• 1-415-979-0600
  • info@valuepointnet.com

Controllers FAQ

How can I control torrents and illegal downloads on my network?

File Sharing and Peer to Peer traffic can be limited on the controller by enabling Advanced Traffic Control. All file sharing traffic can be assigned to a low priority pool that is separate from legitimate traffic like email and web browsing. You can also block any problem port or IP ranges directly.

Is the 3610 compliant with the CALEA and DMCA laws?

You can protect your network from DMCA liability for customer file sharing and comply with law enforcement monitoring requests under CALEA by maintaining long-term logs of subscriber activity. The Subscriber Connection Logging feature on the Controller makes this possible. You can store these logs yourself or subscribe to our cloud based report portal.

How can I track and report usage at my network sites?

VP Networks offers a low cost per site service to collect and store all of the usage information from each site using a Gateway Controller. In addition to easy central access and storage of all user logins and activity it also includes filtering and export tools to generate customer reports.

What is the best practice for configuring WAN port speeds?

If the WAN Port speed is not accurate (too high) the Gateway will forward guest traffic that the ISP will drop, preventing those guests from accessing the WAN network. This is common with shared access connections like CableModem and DSL. It is important to enter the lowest typical speed, usually in the evening, rather than the advertised maximum speed. The typical speed of a 50/10 Cable connection may be 25/5, or less, at 8PM. To avoid this issue entirely, get a Service Level Agreement from your ISP to guarantee the speed at all times.

How does the 3610 control user bandwidth?

The Controller 3610 Uses a dynamic bandwidth manager.By default bandwidth is evenly distributed among all the users.The accurate available bandwidth on the WAN port must be entered under Link Properties.Bandwidth is allocated based on active requests, so it is possible for a single user to utilize a large proportion of the available bandwidth if other users are idle.As soon as those users are active the bandwidth will be balanced again. Per user bandwidth limits apply if assigned to local, RADIUS, or PMS logins.

Running a network without limit can cause problems in two ways:

  1. APs cannot service the available bandwidth. If there is 50Mbps available on the network, the dynamic bandwidth manager will allow a single guest to use it. A single AP can only send 20-30Mbps in most cases, so other guests on that AP may get little or no connection.
  2. Available bandwidth may vary greatly. When the site is busy the most any guest may get is 1-2Mbps. Late at night the same guest may get the whole available link of 50Mbps.This may cause complaints that the internet "was working" before but now is slow.
Best practice is to establish the level of service at the site, usually 1-4Mbps, and setting that as a per user limit. If the site becomes too congested to provide the configured speed (1-4Mbps) to each guest request, the dynamic bandwidth limit will throttle all the requests back to what is available.

Can I provide different login pages to different users or areas of a site?

Yes, but you need to host your own HTTP server (like Apache, IIS, etc). If you want different guests to get different logins based on VLAN ID you can set the Gateway to VLAN Trunk, set Login Page to External Portal and enable "Include Subscriber Information". Your external HTTP server will receive the guest VLAN ID as part of the redirect, and you can use a script on your HTTP server to send them to a different page for each VLAN ID, which could be branded differently, not require a password, etc.You could also provide different login pages based on MAC address or IP address.

Does the 3610 support login for Apple devices like phones and tablets?

The 3610 contains a number of proprietary features to specially handle problems caused by iOS devices. Primary these are DHCP and login page problems.The 3610 includes a Captive Network Assistant bypass option that allow you to control whether Apple devices use a built in mini-browser or full Safari browser to access your login page.

Does the 3610 support encrypted (HTTPS/SSL) home pages for users?

There is a proprietary feature on the Controller that allows guests who request an encrypted page, such as https://www.google.com, to receive a login page. Ordinarily these guests would just get a time out error from the browser. Because the page is secure the guest will always receive a certificate error for gatewaylogin.info, or your domain if you uploaded a different certificate. If they accept the certificate, or navigate to another non-encrypted website, they will be able to log in.You can disable this functionality under Networks - Server - Web Server - Redirect HTTPS request.If disabled the guest will receive a time out or blank page from the browser if they need to log in and request a secure page.

What is the default IP address, username, and password?

192.168.1.1 user = root password = root.

Why can't I access the controller?

Make sure that the managing computer has an IP address that is in the same subnet as the AP. For example, the computer should have an address of 192.168.1.x/24 if the AP has the default settings.

Where can I download the latest firmware?

http://www.valuepointnet.com/downloads.php

Why can't I access the controller?

Make sure that the managing computer has an IP address that is in the same subnet as the AP. For example, the computer should have an address of 192.168.1.x/24 if the AP has the default settings.

What RADIUS attributes are supported by the controller?
The Current RADIUS attributes supported are:
  • User-Name
  • NAS-IP-Address
  • NAS-Identifier
  • Acct-Session-ID
  • Calling-Station-ID
  • Called-Station-ID
  • NAS-Port-Type
  • Acct-Session-Time
  • Acct-Terminate-Cause
  • Acct-Output-Packets
  • Acct-Input-Packets
  • Acct-Output-Octets
  • Acct-Input-Octets
  • Framed-IP
  • Port-Limit (for per-user bandwidth control)
We send an "accounting on" when the Controller boots and an "accounting off" for a coming reboot. We do not currently send interim updates.

What can cause client login problems at my site?

Causes of users not being able to log in:
Too little available bandwidth to the user. This is caused by the bandwidth limits being to high, and existing users consuming 100% of what is available from the ISP. Upgrade to the new firmware version and use the dynamic bandwidth limit.
AP problems. Could be signal strength, too many clients, or too much throughput by a few clients.
Clients browser problems. Some browsers or devices may just not accept a login page. Use the MAC Address based passthrough to get them on.
Denial of Service. LAN or WAN devices may target the HTTP server, preventing the login pages from being served. Change the HTTP server port or use a different IP address.

What is automatic authentication?

Automatic Authentication will attempt to log in any device that connects to the network. It looks at any HTTP requests and attempts to redirect them to a landing or welcome page.

How can users be prevented from seeing or accessing each other's devices on the network?

Auto (Layer 2) Isolation is security based on the best effort of the equipment to block guests from seeing each other on an open network. It does not provide physical or virtual separation of ports, so it should not be used in cases where a VLAN is required. There are some limitations:

  1. LAN Broadcast traffic may not be blocked, so some subscribers may see other computers listed under “Computers Near Me” in Windows. These subscribers will not be able to share files, ping, or access each other’s computers, however.
  2. The first “PING” attempt between subscribers may succeed if the Controller has not previously seen traffic from that subscriber. Subsequent PING or other packets will be blocked.
  3. Auto LAN Isolation may not be effective across a switch or router. In this case, direct packets between subscribers cannot be detected by the Controller. If this switch-based configuration cannot be avoided, we recommend turning on LAN Isolation in the Access Points. This feature is available in the SuperAP 570n from VP Networks . Please contact your Access Point vendor with questions about LAN Isolation in other products.
  4. Some devices may actively or passively resist the layer 2 isolation.

Why do I get a Subnet error in the GUI when configuring LAN IP or DHCP?

Subnets do not always contain the IPs you think they will. Your Device IP may be in the middle or at either end of the range. They are fixed ranges, so if the Controller says another IP or DHCP range is outside the subnet it is always right. You have to run a subnet calculator to see the exact range. Here is a typical one:
http://www.subnet-calculator.com/subnet.php?net_class=B
If you would like help designing your networks we have some consulting contracts available. Please contact sales for more information.