The 4ipnet WHG401 Secure WLAN Controller in Gigabit Ethernet with built-in 4,000 local accounts, 3,000 on-demand accounts, is an ideal security solution for medium-scale WLAN deployments, including enterprises, campuses, hotels, airport terminals, and MDUs/ MTUs. The WHG401 integrates “secure access control”, “visitor account provisioning”, “flexible accounting and billing”, and “centralized WLAN management” into one box to provide simplified manageability and instant mobility. With more powerful hardware, WHG401 is capable of centrally managing 190 access points (150 x EAP700 + 40 x other 4ipnet single radio AP) to cover a wider service area in a smaller network.
Secure Business Networking
WHG401 is suitable for business in managing their wired and wireless network access uniformly. The network access of users from different departments and the access of guests can be segregated in different Service Zones. When needed, WHG401’s Local, Site-to-Site and Remote VPN tunnels can be used to further secure the information flows for business. Mobile workers on the road or home-based teleworkers can securely access the office network through remote VPN tunnels.
College Dormitories, Apartments or Hotels Networking
For college dormitories, apartments or hotels who want to cater for their tenants’ Internet access needs, WHG401 makes it easy to manage new tenant registrations and share bandwidth equally among tenants. Also, it is convenient to set up WHG401 to offer wireless Internet service at medium events, such as conventions, trade shows, and student spring break gatherings.
Fig.1. WHG401 in a Business Headquarter
Hotel with Property Management System (PMS) For hotels using Property Management System (PMS) such as Micros Fidelio/Opera, WHG401 even enables Internet access charges to be incorporated into the room bill [1]. Moreover, customers are able to purchase Internet service in room anytime or at the front counter. With a single account, a hotel guest can log on the Internet in room through a wired Ethernet port or enjoy wireless access throughout the hotel property. Before the account expires or the quota purchased reaches its limit, the guest who wants to surf the Internet in his/her room does not need to retype the password. WHG401 stands for the most cost-effective and easy-to-setup Internet Access Controller for hotels. Not only can WHG401 manage and bill both wireless and in-room wired Internet services for properties that have adopted modern IP network infrastructure, but it works for those who only utilize traditional phone lines coupled with DSLAM and DSL modem equipments to deliver Internet to each room.
Telcos or Large Hotspot Operators Networking
For Telcos or large hotspot operators, WHG401 brings in a convenient and economical way to deploy distributed hotspot services. While most of the operators prefer to use external RADIUS servers as authentication database, WHG401 in this architecture can play the role of a central RADIUS-NAS. For quick deployment, WHG401 supports two authentication methods: UAM and 802.1X (including EAP-SIM and EAP-TTLS and etc). It is capable of supporting customized web UAM pages uploaded locally as well as external web UAM pages residing on external web servers. Furthermore, the concept of Service Zones of WHG401 allows one Controller to manage multiple franchised hotspots simultaneously.
In summary, the feature-rich WHG401 supports multiple business models of Internet Access Services - be it for managing wireless or wired clients. It can be configured to fit for private corporations, government agencies, academic campuses, multi-tenant units (MTU), hotels, WISP or telco’s hotspot operations. The 4ipnet WHG-series products aim to offer the best price-performance among all access controllers on nowadays market.
Fig.2. WHG401 in a Hotel – Capable of integrating with DSLAM and PMS
Simplified Deployment and Reliable Internet Connection
Gigabit Ethernet to meet higher data rate demands of larger networks
Easy to deploy, highly scalable platform allows overlay with existing wired/wireless infrastructure without disruption
Load balancing and WAN failover enhance bandwidth utilization and provide more reliable Internet connection
Powerful Network Security Capabilities for Enterprise Applications
Standards-based data encryption: WEP, WPA, WPA2, IEEE 802.1X, and IPSec VPN
Secure guest and administrator access using web-based login and administration over SSL
Diverse user authentication methods, including built-in Local and On-demand database; supports external authentication servers including POP3, LDAP, RADIUS, Windows Domain, and SIP registrar
Built-in DoS protection keeps malicious hackers from collapsing the network
Site-to-site VPN tunnels allow branch offices to securely connect with one another and share the same account database
Comprehensive Access Control and User Management
Role-based access control and policy enforcement offer management of privileges for different user groups
On-demand account generation provides secure and managed user accounts to visitors
Service Zone function partitions a physical network into up to 9 virtual networks, each with its own definable access control and group policy profiles. Allows hotspot owners to provide various levels of customized services
Individual user bandwidth limit enables flexible traffic control for different scenarios
Centralized Access Point (AP) Management
Centralized remote control and automatic AP discovery
Management and monitoring of managed APs via web-based administration interface, including AP’s system settings, online status, enabling/disabling, reset, and firmware upgrade
Periodically monitors APs and notifies the administrator of problematic APs
Flexible Accounting and Easy Billing
Configurable billing profiles allow operators to customize billing plans for on-demand users
Support online payment with credit card through Authorize.net, PayPal and SecurePay
Support for Location-Based Hotspot Services and Customizable UAM Web Pages
The logical concept of Service Zone allows the Controller to differentiate clients by locations and to provide different user experiences (such as different login pages) and network policies
When coupling with VLAN switches and DSLAM devices, the Controller can use its Port Mapping feature to tell the location of each client and therefore provide differentiated services. For example, a hotel guest would not need to type in the password again every time when accessing the Internet in room
By setting up multiple Service Zones and utilizing customized pages or external pages, a single Controller can serve multiple hotspot franchises transparently to the clients
PMS Integration for Hotel Applications
By interfacing the 3rd party middleware - NetRetriever, the controller is able to post billing information to multiple kinds of hotel PMSs, including Micros Fidelio/Opera, HiRUM, RMS, CMS Hospitality, EzyRez, RoomMaster2000, Charts and etc
A hotel guest can obtain an Internet access account at check-in counter, or sign up for the Internet access service in room anytime without the help of clerks. With PMS integration, the guest will receive a single room bill
With a single account, a guest will be able to access the Internet by wire in room or by wireless connection anywhere within the service range of APs connecting to the Controller
1 Online 
