Leadership and Innovation
+230 6988788


WHG315 Secure WLAN Controller

The 4ipnet WHG315 Secure WLAN Controller (Wireless Hotspot Gateway) with built-in 4,000 local accounts, 4,000 on-demand accounts, is an ideal security solution for small-scale WLAN deployments, including enterprises, campuses, hotels, airport terminals, and MDUs/ MTUs. The WHG315 integrates “secure access control”, “visitor account provisioning”, “flexible accounting and billing”, and “centralized WLAN management” into one box to provide simplified manageability and instant mobility. With more powerful hardware, WHG315 is capable of centrally managing 50 4ipnet access points though Layer 2 deployment or through the Cloud to cover a wider service area in a smaller network.

Secure Business Networking

WHG315 is suitable for business in managing their wired and wireless network access uniformly. The network access of users from different departments and the access of guests can be segregated in different Service Zones. When needed, WHG315’s Local, Site-to-Site and Remote VPN tunnels can be used to further secure the information flows for business. Mobile workers on the road or home-based teleworkers can securely access the office network through remote VPN tunnels.

College Dormitories, Apartments or Hotels Networking

For college dormitories, apartments or hotels who want to cater for their tenants’ Internet access needs, WHG315 makes it easy to manage new tenant registrations and share bandwidth equally among tenants. Also, it is convenient to set up WHG315 to offer wireless Internet service at small events, such as conventions, trade shows, and student spring break gatherings.

WHG315 in a Business Headquarter

Fig.1. WHG315 in a Business Headquarter

Secure corporate network over the Internet

With WHG315, businesses can easily bridge multiple offices under a centrally managed single internal network. VPN solutions from other service providers are no longer necessary, WHG315 with EAP-series AP can service distributed network locations as if under the same internal network via secure tunneling technology.

Hotel with Property Management System (PMS)

For hotels using Property Management System (PMS) such as Micros Fidelio/Opera, WHG315 even enables Internet access charges to be incorporated into the room bill [1]. Moreover, customers are able to purchase Internet service in room anytime or at the front counter. With a single account, a hotel guest can log on the Internet in room through a wired Ethernet port or enjoy wireless access throughout the hotel property. Before the account expires or the quota purchased reaches its limit, the guest who wants to surf the Internet in his/her room does not need to retype the password. WHG315 stands for the most cost-effective and easy-to-setup Internet Access Controller for hotels. Not only can WHG315 manage and bill both wireless and in-room wired Internet services for properties that have adopted modern IP network infrastructure, but it works for those who only utilize traditional phone lines coupled with DSLAM and DSL modem equipments to deliver Internet to each room.

Telcos or Large Hotspot Operators Networking

For Telcos or large hotspot operators, WHG315 brings in a convenient and economical way to deploy distributed hotspot services. While most of the operators prefer to use external RADIUS servers as authentication database, WHG315 in this architecture can play the role of a central RADIUS-NAS. For quick deployment, WHG315 supports two authentication methods: UAM and 802.1X. It is capable of supporting customized web UAM pages uploaded locally as well as external web UAM pages residing on external web servers. Furthermore, the concept of Service Zones of WHG315 allows one Controller to manage multiple franchised hotspots simultaneously.

In summary, the feature-rich WHG315 supports multiple business models of Internet Access Services – be it for managing wireless or wired clients. It can be configured to fit for private corporations, government agencies, academic campuses, multi-tenant units (MTU), hotels, WISP or telco’s hotspot operations. The 4ipnet WHG-series products aim to offer the best price-performance among all access controllers on nowadays market.

Hotel Internet Services

Fig.2. WHG315 in a Hotel – Capable of integrating with DSLAM and PMS

WHG315 – Secure WLAN Controller
Simplified Deployment and Reliable Internet Connection
  • Easy to deploy, highly scalable platform allows overlay with existing wired/wireless infrastructure without disruption
  • Load balancing and WAN failover enhance bandwidth utilization and provide more reliable Internet connection
Powerful Network Security Capabilities for Enterprise Applications
  • Standards-based data encryption: WEP, WPA, WPA2, IEEE 802.1X, and IPSec VPN
  • Secure guest and administrator access using web-based login and administration over SSL
  • Diverse user authentication methods, including built-in Local and On-demand database; supports external authentication servers including POP3, LDAP, RADIUS, Windows Domain, and SIP registrar
  • Built-in DoS protection keeps malicious hackers from collapsing the network
  • Site-to-site VPN tunnels allow branch offices to securely connect with one another and share the same account database
  • Centralized certificate management function with built-in root CA feature to issue self-signed certificates for internal network security validation
Comprehensive Access Control and User Management
  • Role-based access control and policy enforcement offer management of privileges for different user groups
  • On-demand account generation provides secure and managed user accounts to visitors
  • Service Zone function partitions a physical network into up to 9 virtual networks, each with its own definable access control and group policy profiles. Allows hotspot owners to provide various levels of customized services
  • Individual user bandwidth limit enables flexible traffic control for different scenarios
Centralized Access Point (AP) Management
  • Centralized remote control and automatic AP discovery
  • Management and monitoring of managed APs via web-based administration interface, including AP’s system settings, online status, enabling/disabling, reset, and firmware upgrade
  • Periodically monitors APs and notifies the administrator of problematic APs
  • Tunneled AP management to support overlay deployment across different IP subnets
  • Supports management of 3rd party AP devices with graphical statistics
Flexible Accounting and Easy Billing
  • Configurable billing profiles allow operators to customize billing plans for on-demand users
  • Support online payment with credit card through Authorize.net, PayPal, SecurePay, and WorldPay
Support for Location-Based Hotspot Services and Customizable UAM Web Pages
  • The logical concept of Service Zone allows the Controller to differentiate clients by locations and to provide different user experiences (such as different login pages) and network policies
  • When coupling with VLAN switches and DSLAM devices, the Controller can use its Port Mapping feature to tell the location of each client and therefore provide differentiated services. For example, a hotel guest would not need to type in the password again every time when accessing the Internet in room
  • By setting up multiple Service Zones and utilizing customized pages or external pages, a single Controller can serve multiple hotspot franchises transparently to the clients
  • Seamless L2/L3 roaming
PMS Integration for Hotel Applications
  • A hotel guest can obtain an Internet access account at check-in counter, or sign up for the Internet access service in room anytime without the help of clerks. With PMS integration, the guest will receive a single room bill
  • With a single account, a guest will be able to access the Internet by wire in room or by wireless connection anywhere within the service range of APs connecting to the Controller
Managed 4ipnet AP Models
  • EAP110, EAP200, EAP260+, EAP300, EAP700, OWL500


  • Support NAT or Router mode
  • Support Static IP, DHCP, PPPoE mode on WAN interfaces and PPTP (WAN 1 only)
  • Choose freely which LAN is authentication-enabled LAN
  • Support NAT:
    • IP/Port destination redirection
    • DMZ server mapping
    • Virtual server mapping
    • H.323 pass-through
  • Supports email service via designated email server
  • Built-in with DHCP Server and support DHCP relay
  • Support walled garden (free surfing zone)
  • Walled Garden Ad List that enables advertisement website links on user login portal page
  • Support MAC-address and IP-address pass-through
  • Support HTTP Proxy
  • Support configurable static routes
  • Support dual uplinks, outbound load balancing and failover for more reliable Internet connection
  • Support SIP pass-through NAT
  • Support Ethernet connection to external terminal servers
  • Port location mapping features for working with DSLAM and VLAN switches
  • Dynamic Routing Protocol: RIP, OSPF, IS-IS
  • Seamless L2/L3 roaming

System Administration

  • Support web-based management user interface
  • Provide customizable login and logout portal page
  • SSH remote management
  • Remote firmware upgrade
  • NTP time synchronization
  • Menu driven console management interface
  • Utilities to backup and restore the system configuration
  • built-in root CA feature to issue self-signed certificates for internal network security validation

Monitoring and Reporting

    • Status monitoring of on-line users
    • IP-based monitoring of network devices
    • Uplink (WAN) connection failure alert
    • Support Syslog for diagnosis and troubleshooting
    • User traffic history logging
    • Traffic history report via email to administrator

t-in DoS attack protection

Service Zones

  • The network is divided into maximum 9 Service Zones, each defined by a pair of VLAN tag and ESSID
  • Each service zone has its own:
    • login portal page
    • authentication options
    • LAN interface IP addresoaming
    • Authentication methods supported: Local and On-demand accounts, POP3, LDAP, RADIUS, Windows Domain, and SIP authentication
    • Single-Sign-On for Windows Domain
    • Allow MAC address and user identity binding for local user authentication
    • Support MAC Access Control List
    • Support auto-expired guest accounts
    • Users can be divided into user groups, each user group has its own network properties, including bandwidth, QoS, accessible service zones, and other privileges
    • Support QoS and WMM traffic types: Voice, Video, Best Effort and Background
    • Each group (role) may get different network policies in different service zones
    • Max concurrent user session (TCP/UDP) limit
    • A setting for user-idle-timeout
    • Configurable user Black List
    • Export/Import local users list to/from a text file


    • Support local IPSec VPN tunnels
    • Support PPTP VPN tunnels
    • Support site-to-site VPN tunnels
    • Support VPN pass-through (IPSec and PPTP)
    • Built-in DoS attack protection

    Service Zones

    • The network is divided into maximum 9 Service Zones, each defined by a pair of VLAN tag and ESSID
    • Each service zone has its own:
      • login portal page
      • authentication options
      • LAN interface IP address
      • DHCP address range
    • Each service zone allows access to the selected groups
    • Each service zone assigns a network policy to each user group
    • WISPr support per service zone

    Accounting and Billing

    • Support local on-demand and external RADIUS server
    • Contain 10 configurable billing plans for on-demand accounts
    • Support credit card billing system by Authorize.net, PayPal, SecurePay, and WorldPay
    • Provide session expiration control for on-demand accounts
    • Provide detailed per-user network traffic history for both local and on-demand user accounts
    • 4ipnet RADIUS VSA implementation for volume-based session control using RADIUS server
    • Support automatic e-mail to report network traffic history
    • Support middleware connection to Property Management System (PMS)

    AP Management

    • Manage up to 50 x 4ipnet AP in both Local and Wide Areas AP management totally
    • Monitor 3rd party non-integrated AP: up to 100
    • Centralized remote management via HTTP/SNMP interface
    • Auto discovery for managed APs
    • Enable or disable APs easily via user interface
    • Templates for managed APs
    • Monitoring managed AP for its status, the number of associated clients, and RF information
    • Upgrade managed APs centrally, including bulk upgrade
    • Rogue AP detection and AP load balancing
    • Tunneled AP management over internet for 4ipnet EAP110, EAP200, EAP300 Aps
    • Graphical AP statistics display

    Hardware Specifications

    • WAN Ports: 2 x 10/100/1000 Base-T RJ-45
    • LAN Ports: 8 x 10/100/1000 Base-T RJ-45
    • SD card Slot x 1
    • USB Port: 1 x USB2.0
    • Console Port: 1 x DB9
    • LED Indicators: 1 x Power, 1 x Status, 3 x Rev., 2 x WAN, 8 x LAN
    • Buttons: 1 x Reset, 3 x Rev
    • LCD Display

    Physical and Power

    • Power: 100~240 VAC, 50/60 Hz
    • Form Factor: 19” 1U Rack Mount
    • Dimensions (W x D x H): 16.9″ x 5.9″ x 1.7″ (430 mm x 280 mm x 44.5 mm)
    • Weight: 2.8 lbs (2.10 kg)


    • Operating Temperature: 0 ~ 50 °C
    • Storage Temperature: -20 ~ 65 °C
    • Operation Humidity: 5% ~ 95% (Non-condensing)
    • Storage Humidity: 5% ~ 95% (Non-condensing)


    • CE, FCC
    • RoHS compliant

    Package Contents

    • 4ipnet WHG315 x 1
    • CD-ROM (User’s Manual and QIG) x 1
    • Quick Installation Guide (QIG) x 1
    • RS-232 DB9 Console Cable x 1
    • Cat.5e Ethernet Cable x 1
    • Power Cord x 1
    • Rack Mounting Bracket (with Screws) x 1

    ** Specifications subject to change without notice**