How it Works
Cerio
Loading...
OW-200 A1
User Manual
120 pgs5.07 Mb0
Table of contents
Loading...

Cerio OW-200 A1, OW-218 A1 User Manual

Download
V3.0
CERIO Corporation
CenOS 5.0
for
OW-200 A1 / OW-218 A1
V3.0
1. Software Configuration .................................................................................... 6
1.1 Device appearance and RJ-45 reset function kit description ................................................ 6
1.2 Setup preparation of AP ......................................................................................................... 7
1.3 Login Web Page ..................................................................................................................... 10
1.4 Operating Mode Introduction .............................................................................................. 11
Access Point Mode ................................................................................................................................... 11
Client Bridge + Repeater Mode ................................................................................................................ 12
WISP + Repeater AP Mode ....................................................................................................................... 14
CAP mode (Centralizes Access Point)....................................................................................................... 15
2. System Configuration ..................................................................................... 16
2.1 Management ......................................................................................................................... 16
2.2 Configure Time Server ........................................................................................................... 19
2.3 SNMP ..................................................................................................................................... 21
2.4 Configure Time Policy ........................................................................................................... 22
3. Access Point mode ......................................................................................... 24
3.1 VLAN Setup ............................................................................................................................ 24
Network Setup ................................................................................................................................. 25
Network Pull-down menu ............................................................................................................... 26
3.1.1 DHCP Server........................................................................................................................... 26
3.1.2 Bandwidth Control ................................................................................................................ 28
3.1.3 Radio 0 Access Point Setup ................................................................................................... 29
3.1.4 MAC Filter .............................................................................................................................. 31
3.1.5 802.11r Fast Roaming Setup ................................................................................................. 32
3.2 Authentication ...................................................................................................................... 34
3.2.1 Enable Authentication function ............................................................................................ 35
V3.0
3.2.2 Set Authentication function.................................................................................................. 37
# Guest ..................................................................................................................................................... 37
# Local User .............................................................................................................................................. 38
# OAuth2.0 ............................................................................................................................................... 38
Sample for Google OAuth2.0 setup ........................................................................................................ 39
Sample for Facebook OAuth2.0 setup .................................................................................................... 42
# POP3/IMAP Server ............................................................................................................................... 45
# Customize Page .................................................................................................................................... 46
# Language ............................................................................................................................................... 48
# Walled Garden ...................................................................................................................................... 48
# Privilege Address .................................................................................................................................. 48
# Profile .................................................................................................................................................... 49
3.3 RADIUS Server ....................................................................................................................... 50
3.4 RADIUS Account Setup .......................................................................................................... 50
3.5 Wireless Configuration.......................................................................................................... 51
3.5.1 Radio 0 Basic Setup ............................................................................................................... 51
3.5.2 Advanced Setup .................................................................................................................... 53
3.5.3 WMM Setup .......................................................................................................................... 55
3.5.4 WDS Setup ............................................................................................................................. 57
3.5.5 WDS Status ............................................................................................................................ 58
4. Client Bridge Mode ........................................................................................ 59
4.1 Configure LAN Setup ............................................................................................................. 59
4.2 Configure DHCP Setup ........................................................................................................... 61
4.3 Wireless General Setup ......................................................................................................... 63
4.3.1 Radio 0 Basic Setup ............................................................................................................... 63
4.3.2 Advanced Setup .................................................................................................................... 65
V3.0
4.3.3 WMM Setup .......................................................................................................................... 67
4.3.4 Station Setup ......................................................................................................................... 69
4.3.5 Repeater AP Setup ................................................................................................................ 70
4.3.6 MAC Filter Setup ................................................................................................................... 72
4.3.7 802.11r Fast Roaming Setup ................................................................................................. 73
5. WISP Mode .................................................................................................... 75
5.1 Configure WAN Setup ........................................................................................................... 75
5.2 Configure LAN Setup ............................................................................................................. 79
5.3 Configure DHCP Server .......................................................................................................... 79
5.4 Wireless General Setup ......................................................................................................... 81
5.4.1 Radio 0 Basic Setup ............................................................................................................... 82
5.4.2 Advanced Setup .................................................................................................................... 84
5.4.3 WMM Setup .......................................................................................................................... 86
5.4.4 Station Setup ......................................................................................................................... 89
5.4.5 Repeater AP Setup ................................................................................................................ 90
5.4.6 MAC Filter Setup ................................................................................................................... 92
5.4.7 802.11r Fast Roaming Setup ................................................................................................. 93
5.5 Advanced Setup .................................................................................................................... 95
5.5.1 DMZ ....................................................................................................................................... 95
5.5.2 IP Filter ................................................................................................................................... 96
5.5.3 MAC Filter .............................................................................................................................. 97
5.5.4 Virtual Server ......................................................................................................................... 98
5.5.5 Access Control ....................................................................................................................... 99
6. CAP Mode .................................................................................................... 101
6.1 VLAN Setup .......................................................................................................................... 101
6.2 AP Control ............................................................................................................................ 103
V3.0
6.2.1 Scan Device .......................................................................................................................... 103
6.2.2 Batch Setup ......................................................................................................................... 104
6.2.3 AP Setup .............................................................................................................................. 107
6.2.4 Group Setup ........................................................................................................................ 107
6.2.5 Map Setup ........................................................................................................................... 108
6.2.6 Authentication Profile ......................................................................................................... 110
6.2.7 Status ................................................................................................................................... 110
7. Utilities ........................................................................................................ 111
7.1 Profile Setting ...................................................................................................................... 111
7.2 System Upgrade .................................................................................................................. 112
7.3 Network Utility .................................................................................................................... 114
7.4 Reboot ................................................................................................................................. 114
8. Status ........................................................................................................... 115
8.1 Overview ............................................................................................................................. 115
8.2 Wireless Client ..................................................................................................................... 116
8.3 Online Users ........................................................................................................................ 116
8.4 Authentication Log .............................................................................................................. 117
8.5 System Log ........................................................................................................................... 117
Appendix A. WEB GUI Valid Characters .............................................................. 118
V3.0

1. Device and Software Configuration

1.1 Device appearance and RJ-45 reset function kit description

Device appearance
ANT 1 ANT 2
ETH2 (RJ-45 Reset function kit used port)
ETH1 (PoE in)
1. When radio set 1Tx/1Rx then main signal
output power is the left N-type (ANT1)
connect. As refer 3.5.1 Radio 0 Basic
Setup.
2. The device don't add the hardware return
factory value button, if software want to
reset to default then must use RJ-45 reset
function kit (Accessories) , under working
of the device (power on state) use RJ-45
cable connection to ETH2 port and
function kit, after link about 5 sec remove
RJ-45 reset function kit the software will
reset to default. As shown.
RJ-45 reset function kit
RJ-45 port
V3.0

1.2 Setup preparation of AP

Please PC link to Device used cat5/6 Ethernet cable.
The following setup uses a Windows PC, user OS may vary
Step 1: Please click on the computer icon in the bottom right window, and click “Open Network and
Internet settings”
1
2
V3.0
1
2
Step 2: After click left side "Ethernet" function, click on the right side “Change adapter options”
again.
1
2
Step 3: In “Change adapter options” Page. Please find Ethernet (Local LAN) and Click the right
button on the mouse and Click “Properties”
V3.0
Step 4: In Properties page to setting IP address, please find “Internet Protocol Version 4
(TCP/IPv4)” and double click or click “OK” button.
Step 5 :
Select “Use the following IP address”, and fix in IP Address : 192.168.2.#
ex. The # is any number by 1 to 253
Subnet mask : 255.255.255.0
And Click "OK" to complete the fixed computer IP setting
1
2
V3.0

1.3 Login Web Page

Launch Web Browser
Launch as web browser to access the web management interface of system by entering the default IP Address, http://192.168.2.254, in the URL field, and then press Enter.
System Login
Default login Username is “root”and Password is “default
root
default
V3.0

1.4 Operating Mode Introduction

Access Point Mode

Please click on System ->Mode Setup and choose Access Point Mode
It can be deployed as a traditional fixed wireless Access Point
It allow wireless clients or Stations ( STA ) to access
Supports DHCP Service, allowing for automated assigning of IP addresses to clients connecting to
the network
WDS Setup includes AES (Advanced Encryption Standard) Authentication
This enables the wireless interconnection of Access Point in a IEEE802.11 network and accepts
wireless
Support Captive Portal authentication.
V3.0

Client Bridge + Repeater Mode

Please click on System ->Mode Setup and choose Client Bridge Mode
V3.0
It can be used as a Client Bridge + Repeater AP to receive wireless signals over last mile
applications, helping WISPs deliver wireless broadband Internet service to new residential and
business customers
In this mode, the AP is enabled with DHCP Server functions. The wired clients of the AP are in the
same subnet from Main Base Station and it accepts wireless connections from client devices. You
can disabled the repeater extending AP function, which will enable the “AP Client ” function
V3.0

WISP + Repeater AP Mode

Please click on System ->Mode Setup and choose WISP Mode
It can be used as an WISP/Outdoor Customer Premises Equipment (CPE) to receive wireless signals
over last mile application, helping WISPs deliver wireless broadband Internet service to residents
and business customers
In the WISP (CPE) mode, the CenOS 5.0 AP is a gateway enabled with NAT and DHCP Server
functions. The wired clients connected to APs are in different subnet from those connected to
Main Base Station, and, in WISP (CPE) mode, it does not accept wireless association from wireless
clients.
V3.0

CAP mode (Centralizes Access Point)

Please click on System ->Mode Setup and choose CAP Mode
Control Management of CenOS5.0 APs
AP Management support 802.1Q VLAN infrastructure
Centralized setting Access Point function and firmware upgrade.
APs Group management for concept.
V3.0

2. System Configuration

There are common functions in any mode have management /
Time Server / SNMP and Time Policy. Please refer to the following
detailed instructions.

2.1 Management

Administrators can specify geographical location of the system via instructions in this page and modify
system login password and select use system login protocol by 80, 443, 23, 22 Port.
The management page adds LED control on/off and system auto reboot function.
V3.0
System Language: Administrator can select system language for English and Traditional Chinese
System Information: Administrator can set the system name / Description and Location.
Root Password: Administrator can change system login password.
LED Control
When system working the moment, device LED will flashes. Administrator can select
close the LED flashes in the function.
Ping Watchdog: Ping Watchdog helps administrator to automatically reboot the system when ever
there is a network or AP issue.
Ping Watchdog: Enter IP address of remote device
Interval: Ping interval of time.
Delay: After system start, the set time value starts execution Ping watchdog.
Times of faults: After the error exceeds the set value, system will auto reboot.
Login Methods: Administrator can set system login protocol of the http/https/telnet and ssh.
System Log Setup: Administrator can be backup system log or authentication log to remote server.
Please enter IP address and port of remote syslog server.
Port Isolate : When enable web authentication function, administrator can chooses Ethernet port
whether used web authentication.(This function need enable System
Authentication function)
Enable: If chooses enable this function then client connection Ethernet port will need
web authentication too. When enable this function system will only 1 VLAN and 1 ESSID.
V3.0
Disable: If chooses disable this function then client connection Ethernet port will not be
intercepted using web authentication. Wired client network basis on VLAN0. When
disable this function system can use 8 VLAN and 8 ESSID.
Auto Reboot: The functions can Auto-reboot the system by Date/time management.
Daily
Setting time to system reboot.
Weekly : Setting frequency (ex. Weekly) and time of system reboot
Monthly : Setting Every month, fixed date and time to system reboot
V3.0
ClickSave” button to save your changes. And click Reboot” button to activate your changes

2.2 Configure Time Server

Administrator can select manual or via a NTP server to modify system time
for the right local time.
If select update the system time for manual, when administrator reboot
system the system time will reply default.
If select update the system time for the NTP Server, system must set
gateway and DNS server, the system can be connected internet.
V3.0
Mode: Administrator can select NTP Server or Manual.
NTP Server: System can auto update the system time. Administrator needs setting as NTP
Se rv e r.
Default NTP Server: Administrator can select NTP Server.
NTP Server: Administrator can setting as NTP Server.
Time Zone: Administrator can select a desired time zone from the drop-down list.
Daylight saving Time: Enable or disable Daylight saving.
Manual: Administrator need to set the system time.
ClickSave” button to save your changes. And click Reboot” button to activate your changes
V3.0

2.3 SNMP

SNMP is an application-layer protocol that provides a message
format for communication between SNMP managers and agents. By
enabling SNMP function, the administrator can obtain the system
information remotely.
Please click on System -> SNMP and follow the below setting.
SNMP v2c function
Active: Administrator can select Enable or Disable the service.
RO Community: Set a community string to authorize read-only access.
RW Community: Set a community string to authorize read/write access.
SNMP v3 function
Active: Administrator can select Enable or Disable the service.
RO username: Set a community string to authorize read-only access.
Ro password: Set a password to authorize read-only access.
RW username: Set a community string to authorize read/write access.
RW password: Set a password to authorize read/write access.
V3.0
SNMP Trap
Events such as cold start interface up & down, and association & disassociation will report to an
assigned server.
Active: Administrator can select Enable or Disable the service.
Community: Set a community string required by the remote host computer that will receive trap
messages or notices send by the system.
IP(1~4) : Enter the IP addresses of the remote hosts to receive trap messages.
ClickSave” button to save your changes. And click Reboot” button to activate your changes

2.4 Configure Time Policy

V3.0
Please click Edit button to setting Time Policy rules.
Comment: Enter the description of Time Policy rule.
Mode: Administrator can select On schedule or Out of schedule to execution the rules.
Create New Policy button:
Administrator can set time for week / start time and end time.
Click “Save” button to add schedule to policy. There are 10 schedule maximum allowed in the each
time policy. All schedules can be edited or removed in the each time policy. Click Reboot button to
activate your changes.
V3.0

3. Access Point mode

When AP mode is chosen, the system can be configured as an
Access Point. This section provides detailed explanation for
users to configure in the AP mode with help of illustrations.
In the AP mode, functions listed in the table below are also
available from the Web-based GUI interface.

3.1 VLAN Setup

Here are the instructions to setup the local IP Address / Netmask / Gateway / DNS and management
Access Point 5G Radio on/off. Administrators can change settings such as LAN Spanning Tree and Tag
VLAN functions.
VLAN Mode:Display on/off for the VLAN network.
Flag
IP Address
NetMask
Radio 0
Action
Display master VLAN and VLAN Tag No. information.
Display IP Address for VLAN Network.
Display IP netmask.
Display radio 5G SSID name.
The button can set VLAN network functions and radio functions.
V3.0
Network Setup
Network button
Administrator can click button to set VLAN network functions.
VLAN Mode:Administrator can select Enable or disable for the VLAN Network.
At least one VLAN will always be enabled by default
IP Mode
IP Address/ NetMask
Management
Access Point 0
802.1d Spanning Tree : The spanning tree network protocol provides a loop free topology for
a bridged LAN between LAN interface and 8 WDS interfaces from wds0 to wds7. The Spanning
Tree Protocol, which is also referred to as STP, is defined in the IEEE Standard 802.1d
Administrator can select enable or disable function for VLAN IP.
Administrator can set IP address and netmask for the VLAN.
Administrator can Enable or Disable 5G Radio.
Control Port:Administrator can select one of the VLAN as managed AP.
IAPP
VLAN Tag Setup: Set the VLAN used tags.
Administrator can select radio 5G for IAPP roaming.(the IAPP condition must use
WPA2 -PSK Wi-Fi security and AES algorithm)
V3.0
Network Pull-down menu
Administrator can set DHCP Server and 2.4/5G security for the access point and set 802.11r fast
roaming.
Please click pull-down button.

3.1.1 DHCP Server

Administrator can select enable / disable the function
Start IP : Set Start IP for DHCP Service.
End IP : Set End IP for DHCP Service.
Netmask: Set IP Netmask, the default is 255.255.255.0
V3.0
Gateway: Set Gateway IP for DHCP Service.
DNS(1-2) IP : Set DNS IP for DHCP Service.
WINS IP : Enter IP address of the Windows Internet Name Service (WINS) server; this is optional.
Domain : Enter the domain name for this network.
Lease Time : The IP addresses given out by the DHCP server will only be valid for the duration
specified by the lease time. Increasing the time ensure client operation without interruptions,
but could introduce potential conflicts. Lowering the lease time will avoid potential address
conflicts, but might cause more interruptions to the client while it will acquire new IP addresses
from the DHCP server. Default is 86400 seconds
DHCP Client List
Administrator can view IP address used status of client users on each DHCP Server.
Static Lease IP Setup
Administrator can set be delivered fixed IP address to the users.
Comment : Enter rule description.
 IP Address : Enter access point IP.
MAC Address : Enter Client MAC Address of PC network.
Click “Save” button to save your changes. Then click Reboot button to activate your changes.
V3.0

3.1.2 Bandwidth Control

Administrators can set bandwidth limit the max/min bandwidth of the
Wi-Fi users, Bandwidth control can set IP/MASK , IP Range, Port(Service),
SIP, RTP/RTSP and WEB.
Administrator can enable or disable the function.
Administrator can set total bandwidth used limit in VLAN.
QoS Rule List: Administrator can set bandwidth limit by IP/MASK, IP Range, Port(Service), SIP,
RTP/RTSP, WEB protocol , each VLAN can set 10 bandwidth management rule.
Click “Save” button to save your changes. Then click Reboot button to activate your changes.
V3.0

3.1.3 Radio 0 Access Point Setup

Administrator can Enable or Disable radio 0 (5G) Wi-Fi. If radio 0 (5G) are enabled, administrators
can set the SSID and security for the 5G access point.
Access Point: Administrator can Enable or Disable the radio 0 (5G).
ESSID: Administrator can set Wi-Fi SSID name
SSID Visibility: Administrator can select Enable or Disable the Visibility.
Client Isolation: Enable or Disable the client isolation function.
Connection Limit: Administrator can select Enable or Disable WiFi connection Limit.
User Limit: If select enable of the connection Limit function, administrator can set users
connection limit.( Recommended limit 60 Wi-Fi Users)
Security Type: Select the desired security type from the drop-down list; the options are Open
Sy s t em , W PA -PSK/WPA2-PSK and W PA/ W PA 2 -Enterprise.
Open System: Data is not unencrypted during transmission when this option is selected.
W PA -PS K /W PA2 -PSK Personal: WPA/WPA2 i s sho r t for W-Fi Protected Access-Pre-Shared
Key. WPA/WPA2 uses the same encryption way with WPA, and the only difference between
them is that WPA/WPA2 recreates a simple shared key, instead of using the user’s
certification.
V3.0
WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.
Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption
method.
AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a
number of repetitions of transformation rounds that convert the input plaintext into
the final output of ciphertext. Each round consists of several processing steps,
including one that depends on the encryption key. A set of reverse rounds are applied
to transform ciphertext back into the original plaintext using the same encryption key.
TKIP is short for “Temporal Key Integrity Protocol”, TKIP scrambles the keys using a
hashing algorithm and, by adding an integrity-checking feature, ensures that the keys
haven’t been tampered with.
Group Key Update Interval: The time interval is for re-keying GTK
(broadcast/multicast encryption keys) in seconds. Enter the time-length required; the
default time is 600 seconds.
Pass Phrase: Enter the ESSID pass phrase.
WPS: Administrator can used WPS function to link WiFi client. If enabled,
administrator can click the WPS Push Button.
WPA/WAP2-Enterprise
V3.0
Radius ServerEnter the IP address of the Authentication RADIUS server.
Radius Port: The port number used by Authentication RADIUS server. Use the default
1812 or enter port number specified.
Radius Secret: The secret key for system to communicate with Authentication RADIUS
server. Support 1 to 64 characters.
After the above function is setup, please click "Save" button and reboot system will apply new
profile and working normally.

3.1.4 MAC Filter

(1 ) Only Deny List MAC
point will deny connection in MAC address list.
(2) Only Allow List MAC
point will allow connection in MAC address list.
Administrator can add wireless users MAC address in MAC list. The access
Administrator can add wireless users MAC address in MAC list. The access
V3.0
The dual band Access Point supports 802.11r/802.11k function for 5G
After the above function is setup, please click "Save" button and reboot system will apply new
profile and working normally.
MAC Address: Set managed MAC address of the client.
MAC Address List: Display managed MAC address list.
Click “Save” button to save your changes. Then click Reboot button to activate your changes.

3.1.5 802.11r Fast Roaming Setup

radio. 802.11r, which is the IEEE standard for fast roaming, introduces a
new concept of roaming where the initial handshake with the new AP is
done even before the client roams to the target AP.
V3.0
Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the same
SSID) between which a STA can use Fast BSS Transition. Please enter 2-octet identifier as a hex
string.
R0 Key Lifetime: Default lifetime of the PMK-RO in minutes, the default is 10000, administrator
can setting 1~65535.
Reassoc deadline: Reassociation deadline in time units (TUs / 1.024 ms; range 1000~65535).
The default is 1000.
R0/NAS Identifier: PMK-R0 Key Holder identifier. When using IEEE 802.11r, nas_identifier must
be set and must be between 1 and 48 octets long.
R1 Identifier: PMK-R1 Key Holder identifier 6-octet identifier as a hex string.
R1 Push: Administrator can select Enable or disable. If enable the function will automatically
sent the R1 Key.
R0 Key Holder:
To enable roaming between multiple AP devices, AP1 must key in the MAC Address of AP2, and AP2
must key in the MAC Address of AP1. The NAS Identifier and 128-bit Key should be identical in both
AP settings. This will enable device roaming between the two Access Points.
MAC Address: Administrators must enter the MAC Address of other AP
NAS Identifier: Enter 1~48 octets of network domain name.
V3.0
128-bit Key: Enter Shared Key of 128 bit.
R1 Key holders : Enter a unified set of R1 Key Holder identification certification.
MAC Address: Enter the main roaming device MAC address
R1 Identifier: Enter Shared identifier.
128-bit Key: Enter Shared Key of 128 bit.
After the above function is setup, please click "Save" button and reboot system will apply new profile
and working normally.

3.2 Authentication

This function used to operate in Access Point mode, the function is for Web Authentication. It supports
authentication for local users / RADIUS Server / OAuth2.0 and Guest. The system supports in N VLANs
with web authentication.
Please click on System -> Authentication
When enable web authentication function, please does make the Access
Point can be connected to gateway. Please refer to 3.1 VLAN Setup. If the
gateway IP address is set error then web authentication page will be can't
display.
V3.0
#:Display VLANs number.
VLAN Mode
Authentication
Action
Displays VLAN on/off status. (Please refer to 3.2 VLAN Setup)
Displays VLAN# whether enable or disable web authentication.
The function has 2 buttons (Authentication and Dropdown)

3.2.1 Enable Authentication function

: By clicking the Authentication button, administrator can enable or disable this
function.
Authentication
Multiple Login
the users can set limit.( 0 = not limited)
Login Timeout
for account. Administrator can enter a time(Minutes).
Redirect URL
enter web site URL.
Administrator can enable or disable authentication function.
Administrator can set one account to multiple users simultaneously login and
After account login for some time no traffic, system will automatic timeout
After the success of the login, system will redirect to URL. Administrator can
V3.0
Login URL:Administrator can set URL for login page.
Session Log
If network have Syslog server. Administrator can to systemmanagement
setting IP address for syslog server and enable the function. Account session log will copy to
syslog server.
Local User
Administrator can enable authentication for local user. Create user account can to
reference “3.2.2 Local User” setup.
RADIUS
Authentication support remote RADIUS Server. Administrator can enter security
information for remote RADIUS Server.
Click “Save” button to save your changes. Then click Reboot button to activate your changes.
V3.0

3.2.2 Set Authentication function

: By Clicking the Dropdown button, Administrators can set authentication
functions.

# Guest

Administrator can enable or disable guest authentication. If enabled, the administrator can set guest
Count Limit / login time and type and flow control.
Service
Administrator can select enable or disable this function.
Login Type :
One Time: Login to start counting until the end of time.
Multiple Times: logout time will stop counting until the next re-login to time start counting.
Count Limit: Administrator can set guest limit.
Login Time: Within a certain timeframe with no traffic, the system will auto logout.
V3.0
QoS: Administrator can restrict the traffic of guest. Traffic management can set users upload
and download traffic.

# Local User

Administrator can create local user account for web login.
User Name
Password
Administrator can create users account.
Set account password.

# OAuth2.0

The OAuth2.0 function supports Facebook and Google by default. Users can add additional OAuth2.0
servers through UI settings.
#
Display items.
Active
Provider
and Facebook
Display on/off status for the authentication.
Display authentication server. The system default use authentication server for Google
V3.0

Sample for Google OAuth2.0 setup

Please complete the application on the Google website to receive an account ID and password, follow
the steps below.
Step.1 Please go to the Google Developers Console page and create a project
(Reference https://developers.google.com/identity/protocols/OAuth2)
Step.2 Click Credentials to create OAuth client ID in the API manager page.
V3.0
Step.3 Select web application in the “Application Type” section and set “Restrictions” URL.
Step.4 Set Authorized JavaScript origins and Authorized redirect URLs (important)
Administrator must set login URL in the device function. After complete set of login URL go to the
“Restrictions” function in web page. Follow the steps below to set login URLs
Setup login URL in the device. Please Click system
Authentication and enable the function.
The “Authentication Setup” page to set Login URL
V3.0
After complete set of login URL go to the “Restrictions” function in web page. Copy and paste
the login URL from the system display into the “Restriction” page on the Google Developer
website.
Google Authorized JavaScript origins URL is http://domain0.login.com (same as Login URL)
Google Authorized redirect URLs is
http://domain0.login.com/login/index.cgi?cgi=CALLBACK
Step.5 After completing the “Restrictions” setup, click the create button. An OAuth Client page will
pop-up with your “client ID” and “client secret”. Administrators must copy and paste their client ID
and secret into the OAuth 2.0 Setup page in our software UI.
Save and reboot the AP system, complete the setup.
V3.0

Sample for Facebook OAuth2.0 setup

Please complete the application on the Facebook website to receive an account ID and password,
follow the steps below.
Step.1 Please to Facebook developer’s page and add a New App
Step.2 Select WWW function
Step.3 Administrator must set www for your information.
V3.0
Step.4 Please click “Setting” and add Platform
Step.5 Select Platform for “Website”
Step.6 Enter URL is http://domain0.login.com/login/index.cgi?cgi=CALLBACK
Administrator must set login URL in the device function. After complete set of login URL go to the
Facebook Site URL” function in web page. Follow the steps below to set login URLs
Setup login URL in the device. Please Click system
Authentication and enable the function.
The “Authentication Setup” page to set Login URL
V3.0
After complete set of login URL go to the “Facebook Site URL” function in web page. Copy and
paste the login URL from the system display into the “Site UR L” page on the Facebook
website.
Step.7 Click Advanced function to enable the “Native or desktop app?” and “Is App Secret
embedded in the client? “
Step.8 After completing the “Facebook Site URL” setup. Administrators must copy and paste their
App ID and App secret into the OAuth 2.0 Setup page in our software UI.
V3.0
Client ID and Client Secret setup by third parties such as Facebook and Google are
subject to change. The instructions above follow the 2016 setup procedure. Any
future changes to the Facebook/Google process may lead to our instructions
becoming invalid.

# POP3/IMAP Server

The purpose of this integrated function is to allow clients to link a POP3 server for receiving
emails from a remote server.
Service: Administrator can choose Enable or Disable the PoP3 authentication.
Display Name
Set the “Display Name” based on the appropriate POP3 user or client.
V3.0
Host : Define the desired Host server name.
Port : Input the proper port number for the corresponding server.
Connect Type : Select the Connect type with options of “STARTTLS”, “SSL/TTL”, or “None”.
POP3 Server Test : Use this tool to test if the POP3 server is operating correctly with your
selected email

# Customize Page

This function is to customize the user Login Page. This supports Multiple Language and allows
comprehensive customization through HTML editing.
Page Setup
Temp l at eAdministrator can select Enable or disable.
Select enable to active default Login Page
V3.0
Select disable to active HTML Source code window for customization
Sample: See sample login page below that is customized by html coding (sample login page html
code templates are available on Cerio website)
The following function uses the enabled Template
Multiple Language
page. Administrator must to Language function create new language.
Page Color Setup:Administrator can change the login page color.
Administrator can select enable or disable multiple language for login
V3.0

# Language

Administrator can create other language for login page.
Click “Create New Language” button go to add or edit language for login page.
Language: Set description of language.
Default Language: Display default language.

# Walled Garden

This function provides certain free services or advertisement web pages for users to access the
websites listed before login and authentication. User without the network access right can still have
a chance to experience the actual network service free of charge in Walled Garden URL list.
Display Name: Set name of Website.
IP Address/Domain: Set IP or Domain of the Open the website.
Full URL: Set full website name.

# Privilege Address

This function provides local device can access Internet without authentication. If there are some
workstations belonging NGS Access Point that need to access to network without authentication,
enter the IP or MAC address of these workstations in this list.
V3.0
Device Name: Enter Device or Users Name.
IP Address: Enter used IP Address of Device or Users PC.
MAC Address: Enter MAC Address of Device or Users PC.
After the above function is setup, please click "Save" button and reboot system will apply new
profile and working normally.

# Profile

Administrator can backup current authentication configuration and login page for HTML Source
code. But also can recover.
Click “Save” button to save your changes. Then click Reboot button to activate your changes.
V3.0

3.3 RADIUS Server

This function only used to operate in Access Point mode.
Service:Administrator can select Enable or disable the function.
Radius
Radius Secret
Administrator must to set remote RADIUS Server use Port.
Administrator must to set remote RADIUS Server use Key.
Click “Save” button to save your changes. Then click Reboot button to activate your changes.

3.4 RADIUS Account Setup

When enabled RADIUS Server, administrator can add RADIUS account and password in the function. But
also can recover or backup the RADIUS account. Account can create 50 users limit
This function only used in Access Point mode.
V3.0
User Name
Password
Export User File
Import From PC
Click “Save” button to save your set function. Then click Reboot button to activate your changes.
Create users name for RADIUS account.
Enter password for user name.
Administrator can export account list in RADIUS Server.
Administrator can import account list to the RADIUS Server.

3.5 Wireless Configuration

This wireless functions administrator can set radio 0 (5G) application of the Access Point.

3.5.1 Radio 0 Basic Setup

V3.0
MAC Address: Display 5G WiFi MAC address. Country: Administrator can select country: US or EU or Taiwan. Band Mode: Administrator can select 5G Band for 802.11a/n or 802.11ac. The default is 802.11ac Auto Channel: Administrator can Enable or Disable the function. If select disabled function the
WiFi channel can be manually fixed.
Channel: Supports US and EU country 5G Channel standards.
Tx Power: Administrator can control the WiFi Tx output power. The power Max. Level 9.
HT Physical Mode
TX/RX Stream: Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX. If
administratior adopt model is OW-200 A1 and select use 1Tx/1Rx funciton then please note
external N-type connector only one have signal output, as shown below.
Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually the best. The other
option is available for special circumstances.
Shout GI: Short Guard Interval is “Enabled” by default to increase throughput. However, it can also
increase error rate in some installations, due to increased sensitivity to radio-frequency reflections.
Select the option that works best for your installation.
Aggregation: By default, it's “Enable”. Select “Disable” to deactivate Aggregation.
A part of the 802.11n standard (or draft-standard). It allows sending multiple frames per single
access to the medium by combining frames together into one larger frame. It creates the larger
frame by combining smaller frames with the same physical source and destination end points and
traffic class (i.e. QoS) into one large frame with a common MAC header.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

3.5.2 Advanced Setup

Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. The
default value is 100 msec.
Access Point (AP) in IEEE 802.11 will send out a special approximated 50-byte frame, called
“Beacon”. Beacon is broadcast to all the stations, provides the basic information of AP such as
SSID, channel, encryption keys, signal strength, time stamp, support data rate.
All the radio stations received beacon recognizes the existence of such AP, and may proceed
next actions if the information from AP matches the requirement. Beacon is sent on a periodic
basis, the time interval can be adjusted.
By increasing the beacon interval, you can reduce the number of beacons and associated
overhead, but that will likely delay the association and roaming process because stations
scanning for available access points may miss the beacons. You can decrease the beacon
interval, which increases the rate of beacons. This will make the association and roaming
process very responsive; however, the network will incur additional overhead and throughput
will go down.
DTIM Interval: The DTIM interval is in the range of 1~255. The default is 1.
DTIM is defined as Delivery Traffic Indication Message. It is used to notify the wireless stations,
which support power saving mode, when to wake up to receive multicast frame. DTIM is
necessary and critical in wireless environment as a mechanism to fulfill power-saving
synchronization.
A DTIM interval is a count of the number of beacon frames that must occur before the access
point sends the buffered multicast frames. For instance, if DTIM Interval is set to 3, then the
Wi-Fi clients will expect to receive a multicast frame after receiving three Beacon frame. The
higher DTIM interval will help power saving and possibly decrease wireless throughput in
multicast applications.
V3.0
Fragmentation Threshold: Fragmentation Threshold is one more parameter which is given in
all stations and Access points. Fine tuning Fragmentation Threshold parameter can result in
good throughput but not using it properly can results in low throughput. In simple words it
does the same thing which MTU do in Ethernet. Both are different parameters but the work
done is same, it fragments the data packets.
Fragmentation threshold will be used when we have more data packet size to be transmitted
and we have less fragment threshold value. Let’s say from Ethernet we have to send 1400 byte
packet but the fragmentation threshold is set as 400. In this case when the packet is to be
transmitted on air it will fragment the packet in to 4 small packet 400+400+400+200 and send
on air. This includes MAC header+ frame body and CRC so 400 byte will be in total including
headers. This helps in increasing the throughput. The default is 2346.
RTS Threshold: TRTS Threshold is in the range of 1~2347 byte. The default is 2347 byte.
The main purpose of enabling RTS by changing RTS threshold is to reduce possible collisions
due to hidden wireless clients. RTS in AP will be enabled automatically if the packet size is
larger than the Threshold value. By default, RTS is disabled in a normal environment supports
non-jumbo frames.
Short Preamble: By default, this function is “Enabled”. Disabling will automatically use the
Long 128-bit Preamble Synchronization field. The preamble is used to signal "here is a train of
data coming" to the receiver. The short preamble provides 72-bit Synchronization field to
improve WLAN transmission efficiency with less overhead.
IGMP Snooping: The process of listening to Internet Group Management Protocol (IGMP)
network traffic. The feature allows a network switch to listen in on the IGMP conversation
between hosts and routers. By listening to these conversations the switch maintains a map of
which links need which IP multicast streams. Multicasts may be filtered from the links which do
not need them and thus controls which ports receive specific multicast traffic.
Greenfield: In wireless WLAN technology, greenfield mode is a feature of major components of
the 802.11n specification. The greenfield mode feature is designed to improve efficiency by
eliminating support for 802.11b/g devices in an all draft-n network. In greenfield mode the
network can be set to ignore all earlier standards.
RF on/off by schedule: Administrator can apply Time Policy to on or off wireless signal.
Location Tracking Log: The system can detect the signal strength of the wireless client
to determine the location of the Access Point and send to database.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

3.5.3 WMM Setup

This affects traffic flowing from the access point to the client station.
Configuring QoS options consists of setting parameters on existing queues for different types of
wireless traffic. You can configure different minimum and maximum wait times for the transmission
of packets in each queue based on the requirements of the media being sent. Queues automatically
provide minimum transmission delay for Voice, Video, multimedia, and mission critical applications,
and rely on best-effort parameters for traditional IP data.
As an Example, time-sensitive Voice & Video, and multimedia are given effectively higher priority for
transmission (lower wait times for channel access), while other applications and traditional IP data
which are less time-sensitive but often more data-intensive are expected to tolerate longer wait
times.
Please click on Wireless -> WMM Setup
V3.0
Data Transmitted
AP to Clients
AC Type
Queue
AC_BK Background Low High throughput. Bulk data that requires maximum
AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP
AC_VI Video High Minimum delay. Time-sensitive video data is
AC_VO Voice High Time-sensitive data like VoIP and streaming media
CWmin: Minimum Contention Window. This parameter is input to the algorithm that
determines the initial random backoff wait time ("window") for retry of a transmission. The
value specified here in the Minimum Contention Window is the upper limit (in milliseconds) of
a range from which the initial random backoff wait time is determined.
CWmax: Maximum Contention Window. The value specified here in the Maximum Contention
Window is the upper limit (in milliseconds) for the doubling of the random backoff value. This
Priority Description
throughput and is not time-sensitive is sent to this
queue (FTP data, for example).
data is sent to this queue.
automatically sent to this queue.
are automatically sent to this queue.
doubling continues until either the data frame is sent or the Maximum Contention Window size
is reached. Once the Maximum Contention Window size is reached, retries will continue until a
maximum number of retries allowed is reached. Valid values for the "cwmax" are 1, 3, 7, 15, 31,
63, 127, 255, 511, or 1024. The value for "cwmax" must be higher than the value for
"cwmin".
AIFS:The Arbitration Inter-Frame Spacing Number specifies a wait time (in milliseconds) for
data frames
TxOP Limit: Transmission Opportunity is an interval of time when a WME AP has the right to
initiate transmissions onto the wireless medium (WM). This value specifies (in milliseconds) the
Transmission Opportunity (TXOP) for AP; that is, the interval of time when the WMM AP has
the right to initiate transmissions on the wireless network.
ACM bit: Admission Control Mandatory, ACM only takes effect on AC_VI and AC_VO. When you
do not click Checkbox, it means that the ACM is controlled by the connecting AP. If you click
Checkbox, it means that the Client is in charge
No ACK policy bit: Acknowledgment Policy, WMM defines two ACK policies: Normal ACK and
No ACK. Click “Checkbox” indicates “No ACK
When the no acknowledgement (No ACK) policy is used, the recipient does not acknowledge
received packets during wireless packet exchange. This policy is suitable in the environment
where communication quality is fine and interference is weak.
V3.0
While the No ACK policy helps improve transmission efficiency, it can cause increased packet
loss when communication quality deteriorates. This is because when this policy is used, a
sender does not retransmit packets that have not been received by the recipient.
When the Normal ACK policy is used, the recipient acknowledges each received uncast packet.
Click “Save” button to save your set function. Then click “Reboot” button to activate your
changes.

3.5.4 WDS Setup

Please click on Wireless -> WDS Setup
The administrator can create WDS Links for expanding wireless
network via this page. When you enable “WDS” function in AP
Mode both Wireless and Ethernet user can connect your local
network at the same time through AP.
The WDS link supports 5G radio and can support VLAN tag pass
through
V3.0
WDS Setup: Administrator can select Enable or Disable.
Authentication: Administrator can use AES security.
WDS Client Setup: Administrator can used 5G for WDS Links. A Single Radio supports up to 8
WDS links.
VLAN Setup: The WDS aisle support Multi-tag VALN
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.

3.5.5 WDS Status

Displays 5G radio WDS link status through MAC and Date (TX/RX) Please click on Wireless -> WDS status
MAC AddressDisplay connected MAC Address.
Rate(TX/RX)Display Tx/Rx rate of the point to point
RSSI: Display signal connection value of RSSI
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

4. Client Bridge Mode

When Client Bridge is chosen, the system can be configured as a Client Bridge and support Repeater AP
function. This can setup VLAN and DHCP server in the system menu.
This section provides detailed explanation for users to configure in the Client Bridge Mode and Repeater AP
function with help of illustrations.

4.1 Configure LAN Setup

Here are the instructions for how to setup the local IP Address and Netmask. Please click on System ->
LAN and follow the below setting.
Mode: Administrator can select the IP used Static or Dynamic IP address.Static IP:
IP address: The IP address is 192.168.2.254
 Netmask: The default Netmask is 255.255.255.0
Gateway: The default Gateway IP Address is 192.168.2.1, Please check your Gateway IP and
change.
V3.0
DNS: Enter IP address of domain name service.
Primary DNS: The IP address of the primary DNS se rve r.
Secondary: The IP address of the secondary DNS server.
802.1d Spanning Tree :
The spanning tree network protocol provides a loop free topology for a bridged LAN between LAN
interface and 8 WDS interfaces from wds0 to wds7. The Spanning Tree Protocol, which is also
referred to as STP, is defined in the IEEE Standard 802.1d.
DHCP Forward: When the AP Mode device and Client Bridge AP are linked, and DHCP Service is
“Enabled”, the Client Bridge AP must also enable DHCP Forward to allow connecting clients to
receive the IP Address from the source AP (AP Mode Device). By default, DHCP Forward is
disabled in Client Bridge devices. This function must be enabled to allow clients connecting to
the Client Bridge device to receive IP Addresses from the source A P.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

4.2 Configure DHCP Setup

The DHCP Service function in the Client Bridge device can select a separate IP Address range within the
same network segment of the source AP, and allocate those IP Addresses to connecting clients.
Start IP / End IP: Specify the range of IP addresses to be used by the DHCP server when assigning IP
address to clients.
Netmask: The netmask default is 255.255.255.0.
Gateway: Enter source gateway IP address.
DNS1: Enter IP address of the first DNS server; this field is required.
DNS2: Enter IP address of the second DNS server; this is optional.
WINS IP: Enter IP address of the Windows Internet Name Service (WINS) server; this is optional.
Domain: Enter the domain name for this network.
Lease Time: The IP addresses given out by the DHCP server will only be valid for the duration
specified by the lease time. Increasing the time ensure client operation without interruptions, but
could introduce potential conflicts. Lowering the lease time will avoid potential address conflicts,
but might cause more interruptions to the client while it will acquire new IP addresses from the
DHCP server. Default is 86400 seconds
DHCP Clients List: When users link to CenOS 5.0 AP and use IP address of the DHCP service, the DHCP
Client List will display users the information and used IP address.
V3.0
IP Address: Display users used IP address.
MAC Address: Display MAC Address of users used device.
Expired: Display Lease expiration time of IP address.
Action: Kicked user button.
Static Lease IP Setup: Administrator can set as static IP address for users.
Comment: Enter description for the information.
IP Address: Set static IP address for users.
MAC Address: Set MAC address of user device.
Static Lease IP List: Display users list of static IP address.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

4.3 Wireless General Setup

The main setup Client Bridge connection to AP Station and Repeater AP functions setting, MAC filter,
WMM and 802.11r/802.11k Fast Roaming etc in wireless menu.
If want to use Repeater AP function then Clinet Bridge must determine
connection to Access Point then Repeater AP can operate normally.

4.3.1 Radio 0 Basic Setup

MAC Address: Display radio 1 use MAC address. Country: Administrator can select country used channel by US / EU and Taiwan. Band Mode: If Client Bridge want to use 5G link to Access Point then administrator can enable
the function (radio 1).
Auto Channel: Administrator can Enable or Disable the function. If select disable function the
WiFi channel can be fixed a channel.
Channel: Support US / EU / Taiwan country by 5G Channel.
Tx Power: Administrator can control the WiFi Tx output power. The power Max. Level 9.
V3.0
HT Physical Mode
TX/RX Stream: Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX. If
administratior adopt model is OW-200 A1 and select use 1Tx/1Rx funciton then please note
external N-type connector only one have signal output, as shown below.
Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually best. The other
option is available for special circumstances.
Shout GI: Short Guard Interval, by default, it's “Enable”. it's can increase throughput. However,
it can also increase error rate in some installations, due to increased sensitivity to
radio-frequency reflections. Select the option that works best for your installation.
Aggregation: By default, it's “Enable”. To “Disable” to deactivated Aggregation.
A part of the 802.11n standard (or draft-standard). It allows sending multiple frames per single
access to the medium by combining frames together into one larger frame. It creates the
larger frame by combining smaller frames with the same physical source and destination end
points and traffic class (i.e. QoS) into one large frame with a common MAC header.
Aggregation Frames: Set frames size of Aggregation, the size recommend use default value
is 32.
Aggregation Size: Set aggregation size, the size
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
recommends use default value is 500000.
V3.0

4.3.2 Advanced Setup

Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. The
default value is 100 msec.
Access Point (AP) in IEEE 802.11 will send out a special approximated 50-byte frame, called
“Beacon”. Beacon is broadcast to all the stations, provides the basic information of AP such as
SSID, channel, encryption keys, signal strength, time stamp, support data rate.
All the radio stations received beacon recognizes the existence of such AP, and may proceed
next actions if the information from AP matches the requirement. Beacon is sent on a periodic
basis, the time interval can be adjusted.
By increasing the beacon interval, you can reduce the number of beacons and associated
overhead, but that will likely delay the association and roaming process because stations
scanning for available access points may miss the beacons. You can decrease the beacon
interval, which increases the rate of beacons. This will make the association and roaming
process very responsive; however, the network will incur additional overhead and throughput
will go down.
DTIM Interval : The DTIM interval is in the range of 1~255. The default is 1.
DTIM is defined as Delivery Traffic Indication Message. It is used to notify the wireless stations,
which support power saving mode, when to wake up to receive multicast frame. DTIM is
necessary and critical in wireless environment as a mechanism to fulfill power-saving
synchronization.
A DTIM interval is a count of the number of beacon frames that must occur before the access
point sends the buffered multicast frames. For instance, if DTIM Interval is set to 3, then the
Wi-Fi clients will expect to receive a multicast frame after receiving three Beacon frame. The
higher DTIM interval will help power saving and possibly decrease wireless throughput in
multicast applications.
V3.0
Fragmentation Threshold: Fragmentation Threshold is one more parameter which is given in
all stations and Access points. Fine tuning Fragmentation Threshold parameter can result in
good throughput but not using it properly can results in low throughput. In simple words it
does the same thing which MTU do in Ethernet. Both are different parameters but the work
done is same , it fragments the data packets.
Fragmentation threshold will be used when we have more data packet size to be transmitted
and we have less fragment threshold value. Lets say from Ethernet we have to send 1400 byte
packet but the fragmentation threshold is set as 400. In this case when the packet is to be
transmitted on air it will fragment the packet in to 4 small packet 400+400+400+200 and send
on air.This includes MAC header+ frame body and CRC so 400 byte will be in total including
headers. This helps in increasing the throughput. The default is 2346.
RTS Threshold: TRTS Threshold is in the range of 1~2347 byte. The default is 2347 byte.
The main purpose of enabling RTS by changing RTS threshold is to reduce possible collisions
due to hidden wireless clients. RTS in AP will be enabled automatically if the packet size is
larger than the Threshold value. By default, RTS is disabled in a normal environment supports
non-jumbo frames.
Short Preamble: By default, it’s “Enable”. To Disable is to use Long 128-bit Preamble
Synchronization field.
The preamble is used to signal "here is a train of data coming" to the receiver. The short
preamble provides 72-bit Synchronization field to improve WLAN transmission efficiency with
less overhead.
IGMP Snooping: the process of listening to Internet Group Management Protocol (IGMP)
network traffic. The feature allows a network switch to listen in on the IGMP conversation
between hosts and routers. By listening to these conversations the switch maintains a map of
which links need which IP multicast streams. Multicasts may be filtered from the links which
do not need them and thus controls which ports receive specific multicast traffic.
Greenfield: In wireless WLAN technology, greenfield mode is a feature of major components
of the 802.11n specification. The greenfield mode feature is designed to improve efficiency
by eliminating support for 802.11b/g devices in an all draft-n network. In greenfield mode
the network can be set to ignore all earlier standards.
RF on/off by Schedule: When system enable and set time policy function then RF on/off can
apply time policy in the function.(
Time Policy function set please go to system  Time
Policy)
Location Tracking Log: This feature can provides information to third-party positioning
systems.
V3.0
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.

4.3.3 WMM Setup

His affects traffic flowing from the access point to the client station.
Configuring QoS options consists of setting parameters on existing queues for different types of
wireless traffic. You can configure different minimum and maximum wait times for the transmission
of packets in each queue based on the requirements of the media being sent. Queues automatically
provide minimum transmission delay for Voice, Video, multimedia, and mission critical applications,
and rely on best-effort parameters for traditional IP data.
As an Example, time-sensitive Voice & Video, and multimedia are given effectively higher priority
for transmission (lower wait times for channel access), while other applications and traditional IP
data which are less time-sensitive but often more data-intensive are expected to tolerate longer
wait times.
V3.0
Data Transmitted
AP to Clients
AC Type
Queue
AC_BK Background Low High throughput. Bulk data that requires maximum
AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data
AC_VI Video High Minimum delay. Time-sensitive video data is
AC_VO Voice High Time-sensitive data like VoIP and streaming media are
CWmin
Minimum Contention Window. This parameter is input to the algorithm that determines the
initial random backoff wait time ("window") for retry of a transmission. The value specified
here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from
which the initial random backoff wait time is determined.
CWmax:Maximum Contention Window. The value specified here in the Maximum Contention
Priority Description
throughput and is not time-sensitive is sent to this
queue (FTP data, for example).
is sent to this queue.
automatically sent to this queue.
automatically sent to this queue.
Window is the upper limit (in milliseconds) for the doubling of the random backoff value. This
doubling continues until either the data frame is sent or the Maximum Contention Window
size is reached. Once the Maximum Contention Window size is reached, retries will continue
until a maximum number of retries allowed is reached. Valid values for the "cwmax" are 1, 3, 7,
15, 31, 63, 127, 255, 511, or 1024. The value for "cwmax" must be higher than the value for
"cwmin".
AIFS:The Arbitration Inter-Frame Spacing Number specifies a wait time (in milliseconds) for
data frames
TxOP Limit:Transmission Opportunity is an interval of time when a WME AP has the right to
initiate transmissions onto the wireless medium (WM). This value specifies (in milliseconds)
the Transmission Opportunity (TXOP) for AP; that is, the interval of time when the WMM AP
has the right to initiate transmissions on the wireless network.
ACM bit:Admission Control Mandatory, ACM only takes effect on AC_VI and AC_VO. When
you do not click Checkbox, it means that the ACM is controlled by the connecting AP. If you
click Checkbox, it means that the Client is in charge
No ACK policy bitAcknowledgment Policy, WMM defines two ACK policies: Normal ACK and
No ACK. Click “Checkbox” indicates “No ACK
V3.0
When the no acknowledgement (No ACK) policy is used, the recipient does not acknowledge
received packets during wireless packet exchange. This policy is suitable in the environment
where communication quality is fine and interference is weak.
While the No ACK policy helps improve transmission efficiency, it can cause increased packet
loss when communication quality deteriorates. This is because when this policy is used, a
sender does not retransmit packets that have not been received by the recipient.
When the Normal ACK policy is used, the recipient acknowledges each received uncast
packet.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.

4.3.4 Station Setup

The functions setting functions include Client Bridge link to AP station. Administrator can used “site
survey” function to Search for AP stations.
MAC Address List: The function can discovery AP Station and select want to link the AP station,
please click site survey button.
Security: After site survey AP station complete will list all AP station, when click AP station
setup button then AP station information (ESSID/Security type) will display on page.
PassPhrase Settings: Administrator need manual set correct ESSID security/Cipher type and
pass phrase.
V3.0
If Security/Cipher selected or set PassPhrase is wrong, it will not be able to bridge normally.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.

4.3.5 Repeater AP Setup

Administrators can configure ESSID, SSID broadcasting, Maximum number of client associations.
1. If want to use Repeater AP function then Clinet Bridge must determine connection
to Access Point then Repeater AP can operate normally.
2. The default is enabling of Repeater AP. If want to used pure Client Bridge will can
disable it.
Access Point: Administrator can Enable or Disable the Repeater AP function.
ESSID: Enter the Repeater AP of ESSID name.
SSID Visibility: The default it’s Enable. When select Disable the SSID will not is discovered.
Client Isolation: This function is Disabled by default. All clients will be isolated from each other,
which mean they can’t reach each other.
Connection Limit: This function is Disabled by default. If select Enable, Administrator can limit
Wi-Fi users the Quantity.
Authentication: Select the desired security type from the drop-down list; the options are
WPA-PSK, WPA 2 -PSK, WPA/WPA2-Enterprise and WEP 802.1X.
Open System: Data are not unencrypted during transmission when this option is selected.
WPA/WPA2 Personal: WPA/WPA2 is short for W-Fi Protected Access-Pre-Shared Key.
WPA/WPA2 uses the same encryption way with WPA, and the only difference between
them is that WPA/WPA2 recreates a simple shared key, instead of using the user’s
certification.
V3.0
WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.
Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption
method.
AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a
number of repetitions of transformation rounds that convert the input plaintext into the
final output of ciphertext. Each round consists of several processing steps, including one
that depends on the encryption key. A set of reverse rounds are applied to transform
ciphertext back into the original plaintext using the same encryption key.
TKIP is short for “Temporal Key Integrity Protocol”, TKIP scrambles the keys using a
hashing algorithm and, by adding an integrity-checking feature, ensures that the keys
haven’t been tampered with.
Group Key Update Interval: This time interval for re-keying GTK (broadcast/multicast
encryption keys) in seconds. Enter the time-length required; the default time is 600
seconds.
Pass Phrase: Enter the ESSID pass phrase.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

4.3.6 MAC Filter Setup

Administrator can setup allow or reject WiFi clients (MAC address) to access Repeater AP.
Rule: Select the desired access control type from the drop-down list; the options are Disable,
Allow or Reject.
Only Allow List MAC: Define certain wireless clients in the list which will have granted
access to the Access Point while the access will be denied for all the remaining clients –
Action Type is set to “Only Allow List MAC”.
Only Deny List MAC: Define certain wireless clients in the list which will have denied
access to the Access Point while the access will be granted for all the remaining clients -
Action Type is set to “Only Deny List MAC”.
MAC Address: Enter MAC Address for WiFi Clients.
MAC Address List: Display the MAC address of WiFi Clients.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

4.3.7 802.11r Fast Roaming Setup

The system support 802.11r/802.11k function for 5G radio. 802.11r, which is the IEEE
standard for fast roaming, introduces a new concept of roaming where the initial
handshake with the new AP is done even before the client roams to the target AP.
Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the
same SSID) between which a STA can use Fast BSS Transition. Please enter 2-octet identifier as
a hex string.
R0 Key Lifetime: Default lifetime of the PMK-RO in minutes, the default is 10000,
administrator can setting 1~65535.
Reassoc deadline: Reassociation deadline in time units (TUs / 1.024 ms; range 1000~65535).
The default is 1000.
R0/NAS Identifier: PMK-R0 Key Holder identifier. When using IEEE 802.11r, nas_identifier
must be set and must be between 1 and 48 octets long.
R1 Identifier: PMK-R1 Key Holder identifier 6-octet identifier as a hex string.
R1 Push: Administrator can select Enable or disable. If enable the function will automatically
sent the R1 Key.
R0 Key Address:
To enable roaming between multiple AP devices, AP1 must key in the MAC Address of AP2, and AP2
must key in the MAC Address of AP1. The NAS Identifier and 128-bit Key should be identical in both
AP settings. This will enable device roaming between the two Access Points.
V3.0
MAC Address: Enter must key in the MAC Address of other AP
NAS Identifier: Enter 1~48 octets of network domain name.
128-bit Key: Enter
R0 Key Holder List:
After setting "R0 Key holders" function the information will appear in list.
R1 Key Holder List:
Enter a unified set of R1 Key Holder identification certification.
MAC Address: Enter the main roaming device MAC address
Shared Key of 128 bit.
R1 Identifier: Enter Shared identifier.
128-bit Key: Enter Shared Key of 128 bit.
R1 Key Holder List:
After setting "R1 Key holders" function the information will appear in list.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5. WISP Mode

WISP Mode is a router function, if the Telecom company permits wireless
connection to their WAN, administrators can change the CenOS 5.0 AP to
WISP Mode to connect to the wifi network.
The WISP Mode support PPPoE / Static IP / Dynamic IP and PPTP for
WAN, and support Repeater AP function.

5.1 Configure WAN Setup

There are four connection types for the WAN port: Static IP, Dynamic IP, PPPoE and PPTP. Please click
on System -> WAN and follow the below setting.
WAN Setting
Static IP: Users can manually setup the WAN IP address with a static IP provided by WISP.
IP Address: The IP address of the WAN port.
IP Netmask: The Subnet mask of the WAN port.
IP Gateway: The default gateway of the WAN port.
Dynamic IP: Please consult with WISP for correct wireless settings to associate with WISP AP
before a dynamic IP, along with related IP settings. If IP Address is not assigned, please double
check with your wireless settings and ensure successful association. Also, you may go to
WAN Information” in the Overview page to click Release button to release IP address and
click Renew button to renew IP address again.
V3.0
Hostname : The Hostname of the WAN port
PPPoE : To create wireless PPPoE WAN connection to a PPPoE server in network.
User Name : Enter User Name for PPPoE connection
Password : Enter Password for PPPoE connection
MTU: By default, MTU is set to 1492 bytes. MTU stands for Maximum Transmission Unit.
Consult with WISP for a correct MTU setting.
Reconnect Mode: Administrator can select three function for Always On / On Demand /
Manual.
Always on – A connection to Internet is always maintained.
On Demand – A connection to Internet is made as needed.
When Time Server is enabled at the “On Demand” mode, the “Reconnect Mode” will
turn out “Always on”.
Manual – Click the “Connect” button on “WAN Information” in the Overview page to
connect to the Internet.
V3.0
PPTP: The Point-to-Point Tunneling Protocol (PPTP) mode enables the implementation of
secure multi-protocol Virtual Private Networks (VPNs) through public networks.
User Name: Enter account for PPTP.
Password: Enter user name account used password for PPTP.
PPTP Server IP: Enter remote IP address of PPTP Server.
WAN IP: The IP address of the WAN port.
Netmask: The Subnet mask of the WAN port.
MTU: By default, it’s 1460 bytes. MTU stands for Maximum Transmission Unit. Consult
with WISP for a correct MTU setting.
MPPE40/128: Microsoft Point-to-Point Encryption (MPPE) encrypts data in Point-to-Point
Protocol (PPP)-based dial-up connections or Point-to-Point Tunneling Protocol (PPTP)
virtual private network (VPN) connections. 128-bit key (strong) and 40-bit key (standard)
MPPE encryption schemes are supported. MPPE provides data security for the PPTP
connection that is between the VPN client and the VPN server.
Reconnect Mode: Administrator can select three function for Always On / On Demand /
Manual.
Always on – A connection to Internet is always maintained.
On Demand – A connection to Internet is made as needed.
When Time Server is enabled at the “On Demand” mode, the “Reconnect Mode” will
turn out “Always on”.
V3.0
Manual – Click the “Connect” button onWAN Information” in the Overview page to
connect to the Internet.
MAC Clone
The MAC address is a 12-digit HEX code uniquely assigned to hardware as identification. Some
ISPs require you to register a MAC address in order to access to Internet. If not, you could use
default MAC or clone MAC from a PC.
Default MAC Address: Keep the default MAC address of WAN port on the system.
Manual MAN Address: Enter the MAC address registered with your ISP.
DNS
Check “No Default DNS Server” or “Specify DNS Server IP” radial button as desired to set up
system DNS.
Primary DNS: The IP address of the primary DNS server.
Secondary DNS: The IP address of the secondary DNS server.
NAT
The NAT support Enable and Disable Service
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5.2 Configure LAN Setup

Here are the instructions for how to setup the local IP Address and Netmask. Please click on System ->
LAN and follow the below setting.
IP Setup: The administrator can manually setup the LAN IP address.
IP Address : The IP address of the LAN port; default IP address is 192.168.2.254
IP Netmask : The Subnet mask of the LAN port; default Netmask is 255.255.255.0
802.1d Spanning Tree : The spanning tree network protocol provides a loop free topology for a
bridged LAN between LAN interface and 8 WDS interfaces from wds0 to wds7. The Spanning Tree
Protocol, which is also referred to as STP, is defined in the IEEE Standard 802.1d
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.

5.3 Configure DHCP Server

The DHCP Service function in the Client Bridge device can select a separate IP Address range within the
same network segment of the source AP, and allocate those IP Addresses to connecting clients.
V3.0
Start IP / End IP: Specify the range of IP addresses to be used by the DHCP server when assigning IP
address to clients.
Netmask: The netmask default is 255.255.255.0.
Gateway: Enter source gateway IP address.
DNS1: Enter IP address of the first DNS server; this field is required.
DNS2: Enter IP address of the second DNS server; this is optional.
WINS IP: Enter IP address of the Windows Internet Name Service (WINS) server; this is optional.
Domain: Enter the domain name for this network.
Lease Time: The IP addresses given out by the DHCP server will only be valid for the duration
specified by the lease time. Increasing the time ensure client operation without interruptions, but
could introduce potential conflicts. Lowering the lease time will avoid potential address conflicts,
but might cause more interruptions to the client while it will acquire new IP addresses from the
DHCP server. Default is 86400 seconds
DHCP Clients List: When users link to the CenOS 5.0 AP and use IP address of the DHCP service, the
DHCP Client List will display users the information and used IP address.
IP Address: Display users used IP address.
MAC Address: Display MAC Address of users used device.
Expired: Display Lease expiration time of IP address.
Action: Kicked user button.
V3.0
Static Lease IP Setup: Administrator can set as static IP address for users.
Comment: Enter description for the information.
IP Address: Set static IP address for users.
MAC Address: Set MAC address of user device.
Static Lease IP List: Display users list of static IP address.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.

5.4 Wireless General Setup

The main setup Client Bridge connection to AP Station and Repeater AP functions setting, MAC filter,
WMM and 802.11r/802.11k Fast Roaming etc in wireless menu.
If want to use Repeater AP function then Clinet Bridge must determine
connection to Access Point then Repeater AP can operate normally.
V3.0

5.4.1 Radio 0 Basic Setup

MAC Address: Display radio 1 use MAC address. Country: Administrator can select country used channel by US / EU and Taiwan. Band Mode: Administrator can select 5G Band for 802.11a/n or 802.11ac. The default is
802.11ac
Auto Channel: Administrator can Enable or Disable the function. If select disable function the
WiFi channel can be fixed a channel.
Channel: Support US / EU / Taiwan country by 5G Channel.
Tx Power: Administrator can control the WiFi Tx output power. The power Max. Level 9.
HT Physical Mode
V3.0
TX/RX Stream: Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX. If
administratior adopt model is OW-200 A1 and select use 1Tx/1Rx funciton then please note
external N-type connector only one have signal output, as shown below.
Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually best. The other
option is available for special circumstances.
Shout GI: Short Guard Interval, by default, it's “Enable”. it's can increase throughput. However,
it can also increase error rate in some installations, due to increased sensitivity to
radio-frequency reflections. Select the option that works best for your installation.
Aggregation: By default, it's “Enable”. To “Disable” to deactivated Aggregation.
A part of the 802.11n standard(or draft-standard). It allows sending multiple frames per single
access to the medium by combining frames together into one larger frame. It creates the
larger frame by combining smaller frames with the same physical source and destination end
points and traffic class (i.e. QoS) into one large frame with a common MAC header.
Aggregation Frames: Set frames size of Aggregation, the size recommend use default value
is 32.
Aggregation Size: Set aggregation size, the size
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
recommends use default value is 500000.
V3.0

5.4.2 Advanced Setup

Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. The
default value is 100 msec.
Access Point (AP) in IEEE 802.11 will send out a special approximated 50-byte frame, called
“Beacon”. Beacon is broadcast to all the stations, provides the basic information of AP such as
SSID, channel, encryption keys, signal strength, time stamp, support data rate.
All the radio stations received beacon recognizes the existence of such AP, and may proceed
next actions if the information from AP matches the requirement. Beacon is sent on a periodic
basis, the time interval can be adjusted.
By increasing the beacon interval, you can reduce the number of beacons and associated
overhead, but that will likely delay the association and roaming process because stations
scanning for available access points may miss the beacons. You can decrease the beacon
interval, which increases the rate of beacons. This will make the association and roaming
process very responsive; however, the network will incur additional overhead and throughput
will go down.
DTIM Interval : The DTIM interval is in the range of 1~255. The default is 1.
DTIM is defined as Delivery Traffic Indication Message. It is used to notify the wireless stations,
which support power saving mode, when to wake up to receive multicast frame. DTIM is
necessary and critical in wireless environment as a mechanism to fulfill power-saving
synchronization.
A DTIM interval is a count of the number of beacon frames that must occur before the access
point sends the buffered multicast frames. For instance, if DTIM Interval is set to 3, then the
Wi-Fi clients will expect to receive a multicast frame after receiving three Beacon frame. The
higher DTIM interval will help power saving and possibly decrease wireless throughput in
multicast applications.
V3.0
Fragmentation Threshold: Fragmentation Threshold is one more parameter which is given in
all stations and Access points. Fine tuning Fragmentation Threshold parameter can result in
good throughput but not using it properly can results in low throughput. In simple words it
does the same thing which MTU do in Ethernet. Both are different parameters but the work
done is same , it fragments the data packets.
Fragmentation threshold will be used when we have more data packet size to be transmitted
and we have less fragment threshold value. Lets say from Ethernet we have to send 1400 byte
packet but the fragmentation threshold is set as 400. In this case when the packet is to be
transmitted on air it will fragment the packet in to 4 small packet 400+400+400+200 and send
on air.This includes MAC header+ frame body and CRC so 400 byte will be in total including
headers. This helps in increasing the throughput. The default is 2346.
RTS Threshold: TRTS Threshold is in the range of 1~2347 byte. The default is 2347 byte.
The main purpose of enabling RTS by changing RTS threshold is to reduce possible collisions
due to hidden wireless clients. RTS in AP will be enabled automatically if the packet size is
larger than the Threshold value. By default, RTS is disabled in a normal environment supports
non-jumbo frames.
Short Preamble: By default, it’s “Enable”. To Disable is to use Long 128-bit Preamble
Synchronization field.
The preamble is used to signal "here is a train of data coming" to the receiver. The short
preamble provides 72-bit Synchronization field to improve WLAN transmission efficiency with
less overhead.
IGMP Snooping: the process of listening to Internet Group Management Protocol (IGMP)
network traffic. The feature allows a network switch to listen in on the IGMP conversation
between hosts and routers. By listening to these conversations the switch maintains a map of
which links need which IP multicast streams. Multicasts may be filtered from the links which
do not need them and thus controls which ports receive specific multicast traffic.
Greenfield: In wireless WLAN technology, greenfield mode is a feature of major components
of the 802.11n specification. The greenfield mode feature is designed to improve efficiency
by eliminating support for 802.11b/g devices in an all draft-n network. In greenfield mode
the network can be set to ignore all earlier standards.
RF on/off by Schedule: When system enable and set time policy function then RF on/off can
apply time policy in the function.(
Time Policy function set please go to system  Time
Policy)
Location Tracking Log: This feature can provides information to third-party positioning
systems.
V3.0
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.

5.4.3 WMM Setup

His affects traffic flowing from the access point to the client station.
Configuring QoS options consists of setting parameters on existing queues for different types of
wireless traffic. You can configure different minimum and maximum wait times for the transmission
of packets in each queue based on the requirements of the media being sent. Queues automatically
provide minimum transmission delay for Voice, Video, multimedia, and mission critical applications,
and rely on best-effort parameters for traditional IP data.
As an Example, time-sensitive Voice & Video, and multimedia are given effectively higher priority
for transmission (lower wait times for channel access), while other applications and traditional IP
data which are less time-sensitive but often more data-intensive are expected to tolerate longer
wait times.
V3.0
Data Transmitted
AP to Clients
AC Type
Queue
AC_BK Background Low High throughput. Bulk data that requires maximum
AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP
AC_VI Video High Minimum delay. Time-sensitive video data is
AC_VO Voice High Time-sensitive data like VoIP and streaming media
CWmin
Minimum Contention Window. This parameter is input to the algorithm that determines the
initial random backoff wait time ("window") for retry of a transmission. The value specified
here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from
which the initial random backoff wait time is determined.
CWmax:Maximum Contention Window. The value specified here in the Maximum Contention
Priority Description
throughput and is not time-sensitive is sent to this
queue (FTP data, for example).
data is sent to this queue.
automatically sent to this queue.
are automatically sent to this queue.
Window is the upper limit (in milliseconds) for the doubling of the random backoff value.
This doubling continues until either the data frame is sent or the Maximum Contention
Window size is reached. Once the Maximum Contention Window size is reached, retries will
continue until a maximum number of retries allowed is reached. Valid values for the "cwmax"
are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1024. The value for "cwmax" must be higher than the
value for "cwmin".
AIFS:The Arbitration Inter-Frame Spacing Number specifies a wait time (in milliseconds) for
data frames
V3.0
TxOP Limit:Transmission Opportunity is an interval of time when a WME AP has the right to
initiate transmissions onto the wireless medium (WM). This value specifies (in milliseconds)
the Transmission Opportunity (TXOP) for AP; that is, the interval of time when the WMM AP
has the right to initiate transmissions on the wireless network.
ACM bit:Admission Control Mandatory, ACM only takes effect on AC_VI and AC_VO. When
you do not click Checkbox, it means that the ACM is controlled by the connecting AP. If you
click Checkbox, it means that the Client is in charge
No ACK policy bitAcknowledgment Policy, WMM defines two ACK policies: Normal ACK and
No ACK. Click “Checkbox” indicates “No ACK
When the no acknowledgement (No ACK) policy is used, the recipient does not acknowledge
received packets during wireless packet exchange. This policy is suitable in the environment
where communication quality is fine and interference is weak.
While the No ACK policy helps improve transmission efficiency, it can cause increased packet
loss when communication quality deteriorates. This is because when this policy is used, a
sender does not retransmit packets that have not been received by the recipient.
When the Normal ACK policy is used, the recipient acknowledges each received uncast
packet.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5.4.4 Station Setup

The functions setting functions include Client Bridge link to AP station. Administrator can used “site
survey” function to Search for AP stations.
MAC Address List: The function can discovery AP Station and select want to link the AP station,
please click site survey button.
Security: After site survey AP station complete will list all AP station, when click AP station
setup button then AP station information (ESSID/Security type) will display on page.
PassPhrase Settings: Administrator need manual set correct ESSID security/Cipher type and
pass phrase.
If Security/Cipher selected or set PassPhrase is wrong, it will not be able to bridge normally.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5.4.5 Repeater AP Setup

Administrators can configure ESSID, SSID broadcasting, Maximum number of client associations.
1. If want to use Repeater AP function then Clinet Bridge must determine connection
Access Point: Administrator can Enable or Disable the Repeater AP function.
ESSID: Enter the Repeater AP of ESSID name.
SSID Visibility: The default it’s Enable. When select Disable the SSID will not is discovered.
Client Isolation: This function is Disabled by default. All clients will be isolated from each other,
to Access Point then Repeater AP can operate normally.
2. The default is enabling of Repeater AP. If want to used pure Client Bridge will can
disable it.
which mean they can’t reach each other.
Connection Limit: This function is Disabled by default. If select Enable, Administrator can limit
Wi-Fi users the Quantity.
Authentication: Select the desired security type from the drop-down list; the options are
WPA-PSK, WPA2-PSK, WPA/WPA2-Enterprise and WEP 802.1X.
Open System: Data are not unencrypted during transmission when this option is selected.
WPA/WPA2 Personal: WPA/WPA2 is short for W-Fi Protected Access-Pre-Shared Key.
WPA/WPA2 uses the same encryption way with WPA, and the only difference between
them is that WPA/WPA2 recreates a simple shared key, instead of using the user’s
certification.
V3.0
WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.
Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption
method.
AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a
number of repetitions of transformation rounds that convert the input plaintext into the
final output of ciphertext. Each round consists of several processing steps, including one
that depends on the encryption key. A set of reverse rounds are applied to transform
ciphertext back into the original plaintext using the same encryption key.
TKIP is short for “Temporal Key Integrity Protocol”, TKIP scrambles the keys using a
hashing algorithm and, by adding an integrity-checking feature, ensures that the keys
haven’t been tampered with.
Group Key Update Interval: This time interval for re-keying GTK (broadcast/multicast
encryption keys) in seconds. Enter the time-length required; the default time is 600
seconds.
Pass Phrase: Enter the ESSID pass phrase.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5.4.6 MAC Filter Setup

Administrator can setup allow or reject WiFi clients(MAC address) to access Repeater AP.
Rule: Select the desired access control type from the drop-down list; the options are Disable,
Allow or Reject.
Only Allow List MAC: Define certain wireless clients in the list which will have granted
access to the Access Point while the access will be denied for all the remaining clients –
Action Type is set to “Only Allow List MAC”.
Only Deny List MAC: Define certain wireless clients in the list which will have denied
access to the Access Point while the access will be granted for all the remaining clients -
Action Type is set to “Only Deny List MAC”.
MAC Address: Enter MAC Address for WiFi Clients.
MAC Address List: Display the MAC address of WiFi Clients.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5.4.7 802.11r Fast Roaming Setup

The system support 802.11r/802.11k function for 5G radio. 802.11r, which is the IEEE
standard for fast roaming, introduces a new concept of roaming where the initial
handshake with the new AP is done even before the client roams to the target AP.
Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the
same SSID) between which a STA can use Fast BSS Transition. Please enter 2-octet identifier as
a hex string.
R0 Key Lifetime: Default lifetime of the PMK-RO in minutes, the default is 10000,
administrator can setting 1~65535.
Reassoc deadline: Reassociation deadline in time units (TUs / 1.024 ms; range 1000~65535).
The default is 1000.
R0/NAS Identifier: PMK-R0 Key Holder identifier. When using IEEE 802.11r, nas_identifier
must be set and must be between 1 and 48 octets long.
R1 Identifier: PMK-R1 Key Holder identifier 6-octet identifier as a hex string.
R1 Push: Administrator can select Enable or disable. If enable the function will automatically
sent the R1 Key.
R0 Key Address:
To enable roaming between multiple AP devices, AP1 must key in the MAC Address of AP2, and AP2
must key in the MAC Address of AP1. The NAS Identifier and 128-bit Key should be identical in both
AP settings. This will enable device roaming between the two Access Points.
V3.0
MAC Address: Enter must key in the MAC Address of other AP
NAS Identifier: Enter 1~48 octets of network domain name.
128-bit Key: Enter
R0 Key Holder List:
After setting "R0 Key holders" function the information will appear in list.
R1 Key Holder List:
Enter a unified set of R1 Key Holder identification certification.
MAC Address: Enter the main roaming device MAC address
Shared Key of 128 bit.
R1 Identifier: Enter Shared identifier.
128-bit Key: Enter Shared Key of 128 bit.
R1 Key Holder List:
After setting "R1 Key holders" function the information will appear in list.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5.5 Advanced Setup

Administrator can set basic routing security functions, including DMZ / IP and MAC filtering / virtual
servers and access control management (basic firewall rules) in Advance memu.

5.5.1 DMZ

DMZ is commonly work with the NAT functionality as an alternative of Virtual Server(Port
Forwarding) while wanting all ports of DMZ host visible to Internet users. Virtual Server rules have
precedence over the DMZ rule. In order to use a range of ports available to access to different
internal hosts Virtual Server rules are needed.
Automatic Assignment: Enter Internal IP address of DMZ host and only one DMZ host is
supported.
Internal IP Address: Enter Virtual IP for service device.
Static Assignment: Enter external and internal IP address of DMZ host. The function only
external IP to Internal IP address
External IP Address: Enter external IP address
Internal IP Address: Enter Virtual IP for service device.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5.5.2 IP Filter

Can allow or deny filter ingress or egress packets from specific source and/or to destination IP
address on wired (LAN) or Wireless (WAN) ports. Filter rules could be used to filter unicast or
multicast packets on different protocols as shown in the IP Filter Setup. Important to note that IP
filter rules has precedence over Virtual server rules. Total of 20 rules maximum allowed in the IP
Filter List. All rules can be edited or removed from the List.
Please click Edit button to setting IP filter.
Active: Administrator can select Enable or Disable the service.
Comment: Enter the description of IP filter rule.
Policy: Administrator can select the IP flow rule of Deny or Pass.
In/ Out: Administrator can select the IP flow rule of In/out bound.
Protocol: Set used service Port of TCP, UDP or ICMP.
Source Address/Mask: Enter desired source IP address and netmask. i.e. 192.168.2.10/32 or
192.168.2.10/255.255.255.0
Source Port: Enter a port or a range of ports as start:end. i.e. port 20:80
Destination Address/Mask: Enter desired destination IP address and netmask. i.e.
192.168.1.10/32 or 192.168.2.10/255.255.255.0
Destination Port: Enter a port or a range of ports as start:end. i.e. port 20:80
Listen: Select Enable radial button to match TCP packets only with the SYN flag.
V3.0
All packets are allowed by default. Deny rules could be added to the filter list to filter
Interface: The interface that a filter rule applies.
Schedule: Can choose to use rule by “Time Policy”.
out unwanted packets and leave remaining allowed.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.

5.5.3 MAC Filter

Allows creating MAC filter rules to allow or deny unicast or multicast packets from limited number
of MAC addresses. Important and must note. That MAC filter rules have precedence over IP Filter
rules.
Mode: Administrator can select Deny or Allow.
Deny: The MAC Filter List will be denied to access (LAN to WAN). Others will be allowed.
Allow: The MAC Filter List will be allowed to access (LAN to WAN). Others will be denied.
 Comment: Enter the description of MAC filter rule.
MAC Address: Enter MAC address (e.g. aa:bb:cc:00:00:0a) and click “Add” button, then the
MAC address should display in the MAC Filter List.
Policy: Administrator can select to use rule by “Time Policy”.
Click “Save” button to save your set function. Then click “Reboot” button to activate your changes.
V3.0

5.5.4 Virtual Server

The “Virtual Server” can also referred to as “Port Forward” as well and used interchangeably.
Resources in the network can be exposed to the Internet users in a controlled manner including
on-line gaming, video conferencing or others via Virtual Server setup. Don’t repeat ports’ usage to
avoid confusion.
Suppose you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), and
port 80 to another (B in the example). You assign the LAN IP addresses and the ISP assigns the WAN
IP address. The NAT network appears as a single host on the Internet.
Please click Edit button to setting Virtual Server rules.
Active: Administrator can select Virtual server rule to Enable or disable.
Comment: Enter the description of virtual server rule.
Protocol: Administrator can select service protocol of TCP or UDP.
Public Port: Enter service port No. for public.
V3.0
Private IP Address: Enter corresponding IP address for internal.
Private Port: Enter internal service port No. for private.
Schedule : Administrator can select to used rule of “Time Policy”
Click “Save” button to save your set function. Then click “Reboot” button to activate your
changes.

5.5.5 Access Control

The Access Control function administrator can to block or allow specific kinds of TCP/UDP/ICMP
protocol, such as Internet access, designated services, and websites. The Access Control function
can set 20 profiles.
Please click on Advance -> Access Control and follow the below setting.
#
Display access control list.
Active
Comment: Display information for the rule.
Protocol
Edit
Display Active or InActive for the access control rule.
Display information for the protocol.
Administrator can click the button to set Access Control rule.
V3.0
# Access control rules
Active
Comment
Protocol
Administrator can select Enable or Disable for the Access control rule.
Administrator can enter comment for the role.
Administrator can to select management protocol by TCP/UDP/ICMP/Content
Filter/Application and Domain Filter.
ANY: Select "Any" is all deny Protocol, administrator can filter local IP / IP range go to
destination IP / IP range and use protocol.
TCP: Deny TCP Protocol, Administrator can set TCP protocol and assign IP / IP range.
UDP: Deny UDP Protocol, Administrator can set UDP protocol and assign IP / IP range.
ICMP: Deny ICMP Protocol, Administrator can assign IP / IP range.
Content Filter: Administrator can set web Keyword to filter.
Application: System built-in multiple applications data, Administrator can select
application data to filter.
Domain: Administrator can set domain name to filter.
Schedule
The rule can apply Time Policy.
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use