Bg6020g Ug en

Public Access Control Gateway
User Guide V1.0
3
BROWAN COMMUNICATIONS 1
User Guide V1.0
User Guide V1.0
Copyright
© 2002-2007 BROWAN COMMUNICATIONS.
This DOCUMENT is copyrighted with all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a re trieval system, or
translated into any language in any form by any means without the written permission of BROWAN.
Notice
BROWAN reserves the right to change specifications without prior notice.
While the information in this document has been compiled with great care, it may not be deemed an assurance of product characteristics. BROWAN shall be
liable only to the degree specified in the terms of sale and delivery.
The reproduction and distribution of the documentation and software supplied with this product and the use of its contents is subject to written authorization
from BROWAN.
User Guide V1.0
Trademarks
The product described in this book is a licensed product of BROWAN.
Microsoft, Windows 95, Windows 98, Windows Millennium, Windows NT, Windows 2000, Windows XP, and MS-DOS are registered trademarks of the
Microsoft Corporation.
Novell is a registered trademark of Novell, Inc.
MacOS is a registered trademark of Apple Computer, Inc.
Java is a trademark of Sun Microsystems, Inc.
Wi-Fi is a registered trademark of Wi-Fi Alliance.
All other brand and product names are trademarks or registered trademarks of their respective holders.
User Guide V1.0
Contents
Copyright .................................................................................................................................................................................................... 3
Notice ......................................................................................................................................................................................................... 3
Trademarks ................................................................................................................................................................................................ 4
CONTENTS ................................................................................................................................................................................................................................. 5
ABOUT THIS GUIDE ................................................................................................................................................................................................................. 16
Purpose.................................................................................................................................................................................................... 16
Prerequisite Skills and Knowledge............................................................................................................................................................. 16
Conventions Used in this Document .......................................................................................................................................................... 17
Help Us to Improve this Document! ........................................................................................................................................................... 18
Browan Technical Support ........................................................................................................................................................................ 18
CHAPTER 1 – INTRODUCTION ............................................................................................................................................................................................... 19
Product Overview ..................................................................................................................................................................................... 19
Authentication, Authorization & Accounting ............................................................................................................................................ 19
User Guide V1.0
Service Differentiation............................................................................................................................................................................ 20
Remote Control ..................................................................................................................................................................................... 20
Privacy .................................................................................................................................................................................................. 20
Management Options................................................................................................................................................................................ 21
Features Highlight..................................................................................................................................................................................... 21
AAA ...................................................................................................................................................................................................... 21
IP Router and IP address management.................................................................................................................................................. 22
VPN ...................................................................................................................................................................................................... 22
LAN switch ............................................................................................................................................................................................ 23
Management ......................................................................................................................................................................................... 23
CHAPTER 2 – INSTALLATION ................................................................................................................................................................................................ 24
The Product Package................................................................................................................................................................................ 25
Hardware Introduction............................................................................................................................................................................... 26
General Overview - Front Panel ............................................................................................................................................................. 26
General Overview - Back Panel ............................................................................................................................................................. 27
LED....................................................................................................................................................................................................... 28
User Guide V1.0
Connectors............................................................................................................................................................................................ 28
Product and Safety Label....................................................................................................................................................................... 29
Hardware Installation ................................................................................................................................................................................ 30
Installing Public Access Control Gateway ............................................................................................................................................... 30
Software Introduction ................................................................................................................................................................................ 31
First Configuration ................................................................................................................................................................................. 31
Access the Browan Public Access Control Gateway by Web interface .................................................................................................... 32
Step by Step Setup ................................................................................................................................................................................... 34
CHAPTER 3 – UNIVERSAL ADDRESS TRANSLATION ......................................................................................................................................................... 40
What is UAT ............................................................................................................................................................................................. 40
UAT Principle............................................................................................................................................................................................ 41
UAT Limitation .......................................................................................................................................................................................... 42
CHAPTER 4 – USER PAGES (BASED ON XSL) ..................................................................................................................................................................... 43
User Pages Overview ............................................................................................................................................................................... 44
Welcome Page ...................................................................................................................................................................................... 44
Login Page............................................................................................................................................................................................ 44
User Guide V1.0
Logout Page.......................................................................................................................................................................................... 46
Help Page ............................................................................................................................................................................................. 48
Unauthorized Page................................................................................................................................................................................ 48
Changing User Pages ............................................................................................................................................................................... 49
Example for External Pages................................................................................................................................................................... 50
Example for Internal Pages.................................................................................................................................................................... 53
CHAPTER 5 – CUSTOMIZED USER PAGE (HTML) ................................................................................................................................................................ 57
Determine Your Access Policy .................................................................................................................................................................. 57
Configure Authentication-Free Access Policy............................................................................................................................................. 58
FAQ ......................................................................................................................................................................................................... 65
CHAPTER 6 – COMMAND LINE INTERFACE ......................................................................................................................................................................... 66
Introduction............................................................................................................................................................................................... 66
Get Connected to CLI ............................................................................................................................................................................... 68
Telnet Connection ................................................................................................................................................................................. 68
SSH Connection .................................................................................................................................................................................... 69
Login ........................................................................................................................................................................................................ 70
User Guide V1.0
Connection ............................................................................................................................................................................................... 71
Network .................................................................................................................................................................................................... 72
User ......................................................................................................................................................................................................... 75
Status ....................................................................................................................................................................................................... 77
System ..................................................................................................................................................................................................... 79
Telnet ....................................................................................................................................................................................................... 80
Reboot ..................................................................................................................................................................................................... 81
Reset........................................................................................................................................................................................................ 81
Exit ........................................................................................................................................................................................................... 81
CHAPTER 7 – SNMP MANAGEMENT ..................................................................................................................................................................................... 82
Introduction............................................................................................................................................................................................... 82
SNMP Versions ........................................................................................................................................................................................ 83
SNMP Agent............................................................................................................................................................................................. 85
SNMP Community Strings......................................................................................................................................................................... 85
Use SNMP to Access MIB......................................................................................................................................................................... 86
Browan Private MIB .................................................................................................................................................................................. 87
User Guide V1.0
CHAPTER 8 – REFERENCE MANUAL .................................................................................................................................................................................... 88
Web Interface ........................................................................................................................................................................................... 88
Network Interface...................................................................................................................................................................................... 93
Network Interface | Configuration | Interface Configuration ..................................................................................................................... 93
Network Interface | Configuration | bridge............................................................................................................................................... 97
Network Interface | Configuration | VLAN ............................................................................................................................................. 101
Network Interface | Configuration | Route ............................................................................................................................................. 104
Network Interface | Configuration | Port Forwarding .............................................................................................................................. 106
Network Interface | Configuration | DHCP Relay ................................................................................................................................... 108
Network Interface | Configuration | User ACL ....................................................................................................................................... 108
Network Interface | Configuration | Management Subnet ...................................................................................................................... 111
Network Interface | Configuration | Dynroute ........................................................................................................................................ 113
Network Interface | DNS ...................................................................................................................................................................... 114
Network Interface | DHCP .................................................................................................................................................................... 115
Network Interface | POP3 .................................................................................................................................................................... 120
Network Interface | Multicast ................................................................................................................................................................ 121
User Guide V1.0
Network Interface | RADIUS ................................................................................................................................................................ 122
Network Interface | RADIUS | RADIUS Settings ................................................................................................................................... 124
Network Interface | RADIUS | RADIUS Servers .................................................................................................................................... 129
Network Interface | RADIUS | WISP ..................................................................................................................................................... 136
Network Interface | RADIUS | Proxy ..................................................................................................................................................... 138
Network Interface | RADIUS | Accounting Backup ................................................................................................................................ 141
Network Interface | Tunnels ................................................................................................................................................................. 142
Network Interface | Tunnels | PPPoE/GRE ........................................................................................................................................... 143
Network Interface | Tunnels | Link over 3Layer ..................................................................................................................................... 146
Network Interface | Tunnels | GRE Client for VPN ................................................................................................................................ 147
Network Interface | Backup settings | Heart beat .................................................................................................................................. 148
Network Interface | Backup settings | BackUp Mode............................................................................................................................. 149
User Interface ......................................................................................................................................................................................... 150
User Interface | Configuration | Pages .................................................................................................................................................. 150
User Interface | Configuration | Upload ................................................................................................................................................. 152
User Interface | Configuration | Headers............................................................................................................................................... 153
User Guide V1.0
User Interface | Configuration | Remote Authentication ......................................................................................................................... 155
User Interface | Configuration | Custom Uam ....................................................................................................................................... 156
User Interface | Administrator............................................................................................................................................................... 162
User Interface | Start Page................................................................................................................................................................... 164
User Interface | Walled Garden ............................................................................................................................................................ 165
User Interface | Web Proxy .................................................................................................................................................................. 169
System ................................................................................................................................................................................................... 172
System | Configuration ........................................................................................................................................................................ 173
System | Configuration | Syslog ........................................................................................................................................................... 174
System | Configuration | Trace System ................................................................................................................................................ 176
System | Configuration | Clock ............................................................................................................................................................. 178
System | Configuration | NTP client ...................................................................................................................................................... 179
System | Configuration | NTP server .................................................................................................................................................... 181
System | Configuration | Certificate ...................................................................................................................................................... 183
System | Configuration | Save and Restore .......................................................................................................................................... 185
System | Configuration | Domain Name................................................................................................................................................ 187
User Guide V1.0
System | Access | Access Control ........................................................................................................................................................ 188
System | Access | Telnet ..................................................................................................................................................................... 190
System | Access | AAA ........................................................................................................................................................................ 191
System | Access | UAT ........................................................................................................................................................................ 193
System | Access | Isolation .................................................................................................................................................................. 195
System | Access | PAT and authentication ........................................................................................................................................... 196
System | Access | SNMP ..................................................................................................................................................................... 197
System | Access | Mac List .................................................................................................................................................................. 203
System | Access | HTTPC.................................................................................................................................................................... 205
System | Access | Portal detect............................................................................................................................................................ 206
System | Status ................................................................................................................................................................................... 208
System | Reset .................................................................................................................................................................................... 209
System | Update .................................................................................................................................................................................. 210
Connection ............................................................................................................................................................................................. 213
Connection | Users .............................................................................................................................................................................. 214
Connection | E-mail Redirection ........................................................................................................................................................... 215
User Guide V1.0
Connection | Station Supervision ......................................................................................................................................................... 216
APPENDIX............................................................................................................................................................................................................................... 217
A) Public Access Control Gateway Specification ...................................................................................................................................... 217
Technical Data .................................................................................................................................................................................... 217
B) Factory Defaults for the Access Controller........................................................................................................................................... 220
C) CLI Commands and Parameters......................................................................................................................................................... 236
Network Commands ............................................................................................................................................................................ 236
Network Radius Commands ................................................................................................................................................................ 240
Network Tunnels Commands ............................................................................................................................................................... 243
User Commands ................................................................................................................................................................................. 245
System Commands ............................................................................................................................................................................. 247
System Access Commands ................................................................................................................................................................. 248
System Configuration Commands ........................................................................................................................................................ 251
Status Commands ............................................................................................................................................................................... 253
Connection Commands ....................................................................................................................................................................... 253
E) Standard RADIUS Attributes ............................................................................................................................................................... 254
User Guide V1.0
Vendor Specific Attributes.................................................................................................................................................................... 256
F) Location ID and ISO Country Codes.................................................................................................................................................... 259
G) User Pages Templates Syntax ........................................................................................................................................................... 267
G) User Pages Templates Syntax ........................................................................................................................................................... 278
Welcome.xsl ........................................................................................................................................................................................ 279
Login.xsl.............................................................................................................................................................................................. 279
Help.html............................................................................................................................................................................................. 285
Unauthorized.html ............................................................................................................................................................................... 285
Smart Client ........................................................................................................................................................................................ 286
Upload Templates ............................................................................................................................................................................... 287
GLOSSARY ............................................................................................................................................................................................................................. 289
INDEX ...................................................................................................................................................................................................................................... 299
User Guide V1.0
About this Guide

Purpose
This document provides information and procedures on hardware installation, setup, configuration, and management of the Browan Public Access Control
Gateway.
Prerequisite Skills and Knowledge

To use this document effectively, you should have a working knowledge of Local Area Networking (LAN) concepts and wireless In ternet access infrastructures.
In addition, you should be familiar with the following:
Hardware installers should have a working knowledge of basic electronics and mechanical assembly, and should understand related local building codes.
Network administrators should have a solid understanding of software installation procedures for network operating systems under Microsoft Windows 95,
98, Millennium, 2000, NT, and Windows XP and general networking operations and troubleshooting knowledge.
User Guide V1.0
Conventions Used in this Document

The following typographic conventions and symbols are used throughout this document:
Very important information. Failure to observe this may result in damage.
Important information that should be observed.
Additional information that may be helpful but which is not required.
bold Menu commands, buttons and input fields are displayed in bold
code File names, directory names, form names, and system-generated output
such as error messages are displayed in constant-width type
<value> Placeholder for certain values, e.g. user inputs
[value] Input field format, limitations, and/or restrictions.
User Guide V1.0
Help Us to Improve this Document!

If you should encounter mistakes in this document or want to provide comments to improve the manual please send e-mail directly to:
manuals@browan.com
Browan Technical Support

If you encounter problems when installing or using this product, please consult the Browan website at www.browan.com for:
Direct contact to the Browan support centers.

Frequently Asked Questions (FAQ).
Download area for the latest software, user documentation and product updates.
User Guide V1.0
Chapter 1 – Introduction
Thank you for choosing the Browan Public Access Control Gateway.
The Browan Public Access Control Gateway is a stand-alone network device designed to provide user-friendly public access services for the Hot-Spots. It
integrates authentication, accounting, and security mechanism that enable operators to instantly delivery commercial internet services to customers.
Product Overview
Authentication, Authorization & Accounting
The Browan Public Access Control Gateway provides multiple secure authentication methods from standard web browser login with certificates or SIM cards.
Together with an AP, the Public Access Control Gateway could also serve as an 802.1x/EAP authentication server with RADIUS-proxy functionality. All
authentication and accounting information could be transferred to an operator‘s RADIUS server via an encrypted tunnel. The Browan Public Access Control
Gateway collects all the real-time information of billing and account, such as online time and transfer volume. Multiple billing plans, pre-paid time, pre-paid
volume flat-rate and so on, could be handled by large among simultaneous users.
User Guide V1.0
Service Differentiation
The integrated Web server of the Browan Public Access Control Gateway allows flexible interaction with common web application servers, facilitating the
provisioning of differentiated services with bandwidth management, location based and personalized services. Inter-Provider roaming and multi-OSS support
are guaranteed by the persistent usage of standardized protocols and interfaces like RADIUS, HTTPS and XML. Browan Public Access Control Gateway is
compliant with the recommendations of the Wi-Fi Alliance WISP roaming group.
Remote Control
The Browan Public Access Control Gateway allows the operators to provide cost effective public Wi-Fi services by managing user access control, device
configuration, and radio performance centrally from the operations centre. HTTPs, telnet, SSH or SNMP over VPN could present a secure remote
management.
Privacy
Browan Public Access Control Gateway supports different levels of security and data encryption. Client stations can be separated at the link layer (Layer2 User
Isolation), preventing intruders from accessing the hard discs of other users. User credentials (passwords) are protected by SSL or EAP-based authentication
methods. User traffic can be encrypted by VPNs (pass-through). Operators and service providers can make use of the integrated VPN/tunneling protocols to
protect AAA and management traffic.
User Guide V1.0
Management Options
You can use the Public Access Control Gateway management systems through the following interfaces:
Web-browser interface
Command Line interface (CLI)
Simple Network Management Protocol (SNMP v1, v2, v3)
The Public Access Control Gateway management system pages are organized in the same way for the web-browser interface and the CLI. This user manual
provides detailed description of each management option.
Features Highlight
AAA
Multiple authentication methods: UAM, 802.1x/EAP, RADIUS, MAC, Smart Client (e.g. iPass)
WISPr compliant
Internal and external accounting backups
Internal or external web server
Remote user login, logout, session status control via https/XML
AAA proxy server (for simultaneous EAP and UAM)
User Guide V1.0
Per user bandwidth management

Web proxy support
IP Router and IP address management
Static IP routing table

NAT/NAPT (IP masquerading)
Port-forwarding
Transparent VPN client pass-through (PPTP, IPsec ESP)
PPPoE client
DHCP server, relay gateway (sub-options), DHCP client
UAT (Universal Address Translation)
SMTP redirection (e-mail)
VPN
GRE VPN client, max. 16 tunnels
User Guide V1.0
LAN switch
Managed 3-port switch 10/100Mb, auto-sensing

Two GbE Copper and two GbE SFP ports
Management
Secure management via https, SSH, SNMP

SNMP proxy
SNMPv3 (incl. authentication and encryption)
Management subnet for remote AP and switch management
Remote firmware update
User Guide V1.0
Chapter 2 – Installation
This chapter provides the installations and instructions, the hardware and software components of the Browan Public Access Control Gateway. The contents of
this chapter include the following procedures and tasks:
The Product Package

Hardware Introduction
Hardware Installation
Software Introduction
Step-by-Step Setup
User Guide V1.0
The Product Package

Item Qty
1 Browan Public Access Control Gateway 1

2 Mounting Kit 1
3 Screws 1
4 Footing 1
5 Power cord (USA Type) 1
6 Power cord (Euro Type) 1
7 Installation CD containing: 1
 Browan Public Access Control Gateway User Guide in PDF format
 Product Firmware
 Templates for login and logout page (HTML)
 Release Notes
 Adobe Acrobat Readers
Figure1 Package List
If any of these items are missing or damaged, please contact your reseller or Browan sales representative immediately.
User Guide V1.0
Hardware Introduction
General Overview - Front Panel
Gigabit Port 10 / 100 Mb
Figure2 Front Panel

Console
The front panel of the Browan Public Access Control Gateway contains:
A series of indicator lights (LEDs).

USB
Several Connectors.
User Guide V1.0
General Overview - Back Panel
Fans Fans
Power
Figure3 Back Panel Socket
The back panel of the Browan Public Access Control Gateway contains: Power
Switch
Power socket and switch
Fans
User Guide V1.0
LED
There are two LEDs for SFP link status which are located on the front panel of the Browan Public Access Control Gateway.
Connectors
The Browan Public Access Control Gateway has several connectors on the front panel:
Gigabit Ports, 10/100Mb Ports, Console Port and USB Port.
The Browan Public Access Control Gateway has several connectors on the back panel:
Power code Socket
User Guide V1.0
Product and Safety Label
This product label contains :
1. Product Name
1.
2. The Browan Public Access Control Gateway has passed the
requirement of FCC.

2.
requirement of CE.

3.
requirement of WEEE.

requirement of RoHS.

requirement of China RoHS 4. 5. 6.
7. This device has been made in Taiwan.
8. Serial numbers of the Browan Public Access Control Gateway 8. 7.
Figure4 Product Label
User Guide V1.0
Hardware Installation
Installing Public Access Control Gateway
Step 1 Place the Public Access Control Gateway either on a flat work surface or in a 19-inch rack using the enclosed mounting kit.
Step 2 Connect one Ethernet patch cable to the port for LAN interface of the Browan Public Access Control Gateway and to a free hub port on your local
network.
Step 3 Connect one Ethernet patch cable to the port for WAN interface of the Browan Public Access Control Gateway and to an Ethernet port of a
broadband Internet modem or router.
Step 4 Connect the power cord to the Browan Public Access Control Gateway, and switch the power ON.
Step 5 Please wait for few seconds until the boot process is finished
User Guide V1.0
Software Introduction
First Configuration
The first web browser connection to the Browan Public Access Control Gateway: either entering the IP address and subnet (default networks settings) into the
browser. The default network settings for the new Browan Public Access Control Gateway are:
LAN port: IP 192.168.3.1 subnet 255.255.255.0
WAN port: IP 192.168.2.66 subnet 255.255.255.0
DHCP Server: enabled for LAN port
User Guide V1.0
Access the Browan Public Access Control Gateway by Web interface
Step 1: Please configure the Local Network Connection in your computer as

following
IP address: 192.168.2.0
Subnet mask: 255.255.255.0.
Connect the WAN interface of the Browan Public Access Control

Gateway to the physical network which same as your computer. Open
the Web browser and type the default IP address of the Browan
Public Access Control Gateway:
https://192.168.2.66/a.rg
Figure5 Local Area Connection
Step 2: Enter the Browan Public Access Control Gateway administrator login
credential to access the Web management interface.
Username: admin
Password: admin01
Figure6 Administrator login
User Guide V1.0
Step 3: After successfully logging on as administrator, you will see the Web
interface which shows the system status of the Browan Public
Access Control Gateway.
Figure7 Web Interface overview
User Guide V1.0
Step by Step Setup
Step 1: Interface Set-Up
You could configure the TCP/IP settings in the network interface |

configuration | interface configuration menu. The br1, interface0,
interface1, interface2, interface4, interface5 and interface6 are
pre-configured for the LAN interface of the Browan Public Access Control
Gateway, and interface3 is the WAN interface. You could click on edit to
modify these settings according to your local network requirements. Make
sure that IP subnets do not overlap.
Figure11 Interface Configuration Settings
If DHCP client or PPPoE is selected as a dial-up protocol for the WAN interface, the WAN settings of this table will be overwritten by the values
retrieved from the Internet Provider.
Step 2: DNS Set-Up
In the network interface | DNS menu, you can specify your local domain
name server or enter the DNS server provided by your ISP (Internet Service
Provider). Figure12 DNS Redirection
User Guide V1.0
DNS is set automatically if provided by the ISP dynamically via DHCP or PPPoE.
Step 3: IP Address Management
For automatic IP assignments to client stations, set the DHCP settings in the
network interface | DHCP menu according to your TCP/IP configuration in
step1. Only use the address ranges within the corresponding IP subnet of
the LAN interface. In addition you can switch on the Universal Address
Figure13 UAT introduction
Translation function in the system | access | UAT menu. With UAT users
do not need to change their local TCP/IP settings to log on to the Browan
Public Access Control Gateway. The Browan Public Access Control Gateway
will translate fixed IP numbers used in private networks transparently for the
user.
User Guide V1.0
Step 4: RADIUS Set-Up
In the network interface | RADIUS settings menu, you could first define the
local settings of the integrated RADIUS client of the Browan Public Access
Control Gateway. For example you could modify timeouts and the NAS
server ID (name of the RADIUS client):
Move on to the network interface | RADIUS servers menu, you could

specify up to 32 different RADIUS servers for authentication and accounting.
The first line of this table is the default server (it could be configured as
default). Thus, if a user cannot be associated to any specific service provider
Figure14 RADIUS Settings
by his login name, the Browan Public Access Control Gateway will send
authentication and accounting messages to the first RADIUS server on the
list.
Make sure that the RADIUS server is up and running, and also it is able to
receive authentication requests from the Browan Public Access Control
Gateway.
Figure15 RADIUS Servers
User Guide V1.0
The default user login page is as shown on right.
Figure16 Example of a Simple Login Page
You have full flexibility to modify and adapt all these pages according to your
personal designs. For initial set up and testing, using the default configuration
which will present a simple login window with input fields for username and
password is recommended.
Enter any start page you like in the user interface | start page menu. In
Figure17 Start Page
addition you can define a number of free web sites in the walled garden
table on the user interface menu.
User Guide V1.0
Step 6: Change Administrator Password
Before saving your initial configuration, it is better to change the administrator

password in the user interface | administrator menu.
Figure18 user interface | administrator
Step 7: E-mail Redirection
If you have a SMTP mail server available for your subscribers, you might
need to enter its IP address and SMTP port number in the connection |
e-mail redirection. Thus all the outgoing e-mails passing through the Figure19 connection | e-mail redirection
Browan Public Access Control Gateway will be redirected to this server.
Step 8: Save Configuration and Restart
Make sure you have saved your changes from each of the seven steps
above, and then click restart button in the system | reset menu. Few
seconds later you can re-load the admin pages or start to log on to the
Browan Public Access Control Gateway as a user. Figure20 system | reset
User Guide V1.0
After users connected to the LAN interface of the Browan Public Access
Control Gateway, users will be redirected to welcome and login pages you
defined (if it‘s enabled) regardless of any URL they have entered on their
browser. Administrators can monitor the connected users via the connection
Figure21 connection | users
| users menu.
User Guide V1.0
Chapter 3 – Universal Address Translation

What is UAT
Universal Address Translation (UAT) allows Hotspot operators to offer true
IP Plug and Play access for their subscribers.
With UAT enabled, the Browan Public Access Control Gateway will
automatically and transparently translate fixed IP settings (IP address,
gateway, DNS, proxy server) on a user‘s PC enabling him/her to connect to
the broadband Internet service, even if the client‘s IP overlaps the IP subnet
of the WAN port. Without UAT public access, subscribers are forced to
switch their TCP/IP settings to DHCP (automatic IP address assignment),
potentially losing any fixed IP address settings they previously entered.
User Guide V1.0
UAT Principle
The Browan Public Access Control Gateway acts as an ARP proxy to each
client who has a fixed IP which does not belong to the subnet of LAN
interface. As the figure on right describes, the Browan Public Access Control
Gateway will automatically respond to a client‘s ARP Request if its IP doesn‘t
belong to its LAN subnet to pretend as if the Browan Public Access Control
Gateway is its Gateway; then inside the Browan Public Access Control
Gateway, an uncast router will be added for UAT client.
Figure22 UAT Principle
User Guide V1.0
UAT Limitation
When using UAT, operators have to be aware of some principal limitations:
If UAT mode is enabled on the Browan Public Access Control Gateway, it will
act as an ARP Proxy under its LAN interface. If there is a subnet behind a
router which is under the LAN of the Browan Public Access Control Gateway
and if there is a PC whose IP address belongs to the subnet as the figure
shown, the communication between PC2 and PC1 will be failed for the
reason of the Browan Public Access Control Gateway ARP proxy packet.
But if the router is working under NAT mode, the communication from PC2 to
PC1 will be fine.
Figure23 Another subnet under the Browan Public Access Control Gateway
User Guide V1.0
Chapter 4 – User Pages (Based on XSL)

This chapter describes what the user pages are and how to manage them. Detailed instructions on how to change and upload new user pages are given below.
When launching his/her web browser the user's initial HTTP request will be redirected to an operator defined set of web pages, further called the user pages.
User pages are:
Welcome page– the first page presented to the user.

Login page– subscriber authentication page, allows the user to login to the network.
Logout page– small pop-up window for logged-on user statistics and log-out function.
Help page – to get help with the login process.
Unauthorized page – this page is displayed when web login or EAP login methods are disabled on the Access Controller for subscribers.
All further presented user pages are factory default. The Hotspot operator can upload new templates for all user pages.
User Guide V1.0
User Pages Overview
Welcome Page
Welcome page is the first page a Hotspot subscriber receives when he starts
his web browser and enters any URL. By default, it‘s a very simple page and
provides only a link to the login page.
Figure24 Welcome Page
Login Page
The subscriber gets to the login page after clicking the link on the welcome
page. The user should enter the authentication settings: login name and
password, and click the login button.
Figure25 Simple Login Page
User Guide V1.0
The login name and password can be obtained from your Hotspot Operator. Login format available for the Browan Public Access Control
Gateway:
username@WISPdomain
WISPdomain/username
Prefix+ username (prefix length from 2 to 6, prefix can use the abbreviation name of hotspot owner. For example GSI.)
The login page also displays subscriber‘s logical and physical network
addresses (IP and MAC). Once authenticated, a start page appears. In
addition, a smaller logout window (page) pops up.
The Hotspot operator can change the login page according to its needs.
User Guide V1.0
Logout Page
Make sure the JavaScript is enabled on your Web browser; otherwise you will not receive the logout page.
The Logout page contains the detailed subscriber‘s session information and
provides function for logging out of the network.
Detailed subscriber‘s session information includes:
User – subscriber‘s login name.
User IP – subscriber‘s logical network name (IP address).
MAC Address – subscriber‘s physical network address.
Session time – subscriber‘s session time from client log on in format:

(hours: minutes: seconds).
Input /Output bytes – subscriber‘s session input and output statistics Figure26 Logout Page
in bytes.
Input /Output bytes left – session input and output bytes left for
subscriber limited from RADIUS (in B, KB, MB, GB and unlimited).
Total bytes left – session total (input and output) bytes left for
User Guide V1.0
subscriber limited form RADIUS (in B, KB, MB, GB and unlimited).
Session time left – session time left in format (hours: minutes:

seconds).
Bandwidth downstream/upstream – available upstream and

downstream bandwidth for subscriber limited from RADIUS (in bps).
Logout button – click the button to logout from the network. The log-out
pop-up window closes.
Refresh button – click the button to refresh the subscriber session

information.
The Hotspot operator can change the logout page interface according to its needs.
User Guide V1.0
Help Page
Click on the get help link in the login page for help tips related to network
registration, as shown on the right figure.
Figure27 Help Page
Unauthorized Page
If web log-on method (UAM) or EAP-based authentication methods are

disabled on the Browan Public Access Control Gateway and subscribers
attempt to login to the network, so the right page will appear.
Figure28 Unauthorized Page
User Guide V1.0
Changing User Pages

As the Hotspot operator you can modify the user pages freely according to your personal needs
and preferences. User Page templates can be either stored locally on the Browan Public Access
Control Gateway or on an external web server
User pages can be modified in the user interface | configuration menu. There are two ways
to change and store new user page templates:
External – linking new user page templates to an external server.

Internal – uploading new templates to the local memory.
Supported user pages template formats:
XSL (Extensible Style sheet Language) for welcome | login | logout | one click pages.
HTML (Hypertext Markup Language) for help | unauthorized pages.
The following image formats are supported for new templates. Other formats are not accepted:
PNG
GIF
JPG
User Guide V1.0
Example for External Pages
The following examples demonstrate the use of internal and external user
pages.
Step 1 Prepare your new user pages template for each user page:
welcome | login | logout | help | unauthorized | one click.
Step 2 Under the user interface | configuration | pages menu, select

the user page you want to change (e.g. login)
Figure29 Configuring internal login.xsl file
Step 3 Choose the external option under the use column:
Figure30 Configuring external login.xsl file
User Guide V1.0
Step 4 Specify the new user page location in the location field.
Figure31 Configuring external login.xsl location field
Please do not try to upload any formats other than the supported to display the user pages properly.
Step 5 Save the changes you have entered by clicking the apply
changes button
Figure32 Applying changes
User Guide V1.0
Step 6 Check for new uploaded user page (e.g. login).
Figure33 Appearance of external login page
If at any time you wish to restore factory default user pages, click the reset button under the system | reset menu.
User Guide V1.0
Example for Internal Pages
We will use the user pages templates from the Installation CD to show the
example how to upload the internal pages. Follow the steps below:
Step 1 Ensure that internal option is selected for all user pages you want
to change. By default, internal option is defined for all pages.
Figure34 Internal page
Step 2 click the upload button in the user interface | configuration |

upload menu to upload new prepared user pages:
Figure35 Uploading XSL pages
The memory space in the Browan Public Access Control Gateway for internal user pages is limited to 1 MB.
User Guide V1.0
Step 3 Specify the location (Examples directory if you use the Installation
CD) of new user page templates by clicking the browse button or
entering the location manually.
Specify the location for the additional files of new user page
templates: images and a cascading style sheet file (css) by clicking
the browse button or entering the location manually:
Figure36 Uploading internal pages
User Guide V1.0
Step 4 Click the upload button to upload specified templates and files.
You do not need to upload all additional files at once. You can repeat the upload process several times until all necessary images are
uploaded.
Step 5 Check for the newly uploaded user pages and images to ensure
that everything is uploaded and displayed correctly. Go to the link:
https://<device-IP-address>/ to get to the new user
welcome page
Figure37 Appearance of internal welcome page
User Guide V1.0
Click the here link or enter the link directly:
https://<device-IP-address>/login.user to get to the

new user login page:
Figure38 Appearance of internal login page
Anytime if you wish to restore the factory default user pages, click the reset button under the system | reset menu.
User Guide V1.0
Chapter 5 – Customized User Page (HTML)

This chapter will assist you on configuring the Browan Public Access Control Gateway customized login/logout pages using the sample templ ates in the CD.
The CD includes four different styles of templates (based on HTML). There are three authentication-enabled styles (coffee bar, general and hotel), and one
authentication-free hotel style. User can also create a personalized login/logout pages based on the provided sample templates.
Determine Your Access Policy

Choose the authentication-enabled policy style template as the base
template if user authentication is required, or choose authentication-free
policy style template as the base template if no user authentication is
required. User may use any HTML editing tools to modify the template
contents to create a new personalized login | logout page.
User Guide V1.0
Configure Authentication-Free Access Policy

Step1. Configure and Upload Customized Login/Logout Page files
Login to the Browan Public Access Control Gateway as super administrator

and go to user interface | configuration | Custom UAM.
Figure39 Editing customize page status

Click edit button to change the status. (Figure39)
In order to configure the Browan Public Access Control Gateway using the
customized login/ logout page, Customize Page status must set to
Enabled.(Figure40)
Figure40 Enabling customize page status
After enabling the Customize page status, a list of settings

appeared.(Figure41)
Figure41 Customize page status is enabled
User Guide V1.0
To start uploading the customized template files, click the upload button.
(We will use the coffee bar style template files in the Browan Public Access
Control Gateway CD for this demonstration).
After clicking the upload button, an Update Custom UAM Files will appear.
Figure42 Uploading files
User Guide V1.0
Enter the physical path and filename of the coffee template files, or click the
browse button to search the Browan Public Access Control Gateway CD for
coffee template files.
Figure43 Selecting example files
Figure44 Uploading login.html
User Guide V1.0
The first two items are for login.html and logout.html files. Additional files are for CSS and image files, such as jpg, gif and etc
After entering all the template files, click upload button to start uploading files
to the Browan Public Access Control Gateway.
Figure45 Uploading other files
Only ten Additional files can be uploaded at a time. To upload more additional files, repeat the same upload process in step 2-4, but please be
aware of the first two items are only for login.html and logout.html files. Image files can only be uploaded to Additional file fields
User Guide V1.0
Once all files are uploaded successfully, a list of Uploaded File will show.
Figure46 Files have been upload
Verify if all files are uploaded successfully
Figure47 Verifying all files
User Guide V1.0
Step2. Configure the pixels of logout window.
The README file in each template directory contains the information of the
pixels settings for the logout page. Enter the width size and height size
settings of logout page and click the Save button. E.g. the suggested size
of logout page is 1024 x 768 for the coffee bar template
Figure48 Setting the pixels of logout window
Step3. Everything is ready
Now, any users that access the internet via the Browan Public Access Control
Gateway will see the new personalized login and logout pages.
Let‘s look at the new appearance of login and logout page based on the
coffee bar template.
Figure49 Example of coffee bar login page
User Guide V1.0
Figure50 Example of coffee bar logout page
User Guide V1.0
FAQ
1. Question: How to add some links that could be accessed without authentication?
Answer: These authentication-free sites for users are called walled garden area. Please refer to the user‘s guide to configure the related settings.
2. Question: How to hide the user login session information from my customers?
Answer: You can find these set of html code in logout.html we provided:
<td width="265" valign="top"><iframe src="logout.user?cmd=status" width="250" height="240" marginwidth="0"

marginheight="0" scrolling="yes" frameborder="0"></iframe></td>
This set of code uses an embedded window to show the session data in logout window. Commenting them with HTML comments language
―‖ will hide the session data in logout window.
3. Question: If I don‘t want the logout window to be popped up to users, what could I do?
Answer: Please login to the Browan Public Access Control Gateway and go to user interface | configuration | Custom UAM to disable ―pop logout
page.‖
4. Question: If I happen to close the logout window, how can I logout?

Answer: 1. Just un-plug your wireless card, or un-plug your network wire if you use a wired card.
2. Open a browser window, and input the URL: ―logout.usr‖, then you will be redirected to logout window.
User Guide V1.0
Chapter 6 – Command Line Interface

Introduction
The CLI (Command Line Interface) software is a configuration shell for
the Browan Public Access Control Gateway. Using the CLI system
operator can configure:
User interface
Network interface
Wireless interface
System
Using the CLI system operator can check:
Status (device, network, service)

Connection
User Guide V1.0
All available key combinations in CLI mode are listed on the right table.
Key and/or Combination Function
? Get context-sensitive help
<TAB> Complete the current keyword or
list all the options
<CTRL> <D> Break out the sub-shell
<CTRL> <A> Jump to the beginning of the line
<CTRL> <E> Jump to the end of the line
<CursUP>/<CursDOWN> Scroll through the history of
commands
Figure51 Key Combinations in CLI
User Guide V1.0
Get Connected to CLI

There are two different ways to get connected to the CLI of the Browan
Public Access Control Gateway, via :
Telnet
SSH client
Telnet Connection
Make sure that default access status is allowed and telnet function is enabled on the Browan Public Access Control Gateway before trying to
connect via telnet. Otherwise, no telnet connection will be available.
Connect the Browan Public Access Control Gateway via LAN or WAN
interface using the enclosed UTP cable and start a telnet session (using a
telnet application). For example, connect your device via the WAN interface,
and then make a telnet connection as followed:
telnet 192.168.2.66
192.168.2.66 is the default WAN interface IP.
CLI login will be displayed automatically. Enter the administrator login
settings.
User Guide V1.0
SSH Connection
Make sure that default access status is enabled on the Browan Public Access Control Gateway before attempting to connect via SSH.
Otherwise no SSH connection will be available.
Connect the Browan Public Access Control Gateway via LAN or WAN
interface using the enclosed UTP cable and start a SSH session (using an
application as PuTTY). For example, connect your device via the WAN
interface and then make a SSH connection to host IP: 192.168.2.66 (default
WAN interface IP).
CLI login will be displayed automatically. Enter the administrator login settings
(refer to the next section for details).
User Guide V1.0
Login
Enter the administrator login settings in the displayed CLI command prompt.
The default administrator login settings are:
Login: admin
Password: admin01
Figure52 CLI Login
After successful login, command prompt is displayed, and the CLI is ready for
commands. Press ‗?‘ to get a list of main commands:
Figure53 Main CLI Commands
‗?‘ will not appear on the screen. While pressing this character, the display changes to the desired help page. To enter ‗ ?‘ as character type ‗\?‘.
User Guide V1.0
Connection
Connection is a category of commands that is related to the user‘s
connection with the device.
In general, the connection usage is as followed:
connection <command> <value>
To get a list of all available commands in the connection category, type:

Figure55 Connection Commands
connection ?
A full list of all available connection commands/subcommands and the parameters are available in the Appendix section: C) CLI Commands
and Parameters.
User Guide V1.0
Network
Network is a category of commands that configures the Public Access
Control Gateway interface settings, DNS, DHCP, UAT and RADIUS settings.
A network commands contains several subcommands and the

subcommands contain several parameters.
In general, network command usage is as followed:
network <command> <subcommand1> <subcommand2> [-parameter]

<value>
To get a list of all available commands in the configure category, type: Figure56 Network Commands List
network ?
.
To get a list of all available subcommands for a specific command, type:
network <command> ?, (e.g. network radius ?)
All available subcommands for radius are displayed as right figure.
User Guide V1.0
A specific command contains several subcommands:
network <command> <subcommand1> ?, (e.g. network radius

servers ?)
Figure57 Configure Network (1)
All available subcommands are displayed as right figure.
To get a list of available parameters on selected subcommand, type:
network <command> <subcommand1> <subcommand2> ?, (e.g.

network radius servers accounting ?)
All available parameters which entered subcommand are displayed as right
figure.
To configure the desired the Public Access Control Gateway interface setting,
type all required parameters with values and subcommands:
network <command> <subcommand1> <subcommand2> [-parameter] Figure59 Configure Network (3)
<value>
(e.g. network radius servers accounting 1 –a 127.0.0.2 –p

1814 –s testing111), where parameters are as followed:
-a – RADIUS server IP address used for RADIUS accounting
User Guide V1.0
-p – RADIUS server port number used for RADIUS accounting
-s – Shared secret key for accounting.
and Parameters.
If successful, a message regarding the successful completion is displayed; otherwise, an error message is displayed.
In some cases, entered commands without parameters display current

controller configuration or settings:
network <command> <subcommad1> <subcommad2>, (e.g. radius

servers accounting), displays available RADIUS servers and its settings Figure61 Configure Network (5)
list (in this case, the RADIUS accounting server which is already updated).
User Guide V1.0
User
User is a category of commands that configures the Public Access Control
Gateway interface settings, affecting the user‘s interface, redirection URL,
free sites (walled garden), system management access and administrator
login/password
In general, the user command usage is as followed:
user <command> <subcommand1> <subcommand2> [-parameter] Figure62 User Commands List

<value>
To get the full list of the user commands, type:
user ?
To get a list of all available subcommands for a specific command, type:
user <command> ?, (e.g. user walled_garden ?)

Figure63 Configure User Interface (1)
All available subcommands for walled garden (free sites) are displayed as
right figure.
User Guide V1.0
To configure selected user interface settings, type:
User <command> <subcommand1> <subcommand2> [-parameter]

<value>,
Figure64 Configure User Interface (2)
(e.g. user walled_garden url A -u www.gemtek.system.com -s
gemtek system site), where parameters are as followed:
A – action: add URL
-u – define URL address
-s – define URL description, visible for user:
and Parameters.
If successful, a message regarding the successful completion is displayed; otherwise, an error message is displayed.
User Guide V1.0
Status
Status is a category of commands that‘s displays:
General devices status (model, firmware version, uptime, memory)

All interface network settings (IP address/netmask, MAC address,
gateway, RX/TX statistics)
Currently running services (DHCP, routes, port forward, telnet, SNMP,
UAT, ..).
In general, the status command usage is as followed: Figure65 System Status Commands List
Status <command>
To get the full list of the status commands, type:
status ?
To get the general device status information, type:
status device :
Figure66 Device Status
User Guide V1.0
and Parameters.
Here you can find the current firmware version of your AC. This is important information for support requests and for preparing firmware
uploads.
User Guide V1.0
System
System is a category of commands that configures access to the Public
Access Control Gateway (telnet, L2 isolation, SNMP, UAT) and configuration:
clock, NTP, syslog, trace.
In general, the system command usage is as followed:
system <command> <subcommand1> <subcommand2> [-parameter]

<value>
To get the full list of the system commands, type:

Figure67 System Commands List
system ?
and Parameters.
User Guide V1.0
Telnet
To make a telnet connection, type the telnet command in the command line.
telnet
Figure68 Telnet Command
The telnet client is activated and ready for a telnet session
Figure69 Telnet Session
Quit the telnet to return to CLI interface
User Guide V1.0
Reboot
To stop the Browan Public Access Control Gateway and reboot the device,
type the reboot command in the command line. If you reboot the device now,
there will be no configuration changes made. The last saved configuration is
applied to the rebooted Public Access Control Gateway.
Reset
To reset the Browan Public Access Control Gateway to factory defaults, type
the reset command. And the device is restarted and defaults values are set.
Please note that even the administrator password will be set back to the factory default. Refer to Appendix section: B) Factory Defaults for
the Access Controller.
Exit
To leave the CLI mode, type the Exit command in the command line.
User Guide V1.0
Chapter 7 – SNMP Management

Introduction
Another way to configure and monitor the Browan Public Access Control Gateway via a TCP/IP network is SNMP (Simple Network Management Protocol).
SNMP is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control
Protocol/Internet Protocol (TCP/IP) suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan
for network growth.
The SNMP agent and management information base (MIB) reside on the Browan Public Access Control Gateway. To configure SNMP on the Browan Public
Access Control Gateway, you should define the relationship between the Network Management System (NMS) and the SNMP agent (the Browan Public
Access Control Gateway). The SNMP agent contains MIB and Browan private MIB variables whose values the SNMP manager can request or change. A
NMS can get a value from an agent or store a value into the agent. The agent gathers data from the MIB, the repository for in formation about device
parameters and network data. The agent can also respond to a manager‘s requests to get or set data.
In order to manage the device, you have to provide your Network Management System software with adequate MIB files. Please consult your
management software manuals on how to do that.
User Guide V1.0
SNMP Versions
The Browan Public Access Control Gateway supports the following versions of SNMP:
SNMPv1— The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157. (RFC 1157 replaces the earlier version s that were
published as RFC 1067 and RFC 1098.) Security is based on community strings.
SNMPv2c— The community-string based Administrative Framework for SNMPv2. SNMPv2c (the "C" stands for "community") is an Experimental Internet
Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2
Classic), and uses the community-based security model of SNMPv1.
SNMPv3 – SNMP v3 is based on version 2 with added security features. It addresses security requirements through encryption, authentica tion, and
access control rules.
Both SNMPv1 and SNMPv2c use a community-based form of security. The community of managers able to access the agent's MIB is defined by an IP address
access control list and password.
The Browan Public Access Control Gateway implementation of SNMP supports all MIB II variables (as described in RFC 1213) and defines all traps using the
guidelines described in RFC 1215.The traps described in this RFC are:
User Guide V1.0
coldStart
A coldStart trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered.
WarmStart
A WarmStart trap signifies that the SNMP entity, acting in an agent role, is reinitializing itself and that its configuration is unaltered.
authenticationFailure
An authenticationFailure trap signifies that the SNMP entity, acting in an agent role, has received a protocol message that i s not properly
authenticated.
linkDown
A linkDown trap signifies that the SNMP entity, acting in an agent role, recognizes a failure in one of the communication links represented in the
agent's configuration.
linkUp
A linkUp trap signifies that the SNMP entity, acting in an agent role, recognizes that one of the communication links represented in the agent's
configuration has come up.
User Guide V1.0
SNMP Agent
The SNMP agent responds to SNMP manager requests as followed:
Get a MIB variable—The SNMP agent begins this function in response to a request from the SNMP manager. The agent retrieves the value of the
requested MIB variable and responds to the manager with that value.
Set a MIB variable—The SNMP agent begins this function in response to a message from the SNMP manager. The SNMP agent changes the value of the
MIB variable to the value requested by the manager.
The SNMP agent also sends unsolicited trap messages to notify an SNMP manager that a significant event has occurred (e.g. authentication failures) on the
agent.
SNMP Community Strings

SNMP community strings authenticate access to MIB objects and function as embedded passwords. In order for the SNMP manager to access the Browan
Public Access Control Gateway, the community string must match one of the two community string definitions on the controller. A community string can be as
followed:
Read-only—Gives read access to authorized management stations to all objects in the MIB except the community strings, but does not allow write access.
Read-write—Gives read and write access to authorized management stations to all objects in the MIB, but does not allow access to the com munity strings.
User Guide V1.0
Use SNMP to Access MIB
As shown in the Figure70 SNMP Network, SNMP agent gathers data from the MIB. The agent can send traps (notification of certain events) to the SNMP
manager, which receives and processes the traps. Traps are messages alerting the SNMP manager to a condition on the network such as improper user
authentication, restarts, link status (up or down), MAC address tracking, and so forth. The SNMP agent also responds to MIB -related queries sent by the SNMP
manager in get-request, get-next-request, and set-request format.
Figure70 SNMP Network
User Guide V1.0
Browan Private MIB

In addition to standard SNMP MIBs, the Browan Public Access Control Gateway supports the private Browan MIB. The private MIBs are enterprise specific
and serve to extend the functionality of the standard MIBs. Private MIB identifies manageable objects and the properties that are specific to the managed
device. MIBs let you manage device not only by using WEB or Command Line Interface but also using SNMP protocol. The descript ions and brief explanations
of managed objects are available in the MIB file. The MIB file is a specially formatted text file. It is using the so -called ASN.1 standard syntax.
User Guide V1.0
Chapter 8 – Reference Manual

This chapter contains the Browan Public Access Control Gateway web management reference information.
The web management main menu consists of the following sub menus:
Network Interface – device configuration settings affecting networking.

User Interface – device configuration settings affecting the user interface.
System – device system configuration settings directly applicable to the Browan Public Access Control Gateway.
Connection– device settings related to user‘s connection with the Browan Public Access Control Gateway.
Exit – click exit and leave the web management then close your web-browser window
Web Interface
The main web management menu is displayed at the top of the page after
successfully logging into the system (see the right figure). From this menu all
essential configuration pages are accessed.
Figure71 Main Configuration Management Menu
User Guide V1.0
By default, the system | status menu is activated and the current Browan Public Access Control Gateway system status is displayed. The active menu is
displayed in different colors.
The web management menu has the following structure:
Network Interface
Configuration – configuration page for all the Browan Public Access Control Gateway network interfaces
Interface configuration – network interfaces configuration
Bridge –display the status of the bridge configuration
VLAN – define VLAN on your Browan Public Access Control Gateway
Route – define new static route on the Browan Public Access Control Gateway interface
Port forwarding – port-forwarding rules
DHCP Relay – DHCP relay server configuration
User ACL – define packet filter rules
Management subnet – access points (APs) management
Dynroute – display the status of the dynamic route.
DNS – define DNS server settings
DHCP – Dynamic Host Configuration Protocol services configuration
POP3 – define POP3 server settings
Multicast – display the status of the multicast configuration
RADIUS – configuration set for RADIUS servers, includes menu:
User Guide V1.0
Settings – NAS server ID, hotspot operator name and other settings
Servers – accounting, authentication RADIUS servers IP, port and other settings
WISP – add new WISP on the system.
Proxy – configure the Browan Public Access Control Gateway to act as RADIUS server proxy.
Accounting backup – backup authentication logs in the remote or external server
Tunnels – set tunnels.
PPPoE/ GRE – connect to ISP via the PPPoE or GRE tunnel
Link over 3layer – display status of the link over IP layer
GRE Client for VPN – set the GRE (Generic Routing Encapsulation) tunnels for the Browan Public Access Control Gateway.
Backup settings – configure the backup settings.
Heart beat – define the heart beat settings
Backup Mode – display the status of the back mode
ALIAS IP – define the alias IP Set
User Interface
Configuration –Welcome/Login/Logout/Help page customization

Pages – configure and upload user pages
Upload – upload new internal user pages
Headers – define http headers encoding and language
Remote authentication – display status of the remote authentication
Custom Uam – customized user login and logout page based by HTML page.
Administrator – administrator login and password change
User Guide V1.0
Start page – define start page URL

Walled Garden – free web site list
Web Proxy – web proxy settings for clients
System
Configuration – system configuration utilities.

Syslog – specify address where to send system log file
Trace system – trace such controller services as PPPoE
Clock – system clock settings
NTP client – get time from network time protocol service
Certificate– upload new certificates into the local controller memory
Save and restore – save current device configuration for backup
Domain Name – Configure Browan Public Access Control Gateway domain for uniform digital certificate.
Access – configure access to your Browan Public Access Control Gateway.
Access Control – set default access to your AC
Telnet – enable/disable telnet connections
AAA – define different AAA methods
UAT – enable/disable universal address translation
Isolation – restricts clients from communicating along Level 2 separation
PAT and authentication – define the PAT(Port Address Translation) and authentication of all the interface in the Browan Public Access Control
Gateway the
SNMP – define the SNMP service and proxies
User Guide V1.0
MAC List – MAC ACL table.

HTTPC – Configure if client use HTTPS or HTTP for web authentication.
Portaldetect – define the Portal Server Detect configuration
Status – Showing the Browan Public Access Control Gateway system status
Reset – users could reset the configuration to factory defaults values and/or reboot the device.
Update – Check the current software version and update the new firmware
Connection
Users – showing the statistics list of connected users, and administrator could log-out the users
E-Mail Redirection – outgoing mail (SMTP) redirection settings
Station Supervision – monitor station availability with ARP-pings settings
In the following sections, short references for all menu items are presented.
User Guide V1.0
Network Interface
Network Interface | Configuration | Interface Configuration
The Browan Public Access Control Gateway contains seven multi-purpose

network interfaces: br1, interface0, interface1, interface2, interface3,
interface4, interface5 and interface6
These interfaces can be configured to work as either local area network (LAN)
or wide area network (WAN) interfaces for Access Points. The LAN interface
is used to connect hubs, switches, Access Points and subscribers. The WAN
interface connects to the Internet or backbone network of the service provider.
Figure72 Interface Configuration Table
All these interfaces are listed in the interface configuration page. All network
interfaces available in the Browan Public Access Control Gateway are shown
on the right table.
Interface – It is standard interface name. This name cannot be edited

and is assigned by the operating system during startup. Interface name
cannot be changed because the hardware drivers define it.
Figure73 Editing Interface Configuration Settings part.1
User Guide V1.0
Status – select the status of interface: [enabled/disabled].
Do not disable the interface through which you are connected to the BG6020G. Disabling such interface will lose your connection to the device.
Type – The network type can be changed. All the interface can be used
for LAN or WAN.
LAN – This interface is used as local area network gateway, and is

connected to a local area network (LAN).
WAN – This interface is used to access the internet service provider
(ISP) network.
Change status, type or leave in the default state if no editing is necessary

and click the continue button. Figure74 Editing Interface Configuration Settings part.2
User Guide V1.0
IP Address – Users could specify a new interface IP address [e.g.

192.168.5.1].
Figure75 Editing Interface Configuration Settings part.3
IP address of each interface should be from a different subnet; otherwise, you will receive an error message.
Netmask – Specify the subnet mask [[0-255]. [0-255]. [0-255]. [0-255]]. These
numbers are a binary mask of the IP address, which defines IP address order
and the number of IP addresses in the subnet.
Gateway – It is an interface gateway which can only be defined as WAN

interface gateway. The gateway of the WAN interface is usually the gateway
router of the ISP or other WAN network. [Default gateway is marked with ‗*‘].
Figure76 Default gateway marked with *
Update – Update the entered new values.
User Guide V1.0
Cancel – Restore all previous values.
The DHCP server settings will be automatically adjusted to match the new network settings.
Apply changes – To save all changes made in the interface configuration

table at once.
Discard changes – Restore all previous values.
The restart server request message appears after user click apply changes
Figure77 Applying or Discarding Interface Configuration Changes
button.
Restart – Click restart button to restart the server and apply the changes.
Figure78 Restarting Server
User Guide V1.0
Network Interface | Configuration | bridge
A bridge transparently relays traffic between multiple network interfaces. This

means that a bridge connects two or more physical LAN interfaces together
form one bigger (logical) network interface. There are some restrictions for
bridge management that shall be taken into account:
There is a bridge interface (br1) in the Browan Public Access

Control Gateway that cannot be removed.
The WAN interface cannot be included into a bridge.
User cannot create VLAN on bridge interfaces they can only be
added to them.
By default, the bridge interface is disabled.
Figure79 Default Bridge

To set up bridge on the Browan Public Access Control Gateway, click edit
button and enter the settings.
Figure80 Setting parameters
User Guide V1.0
Ageing – Define the Ethernet (MAC) address ageing time, in seconds

[0-65535]. The ageing time is the number of seconds a MAC address will be
kept in the forwarding database after having received a packet from this MAC
address. The entries in the forwarding database are periodically timed out to
ensure they won't stay around forever. [Default value is 0.]
Garbage – Specify the interval garbage collector runs in seconds [0-65535].

Garbage collector periodically checks MAC table for timed out entries and
removes them from the table. Default value is 0.
STP – Define the STP (Spanning Tree Protocol) status [enabled/disabled].

[Default value is disabled.]
Priority – Define the bridge‘s priority [high, medium and low]. [Default value is
low.]
Delay – Specify the bridges‘ forward delay time in seconds [0-65535]. Delay
is the time spent in each of the Listening and Learning states before the
Forwarding state is entered. [Default value is 0.]
User Guide V1.0
Hello Time – Specify the interval between hello packets in seconds

[0-65535]. Hello packets are used to communicate information about the
topology throughout the entire Bridged LAN . [Default value is 0.]
Max. Age – Specify the maximum bridge message age in seconds [0-65535].
If the last received hello packet is more than this value, the bridge in question
will initiate the Root Bridge election procedure. [Default value is 0.]
Click continue button to finish the settings and click new button if user needs
new interfaces added into bridge.
Click new button to add interfaces into bridge and specify the bridge ports
(interfaces).
Port (interface) – Select the interface name to be bound into bridge. Figure81 Bridge setting
Cost – Specify the port‘s path cost in this interface. This value is used in the
designated port and root port selection algorithms. [Default value is low.] Figure82 Adding interface
User Guide V1.0
Priority – Specify the priority of ports with equal cost. You can control which
port gets used when there are redundant paths with this function.
If you want to remove interface from bridge click delete button (e.g. remove
ixp0 from bridge.).
Figure83 Removing interface
Click apply changes button.
The reboot server request message appears after user click apply changes
button. Figure84 Applying and reboot (1)
Reboot – Click reboot button to reboot the server and apply the changes.
Figure85 Applying and reboot (2)

User Guide V1.0
Network Interface | Configuration | VLAN
Virtual Local Area Networks (VLANs) are logical groupings of network

resources. You can create your own VLANs on your Browan Public Access
Control Gateway using the network interface | configuration | VLAN menu.
By default, no VLANS are defined in the system.
To create a VLAN in the Browan Public Access Control Gateway, click the
new button and enter the settings.
Figure85 VLAN
Interface – select interface for your VLAN network [e.g. Interface1]. Cannot
create VLAN on the bridge.
Status – non-editable, by default is disabled.

Figure86 Creating New VLAN (1)
ID – assign ID for your VLAN network [1 to 4094]. Client devices that

associate using the ID are grouped into this VLAN.

User Guide V1.0
Other VLAN settings cannot be changed. Click on the disabled link to

continue specifying settings for your VLAN. The network interface
configuration page is opened and VLAN settings are ready for editing:
Status – enable/disable your VLAN network. Select [enable] and click the
continue button to configure the VLAN settings:
Figure87 Configuring VLAN (2)

Type – cannot be edited, depends on selected interface for VLAN.
IP Address – enter the network address of your VLAN [format: digits and
dots].
Netmask – enter the netmask for your VLAN network.
Gateway – select gateway for VLAN network.

User Guide V1.0
Click the update and restart and apply changes to save your new VLAN.
Figure90 Enable New VLAN
Check the interface | configuration | VLAN menu for new created VLAN.

User Guide V1.0
Network Interface | Configuration | Route
Under the network interface | configuration | route menu, static routes for
the Ethernet interfaces can be set. By default, no static routes are defined on
the system:
Figure91 Route
A routing rule is defined by the target subnet (target IP address and subnet
mask), interface and/or gateway where to route the target traffic. A data
packet that is directed to the target network is routed to the specified Public
Access Control Gateway interface or to another gateway router. To add a new
static route for the system, click the new button under the action column and
Figure92 Adding New Route
specify the following parameters:
Status – set new static route status: [enabled/disabled].
Interface – choose device interface for the route.
Gateway – enter the gateway address for the route. 0.0.0.0 stands for the
default gateway of the selected interface [IP address].

User Guide V1.0
Target IP Address – enter network address or host IP to be routed to [IP

address].
Netmask – enter the target network netmask.
Save – save the new route.
Cancel – restore all previous values.
Figure93 Saving New Route
Up to 255 static routes can be set between each interface.

User Guide V1.0
Network Interface | Configuration | Port Forwarding
Port Forwarding is required when NAT is configured. NAT translates all

internal addresses to one official IP address (WAN IP address). With port
forwarding enabled, it is possible to access internal services and workstations
from the WAN interface.
Port Forwarding forwards TCP or UDP traffic trough the local port of the
Browan Public Access Control Gateway to the specified remote port. Use the
Figure94 Port Forwarding Rules
network interface | configuration | port forwarding menu to specify such a
port forwarding rule. By default no port forwards are defined on the controller:
Click the new button to add a port-forwarding rule:
Status – select status: [enabled/disabled].

Figure95 Adding Port Forwarding Rule
Type – select type of forwarding traffic: [TCP/UDP].
Local IP Address – the Browan Public Access Control Gateway device

interface address from which the selected traffic should be forwarded.

User Guide V1.0
Local Port – the Browan Public Access Control Gateway device interface
port from which the selected traffic should be forwarded.
Remote IP Address/Port – internal IP address and port no (LAN ports) to

which the selected traffic shall be forwarded.
Update – Click Update button to save the changes.
Example:
Create rule as followed:
Type = TCP, local IP address/port = 192.168.2.248:8080 remote IP

address/port = 1.2.3.4:8080.
With such a rule all traffic coming to port 8080 on the Browan Public Access
Control Gateway interface local address 192.168.2.248 will be forwarded to
port 8080 on the server (host) 1.2.3.4.
Port forwarding is limited to 255 rules.

User Guide V1.0
Network Interface | Configuration | DHCP Relay
If the Browan Public Access Control Gateway use DHCP relay on its LAN
interface, administrator can designate the DHCP relay server.
Figure96 DHCP Relay Server

The default value is 255.255.255.255, it means the Browan Public Access
Control Gateway will broadcast client‘s DHCP request to its WAN interface.
Administrator can designate an only server‘s IP address.
Network Interface | Configuration | User ACL
User ACL provides high flexibility for administrator to define the rules for the
Browan Public Access Control Gateway to filter the packets which will
forward or masquerade by it.
Figure97 User ACL

User Guide V1.0
To add a new rule, just click the new button
First step - select the rule policy (drop/accept/masquerade) to deal with

packet and the packet type (all/TCP/UDP/ICMP).
Figure98 Creating a new rule (first step)
Second step - select the type of source IP and destination IP (special IP/any
IP).
Figure99 Creating a new rule (second step)
Third step - choose the type of source port and destination port (any
port/special port).
Figure100 Creating a new rule (third step)

User Guide V1.0
Fourth step - fill out the source IP address and destination IP address
(including IP address and net mask, if you choose any IP in second step,
you do not need to fill out the IP address); fill out the source port and
Figure101 Creating a new rule (fourth step)
destination port (if you select any port in third step or select protocol
ICMP/all, you need not fill out the port).
After complete the rule configuration, click the apply changes button to
save your configuration.
Figure102 Creating a new rule (fifth step)
You can also re-order your rules if you have many rules configured and
arrange the priority of them. The rule with index 1 has the highest priority;
with index 2 has the second high priority and so on.
Figure103 Re-ordering rules
Click the sort button of one rule to re-order its priority and then select the
index number; click save button to save your changes.

User Guide V1.0
Network Interface | Configuration | Management Subnet
Each network interface can have a management subnet. Use the network
interface | configuration | management subnet menu to configure this
feature on selected interface.
The administrator can enable or disable management subnet for each

interface. By default, no management subnet is enabled on the Browan
Public Access Control Gateway.
To specify new subnet management click the edit button on the selected
Figure104 Management Subnet
interface.
IP Address – Specify the IP address and netmask of the management

subnet. Selecting an interface and set the IP address same as the IP
address of interface configuration.
Netmask – Specify the networks available hosts (255.255.255.0).
Figure105-1 Adding Management Subnet

User Guide V1.0
Figure105-2 Adding Management Subnet same as interface configuration
Remote Network and Remote Netmask – Specify the remote network

that is allowed to access the local management subnet. Enter the source
IP address. And specify the networks available hosts for it.
It allows ―Any‖ source IP if user entered the remote network IP as 0.0.0.0

User Guide V1.0
Network Interface | Configuration | Dynroute
Dynroute (dynamic route) service allows the Browan Public Access Control
Gateway to support the protocol of RIP.
Figure106 Dynroute Settings Configuration
You can click the edit button to change the Dynroute status, the default
status is disabled.
Dynroute status – select the status of interface: [enabled/disabled].
Figure107 Dynroute Settings

User Guide V1.0
Network Interface | DNS
DNS (Domain Name Service) service allows the Browan Public Access
Control Gateway subscribers to enter URLs instead of IP addresses into their
browser to reach the desired web site.
Figure108 DNS Settings Configuration

You can enter the primary and secondary DNS server settings under the
network interface | DNS menu.
The DNS server or DNS address can be obtained dynamically if DHCP,

Figure109 Editing DNS Redirection Settings(1)
PPPoE (for DSL) service is enabled. To add DNS server manually, click the
edit button in the action column and type in the DNS server‘s IP address.
IP address – Enter the primary or secondary DNS server‘s IP address.
Figure110 Editing DNS Redirection Settings(2)
Save – Click to save the new DNS server‘s settings.

User Guide V1.0
Network Interface | DHCP
The Browan Public Access Control Gateway can act as a DHCP server
and/or as a DHCP relay gateway. The DHCP (Dynamic Host Configuration
Protocol) service is supported on the LAN interfaces. This service enables
clients on the LAN to request configuration information, such as an IP
address, from a server.
Figure111 DHCP Configuration
By default, the Browan Public Access Control Gateway is configured to act as a DHCP server.
Each LAN interface runs a different instance of the DHCP service. This
service is configured by defining an IP address range and WINS address for
client workstations. Other settings, such as the default gateway and DNS
server address are configured automatically according to the interface
settings.

User Guide V1.0
To see the complete DHCP service configuration, click the details button in
the action column.
To edit the DHCP service configuration (DHCP server/DHCP relay), click the
edit button in the action column.
Figure112 DHCP Settings Details

Status – select status from drop-down menu.
Disabled – disable the DHCP service on the selected interface
DHCP Server – enabled by default
DHCP Relay – to route DHCP through the external server, enable relay
service

User Guide V1.0
Case 1 Configure the DHCP server
Select the interface on which you want to configure the DHCP service. Select
the DHCP server and click the update button to specify the DHCP server
parameters.
Figure113 Edit DHCP Configuration Settings

IP Address from/IP Address to – Specify the IP address range supported
for the DHCP service (mandatory fields).
WINS Address (Windows Internet Naming Service) – Specify service IP

address if it is available on the network.
Lease Time – Specify the IP address renewal in seconds [1-1000000].
Domain – Specify DHCP domain name [optional, 1-128 sting].
DNS address – Specify the DNS server‘s IP address.

Figure114 Editing DHCP Server Settings
DNS secondary address – Specify the secondary DNS server‘s IP address.

User Guide V1.0
Case 2 Configure the DHCP relay
Select the interface on which you want to configure the DHCP service. Select
the DHCP relay and click the update button to specify the DHCP relay
parameters:
Figure115 Edit DHCP Configuration Settings

Circuit ID – the unique DHCP relay parameter [optional, by default the MAC
address of the device WAN interface is used].
If you want to designate the DHCP relay server, please refer to network
configuration | DHCP relay.
Figure116 Editing DHCP Relay Settings
If DHCP relay service is selected, the default WAN gateway is used automatically.

User Guide V1.0
Apply Changes – To save entered new DHCP settings.
Discard Changes – To restore previous values.
Figure117 Applying or Discarding DHCP Server Settings

User Guide V1.0
Network Interface | POP3
It is convenient to use POP3 authentication if there has no RADIUS server.

The Browan Public Access Control Gateway will use POP3 interface to
authenticate clients instead of RADIUS protocol.
Figure118 POP3 Server configuration

Just fill in the POP3 server IP address or URL name such like
mail.browan.com.
Click save button to save the changes.

Figure119 Edit POP3 Server configuration
Figure120 POP3 Server configuration saved

User Guide V1.0
Network Interface | Multicast
When the multicast of the Browan Public Access Control Gateway is

enabled, the server can send the packages to all the clients in one group at
the same time. By default, the multicast status is disabled.
Figure121 Multicast Configuration
You can click the edit button to change the multicast status.
Multicast status – select the status of interface: [enabled/disabled].

Figure122 Edit Multicast Settings

User Guide V1.0
Network Interface | RADIUS
RADIUS is an authentication solution and its accounting system is used by

many Internet Service Providers (ISPs). RADIUS enables ISPs to maintain a
very large database of users. By using RADIUS, service providers can
implement policy-based management of their subscribers‘ base. RADIUS
also helps ISPs to collect statistical data about their subscribers (e.g. amount
of time, amount of transferred bytes, and session time).
Use the RADIUS (Remote Authentication Dial In User Service) menu to

set-up the following RADIUS settings:
RADIUS Settings – General RADIUS settings configuration (e.g.

NAS server ID, servers timeouts)
RADIUS Servers – Up to 32 different RADIUS servers‘ configuration

(accounting and authentication servers)
Figure123 RADIUS Settings

WISP (Wireless Internet Service Provider) – Specify WISP domain
for RADIUS server

User Guide V1.0
Proxy – configure the Browan Public Access Control Gateway to act

as RADIUS proxy server.
Accounting Backup – backup the RADIUS subscribers accounting

information.
In the Appendix tables: E) Standard RADIUS Attributes and Vendor Specific Attributes Hotspot operators will find the required standard
RADIUS attributes for setting up the RADIUS system.

User Guide V1.0
Network Interface | RADIUS | RADIUS Settings
General RADIUS settings are configured using the RADIUS settings menu
under the network interface.
RADIUS Retries – Retry counting of the sent RADIUS packets before giving
up.
RADIUS Timeout – The maximum amount time before retrying RADIUS

packets [sec].
NAS Server ID – Name of the RADIUS client.
User Session Timeout - Amount of time from the user side (no network
carrier) before closing the connection [sec].
User Accounting Update - Period after which server should update

Figure124 RADIUS Settings Configuration
accounting information [sec].

User Guide V1.0
User Accounting Update Retry – Retry time period in which server should
try to update accounting information before giving up [sec].
User Idle Timeout - Amount of user inactivity time, before automatically

disconnecting user from the network [sec].
Location ISO Country code – Location ID attribute, country code according

ISO standards [string].
Location E.164 Country code – Location ID attribute, country code

according E.164 specification.
Location E.164 Area code – Location ID attribute, area code according

E.164 specification.
Location Network – Location ID attribute, network name [string].

User Guide V1.0
Hotspot Operator Name – Location name attribute, operator‘s name [string].
Location – Location name attribute, textual description of the location [string]
Bandwidth Up – Maximum bandwidth up at which corresponding user

allowed to transmit [bps].
Bandwidth Down – Maximum bandwidth down at which corresponding user

allowed to receive [bps].
Portal server IP address – The IP Address of your portal server.
AC Name – The name of the Browan Public Access Control Gateway
See the Location ID and ISO Country codes for your country in the Appendix: F) Location ID and ISO Country Codes.
User can check for the available bandwidth in the logout page statistics.

User Guide V1.0
Each setting on this table can be edited.
Select RADIUS setting you need to update, click the edit next to the
selected setting and change the value.
Click update button to update as the entered value. Now select

another RADIUS setting to edit, or apply changes and restart the
server if the server configuration is finished:
Figure125 Editing RADIUS Settings

User Guide V1.0
Apply Changes – Click if RADIUS settings configuration is finished.
Discard Changes – Restore all previous values.
Figure126 Applying or Discarding RADIUS Settings

User Guide V1.0
Network Interface | RADIUS | RADIUS Servers
Up to 32 different RADIUS servers can be configured under the RADIUS servers menu.
By default, one RADIUS server is specified for the system.
New – Add new RADIUS server.
Details – Click on details to get more information about RADIUS server

Figure127 RADIUS Servers Settings
settings.
Edit – Edit selected RADIUS server settings.
Delete – Remove selected RADIUS server.

User Guide V1.0
To view complete RADIUS server settings, click the details button in the
action column.
Figure128 RADIUS Server's Details

User Guide V1.0
To edit RADIUS server click the edit button.
Name – Specify the new RADIUS server name.
Default – Check the check box to make the selected RADIUS the default
server.
Authentication IP – Authentication RADIUS server IP address.
Authentication Port – Specify the network port used to communicate with

RADIUS [1-65535].
Authentication Secret – Shared secret string that is used to encrypt data

frames used for authentication server.
Figure129 Adding New RADIUS Server

User Guide V1.0
The port default value of 1812 is based on RFC 2138 Remote Authentication Dial-in User Service (RADIUS).
Accounting IP – Accounting RADIUS server IP address.
Accounting Port – Specify the network port used to communicate with RADIUS [1-65535].
Accounting Secret – Shared secret string that is used to encrypt data frames used for
accounting server.
Backup On – Enabling Backup function.
Backup IP – Backup RADIUS server IP address.
Backup Port – Specify the network port used to communicate with RADIUS [1-65535].
Backup Secret – Shared secret string that is used to encrypt data frames used for backup
server.

User Guide V1.0
Shared secret must be the same on RADIUS server and RADIUS client.
Reverse Accounting – [enabled/disabled].
The RADIUS accounting request contains Acc-Input-Octets and

Acc-Output-Octets attributes. The interpretation of these attributes
according the RFC2866 is relative to the point of view. If this point is at the
AC - Acct-Input attributes should contain the bytes/packets received at AC
port from the client and Acct-Output attributes should contain bytes/packets
sent from AC port to the client. If we move this point to the client - we will get
the reversing of Acct-Input and Acct-Output attributes values. The Acct-Input
then should contain bytes/packets received from AC, what is bytes/packets
that AC sent to the user in AC point of view and what was Acct-Output.
Shared secret must be the same on RADIUS server and RADIUS client.
The AC implementation of RADIUS accounting request is at the client point of view (reverse accounting is disabled).

User Guide V1.0
The value disabled means that Acct-Input RADIUS attributes will contain
bytes/packets sent to the client and Acct-Output RADIUS attributes will
contain bytes/packets received from the client while the service is provided.
The value enabled means that info in the Acct-Input and Acct-Output
RADIUS attributes will be swapped (reversed). That is the Acct-Input will
contain bytes/packets received from the client and the Acct-Output will
contain bytes/packets sent to the client.
Strip WISP – [enabled/disabled] Select enabled if you want to strip WISP

domain name before sending it to the RADIUS server. Stripping means
removing everything before the ― / ‖ character including character itself for
such user name login format like: WISP domain/username.
Select disabled if you need to send the user login name to RADIUS server
unmodified. Some RADIUS servers can be configured in such way that
requires full-unmodified user name to be sent.
UAM authentication method – Select authentication method from

drop-down menu:
PAP – Password Authentication Protocol

CHAP – Challenge Handshake Authentication Protocol

User Guide V1.0
MSCHAP1 – Microsoft Challenge Handshake Authentication

Protocol version 1
MSCHAP2 – Microsoft Challenge Handshake Authentication
Protocol version 2
Update – add new specified RADIUS server.
After adding a new RADIUS server or editing an existing one:
Apply Changes – save the changed configuration.
Discard Changes – discard all changes.
Figure130 Applying New RADIUS Server
Restart – after applying changes to the system, you should restart the
Browan Public Access Control Gateway to make applied changes work.
Figure131 Save and Restart New RADIUS Server

User Guide V1.0
Network Interface | RADIUS | WISP
Up to 32 WISP entries can be defined using the network interface | RADIUS | WISP menu.
Different WISPs (Wireless Internet Service Providers) can be associated with

appropriate RADIUS servers and device interfaces using the network
interface | RADIUS | WISP menu
Domain policy means the Browan Public Access Control Gateway use which Figure132 WISP Menu
policy to fetch WISP name from user name then to judge user belong which
domain.
Hotspot owner can use three policies to judge the WISP name from user
name:
1. username follow the format: username@WISPdomain Figure133 Domain Policy
2. username follow the format: WISPdomain/username
3. Using prefix of username as wisp name, the range of prefix length is

from 2 to 6.

User Guide V1.0
Click new to define WISP for RADIUS server.
Name – new WISP domain name [string, up to 256 symbols, no space, dot or
dash allowed]. Figure134 Defining New WISP
RADIUS Name – select RADIUS for new WISP from list box [non editable].
Bound To – select the WISP binder interface. The WISP can be associated
with appropriate device interface.
Upbandwidth – Defining the bandwidth of up string.
Downbandwidth –Defining the bandwidth of down string.
Update – system with new WISP.

User Guide V1.0
Network Interface | RADIUS | Proxy
The Browan Public Access Control Gateway can forward the RADIUS
authentication and accounting requests from Access Point (AP) to the real
RADIUS server. To configure the RADIUS proxy, follow the steps:
Step 1 Connect the Access Point to any LAN interface available on the
Browan Public Access Control Gateway. The AP should be in the
bridge mode.
Step 2 Using the network interface | RADIUS | proxy menu configure

the RADIUS proxy parameters: RADIUS authentication port
(UDP), RADIUS accounting port (UDP) - different from
authentication port and Accounting detection timeout:
RADIUS Proxy Status – Select [enabled] to enable the RADIUS proxy

feature [enabled/disabled].
Figure135 RADIUS Proxy Settings

User Guide V1.0
Authentication Port – Specify the port on AC for listening to the RADIUS

authentication packets. The AC RADIUS proxy authentication port will accept
only RADIUS authentication packets [1-65535, default: 1812].
Accounting Port – Specify the port on AC for listening to the RADIUS

accounting packets. The AC RADIUS proxy accounting port will accept only
RADIUS accounting packets [1-65535, default: 1813].
Detection Timeout – Specify the RADIUS proxy accounting detection

timeout in seconds. The AC will wait the specified period for accounting
packet after the authentication request was got [0-3600].
The authentication RADIUS proxy port should differ from the accounting port.

User Guide V1.0
Step 3 Configure the AP to send the RADIUS authentication and

accounting packets to the AC LAN IP address and UDP ports
which are configured on AC RADIUS proxy configuration.
Step 4 The RADIUS secrets on AC should be set to value, which is good

at the real RADIUS server for which the following packet will be
forwarded.
Such preconfigured AC will act as RADIUS proxy and will forward the
RADIUS authentication and accounting packets from AP according WISP
and RADIUS server settings in the AC configuration without any
modification.

User Guide V1.0
Network Interface | RADIUS | Accounting Backup
The administrator can backup the hotspot subscribers‘ RADIUS accounting

information in two ways:
Via syslog protocol to the specified host

Download to the selected location (e.g. on your PC)
Backup via syslog – enable this type to send the RADIUS accounting
information via syslog protocol to the specified host [enable/disable] and note
that the Host IP specification is obligatory.
Figure136 Accounting Backup

Host – enter host IP address where to send accounting backup messages.
Backup to local file – enable this option, and the download button appears.
Download – click the button to download the accounting information file to

your selected location.
Figure137 Accounting Backup enabled

User Guide V1.0
Network Interface | Tunnels
This chapter describes the configuration of VPN tunnels. VPN tunnels can be
used to secure management and AAA traffic between the hotspot network
and the network operation center of the operator.
Figure138 Tunnels settings
The Browan Public Access Control Gateway support GRE tunnels.

Furthermore PPP (Point-to-Point Protocol) can be use to authenticate the
Access Control Gateway to an authentication server and to assign IP settings
to the WAN port of the Access Control Gateway.
Service – Select the tunnel type. Figure139 Edit Tunnels settings
Update – Save the changes.
Cancel – Cancel the changes.

User Guide V1.0
Network Interface | Tunnels | PPPoE/GRE
Use the network interface | tunnels | PPPoE/ GRE menu to connect to ISP
via PPPoE or GRE tunnel. All traffic will be sent via this tunnel.
Default gateway specified in network interface | configuration page will not

be used, because all Internet traffic will be sent/received via the specified
PPPoE or GRE server (tunnel).
By default, no services are available on the Browan Public Access Control

Gateway.
Figure140 PPPoE /GRE for DSL

To specify PPPoE tunnel for your Browan Public Access Control
Gateway. Click the edit button and enter the settings.
Service – Select service PPPoE.

Figure141 Specifying PPPoE Tunnel
Username – Enter username to connect to the server.
The same username should be configured on the PPPoE server.

User Guide V1.0
Password – Enter password by which user should be authenticated

[text string, cannot be empty].
Encryption – enables use of MPPE encryption.
When PPPoE tunnel is used, then no server IP is required - broadcast

address will be used.
To specify GRE tunnel for your controller click the edit button.
Service – select service GRE.

Figure142 Specifying GRE Tunnel
Remote IP – IP address of GRE tunnel endpoint [IP address].

User Guide V1.0
Interface IP – enter the IP address of GRE interface [IP address].
Interface Netmask – enter the netmask of GRE interface [netmask].

User Guide V1.0
Network Interface | Tunnels | Link over 3Layer
Link over 3layer is working with the AP. When the AP and AC set
tunnel, the client can work through layer3 network.
Link over IP layer – select the status of link over IP layer:

[enabled/disabled] Choose ‗enabled‘ to open the function and take effect
with the AP, and choose ‗disabled‘ to close the functionality.
Edit – You can click the edit button to change the status of link over 3layer
[the default status is disabled].
Figure143 Link over 3Layer configuration
Figure144 Link over IP layer Settings

User Guide V1.0
Network Interface | Tunnels | GRE Client for VPN
GRE (Generic Routing Encapsulation) tunnel is one of the solutions for

tunneling private network over the TCP/IP connection (e.g. PPTP, L2TP,
PPPoE). GRE tunnel does not use encryption. It only encapsulates data and
sends it over the Internet. So the administrator should take care of that no
unencrypted private information is going through the GRE tunnel. By default,
there are no GRE tunnels in the Browan Public Access Control Gateway.
To specify new GRE tunnel for your Browan Public Access Control Gateway,
click the edit button.
Figure145 GRE Tunnel

User Guide V1.0
Network Interface | Backup settings | Heart beat
Backup setting is setting the current Public Access Control Gateway that
is main or backup device:
The Browan Public Access Control Gateway can work for main device or with
backup device. On the main mode, it is the principal part of network
equipment, Then we set the AC as backup mode, when the main AC is down
or the other problem, the backup AC will work and ensure the network can
work well, the customer will continue using the network.
Backup AC address – IP address of backup AC, When this AC is main

mode.
Figure146 Heart beat configuration
Save – Save the changes.
Figure147 Backup AC address setting

User Guide V1.0
Network Interface | Backup settings | BackUp Mode
On this menu, the backup mode can be enabled or disabled.
Backup Mode – chose the work mode of device, when disabled is chosen,
the AC works as the main device, and when enabled, the AC becomes the
backup device.
Edit – change the backup mode:[enabled/disabled]
Save – Save the changes. Figure148 Backup mode configuration
Figure149 Backup mode setting

User Guide V1.0
User Interface
Use the user interface menu to configure device settings affecting the user
interface.
Figure150 User Interface Menu
User Interface | Configuration | Pages
The welcome/login/logout/help pages can be easily changed to user

defined pages by choosing the configuration menu. The pages
configuration menu is displayed by default.
Figure151 Available User Pages for Configuration

User Guide V1.0
Login/Logout/Help/Unauthorized pages settings detailed description is

given in the Chapter 4. Only Welcome page settings reference is
provided here.
Welcome – The first page the user gets when he/she opens the browser
and enters the URL.
Internal – choose this option when using the internal user

pages templates.
External – choose this option when uploading your own user
pages templates.
Redirect – choose this option when using the Extended UAM
function
Figure152 Redirecting User Pages
Status – choose enable/disable welcome page status. Note that redirect

option with status ‗disabled‘ would work.
Location – enter location for external templates or redirect (e.g. WAS IP

address).
If the welcome page with redirect option selected, it will redirects the
user authentication process to the specified location. The welcome, login
and logout pages can be implemented as simple HTML (it‘s not required
to use the .XSL or default user pages templates).

User Guide V1.0
The redirect location URL should be specified as Walled Garden URL, otherwise the redirect would NOT WORK.
Caching option can be used for caching the external uploaded user pages
[available choice: enabled/disabled]
Clear – click Clear button to clear cached user pages.

Figure153 Caching Option
User Interface | Configuration | Upload
Delete – click Delete button to delete the earlier uploaded files from
Hotspot-in-a-Box memory.
Upload – click Upload button to select and upload new user pages.
Figure154 Upload

User Guide V1.0
User Interface | Configuration | Headers
System administrator can set HTML headers encoding and language

settings for the Browan Public Access Control Gateway web management
interface and new uploaded user pages. Select user interface |
configuration | headers menu:
Figure155 HTTP Headers Settings
The Browan Public Access Control Gateway device supports some http
META tags. Syntax of such META tags:
<META HTTP-EQUIV="name" CONTENT="content">
Currently the Browan Public Access Control Gateway supports

Content-Type and Content-Language tags:
Content-Type is used to define document char set (used,

when text has non-Latin letters, like language letters).
Content-Language may be used to declare the natural
language of the document.

User Guide V1.0
The Browan Public Access Control Gateway automatically adds defined

content-type and content-language to generated XML. Then user pages
(.XSL) templates will use these parameters to generate the output HTML.
Click the change button to define new headers of the web management
interface on user pages templates. The default HTML encoding is
ISO-8859-1, language = English.
The system administrator can set the header encoding and language settings
Figure156 Set HTTP Headers
confidentially.

User Guide V1.0
User Interface | Configuration | Remote Authentication
The Remote Authentication feature under the user interface |

configuration menu allows an external Web Application Server (WAS) to
intercept/take part in the user authentication process; administrator can log
on and log off users externally. It provides a means to query user session
information as well. By default, the remote authentication is disabled.
Click the edit button to specify remote authentication parameters.
Figure157 Remote Authentication

Remote Authentication – select status: [enabled/disabled].
Shared Secret – enter password for WAS [string (4-32), no spaces allowed].
Figure158 Enabling Remote Authentication

User Guide V1.0
User Interface | Configuration | Custom Uam
Users could upload their own login and logout pages to the Browan
Public Access Control Gateway (apply with hotspot, enterprise style
or advertisements) with Customized UAM feature.
The user customized page is based on HTML. User could use

Microsoft FrontPage to edit their login and logout pages, and then
upload their pages to the Browan Public Access Control Gateway.
These features aim for the facility of people who has no knowledge
on XSL and replace the menu: user interface | Configuration |
[pages, upload].
The Browan Public Access Control Gateway supports internal and

external customized UAM. Internal means user can upload their
html login and logout pages to the Browan Public Access Control
Gateway. External means when user login to the Browan Public
Access Control Gateway, it will go to an external web server to fetch
login and logout page the local and push to web login client.

User Guide V1.0
By default, customized UAM is disabled and the user web login

page will be the default login page (as described in chapter 4).
Enable the configuration if you want to use customized UAM

feature.
Figure159 Customized UAM Page enabled
After enabling customized UAM configuration:
The first step is to customize UAM page status:
Customized Page – Enable or disable customized UAM

Pop Logout Page – If this feature is enabled, a logout
page will pop up when the user login successfully. By
default, this setting is enabled if the customized page is
enabled.
Logout page’s dimension – Defining the size of the
logout window.
Use External Page – The Browan Public Access Control
Gateway will fetch login and logout page from an external
Figure160 Customize UAM enabled
web server, if this feature is enabled.

User Guide V1.0
The second step is to update html files. The Update Custom UAM
Files feature is for user to delete or upload the login and logout
pages.
Login File is for customized login page; Logout File is for

customized logout page (both files must be in the html format).
Additional files 01~10 are for uploading image and CSS files
(Current support file formats are JPG, GIF, PNG and CSS).
Click upload button on the second column, and the uploaded files
pages appeared.
Figure161 Uploading pages
The names of image and CSS files must be consistent with your login or logout html pages. The login and logout html file can be anything you
want.

User Guide V1.0
Don‘t forget to adjust the Logout page’s dimension; otherwise logon user maybe can only see the part of your logout page.
The third step is the uploaded file list, where users could find the uploaded
files.
Figure162 Successful flash upload

User Guide V1.0
An example for customized login and logout page:
Figure163 Example login and logout page(1)
Figure164 Example login and logout page(2)

User Guide V1.0
For the external pages, enable the use external page feature,
Entering the external login page URL and external logout page URL. The
Browan Public Access Control Gateway would auto-update the external page
every 7200 seconds (default) or you can change the interval update time.
External page example will be found in the links under the last line.
Figure165 External page configuration
In External page mode, the Browan Public Access Control Gateway will only fetch the login and logout html page to local, the image or the CSS
files on the customized login/logout page will not be fetched. So the link to the image and CSS files on user customized html file need to be an
absolute address pointing to the external web server.
When using external page, the external web server address needs to be added to the walled garden which is described in User Interface |
Walled Garden for login user free to access.
The Browan Public Access Control Gateway would use the default login or logout page, if user did not upload the customized pages or the
Browan Public Access Control Gateway did not get the external page from the external login/logout page URL.

User Guide V1.0
User Interface | Administrator
The Super administrator has the telnet rights on the Browan Public Access
Control Gateway and he/she can access the all Web menus.
The administrator menu is for changing the settings of the super

administrator : [username and password] Figure166 Administrators Settings
The default super administrator logon settings are:
Username: admin Password: admin01
To edit or change the super administrator settings, simply click the first
edit button:
Username – the administrator username for access to the Browan

Public Access Control Gateway [1-32 symbols, spaces are not allowed].
Idle Timeout – the amount of administrator inactivity time, before

automatically disconnecting administrator from the web interface [range:
300-3600 seconds]. The default idle time: 10minutes (600 seconds).
Figure167 Changing the super Administrator Settings

User Guide V1.0
Permission – the permission rights of this account, it is unchangeable.
Old Password – The old password value used for user authentication in
the system.
New Password –The new password value used for user authentication
in the system [4-32 symbols, spaces not allowed].
Confirm Password – re-enter the new password to verify its accuracy.
Save – click save button to save the new administrator settings.
Cancel – click cancel button to quit the new administrator settings.

User Guide V1.0
User Interface | Start Page
The start page is the default web page where users will be redirected to
after log-on. This value will be overwritten by the WISP RADIUS attribute, if
provided in the authentication response message. Using the user interface |
start page menu to view or change the start page URL:
Figure168 Start Page
The administrator can change the start page by clicking the edit button. The
value entry field will change into an editable field.
Value – enter the new redirection URL of start page in valid format [e.g.
Figure169 Edit Start Page
http://www.startpageurl.com].
Save – click save button to save the new settings.
Cancel – click cancel to restores all previous values.

User Guide V1.0
User Interface | Walled Garden
The walled garden is an environment that controls the user's access

to Web content and services. Using the user interface | walled
garden menu to view or change the free URLs or hosts.
New URL – click the new URL button, and then enter the new URL
and its description.
New Host –specify hosts in walled garden menu, if you would like to
define hosts (web servers). Click the new host button to enter a new
Figure170 Default Walled Garden
host data and click the update button.
Adding a new URL:

URL for User – define a full URL address
[www.gemtek-systems.com].
String to Display – The site description will be displayed

Figure171 Adding New URL(1)
as a link on the welcome and login page.

User Guide V1.0
Update – Save the entered information by clicking the

update button.
After update successfully:

Edit – edit the selected URL.
Figure172 Adding New URL(2)

Delete – delete the selected URL.
Adding a new host:

Type – select the data traffic protocol for host server
[TCP/UDP].
Figure173 Adding New host(1)

User Guide V1.0
Host – Web server address [IP address or host name].
Netmask – enter the network mask to specify the network

of host server.
Port – network port, which is used to reach the host

[1-65535].
Update – Save the entered information by clicking the

update button.
After update successfully:

Edit – edit the selected host.

User Guide V1.0
Figure174 Adding New host(2)
Delete – delete the selected host.
For standard protocols use the default ports:

Protocol Port
HTTP 80
HTTPS 443
FTP 21
Figure175 Protocols and Ports
Example of Wall Garden:
Figure176 Walled Garden link in the Welcome Page

User Guide V1.0
User Interface | Web Proxy
The enabled web proxy allows any connections of clients with configured
proxy settings on their browsers. The Browan Public Access Control
Gateway accepts any client proxy configurations and grants the access to the
Internet. The system administrator should list only ports the Browan Public
Access Control Gateway is listening on for proxy requests.
Figure177 Web Proxy
Edit – to enable or disable the web proxy feature by click edit button.
Delete – delete the selected host.
After click edit button:
Save – click save button to save new proxy port number.

Figure178 Edit Web Proxy

User Guide V1.0
After any changes made:
Figure179 Applying Web Proxy
Web proxy is enabled by default and the port numbers are: 3128 and 8080.
To add more port numbers for web proxy, click the new button:
Port – entering port number for web proxy [1-65535].
Save – click save button to save new proxy port number.

Figure180 Adding Web Proxy Port

User Guide V1.0
After any changes made:
Figure181 Applying added Web Proxy Port

User Guide V1.0
System
In the system menu, administrator could configure the system settings, control
the access settings, check the status of the Browan Public Access Control
Gateway, reset/reboot the device and update the firmware.
Figure182 System Menu

User Guide V1.0
System | Configuration
Using the system menu to configure following utilities:
Syslog – for sending system and debug messages via the syslog protocol.
Trace system – tracing the Browan Public Access Control Gateway services.
Clock – manual setting of internal device clock.
NTP client – synchronization of time client to NTP Server.
NTP server – this feature can be used to query other NTP servers to set the
clock on your Browan Public Access Control Gateway.
Certificates – upload your own SSL certificate and private the key files for
server.
Save and Restore – download current device configuration for backup or

restore device configuration from backup file.
Domain Name – the current domain name

User Guide V1.0
System | Configuration | Syslog
Administrator can trace the system processes of your Browan Public Access
Control Gateway and get the system log messages remotely by using the
system | configuration | syslog menu (By default, the syslog utility is
disabled).
Figure183 Default syslog settings
Edit – to enable or edit the syslog remote sending function, click the edit
button.
Remote Log Status – to disable or enable the remote log Figure184 Syslog Settings
[enabled/disabled].
Host – specify the host IP address where to send the syslog messages
[host IP address]. Figure185 Configuring Syslog Messages
Be sure the remote host is configured properly to receive the syslog protocol messages.

User Guide V1.0
Level – Select the level of messages you need to trace. The level
determines the importance of the message.
Debug – Select this level when all levels of messages should be

traced. Traced message levels : debug/info/warning/error/fatal
Informational – This level is selected when all levels of messages

Figure186 Level of Syslog Messages
except debug. Traced message levels : info/warning/error/fatal
Warning – Traced message levels : warning/error/fatal
Error – Traced message levels : error/fatal
Fatal – This item is selected when only fatal message level should
be traced,
Save – save the changes. The syslog messages will be started to send
to the specified host, after user enable and save the settings.
Cancel – restore the previous values.

User Guide V1.0
System | Configuration | Trace System
Trace system works with started services such as DHCP, PPPoE, telnet and
SNMP. The number of system messages is according to the selected history
size. The trace system can help operators to locate mis-configurations and
system errors.
By default, the latest messages are displayed at the top of the message list.
History Size – select the message history size to display

[102400-512000 bytes].
Figure187 Trace System

Level – Select the level of messages you need to trace. The level
determines the importance of the message.
Debug – Select this level when all levels of messages should be

traced. Traced message levels : debug/info/warning/error/fatal
Informational – This level is selected when all levels of messages

except debug. Traced message levels : info/warning/error/fatal
Warning – Traced message levels : warning/error/fatal

User Guide V1.0
Error – Traced message levels : error/fatal
Fatal – This item is selected when only fatal message level should
be traced,
Change – click the change button to apply new history size or selected
message level. Trace system will start to sort by selected level at once
you click the change button.
Clear – delete all displayed messages by clicking clear button.
Refresh – click refresh button to restore the trace system messages.

User Guide V1.0
System | Configuration | Clock
To set the internal clock in the system | configuration | clock menu.
Change – click the change button to adjust the clock settings.

Figure188 Clock Utility
Date – specify new date value [year/month/day].
Time – specify time [hours: minutes].
Time Zone – select the time zone [-12.00 – 14.00]. If the NTP service is enabled,
the selected time zone will be applied to the clock settings also.
Save – save the changes. The syslog messages will be started to send to the
specified host, after user enable and save the settings. Figure189 Clock Settings
If the NTP server (see the next section for reference) is enabled on the system, no
manual clock setting is available except time zone.
Only time zone changing is available when NTP server is enabled.

User Guide V1.0
System | Configuration | NTP client
The NTP (Network Time Protocol) is used to synchronize the clock of the
Browan Public Access Control Gateway. You can change the system clock
settings using the system | configuration | NTP client menu.
Status – select appropriate status for NTP service [enabled/disabled].
Host – entering the trusted NTP server IP on the field. Figure190 NTP Service
Save – save the entered changes.

Figure191 Editing NTP
The NTP synchronize the device clock with GMT + 0 time. If you need to set the time zone, use the system | configuration | clock menu.

User Guide V1.0
In the case the connection with the first host is fail, you may want to add more
than one NTP hosts. Click the new button to add the additional host settings.
Host – adding the additional NTP service hosts [1-128]. This NTP
server will be used if the connection to the first defined NTP server is Figure192 Adding New NTP Host
lost.
Save – save the entered changes.

User Guide V1.0
System | Configuration | NTP server
Use the NTP Server menu to configure the NTP server status [disabled/
enabled]. This function is synchronizing the time to NTP client. The default
configuration is disabled.
Figure193 NTP server Status Configuration
Change – click to Change the default NTP Server Status:

[enabled/disabled].
NTP server Status – select the NTP server Status: [enabled/disabled].
Save – save the new status.

Figure194 Changing the NTP server Status

User Guide V1.0
After click save button:
Apply changes – to save all changes made in the interface

configuration table at once.
Discard changes – restore all previous values. Figure195 Saving the Change
After click apply changes button, the restart button will appear:
Restart – Click restart button to restart the server and apply the changes.
Figure196 Restart the device

User Guide V1.0
System | Configuration | Certificate
You can upload your own SSL certificates files for HTTP connection using
the certificate feature under the system | configuration menu.
Figure197 Certificate Upload
Only these certificate files are accepted: 1. Server PEM-encoded X.509 certificate file
2. Server PEM-encoded private key file
Click the upload to upload your own SSL certificates and private key files:
Certificate File – the PEM-encoded certificate file for the server.
Private Key File – the PEM-encoded private key file for the server.
Figure198 Uploading New Certificate
Corresponding RSA or DSA, the private keys SHOULD NOT be included.

User Guide V1.0
Private key SHOULD NOT be encrypted with a password. This private key should correspond to the certificate above.
Upload – upload new certificates.
Depending on the public key infrastructure implementation, the certificate

includes the owner's public key, the expiration date of the certificate, the
owner's name, and other information about the public key owner.
Flash – upload new certificates into the Browan Public Access Control
Gateway.
Cancel – cancel new certificate upload.

Figure199 Default Certificate Properties
Uploaded certificate and key file cannot be removed, and it should over write by new uploaded files.

User Guide V1.0
System | Configuration | Save and Restore
You can save your current device configuration file locally using the save and
restore menu under the system | configuration menu.
Following configurations are saved in the specific format file (.cfg):
Network configuration settings (including network interface, VLAN, port

Figure200 Saving and Restoring
forwarding, route, management subnet, DHCP, DNS, RADIUS and
tunnels)
User interfaces configuration settings (including the user pages

templates)
System configuration settings (including syslog, NTP configuration and

access settings)
Connection settings (including e-mail redirection and station

supervision)
Click the download button (Figure200) to start saving the configuration file.
You can change or leave the default configuration file description.

User Guide V1.0
Download – click download button (Figure201) once again to save the

configuration file under the selected path in your computer. Now the last
saved configuration is successfully stored in your local computer.
Figure201 Editing Configuration File Description
Cancel – click the cancel button to back to the main configuration page.
You can use this file any time you want to restore this configuration to the
device by using the upload button
Select the configuration file and upload it on the device:

Figure202 Uploading Restore File
Flash – click flash button to apply the configuration setting to the device.
Cancel – cancel new certificate upload.
Figure203 Uploading Configuration File

User Guide V1.0
System | Configuration | Domain Name
Domain Name configuration can make numerous Browan Public Access

Control Gateways to use one uniform digital certificate. When the clients
connect to Browan Public Access Control Gateway through a secure HTTP
connection (https), it requests a digital certificate which installed on Browan
Public Access Control Gateway to setup HTTPS connections. For the digital
certificate, if one of the below conditions cannot satisfy, a warning window
will pop out on client‘s browser:
1) Certificate is not issued by a trusted site;
2) Certificate is expired;
3) Host name doesn’t match with what is on Certificate.
Condition 1 and 2 can be satisfied, if the operators apply a right certificate.

Figure204 Warning Window for digital certificate
Also operators can use the Domain configuration feature in Browan Public
Access Control Gateways to gratify with the condition 3.
Please enter the domain name in the URL format, for example:
www.gsi.com, which will be the same with the host name in the digital Figure205 Domain Name configuration
certificate. Create a new certificate with hostname = www.gsi.com and then
install on Browan Public Access Control Gateways.

User Guide V1.0
System | Access | Access Control
You could control the access management and specific the related services of
your Browan Public Access Control Gateway in the access control menu.
Thus, the administrator can control the access of every single user to the
Browan Public Access Control Gateway via Telnet, SSH or SNMP. This can be
done by creating the access control list in Browan Public Access Control
Gateway and checking the incoming user‘s IP address.
Default access status – denying all the connections except the SNMP
service to the Browan Public Access Control Gateway.
SNMP service – this service will helps you to access your device.
Edit – to configure the access control, click the edit button to specify the
network address and allow/deny the services.
New – click new button to create a new access control rule for specific
network to specific service(s) [all/ /ssh/telnet/snmp].
Adding a new access control rule:

Service – selecting the services which you would like to use for accessing

User Guide V1.0
to your Browan Public Access Control Gateway: [all/ssh/telnet/snmp]. Figure206 Access Control
Network Address – specify the network or host address with netmask .
Access – select the access policy: [allow/deny].
Figure207 Modifying Access Control
Telnet service should be also enabled in the syst/em | access | telnet, in order to allow the telnet access to the Browan Public Access Control
Gateway. Otherwise, the client or network will not get telnet access.
The Browan Public Access Control Gateway will check the allow rules first, and then the deny rules. In another words, allow rules has the
higher priority than the deny rules.
The default access rule has the lowest priority to other rules no matter its status is allow or deny.
Up to 255 different accesses control rules can be set.

User Guide V1.0
System | Access | Telnet
When the telnet connection to the Browan Public Access Control Gateway is
enabled, and the administrator can connect to the CLI interface via telnet.
Make sure that the default access status which in the system | access | access control menu is allow. Otherwise, you will not be able to
connect via telnet, even though the telnet connection is enabled.
To enable the telnet connection, click the edit button and change the status.
Enabled –telnet connection is enabled.
Figure208 Default Telnet Status

Disabled –telnet connection is disabled.
Save – click the button to save the configuration.
Cancel – restore the previous value. Figure209 Changing Telnet Status

User Guide V1.0
System | Access | AAA
It is recommended to use the Browan Public Access Control Gateway for EAP authentication methods.
UAM – Universal Access Method (web-login) method
PORTAL – The method turns a Web browser into a secure

authentication.
EAP/802.1x are:
EAPMD5 – 802.1x authenticator with MD-5 method
EAPSIM – 802.1x authenticator with SIM authentication method
EAPTLS – 802.1x authenticator with TLS authentication method
Figure210 AAA Settings
EAPTTLS – 802.1x authenticator with TTLS authentication method
MACACL– user is authenticated local database on the Browan Public

Access Control Gateway by its MAC address.
MAC – user is authenticated from RADIUS server by its MAC address.

User Guide V1.0
Use the user interface | configuration | AAA menu to enable/disable

appropriate authentication method on your the Browan Public Access Control
Gateway
If UAM (web-login) method is disabled, the subscriber will not be able to login through the web interface.
Status – change the status of selected AAA method [enabled/disabled].
For MAC-RADIUS authentication the following settings are required:
Use Password – select [RADIUS secret] or [User defined] password

for user authenticating with its MAC address.
Password – enter password with user-defined option selected. There

is only one password for all users authenticated by MAC address
[string, 4-32 characters, no spaces allowed]. Figure211 MAC-RADIUS Authentication
For MAC-ACL authentication, the Browan Public Access Control Gateway

will use the local MAC address database, which can be configured in system
| Access | MAC List. Menu.

User Guide V1.0
System | Access | UAT
With Universal Address Translation (UAT) enabled, the Browan Public

Access Control Gateway will automatically and transparently translate the
fixed IP settings (IP address, gateway, DNS, proxy server) to the user‘s PC,
so that he/she can connect to the broadband Internet service. It is
unnecessary for end-users to reset their corporate IP or web settings. Also
the outgoing e-mails of subscriber can be redirected to the e-mail server, in
order to facilitate the e-mail forwarding for foreign subscribers.
Universal address translation works only on LAN and VLAN interfaces with authentication setting enabled (see more about these settings in
the System | Access | NAV).
The Universal Address Translation (UAT) function can be enabled in the

system | access | UAT menu.
Figure213 Universal Address Translation Settings

User Guide V1.0
Click the edit button to enable or disable the UAT status.
Figure214 Changing Universal Address Translation Status
The Browan Public Access Control Gateway currently supports 50 UAT clients simultaneously.

User Guide V1.0
System | Access | Isolation
Operator could strengthen the security of the Browan Public Access Control
Gateway by define the Isolation feature witch in system | access | isolation
menu.
Bindmac – with bindmac function enabled, the Browan Public Access

Control Gateway binds the user‘s MAC and IP addresses together after Figure215 Isolation
a successful logon by the wireless client, thus preventing Internet

access to a new user who uses the same client IP address, although
the MAC address is different [enabled/disabled].
Isolation – enable this function to prevent users on the same LAN to

communicate with each other. Users can communicate only through the
Browan Public Access Control Gateway [enabled/disabled].

User Guide V1.0
System | Access | PAT and authentication
Operator could define the authentications and PAT attributes.
Interface – defined network interface (br1, interface0-6).
IP Address – it‘s the IP address of interface [non editable].
PAT – stand for port address translation service status. Users can
access the internet with its network gateway address, if user enables
this feature.
Authentication – with disabled authentication, the user can gets

access to the internet thru the LAN connection without any
authentication. If user enable this feature, the authentication for internet
Figure216 PAT, authentication and Visitor Access
access is required for all the users [enabled/disabled].
This setting is important when user configure the UAT settings. See section: System | Access | UAT for more details.

User Guide V1.0
System | Access | SNMP
SNMP is the standard protocol that regulates network management

over the Internet. Browan Public Access Control Gateway can
operate as the SNMP agent when user enables the SNP service. To
communicate with SNMP manager, you must set up the same
SNMP communities and identifiers on both manager and agent.
You can enable/disable the SNMP service or change current SNMP

configuration in the system | access | SNMP menu.
SNMP Table:
SNMP Service – to enable or disable SNMP service on

Browan Public Access Control Gateway. By default, SNMP
service is enabled. With service enabled the Browan Public
Access Control Gateway operates as the SNMP agent.
SNMP Name – a name that is used much like an account

name or a password to restrict that can access the SNMP
functions [0-99 any string].
Figure217 SNMP Settings

User Guide V1.0
SNMP Location – The physical location of SNMP (e.g.,

`telephone closet, 3rd floor') [0-99 any string].
SNMP Contact – To set or modify the contact name for the

SNMP system [0-99 any string].
SNMP Read-Only Community – Community name is used in

SNMP version 1 and version 2c. Read-only (public)
community allows reading values, but denies any attempt to
change values [1-32 all ASCII printable characters, no
spaces].
SNMP Read-Write Community – Community name is used in

SNMP version 1 and version 2c. Read-write (private)
community allows to read and (where possible) change
values [1-32 all ASCII printable characters, no spaces].

User Guide V1.0
Default Trap Community Name – The default SNMP

community name used for traps without specified
communities. The default community by most systems is
"public". The community string must match the community
string used by the SNMP network management system
(NMS) 1-32 all ASCII printable characters, no spaces].
Authentication Failure Taps Generation – user can get the

authentication failure traps from the Browan Public Access
Control Gateway, if user enables this feature.
SNMP Users table is only used for SNMP v3.
SNMP Users Table:
Username – enter the username for read-only (RO) or

read-write (RW) SNMP access [1-32 all ASCII printable
characters, no spaces].
Figure218 SNMP user
Password – enter the password for read-only (RO) or

read-write (RW) SNMP access [8-32 all ASCII

User Guide V1.0
SNMP Proxies Table:
SNMP Proxies – SNMP proxy configuration specifies that

any incoming SNMP requests can be send to another
host. Click the new button to create SNMP proxy:
Figure219 Add SNMP Proxies
Context Name – enter the context name for SNMP proxy

rule between client and Browan Public Access Control
Gateway. Context name only works with SNMP v3. If a
"context name" is specified, it assigns the proxy rule to a
particular context name within the local agent [1-32 all
ASCII printable characters, no spaces]:
Figure220 SNMP and Content Name
This is the proper way to query multiple SNMP agents through a

single proxy. Assign each remote agent to a different context

User Guide V1.0
name. Then you can use "snmpwalk -n contextname1" to walk

one remote proxied agent and "snmpwalk -n contextname2" to
walk another, assuming you are using SNMPv3 to talk to the
proxy (snmpv1 and snmpv2c context mappings aren‘t currently
supported but might be in the future)
Type – select SNMP version for SNMP proxy rule between

acces and Browan Public Access Control Gateway
[v1/v2c].
Community Name – enter community name for

communicating with the host [1-32 all ASCII printable
IP Address – specify the host address (AP in our case) to

which any incoming requests should be re-sent [dots and
digits].
OID Local – enter Object Identifier (OID) of MIB tree

[optional, number and dots].

User Guide V1.0
OID Target – Optionally, you can relocate the "OID local‖

tree to the new location at the "OID target"
Without the OID is specified, all SNMP request to the Browan Public Access Control Gateway will be redirected to a specific host.
SNMP Trap Table:
You can configure your SNMP agent to send SNMP Traps (and/or inform
notifications) under the defined host (SNMP manager) and community name Figure221 SNMP Trap Table
(optional).
Type – select trap message type [v1/v2/inform].
Host – enter SNMP manager IP address [dots and digits].
Community Name – specify the community name at a SNMP trap

message. This community will be used in trap messages to

User Guide V1.0
authenticate the SNMP manager. [1-32 all ASCII printable

Port – enter the port number which the trap messages should send
through [number].
System | Access | Mac List
The MAC list is a client pass-through table. If MACACL (system | Access |

AAA) is enabled and the client‘s MAC address belongs to this table, then the

User Guide V1.0
client will be authorized transparently. (Please refer to MACACL item in

System | Access | AAA.
Click new button to add a new MAC address. The format of a MAC address
can be:
xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx or xxxxxxxxxx
Figure222 Adding new MAC address
Click the apply changes button to save the changes.
Figure223 MAC List for MAC-ACL

User Guide V1.0
System | Access | HTTPC
For web authentication, this item configures whether redirect web logon user
to a HTTPS logon page or HTTP page.
Default configuration is disabled which means the web logon client will be
redirected to a HTTPS logon page for more security.
Figure224 HTTPC configuration for web logon
Click edit button to enable/disable the http connect status.
Save – click the button to save the configuration.
Cancel – restore the previous value. Figure225 Edit HTTPC configuration

User Guide V1.0
System | Access | Portal detect
By default, the Portal server detect feature is disabled.
Portal detect setting is to configure the IP address of portal server, when the
device fail to connect the IP address that we using, and the device will sent
the warning to the trap receiver. The network manager will get the warning
trap, and repair the link.
Edit – click edit button to change the configuration of Portal service

detect.
Figure226 Portal service detect configuration.
New – click new button to create the new configurations of Portal

service detect.
Host – enter the IP address of Portal server. Figure227 Edit portal service detect

User Guide V1.0
Apply changes – to save all the changes at once.
Discard changes – restore all the previous values.
Figure228 Saving the change of portal service detect

User Guide V1.0
System | Status
Users could check the current status of Browan Public Access Control
Gateway in the system | status menu.
Refresh – click refresh button to refresh the device status.
Figure229 Device Statistics

User Guide V1.0
System | Reset
User can reboot the device or reset to factory defaults in the system | reset
menu.
Figure230 Reset and Reboot
Reset – reset device to factory default values.
Figure230 Reset
Reboot – reboot device with the last saved configuration.
Figure230 Reboot
Keep in mind that resetting the device is an irreversible process. Please note that even the administrator password will be set back to the
factory default.

User Guide V1.0
System | Update
Check for new product updates at the Browan website: http://www.browan.com
User must upload only the original firmware image in system | update menu,
click the upload button.
Figure231 Firmware Update

Specify the full path to the new firmware image and click the upload button.
Firmware Image – enter the firmware image file.
Browse – click browse button to specify the new image location.
Upload – upload with new firmware.
Cancel – cancel the upload process.

Figure233 New Firmware Upload
New firmware image is uploaded into the Browan Public Access Control

User Guide V1.0
Gateway. Now click the flash button to upload this new firmware into the
FLASH memory.
Flash – flash new image, reboots the system.
Figure234 Flashing New Image
Do not switch off or do not disconnect the Browan Public Access Control Gateway from the power supply during the firmware update process,
because the device could be damaged.
Firmware auto-update:
Auto-update function helps update the device firmware automatically.
Status – to enable/disable the auto-update feature. The default value is

disabled.
Update URL –. It points directly to firmware update file. URL should be

accessible without any user authentication. The URL can allow HTTP, Figure235 Firmware Auto-update Configuration
HTTPS and FTP protocols. [Default value: empty string].

User Guide V1.0
Update interval – user can define the time interval between each
update in hours [1-9999]. Default value is 48 hours.
Delay – delays update process by given amount of hours. This should

prevent from getting hundreds requests for firmware download at the
same time [0-24]. Default value is 0.
Save - save the new firmware auto-update settings.
Cancel – cancel the new firmware auto-update settings.
On boot auto-update feature checks for available updates on specified server at given URL. If there is different version - device downloads,
installs firmware update and reboots. If firmware version matches with the current version on device - no update takes place.

User Guide V1.0
Connection
Users could view the connected user‘s statistics in the
connection menu, set outgoing mail server or observe
the connected station availability.
Figure236 Connection Menu

User Guide V1.0
Connection | Users
The users menu is for viewing the connected users‘ statistics. Also
administrator can logout user from here.
Figure237 Users’ Statistics
Details – click on user details to get more information about the client:
Back – returns to connected client‘s statistics list.
Logout User – click this button to explicitly logout user from the
network.
Refresh – click the button to refresh users‘ statistics.
Figure238 User’s Details

User Guide V1.0
Connection | E-mail Redirection
Setting up the outgoing mail (SMTP) server redirection in the e-mail

redirection menu.
Click the edit button to specify your outgoing mail server settings.
Save – save the new e-mail redirection settings. Figure239 E-mail Redirection Settings
Cancel – cancel the new e-mail redirection settings.
Figure240 Editing E-mail Redirection

User Guide V1.0
Connection | Station Supervision
The station supervision feature is used to monitor the connected host

station availability. This monitoring is performed with ping. If the specified
number of ping failures is reached (failure count), the user is logged out
from the Browan Public Access Control Gateway.
To adjust the ping interval/failure count, click the Edit button.
Interval – define interval of sending ping to host [in seconds].

Figure241 Station Supervision
Failure Count – failure count value after which the user is logged out from
the system.
Save – save station supervision settings.
Cancel – cancel the entered changes. Figure242 Editing Station Supervision

User Guide V1.0
Appendix
A) Public Access Control Gateway Specification
Technical Data
Network and Hotspot Access Control

IP Router with NAT/PAT, firewall filters Hotspot access controller with web browser log-on (UAM) and 802.1x/EAP
support, Smart Client support, MAC authentication, WISPr compliant (Wi-Fi
alliance)
AAA RADIUS client and proxy server with EAP support Universal access method (web browser log-on) with XML support and walled
garden (free web sites)
Universal address translation and web proxy support (any client WISPr compatible log-on via web browser, SSL/TLS support UAT
configuration is accepted)
VPN client (GRE) IEEE 802.1x authenticator with EAP-SIM, MD-5, TLS, TTLS, PEAP

User Guide V1.0
WPA support DHCP server, DHCP relay gateway, DHCP client

VPN pass-through Layer 2 user isolation
E-mail redirection Bandwidth management via RADIUS
Interface
WAN 10/100Mb Ethernet, auto sensing, RJ-45
LAN Four 10/100Mb Ethernet port switched, auto sensing, RJ-45, 802.1q VLAN support
Management
Interfaces HTTPs, Telnet, SNMP (MIB II, Ethernet MIB, bridge MIB, private MIB), Terminal
Software Update Remote software update via HTTPs
Reset Remote reset / Manufacturing reset
Physical Specification
Dimension 436 mm x 260 mm x 44 mm
Weight -
Environment Specification
Temperature Humidity
Operating 0 to 45°C 10 % to 90%, non-condensing
Power Supply
Input 100-230V AC, 50/60Hz

User Guide V1.0
Package Contents
Browan Public Access Control Gateway Mounting Kit
One Ethernet patch cables Power cords for EU and USA
CD-ROM with software and documentation Printed warranty note, release note
Related Products
Access Points: P-520 54Mb Operator Access Point P-380-HPAM High Power 11MB Outdoor Router
Client Adapters: T-316 11Mb Ethernet Client (2.4 GHz)
Account Printer A-710 mini account printer
A-720 mini account printer with multiple language support

User Guide V1.0
B) Factory Defaults for the Access Controller
Network Interface Configuration Settings

Configuration | Interface Configuration
Interface Ixp1
Status Enabled
Type WAN
IP Address 192.168.2.66
Netmask 255.255.255.0
Gateway 192.168.2.1
Interface Ixp0
Status Enabled
Type LAN

User Guide V1.0
IP Address 192.168.3.1
Netmask 255.255.255.0
Gateway Ixp1
Configuration | VLAN
No VLAN entries are defined on system.
Configuration | Route
No routes are defined on system.
Configuration | Port Forwarding

No port forwards defined.
Configuration | Management Subnet
Interface Ixp0
Status Disabled
IP Address 0.0.0.0
Netmask 0.0.0.0
Remote Network 0.0.0.0
Remote Netmask 0.0.0.0
DNS

User Guide V1.0
Hostname None
Domain None
Type Primary
IP Address 0.0.0.0
Type Secondary
IP Address 0.0.0.0
DHCP
Status DHCP Server
Interface Ixp0
IP Address from 192.168.3.2
IP Address to 192.168.3.223
WINS Address 0.0.0.0
RADIUS Settings
RADIUS Retries 5
RADIUS Timeout 2
NAS Server ID -
User Session Timeout 72000

User Guide V1.0
User Accounting Update 600
User Accounting Update Retry 60
User Idle Timeout 900
Location ISO Country Code US
Location E.164 Country Code 1
Location E.164 Area Code 408
Location Network Gemtek_Systems
Hotspot Operator Name Gemtek_Systems
Location Terminal_Worldwide
Bandwidth Up 1 Mbps
Bandwidth Down 1 Mbps
RADIUS Servers
Name DEFAULT (default)
Type Authentication
IP Address 0.0.0.0
Port 1812
Secret password (case sensitive)
Type Accounting

User Guide V1.0
IP Address 0.0.0.0
Port 1813
Secret secret (case sensitive)
Reverse Accounting disabled
Strip WISP enabled
UAM authentication method PAP
WISP
Domain Policy: username@domain
No WISP defined on system
Accounting Backup
Description Backup via syslog
Status Disabled
Host 0.0.0.0
Description Backup to local file
Status Disabled
Host -
Tunnels | PPPoE/GRE

User Guide V1.0
PPPoE/ GRE services are disabled.
Tunnels | GRE tunnels
No GRE tunnels defined on system.
User Interface Configuration Settings

Pages
Page Welcome
Use Internal
Status Enabled
Location Welcome.xsl
Page Login
Use Internal
Status -
Page Logout
Use Internal
Status -
Location Logout.xsl

User Guide V1.0
Page Help
Use Internal
Status -
Location Images/help.html
Page Unauthorized
Use Internal
Status -
Location Images/unauthorized.html
Caching
Description Enabled
Headers
Description Content-Type
Status Disabled
Description Content-Language
Status Disabled
Remote Authentication
Remote Authentication Disabled
Shared Secret None

User Guide V1.0
Administrator
Super administrator: Username: admin (case sensitive)
Password: admin01 (case sensitive)
Normal administrator Username: ebilling (case sensitive)
Password: admin01 (case sensitive)
Start Page
Start Page URL http://www.gemtek-systems.com
Walled Garden
No free site (or walled garden) URL is specified.
No free walled garden host is specified.
Web Proxy
Web Proxy Enabled
Port 3128, 8000, 8080

User Guide V1.0
System Configuration Settings

Configuration | Syslog
Remote Log Status Disabled
Host 0.0.0.0
Level Debug
Configuration | Trace System

History Size 102400
Level Information
Configuration | Clock
Date Time No further known parameter.
Configuration | NTP
NTP Service Enabled
Host Time.windows.com
Time.nist.gov
Configuration | Certificate

User Guide V1.0
By default Gemtek System certificate is uploaded in the system with

following certificate information:
Issuer Organization Name Gemtek Systems
Subject Organization Name Gemtek Systems
Validity Not Before Oct 7 7:46:53 2002 GMT
Validity Not After Mar 12 7:46:53 2019 GMT
Configuration | Save and Restore

No further known parameters.
Configuration | Pronto
Gold Pronto Status Disabled
HNS server URL 0.0.0.0:9989
Heartbeat interval Disabled
Remote host 0.0.0.0
Remote port 7788
Configuration | Share Username

Share User Name Disabled
Access | Access Control
Default Access Status Deny

User Guide V1.0
Network Address All
SNMP Service Allow
Network Address All
Access | Telnet
Telnet Status Disabled
Access | AAA
UAM Enabled
EAP802.1x Disabled
MAC Disabled
Use Password RADIUS secret
Password password (case sensitive)
Access | UAT
Interface Ixp0
UAT Status Enabled
IP Address 192.168.3.224
Netmask 192.168.3.224
Access | Isolation
Bindmac Disabled

User Guide V1.0
Isolation Disabled
Access | NAV
Interface Ixp0
IP Address 192.168.3.1
NAT Enabled
Authentication Enabled
Visitor Access Disabled
Access | SNMP
SNMP Service Enabled
Name Name
Location Location
Contact Contact information
Public Community Name Public
Private Community Name Private
Default Trap Community Name Private
Authentication Failure Traps Generation Disabled
Type RO User
User Name public (case sensitive)

User Guide V1.0
Type RW User
User Name private (case sensitive)
There are no SNMP proxies on system.
There are no SNMP traps on system.
Access | Web Auth

IP Disabled
MAC Disabled
Pre-paid Enabled
e-billing Enabled
RADIUS Enabled
Update
Status Disabled
Update URL None
Update interval 48
Delay 0

User Guide V1.0
Connection Settings
E-mail Redirection
Status Disabled
Host 0.0.0.0
Port 25
Station Supervision
Interval 20
Failure count 9

User Guide V1.0
Built-in AAA
E-Billing | User Control
User Control No User list available
E-Billing | Band Class
Class 0 Max. up-bandwidth 1 Mbps
Max. down-bandwidth 1 Mbps
Max. down-bandwidth 2 Mbp
Max. down-bandwidth 4 Mbps
E-Billing | Bill Setting
Billing Policy Bill by Time
Data Unit Price(/MB) 1.00
Time Unit Price(/Hour) 5.00
Charge Unit dollar
E-Billing | Power cut protection

Power cut protection Disabled

User Guide V1.0
Pre-paid | Price/Unit
Price(/hour) 5.00
Charge Unit dollar
Pre-paid | account life

12 (hours)
Pre-paid | WEP key and SSID

(Blank)
Pre-paid | Account reminder

Max income sum 999
Reminds counts 10
Configuration | Language
English
Configuration | Title
GSI

User Guide V1.0
C) CLI Commands and Parameters
Network Commands
network
configuration Network Interfaces configuration.
dhcp Dynamic Host Configuration Protocol services configuration.
dns DNS Server settings.
radius Configuration set for changing RADIUS Server settings.
tunnels Tunnels configuration commands.
network configuration
interface Network Interfaces configuration.
portforward Port forwarding setup.
routes Static IP routing settings.
subnet Management subnet configuration.
vlans VLANs configuration.
network configuration interface

User Guide V1.0
<interface> Standard UNIX interface name. This name cannot be changed.
-s <status> The interface status. Possible values are enabled and disabled.
-a <ip_address> Interface IP address in digits and dots notation, e.g. 192.168.2.27.
-m <netmask> Interface subnet mask e.g. 255.255.255.0.
-g <gateway> Interface gateway in digits and dots notation or name of other interface.
-d <dhcpclient> The status of dhcp client for the interface. May have values enabled and
disabled. Can be used with WAN interface only.
-q <masquerade> Masquerade status for interface: enabled or disabled.
-u <authentication> Authentication status on interface: enabled and disabled.
-v <visitor_access> Visitor access for interface: values enabled and disabled.
network configuration portforward

<action> Action to take upon Port Forwarding entry: A(dd), E(dit), D(elete).
<id> Port Forwarding entry id. Needed with actions E(dit) and D(elete).
-s <status> PortForwarding rule status: enabled or disabled.
-p <protocol> Rule protocol.
-a <ip> Source ip address.
-l <port> Source port.
-d <ip> Destination ip address.

User Guide V1.0
-r <port> Destination port.
network configuration routes

<action> Action to take upon the route. May have values A(dd), E(dit), D(elete).
<id> Route id. Needed only with actions E and D.
<status> Route status. May have values active or inactive.
<device> Interface name.
<target> Target ip address.
<netmask> Target netmask.
<gateway> Gateway for the target address.
network configuration subnet

<interface> Interface name on which the management subnet is configured.
-s <status> Interface ip address for management subnet.
-a <ip_address> Interface ip address for management subnet.
-m <netmask> Interface netmask for management subnet.
-n <filterNetwork> Network from which users are allowed to access management subnet.
-t <filterNetmask> Netmask of network from which users are allowed to access management
subnet.
network configuration vlans

User Guide V1.0
<action> Action to take upon VLAN interface: A(dd), E(dit), D(elete).
<id> VLAN interface id. Needed only with action A.
<interface> Name of LAN interface on which VLAN interface exists. Needed only with
action A.
<name> Name of VLAN interface. Needed only with actions E and D.
network dhcp
<interface> Interface name for DHCP server instance.
-s <status> Status of DHCP server for interface. May be server, relay or disabled.
-f <from> Start of IP address range supported for DHCP service. Needed only with
server status.
-t <to> End of IP address range supported for DHCP service. Needed only with
server status.
-w <wins> WINS Address (Windows Internet Naming Service Address) if it is available

on the network. Needed only with server status.
-l <lease_time> DHCP Server lease time. Needed only with server status.
-d <domain> DHCP domain name. Needed only with server status.
-c <circuit_id> Circuit ID - a unique NAS identifier. MAC address will be used by default.
Needed only with relay status.
-n <dns_list> List of up to two DNS servers IP addresses.

User Guide V1.0
network dns
<type> DNS Server type. May be primary or secondary.
<nameserver> DNS Server IP address in digits and dots notation, e.g. 192.168.2.27.
Network Radius Commands
network radius
accounting_log For sending RADIUS accounting via syslog.
proxy RADIUS Proxy configuration.
servers Up to 32 different RADIUS servers' configuration.
settings General RADIUS settings configuration.
wisp WISP information and setup.
network accounting_log
-l <status> Local accounting log status. Possible values are enabled or disabled.
-r <status> Remote accounting log status. Possible values are enabled or disabled.
-a <host> The host IP address where to send the accounting information.
network radius servers

accounting Accounting RADIUS servers' configuration.

User Guide V1.0
authentication Authentication RADIUS servers' configuration.
backup Accounting information backup servers configuration.
network radius servers accounting

<id> RADIUS server id.
-a <ip_address> RADIUS server IP address used for Radius accounting.
-p <port> RADIUS server port used for Radius accounting.
-s <secret> Shared secret key for accounting (must be the same on RADIUS server and
RADIUS client).
network radius servers authentication

<action> Action to take uppon radius server. May have values A(dd), E(dit), D(elete).
-n <name> RADIUS server name.
-a <ip_address> RADIUS server IP address.
-p <port> RADIUS server port.
-s <secret> Shared secret key (must be the same on RADIUS server and RADIUS client).
-d <default> Sets the server as default. Possible values: yes. Note: there can be only one
default Radius server.
-r <status> Reverse accounting. May have values enabled or disabled.

User Guide V1.0
-w <status> Strip WISP name before sending to RADIUS. May have values enabled or
disabled.
-u <method> UAM authentication method for RADIUS server. May have values pap, chap,
mschap1 and mschap2.
network radius servers backup

-b <status> If RADIUS Backup Server feature is on. May have values enabled or disabled.
-a <ip_address> Backup RADIUS server IP address used for Radius accounting.
-p <port> Backup RADIUS server port used for Radius accounting.
-s <secret> Shared secret key for backup server(must be the same on RADIUS server
and RADIUS client).
network radius settings

-r <retries> Retry count of sending RADIUS packets before giving up.
-t <timeout> Maximal amount of time before retrying RADIUS packets (in seconds).
-n <nas> NAS Server identification string.
-o <user_timeout> Amount of time from user side (no network carrier) before closing the
connection (in seconds).
-a <acct_update> Period after which server should update accounting information (in seconds).

User Guide V1.0
-c <acct_retry> Retry time period in which server should try to update accounting information
before giving up (in seconds).
-i <idle> Amount of user inactivity time, before automatically disconnecting user from
the network (in seconds).
-u <bandwidth> Default Radius user upload bandwidth.
-d <bandwidth> Default Radius user download bandwidth.
network radius wisp

<action> A(dd), D(elete)
<id> WISP Id. Usable only with D action.
<name> WISP name. Usable only with A action.
<radius_id> WISP Radius server id (from Radius authentication server list). Usable only
with A action.
<interface> Interface name to which the WISP should be bound or none. Usable only with
A action.
Network Tunnels Commands
network tunnels
gre GRE client setup.

User Guide V1.0
ppp PPTP, PPPoE and GRE setup.

pptp4vpn PPTP for VPN setup.
network tunnels gre
<action Action to take upon GRE tunnel: A(dd), E(dit), D(elete).
<id> GRE tunnel id. Needed only with action E and D.
<status> GRE tunnel status. Needed only with action A and E.
<remote> Remote host ip. Needed only with actions A and E.
network tunnels ppp
-s <status> Status: disabled/PPTP/PPPoE/GRE.

-n <name> PPPoE/PPTP username.
-p <password> PPPoE/PPTP password.
-e <encryption>: PPPoE/PPTP encryption status: enabled or disabled.
-a <server> PPTP server ip address/GRE remote address.
-i <ip> GRE interface address.
-m <netmask> GRE interface netmask.
network tunnels pptp4vpn
<action> A(dd), D(elete) or E(dit) entry.

-c <channel> PPTP channel. Used only with A and E actions.
-s <server> PPTP server ip address. Used only with A and E actions.
-u <username> PPTP username. Used only with A and E actions.
-p <password> PPTP password. Used only with A and E actions.

User Guide V1.0
-e <encryption> PPTP encryption status: enabled or disabled. Used only with A and E actions.
-a <network> PPTP remote network address. Used only with A and E actions.
-m <netmask> PPTP remote network netmask. Used only with A and E actions.
User Commands
user
administrator Administrator login and password change.
connected Connected users list.
start_page Definition of first URL after user login.
walled_garden Free Web sites list.
webproxy Web proxy configuration.
user administrator
Enter for wizard Follow the wizard and complete administrator settings changes.
user connected
<action> D(etail) user statistics for or L(ogout) user with specified ip.
<ip> User ip address.
user start_page

User Guide V1.0
<url> The web page to which the user is redirected after login.
user walled_garden
host Configures free web sites that are not displayed to users.
url Configure free web sites that are displayed to users.
user walled_garden host

<action> Action to take on free web site. May have values A(add), E(edit), D(delete).
<id> Walled Garden entry id. Used only with E(dit) and D(elete) actions.
-h <host> Host address.
-p <port> Network port, which is used to reach the host.
-t <type> Used protocol type. May have values tcp or udp.
-m <netmask> Host subnet mask e.g. 255.255.255.255.
user walled_garden url

<action> Action to take on free web site. May have values A(add), E(edit), D(delete).
<id> Walled Garden entry id. Used only with E(dit) and D(elete) actions.
-u <url> URL address used for link.
-s <display> URL description visible for user.
user webproxy
-s <status> Web proxy status: enabled or disabled.

User Guide V1.0
-a <port> [<port>... [<port>]] Add list of Web proxy ports.
-d <port> [<port>... [<port>]] Delete list of Web proxy ports.
System Commands
system
access System access configuration.
configuration System configuration.
system access
aaa Multimode settings.
control Allow or deny management access depending on user network address.
isolation Isolation setup.
snmp Configuration of SNMP service.
telnet Enabling or disabling of telnet protocol.
uat Universal Address Translation of all IP and proxy settings.
system configuration
clock Manual setting of internal device clock
ntp Configuration of Network time Protocol service.

User Guide V1.0
syslog For sending system and debug messages via syslog protocol.
trace Displays the last logged messages.
System Access Commands
system access aaa
-m <mode_list> Either disabled or space separated list of modes. Modes may be: uam,
802.1x, mac.
-u <use_password> Mac authentication mode password usage: 'radius' - use radius shared secret
key, 'user' - use of user-defined password.
-p <password> User defined mac authentication password.
system access control
<action> Action to take upon management access entry: A(dd), E(dit), D(elete) or
default.
<id> Management access entry id. Needed only when editing or deleting entry.
-s <service> Services for which the policy should be set: ssh, snmp, telnet or all.
-a <ip/bitmask> 'all' or network ip address and bitmask to (dis)allow service to.
-p <policy> Management access policy: allow or deny(default is deny).
system access isolation
-b <status> Mac binding status: enabled or disabled.

User Guide V1.0
-i <status> Isolation status: enabled or disabled.

system access snmp
proxies SNMP proxies settings.
settings SNMP service settings.
traps SNMP traps settings.
users SNMP users settings.
system access snmp proxies
<action> Action to take upon SNMP proxy entry: A(dd), E(dit) or D(elete).
<id> Entry id. Needed only with Edit and Delete actions.
-t <type> Proxy type. May have values v1, v2c. Can be used only when adding or
editing proxy.
-a <ip_address> Proxy ip address.
-c <community_name> Proxy community name.
-l <oid_local> Proxy local OID.
-r <oid_target> Proxy target OID.
system access snmp settings
-s <status> Status of SNMP service.
-n <name> System name.
-l <location> Location of the device.
-c <contact> Contact information.
-b <public_name> Public name of SNMP service.

User Guide V1.0
-r <private_name>: Private name of SNMP service.

system access snmp traps
<action> Action to take upon SNMP trap entry: A(dd), E(dit) or D(elete)
<id> Entry id. Needed only with Edit and Delete actions.
-c <community> SNMP community string.
-a <ip_address> SNMP trap host address.
-p <port> SNMP trap port.
-t <type> SNMP trap type: v1, v2 or inform.
system access snmp users
<id> User id.
-n <name> SNMP user name.
-p <password> SNMP user password.
system access telnet
<status> Change telnet service status: enabled or disabled.
system access uat
<interface> Active LAN interface.
-s <status> UAT status on interface.
-a <ip> Network of UAT address pool.
-m <netmask> Netmask of UAT address pool.

User Guide V1.0
System Configuration Commands
system configuration
clock Manual setting of internal device clock.
ntp Configuration of Network time Protocol service.
syslog For sending system and debug messages via syslog protocol.
trace Displays the last logged messages.
system configuration clock

<date> New date values in YYYY.MM.DD format.
<time> New time in hh:mm format.
<zone> New time zone (time from GMT in minutes).
system configuration ntp
<action> Action: A(dd), E(dit), D(elete) server or set NTP S(tatus).
<id> Server id. Needed only with E and D actions.
-a <server> NTP server address.
-s <status> NTP service status: enabled or disabled. Needed only with S action.
system configuration pronto

User Guide V1.0
-s <status> Pronto compatibility agent status: enabled or disabled.
-u <server_url> HNS server url in format host:port.
-h <interval> Heartbeat interval in seconds, 'disabled' or 'server' to obtain it from the server.
-a <remote_host> Remote host ip address.
-p <remote_port> Remote host port.
system configuration syslog

-s <status> Syslog status. Possible values are enabled or disabled.
-h <host> The host IP address where to send the syslog. Needed only when enabling
syslog.
-l <level> The lowest level of messages that will be logged. Possible levels: debug, info,
warning, error, fatal.
system configuration trace

clear Clears trace history.
size <number> Sets trace history size.
level <level> Sets level of trace messages. Possible levels: debug, info, warning, error,
fatal.

User Guide V1.0
Status Commands
status
device General system information.
network Network information.
service Services information.
Connection Commands
connection
email Outgoing Main (SMTP) Redirection settings.
supervision Settings for station availability monitoring with ARP-Pings.
connection email
<status> SMTP redirection status: enabled or disabled.
<host> New SMTP server host IP address.
<port> New port number.
connection supervision
<seconds> <number> ARP-Ping interval in seconds and failure number after reaching which user is
automatically logged out.

User Guide V1.0
E) Standard RADIUS Attributes

The following standard RADIUS attributes and messages are supported by the Hotspot-in-a-Box.
The Gemtek System vendor specific attributes are described at the client point of view (reverse accounting is disabled).
Required Attribute # Type Auth Auth Acctg Comment

Req Reply Req
User-Name 1 String X X User enters full NAI
User – Password 2 String X Password of the user to be authenticated
NAS–IP–Address 4 Ipaddr X X IP Address of the Hotspot-in-a-Box
Service-Type 6 Integer X Must be set to Login (1)
Framed-IP-Address 8 Ipaddr X X IP Address of the User
Reply-Message 18 String X Text of reject reason if present
State 24 String X X AC does not interpret the attribute locally
Class 25 String X X Attribute provided by the Auth. Server, forwarded to the accounting
server
Session-Timeout 27 Integer X Forced logout once timeout period reached (seconds)

User Guide V1.0
Idle-Timeout 28 Integer X Implicit logout inactivity timeout period (seconds)
Called-Station-ID 30 String X X This field should contain the MAC address or other information identifying
the Hotspot-in-a-Box
NAS-Identifier 32 String X X String identifying the NAS
Acct-Status-Type 40 Integer X 1=Start, 2=Stop, 3=Interim Update
Acct-Delay-Time 41 Integer X Delay (seconds) between Acctg Event and when Acct-Req sent (doesn‘t
include estimated network transit time)
Acct-Input-Octets 42 Integer X Indicates how many octets have been received from the port over
the course of this service being provided
Acct-Output Octets 43 Integer X Indicates how many octets have been sent to the port in the course of
delivering this service
Acct-Session-ID 44 String X X X Unique Accounting ID to make it easy to match start and stop records in
a log file
Acct-Session-Time 46 Integer X Call duration in seconds (already compensated for idle timeout)
Acct-Input-Packets 47 Integer X Indicates how many packets have been received from the port over
the course of this service being provided
Acct-Output Packets 48 Integer X Indicates how many packets have been sent to the port in the course of
delivering this service
Acct-Terminate-Cause 49 Integer X 1=Explicit Logoff, 4=Idle Timeout, 5=Session Timeout, 6=Admin Reset,
9=NAS Error, 10=NAS Request, 11=NAS Reboot

User Guide V1.0
Acct-Input-Gigawords 52 Integer X This attribute indicates how many times the Acct-Input-Octets counter
32
has wrapped around 2 over the course of this service being provided
Acct-Output-Gigawords 53 Integer X This attribute indicates how many times the Acct-Output-Octets counter
32
has wrapped around 2 in the course of delivering this service
NAS-Port-Type 61 Integer X X 15=Ethernet, 19=802.11
Acct-Interim-Interval 85 Integer X Interval (seconds) to send accounting updates
Vendor Specific Attributes
The Wi-Fi Alliance recommends a list of certain Vendor Specific Attributes (VSA). The VSA values are intended to provide location information to the backend
processing system or to deliver service type information back to the Hotspot-in-a-Box.
The Wi-Fi Alliance has registered an IANA Private Enterprise Number (PEN) of 14122, which can be used to pass Vendor-Specific attributes to international
roaming partners.
WISPr Vendor # Type Auth Auth Acctg Comment

Specific Atributes Req Reply Req
Location-ID 1 String X X Hotspot Location Identifier
Location-Name 2 String X X Hotspot Location and Operator‘s Name
Logoff-URL 3 String X URL for user to perform explicit logoff
Redirection-URL 4 String X URL of Start Page

User Guide V1.0
Bandwidth-Min-Up 5 Integer X Minimum Transmit Rate (bps)

Bandwidth-Min-Down 6 Integer X Minimum Receive Rate (bps)
Bandwidth-Max-Up 7 Integer X Maximum Transmit Rate (bps)
Bandwidth-Max-Down 8 Integer X Maximum Receive Rate (bps)
Session-Terminate-Time 9 String X YYYY-MM-DDThh:mm:ssTZD
Session-Terminate-Time 10 Integer X Flag zero or one indicating termination rule.
-End-of-Day
Billing-Class-Of-Service 11 String X Text string indicating service type e.g. used for the visitor access feature
The Gemtek System vendor specific attributes are described at the client point of view (reverse accounting is disabled).
Gemtek Systems # Type Auth Auth Acctg Comment

Vendor Specific Req Reply Req
Atributes
Acct-Session-Input-Octets 21 Integer X Session download volume limitation in bytes. Forced logout once volume
limitation is reached.
Acct-Session-Input-Gigawords 22 Integer X Session download volume limitation in bytes. Forced logout once volume
limitation is reached
Acct-Session-Output-Octets 23 Integer X Session upload volume limitation in bytes. Forced logout once volume

User Guide V1.0
Acct-Session-Output-Gigawords 24 Integer X Session upload volume limitation in bytes. Forced logout once volume
Acct-Session-Octets 25 Integer X Upload and download limitation
Acct-Session-Gigawords 26 Integer X Upload and download limitation

User Guide V1.0
F) Location ID and ISO Country Codes

This list states the country names (official short names in English) in alphabetical order as given in ISO 3166-1 and the corresponding ISO 3166-1-alpha-2
code elements.
It lists 239 official short names and code elements.
Location Country Location Country

ID ID
AF Afghanistan LI Liechtenstein
AL Albania LT Lithuania
DZ Algeria LU Luxembourg
AS American Samoa MO Macao
AD Andorra MK Macedonia, the former Yugoslav republic of
AO Angola MG Madagascar
AI Anguilla MW Malawi
AQ Antarctica MY Malaysia
AG Antigua and Barbuda MV Maldives
AR Argentina ML Mali
AM Armenia MT Malta

User Guide V1.0
AW Aruba MH Marshall islands
AU Australia MQ Martinique
AT Austria MR Mauritania
AZ Azerbaijan MU Mauritius
BS Bahamas YT Mayotte
BH Bahrain MX Mexico
BD Bangladesh FM Micronesia, federated states of
BB Barbados MD Moldova, republic of
BY Belarus MC Monaco
BE Belgium MN Mongolia
BZ Belize MS Montserrat
BJ Benin MA Morocco
BM Bermuda MZ Mozambique
BT Bhutan MM Myanmar
BO Bolivia NA Namibia
BA Bosnia and Herzegovina NR Nauru
BW Botswana NP Nepal
BV Bouvet island NL Netherlands

User Guide V1.0
BR Brazil AN Netherlands Antilles
IO British Indian ocean territory NC New Caledonia
BN Brunei Darussalam NZ New Zealand
BG Bulgaria NI Nicaragua
BF Burkina Faso NE Niger
BI Burundi NG Nigeria
KH Cambodia NU Niue
CM Cameroon NF Norfolk island
CA Canada MP Northern Mariana islands
CV Cape Verde NO Norway
KY Cayman islands OM Oman
CF Central African republic PK Pakistan
TD Chad PW Palau
CL Chile PS Palestinian territory, occupied
CN China PA Panama
CX Christmas island PG Papua new guinea
CC Cocos (keeling) islands PY Paraguay
CO Colombia PE Peru

User Guide V1.0
KM Comoros PH Philippines
CG Congo PN Pitcairn
CD Congo, the democratic republic of the PL Poland
CK Cook islands PT Portugal
CR Costa Rica PR Puerto Rico
CI Côte d'ivoire QA Qatar
HR Croatia RE Réunion
CU Cuba RO Romania
CY Cyprus RU Russian federation
CZ Czech republic RW Rwanda
DK Denmark SH Saint Helena
DJ Djibouti KN Saint Kitts and Nevis
DM Dominica LC Saint Lucia
DO Dominican republic PM Saint Pierre and Miquelon
EC Ecuador VC Saint Vincent and the grenadines
EG Egypt WS Samoa
SV El Salvador SM San Marino
GQ Equatorial guinea ST Sao tome and Principe

User Guide V1.0
ER Eritrea SA Saudi Arabia
EE Estonia SN Senegal
ET Ethiopia SC Seychelles
FK Falkland islands (Malvinas) SL Sierra Leone
FO Faroe islands SG Singapore
FJ Fiji SK Slovakia
FI Finland SI Slovenia
FR France SB Solomon islands
GF French Guiana SO Somalia
PF French Polynesia ZA South Africa
TF French southern territories GS South Georgia and the south sandwich islands
GA Gabon ES Spain
GM Gambia LK Sri Lanka
GE Georgia SD Sudan
DE Germany SR Suriname
GH Ghana SJ Svalbard and Jan Mayan
GI Gibraltar SZ Swaziland
GR Greece SE Sweden

User Guide V1.0
GL Greenland CH Switzerland
GD Grenada SY Syrian Arab republic
GP Guadeloupe TW Taiwan, province of china
GU Guam TJ Tajikistan
GT Guatemala TZ Tanzania, united republic of
GN Guinea TH Thailand
GW Guinea-Bissau TL Timor-Leste
GY Guyana TG Togo
HT Haiti TK Tokelau
HM Heard island and McDonald islands TO Tonga
VA Holy see (Vatican city state) TT Trinidad and Tobago
HN Honduras TN Tunisia
HK Hong Kong TR Turkey
HU Hungary TM Turkmenistan
IS Iceland TC Turks and Caicos islands
IN India TV Tuvalu
ID Indonesia UG Uganda
IR Iran, Islamic republic of UA Ukraine

User Guide V1.0
IQ Iraq AE United Arab emirates
IE Ireland GB United kingdom
IL Israel US United states
IT Italy UM United states minor outlying islands
JM Jamaica UY Uruguay
JP Japan UZ Uzbekistan
JO Jordan VU Vanuatu
KZ Kazakhstan Vatican city state see holy see
KE Kenya VE Venezuela
KI Kiribati VN Vietnam
KP Korea, democratic people's republic of VG Virgin islands, British
KR Korea, republic of VI Virgin islands, U.S.
KW Kuwait WF Wallis and Futuna
KG Kyrgyzstan EH Western Sahara
LA Lao people's democratic republic YE Yemen
LV Latvia YU Yugoslavia
LB Lebanon Zaire see Congo, the democratic republic of the
LS Lesotho ZM Zambia

User Guide V1.0
LR Liberia ZW Zimbabwe
LY Libyan Arab Jamahiriya

User Guide V1.0
G) User Pages Templates Syntax

In this section you will find syntax for the writing of the user pages with examples for the writing of XSL templates. The BG6020G web server creates XML,
having data inside its structure:
Example:
<?xml version="1.0"?>
<Gemtek>
<Header Script_Name="login.user" Title="Login" charset="; charset=ISO8859-1" language="en"/>
<Data nasid="TestLab" version="BG6020G" help="images/help.html" ip="192.168.4.1"
mac="00923456789A" original_url="https://192.168.4.4:7777/login.user";
type="2" username="g1">
<entry descr="Gemtek Baltic" id="0" url="http://www.gemtek.lt"/>;
<entry descr="Gemtek Systems, Inc." id="1" url="http://www.gemtek-systems.com"/>;
</Data>
<WISPAccessGatewayParam MessageType="120" ResponseCode="100">
<entry ReplyMessage="Your password has expired."/>
</WISPAccessGatewayParam>
<Errors id="4102"/>
</Gemtek>
Current script filename (to be used in forms action attribute) can be located in the XML tree at: /Gemtek/Header/@Script_Name

User Guide V1.0
Page title at:
/Gemtek/Header/@Title
Custom char set (if enabled on administration pages) for user pages at:
/Gemtek/Header/@charset
Welcome.xsl
Welcome page is the first page that the user sees while not registered on the network. This page provides welcome text to the user w ho is connected to the
controller and supplies a link to the login page.
Attribute in XML tree at /Gemtek/Data/@cmd defines the link to the login page. This link should be used to point the user from the welcome screen to login
screen. The Welcome page also lists defined walled garden entries, informing the user where to browse without registering on the network.
Walled Garden information is located in the XML tree under /Gemtek/Data with multiple "entry" branches. These branches have the following attributes:
descr - website description;

url - website URL;
id - website id for BG6020G configuration, which is not needed for the user connecting to the network through the BG6020G.
Login.xsl
Login page appears when the user is not registered to the network and tries to open a webpage. The user proceeds to the login page, following the link from
the welcome page. The Login page has variables that can be used:

User Guide V1.0
/Gemtek/Header/@Script_Name - script name to send back to the BG6020G user login information;
/Gemtek/Data/@username - the username to be entered into the user name field – usually the name the user entered before while unsuccessful in
registering on the network;
/Gemtek/Data/@ip - detected user IP from which he/she tries to register on the network;
/Gemtek/Data/@mac - detected users MAC address;
/Gemtek/Errors/@id - returned error code, which can be as followed:
error description
4101 Failed to authorize.
4102 Login or/and password incorrect.
4103 Network connection failed.
4104 Accounting error.
4105 Unknown authorization error.
4106 Could not get redirection URL.
4107 Already logged in.

/Gemtek/Data/@type - returns to BG6020G response for login request. Type values are as followed:
error description
0 Ok - logged in, redirect user to start page
1 Failed to authorize

User Guide V1.0
2 Login or/and password incorrect
3 Network connection failed
4 Accounting error
5 User already logged in
It is advisable to first check the error codes because they return more precise information. Branch "Type" returns RADIUS se rver response, which gives
additional information about the user status. This can help in detecting whether the user is just logged in or has come to this page while already logged-in.
/Gemtek/WISPAccessGatewayParam/entry/@ReplyMessage - the RADIUS server response message on user logon [optional]. This parameter
supports multiple messages.
This optional RADIUS Reply-Message's could provide more detailed information, why user logon failed.
/Gemtek/Data/@cmd - link to logout page. The logout page displays network usage statistics and provides the logout from the network function.
/Gemtek/Data/@url - the URL of start page to where the user is redirected after successful login. Usually it can be the website of the company or
organization providing the BG6020G controller and configuring the users to visit their website.
/Gemtek/Data/@help - link to help page regarding how the user should register on the network.
When the user clicks the login button, information is sent to: /Gemtek/Header/@Script_Name location with following information:
username - user name to register to network;

password - user password.
When the form is submitted, user information is checked and indication of success or failure is returned.

User Guide V1.0
Logout.xsl
The logout page displays network usage statistics and the user ability to logout from the network. The Logout page is displayed after the successful login and
with usage statistics which are automatically refreshed after a defined time period.
Logout page has variables:
/Gemtek/Header/@Script_Name - current script name, to send command to logout or refresh the statistics on page.
/Gemtek/Data/entry/@auth - authentication method.
/Gemtek/Errors/@id - returned error code. Error code is a follows:
error description
4107 Already logged in. This error code usually comes from
login screen, when redirecting.
Following error codes are sent when other than the LOGOUT command is submitted:
error description
4202 Login failed.

User Guide V1.0
4205 Undefined error return from RADIUS client on BG6020G.
Following error codes are sent when other than LOGOUT command is submitted:
error description
4211 Failed authorization.
4212 Login failed.
/Gemtek/Data/@cmd - link to logout page.
/Gemtek/Data/@login - link to login page. This is used when the user is logged-off and to provide a quick link to be used to register again.
/Gemtek/Data/entry/@username - username with which user is logged in.
/Gemtek/Data/entry/@ip - detected user IP address from which the user has made his attempt to register on the network.
/Gemtek/Data/entry/@mac - detected users MAC address.
/Gemtek/Data/entry/@time - session time.
/Gemtek/Data/entry/@idle - idle time.
/Gemtek/Data/entry/@in - input bytes sent.

User Guide V1.0
/Gemtek/Data/entry/@out - output bytes sent.
/Gemtek/Data/entry/@remain_down - input bytes left.
/Gemtek/Data/entry/@remain_up - output bytes left.
/Gemtek/Data/entry/@remain_total - total bytes left.
/Gemtek/Data/entry/@remain_time - session time remaining.
/Gemtek/Data/entry/@down - bandwidth downstream.
/Gemtek/Data/entry/@up - bandwidth upstream.
If there is no /Gemtek/Data/entry in XML tree, it indicates that the user is not logged in.
Logout page has two purposes:
Log off the user

Show the user usage statistics.
To log off the user, call the script defined in /Gemtek/Header/@Script_Name with variable cmd set to logout. This could be done trough POST or simply
GET methods supplying simple link with parameters:
<a href="/logout.user?cmd=logout">.
To get user usage statistics, simply refresh the script defined in /Gemtek/Header/@Script_Name with no variables set. This could be done by defining the
simple link:
<a href="/logout.user">.

User Guide V1.0
Help.html
This is a HTML file with no embedded cgi prepared. It is advisable to write instructions for the user on how to register to the network or what to do in the case of
troubleshooting.
Unauthorized.html
This page appears if the user is not registered on the network or the web authentication is not provided on the AC. It is rec ommended to include information on
how to contact the network administrator (e.g. phone number).
Smart Client
The BG6020G cannot only be used with a browser, but with a smart client connected to the BG6020G through HTTPS connection; thus, retrieving information
given as XML in the same login.user output. To support a smart client, the following lines should be included in all user XS L templates:
<xsl:import href="xml-in-comments.xsl"/>
<xsl:apply-templates select="Gemtek/WISPAccessGatewayParam"/>
Commands for User Pages

A user who is not logged in and trying to browse the Internet will be redirected to the welcome page automatically.
The welcome page address is:

User Guide V1.0
https://BG6020G_ip_address/welcome.user
The login page address is:
https://BG6020G_ip_address/login.user
The logout and session information page address is:
https://BG6020G_ip_address/logout.user
For the user who is logged in, the form should be posted to /login.user address and the form should have the following parameters:
username - username to log on;

password - user password;
'cmd' with value 'login'.
To receive connected user session information, the following address should be used:
To disconnect a user who is currently connected, the following address should be used:
https://BG6020G_ip_address/logout.user with parameter 'cmd' with value 'logout'.
Entering the following address into the browser will disconnect the currently logged in user:
https://BG6020G_ip_address/logout.user?cmd=logout

User Guide V1.0
Upload Templates
All user pages files (welcome.xsl, login.xsl, logout.xsl, help.html, unauthorized.html) can be on an external server or on th e BG6020G. Which templates are to
be used is found in user interface | configuration | pages. The BG6020G has default user templates that can be replaced by uploading new templates. Any
uploaded templates and images override the default templates.
Next to predefined templates, there are supported image types:
PNG
GIF
JPG
Supported cascading style sheets:
CSS
Uploaded file types are detected by their extension.
Use of cascading style sheets (css) is not required, but recommended.
The Hotspot-in-a-Box administrator is responsible to conduct tests to ensure that all uploaded templates are correct and work as expected. After the upload,
the controller does not verify the correctness of the uploaded templates. If the controller is not able to load the uploaded xsl template, it will use the default
built-in templates.
Image Location

User Guide V1.0
Designers who prepare custom user templates should take note of the location of the images used. All uploaded images, style s heets and static HTML pages
(help.html and unauthorized.html) are located at the virtual directory 'images'. Uploaded image example.gif will be accessible at the following path:
'images/example.gif'
Using other paths like 'webserver/example.gif' or 'example.gif' will redirect to images/unauthorized.html' or if UAM is enabled to user page (welcome.user,
login.user or logout.user depending on device configuration and user status).
This is an example of how to use an image in a XSL template:
<img name="example" src="images/example.gif" />

User Guide V1.0
G) User Pages Templates Syntax

In this section you will find syntax for the writing of the user pages with examples for the writing of XSL templates. The BG6020G web server creates XML,
having data inside its structure:
Example:
<?xml version="1.0"?>
<Gemtek>
<Header Script_Name="login.user" Title="Login" charset="; charset=ISO8859-1" language="en"/>
<Data nasid="TestLab" version="BG6020G" help="images/help.html" ip="192.168.4.1"
mac="00923456789A" original_url="https://192.168.4.4:7777/login.user";
type="2" username="g1">
<entry descr="Gemtek Baltic" id="0" url="http://www.gemtek.lt"/>;
<entry descr="Gemtek Systems, Inc." id="1" url="http://www.gemtek-systems.com"/>;
</Data>
<WISPAccessGatewayParam MessageType="120" ResponseCode="100">
<entry ReplyMessage="Your password has expired."/>
</WISPAccessGatewayParam>
<Errors id="4102"/>
</Gemtek>
Current script filename (to be used in forms action attribute) can be located in the XML tree at: /Gemtek/Header/@Script_Name

User Guide V1.0
Page title at:
/Gemtek/Header/@Title
Custom char set (if enabled on administration pages) for user pages at:
/Gemtek/Header/@charset
Welcome.xsl
Welcome page is the first page that the user sees while not registered on the network. This page provides welcome text to the user who is connected to the
controller and supplies a link to the login page.
Attribute in XML tree at /Gemtek/Data/@cmd defines the link to the login page. This link should be used to point the user from the welcome screen to login
screen. The Welcome page also lists defined walled garden entries, informing the user where to browse without registering on the network.
Walled Garden information is located in the XML tree under /Gemtek/Data with multiple "entry" branches. These branches have the following attributes:
descr - website description;

url - website URL;
id - website id for BG6020G configuration, which is not needed for the user connecting to the network through the BG6020G.
Login.xsl
Login page appears when the user is not registered to the network and tries to open a webpage. The user proceeds to the login page, following the link from
the welcome page. The Login page has variables that can be used:

User Guide V1.0
/Gemtek/Header/@Script_Name - script name to send back to the BG6020G user login information;
/Gemtek/Data/@username - the username to be entered into the user name field – usually the name the user entered before while unsuccessful in
registering on the network;
/Gemtek/Data/@ip - detected user IP from which he/she tries to register on the network;
/Gemtek/Data/@mac - detected users MAC address;
/Gemtek/Errors/@id - returned error code, which can be as followed:
error description
4102 Login or/and password incorrect.
4105 Unknown authorization error.
4106 Could not get redirection URL.

User Guide V1.0
/Gemtek/Data/@type - returns to BG6020G response for login request. Type values are as followed:
error description
0 Ok - logged in, redirect user to start page
1 Failed to authorize
2 Login or/and password incorrect
3 Network connection failed
4 Accounting error
5 User already logged in
It is advisable to first check the error codes, because they return more precise information. Branch "Type" returns RADIUS s erver response, which gives
additional information about the user status. This can help in detecting whether the user is just logged in or has come to this page while already logged-in.
/Gemtek/WISPAccessGatewayParam/entry/@ReplyMessage - the RADIUS server response message on user logon [optional]. This parameter
supports multiple messages.
This optional RADIUS Reply-Message's could provide more detailed information, why user logon failed.
/Gemtek/Data/@cmd - link to logout page. The logout page displays network usage statistics and provides the logout from the network function.
/Gemtek/Data/@url - the URL of start page to where the user is redirected after successful login. Usually it can be the website of the company or
organization providing the BG6020G controller and configuring the users to visit their website.
/Gemtek/Data/@help - link to help page regarding how the user should register on the network.

User Guide V1.0
When the user clicks the login button, information is sent to: /Gemtek/Header/@Script_Name location with following information:
username - user name to register to network;

password - user password.
When the form is submitted, user information is checked and indication of success or failure is returned.
Logout.xsl
The logout page displays network usage statistics and the user ability to logout from the network. The Logout page is displayed after the successful login and
with usage statistics which are automatically refreshed after a defined time period.
Logout page has variables:
/Gemtek/Header/@Script_Name - current script name, to send command to logout or refresh the statistics on page.
/Gemtek/Data/entry/@auth - authentication method.
/Gemtek/Errors/@id - returned error code. Error code is a follows:
error description
4107 Already logged in. This error code usually comes from login screen, when
redirecting.

User Guide V1.0
Following error codes are sent when other than the LOGOUT command is submitted:
error description
4202 Login failed.
Following error codes are sent when other than LOGOUT command is submitted:
error description

4211 Failed authorization.
4212 Login failed.

User Guide V1.0
/Gemtek/Data/@cmd - link to logout page.
/Gemtek/Data/@login - link to login page. This is used when the user is logged-off and to provide a quick link to be used to register again.
/Gemtek/Data/entry/@username - username with which user is logged in.
/Gemtek/Data/entry/@ip - detected user IP address from which the user has made his attempt to register on the network.
/Gemtek/Data/entry/@mac - detected users MAC address.
/Gemtek/Data/entry/@time - session time.
/Gemtek/Data/entry/@idle - idle time.
/Gemtek/Data/entry/@in - input bytes sent.
/Gemtek/Data/entry/@out - output bytes sent.
/Gemtek/Data/entry/@remain_down - input bytes left.
/Gemtek/Data/entry/@remain_up - output bytes left.
/Gemtek/Data/entry/@remain_total - total bytes left.
/Gemtek/Data/entry/@remain_time - session time remaining.
/Gemtek/Data/entry/@down - bandwidth downstream.
/Gemtek/Data/entry/@up - bandwidth upstream.
If there is no /Gemtek/Data/entry in XML tree, it indicates that the user is not logged in.
Logout page has two purposes:

User Guide V1.0
Log off the user

Show the user usage statistics.
To log off the user, call the script defined in /Gemtek/Header/@Script_Name with variable cmd set to logout. This could be done trough POST or simply
GET methods supplying simple link with parameters:
<a href="/logout.user?cmd=logout">.
To get user usage statistics, simply refresh the script defined in /Gemtek/Header/@Script_Name with no variables set. This could be done by defining the
simple link:
<a href="/logout.user">.
Help.html
This is a HTML file with no embedded cgi prepared. It is advisable to write instructions for the user on how to register to the network or what to do in the case of
troubleshooting.
Unauthorized.html
This page appears if the user is not registered on the network or the web authentication is not provided on the AC. It is recommended to include information on
how to contact the network administrator (e.g. phone number).

User Guide V1.0
Smart Client
The BG6020G cannot only be used with a browser, but with a smart client connected to the BG6020G through HTTPS connection; thus, retrieving information
given as XML in the same login.user output. To support a smart client, the following lines should be included in all user XSL templates:
<xsl:import href="xml-in-comments.xsl"/>
<xsl:apply-templates select="Gemtek/WISPAccessGatewayParam"/>
Commands for User Pages

A user who is not logged in and trying to browse the Internet will be redirected to the welcome page automatically.
The welcome page address is:
https://BG6020G_ip_address/welcome.user
The login page address is:
https://BG6020G_ip_address/login.user
The logout and session information page address is:
For the user who is logged in, the form should be posted to /login.user address and the form should have the following parameters:
username - username to log on;

password - user password;
'cmd' with value 'login'.

User Guide V1.0
To receive connected user session information, the following address should be used:
To disconnect a user who is currently connected, the following address should be used:
https://BG6020G_ip_address/logout.user with parameter 'cmd' with value 'logout'.
Entering the following address into the browser will disconnect the currently logged in user:
https://BG6020G_ip_address/logout.user?cmd=logout
Upload Templates
All user pages files (welcome.xsl, login.xsl, logout.xsl, help.html, unauthorized.html) can be on an external server or on th e BG6020G. Which templates are to
be used is found in user interface | configuration | pages. The BG6020G has default user templates that can be replaced by uploading new templates. Any
uploaded templates and images override the default templates.
Next to predefined templates, there are supported image types:
PNG
GIF
JPG
Supported cascading style sheets:
CSS
Uploaded file types are detected by their extension.

User Guide V1.0
Use of cascading style sheets (css) is not required, but recommended.
The Hotspot-in-a-Box administrator is responsible to conduct tests to ensure that all uploaded templates are correct and work as expected. After the upload,
the controller does not verify the correctness of the uploaded templates. If the controller is not able to load the uploaded xsl template, it will use the default
built-in templates.
Image Location
Designers who prepare custom user templates should take note of the location of the images used. All uploaded images, style sheets and static HTML pages
(help.html and unauthorized.html) are located at the virtual directory 'images'. Uploaded image example.gif will be ac cessible at the following path:
'images/example.gif'
Using other paths like 'webserver/example.gif' or 'example.gif' will redirect to images/unauthorized.html' or if UAM is enabl ed to user page (welcome.user,
login.user or logout.user depending on device configuration and user status).
This is an example of how to use an image in a XSL template:
<img name="example" src="images/example.gif" />

User Guide V1.0
Glossary
Symbols:
802.11: 802.11 is a family of specifications for wireless local area networks (WLANs) developed by a working group of the Institute of Electrical and Electronics
Engineers (IEEE). The original specification provides for an Ethernet Media Access Controller (MAC) and several physical laye r (PHY) options, the most
popular of which uses GFSK modulation at 2.4GHz, enabling data rates of 1 or 2Mbps. Since its inception, two major PHY enhancements have been adopted
and become "industry standards".
802.11b adds CCK modulation enabling data rates of up to 11Mbps, and 802.11a specifies OFDM modulation in frequency bands in the 5 to 6GHz range, and
enables data rates up to 54Mbps.
A
AAA: Authentication, Authorization and Accounting. A method for transmitting roaming access requests in the form of user credentials (typically user@domain
and password), service authorization, and session accounting details between devices and networks in a real-time manner.
authentication: The process of establishing the identity of another unit (client, user, device) prior to exchanging sensitive information.

User Guide V1.0
B
backbone: The primary connectivity mechanism of a hierarchical distributed system. All systems, which have connectivity to an intermediat e system on the
backbone, are assured of connectivity to each other. This does not prevent systems from setting up private arrangem ents with each other to bypass the
backbone for reasons of cost, performance, or security.
Bandwidth: Technically, the difference, in Hertz (Hz), between the highest and lowest frequencies of a transmission channel. However, as typically used, the
amount of data that can be sent through a given communications circuit. For example, typical Ethernet has a bandwidth of 100Mbps.
bps: bits per second. A measure of the data transmission rate.
D
DHCP: Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets network administrators manage centrally and automate the
assignment of Internet Protocol (IP) addresses in an organization's network. Using the Internet Protocol, each machine that c an connect to the Internet needs a
unique IP address. When an organization sets up its computer users with a connection to the Internet, ÿn IP address must be assigned to each mac hine.
Without DHCP, the IP address must be entered manually at each computer and, if computers move to another location in another part of the network, a new IP
address must be entered. DHCP lets a network administrator supervise and distribute IP addresses from a central point and aut omatically sends a new IP
address when a computer is plugged into a different place in the network.
DNS: Domain Name Service. An Internet service that translates a domain name such as gemtek-systems.com to an IP address, in the form xx.xx.xx.xx, where
xx is an 8 bit hex number.

User Guide V1.0
E
EAP: Extensible Authentication Protocol. Defined in [RFC2284] and used by IEEE 802.1x Port Based Authentication Protocol [8021x] that provides additional
authentication methods. EAP-TLS (Transport Level Security) provides for mutual authentication, integrity-protected ciphersuite negotiation and key exchange
between two endpoints [RFC2716]. EAP-TTLS (Tunneled TLS Authentication Protocol) provides an authentication negotiation enhancement to TLS (see
Internet-Draft <draft-ietf-pppext-eap-ttls-00.txt>).
G
gateway: A gateway is a network point that acts as an entrance to another network. On the Internet, a node or stopping point can be either a gateway node or a
host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers t hat control traffic
within your company's network or at your local Internet service provider (ISP) are gateway nodes.
H
hotspot: A hotspot is wireless public access system that allows subscribers to be connected to a wireless network in order to access the Internet or other
devices, such as printers. Hot-spots are created by WLAN access points, installed in public venues. Common locations for public access are hotels, airport
lounges, railway stations or coffee shops.
hotspot operator: An entity that operates a facility consisting of a Wi-Fi public access network and participates in the authentication.
HTTP: The Hypertext Transfer Protocol (HTTP) is the set of rules for exchanging files (text, graphic images, sound, video, and othe r multimedia files) on the
World Wide Web. Relative to the TCP/IP suite of protocols (which are the basis for information exchange on the Internet), HTTP is an application protocol.

User Guide V1.0
HTTPS: HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol developed by Netscape and built into its
browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is real ly just the use of Netscape's
Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering.
I
ICMP: ICMP (Internet Control Message Protocol) is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP
uses Internet Protocol (IP) datagrams, but the messages are processed by the IP software and are not directly apparent to the application user.
IEEE: Institute of Electrical and Electronics Engineers. The IEEE describes itself as the world's largest professional society. The IEEE fosters the development
of standards that often become national and international standards, such as 802.11.
IP: The Internet Protocol (IP) is the method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on
the Internet has at least one IP address that uniquely identifies it from all other computers on the Internet. When you send or receive data (for example, an
e-mail note or a Web page), the message gets divided into little chunks called packets. Each of these packets contains both the sender's Internet address and
the receiver's address. Any packet is sent first to a gateway computer that understands a small part of the Internet. The gateway computer reads the
destination address and forwards the packet to an adjacent gateway that in turn reads the destination address and so forth across the Internet until one
gateway recognizes the packet as belonging to a computer within its immediate neighborhood or domain. That gateway then forwa rds the packet directly to the
computer whose address is specified.
IPsec: IPsec (Internet Protocol Security) is a developing standard for security at the network or packet processing layer of network communication . Earlier
security approaches have inserted security at the application layer of the communications model. IPsec will be especially useful for implementing virtual private
networks and for remote user access through dial-up connection to private networks. A big advantage of IPsec is that security arrangements can be handled
without requiring changes to individual user computers. Cisco has been a leader in proposing IPsec as a standard (or combination of standards and
technologies) and has included support for it in its network routers.

User Guide V1.0
IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating
Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. The specific informa tion associated with each of
these services is inserted into the packet in a header that follows the IP packet header. Separate key protocols can be selected, such as the ISAKMP/Oakley
protocol.
ISP: An ISP (Internet Service Provider) is a company that provides individuals and other companies access to the Internet and ot her related services such as
Web site building and virtual hosting. An ISP has the equipment and the telecommunication line access required to have a poin t-of-presence on the Internet for
the geographic area served.
L
LAN: A local area network (LAN) is a group of computers and associated devices that share a common communications line and typically share the resources
of a single processor or server within a small geographic area (for example, within an office building). Usually, the server has applications and data storage that
are shared in common by multiple computer users. A local area network may serve as few as two or three users (for example, in a home network) or many as
thousands of users (for example, in an FDDI network).
M
MAC: Medium Access Control. In a WLAN network card, the MAC is the radio controller protocol. It corresponds to the ISO Network Model's level 2 Data Link
layer. The IEEE 802.11 standard specifies the MAC protocol for medium sharing, packet formatting and addressing, and error de tection.

User Guide V1.0
N
NAT: NAT (Network Address Translation) is the translation of an Internet Protocol address (IP address) used within one network t o a different IP address
known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network
addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses.
NAT is included as part of a router and is often part of a corporate firewall.
P
POP3: POP3 (Post Office Protocol 3) is the most recent version of a standard protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is
received and held for you by your Internet server. Periodically, you (or your client e-mail receiver) check your mail-box on the server and download any mail.
POP3 is built into the Netmanage suite of Internet products and one of the most popular e-mail products, Eudora. It's also built into the Netscape and Microsoft
Internet Explorer browsers.
PPP: PPP (Point-to-Point Protocol) is a protocol for communication between two computers using a serial interface, typically a personal computer connected
by phone line to a server. PPP uses the Internet protocol (IP) (and is designed to handle others). It is sometimes considered a member of the TCP/IP suite of
protocols. Relative to the Open Systems Interconnection (OSI) reference model, PPP provides layer 2 (data-link layer) service. Essentially, it packages your
computer's TCP/IP packets and forwards them to the server where they can actually be put on the Internet.
PPP is a full-duplex protocol that can be used on various physical media, including twisted pair or fiber optic lines or satellite transmission. It uses a variation of
High Speed Data Link Control (HDLC) for packet encapsulation.
PPP is usually preferred over the earlier de facto standard Serial Line Internet Protocol (SLIP) because it can handle synchronous as well as asynchronous
communication. PPP can share a line with other users and it has error detection that SLIP lacks. Where a choice is possible, PPP is preferred.

User Guide V1.0
PPPoE: PPPoE (Point-to-Point Protocol over Ethernet) is a specification for connecting multiple computer users on an Ethernet local area network to a remote
site through common customer premises equipment, which is the telephone company's term for a modem and similar devices. PPPoE can be used to have an
office or building-full of users share a common Digital Subscriber Line (DSL), cable modem, or wireless connection to the Internet. PPPoE combines the
Point-to-Point Protocol (PPP), commonly used in dialup connections, with the Ethernet protocol, which supports multiple users in a loc al area network. The
PPP protocol information is encapsulated within an Ethernet frame.
PPPoE has the advantage that neither the telephone company nor the Internet service provider (ISP) needs to provide any speci al support. Unlike dialup
connections, DSL and cable modem connections are "always on." Since a number of different users are sharing the same physical connection to the remote
service provider, a way is needed to keep track of which user traffic should go to and which user should be billed. PPPoE pro vides for each user-remote site
session to learn each other's network addresses (during an initial exchange called "discovery"). Once a session is established between an individual user and
the remote site (for example, an Internet service provider), the session can be monitored for billing purposes.
PPTP: Point-to-Point Tunneling Protocol (PPTP) is a protocol (set of communication rules) that allows corporations to extend their own corporate n etwork
through private "tunnels" over the public Internet. Effectively, a corporation uses a wide-area network as a single large local area network. This kind of
interconnection is known as a virtual private network (VPN).
R
RADIUS: RADIUS (Remote Authentication Dial-In User Service) is a client/server protocol and software that enables remote access servers to communicate
with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user
profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single
administered network point. Having a central service also means that it's easier to track usage for billing and for keeping n etwork statistics.

User Guide V1.0
S
SNMP: Simple Network Management Protocol (SNMP) is the protocol governing network management and the monitoring of network devices and their
functions. It is not necessarily limited to TCP/IP networks.
SNMP is described formally in the Internet Engineering Task Force (IETF) Request for Comment (RFC) 1157 and in a number of other related RFCs.
SSL: The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently
been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer
Protocol (HTTP) and Transport Control Protocol (TCP) layers. The "sockets" part of the term refers to the sockets method of passing data back and forth
between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system
from RSA, which also includes the use of a digital certificate.
T
TCP: TCP (Transmission Control Protocol) is a set of rules (protocol) used along with the Internet Protocol (IP) to send data in the form of message units
between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of keepi ng track of the individual units of
data (called packets) that a message is divided into for efficient routing through the Internet.
TCP is a connection-oriented protocol, which means that a connection is established and maintained until such time as the message or messages to be
exchanged by the application programs at each end have been exchanged. TCP is responsible for ensuring that a message is divided into the packets that IP
manages and for reassembling the packets back into the complete message at the other end. In the Open Systems Inte rconnection (OSI) communication
model, TCP is in layer 4, the Transport Layer.

User Guide V1.0
TCP/IP: TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a
communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your com puter is
provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.
TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller pack ets that are
transmitted over the Internet and received by a TCP layer that reassem bles the packets into the original message. The lower layer, Internet Protocol, handles
the address part of each packet so that it gets to the right destination.
Telnet: Telnet is the way to access someone else's computer, assuming they have given permission. (Such a computer is frequently called a host computer.)
More technically, Telnet is a user command and an underlying TCP/IP protocol for accessing remote computers. On the Web, HTTP and FTP protocols allow
to request specific files from remote computers, but not to actually be logged on as a user of that computer.
U
UAM: Universal Access Method is the current recommended methodology for providing secure web-based service presentment, authentication, authorization
and accounting of users is a WISP network. This methodology enables any standard Wi-Fi enabled TCP/IP device with a browser to gain access to the WISP
network.
W
WAN: A wide area network (WAN) is a geographically dispersed telecommunications network. The term distinguishes a broader telecommunication structure
from a local area network (LAN). A wide area network may be privately owned or rented, but the term usually connotes the incl usion of public (shared user)
networks. An intermediate form of network in terms of geography is a metropolitan area network (MAN).

User Guide V1.0
X
XSL (Extensible Style sheet Language), formerly called Extensible Style Language, is a language for creating a style sheet that describes how data sent over
the Web using the Extensible Markup Language (XML) is to be presented to the user.

User Guide V1.0
Index
A
AAA, 7
configuration, 87
AC specification, 111
access AC
using Web-browser, 12
access control on device, 85
administrator, 75
authentication, 89
B
back pannel, 9
C
certificates upload, 82
CLI, 39
connection commands, 127
network commands, 119

User Guide V1.0
network RADIUS commands, 121

network tunnels commands, 122
status commands, 127
system commands, 124
system configuration commands, 126
user commands, 123
CLI commands
connection, 39
exit, 44
login, 39
network, 40
reboot, 44
reset, 44
status, 43
system, 43
telnet, 44
user, 42
clock, 80
command line interface, 38
connect
to CLI, 38
connect the access controller, 11
connectors, 10

User Guide V1.0
create log-on, 17
D
DHCP, 57
DNS, 56
E
e-mail redirection, 101
F
factory defaults values, 113
Features list, 7
H
hardware introduction, 9
headers, 71
help page, 24, 70
I
initilization, 12
installation
connecting the controller, 8
package content, 8

User Guide V1.0
introduction
IP router, 7
ISO country codes, 131
L
LAN switch, 7
LED's, 9
location ID, 131
login, 17, 22, 70
logout, 23, 70
M
Management, 7
management subnet, 55
N
NAT, 89
NTP, 81
P
port forwarding, 53
PPPoE/PPPTP for DSL, 67
Product overview, 6

User Guide V1.0
proxy
configuration, 65
R
RADIUS
WISP, 64
RADIUS, 59
servers, 62
settings, 60
RADIUS
accounting backup, 66
RADIUS
attributes, 128
RADIUS
attributes, 129
redirection URL, 77
restore settings, 83
route
configuration, 52
S
save settings, 83
SNMP, 45, 90, 92

User Guide V1.0
start up
administrator password, 18
e-mail redirection, 18
start-up
create welcome, 17
DNS set-up, 16
IP address management, 16
RADIUS set-up, 16
station supervision, 101
step by step, 16
support, 5
syslog, 79
system, 79
system reset, 96
system status, 93
T
technical data, 111
telnet access, 87
trace system, 80
trace system levels, 80
tunnels, 67

User Guide V1.0
U
UAT, 19, 88
upgrade, 97
user isolation, 89
user pages
help, 24
logon, 22
logout, 23
unauthorized, 24
welcome, 22
user pages templates, 135
user pages upload, 71
users statistics, 99
V
visitor access, 89
VLAN
configuration, 51
VPN, 7
W
walled garden, 77
web interface

User Guide V1.0
connection, 99
menu, 48
user, 69
web proxy, 78
welcome, 22, 70

Bg6020g Ug en

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bg6020g Ug en

Uploaded by

Copyright:

Available Formats

Public Access Control Gateway

User Guide V1.0

User Guide V1.0

User Guide V1.0

User Guide V1.0

Novell is a registered trademark of Novell, Inc.

MacOS is a registered trademark of Apple Computer, Inc.

Java is a trademark of Sun Microsystems, Inc.

Wi-Fi is a registered trademark of Wi-Fi Alliance.

User Guide V1.0

ABOUT THIS GUIDE ................................................................................................................................................................................................................. 16

Prerequisite Skills and Knowledge............................................................................................................................................................. 16

Conventions Used in this Document .......................................................................................................................................................... 17

Help Us to Improve this Document! ........................................................................................................................................................... 18

Browan Technical Support ........................................................................................................................................................................ 18

CHAPTER 1 – INTRODUCTION ............................................................................................................................................................................................... 19

Product Overview ..................................................................................................................................................................................... 19

Authentication, Authorization & Accounting ............................................................................................................................................ 19

User Guide V1.0

Remote Control ..................................................................................................................................................................................... 20

IP Router and IP address management.................................................................................................................................................. 22

LAN switch ............................................................................................................................................................................................ 23

CHAPTER 2 – INSTALLATION ................................................................................................................................................................................................ 24

The Product Package................................................................................................................................................................................ 25

General Overview - Front Panel ............................................................................................................................................................. 26

General Overview - Back Panel ............................................................................................................................................................. 27

User Guide V1.0

Product and Safety Label....................................................................................................................................................................... 29

Hardware Installation ................................................................................................................................................................................ 30

Installing Public Access Control Gateway ............................................................................................................................................... 30

Software Introduction ................................................................................................................................................................................ 31

First Configuration ................................................................................................................................................................................. 31

Step by Step Setup ................................................................................................................................................................................... 34

CHAPTER 3 – UNIVERSAL ADDRESS TRANSLATION ......................................................................................................................................................... 40

What is UAT ............................................................................................................................................................................................. 40

UAT Limitation .......................................................................................................................................................................................... 42

CHAPTER 4 – USER PAGES (BASED ON XSL) ..................................................................................................................................................................... 43

User Pages Overview ............................................................................................................................................................................... 44

Welcome Page ...................................................................................................................................................................................... 44

User Guide V1.0

Help Page ............................................................................................................................................................................................. 48

Changing User Pages ............................................................................................................................................................................... 49

Example for External Pages................................................................................................................................................................... 50

Example for Internal Pages.................................................................................................................................................................... 53

CHAPTER 5 – CUSTOMIZED USER PAGE (HTML) ................................................................................................................................................................ 57

Determine Your Access Policy .................................................................................................................................................................. 57

Configure Authentication-Free Access Policy............................................................................................................................................. 58

CHAPTER 6 – COMMAND LINE INTERFACE ......................................................................................................................................................................... 66

Get Connected to CLI ............................................................................................................................................................................... 68

Telnet Connection ................................................................................................................................................................................. 68

SSH Connection .................................................................................................................................................................................... 69

User Guide V1.0

CHAPTER 7 – SNMP MANAGEMENT ..................................................................................................................................................................................... 82

SNMP Versions ........................................................................................................................................................................................ 83

SNMP Community Strings......................................................................................................................................................................... 85

Use SNMP to Access MIB......................................................................................................................................................................... 86

Browan Private MIB .................................................................................................................................................................................. 87

User Guide V1.0

CHAPTER 8 – REFERENCE MANUAL .................................................................................................................................................................................... 88

Web Interface ........................................................................................................................................................................................... 88

Network Interface | Configuration | Interface Configuration ..................................................................................................................... 93

Network Interface | Configuration | bridge............................................................................................................................................... 97

Network Interface | Configuration | VLAN ............................................................................................................................................. 101