Secure WLAN Controller WHG-505 H/W Version: 1 Product Overview The LevelOne WHG-505 Secure WLAN Controller is an ideal security solution for medium to large scale network deployments, such as enterprises, campuses, hotels, dormitories or airport terminals. This compact sized gateway provides 6,000 local and 6,000 on demand accounts, flexible configurations and maintains a high-level security for hotspot and/or hospitality deployments. The WHG-505 is capable of managing up to 200 Layer 2/3 Access Points to cover a wider service area within a network. Secure Business Networking The WHG-505 secures transmission for mobile workers and home-based teleworkers via Local, Site-to-Site and Remote VPN tunnels to increase security levels for enterprise networks. Characterized Access Profile for Particular Users For places like dormitories, apartments and hotels, WHG-505 makes it easy to manage accounts of network users and equally share bandwidth among them. With simple and user friendly setup, administrators can easily configure different access profiles for different users and makes access policy more flexible. In addition, the billing policy allows administrator to select the best suitable cost plan for each user. Key Features - 2x 10/100/1000Base-T WAN ports - 2x 10/100/1000Base-T LAN ports - Simplified operation and reliable Internet connection - Supports WEP, WPA, WPA2, IEEE 802.1X, and IPSec VPN encryption - Centralized Access Point (AP) Management - Flexible Accounting and Billing Management - Provides 6,000 local and 6,000 on-demand accounts - Supports location-based Hotspot Services and customizable UAM web pages - Property Management System (PMS) Integration for hotel applications Integration with Property Management System (PMS) The WHG-505 stands for the most cost-effective solution for hotels application. With built-in Property Management System (PMS) such as Micros Fidelio/ Opera, hotel guests can purchase Internet service either at the front desk or in the room, which will be integrated into the room bill. In addition, WHG-505 accounts wired and wireless Internet services through modern IP network infrastructure or those utilize traditional phone lines through DSLAM and DSL modems. Customized and Reliable for Hotspot Operation For Telcos or hotspot operators, WHG-505 brings a convenient and economical way to provide comprehensive hotspot services. While most operators prefer external RADIUS servers as an authentication database, WHG-505 can act as a central RADIUS NAS, and supports two authentication methods: UAM and 802.1X. Moreover, it supports customized web UAM pages and, with Service Zone settings one Gateway allows to manage multiple franchised hotspots simultaneously. Works well with EAP-200 Enterprise Access Point EAP-300 Enterprise Access Point www.level1.com I one world_one brand_one level_ Routers and Gateways Technical Specification Networking -NAT or Router mode -Static IP, DHCP, PPPoE mode on WAN interfaces and PPTP (WAN 1 only) -Choose freely which LAN is authentication-enabled LAN -NAT: (1) IP/Port destination redirection (2) DMZ server mapping (3) Virtual server mapping (4) H.323 pass-through -Email service via designated email server -Built-in with DHCP Server and support DHCP relay -Walled garden (free surfing zone) -Walled Garden Ad List that enables advertisement website links on user login portal page -MAC-address and IP-address pass-through -HTTP Proxy -IP Plug and Play (IP PnP) -Configurable static routes -Dual uplinks, outbound load balancing and failover for more reliable Internet connection -SIP pass-through NAT -Ethernet connection to external terminal servers -Port location mapping features for working with DSLAM and VLAN switches System Administration -Web-based management user interface -Provides customizable login and logout portal page -SSH remote management -Remote firmware upgrade -NTP time synchronization -Menu driven console management interface -Utilities to backup and restore the system configuration Monitoring and Reporting -Status monitoring of on-line users -IP-based monitoring of network devices -Uplink (WAN) connection failure alert -Supports syslog for diagnosis and troubleshooting -User traffic history logging -Traffic history report via email to administrator -User's session log can be sent to FTP or syslog server -Graphical system report User Management and Access Control -Supports 6,000 local accounts and 6,000 on-demand accounts -Provides on-demand accounts for visitors -Local user account roaming -Authentication methods supported: Local and On-demand accounts, POP3, LDAP, RADIUS, Windows Domain, and SIP authentication -Single-Sign-On for Windows Domain -Allows MAC address and user identity binding for local user authentication -MAC Access Control List -Auto-expired guest accounts -Users can be divided into user groups, each user group has its own network properties, including bandwidth, QoS, accessible service zones, and other privileges -QoS and WMM traffic types: Voice, Video, Best Effort and Background -Each group (role) may get different network policies in different service zones -Max concurrent user session (TCP/UDP) limit -A setting for user-idle-timeout -Configurable user Black List -Export/Import local users list to/from a text file Security -Local IPSec VPN tunnels -PPTP VPN tunnels -Site-to-site VPN tunnels -VPN pass-through (IPSec and PPTP) -Built-in DoS attack protection Service Zones -The network is divided into maximum 9 Service Zones, each defined by a pair of VLAN tag and ESSID -Each service zone has its own (1) login portal page (2) authentication options (3) LAN interface IP address (4) DHCP address range -Each service zone allows access to the selected groups -Each service zone assigns a network policy to each user group -WISP support per service zone Accounting and Billing -Supports local on-demand and external RADIUS server -Contains 10 configurable billing plans for on-demand accounts -Supports credit card billing system by Authorize.net ,PayPal, SecurePay, and WorldPay -Provides session expiration control for on-demand accounts -Provides detailed per-user network traffic history for both local and on-demand user accounts -LevelOne RADIUS VSA implementation for volume-based session control using RADIUS server -Supports automatic e-mail to report network traffic history -Supports Net Retriever, the middleware connection to Property Management System (PMS) AP Management -Manage multiple types of LevelOne APs: up to 200 -Monitor 3rd party non-integrated AP: up to 200 -Centralized remote management via HTTP/SNMP interface -Auto discovery for managed APs -Enable or disable APs easily via user interface -Templates for managed APs -Monitoring managed AP for its status, the number of associated clients, and RF information -Upgrade managed APs centrally, including bulk upgrade -Rogue AP detection and AP load balancing -Tunneled AP management over internet for LevelOne EAP-200 AP Hardware Specifications -WAN Ports: 2 x 10/100/1000 BASE-T RJ-45 -LAN Ports: 2 x 10/100/1000 BASE-T RJ-45 -Management Port: 1 x 10/100 BASE-T RJ-45 -Console Port: 1 x RJ-45 -LED Indicators: 1 x Power, 1 x Link Status, 5 x Ethernet Connect -LCD Display Physical and Power -Power Adapter: 100~240 VAC, 50~60Hz -Form Factor: 19” 1U Rack Mount -Dimensions (W x D x H): 16.77" x 10.63" x 1.75" (426 mm x 270 mm x 44.4 mm) -Weight: 13.2 lbs (6 kg) Environment -Operating Temperature: 0°C ~ 40°C -Storage Temperature: -20°C ~ 70°C -Operation Humidity: 5% ~ 95% (Non-condensing) -Storage Humidity: 5% ~ 95% (Non-condensing) Certifications -CE, FCC -RoHS compliant Front View and Rear View 1 2 3 4567 67 1. LED Indicator 2. Console Port 3. Reset Button 89 4. Reserved USB Ports 5. Management Port 6. WAN Port 7. LAN Port 8. Power Switch 9. Power Cord Socket Product Diagram Internet xDSL xDSL Internet POP3, RADIUS, LDAP, Windows Domain WHG-505 Net Retriever PoE Switch GbE Switch Managed APs Managed APs Order Information WHG-505: Secure WLAN Controller Package Content WHG-505, CD-ROM (User’s Manual and QIG), Quick Installation Guide (QIG) Console Cable, Ethernet Cable, Power Cord, Rack Mounting Bracket (with Screws) Wired All mentioned brand names are registered trademarks and property of their owners. Technical specifications are subject to change without notice. © Copyright Digital Data Communications GmbH. All Rights Reserved. V1.0