network environments with multi-functional, enterprise-class, and high performance network management devices. Different models are suitable for different scale of WLAN (wireless local area network) environments.All models support Gigabit interface can manage a large number of users and services quickly and effectively.The product combines integrated management, security, data transfer, billing and payment functions, with a simple built-in web-based management interface for system administrators to monitor wired and wireless users effectively.With a centralized management interface from wireless AP management function, administrators can easily search, set, monitor and upgrade all managed AP devices.
4Overview Product features-1 Customizable certification standards, including Web-based login (UAM) and 802.1X (RADIUS), customizable portal and Walled-Garden Ads.Establishment and management of user groups.Support for multiple authentication methods (Local, On-demand, RADIUS, POP3, LDAP, NTDS).Virtual local area network (Service Zone) and Policy Management.On-demand Account (accounting by time or volume )Integration of external payment gateways, including PayPal, Authorize.net, SecurePay and WorldPay.User account roaming
5Overview Product features - 2 Support wireless roaming between APs and AP management.Virtual Private Network (VPN) tunneling technology.Support Quality of Service (QoS)Dual Uplink (WAN) to improve reliability and Load BalancingFirewall, DoS (Denial of Service) attack protectionStatus monitoring and reporting of network and on-line usersSupport as a network gateway, including NAT, DHCP, DMZ, Firewall and Port Forwarding
7Overview System Overview - 2 AAA Gateway Authentication, Authorization and AccountingAuthentication:Support for internal or external database serversAuthorization :User Group policyAccounting:User Account management and BillingBuilt-in multiple Service ZonesAP centralized management system
8Setup and Maintenance Instruction WHG support web management interfaceTo access the web management interface, connect a PC to any LAN Port, and then launch a browser. Make sure you have set DHCP in TCP/IP of your PC to get an IP address automatically. The default gateway IP address is “http:// ”Access the web management interface via LAN port
9Setup and Maintenance Instruction For the first time, there will be a “Certificate Error”
10Setup and Maintenance Instruction The administrator login page will appear.
11Setup and Maintenance Instruction After a successful login, a System Home page will appear on the screen.
12Setup and Maintenance Instruction Setup Wizard - 1To quickly configure WHG311 by using the Setup Wizard to set up New Password, Time Zone, WAN1 Interface and Local User Account.
13Setup and Maintenance Instruction Setup Wizard - 2
14Setup and Maintenance Instruction Setup Wizard - 3
15Setup and Maintenance Instruction Setup Wizard - 4
16Setup and Maintenance Instruction System OverviewAn Integration of the overall status of the current system
17Setup and Maintenance Instruction Quick Links pageProvides administrator with frequently used links.
18Setup and Maintenance Instruction System Main Menu
19Setup and Maintenance Instruction Main Menu –System – WAN1Static -1
20Setup and Maintenance Instruction Main Menu – System – WAN1Dynamic -1
21Setup and Maintenance Instruction Main Menu –System – WAN1PPPoE -1
23The Concept of Service Zone 9 Service Zones in totalA Service Zone is acting like a virtual Gateway.Multiple Service Zones are equal to multiple virtual Gateways.
24The Concept of Service Zone Under LAN Port Mapping, there are two modes for Service Zone:Port-basedTag-based
25LAN Port Configuration Port Based: For each LAN port, select a Service Zone to which the LAN port is to be mapped from the drop-down list box.
26LAN Port Configuration Port-Based Application Example
27LAN Port Configuration Configure LAN Port Mapping as Tag-Based
28LAN Port Configuration Tag-Based: A Service Zone can be associated with multiple VLAN Tags
29LAN Port Configuration Tag-Based Application Example
30LAN Port Configuration *Deploy two Service Zones: Employee and GuestService Zone 1 – Employee:SSID: SZ1-EmployeeVLAN Tag: 1111Default Authentication:Radius serverApplied Policy: #1Service Zone 2 – Guest:SSID: SZ2-GuestVLAN Tag: 2222Default Authentication:On-Demand UserApplied Policy: #2WHG-401Requirements for this deployment example:1. Regardless of the location in the office, all users should be divided into two groups (Employee and Guest) for the purpose of authentication differences.2. Each service zone (VLAN) must setup its own SSID to let users to access the wireless network using the specific ID. The system will give a unique Session ID to authenticated users when they start new sessions.3. Both groups, Employees and Guests, will be redirected to different login portal pages and will be authenticated against different authentication database.4. Apply different access control policies to separated groups Employee and Guests.Configurations for the deployment example:Service Zone #1 (Employee):SSID: SZ1-EmployeeVLAN Tag: 1111Default Authentication: LocalApplied Policy: #1Service Zone #2 (Guest):SSID: SZ2-GuestVLAN Tag: 2222Default Authentication: On-Demand UserApplied Policy: #2
31Setup and Maintenance Instruction Configuration of Server Zone
43The Concept of PolicyIn addition to Global Policy, the Policy contains four functions of otherFirewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules.Specific Route Profile: The default gateway of WAN1, WAN2, or a desired IP address can be defined in a policy. When Specific Default Route is enabled, all clients applied this policy will access the Internet through this default gateway.Schedule Profile: The Schedule table in a 7X24 format is used to control the clients’ login time. When Schedule is enabled, clients applied policies are only allowed to login the system at the time which is checked in the applied policy.Maximum Concurrent Sessions: Set the maximum concurrent sessions for each client .
45The Concept of GroupA Group which is allowed to access a Service Zone can be applied with a Policy within this zone.Group Configuration supports:QoS Profile: Configure QoS (Quality of Service )Privilege Profile : When Change Password Privilege is enabled, the authenticated local users within this Group are allowed to change their password via the Login Success Page
46The Concept of GroupThe relation between Group and Service Zone from the perspective of GroupGroup 1 users have 5 x Service Zone access (Service Zone 0, 1, 4, 6, 8).Policy 1 is applied to Service Zone 0, 6, 8Policy 3 is applied to Service Zone 1Policy 8 is applied to Service Zone 4
47The Concept of GroupUsers have same authentication method are belong same group
48The Concept of GroupThe relation between Group and Policy from the perspective of Service Zone
49The Concept of GroupThis example indicates the Service Zone 1 can be access only from User Group 1 (policy 3), User Group 2 (policy 9) and User Group 3 (policy 11)
50Case Study Any Perfect Solutions? Tom owns a SMB with 40 employees Environment: Wide wireless environmentQuestions:1. How to prevent employees in the workplace spending too much time surfing on the internet rather then working?2. The staff in Jimmy’s department have more authority than other departments.
51Example #2 Requirements PolicyPolicy 1Highest AuthorityPolicy 2Policy 3 Lower AuthorityPolicy 4Lowest AuthorityFirewall1.allow2. FTP3. Web BrowsingSpecific RouteWAN1WAN2Login ScheduleWeekendAllow2 hrsWeekday Office HoursWeekdayOvertimeConcurrent Sessions10 ~ Unlimited50030010050Access control policies: there are 4 kinds of priority for different users.
52User Management – Policy Access Control Policy OptionsMax Concurrent SessionsFirewall RulesRoutingLogin SchedulePolicy 1Policy 2Policy 3All UsersPolicy 3User Categorization and Policy-based Access ControlUser Group Controlled by Policy 3
53Policy 1 Highest Priority Group 1Group 2Group 3Group 4Group 5Group 6BossRDPMFinanceSalesGuestsPolicy 1Policy 1Policy 4Policy 1 Highest PriorityPolicy 2Higher PriorityPolicy 3 Lower PriorityPolicy 4Lowest PriorityGuest Area SZ 6Boss SZ 1Policy 1Policy 1Policy 2Policy 2Policy 3User Categorization and Policy-based Access Control:1. Boss group users always enjoy the highest priority (Poicy 1) wherever they go.2. Most employees have higher priority (Policy 2) in their department service zone; on the other hand, they will have lower priority (Policy 3) when they move to different service zone that does not belong to their department.3. Guest users can only get online with the lowest priority (Policy 4) in the Guest zone.Policy 2Policy 1Policy 3Policy 2Policy 1Policy 3Sales Dep. SZ 5RD Dep. SZ 2PM Dep. SZ 3Finance Dep. SZ 4
55Setup and Maintenance Instruction User Authentication – Local - 1
56Setup and Maintenance Instruction User Authentication – Local - 2
57Setup and Maintenance Instruction User Authentication – Local - 3
58Setup and Maintenance Instruction User Authentication – Radius - 1
59Setup and Maintenance Instruction User Authentication – Radius – 2
60Setup and Maintenance Instruction User Authentication – Radius – 3The usage of Postfix “.”Radius Server 有時擁有不只一組 domain namePostfix 設定成 “.” 再設定 Username Format 於 Leave UnmodifiedUser 可以透過完整登入帳號 密碼 即可完成登入動作~
61Setup and Maintenance Instruction User Authentication – LDAP - 1
62Setup and Maintenance Instruction User Authentication – LDAP - 2
63Setup and Maintenance Instruction User Authentication – On-demand – 1On-demand Main Page
64Setup and Maintenance Instruction User Authentication – On-demand – 2Billing Plans
65Setup and Maintenance Instruction User Authentication – On-demand – 3On-Demand Account Creation
66Setup and Maintenance Instruction Network – Privilege
67Setup and Maintenance Instruction Network – Privilege - Privilege IP Address List
68Setup and Maintenance Instruction Network – Privilege - Privilege MAC Address List
69Setup and Maintenance Instruction Network – Monitor IP
70Setup and Maintenance Instruction Network – Walled GardenAdvertisement hyperlinks are displayed on the user’s login page. Clients who click on it will be redirected to the listed advertisement websites.
72Setup and Maintenance Instruction Utilities – Backup & RestoreBackup System Settings : Click Backup to create a .db database backup file and save it on disk.Restore System Settings :click Restore to restore to the same settings at the time when the backup file was saved. (Keep WAN1 setting and Management IP Address List.)Reset to the Factory Default : Click Reset to load the factory default settings.
73Setup and Maintenance Instruction Utilities – Restart : This function allows the administrator to safely restart
74Setup and Maintenance Instruction Utilities – Network UtilitiesWake-on-LAN :IPv4 : IPv4 Network Utilities (included Ping, Trace Route, ARPing & Show ARP Table)IPv6 : IPv6 Network Utilities (Included Ping6, Trace Route 6, Neighbor Discovery & Show Neighbor Cache)Sniff : Capture Packet in specified InterfaceStatus : Display operation statusResult : Display result
75Setup and Maintenance Instruction StatusSystem : System StatusInterface : This section provides an overview of the interface for the administrator including WAN1, WAN2, SZ Default~8.Hardware : Hardware Status (CPU, Memory, Storage)Routing Table : All the Policy Route rules and Global Policy Route rules will be listed here.Online User : Online User’s informationNon-Login Users : Non-Login User’s informationSession List : Session informationUser Logs : User’s traffic history informationLogs : Other traffic history (System & Web Logs)DHCP Lease : DHCP IP release record& SYSLOG : Receive System Status record information via , Syslog Server & FTP Server.
77Setup and Maintenance Instruction Status - System
78Setup and Maintenance Instruction Status – InterfaceDisplay WAN and nine Service Zones’ status interface.
79Setup and Maintenance Instruction Status – Interface 1
80Setup and Maintenance Instruction Status – Interface 2
81Setup and Maintenance Instruction Status – Interface 3
82Setup and Maintenance Instruction Status – Hardware InformationHardware Usage Information
83Setup and Maintenance Instruction Status – Routing TableAll the Policy Route rules and Global Policy Route rules will be listed here. Also it will show the System Route rules specified by each interface.
84Setup and Maintenance Instruction Status – Online UserDisplay Online User’s detailed information.
85Setup and Maintenance Instruction Status – User LogsUsers Log : User’s traffic history recordOn-demand Users Log : On-demand User’s access recordsRoaming Out User Log : Roaming Out User’s access recordsRoaming In User Log : Roaming In User’s access recordsSIP Call Usage Log : SIP User’s log-in/out recordMonthly Network Usage of Local User : Monthly record of Local User’s log-in/out historyStatus – User Logs - Users Log
86Setup and Maintenance Instruction Status – LogsSystem Logs: System InformationWeb Logs: Web record
87Setup and Maintenance Instruction Status – DHCP LeaseDHCP LogsStatistics ListDHCP Lease LogDHCP Lease List
88Setup and Maintenance Instruction Status – DHCP Lease - DHCP LogsStatistics ListDHCP Lease Log
89Setup and Maintenance Instruction Status – Report and NotificationMain Menu > Status > Report and NotificationSMTP Settings : Configure SMTP Server; Logs will be sent viaSYSLOG Settings :Configure SYSLOG Server; Logs will be delivered to Syslog ServerFTP Settings : Configure FTP Server; Logs will be delivered to Syslog ServerNotification Settings: When the above setting is completed, needing more detailed configurations, and sending Logs by those three ways mentioned above.System Report: Graphical system report (1Hr, 1Day, 1Week etc…)
90Console Connect to the Console Via Console Port (baud rate 9600) Via SSH (Link to GW IP and login with admin/admin)
92Local AP Management Interface Features：Reboot, Enable, Disable and Delete the checked AP if desiredApply TemplateApply Service ZoneBackground AP DiscoveryAdd AP ManuallyFirmware upgrade and management
93Overview Page (signal radio) AP Type ListAP number. Online AP number, Offline AP number and Number of Client.
94AP Template SettingTemplate is a model that can be copied to every AP and not necessary to configure the AP individually. .General settingWireless setting
99Wide AP Management System Interface Features：Detect and manage all of the APs in the networkShow APs’ corresponding on Google MapsWDS SetupAdding APs manuallyFirmware Upgrade and ManagementGRE Tunnel setup and manage the User Traffic of Wide AP
113Setup and Maintenance Instruction EAP including:System: System SettingWireless: Wireless SettingFirewall: Layer2 FirewallUtilities: Password Setting, Backup/Restore Settings and upgrade etcStatus: System Status