Multi-site Configuration and Installation Guide Port Forwarding Option V1.0 7-24-2006
Overview What this guide covers This guide will assist you in setting up a Wide Area Network (WAN) that allows your client TimeIPS stations to communicate with your Master TimeIPS station. You will need the following: Continuous ("always on") Internet access at each location, such as Cable or DSL modem access. A router at each location. The router allows you to connect multiple computers together, forming a LAN. Your TimeIPS system and any computers you wish will connected to the router. Most devices on a LAN will have an internal IP address of 192.168.0.x, 172.16.0.x, or 10.0.0.x. A "static" "public" IP address for the router at the location of your master TimeIPS system. The static IP address will be provided by your ISP. This allows you to connect to the router from anywhere you have Internet access. You will be doing specific configurations on this router (port forwarding) so only your TimeIPS system is available from the Internet. Below is an overview of the steps involved: 1. Obtain needed Internet Services for each of your locations, including a static public IP address for the location of your Master TimeIPS system. You will assign this static IP address to the router at the location of the Master TimeIPS station. This needs to be a static IP address so the client TimeIPS stations will always know where to send their clocking data; the IP address will not change. 2. Install the Router and Configure the Internal Network at the location of your Master TimeIPS station. You will configure the router at this location to forward information it receives from the Internet to the LAN IP address of the TimeIPS Master station. 3. Install and Configure the TimeIPS Master. You will configure the Master TimeIPS station with the internal static IP address you configured the router to forward information to in step 2. 4. Install and Configure the TimeIPS Clients. You will configure the client TimeIPS stations to send clocking information to the public static IP address of the router at the master location. The final result: When an employee clocks in from a client station, the clocking information will be sent through the Internet to the static public IP address of the router at the Master TimeIPS station's location. The router will then forward this information to the LAN IP address assigned to the Master TimeIPS station.
Terminology IP Addresses An Introduction to IP Addressing If you are unfamiliar with IP Addressing or are new to networking concepts, below are some basic terminology used throughout this guide. Types of IP Addresses What is an "IP Address"? An IP (Internet Protocol) Address is a unique identifier for a computer or other network device to be identified on a network. What is a "static" vs a "dynamic" (DHCP) IP address? A static IP address is assigned to a computer or network device and never changes. A "dynamic" or DHCP (Dynamic Host Configuration Protocol) address is obtained automatically and may change without affecting your computer's performance. Computers, by default, are set to DHCP. Statically assigned IP addresses have been specifically assigned from a network administrator and are stored in a table to prevent two devices from receiving the same address. You will assign your TimeIPS system a static IP address so you can easily access it in a web browser. It is not necessary but we do recommend you set your remote (client) TimeIPS stations to a static IP address for easier maintenance and trouble shooting. What is an "internal" (LAN) vs a "public" (Internet or WAN) address? Multiple computers that are connected together to share resources (such as Internet access, printers, and files) are generally on the same "internal" network or LAN (Local Area Network). You cannot access these resources from the Internet or your home computer without additional networking devices and/or configurations in place. A "public" network refers to the Internet. The Internet is a series of computers and servers that host information and can be accessed with any Internet connection provided by an Internet Service Provider (ISP).
Configuration Overview for 2 (or more) Locations MASTER LOCATION Configuration Overview IPS153T Number of locations: 2 or more Master System: TimeIPS 150 or 250 series Client Systems: TimeIPS 140 or 240 series Connection: Direct Internet (No VPN) Master Location: Static Internet IP Client Locations: Dynamic Internet IP Computers Router Static IP Cable/DSL Modem Internet Cable/DSL Modem Cable/DSL Modem Cable/DSL Modem Router Router Router IPS242 Computers CLIENT LOCATION IPS242 Computers CLIENT LOCATION IPS242 Computers CLIENT LOCATION
Step 1 Obtaining needed Internet Services To use TimeIPS at multiple locations, you must provide each with a continuous connection to the Internet. The Master Location must have a Static IP Internet Address provided by your ISP (Internet Service Provider) on the Cable/DSL modem. Client locations will work with either a Dynamic ( DHCP ) or Static IP Internet Addresses. Location Required Internet Connection Master Static IP Internet Address Client Static or Dynamic (DHCP) IP Internet Address Most Internet services provide only Dynamic or DHCP IP Internet Addresses. To obtain a Static IP Internet address for your Master Location, use the following steps: a. Contact your ISP (Cable/DSL provider) and tell them I need to have a Static IP address on this Internet account. b. When your Static IP Address is ready, your ISP will provide you with a list of configuration settings including the following, which we suggest keeping in the table below for future reference: Static IP Configuration Item IP Address Subnet Mask Default Gateway Primary DNS Secondary DNS Note: Upgrading to a Static IP Address may require an additional fee each month, and/or may require your Internet service to be upgraded to business level. Note: The upgrade process may take a few hours or several days, depending on your ISP workload. Value
Example with IP Addresses Location 1 MASTER IPS250T TimeIPS Master: IPS250T Computers Static IP: 192.168.1.50 DHCP: 192.168.1.100-192.168.1.150 Internal Network: 192.168.1.1 Router Internet: 65.66.67.68 Cable/DSL Modem Internet Cable/DSL Modem Additional locations with TimeIPS Clients can be configured up to the number supported by the TimeIPS Master Internet: DHCP (Dynamic IP) Router Internal IP: 192.168.1.1 IPS242 IP: 192.168.1.102 Master: 65.66.67.68 Computers Location 2 CLIENT IPS242T
Step 2 Master Location: Install Router and Configure Internal Network Each location must have a Router (sometimes called a Gateway and/or Firewall ) that provides a connection between your Cable/DSL modem (the Internet) and your internal network (your LAN). In this guide, we will use a common, affordable router (Linksys WRT54GL) as an example. Routers from other manufactures are similar, but their configuration option and menu items will be different. If you use a router other than the one in our example, please contact your router manufacturer for support and assistance. If you are new to networking, we suggest you buy and use our example router (or similar model) to simplify installation. Install the router: 1. Follow the wiring instructions that come with the router. Connect an Ethernet cable from your Cable/DSL modem to the Internet port on the Router. Connect an Ethernet cable from your PC/Laptop to one of the four internal network ports on the Router (labeled 1-4). 2. Boot your PC/Laptop. 3. Log into the router by opening a web browser and typing in HTTP://192.168.1.1 in the address bar. You should be prompted for a Username and Password. For the example router: Username: <no username, please leave blank> Password: Admin Access the router by entering 192.168.1.1 in the address bar Leave the username blank and enter admin as the password
1. 2. 3. 4. On the Router's Setup page, select Static IP for the Internet Connection Type. Enter your Static IP address, Subnet Mask, Gateway and DNS. Choose a Static IP for your TimeIPS system based on the DHCP range settings. Click Save Settings to have your changes take effect. Select Static IP Enter the numbers provided by your ISP, including IP Address, Subnet Mask, Gateway, and Static DNS Note DHCP range and select an Internal Static IP for the TimeIPS Master that is NOT in the DHCP Range Click to Save Settings Note the DHCP starting IP address and Maximum number of clients. In this example, starting is 192.168.1.100 with a maximum of 50 DHCP users. This means that the IP Addresses in the range 192.168.1.100 to 192.168.1.150 are reserved for DHCP which will be given automatically to new computers and devices connected to the internal network. Choose an internal Static IP that is NOT in the DHCP range, for example 192.168.1.50 for the TimeIPS Master. You will assign this IP Address to your TimeIPS Master system in Step 3 of this guide.
1. If using a wireless router, please be sure to enable wireless security. If you do not need wireless access, simply disable wireless. 2. Click Save Settings. Set the wireless mode to Disabled for the best security Click to Save Settings This completes the basic router configuration. Test your Internet connection by opening another browser windows and verifying that you can load an external web page, for example http://www.timeips.com If you cannot access external web pages, disconnect and then reconnect power to your Cable/DSL modem and Router and try again. If you still cannot access outside web pages, please consult with your Internet Service Provider for assistance.
In order for remote TimeIPS clients to access the master, you must configure Port Forwarding in your router. This tells the router where to send information coming from the Internet, such as from your TimeIPS client stations. 1. Click on Applications & Gaming 2. Enter rules as shown above to port forward the TimeIPS master system's internal IP address to the external address. 3. Click Save Settings when done. If you are using a router other than the example, look for Port Forwarding or Virtual Servers in the menu and forward the following ports from the Internal Address of your TimeIPS system (192.168.1.50 in this example) to the Internet Address, keeping the port numbers the same and forwarding both UDP and TCP: 3306, 443, 80, 123.
Step 3 Install and Configure TimeIPS Master The TimeIPS master must be set to use the INTERNAL Static IP Address you selected when configuring your router. This address in 192.168.1.50 in this example. 1. Connect your TimeIPS Master to one of the Internal ports on your router (labeled 1-4). 2. Power-up the TimeIPS System and write down the IP address it shows on the LCD display during the boot-up process. 3. Log into TimeIPS from a PC by opening a web browser and putting in the address of your TimeIPS system and select Configure as Master. IMPORTANT: If you need help getting the TimeIPS master system on-line, please follow the detailed instructions in the TimeIPS Installation Guide. 4. Enter Company and Administrator information and set the IP address of TimeIPS to be Static, using the Static IP you selected in Step 2 (192.168.1.50 in our example). If your TimeIPS system is already working, you can change (or verify) the IP address by putting the following in the address bar of your web browser: http://<your TimeIPS current IP Address>/quickset_ip.php Use the quickset_ip.php page to verify or set IP address settings. Set the internal Static IP Address you selected when configuring your router Be sure the Subnet Mask, Default Route (same as Gateway) and DNS servers are also set.
The Master system should have IPSSEC Enhanced Security module installed and activated. To check to see if your system already has IPSSEC, select Administration, System Administration, then Security. If you are given an upgrade information screen, we strongly recommend purchasing IPSSEC to greatly improve the security of this network configuration. After IPSSEC in installed, create a new certificate by entering your Organization's Name, City, State, Country Code and email address as requested.
Step 4 Install and Configure TimeIPS Clients The TimeIPS clients must be configured to reach the router at the location of the Master TimeIPS system. 1. Connect your TimeIPS Client to one of the Internal ports on your router (labeled 1-4). 2. Power-up the TimeIPS System and write down the IP address it shows on the LCD display during the boot-up process. 3. Log into TimeIPS from a PC by opening a web browser and putting in the address of your TimeIPS system and click on the Client Configuration Page link. 4. Put the Internet IP Address provided by your ISP into the Master TimeIPS Station field. 5. Clients can be left DHCP or have an internal static IP set outside of the DHCP range for the location. Leave the client station on DHCP or set to a static IP if needed (shown) Enter the Internet Static IP Address provided by your ISP here Click to Save Settings
Step 5 Testing Testing and troubleshooting. Each client should be able to clock in/out and each client location should be able to access the Web Administration pages of the Master TimeIPS system. Issue Solution(s) No remote clients can clock in/out A, then B At least one remote client can clock in/out, but others can't A, then C Remote clients can clock, but cannot access the TimeIPS Master administration pages B, Port 80 and 443 in particular Remote clients do not keep exact time synchronization with the master. B, Port 123 in particular Clicking the Client Name in the Master Client Configuration page does not open the Client configuration window Since the clients are on remote networks, this feature is not available Solutions A. Check the Internet connection. Verify that a computer can access external web pages from that location. If not, check the Router and Cable/DSL modem, disconnect and reconnect power to all network devices and computers and try again. If you still cannot access the Internet, contact your ISP and/or Router manufacturer for networking assistance. B. Verify that the TimeIPS master is being port-forwarded correctly. Open a web browser on a computer at any client location and enter http://<static IP provided by ISP>. You should get a login page for your master TimeIPS system. If not, but you can access the Internet (See Item A above), then you need to double-check the port-forward settings in the Router at your master location (See step 2). C. Verify that the clients are pointed to the static IP address provided by your Cable/DSL ISP. Open a web browser on a computer at the client location and enter http://<ip address of client>/quickset_ip.php. Verify that the IP address of the TimeIPS master is correct.