Cerio CW-400NAc User Manual
  1. Manuals
  2. Brands
  3. Cerio Manuals
  4. Wireless Access Point
  5. CW-400NAC
  6. User manual

Cerio CW-400NAc User Manual

Extreme power ac1200 2.4 ghz/5 ghz ceilling/wall point access point (800mw)
Hide thumbs Also See for CW-400NAc:
Table of Contents

Advertisement

Quick Links

CERIO Corporation
CW-400NAC
eXtreme Power AC1200 2.4GHz / 5GHz 2x2 Ceiling / Wall
PoE Access Point ( 800mW )
CenOS5.0 User Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the CW-400NAc and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Cerio CW-400NAc

Summary of Contents for Cerio CW-400NAc

  • Page 1 CERIO Corporation CW-400NAC eXtreme Power AC1200 2.4GHz / 5GHz 2x2 Ceiling / Wall PoE Access Point ( 800mW ) CenOS5.0 User Manual...

  • Page 2: Table Of Contents

    Introduction ............................5 Overview ........................... 5 Software Configuration ....................7 Login CW-400NAC Web Page..................11 Software Setting ........................... 12 Operating Mode Introduction ..................12 Access Point mode ........................15 Select AP Mode ......................15 VLAN Setup ........................16 Network Button ..................... 17 3.2.1...
  • Page 3 WMM Setup ......................51 3.6.4 WDS Setup ......................53 3.6.5 CAP Mode ............................56 System VLAN Setup..................... 56 AP Control ........................58 # Centralized Management APs operating Instructions: ..........59 Scan Device ......................59 4.2.1 Batch Setup ......................60 4.2.2 AP Setup .........................
  • Page 4 DMZ ........................108 6.5.1 IP Filter ........................109 6.5.2 MAC Filter ......................110 6.5.3 Virtual Server ....................... 111 6.5.4 Access Control ....................113 6.5.5 Time Policy ......................114 6.5.6 Router Made ..........................116 Configure WAN Setup ....................116 Configure LAN Setup....................120 Network Button ....................

  • Page 5: Introduction

    800mW (2.4GHZ) / 500mW (5GHZ) eXtreme power and 4 Omni directional antennas (2 x 2.4GHz & 2 x 5GHz ). CW-400NAC supports safe ceiling and wall mounting through its mounting bracket lock design. Users must use a thin tool to properly remove the device from its installation location, which ultimately reduces device theft as well as damage.
  • Page 6 Traffic Monitoring / Status Overview and more. CAP Mode also allows users to limit client access and bandwidth to effectively load balance the network. Cerio’s innovative AAP design allows users to create customized login pages (Captive Portal) for user authentication. This not only provides a platform for marketing, but also provides a security barrier by allowing clients to use third-party credentials such as Facebook and Google to login into the network.

  • Page 7: Software Configuration

     IP Segment Set-up for Administrator's PC/NB Set the IP segment of the administrator's computer to be in the same range as CW-400NAC for accessing the system. Do not duplicate the IP Address used here with IP Address of CW-400NAC or any other device within the network.
  • Page 8 Step 1 : Please click on the computer icon in the bottom right window, and click “Open Network and Sharing Center” Step 2 : In the Network and Sharing Center page, Please click on the left side of “Change adapter setting”...
  • Page 9 Step 3 : In “Change adapter setting” Page. Please find Local LAN and Click the right button on the mouse and Click “Properties” Step 4 : In “Properties” page, please Click “Properties” button to TCP/IP setting...
  • Page 10 Step 5 : In Properties page to setting IP address, please find “Internet Protocol Version 4 (TCP/IPv4)” and double click or click “Install” button. Double click Step 6 : Select “Use the following IP address”, and fix in IP Address : 192.168.2.# ex.

  • Page 11: Login Cw-400Nac Web Page

    WMI (https://192.168.2.254). There will be a “Certificate Error”, because the browser treats system as an illegal website. 1.3 Login CW-400NAC Web Page  Launch Web Browser Launch as web browser to access the web management interface of system by entering the default IP Address, http://192.168.2.254, in the URL field, and then press Enter.

  • Page 12: Software Setting

    2. Software Setting 2.1 Operating Mode Introduction CERIO CW-400NAC eXtreme Power 11n Dual Band 2x2 Ceiling / Wall PoE Access Point with CenOS5.0 software supports four operational modes: Access Point Mode, Control Access Point Mode, Client Bridge Mode, and WISP Mode. It utilizes built-in remote...
  • Page 13 Access Point Mode (Supports AP+WDS Mode)  It can be deployed as a traditional fixed wireless Access Point  It allow wireless clients or Stations ( STA ) to access  Supports DHCP Service, allowing for automated assigning of IP addresses to clients connecting to the network ...
  • Page 14 WISPs deliver wireless broadband Internet service to residents and business customers  In the WISP (CPE) mode, CW-400NAC is a gateway enabled with NAT and DHCP Server functions. The wired clients connected to DT-300N are in different subnet from those connected to Main Base Station, and, in WISP (CPE) mode, it does not accept wireless association from wireless clients.

  • Page 15: Access Point Mode

    3. Access Point mode When AP mode is chosen, the system can be configured as an Access Point. This section provides detailed explanation for users to configure in the AP mode with help of illustrations. In the AP mode, functions listed in the table below are also available from the Web-based GUI interface. 3.1 Select AP Mode The system administrator can set the desired mode via this page, and then configure the system according to their deployment needs.

  • Page 16: Vlan Setup

    3.2 VLAN Setup Here are the instructions to setup the local IP Address / Netmask / Gateway / DNS and management Access Point 2.4G or 5G Radio on/off. Administrators can change settings such as LAN Spanning Tree and Tag VLAN functions. ...

  • Page 17: Network Button

     NetMask:Display IP netmask.  Radio 0:Display radio 2.4G SSID name.  Radio 1:Display radio 5G SSID name.  Action:The button can set VLAN network functions and radio functions. 3.2.1 Network Button Administrator can click button to set VLAN network functions. ...

  • Page 18: Network Pull-Down Menu

     Control Port:Administrator can select one of the VLAN as managed AP.  IAPP:Administrator can select radio 2.4G or 5G for IAPP roaming.(the IAPP condition must use WPA2-PSK Wi-Fi security and AES algorithm) 3.2.2 Network Pull-down menu Administrator can set DHCP Server and 2.4/5G security for the access point and set 802.11r fast roaming.
  • Page 19  Start IP : Set Start IP for DHCP Service.  End IP : Set End IP for DHCP Service.  Netmask: Set IP Netmask, the default is 255.255.255.0  Gateway: Set Gateway IP for DHCP Service.  DNS(1-2) IP : Set DNS IP for DHCP Service. ...

  • Page 20: Radio 0/1 Access Point

    # Radio 0/1 Access Point Administrator can Enable or Disable radio 0/1 (2.4/5G) Wi-Fi, if enable radio 0/1 (2.4/5G) administrator can set SSID and security for the 2.4/5G access point.  Access Point: Administrator can Enable or Disable the radio 0 (2.4G). ...
  • Page 21  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method. AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext.

  • Page 22: Mac Filter

     Key Size: Check on the respected button to enable either 64bits or 128bits key length. The system will automatically generate WEP keys for encryption.  Radius Server: Enter the IP address of the Authentication RADIUS server.  Radius Port: The port number used by Authentication RADIUS server.

  • Page 23: R/802.11K Fast Roaming

    # 802.11r/802.11k Fast Roaming The dual band Access Point supports 802.11r/802.11k function for 2.4G and 5G radio. 802.11r, which is the IEEE standard for fast roaming, introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP. ...
  • Page 24  MAC Address: Administrators must enter the MAC Address of other AP  NAS Identifier: Enter 1~48 octets of network domain name. Shared Key of 128 bit.  128-bit Key: Enter R0 Key Holder List: After setting "R0 Key holders" function the information will appear in list. R1 Key Holder List: Enter a unified set of R1 Key Holder identification certification.

  • Page 25: Authentication

    Click “Save” button to save your changes. Then click Reboot button to activate your changes. Authentication The function is for Web Authentication. It supports authentication for local users / RADIUS Server / OAuth2.0 and Guest. The system support 16 VLAN with web authentication. Please click on System ->...

  • Page 26: Authentication Button

     #:Display 16 VLAN number.  VLAN Mode:Displays VLAN on/off status. whether  Authentication:Displays VLAN# enable or disable web authentication.  Action:The function has 2 buttons (Authentication and Dropdown) # Authentication Button: :By clicking the Authentication button, administrator can enable or disable this function.

  • Page 27: Authentication Dropdown Button

     RADIUS:Authentication support remote RADIUS Server. Administrator can enter security information for remote RADIUS Server.  Bandwidth Control:Administrator can be control traffic by Users or total. # Authentication Dropdown Button :By Clicking the Dropdown button, Administrators can set authentication functions. 3.3.1 Guest Administrator can enable or disable guest authentication.

  • Page 28: Local User

     Service:Administrator can select enable or disable this function.  Login Type :  One Time: Login to start counting until the end of time.  Multiple Times: logout time will stop counting until the next re-login to time start counting.

  • Page 29: Oauth2.0

    3.3.3 OAuth2.0 The OAuth2.0 function supports Facebook and Google by default. Users can add additional OAuth2.0 servers through UI settings.  #:Display items.  Active:Display on/off status for authentication.  Provider:Display authentication server. The system default use authentication server for Google and Facebook for Google OAuth2.0 setup ※...
  • Page 30 Step.3 Select web application in the “Application Type” section and set “Restrictions” URL.
  • Page 31 Step.4 Set Authorized JavaScript origins and Authorized redirect URLs (important) Administrator must set login URL in the device function. After complete set of login URL go to the “Restrictions” function in web page. Follow the steps below to set login URLs ...

  • Page 32: Sample For Facebook Oauth2.0 Setup

    Step.5 After completing the “Restrictions” setup, click the create button. A OAuth Client page will pop-up with your “client ID” and “client secret”. Administrators must copy and paste their client ID and secret into the OAuth 2.0 Setup page in our software UI. Save and reboot the AP system, complete the setup.
  • Page 33 Step.2 Select WWW function Step.3 Administrator must set www for your information. Step.4 Please click “Setting” and add Platform...
  • Page 34 Step.5 Select Platform for “Website” Step.6 Enter URL is http://domain0.login.com/login/index.cgi?cgi=CALLBACK Administrator must set login URL in the device function. After complete set of login URL go to the “Facebook function in web page. Follow the steps below to set Site URL” login URLs ...
  • Page 35 After complete set of login URL go to the “Facebook Site URL” function in web page. Copy and paste the login URL from the system display into the “ Site URL” page on the Facebook website. Step.7 Click Advanced function to enable the “Native or desktop app?”...

  • Page 36: Pop3/Imap Server

    Client ID and Client Secret setup by third parties such as Facebook and Google are subject to change. The instructions above follow the 2016 setup procedure. Any future changes to the Facebook/Google process may lead to our instructions becoming invalid. 3.3.4 PoP3/IMAP Server Web Login authentication for pop3/imap server.

  • Page 37: Customize Page

    3.3.5 Customize Page This function is to customized the user Login Page. This supports Multiple Language and allows comprehensive customization through HTML editting. Page Setup  Template:Administrator can select Enable or disable.  Select enable to active default Login Page ...
  • Page 38 Sample: See sample login page below that is customized by html coding (sample login page html code templates are available on Cerio website) The following function is by Template Enable  Multiple Language:Administrator can select enable or disable multiple language for login page.

  • Page 39: Language

    3.3.6 Language Administrator can create other language for login page. 3.3.7 Walled Garden This function provides certain free services or advertisement web pages for users to access the websites listed before login and authentication. User without the network access right can still have a chance to experience the actual network service free of charge in Walled Garden URL list.

  • Page 40: Bulk Mac Address

     Device Name: Enter Device or Users Name.  IP Address: Enter used IP Address of Device or Users PC.  MAC Address: Enter MAC Address of Device or Users PC. 3.3.9 Bulk MAC Address The function is MAC whitelist. Administrator can upload batch MAC address Upload MAC whitelist file extension must use csv file.

  • Page 41: Radius Server

    RADIUS Server The function is 802.1x RADIUS Server. Administrator can enable or disable Server.  Please click on System RADIUS Server 3.5 Radius Account Setup When enabled RADIUS Server, administrator can add RADIUS account and password in the function. But also can recover or backup the RADIUS account...

  • Page 42: Wireless Basic Setup

     User Name:Create users name for RADIUS account.  Password:Enter password for user name.  Export User File:Administrator can export account list in RADIUS Server.  Import From PC:Administrator can import account list to the RADIUS Server. Click “Save” button to save your set function. Then click Reboot button to activate your changes. 3.6 Wireless Basic Setup This section includes the main base station setup procedures for 2.4G / 5G Wifi functions、Wi-Fi Advanced setup、WMM、WDS and WDS Status...
  • Page 43  MAC Address: Display 2.4G WiFi MAC address.  Country: Administrator can select country: US or EU or Taiwan.  Band Mode: Administrator can select 802.11b/g/n for the 2.4G Band.  Auto Channel: Administrator can Enable or Disable the function. If disabled, the WiFi channel will be fixed to the manually selected channel.
  • Page 44 Slot Time and ACK Timeout settings are for long distance links. It is important to tweak settings to achieve the optimal result based on requirement. HT Physical Mode  TX/RX Stream: The CW-400NAC utilizes 2 antenna and supports 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.

  • Page 45: Radio 1 Basic Setup (5G)

     Channel Bandwidth: The "20/40” MHz option is usually best. The other option is available for special circumstances.  Extension Channel: Sets channel select to Upper or Lower. The Upper supports 1 to 7 range CH and Lower supports 5 to 11 range CH. ...
  • Page 46  MAC Address: Display 2.4G WiFi MAC address.  Country: Administrator can select country: US or EU or Taiwan.  Band Mode: Administrator can select 5G Band for 802.11a/n or 802.11ac. The default is 802.11ac  Auto Channel: Administrator can Enable or Disable the function. If select disabled function the WiFi channel can be manually fixed.
  • Page 47 Slot Time and ACK Timeout settings are for long distance links. It is important to tweak settings to achieve the optimal result based on requirement. HT Physical Mode  TX/RX Stream: The CW-400NAC utilizes 2 antennas and supports 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.

  • Page 48: Advanced Setup

     Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually the best. The other option is available for special circumstances.  Shout GI: Short Guard Interval is “Enabled” by default to increase throughput. However, it can also increase error rate in some installations, due to increased sensitivity to radio-frequency reflections.
  • Page 49  Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. The default value is 100 msec. Access Point (AP) in IEEE 802.11 will send out a special approximated 50-byte frame, called “Beacon”. Beacon is broadcast to all the stations, provides the basic information of AP such as SSID, channel, encryption keys, signal strength, time stamp, support data rate.
  • Page 50 frame. The higher DTIM interval will help power saving and possibly decrease wireless throughput in multicast applications.  Fragmentation Threshold: Fragmentation Threshold is one more parameter which is given in all stations and Access points. Fine tuning Fragmentation Threshold parameter can result in good throughput but not using it properly can results in low throughput.

  • Page 51: Wmm Setup

    3.6.4 WMM Setup This affects traffic flowing from the access point to the client station. Configuring QoS options consists of setting parameters on existing queues for different types of wireless traffic. You can configure different minimum and maximum wait times for the transmission of packets in each queue based on the requirements of the media being sent.
  • Page 52  AC Type: Data Queue Transmitted Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data is sent to this queue.

  • Page 53: Wds Setup

     TxOP Limit:Transmission Opportunity is an interval of time when a WME AP has the right to initiate transmissions onto the wireless medium (WM). This value specifies (in milliseconds) the Transmission Opportunity (TXOP) for AP; that is, the interval of time when the WMM AP has the right to initiate transmissions on the wireless network.。...
  • Page 54  WDS Setup: Administrator can select Enable or Disable.  Authentication: Administrator can use AES security.  WDS Client Setup: Administrator can used 2.4G or 5G for WDS Links. A Single Radio supports up to 8 WDS links.  VLAN Setup: The WDS aisle support Multi-tag VALN...

  • Page 55: Wds Status

    3.6.6 WDS Status Displays 2.4G and 5G radio WDS link status through MAC and Date (TX/RX) Please click on Wireless -> WDS status...

  • Page 56: Cap Mode

    4. CAP Mode The CAP mode itself isn’t an Access Point. This mode is primarily to control all the managed AP. 4.1 System VLAN Setup Setup Control AP of LAN or VLAN IP Address, Gateway, DNS and Ethernet Tag etc. Please click on System ->...
  • Page 57  #:Display VLAN No.  VLAN Mode:Display on /off line status for the VLAN mode  IP Address:Display IP address for the VLAN mode.  NetMask:Display netmask for the VLAN mode.  Action:Administrator can set VLAN IP、Radio 2.4 or 5G on/off、Spanning tree、IAPP and VLAN tag.

  • Page 58: Ap Control

     ETH0:Administrator select Enable/disable the Ethernet port.  VLAN Tag:Administrator can set Tag ID for the Ethernet port.  Set Gateway / DNS address functions.  Gateway: The default Gateway IP Address is 192.168.2.1, Please check your Gateway IP and change. ...

  • Page 59: Centralized Management Aps Operating Instructions

    # Centralized Management APs operating Instructions: 1) Click “Scan Device” to discover Access Points in the network architecture. 2) Set IP address for all managed Access Points and reboot managed Access Points. 3) Re-Scan managed APs and Import to databases. 4) Centralize managed AP settings by clicking “AP control”...

  • Page 60: Batch Setup

     VLAN# : Administrator can select VLAN network to discovery managed Aps  Default Password: Set login system password by managed Aps.  Sort: Administrator can select discovery managed Aps Type. (IP or MAC)  #: Display managed APs items. ...
  • Page 61  LAN:When VLAN Tag function is enabled (please refer to 4.1 System VLAN Setup), administrator can change VLAN tag for managed APs.  Group:When AP Groups are created (please refer to 4.2.4 Group setup), Administrators can select and change group settings of managed APs. ...
  • Page 62  VLAN Mode:Administrator can enable or disable VLAN mode of the managed APs.  Access Point0/1:Administrator can enable or disable 2.4 or 5G radio of the managed APs. (Access Point 0 is radio 2.4G, Access Point 1 is radio 5G) ...

  • Page 63: Ap Setup

     VAP Setup:Wi-Fi SSID / channel or security settings for managed APs. (Please refer to 3.2.3 Configure Radio 0/1)  Upgrade via TFTP Server: Administrator can centrally upgrade firmware via TFTP Server for the managed APs.  Upgrade via HTTP Server: Administrator can centrally upgrade firmware via HTTP Server for the managed APs.

  • Page 64: Group Setup

    4.2.4 Group Setup Administrator can create Groups within the same VLAN.  VLAN:Select VLAN.  Create New Group:Click the button to create a new AP Group  Device button:Administrator can select managed APs and import them into the Group. 4.2.5 Map Setup The Map Setup feature allows administrators to upload a floor plan image to a web server, then use the image URL to import the map into the AP user interface.
  • Page 65  Map Name:Enter map name.  Image URL:Paste Map image url  Description:Enter the description for the map. After the Map URL setup confirmation, please reboot the system. :Once the Map is created and properly in the Map List, administrators can click the “Layout”...

  • Page 66: Authentication Profile

    View:Once complete, administrators can click the “View” button to monitor AP statuses and locations. 4.2.6 Authentication Profile Administrator can pre-set authentication conditions in the profile, the authentication set can refer 3.3 Authentication.  Create New Profile:Administrator can create authentication profile. ...

  • Page 67: Client Bridge Mode

    4.2.7 Status Administrator can monitor Tx/Rx flow information, show online users and check system CPU / Memory information and on/off line for the managed APs. The information data display support graphical interface. 5. Client Bridge Mode When Client Bridge is chosen, the system can be configured as a Client Bridge and support Repeater AP function.

  • Page 68: Configure Lan Setup

    If Client Bridge used 2.4G radio link to AP station, the Repeater AP only used 5G radio. So Client Bridge used 5G radio link to AP station, the Repeater AP only used 2.4G radio. 5.1 Configure LAN Setup Here are the instructions for how to setup the local IP Address and Netmask. Please click on System ->...
  • Page 69  Primary DNS: The IP address of the primary DNS server.  Secondary: The IP address of the secondary DNS server.  802.1d Spanning Tree : The spanning tree network protocol provides a loop free topology for a bridged LAN between LAN interface and 8 WDS interfaces from wds0 to wds7.

  • Page 70: Configure Dhcp Setup

    5.2 Configure DHCP Setup The DHCP Service function in the Client Bridge device can select a separate IP Address range within the same network segment of the source AP, and allocate those IP Addresses to connecting clients.  Start IP / End IP: Specify the range of IP addresses to be used by the DHCP server when assigning IP address to clients.
  • Page 71 DHCP Clients List: When users link CW-400NAC and use IP address of the DHCP service, the DHCP Client List will display users the information and used IP address.  IP Address: Display users used IP address.  MAC Address: Display MAC Address of users used device.

  • Page 72: Wireless General Setup

    5.3 Wireless General Setup The main setting for Client Bridge mode link to AP Station, Repeater AP functions setting, MAC filter, WMM and 802.11r/802.11k Fast Roaming etc. 5.3.1 Radio 0(2.4G) Basic Setup Administrator can change the data transmission, channel and output power settings for the system.
  • Page 73 HT Physical Mode  TX/RX Stream: CW-400NAC utilizes 2 antennas, supporting 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.  Channel Bandwidth: The "20/40” MHz option is usually best. The other option is available for special circumstances.

  • Page 74: Radio 1(5G) Basic Setup

    HT Physical Mode  TX/RX Stream: The CW-400NAC utilizes 2 antenna and supports 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.  Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually best. The other...

  • Page 75: Advanced Setup

     Shout GI: Short Guard Interval, by default, it's “Enable”. it's can increase throughput. However, it can also increase error rate in some installations, due to increased sensitivity to radio-frequency reflections. Select the option that works best for your installation. ...
  • Page 76  Slot Time : Slot time is in the range of 9~1489 and set in unit of microsecond. The default value is 9 microsecond. Slot time is the amount of time a device waits after a collision before retransmitting a packet. Reducing the slot time decreases the overall back-off, which increases throughput.
  • Page 77  Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. The default value is 100 msec. Access Point (AP) in IEEE 802.11 will send out a special approximated 50-byte frame, called “Beacon”. Beacon is broadcast to all the stations, provides the basic information of AP such as SSID, channel, encryption keys, signal strength, time stamp, support data rate.

  • Page 78: Wmm Setup

     RTS Threshold: TRTS Threshold is in the range of 1~2347 byte. The default is 2347 byte. The main purpose of enabling RTS by changing RTS threshold is to reduce possible collisions due to hidden wireless clients. RTS in AP will be enabled automatically if the packet size is larger than the Threshold value.
  • Page 79  AC Type: Data Queue Transmitted Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data is sent to this queue.

  • Page 80: Station Setup

     CWmax:Maximum Contention Window. The value specified here in the Maximum Contention Window is the upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached.

  • Page 81: Repeater Ap Setup

    The functions setting functions include Client Bridge link to AP station. Administrator can used “site survey” function to Search for AP stations.  MAC Address List : The function main discovery AP Station and select want to link the AP station.
  • Page 82  SSID Visibility: The default it’s Enable. When select Disable the SSID will not is discovered.  Client Isolation: This function is Disabled by default. All clients will be isolated from each other, which mean they can’t reach each other. ...

  • Page 83: Mac Filter

     Group Key Update Interval: This time interval for re-keying GTK (broadcast/multicast encryption keys) in seconds. Enter the time-length required; the default time is 600 seconds.  Pass Phrase: Enter the ESSID pass phrase.  WPS: Administrator can used WPS function link WiFi client, if select enable the function, WPS Push Button.

  • Page 84: R/802.11K Fast Roaming

     Rule: Select the desired access control type from the drop-down list; the options are Disable, Allow or Reject.  Only Allow List MAC: Define certain wireless clients in the list which will have granted access to the Access Point while the access will be denied for all the remaining clients –...
  • Page 85  Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the same SSID) between which a STA can use Fast BSS Transition. Please enter 2-octet identifier as a hex string.  R0 Key Lifetime: Default lifetime of the PMK-RO in minutes, the default is 10000, administrator can setting 1~65535.
  • Page 86 R0 Key Holder List: After setting "R0 Key holders" function the information will appear in list. R1 Key Holder List: Enter a unified set of R1 Key Holder identification certification.  MAC Address: Enter the main roaming device MAC address ...

  • Page 87: Wisp Mode

    WISP Mode is a router function, if the Telecom company permits wireless connection to their WAN, administrators can change CW-400NAC to WISP Mode to connect to the wifi network. The WISP Mode support PPPoE / Static IP / Dynamic IP and PPTP for WAN, and support Repeater AP function.
  • Page 88  Dynamic IP : Please consult with WISP for correct wireless settings to associate with WISP AP before a dynamic IP, along with related IP settings. If IP Address is not assigned, please double check with your wireless settings and ensure successful association. Also, you may go to “WAN Information”...
  • Page 89  Manual – Click the “Connect” button on “WAN Information” in the Overview page to connect to the Internet.  PPTP : The Point-to-Point Tunneling Protocol (PPTP) mode enables the implementation of secure multi-protocol Virtual Private Networks (VPNs) through public networks. ...
  • Page 90 When Time Server is enabled at the “On Demand” mode, the “Reconnect Mode” will turn out “Always on”.  Manual – Click the “Connect” button on “WAN Information” in the Overview page to connect to the Internet.  MAC Clone The MAC address is a 12-digit HEX code uniquely assigned to hardware as identification.

  • Page 91: Configure Lan Setup

    6.2 Configure LAN Setup Here are the instructions for how to setup the local IP Address and Netmask. Please click on System -> LAN and follow the below setting. IP Setup : The administrator can manually setup the LAN IP address. ...
  • Page 92 IP addresses from the DHCP server. Default is 86400 seconds DHCP Clients List: When users link CW-400NAC and use IP address of the DHCP service, the DHCP Client List will display users the information and used IP address. ...

  • Page 93: Wireless General Setup

     Expired: Display Lease expiration time of IP address.  Action: Kicked user button. Static Lease IP Setup: Administrator can set as static IP address for users.  Comment: Enter description for the information.  IP Address: Set static IP address for users. ...

  • Page 94: Radio 0(2.4G) Basic Setup

    %) for your environment. If you are not sure which setting to choose, then keep the default setting level 9 (100%). HT Physical Mode  TX/RX Stream: CW-400NAC utilizes 2 antennas, supporting 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.  Channel Bandwidth: The "20/40”...

  • Page 95: Radio 1(5G) Basic Setup

     Extension Channel: Set channel select of Upper or Lower, the Upper support 1 to 7 range CH and Lower support 5 to 11 range CH.  MCS: This parameter represents transmission rate. By default (Auto) the fastest possible transmission rate will be selected. You have the option of selecting the speed if necessary. ...
  • Page 96 HT Physical Mode  TX/RX Stream: The CW-400NAC utilizes 2 antenna and supports 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.  Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually best. The other option is available for special circumstances.

  • Page 97: Advanced Setup

    6.4.3 Advanced Setup The administrator can change the Slot Time, ACK Timeout, RTS threshold and fragmentation threshold settings for the system.  Slot Time : Slot time is in the range of 9~1489 and set in unit of microsecond. The default value is 9 microsecond.
  • Page 98 All data transmission in 802.11b/g request an “Acknowledgement” (ACK) send by receiving radio. The transmitter will resend the original packet if correspondent ACK failed to arrive within specific time interval, also refer to as “ACK Timeout”. ACK Timeout is adjustable due to the fact that distance between two radio links may vary in different deployment.
  • Page 99 A DTIM interval is a count of the number of beacon frames that must occur before the access point sends the buffered multicast frames. For instance, if DTIM Interval is set to 3, then the Wi-Fi clients will expect to receive a multicast frame after receiving three Beacon frame.

  • Page 100: Wmm Setup

    6.4.4 WMM Setup His affects traffic flowing from the access point to the client station. Configuring QoS options consists of setting parameters on existing queues for different types of wireless traffic. You can configure different minimum and maximum wait times for the transmission of packets in each queue based on the requirements of the media being sent.
  • Page 101  AC Type: Data Queue Transmitted Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data is sent to this queue.

  • Page 102: Station Setup

    When the no acknowledgement (No ACK) policy is used, the recipient does not acknowledge received packets during wireless packet exchange. This policy is suitable in the environment where communication quality is fine and interference is weak. While the No ACK policy helps improve transmission efficiency, it can cause increased packet loss when communication quality deteriorates.

  • Page 103: Repeater Ap Setup

     Security/ PassPhrase Settings: If link as AP station the AP station have used security, administrator can select AP station used authentication mode and enter password in the functions. 6.4.6 Repeater AP Setup Administrators can configure ESSID, SSID broadcasting, Maximum number of client associations.
  • Page 104  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method. AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext.

  • Page 105: Mac Filter

     Radius Port: The port number used by Authentication RADIUS server. Use the default 1812 or enter port number specified.  Radius Secret: The secret key for system to communicate with Authentication RADIUS server. Support 1 to 64 characters. 6.4.7 MAC Filter The administrator can allow or reject WiFi clients to access AP.

  • Page 106: R/802.11K Fast Roaming

    6.4.8 802.11r/802.11k Fast Roaming 802.11r/802.11k function for 2.4G and 5G radio. 802.11r, which is the The system support IEEE standard for fast roaming, introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP. ...
  • Page 107  MAC Address: Enter must key in the MAC Address of other AP  NAS Identifier: Enter 1~48 octets of network domain name. Shared Key of 128 bit.  128-bit Key: Enter R0 Key Holder List: After setting "R0 Key holders" function the information will appear in list. R1 Key Holder List: Enter a unified set of R1 Key Holder identification certification.

  • Page 108: Configure Advanced Setup

    6.5 Configure Advanced Setup 6.5.1 DMZ DMZ is commonly work with the NAT functionality as an alternative of Virtual Server(Port Forwarding) while wanting all ports of DMZ host visible to Internet users. Virtual Server rules have precedence over the DMZ rule. In order to use a range of ports available to access to different internal hosts Virtual Server rules are needed.

  • Page 109: Ip Filter

    6.5.2 IP Filter Allows to create deny or allow rules to filter ingress or egress packets from specific source and/or to destination IP address on wired (LAN) or Wireless (WAN) ports. Filter rules could be used to filter unicast or multicast packets on different protocols as shown in the IP Filter Setup. Important to note that IP filter rules has precedence over Virtual server rules.

  • Page 110: Mac Filter

     Schedule : Can choose to use rule by “Time Policy”. All packets are allowed by default. Deny rules could be added to the filter list to filter out unwanted packets and leave remaining allowed. When you create rules in the IP Filter List, the prior rules maintain higher priority. To allow limited access from a subnet to a destination network manager needs to create allow rules first and followed by deny rules.

  • Page 111: Virtual Server

     Mode: Administrator can select Deny or Allow.  Deny: The MAC Filter List will be denied to access (LAN to WAN). Others will be allowed.  Allow: The MAC Filter List will be allowed to access (LAN to WAN). Others will be denied.
  • Page 112 Please click Edit button to setting Virtual Server rules.  Active: Administrator can select Virtual server rule to Enable or disable.  Comment: Enter the description of virtual server rule.  Protocol: Administrator can select service protocol of TCP or UDP. ...

  • Page 113: Access Control

    6.5.5 Access Control The Access Control function administrator can to block or allow specific kinds of TCP/UDP/ICMP protocol, such as Internet access, designated services, and websites. The Access Control function can set 20 profiles. Please click on Advance -> Access Control and follow the below setting. ...

  • Page 114: Time Policy

     ANY:Select "Any" is all deny Protocol, administrator can filter local IP / IP range go to destination IP / IP range and use protocol.  TCP:Deny TCP Protocol, Administrator can set TCP protocol and assign IP / IP range. ...
  • Page 115  Comment: Enter the description of Time Policy rule.  Mode: Administrator can select On schedule or Out of schedule to execution the rules. Create New Policy button: Administrator can set time for week / start time and end time. Click “Save”...

  • Page 116: Router Made

    7. Router Made When Router AP mode is chosen, the system can be configured as an Router AP mode. This section provides detailed explanation for users to configure in the Router AP mode with help of illustrations. In the Router AP mode, functions listed in the table below are also available from the Web-based GUI interface.
  • Page 117 WAN Setting  Static IP : Users can manually setup the WAN IP address with a static IP provided by WISP.  IP Address : The IP address of the WAN port.  IP Netmask : The Subnet mask of the WAN port. ...
  • Page 118  User Name : Enter User Name for PPPoE connection  Password : Enter Password for PPPoE connection  MTU : By default, MTU is set to 1492 bytes. MTU stands for Maximum Transmission Unit. Consult with WISP for a correct MTU setting. ...
  • Page 119  MTU : By default, it’s 1460 bytes. MTU stands for Maximum Transmission Unit. Consult with WISP for a correct MTU setting.  MPPE40/128: Microsoft Point-to-Point Encryption (MPPE) encrypts data in Point-to-Point Protocol(PPP)-based dial-up connections or Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) connections. 128-bit key (strong) and 40-bit key (standard) MPPE encryption schemes are supported.

  • Page 120: Configure Lan Setup

     The NAT support Enable and Disable Service 7.2 Configure LAN Setup Here are the instructions to setup the local IP Address / Netmask / Gateway / DNS and management Access Point 2.4G or 5G Radio on/off. Administrators can change settings such as LAN Spanning Tree and Tag VLAN functions.

  • Page 121: Network Button

    7.2.1 Network Button Administrator can click button to set VLAN network functions.  VLAN Mode:Administrator can select Enable or disable for the VLAN Network. The VLAN list at least one must is enable.  IP Mode:Administrator can select enable or disable function for VLAN IP. ...

  • Page 122: Network Pull-Down Menu

    7.2.2 Network Pull-down menu Administrator can set DHCP Server and 2.4/5G security for the access point and set 802.11r fast roaming. Please click pull-down button. # DHCP Server Administrator can select enable / disable the function  Start IP : Set Start IP for DHCP Service. ...

  • Page 123: Radio 0/1 Access Point

     WINS IP : Enter IP address of the Windows Internet Name Service (WINS) server; this is optional.  Domain : Enter the domain name for this network.  Lease Time : The IP addresses given out by the DHCP server will only be valid for the duration specified by the lease time.
  • Page 124  Access Point: Administrator can Enable or Disable the radio 0 (2.4G).  ESSID: Administrator can set Wi-Fi SSID name for the 2.4G.  SSID Visibility: Administrator can select Enable or Disable the Visibility.  Client Isolation: Enable or Disable the client isolation function. ...
  • Page 125  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method. AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext.

  • Page 126: Mac Filter

     Key Size: Check on the respected button to enable either 64bits or 128bits key length. The system will automatically generate WEP keys for encryption.  Radius Server: Enter the IP address of the Authentication RADIUS server.  Radius Port: The port number used by Authentication RADIUS server.

  • Page 127: R/802.11K Fast Roaming

    # 802.11r/802.11k Fast Roaming The dual band Access Point supports 802.11r/802.11k function for 2.4G and 5G radio. 802.11r, which is the IEEE standard for fast roaming, introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP. ...
  • Page 128  MAC Address: Administrators must enter the MAC Address of other AP  NAS Identifier: Enter 1~48 octets of network domain name. Shared Key of 128 bit.  128-bit Key: Enter R0 Key Holder List: After setting "R0 Key holders" function the information will appear in list. R1 Key Holder List: Enter a unified set of R1 Key Holder identification certification.

  • Page 129: Wireless Basic Setup

    7.3 Wireless Basic Setup This section includes the main base station setup procedures for 2.4G / 5G Wifi functions、Wi-Fi Advanced setup、WMM、WDS and WDS Status 7.3.1 Radio 0 Basic Setup (2.4G) General setup  MAC Address: Display 2.4G WiFi MAC address. ...
  • Page 130  Channel: Administrator can select 1 to 11 CH. The Channel settings can be changed in “HT Physical Mode” ” Extension Channel” can select Upper or Lower channels.  Tx Power: Administrator can control the WiFi Tx output power. The power Max. Level 9. ...
  • Page 131 HT Physical Mode  TX/RX Stream: The OW-400-A2 utilizes 2 antenna and supports 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.  Channel Bandwidth: The "20/40” MHz option is usually best. The other option is available for special circumstances.

  • Page 132: Radio 1 Basic Setup (5G)

    7.3.2 Radio 1 Basic Setup (5G) General Setup  MAC Address: Display 2.4G WiFi MAC address.  Country: Administrator can select country: US or EU or Taiwan.  Band Mode: Administrator can select 5G Band for 802.11a/n or 802.11ac. The default is 802.11ac ...
  • Page 133  Slot Time : Slot time is in the range of 9~1489 and set in unit of microsecond. The default value is 9 microsecond. Slot time is the amount of time a device waits after a collision before retransmitting a packet. Reducing the slot time decreases the overall back-off, which increases throughput.
  • Page 134 HT Physical Mode  TX/RX Stream: The OW-400-A2 utilizes 2 antennas and supports 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.  Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually the best. The other option is available for special circumstances.

  • Page 135: Advanced Setup

    7.3.3 Advanced Setup The administrator can change the Slot Time, ACK Timeout, RTS threshold and fragmentation threshold settings for the system. Please click on Wireless -> Advanced Setup and follow the below setting.  Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. The default value is 100 msec.
  • Page 136 By increasing the beacon interval, you can reduce the number of beacons and associated overhead, but that will likely delay the association and roaming process because stations scanning for available access points may miss the beacons. You can decrease the beacon interval, which increases the rate of beacons.

  • Page 137: Wmm Setup

     IGMP Snooping: The process of listening to Internet Group Management Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams.
  • Page 138  WMM: Administrator can select Enable or Disable the services of WMM.  AC Type: Data Queue Transmitted Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example).
  • Page 139  CWmin: Minimum Contention Window. This parameter is input to the algorithm that determines the initial random backoff wait time ("window") for retry of a transmission. The value specified here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random backoff wait time is determined.

  • Page 140: System Management

    System Management 8.1 Configure system management Administrators can specify geographical location of the system via instructions in this page and modify system login password and select use system login protocol by 80, 443, 23, 22 Port. The management page adds LED control on/off and system auto reboot function. ...
  • Page 141  Auto Reboot: The functions can Auto-reboot the system by Date/time management.  Daily: Setting time to system reboot.  Weekly : Setting frequency (ex. Weekly) and time of system reboot  Monthly : Setting Every month, fixed date and time to system reboot Click “Save”...

  • Page 142: Configure Time Server

    8.2 Configure Time Server Administrator can select manual or via a NTP server to modify system time for the right local time. If select update the system time for manual, when administrator reboot system the system time will reply default. If select update the system time for the NTP Server, system must set gateway and DNS server, the system can be connected internet.

  • Page 143: Control Poe Bridge

    8.3 Control PoE Bridge This device supports Cerio's smart PoE Bridge function. Enabling PoE Bridge function will allow this device to provide PoE power to subsequent standard PD devices such Cerio APs or as IP Cameras.  PoE Bridge: Administrator can select Enable or Disable.

  • Page 144: Utilities

     RO username: Set a community string to authorize read-only access.  Ro password: Set a password to authorize read-only access.  RW username: Set a community string to authorize read/write access.  RW password: Set a password to authorize read/write access. SNMP Trap Events such as cold start interface up &...
  • Page 145  Save Settings to PC : Click Save button to save the current configuration to a local disk.  Load Settings from PC: Click Browse button to locate a configuration file to restore, and then click Upload button to upload. ...

  • Page 146: System Upgrade

    9.2 System Upgrade Firmware is the main software image that system needs to respond to requests and to manage real time operations. Firmware upgrades are sometimes required to include new features or bugs fix. It takes around 2 minutes to upgrade due to complexity of firmware. To upgrade system firmware, click Browse button to locate the new firmware, and then click Upgrade button to upgrade.

  • Page 147: Network Utility

     Traceroute: Allows tracing the hops from the CW-400NAC device to a selected outgoing IP address. It should be used for the finding the route taken by ICMP packets across the network to the destination host. The test is started using the Start button, click Stop button to stopped test.

  • Page 148: Status

    10. Status 10.1 Overview Detailed information on System, Network can be reviewed via this page. 10.2 Wireless Client The page can be display Wireless user information link to access point. Administrator can monitor MAC address / rate and RSSI for the wireless users.

  • Page 149: Online Users By Captive Portal

    10.3 Online Users by Captive Portal The status can display online users by Captive Portal. Administrator can monitor user’s login / logout time and account type for the authentication account.  VALN#:Display VLAN number.  Authentication:Display Captive Portal authentication function is on/off in the VLANs. ...

  • Page 150: Authentication Log

    10.4 Authentication Log The authentication log can monitor account login/logout type and account use time. 10.5 System Log The system log displays system events when system is up and running. Also, it becomes very useful as a troubleshooting tool when issues are experienced in system. ...
  • Page 151 Appendix A. WEB GUI Valid Characters Table B WEB GUI Valid Characters Block Field Valid Characters IP Address IP Format; 1-254 IP Netmask 128.0.0.0 ~ 255.255.255.252 IP Gateway IP Format; 1-254 Primary DNS IP Format; 1-254 Secondary DNS IP Format; 1-254 Hostname Length : 32 0-9, A-Z, a-z...
  • Page 152 Table B WEB GUI Valid Characters (continued) Block Field Valid Characters Management System Name/ Location Length : 32 0-9, A-Z, a-z Space ~ ! @ # $ % ^ * ( ) _ + - { } | : < > ? [ ] / ; ` , . = Description 32 chars Password...
  • Page 153 Table B WEB GUI Valid Characters (continued) Block Field Valid Characters Virtual AP Setup ESSID Length : 31 Space 0-9, A-Z, a-z ~ ! @ # $ % ^ * ( ) _ + - { } | : < > ? [ ] / ; ` , . = Maximum Clients 1 ~ 32 VLAN ID...

Table of Contents