Professional Documents
Culture Documents
Introduction
This document is a guide on how to install, set-up and maintain an AmazingPorts Access Controller. The Access controller is a firewall that will allow or deny access to resources on the other side of itself. It does this by acting as gateway in a LAN, Local area network we often refer to this LAN as a public LAN. The access controller receives its settings and rules to a large extent from two internet servers, one called the LDS (Login Directory Service) and one called the AMS (Access Controller Management Service). As a rule of thumb the LDS provides rules, and the AMS provide management just like the names indicate.
Table of contents Installing the Access Controller............................................................................3 Registering the AC Mandatory and free of charge..............................................5 NEW REGISTRATION SERVICE............................................................................5 Default settings....................................................................................................6 Default WAN settings (eth0)..............................................................................6 Default LAN settings (eth1-n)............................................................................6 Configuration scenarios........................................................................................7 Fully automatic configuration............................................................................7 Fixed IP configuration........................................................................................7 Verifying that your AC works properly..................................................................8 Advanced configurations......................................................................................9 Local web administration of the Access Controller............................................9 Configuring manual IPs on the AC WAN interface (Networking).......................10 Configure the WAN interface manually: IP address, netmask and gateway. .10 Configure name servers - DNS.....................................................................11 Changing the IP if the Public LAN interface (Eth1-n).....................................11 The Administration portal...................................................................................12 The main menu...............................................................................................12 Managing vouchers.........................................................................................12 Make Vouchers............................................................................................13 Managing administration accounts on the Access Controller..............................14 Enabling password rotation.............................................................................14 Changing default passwords not using password rotation............................15 Default passwords.......................................................................................15 Accessing passwords with password rotation...............................................15 Troubleshooting.................................................................................................16 Accreditations....................................................................................................18 Appendix A.........................................................................................................20 Internet over Fibre..........................................................................................20 Internet over Cable/DSL..................................................................................20 Dial-Up............................................................................................................21 Appendix B The difference to other hotspot solutions......................................21 Appendix C Service Oriented Provisioning.......................................................23 Real time Service Oriented Provisioning.......................................................23 A service oriented provisioning architecture................................................23 What is the real life advantage?...................................................................24
customer-service@amazingports.com
7. Connect the other computer to the public network of the AC (IP will be DHCP assigned and in the range of 172.23.12.xx) note that 12 may be 13 or 14 depending on the number of NICs that your AC has. 8. Open the local web admin interface on https://172.23.12.1:8443 (you may have to replace the C network 12 with 13 depending on how many NICs your AC has. (default credentials are username: admin, password: admin) 9. Configure all network settings correctly (The AC assumes it will be served its WAN address etc from a DHCP server). 10. Reboot the Access Controller (whether you have done any changes or not) 11. Re-connect to the local web admin interface and click the registration link in the top right hand corner. 12. Follow the link (automatically or manually) to the NEW registration site. Page 3 (25) Version: 1.5 customer-service@amazingports.com
13. Complete the registration process to obtain an admin account to make vouchers and customise your landing page.
customer-service@amazingports.com
customer-service@amazingports.com
Default settings
Default WAN settings (eth0)
The AC will attempt to get a dynamic address for its WAN interface using the DHCP protocol. It will attempt to automatically use the information it receives through the DHCP request to apply correct IP and DNS settings. If the access controller for some reason does not receive IP information on the WAN connection it will not be possible to connect through the access controller. In the section below called Manual WAN settings you can read more about configuring these settings manually. Note that this manual covers only configuration considerations referring to the Access Controller (AC) we assume that any network equipment between the wan interface and the Internet is configured appropriately and that it will either provide IP and DNS settings through DHCP or that the AC must be configured manually (with Fixed IP). Currently (2008) the publicly available AC version does not support PPPoE nor PPPoA as means of acquiring a network connection.
customer-service@amazingports.com
Configuration scenarios
The access controller can be configured in two basic ways, fully automatic or with fixed IP. Note that which ever case you prefer it is mandatory that the Private LAN (WAN) and the Public LAN (LAN/WLAN) ALWAYS use different IP subnets. In English this translates to: If the Private LAN (WAN) in the examples below use IP addresses in the 192.168.xx.yy range, then the Public LAN must NOT use addresses that same 192.168.xx.yy range but a different one, for example 172.23.12.xx.
In the fully automatic configuration scenario the Internet router will have a DHCP server that provide the Access controller with IP settings.
Fixed IP configuration
In a scenario where the Access controller will use a fixed IP to connect to the internet it is important to remember that DNS settings need to be entered manually. Without proper DNS settings the AC will fail to operate.
customer-service@amazingports.com
customer-service@amazingports.com
Advanced configurations
Local web administration of the Access Controller
Connect a computer to the Public LAN port of the Access controller. URL: https://172.23.12.1:8443 Default username: admin Default password: admin Normally for improved security an access controller is always set to password rotate. To receive the password for your AC, if the default password does not work, please contact AmazingPorts customer service. After login you will reach this web page:
In the following we will guide you through the settings that can be made locally in the AC admin interface. Once you have set up your AC use the Register AC link to register your access controller. Occasionally it might be necessary to restart your AC, this can be done by clicking Reboot device, this will reboot the hardware, or click Restart AC services to restarts the main AC services without rebooting the hardware.
customer-service@amazingports.com
Configuring IPs contains three important sections. ALWAYS begin by configuring the WAN / Gateway Interface.
Configure the WAN interface manually: IP address, netmask and gateway To configure an IP address manually Set the Get from dhcp server to No. Then enter an appropriate IP address, Net mask and Gateway for the WAN interface. Remember that the gateway referred to in this menu is the IP gateway on the private LAN (WAN)(see configuration scenarios). After setting the IP, confirm that you wish to enter the new settings, and let the AC implement the new settings. It can often be good to restart the AC after this has been done. You can restart it by using the re-boot link in the menu. Let the AC a good two minutes to stop and restart.
customer-service@amazingports.com
Configure name servers - DNS Next step is to enter DNS settings for the AC these settings you find in the main menu under Configure Networking -> Global Settings Name servers.
Enter correct name servers for your network and click the set button. Would you need to enter more than 2 name servers, just go into the same menu after you have configured the first two, and you will be able to add more name servers. At this stage, when you have set both the IP address and DNS (name server) settings make sure you reboot the AC so that it can start with correct IP and DNS settings. Changing the IP if the Public LAN interface (Eth1-n) Start by clicking Configure Networking in the main menu and then choose the connection point wish to configure.
customer-service@amazingports.com
There are 5 tabs that each addresses different needs: Network let you see your ACs current report status and manage traffic control (QoS) Look & Feel let you customise the landing portal and certain other aspects of the look and feel. Products & services lets you customise and manage the products that are available to your voucher maker(s), manage the general rules that are valid for the entire network, an AC, a hotspot, or a single product. Support lets you ask questions to AmazingPorts if you are an Administrator, or lets your users ask you questions if you are an administrator User Management lets you add/edit and manage all aspects of your users including assigning them special rights and managing their role (if any) o Administrator Can administer all aspects of this Network o Voucher Maker Can make vouchers o Accountant Can see/export transactions, vouchers etc.. o Support Agent Can answer support chats
Managing vouchers
You manage vouchers under the Products and services tab, that is divided into two main sections, Vouchers and products on one side and Default rules on the other side.
customer-service@amazingports.com
Make Vouchers To create a voucher you select the product that the voucher should give the user. The product defines what service the user will get. Valid to and valid from indicates the dates and time for which the vouchers created should be valid. A shorter validity will generate a shorter voucher secret meaning that the user will have less to fill in. Repetitions are the number of times this voucher can be used by a user.. Example: A user get a voucher with 3 repetitions for a product Internet Access 1 hour, this means that the user will actually get 3 hours of access. Vouchers are automatically repeated as long as a user is logged in or if a user is anonymous as long as his session is valid. Quantity is the number of vouchers to create, if a number bigger than 1 is chosen the output is in excel format instead of a single voucher. The look and feel of single vouchers can be customised under the Look & Feel tab. Language is drop down that will contain all the languages you have enabled in the Look & Feel section for your network.
customer-service@amazingports.com
customer-service@amazingports.com
Usernames and passwords are case sensitive. Default passwords Context Shell access SSH Local web admin (https://172.23.12.1: 8443) User root admin Password _change_me_ admin
Accessing passwords with password rotation Login to the administration portal at https://ams.amazingports.com, selecting to edit your access controller under the Network -> Status/Home tab.
customer-service@amazingports.com
Troubleshooting
To make it easier to find out about your problem we have created a list of problems and possible solutions. Problem - You receive no IP - Because you are using an incorrect cable Solution If your computer is connected directly to the access controller the network cable must be a cross over cable or your network adapter must support MDIX. If this is jibberish to you? Then connect to the Access Controller through a hub, switch or WiFi access point. If you are connecting to the AC trough a WiFi network, make sure that you are really connected. Specifically check that: If you are using any encryption that your keys are CORRECT (you can do this by setting fixed IP on your machine, and verify that you can connect to the web interface of the Access Point or the access controller). That you have set your computer to actually connect to the WiFi network in question
- Because your computer is NOT set to receive IP settings from a DHCP server - Because you connected to the wrong NIC (network adapter).
You need to make sure that the IP settings of the network adapter you are using to connect to the access controller is set to use Automatic IP settings or DHCP. Verify that you connected to the correct NIC on the Access controller, there are at least two of them and if the one you are connected to doesnt work try the other one. First ensure that the AC actually is connected to power, no were not kidding you this is a common reason for not working. customer-service@amazingports.com
Normally when connecting to the AC, the link light of the network adapter should lighten up. Connect the AC to a switch and verify that the switch indicates that link is up. If this is not the case exchange the cable for another one to make sure that your problem is not a cable failure. If you determine that the NIC is physically broken, this is VERY unusual, than just replace it with another suitable network adapter.
customer-service@amazingports.com
Problem - You receive an IP but can not browse anywhere and you are not redirected. - Because DNS isnt working properly
Solution Verify that your DNS settings are correct and that you are able to resolve domain names. A way to do this is to open a command prompt in windows and run nslookup. In nslookup be aware if the primary DNS fails. If that is the case then correct the DNS settings in the AC and make sure you have a functional DNS as primary DNS. After correcting the DNS settings restart the AC and VERIFY that your settings were properly accepted by the Access Controller. Try connecting to http://172.23.xx.1, replace xx with the specific subnet you are in. What you are doing here is actually to connect directly to the redirector of the Access Controller. You should then be redirected to the landing page of the Access controller. If you are not the most likely cause is that the Access Controller need to reboot. Reboot by connecting to the local web admin interface and select the reboot option. First make sure that you renew your IP, if you are still receiving an IP from the AC but can NOT ping the AC, that indicates a more complex routing problem between your client and the AC. If you are connected directly to the AC, check that your cables are OK. Reboot the AC. Reboot your computer.
- DNS is working but any web page you are looking at time-out instead of showing.
- You can not browse anywhere AND you are unable to ping the Access Controller
Accreditations
AmazingPorts is part of the FireVentures Ltd Group, a Private limited company with registered offices in 30, BasePoint Business Centre, Metcalf Way, Crawley, Page 18 (25) Version: 1.5 customer-service@amazingports.com
RH11 7XX, West Sussex. All copyright and other rights vest with FireVentures Ltd.
customer-service@amazingports.com
Appendix A
Where as this manual isnt supposed to cover generic network/internet configuration issues we have added this section to cover a few common situations you as a user might encounter. We have described key aspects under each and hope that this will help you resolve any configuration issues you might encounter. As a general rule it is very good to ensure that outbound ports are open, and that inbound ports 22 and 8443 are mapped and forwarded to the Access Controller. Remember that this forwarding might require you to create several port forwards depending on your network configuration and that these forwards are an advantage not a requirement.
Dial-Up
We do not recommend using dial-up internet connections unless the modem is set to dial automatically when needed. Please be aware that the Access Controller will communicate with internet servers on an almost perpetual basis thus potentially raising your connection time to 100%.
- In a traditional system you have to build and maintain 15 profiles Page 21 (25) Version: 1.5 customer-service@amazingports.com
- With AmazingPorts you only have to build and maintain 4 rule sets At this level the reduced amount of administration is clear, actually the relation between a traditional system and AmazingPorts in terms of administrative work can be expressed mathematically as: 2n-(n+1) where "n" represents the number of services you wish to be able to offer your users.
customer-service@amazingports.com
customer-service@amazingports.com
What is the real life advantage? The capability of defining and working with true product management instead of "on/off" one size fits all mentality create the extra revenue that hotspots need to survive. Our statistics show that in most hotspots, around 20-30% of all products are "non" standard, without AmazingPorts technology you may be loosing out on those sales. It is also a way to entice new users to try services or cross sell a quality service to an existing customer. In short this structure makes it possible for you to define and sell almost any imaginative access product to any user in any location....
Really fast internet Really slow internet Free services - but limited priority Selective services - like "only VoIP from VoipLtd", or "only e-mail from email.com" A yearly subscription
Priority to your favourite gaming server Only give access to people with green hair to the "dye-my-hair-now.com" web site. Cut a deal with local "Big Co" and sell them E-mail only access for their sales force.
Obviously you can price everything differently and according to your comprehension of what is "smart" pricing. Please notice the unique capability of selling any combination of these services to any user. Don't wait - upgrade your venue to AmazingPorts technology now!
customer-service@amazingports.com