EpsonメーカーIWE3200-Hの使用説明書/サービス説明書
ページ先へ移動 of 80
IWE3200-H HotSpot Gateway User’s Guide Version: 1.0 Last Updated: 08/11/2006.
i Federal Communication Commission Interference Stateme nt This equipment has been tested and found to comply with the limits for a Class B digital device, pur- suant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
ii R&TTE Compliance Statement This equipment complies with all the requireme nts of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal equipment and the mutual r ecognition of their conform ity (R&TTE).
iii Table of Contents 1. Introduction ................................................................................................................ ......... 1 1.1. Overview ..........................................................................
iv 2.13.2. RADIUS ...................................................................................................... 55 2.13.3. Authentication Session Control .................................................................. 57 2.13.4. Authentication Page Customization .
1 1. Introduction 1.1. Overview The IWE3200-H Wireless HotSpot Gateway enables Telco operators, wireless ISPs, en terprises, government institutes, or school campuses to deploy WLANs with secured user authentication support.
2 1.2. Features z User Authentication, Authorization, and Accounting Web redirection. When an unauthenticated wireless user is trying to access a Web page, he/she is redirected to a logon page for en tering the user name and password. Then, the user credential information is sent to a back-end RADIUS server for authentication.
3 Enabling/disabling SSID broadcasts. The user can enable or disable the SSID broadcasts functionality for security reasons . When the SSID broadcasts functionality is disabled, a client computer cannot associate the wireless AP with an “any ” network name (SSID, Service Set ID); the correct SSID has to be specified on client com- puters.
4 NAT server. Client computers can share a public IP address provided by an ISP (Internet Service Provider) by NAT (Network Address Translation). And our NAT serv er function- ality supports the following: Virtual server. Exposing servers on the intranet to the Internet.
5 Wireless-to-Ethernet-LAN traffic blocking. Traffic between the wireless interface and the Ethernet LAN interface can be blocked. z Changeable MAC Address of the Ethernet WAN Interface. Some ADSL modems work only with Ethernet cards provided by the ISP.
6 In addition, it can also be configured to accept management commands only from specific hosts. UPnP. The access Router responds to UPnP discovery messages so that a Windows XP user can locate the access Router in My Netw ork Places and use a Web browser to config- ure it.
7 1.3. LED Definition z PWR : Power z ALV : Alive. Blinks when the IWE3200-H is working normally. z RF : IEEE 802.11b/g interface activity z WAN/LAN : Ethernet WAN/LAN interface activity Fig. 1. LED Indicator . 1.4. Feature Comparison IWE3200-H0S36X Wired Advanced IWE3200-H9S36X Wireless Advanced IEEE 802.
8 2. First-Time Installation and Configuration 2.1. Selecting a Power Supply Method The IWE3200-H can be powered by either the supp lied AC power adapter or the optional IWE500-INJ POE Power Injector. The IWE3200-H automatically selects the suitable power de- pending on your decision.
9 Fig. 4. Connecting Ethernet cables to IWE500-INJ. 5. Check the “ACTIVE” LED: if power is successfully fed into the IWE3200-H , the “ACTIVE” LED will be on (Red light); otherwise, the “ACTIVE” LED will be off. 6. If the electricity current is over the normal condition (Io > 1.
10 2.3. Preparing for Configuration To configure a IWE3200-H , a managing computer with a Web browser is needed. For first-time con- figuration of a IWE3200-H , an Ethernet network interface card (NIC) should have been installed in the managing computer.
11 2.3.2. Changing the TCP/IP Settings of the Managing Computer Use the Windows Network Control Panel Applet to change the TCP/IP settings of the managing computer, so that the IP address of the computer and the IP address of the IWE3200-H are in the same IP subnet.
12 On the Home page, click the SETUP WIZARD to quickly change the configuration of the gateway. Fig. 8. The Home Page. 2.4.2. SETUP WIZARD Step 1: Selecting an Operational Mode Fig.
13 2.4.3. SETUP WIZARD Step 2: Configuring TCP/IP Settings 2.4.3.1. Router with a PPPoE-Based DSL/Cable Connec- tion Fig. 10. TCP/ IP settings for Router with a PPPoE-Based DSL/Cable Connection mode. In this mode, two IP addresses are needed—one for the Ethernet L AN interface and the other for the WAN interface.
14 The default LAN IP address is 192.168.0.1 and the default subnet mask is 255.2 55.255.0 . In most cases, these default settings need no change. As for the WAN IP address, it is obtained by DHCP from the ISP. The Trigger mode setting affects the behavior of the DHCP client of the Router.
15 Fig. 13. TCP/ IP settings for Router with Multiple DSL/Cable Connections mode. Since the Internet connection can be PPPoE-based, DHCP-based, or Static-IP-based, the addressing settings of each WAN .
16 puter and the SSID of the wireless access Router must be identical for them to communicate with each other. 2.4.6. Configuring User Authentication Settings The IWE3200-H supports both Web redirection-based and non-802.1x-based user and IEEE 802.1x-based user authentication.
17 1.3.2. PAP 1.3.3. CHAP 2. Enable without Authentication – Enable only the Web-Redirection, but disable the user Auth enti- cation mechanism. User will automa tically redirect to the destination web page if the URL i ndi- cated. Fig. 18. W eb redirection settings – Enabl e without Authentication 3.
18 Internet , which is used with the input unit by t he control ke ypad. For example, if the per unit time is 50 (min) and the control keypad is input to be 5 (units ), then the total available access time frame of the user is 50 x 5 = 250 (min). Default is ‘1’ min.
19 Inactive : to show the user account that access time frame expired, or ‘Valid Period’ ex- pired. Permanent : to show the user account that would never expire. The state for the user ac- counts which created by manual would be perman ent.
20 defined Fig 24 of Sec.2.4.7.2. 2.4.6.4. IEEE 802.1x Fig. 23. Changing security mode to an IEEE 802.1x option. To setup IEEE 802.1x-based user authentication, go to WIRELESS Æ Communication Æ Security section, and then change the Security mode setting to an IEEE 802.
21 Web Redirection Disabled ■ ■ ■ Table 1. Allowable authentication modes. 2.5. Deploying the IWE3200-H After the settings have been configured, deploy the Router to the field application environment. You have to connect AP(s), modem(s), and RADIUS server(s) to the IWE3200-H .
22 formation). The IWE3200-H supports the built-in user database for local authentication, this function also associ- ates the optional external mini-POS Ticket Printer for billing printing purpose. The setup scenario is shown in Fig 28. Please also refer to Sec.
23 Both the wireless client computer and the deployed APs must have the same WEP settings for them to communicate with each other. Therefore, unless IEEE 802.1x EAP-TLS, which supports dynamic WEP key distribution, is used, it’s strongly suggested not to enable WEP functionality of the deployed APs for hotspot applications.
24 Fig. 28. User name and password for authentication. 5. If the user name and password ar e correct. Now you’ll be brought to the original page you have requested after waiting for a few seconds. Mean while, a window for log-off and session stat us appears.
25 If you complete the above procedure without error, the Router together with the RADIUS server has been correctly set up for Web redirection-based authentication. 2.8. Using Web-Based Network Management Fig. 32. The Home page. 2.8.1. Menu Structure The left side of the start page contains a menu fo r you to carry out commands.
26 z TCP/IP. TCP/IP-related settings. Address. IP addressing settings for the Router to wo rk in the TCP/IP networking world, or user name and password provided by the ISP. DNS. DNS (Domain Name System) proxy settings. NAT. Settings for the NAT (Network Address Translation) server on the Router.
27 Access Rules. Settings for the time frame policy to Permit/Deny administrator to access the IWE3200-H . LAN Device Management. Settings for the Router to know what LAN devices it has to manage. z Status. System m onitoring information. Associated Wireless Clients.
28 At the bottom of each status page that show s read-only information, there are two buttons— Ho me and Refresh . Clicking Home brings you back to the start page. Clicking Refresh updates the shown status information. 2.9. Seeing Status 2.9.1. Associated Wireless Clients Fig.
29 Any authenticated user can be termin ated by clicking the corresponding Terminate link so that this user is blocked from using networking s ervices provide d by the Router. A terminated user is m oved to the Termina ted Users Table . Clicking the corresponding Release link puts a terminated user back into authenticated state.
30 Fig. 41. Latest incoming user traf fic sessions. On this page, latest 50 outgoing and 50 incoming u ser traffic sessions are shown for monitoring net- work activity. 2.9.5. Managed LAN Devices Fig. 42. Managed LAN devices. On this page, the status of every managed LAN device is shown.
31 Fig. 43. Operational modes. On this page, you can specify the operational mode for the Router. Currently, 5 modes are available: z Router with a PPPoE-based DSL/Cable Connection. In this mode, the Router assumes that a DSL or cable modem is connected to its Ethernet WAN in terface.
32 2.10.2. Changing Password Fig. 45. Password. On this page, you could change the user name a nd password of the adm inistrator. The administrator can view and modify the configuration of the IWE3200-H . The new password must be typed twice for confirmation.
33 Fig. 48. Configuration backup by HTTP . To back up configuration of the access Router by HTTP: 1. Click Back Up . 2. You’ll be prompted to ope n or save the configuration file. Click Save . 3. The configuration file is named by the IWE3200-H ’s MAC address.
34 Fig. 51. Firmware upgrade by TFT P . To upgrade firmware of the access Router by TFTP: 1. Get a computer that will be used as a TFTP server and as a managing computer to trigger the upgrade process. 2. Connect the computer and one of the LAN Ethe rnet switch port with a norm al Ethernet cable.
35 net. In this case, you must have configured the Router to be remotely manageable (see Section 2.13.1.1) and adjust the Timeout and Max no. of retries settings of TFTP Server for remote TFTP upgrade to succeed. 2.10.3.4. Backing up and Restoring Configuration Set- tings by TFTP Fig.
36 example, if the Router’s MAC address is 00-01-02-33-44-55, the config uration backup file should be “000102334455.hex”. 5. On the computer, run a Web browser and click the General, Firmware Tools hyperlink. 6. Within the Configuration Backup/Restore section, specify the IP address of the computer, which acts as a TFTP server.
37 2.11.1.1. Router with a PPPoE-Based DSL/Cable Con- nection Fig. 56. TCP/ IP settings for Router with a PPPoE-Based DSL/Cable Connection mode. If the IWE3200-H was set to be in Router with a PPPoE-Based DSL/Cable Connection mode, two IP addresses are needed—one for the Ethernet L AN interface and the other for the WAN interfac e.
38 Fig. 57. TCP/ IP settings for Router with a DHCP-Based DSL/Cable Connection mode. If the IWE3200-H was set to be in Router with a DHCP-Based DSL/Cable Connection mode, two IP addresses are needed—one for the Ethernet L AN interface and the other for the WAN interfac e.
39 2.11.1.4. Router with Multiple DSL/Cable Connections Fig. 59. TCP/ IP settings for Router with Multiple DSL/Cable Connections mode. Since the Internet connection can be PPPoE-based, DHCP-based, or .
40 2.11.2.2. Static DNS Mappings Fig. 61. Stati c DNS mappings. By Static DNS Mappings , an internal server can be given a dom ain name, so that other hos ts on the intranet can access the server by its domain name inst ead of by its IP address. For example, an inter- nal Web server for the intranet, say 192.
41 2.11.3.2. Virtual Server Mappings Fig. 63. V irtual server mappings. The gateway enables you to expose internal servers on the intranet through NAT to the Internet for public use. The exposed internal servers are called virtual servers because fro m perspective of hosts on the Internet, these servers are invisible in terms of TCP/IP.
42 2.11.4.2. Basic Fig. 64. Basic DHCP server settings. The Router can automatically assign IP addresses to c lient computers by DHCP. In this section of the management page, you can specify the Default Router , Subnet mask , Primary DNS server , and Secondary DNS server settings that will be sent to a client at its request.
43 To always assign a static IP address to a specific DHCP client: 1. Specify the MAC address of the DHCP client and the IP address to be assigned to it. Then, giv e a description for this mapping. 2. Select the corresponding Enabled check box. 2.11.5.
44 2.11.6. Zero Client Reconfiguration Fig. 68. Zero Client Reconfiguration Settings. The IWE3200-H provides the ‘Zero Client Reconfiguration’ function to allow the wireless clients associate to the IWE3200-H without any network setting modificati on required.
45 Since the IEEE 802.11g-based IWE3200-H is also IEEE 802.11b compatible, you can configure the Date rate setting to meet your backwards compatibility needs. If there is RF interference, you may want to reduce the Data rate for more reliable wireless transmission.
46 Fig. 71. W ireless Distribution Sy stem settings. To enable a WDS link: 1. Specify the MAC address of the AP or wireless bridge at the other end of the WDS link.
47 2.12.2. Security IEEE 802.11b/g security settings include SSID broadcasts , Security mode , IEEE 802.11 Authenti- cation algorithm , WEP keys , MAC-Address-Based Access Control .
48 Fig. 76. Behavior of the “All APs on This Subnet” wireless client isolation option. As illustrated in Fig. when AP 1 and AP 2 are us ing the “This AP Only” option, wireless traffic be- tween STA 1 and STA 2 is blocked by AP 1, while wireless traffic between STA 2 and STA 3, which are associated with different APs, is still allowed.
49 In the above security modes, a back-end RADIUS (Remote Authentication Dial-In User Service) server is needed if IEEE 802.1x functi onality is en abled. See Section 2.13.2 for m ore information about IEEE 802.1x and RADIUS. According to the IEEE 802.
50 3. Specify the MAC address of a wireless c lient to allow access, and then click Add . 4. Repeat Step 3 for each other wireless client. To delete an entry in the access control table: z Click Delete next to the entry. NOTE: The size of the access control table is 64.
51 2.13. Configuring AAA (Authentication, Authorization, Ac- counting) Settings 2.13.1. Web Redirection The IWE3200-H supports both IEEE 802.1x-based and Web redirection-based user authentication.
52 2.13.1.1. Basic Fig. 81. W eb redirection enabled with authentication. There are three modes for Web redirection— Enabled with Authentication , Enabled without Au- thentication , and Disabled . In Enabled with Authentication mode, you specify the RADIUS authentication method that cor- responds to your RADIUS server settings.
53 Fig. 83. Default log-of f page. NOTE: On a PDA such as Pocket PC, the log-off would not be shown. To log off from the net- work, go back to the log-on page, and then click Log Off to end the session.
54 There are occasions on which you want some co mputer s to be able to freely access the Internet with- out being authenticated first. For example, you may want your wired desktop computers connected with the Router to be uncontrolled by the Router while providing wireless Internet access service for your customers with wireless laptop computers.
55 2.13.2. RADIUS IEEE 802.1x Port-Based Network Access Control is a standard for solvin g some security issues asso- ciated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key dis- tribution.
56 2.13.2.1. Basic Fig. 89. RADIUS basic settings. For the IWE3200-H , the RADIUS client com ponent of the Router is shared by the IEEE 802.1x and Web redirection components. The RADIUS settings ar e for the RADIUS client to communicate with backend RADIUS servers.
57 2.13.3. Authentication Session Control Fig. 91. Authentication session control settings. Authentication session control settings are for controlling the lifetimes of user authentication sessions. The Idle timeout setting specifies how long a user can be idle wi thout generating any traffic before being terminated.
58 Fig. 93. Authentication success page customization settings. Fig. 94. Authentication failure page customization settings. In addition to the Text alignment , HTML title , and Contents setting, two more settings are provided for specifying the size of the Log-Off window ( Windows width and Window height ).
59 Fig. 96. Advertisement links settings. Fig. 97. Advertisement links in action. 2.14. DDNS Fig. 98. Dynamic DNS settings. With the help of dynamic DNS (DDNS) services pro vided by dyndns.org or no-ip.com , you can make your device automatically register the IP address it obtains dynamically by PPPoE or DHCP with the DDNS servers.
60 2.15. Configuring Advanced Settings 2.15.1. Filters and Firewall 2.15.1.1. Packet Filters Fig. 99. Packet filters settings. You can specify rules for the firewall component of the Router to check outgoing packets. Packets that meet the rules can be permitted or denied.
61 NOTE: Set the rules with great care since incorrect rules would make the Router inaccessible. The last resort to restore the Router to ser vice may be resetting its configuration to fac- tory-set values by pressing the Default switch on the housing of the Router.
62 The IWE3200-H is capable of blocking HTTP traffic from the intranet to specified unwelcome Web sites. To block HTTP traffic to an unwelcome Web site: 1. Specify the URL (ex. www.xxx.com) of the unwelcome Web site. 2. Select the corresponding Enabled check box.
63 UPnP (Universal Plug and Play) enables a Windows XP user to automatically discover peripheral de- vices by HTTP. When the UPnP functionality is en abled, yo u can see the Router in My Network Places of Windows XP. The Router can be given a friend name that will be shown in My Network Places.
64 2.15.2.4. SNMP Fig. 106. SNMP settings. The IWE3200-H can be managed by SNMP (Simple Networ k Management Protocol), and the SNMP management functionality can be disabled. You can specify the name (used as a password ) of the read-only and read-write community.
65 A management server from the Internet sees a managed LAN device as a combination of the access Router’s WAN IP address and a Virtual Port reserved for this device.
66 Appendix A A-1: Default Settings TIP: Press the Default switch on the housing of a powered-on Router to reset the configura- tion settings to factory-set values.
67 DNS Proxy Static DNS Mappings Not set Filters/Firewall Packet Filters Not set URL Filters Not set VLAN Disabled WAN ICMP Request Blocking Disabled State Packet Inspection (SPI) Disabled Authenticat.
68 Appendix B: Troubleshooting Check the following first: z Make sure that the power of the Router is on a nd the Ethernet cables are connected firmly to the RJ-45 jacks of the Router. z Make sure that the LED ALV of the Router is blinking to indicate the Router is working.
69 Solve the following problems in order: z The wireless client cannot pass Web redirection-based authentication. Are user name and password are correct? Check the user credential informa tion stored on the RADIUS server.
70 Find out the answer on the start page of the Web-Based Network Manager. Is the NAT server functionality of the IWE3200-H enabled? Find out the answer on the start page of the Web-Based Network Manager.
71 B-3: Other Problems z I forget the IP address of the LAN interface of the IWE3200-H. What can I do to connect to it using a Web browser? z My IWE3200-H has been set to obtain an IP address automatically by DHCP. How can I know its acquired IP address so that I can manage it using a Web browser? Wireless Gateway/AP Browser ( WL Brwsr.
72 Appendix C: Technical Specifications C-1: IWE3200-H Standards: 802.11b 802.11g 802.3 802.3u 802.3af Data rate & modulation: OFDM@54Mbps, CCK@11/5.5Mbps, DQPSK@2Mbps and DBSK@1Mbps Radio Technology: OFDM DSSS Operating Range: Up to 1,155 feet Channels: USA: 1-11 (FCC), Canada: 1-11 (IC), Europe: 1-13 (ETSI), Japan: 1-14 Frequency range: 2.
73 Interface: 10/100 Mbps RJ-45 Connector RS-232c Serial Connector 802.11b/g WLAN Security: 64/128-bit WEP 802.1x WPA MAC address filtering Disabled SSID broadcast Wireless client isolation Configurat.
74 C-2: IWE500-INJ Power Injector Input Power Requirements AC Input Voltage : 90 – 264Vac AC Frequency : 47 – 63 Hz AC Input Current : 2A at 100Vac, 1A at 240Vac, (-48Vdc) Power over LAN output Sp.
75 C-3: IWE810-POS mini-POS Ticket Printer Printing Method Direct Thermal Printing Speed 150 mm/sec (5.905 inch/sec) Dot Density 180 x 180 DPI Dot Pitch 0.
デバイスEpson IWE3200-Hの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Epson IWE3200-Hをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはEpson IWE3200-Hの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Epson IWE3200-Hの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Epson IWE3200-Hで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Epson IWE3200-Hを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はEpson IWE3200-Hの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Epson IWE3200-Hに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちEpson IWE3200-Hデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。