1. Manuals
  2. Brands
  3. Cerio Manuals
  4. Wireless Access Point
  5. OW-400-A2
  6. Manual

Cerio OW-400-A2 Manual

Hide thumbs Also See for OW-400-A2:
Table of Contents

Advertisement

Quick Links

Download this manual
CERIO Corporation
OW-400-A2
eXtreme Power AC1200 2.4GHz / 5GHz 2x2 Ceiling / Wall
PoE Access Point ( 800mW )
CenOS5.0 User Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the OW-400-A2 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Cerio OW-400-A2

Summary of Contents for Cerio OW-400-A2

  • Page 1 CERIO Corporation OW-400-A2 eXtreme Power AC1200 2.4GHz / 5GHz 2x2 Ceiling / Wall PoE Access Point ( 800mW ) CenOS5.0 User Manual...

  • Page 2: Table Of Contents

    Introduction ............................5 Overview ........................... 5 Software Configuration ....................7 Login OW-400-A2 Web Page ..................11 Software Setting ........................... 12 Operating Mode Introduction ..................12 Access Point mode ........................16 Select AP Mode ......................16 VLAN Setup ........................16 3.2.1 Network Button .....................
  • Page 3 CAP Mode ............................55 System VLAN Setup..................... 55 AP Control ........................57 # Centralized Management APs operating Instructions: ..........57 4.2.1 Scan Device ......................58 4.2.2 Batch Setup ......................59 4.2.3 AP Setup ......................... 62 4.2.4 Group Setup ......................62 4.2.5 Map Setup .......................
  • Page 4 7.2.1 Network Button ....................112 7.2.2 Network Pull-down menu ................. 113 # DHCP Server ........................113 # Radio 0/1 Access Point ....................114 # MAC Filter ........................... 117 # 802.11r/802.11k Fast Roaming ..................118 Wireless Basic Setup ....................120 7.3.1 Radio 0 Basic Setup (2.4G) ................

  • Page 5: Introduction

    N-Type antenna connectors. Two of the N-Type connectors are assigned to the 2.4GHz band and two are assigned to the 5GHz band. OW-400-A2 supports both a built-in directional panel antenna or 2 N-Type external antenna connectors in the 5GHz band, however only supports N-Type connectors in the 2.4GHz band (users must enter the software UI to...
  • Page 6 Traffic Monitoring / Status Overview and more. CAP Mode also allows users to limit client access and bandwidth to effectively load balance the network. Cerio’s innovative AAP design allows users to create customized login pages (Captive Portal) for user authentication. This not only provides a platform for marketing, but also provides a security barrier by allowing clients to use third-party credentials such as Facebook and Google to login into the network.

  • Page 7: Software Configuration

    IP Segment Set-up for Administrator's PC/NB Set the IP segment of the administrator's computer to be in the same range as OW-400-A2 for accessing the system. Do not duplicate the IP Address used here with IP Address of OW-400-A2 or any other device within the network.
  • Page 8 Step 1 : Please click on the computer icon in the bottom right window, and click “Open Network and Sharing Center” Step 2 : In the Network and Sharing Center page, Please click on the left side of “Change adapter setting”...
  • Page 9 Step 3 : In “Change adapter setting” Page. Please find Local LAN and Click the right button on the mouse and Click “Properties” Step 4 : In “Properties” page, please Click “Properties” button to TCP/IP setting...
  • Page 10 Step 5 : In Properties page to setting IP address, please find “Internet Protocol Version 4 (TCP/IPv4)” and double click or click “Install” button. Double click Step 6 : Select “Use the following IP address”, and fix in IP Address : 192.168.2.# ex.

  • Page 11: Login Ow-400-A2 Web Page

    WMI (https://192.168.2.254). There will be a “Certificate Error”, because the browser treats system as an illegal website. 1.3 Login OW-400-A2 Web Page  Launch Web Browser Launch as web browser to access the web management interface of system by entering the default IP Address, http://192.168.2.254, in the URL field, and then press Enter.

  • Page 12: Software Setting

    2. Software Setting 2.1 Operating Mode Introduction CERIO OW-400-A2 eXtreme Power 11n Dual Band 2x2 Ceiling / Wall PoE Access Point with CenOS5.0 software supports five operational modes: Access Point Mode, Router Access Point Mode, Control Access Point Mode, Client Bridge Mode, and WISP Mode.
  • Page 13 Access Point Mode (Supports AP+WDS Mode) It can be deployed as a traditional fixed wireless Access Point  It allow wireless clients or Stations ( STA ) to access  Supports DHCP Service, allowing for automated assigning of IP addresses to clients connecting ...
  • Page 14  In this mode, OW-400-A2 is enabled with DHCP Server functions. The wired clients of OW-400-A2 are in the same subnet from Main Base Station and it accepts wireless connections from client devices. You can disabled the repeater extending AP function, which will enable the “AP Client ”...
  • Page 15  signals over last mile application, helping WISPs deliver wireless broadband Internet service to residents and business customers In the WISP (CPE) mode, OW-400-A2 is a gateway enabled with NAT and DHCP Server  functions. The wired clients connected to DT-300N are in different subnet from those connected to Main Base Station, and, in WISP (CPE) mode, it does not accept wireless association from wireless clients.

  • Page 16: Access Point Mode

    3. Access Point mode When AP mode is chosen, the system can be configured as an Access Point. This section provides detailed explanation for users to configure in the AP mode with help of illustrations. In the AP mode, functions listed in the table below are also available from the Web-based GUI interface. 3.1 Select AP Mode The system administrator can set the desired mode via this page, and then configure the system according to their deployment needs.

  • Page 17: Network Button

    VLAN Mode:Display on/off for the VLAN network.  Flag:Display master VLAN and VLAN Tag No. information.  IP Address:Display IP Address for VLAN Network.  NetMask:Display IP netmask.  Radio 0:Display radio 2.4G SSID name.  Radio 1:Display radio 5G SSID name. ...

  • Page 18: Network Pull-Down Menu

    IP Mode:Administrator can select enable or disable function for VLAN IP.  IP Address/ NetMask:Administrator can set IP address and netmask for the VLAN.  Management Access Point 0:Administrator can Enable or Disable 2.4G Radio.  Access Point 0:Administrator can Enable or Disable 2.4G Radio. ...

  • Page 19: Dhcp Server

    # DHCP Server Administrator can select enable / disable the function  Start IP : Set Start IP for DHCP Service.  End IP : Set End IP for DHCP Service.  Netmask: Set IP Netmask, the default is 255.255.255.0 ...

  • Page 20: Radio 0/1 Access Point

    Static Lease IP Setup Administrator can set be delivered fixed IP address to the users. Comment : Enter rule description.  IP Address : Enter access point IP.  MAC Address : Enter Client MAC Address of PC network.  # Radio 0/1 Access Point Administrator can Enable or Disable radio 0/1 (2.4/5G) Wi-Fi, if enable radio 0/1 (2.4/5G) administrator can set SSID and security for the 2.4/5G access point.
  • Page 21 SSID Visibility: Administrator can select Enable or Disable the Visibility.  Client Isolation: Enable or Disable the client isolation function.  Connection Limit: Administrator can select Enable or Disable WiFi connection Limit.  User Limit: If select enable of the connection Limit function, administrator can set users ...
  • Page 22 TKIP is short for “Temporal Key Integrity Protocol”, TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with. Group Key Update Interval: The time interval is for re-keying GTK ...

  • Page 23: Mac Filter

    # MAC Filter Administrator can set allow or reject Wi-Fi users connection access point. Disable:Disable MAC Filter function.  Only Deny List MAC:Administrator can add wireless users MAC address in MAC list.  The access point will deny connection in MAC address list. Only Allow List MAC:Administrator can add wireless users MAC address in MAC list.
  • Page 24 R0/NAS Identifier: PMK-R0 Key Holder identifier. When using IEEE 802.11r,  nas_identifier must be set and must be between 1 and 48 octets long. R1 Identifier: PMK-R1 Key Holder identifier 6-octet identifier as a hex string.  R1 Push: Administrator can select Enable or disable. If enable the function will ...

  • Page 25: Authentication

    R1 Key Holder List: After setting "R1 Key holders" function the information will appear in list. Click “Save” button to save your changes. Then click Reboot button to activate your changes. Authentication The function is for Web Authentication. It supports authentication for local users / RADIUS Server / OAuth2.0 and Guest.

  • Page 26: Authentication Button

    #:Display 16 VLAN number.  VLAN Mode:Displays VLAN on/off status.  whether Authentication:Displays VLAN# enable or disable web authentication.  Action:The function has 2 buttons (Authentication and Dropdown)  # Authentication Button: :By clicking the Authentication button, administrator can enable or disable this function.

  • Page 27: Authentication Dropdown Button

    RADIUS:Authentication support remote RADIUS Server. Administrator can enter security  information for remote RADIUS Server. Bandwidth Control:Administrator can be control traffic by Users or total.  # Authentication Dropdown Button :By Clicking the Dropdown button, Administrators can set authentication functions. 3.3.1 Guest Administrator can enable or disable guest authentication.

  • Page 28: Local User

    Service:Administrator can select enable or disable this function.  Login Type :  One Time: Login to start counting until the end of time.  Multiple Times: logout time will stop counting until the next re-login to time start  counting.

  • Page 29: Oauth2.0

    3.3.3 OAuth2.0 The OAuth2.0 function supports Facebook and Google by default. Users can add additional OAuth2.0 servers through UI settings. #:Display items.  Active:Display on/off status for authentication.  Provider:Display authentication server. The system default use authentication server for  Google and Facebook for Google OAuth2.0 setup Sample...
  • Page 30 Step.3 Select web application in the “Application Type” section and set “Restrictions” URL.
  • Page 31 Step.4 Set Authorized JavaScript origins and Authorized redirect URLs (important) Administrator must set login URL in the device function. After complete set of login URL go to the “Restrictions” function in web page. Follow the steps below to set login URLs Setup login URL in the device.

  • Page 32: Sample For Facebook Oauth2.0 Setup

    Step.5 After completing the “Restrictions” setup, click the create button. A OAuth Client page will pop-up with your “client ID” and “client secret”. Administrators must copy and paste their client ID and secret into the OAuth 2.0 Setup page in our software UI. Save and reboot the AP system, complete the setup.
  • Page 33 Step.2 Select WWW function Step.3 Administrator must set www for your information. Step.4 Please click “Setting” and add Platform...
  • Page 34 Step.5 Select Platform for “Website” Step.6 Enter URL is http://domain0.login.com/login/index.cgi?cgi=CALLBACK Administrator must set login URL in the device function. After complete set of login URL go to the “Facebook function in web page. Follow the steps below to set Site URL” login URLs Setup login URL in the device.
  • Page 35 After complete set of login URL go to the “Facebook Site URL” function in web page. Copy and paste the login URL from the system display into the “ Site URL” page on the Facebook website. Step.7 Click Advanced function to enable the “Native or desktop app?”...

  • Page 36: Customize Page

    Client ID and Client Secret setup by third parties such as Facebook and Google are subject to change. The instructions above follow the 2016 setup procedure. Any future changes to the Facebook/Google process may lead to our instructions becoming invalid. 3.3.4 Customize Page This function is to customized the user Login Page.
  • Page 37 Select disable to active HTML Source code window for customization  Sample: See sample login page below that is customized by html coding (sample login page html code templates are available on Cerio website)

  • Page 38: Language

    The following function is by Template Enable Multiple Language:Administrator can select enable or disable multiple language for login  page. Administrator must to Language function create new language. Page Color Setup: Administrator can change the login page color.  3.3.5 Language Administrator can create other language for login page.

  • Page 39: Privilege Address

    3.3.7 Privilege Address This function provides local device can access Internet without authentication. If there are some workstations belonging NGS Access Point that need to access to network without authentication, enter the IP or MAC address of these workstations in this list. Device Name: Enter Device or Users Name.

  • Page 40: Radius Server

    RADIUS Server The function is 802.1x RADIUS Server. Administrator can enable or disable Server. Please click on System  RADIUS Server Service:Administrator can select Enable or disable the function.  Radius:Administrator must to set remote RADIUS Server use Port.  Radius Secret:Administrator must to set remote RADIUS Server use Key.

  • Page 41: Wireless Basic Setup

    3.6 Wireless Basic Setup This section includes the main base station setup procedures for 2.4G / 5G Wifi functions、Wi-Fi Advanced setup、WMM、WDS and WDS Status 3.6.1 Radio 0 Basic Setup (2.4G) General setup MAC Address: Display 2.4G WiFi MAC address.  Country: Administrator can select country: US or EU or Taiwan.
  • Page 42 Channel: Administrator can select 1 to 11 CH. The Channel settings can be changed in  “HT Physical Mode” ” Extension Channel” can select Upper or Lower channels. Tx Power: Administrator can control the WiFi Tx output power. The power Max. Level 9. ...
  • Page 43 HT Physical Mode TX/RX Stream: The OW-400-A2 utilizes 2 antenna and supports 2TX/2RX streams.  Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX. Channel Bandwidth: The "20/40” MHz option is usually best. The other option is available ...

  • Page 44: Radio 1 Basic Setup (5G)

    3.6.2 Radio 1 Basic Setup (5G) General Setup MAC Address: Display 2.4G WiFi MAC address.  Country: Administrator can select country: US or EU or Taiwan.   Band Mode: Administrator can select 5G Band for 802.11a/n or 802.11ac. The default is 802.11ac Auto Channel: Administrator can Enable or Disable the function.
  • Page 45 Slot Time : Slot time is in the range of 9~1489 and set in unit of microsecond. The default  value is 9 microsecond. Slot time is the amount of time a device waits after a collision before retransmitting a packet. Reducing the slot time decreases the overall back-off, which increases throughput.
  • Page 46 HT Physical Mode TX/RX Stream: The OW-400-A2 utilizes 2 antennas and supports 2TX/2RX streams.  Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX. Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually the best. The ...

  • Page 47: Advanced Setup

    3.6.3 Advanced Setup The administrator can change the Slot Time, ACK Timeout, RTS threshold and fragmentation threshold settings for the system. Please click on Wireless -> Advanced Setup and follow the below setting. Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. ...
  • Page 48 By increasing the beacon interval, you can reduce the number of beacons and associated overhead, but that will likely delay the association and roaming process because stations scanning for available access points may miss the beacons. You can decrease the beacon interval, which increases the rate of beacons.

  • Page 49: Wmm Setup

    IGMP Snooping: The process of listening to Internet Group Management Protocol (IGMP)  network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams.
  • Page 50 WMM: Administrator can select Enable or Disable the services of WMM.   AC Type: Data Queue Transmitted Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example).
  • Page 51  CWmin: Minimum Contention Window. This parameter is input to the algorithm that determines the initial random backoff wait time ("window") for retry of a transmission. The value specified here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random backoff wait time is determined.

  • Page 52: Wds Setup

    3.6.5 WDS Setup The administrator can create WDS Links for expanding wireless network via this page. When you enable “WDS” function in AP Mode both Wireless and Ethernet user can connect your local network at the same time through AP. The WDS link supports 2.4G/5G radio and can support VLAN tag pass through Please click on Wireless ->...
  • Page 53 VLAN Setup: The WDS aisle support Multi-tag VALN ...
  • Page 54 3.6.6 WDS Status Displays 2.4G and 5G radio WDS link status through MAC and Date (TX/RX) Please click on Wireless -> WDS status...

  • Page 55: Cap Mode

    4. CAP Mode The CAP mode itself isn’t Access Point. This mode is primarily to control all the managed AP. 4.1 System VLAN Setup Setup Control AP of LAN or VLAN IP Address, Gateway, DNS and Ethernet Tag etc. Please click on System -> VLAN Setup ...
  • Page 56 VLAN Mode:Administrator can Enable or disable the VLAN function.  VLAN have 0~7 total 8 VLAN. There must always be at least one VLAN enabled. If the administrator disables all the VLANs, he/she will not be able to login to the manager page. The administrator must then reset to default.

  • Page 57: Ap Control

    Primary: The IP address of the primary DNS server.  Secondary: The IP address of the secondary DNS server.  4.2 AP Control When CenOS5.0 AP changes to CAP mode, Administrator can use AP Control functions to centralize management of APs in the network architecture. AP control Setting functions have “Scan Device”, “Batch Setup”, “AP Setup”, “Group / Map setup”...

  • Page 58: Scan Device

    4.2.1 Scan Device This management page can discover all managed APs in the network. Administrator can set IP address / Password and VLAN tag for managed APs. After the setup is complete, Administrator must import all managed APs to databases. VLAN# : Administrator can select VLAN network to discovery managed Aps ...

  • Page 59: Batch Setup

    Default:Administrator click the button will can reset to default for select managed APs.  Control Port:Administrator can change VLAN network for managed APs.  VLAN TAG:Administrator can set VLAN TAG ID for managed APs.  IP Address:Administrator can set IP address for managed APs, the IP address is ...
  • Page 60 VLAN Setup:Administrator can set VLAN Tag, IP address and Wi-Fi on/off for the  managed APs. VLAN:The function can select VLAN (please refer to 3.2 Configure VLAN Setup) for  managed APs. VLAN Mode:Administrator can enable or disable VLAN mode of the managed APs. ...
  • Page 61 IP Setup:Administrator can set IP address and Netmask of the managed APs.  ETH0/1 VLAN Tag Setup : Administrator can set VLAN Tag or disable VLAN function  of the managed APs. Authentication Profile:After creating Profiles, See: “4.2.6 Authentication Profile” users ...

  • Page 62: Ap Setup

    4.2.3 AP Setup Administrator can monitor statuses and modify managed APs information. VLAN:Select desired VLAN for AP setup  Setup:Administrator can modify IP addresses, system login passwords, and web login port  for managed APs. If administrator has change AP devices, administrator can modify MAC address of the new managed AP.

  • Page 63: Map Setup

    VLAN:Select VLAN.  Create New Group:Click the button to create a new AP Group  Device button:Administrator can select managed APs and import them into the  Group. 4.2.5 Map Setup The Map Setup feature allows administrators to upload a floor plan image to a web server, then use the image URL to import the map into the AP user interface.
  • Page 64 :Once the Map is created and properly in the Map List, administrators can click the “Layout” button in the action tab to map out the AP network. Managed APs will appear in the “Device List” section of the layout page. Administrators can simply drag the AP (IP Address) to the correct installation location.

  • Page 65: Authentication Profile

    4.2.6 Authentication Profile Administrator can pre-set authentication conditions in the profile, the authentication set can refer 3.3 Authentication. Create New Profile:Administrator can create authentication profile.  Edit: Click the Authentication button to Enable or Disable authentication  function. For more details, refer to “3.3 Authentication”. Click Dropdown to set authentication functions.

  • Page 66: Client Bridge Mode

    Administrator can monitor Tx/Rx flow information, show online users and check system CPU / Memory information and on/off line for the managed APs. The information data display support graphical interface. 5. Client Bridge Mode When Client Bridge is chosen, the system can be configured as a Client Bridge and support Repeater AP function.

  • Page 67: Configure Lan Setup

    5.1 Configure LAN Setup Here are the instructions for how to setup the local IP Address and Netmask. Please click on System -> LAN and follow the below setting. Mode: Administrator can select the IP used Static or Dynamic IP address. Static IP: ...
  • Page 68 DHCP Forward: When the AP Mode device and Client Bridge AP are linked, and DHCP  Service is “Enabled”, the Client Bridge AP must also enable DHCP Forward to allow connecting clients to receive the IP Address from the source AP (AP Mode Device). By default, DHCP Forward is disabled in Client Bridge devices.

  • Page 69: Configure Dhcp Setup

    5.2 Configure DHCP Setup The DHCP Service function in the Client Bridge device can select a separate IP Address range within the same network segment of the source AP, and allocate those IP Addresses to connecting clients. Start IP / End IP: Specify the range of IP addresses to be used by the DHCP server when ...
  • Page 70 DHCP Clients List: When users link OW-400-A2 and use IP address of the DHCP service, the DHCP Client List will display users the information and used IP address. IP Address: Display users used IP address.  MAC Address: Display MAC Address of users used device.

  • Page 71: Wireless General Setup

    5.3 Wireless General Setup The main setting for Client Bridge mode link to AP Station, Repeater AP functions setting, MAC filter, WMM and 802.11r/802.11k Fast Roaming etc. 5.3.1 Radio 0(2.4G) Basic Setup Administrator can change the data transmission, channel and output power settings for the system.
  • Page 72 HT Physical Mode TX/RX Stream: OW-400-A2 utilizes 2 antennas, supporting 2TX/2RX streams.  Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX. Channel Bandwidth: The "20/40” MHz option is usually best. The other option is available  for special circumstances.

  • Page 73: Radio 1(5G) Basic Setup

    HT Physical Mode TX/RX Stream:  The OW-400-A2 utilizes 2 antenna and supports 2TX/2RX streams. Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.  Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually best. The other...

  • Page 74: Advanced Setup

     Shout GI: Short Guard Interval, by default, it's “Enable”. it's can increase throughput. However, it can also increase error rate in some installations, due to increased sensitivity to radio-frequency reflections. Select the option that works best for your installation. ...
  • Page 75 Slot Time : Slot time is in the range of 9~1489 and set in unit of microsecond. The default  value is 9 microsecond. Slot time is the amount of time a device waits after a collision before retransmitting a packet. Reducing the slot time decreases the overall back-off, which increases throughput.
  • Page 76 Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond.  The default value is 100 msec. Access Point (AP) in IEEE 802.11 will send out a special approximated 50-byte frame, called “Beacon”. Beacon is broadcast to all the stations, provides the basic information of AP such as SSID, channel, encryption keys, signal strength, time stamp, support data rate.

  • Page 77: Wmm Setup

    RTS Threshold: TRTS Threshold is in the range of 1~2347 byte. The default is 2347 byte.  The main purpose of enabling RTS by changing RTS threshold is to reduce possible collisions due to hidden wireless clients. RTS in AP will be enabled automatically if the packet size is larger than the Threshold value.
  • Page 78 AC Type:  Data Queue Transmitted Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data is sent to this queue.

  • Page 79: Station Setup

     CWmax:Maximum Contention Window. The value specified here in the Maximum Contention Window is the upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached.

  • Page 80: Repeater Ap Setup

    The functions setting functions include Client Bridge link to AP station. Administrator can used “site survey” function to Search for AP stations. MAC Address List : The function main discovery AP Station and select want to link the AP  station.
  • Page 81 SSID Visibility: The default it’s Enable. When select Disable the SSID will not is  discovered. Client Isolation: This function is Disabled by default. All clients will be isolated from each  other, which mean they can’t reach each other. Connection Limit: This function is Disabled by default.

  • Page 82: Mac Filter

     Group Key Update Interval: This time interval for re-keying GTK (broadcast/multicast encryption keys) in seconds. Enter the time-length required; the default time is 600 seconds. Pass Phrase: Enter the ESSID pass phrase.   WPS: Administrator can used WPS function link WiFi client, if select enable the function, WPS Push Button.

  • Page 83: R/802.11K Fast Roaming

    Rule: Select the desired access control type from the drop-down list; the options are  Disable, Allow or Reject. Only Allow List MAC: Define certain wireless clients in the list which will have granted  access to the Access Point while the access will be denied for all the remaining clients –...
  • Page 84 Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the  same SSID) between which a STA can use Fast BSS Transition. Please enter 2-octet identifier as a hex string. R0 Key Lifetime: Default lifetime of the PMK-RO in minutes, the default is 10000, ...
  • Page 85 R0 Key Holder List: After setting "R0 Key holders" function the information will appear in list. R1 Key Holder List: Enter a unified set of R1 Key Holder identification certification. MAC Address: Enter the main roaming device MAC address  R1 Identifier: Enter Shared identifier.

  • Page 86: Wisp Mode

    WISP Mode is a router function, if the Telecom company permits wireless connection to their WAN, administrators can change OW-400-A2 to WISP Mode to connect to the wifi network. The WISP Mode support PPPoE / Static IP / Dynamic IP and PPTP for WAN, and support Repeater AP function.
  • Page 87 Dynamic IP : Please consult with WISP for correct wireless settings to associate with WISP  AP before a dynamic IP, along with related IP settings. If IP Address is not assigned, please double check with your wireless settings and ensure successful association. Also, you may go to “WAN Information”...
  • Page 88 Manual – Click the “Connect” button on “WAN Information” in the Overview page  to connect to the Internet. PPTP : The Point-to-Point Tunneling Protocol (PPTP) mode enables the implementation of  secure multi-protocol Virtual Private Networks (VPNs) through public networks. User Name: Enter account for PPTP.
  • Page 89 When Time Server is enabled at the “On Demand” mode, the “Reconnect Mode” will turn out “Always on”. Manual – Click the “Connect” button on “WAN Information” in the Overview page  to connect to the Internet. MAC Clone  The MAC address is a 12-digit HEX code uniquely assigned to hardware as identification.

  • Page 90: Configure Lan Setup

    6.2 Configure LAN Setup Here are the instructions for how to setup the local IP Address and Netmask. Please click on System -> LAN and follow the below setting. IP Setup : The administrator can manually setup the LAN IP address. IP Address : The IP address of the LAN port;...
  • Page 91 DHCP server. Default is 86400 seconds DHCP Clients List: When users link OW-400-A2 and use IP address of the DHCP service, the DHCP Client List will display users the information and used IP address. IP Address: Display users used IP address.

  • Page 92: Wireless General Setup

    Expired: Display Lease expiration time of IP address.  Action: Kicked user button.  Static Lease IP Setup: Administrator can set as static IP address for users. Comment: Enter description for the information.  IP Address: Set static IP address for users. ...

  • Page 93: Radio 0(2.4G) Basic Setup

    %) for your environment. If you are not sure which setting to choose, then keep the default setting level 9 (100%). HT Physical Mode TX/RX Stream: OW-400-A2 utilizes 2 antennas, supporting 2TX/2RX streams.  Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.

  • Page 94: Radio 1(5G) Basic Setup

    Extension Channel: Set channel select of Upper or Lower, the Upper support 1 to 7 range  CH and Lower support 5 to 11 range CH. MCS: This parameter represents transmission rate. By default (Auto) the fastest possible  transmission rate will be selected. You have the option of selecting the speed if necessary. Shout GI: Short Guard Interval, by default, it's “Enable”.
  • Page 95 Tx Power: Administrator can control the WiFi Tx output power. The power Max. Level 9. HT Physical Mode TX/RX Stream: The OW-400-A2 utilizes 2 antenna and supports 2TX/2RX streams.  Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX.

  • Page 96: Advanced Setup

    6.4.3 Advanced Setup The administrator can change the Slot Time, ACK Timeout, RTS threshold and fragmentation threshold settings for the system. Slot Time : Slot time is in the range of 9~1489 and set in unit of microsecond. The default ...
  • Page 97 All data transmission in 802.11b/g request an “Acknowledgement” (ACK) send by receiving radio. The transmitter will resend the original packet if correspondent ACK failed to arrive within specific time interval, also refer to as “ACK Timeout”. ACK Timeout is adjustable due to the fact that distance between two radio links may vary in different deployment.
  • Page 98 A DTIM interval is a count of the number of beacon frames that must occur before the access point sends the buffered multicast frames. For instance, if DTIM Interval is set to 3, then the Wi-Fi clients will expect to receive a multicast frame after receiving three Beacon frame.

  • Page 99: Wmm Setup

    6.4.4 WMM Setup His affects traffic flowing from the access point to the client station. Configuring QoS options consists of setting parameters on existing queues for different types of wireless traffic. You can configure different minimum and maximum wait times for the transmission of packets in each queue based on the requirements of the media being sent.
  • Page 100  AC Type: Data Queue Transmitted Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data is sent to this queue.

  • Page 101: Station Setup

    When the no acknowledgement (No ACK) policy is used, the recipient does not acknowledge received packets during wireless packet exchange. This policy is suitable in the environment where communication quality is fine and interference is weak. While the No ACK policy helps improve transmission efficiency, it can cause increased packet loss when communication quality deteriorates.

  • Page 102: Repeater Ap Setup

    Security/ PassPhrase Settings: If link as AP station the AP station have used security,  administrator can select AP station used authentication mode and enter password in the functions. 6.4.6 Repeater AP Setup Administrators can configure ESSID, SSID broadcasting, Maximum number of client associations.
  • Page 103  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method. AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext.

  • Page 104: Mac Filter

    Radius Port: The port number used by Authentication RADIUS server. Use the  default 1812 or enter port number specified. Radius Secret: The secret key for system to communicate with Authentication  RADIUS server. Support 1 to 64 characters. 6.4.7 MAC Filter The administrator can allow or reject WiFi clients to access AP.

  • Page 105: R/802.11K Fast Roaming

    6.4.8 802.11r/802.11k Fast Roaming 802.11r/802.11k function for 2.4G and 5G radio. 802.11r, which is the The system support IEEE standard for fast roaming, introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP. Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the ...
  • Page 106 MAC Address: Enter must key in the MAC Address of other AP  NAS Identifier: Enter 1~48 octets of network domain name.  Shared Key of 128 bit. 128-bit Key: Enter  R0 Key Holder List: After setting "R0 Key holders" function the information will appear in list. R1 Key Holder List: Enter a unified set of R1 Key Holder identification certification.

  • Page 107: Router Mode

    7. Router Mode When Router AP mode is chosen, the system can be configured as an Router AP mode. This section provides detailed explanation for users to configure in the Router AP mode with help of illustrations. In the Router AP mode, functions listed in the table below are also available from the Web-based GUI interface.
  • Page 108 WAN Setting Static IP : Users can manually setup the WAN IP address with a static IP provided by WISP.  IP Address : The IP address of the WAN port.  IP Netmask : The Subnet mask of the WAN port. ...
  • Page 109 User Name : Enter User Name for PPPoE connection  Password : Enter Password for PPPoE connection  MTU : By default, MTU is set to 1492 bytes. MTU stands for Maximum Transmission  Unit. Consult with WISP for a correct MTU setting. Reconnect Mode : Administrator can select three function for Always On / On Demand ...
  • Page 110 MTU : By default, it’s 1460 bytes. MTU stands for Maximum Transmission Unit. Consult  with WISP for a correct MTU setting. MPPE40/128: Microsoft Point-to-Point Encryption (MPPE) encrypts data in  Point-to-Point Protocol(PPP)-based dial-up connections or Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) connections. 128-bit key (strong) and 40-bit key (standard) MPPE encryption schemes are supported.

  • Page 111: Configure Lan Setup

    Secondary DNS: The IP address of the secondary DNS server.   The NAT support Enable and Disable Service 7.2 Configure LAN Setup Here are the instructions to setup the local IP Address / Netmask / Gateway / DNS and management Access Point 2.4G or 5G Radio on/off.

  • Page 112: Network Button

    7.2.1 Network Button Administrator can click button to set VLAN network functions. VLAN Mode:Administrator can select Enable or disable for the VLAN Network.  The VLAN list at least one must is enable. IP Mode:Administrator can select enable or disable function for VLAN IP. ...

  • Page 113: Network Pull-Down Menu

    7.2.2 Network Pull-down menu Administrator can set DHCP Server and 2.4/5G security for the access point and set 802.11r fast roaming. Please click pull-down button. # DHCP Server Administrator can select enable / disable the function  Start IP : Set Start IP for DHCP Service. ...

  • Page 114: Radio 0/1 Access Point

    WINS IP : Enter IP address of the Windows Internet Name Service (WINS) server; this is  optional. Domain : Enter the domain name for this network.  Lease Time : The IP addresses given out by the DHCP server will only be valid for the ...
  • Page 115 Access Point: Administrator can Enable or Disable the radio 0 (2.4G).  ESSID: Administrator can set Wi-Fi SSID name for the 2.4G.  SSID Visibility: Administrator can select Enable or Disable the Visibility.  Client Isolation: Enable or Disable the client isolation function. ...
  • Page 116 WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2  encryption method. AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext.

  • Page 117: Mac Filter

    Key Size: Check on the respected button to enable either 64bits or 128bits key  length. The system will automatically generate WEP keys for encryption. Radius Server: Enter the IP address of the Authentication RADIUS server.  Radius Port: The port number used by Authentication RADIUS server. Use the ...

  • Page 118: R/802.11K Fast Roaming

    # 802.11r/802.11k Fast Roaming The dual band Access Point supports 802.11r/802.11k function for 2.4G and 5G radio. 802.11r, which is the IEEE standard for fast roaming, introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP. Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing ...
  • Page 119 MAC Address: Administrators must enter the MAC Address of other AP  NAS Identifier: Enter 1~48 octets of network domain name.  Shared Key of 128 bit. 128-bit Key: Enter  R0 Key Holder List: After setting "R0 Key holders" function the information will appear in list. R1 Key Holder List: Enter a unified set of R1 Key Holder identification certification.

  • Page 120: Wireless Basic Setup

    7.3 Wireless Basic Setup This section includes the main base station setup procedures for 2.4G / 5G Wifi functions、Wi-Fi Advanced setup、WMM、WDS and WDS Status 7.3.1 Radio 0 Basic Setup (2.4G) General setup MAC Address: Display 2.4G WiFi MAC address.  Country: Administrator can select country: US or EU or Taiwan.
  • Page 121 Channel: Administrator can select 1 to 11 CH. The Channel settings can be changed in  “HT Physical Mode” ” Extension Channel” can select Upper or Lower channels. Tx Power: Administrator can control the WiFi Tx output power. The power Max. Level 9. ...
  • Page 122 HT Physical Mode TX/RX Stream: The OW-400-A2 utilizes 2 antenna and supports 2TX/2RX streams.  Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX. Channel Bandwidth: The "20/40” MHz option is usually best. The other option is available ...

  • Page 123: Radio 1 Basic Setup (5G)

    7.3.2 Radio 1 Basic Setup (5G) General Setup MAC Address: Display 2.4G WiFi MAC address.  Country: Administrator can select country: US or EU or Taiwan.   Band Mode: Administrator can select 5G Band for 802.11a/n or 802.11ac. The default is 802.11ac Auto Channel: Administrator can Enable or Disable the function.
  • Page 124 Slot Time : Slot time is in the range of 9~1489 and set in unit of microsecond. The default  value is 9 microsecond. Slot time is the amount of time a device waits after a collision before retransmitting a packet. Reducing the slot time decreases the overall back-off, which increases throughput.
  • Page 125 HT Physical Mode TX/RX Stream: The OW-400-A2 utilizes 2 antennas and supports 2TX/2RX streams.  Administrator can select 1 or 2 TX/RX. The default is 2TX/2RX. Channel Bandwidth: The "20/40 and 802.11ac 80” MHz option is usually the best. The ...

  • Page 126: Advanced Setup

    7.3.3 Advanced Setup The administrator can change the Slot Time, ACK Timeout, RTS threshold and fragmentation threshold settings for the system. Please click on Wireless -> Advanced Setup and follow the below setting. Beacon Interval: Beacon Interval is in the range of 40~3500 and set in unit of millisecond. ...
  • Page 127 By increasing the beacon interval, you can reduce the number of beacons and associated overhead, but that will likely delay the association and roaming process because stations scanning for available access points may miss the beacons. You can decrease the beacon interval, which increases the rate of beacons.

  • Page 128: Wmm Setup

    IGMP Snooping: The process of listening to Internet Group Management Protocol (IGMP)  network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams.
  • Page 129 WMM: Administrator can select Enable or Disable the services of WMM.   AC Type: Data Queue Transmitted Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example).
  • Page 130  CWmin: Minimum Contention Window. This parameter is input to the algorithm that determines the initial random backoff wait time ("window") for retry of a transmission. The value specified here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random backoff wait time is determined.

  • Page 131: Advanced Setup By Wisp & Router Mode

    8. Advanced Setup By WISP & Router Mode 8.1 DMZ DMZ is commonly work with the NAT functionality as an alternative of Virtual Server(Port Forwarding) while wanting all ports of DMZ host visible to Internet users. Virtual Server rules have precedence over the DMZ rule. In order to use a range of ports available to access to different internal hosts Virtual Server rules are needed.
  • Page 132 Please click Edit button to setting IP filter. Active: Administrator can select Enable or Disable the service.  Comment: Enter the description of IP filter rule.  Policy: Administrator can select the IP flow rule of Deny or Pass.  In/ Out: Administrator can select the IP flow rule of In/out bound.
  • Page 133 When you create rules in the IP Filter List, the prior rules maintain higher priority. To allow limited access from a subnet to a destination network manager needs to create allow rules first and followed by deny rules. So, if you just want one IP address to access the system via telnet from your subnet, not others, the Example 1 demonstrates it, not rules in the Example 2.

  • Page 134: Mac Filter

    8.3 MAC Filter Allows creating MAC filter rules to allow or deny unicast or multicast packets from limited number of MAC addresses. Important and must note. That MAC filter rules have precedence over IP Filter rules. Mode: Administrator can select Deny or Allow. ...
  • Page 135 Please click Edit button to setting Virtual Server rules. Active: Administrator can select Virtual server rule to Enable or disable.  Comment: Enter the description of virtual server rule.  Protocol: Administrator can select service protocol of TCP or UDP. ...

  • Page 136: Access Control

    8.5 Access Control The Access Control function administrator can to block or allow specific kinds of TCP/UDP/ICMP protocol, such as Internet access, designated services, and websites. The Access Control function can set 20 profiles. Please click on Advance -> Access Control and follow the below setting. #:Display access control list.

  • Page 137: Time Policy

    ANY:Select "Any" is all deny Protocol, administrator can filter local IP / IP range go to  destination IP / IP range and use protocol. TCP:Deny TCP Protocol, Administrator can set TCP protocol and assign IP / IP range.  UDP:Deny UDP Protocol, Administrator can set UDP protocol and assign IP / IP range.

  • Page 138: System Management

    Comment: Enter the description of Time Policy rule.  Mode: Administrator can select On schedule or Out of schedule to execution the rules.  Create New Policy button: Administrator can set time for week / start time and end time. Click “Save”...
  • Page 139  System Language: Administrator can select system language for English and Traditional Chinese  System Information: Administrator can set the system name / Description and Location.  Root Password: Administrator can change system login password.  LED Control:When system working the moment, device LED will flashes. Administrator can select close the LED flashes in the function.

  • Page 140: Configure Time Server

    Weekly : Setting frequency (ex. Weekly) and time of system reboot  Monthly : Setting Every month, fixed date and time to system reboot  Click “Save” button to save your changes. And click “Reboot” button to activate your changes 9.2 Configure Time Server Administrator can select manual or via a NTP server to modify system time for the right local time.
  • Page 141 Mode: Administrator can select NTP Server or Manual.   NTP Server: System can auto update the system time. Administrator needs setting as NTP Server. Default NTP Server: Administrator can select NTP Server.  NTP Server: Administrator can setting as NTP Server. ...

  • Page 142: Control Poe Bridge

    This device supports Cerio's smart PoE Bridge function. Enabling PoE Bridge function will allow this device to provide PoE power to subsequent standard PD devices such Cerio APs or as IP Cameras. PoE Bridge: Administrator can select Enable or Disable.

  • Page 143: Utilities

    RO username: Set a community string to authorize read-only access.  Ro password: Set a password to authorize read-only access.  RW username: Set a community string to authorize read/write access.  RW password: Set a password to authorize read/write access. ...
  • Page 144 Save Settings to PC : Click Save button to save the current configuration to a local disk.  Load Settings from PC: Click Browse button to locate a configuration file to restore, and then  click Upload button to upload. Reset To Factory Default: Click Default button to reset back to the factory default settings and ...

  • Page 145: System Upgrade

    10.2 System Upgrade Firmware is the main software image that system needs to respond to requests and to manage real time operations. Firmware upgrades are sometimes required to include new features or bugs fix. It takes around 2 minutes to upgrade due to complexity of firmware. To upgrade system firmware, click Browse button to locate the new firmware, and then click Upgrade button to upgrade.

  • Page 146: Network Utility

    Count: By default, it’s 5 and the range is from 1 to 50. It indicates number of connectivity  test. Traceroute: Allows tracing the hops from the OW-400-A2 device to a selected outgoing IP  address. It should be used for the finding the route taken by ICMP packets across the network to the destination host.

  • Page 147: Status

    11. Status 11.1 Overview Detailed information on System, Network can be reviewed via this page. 11.2 Wireless Client The page can be display Wireless user information link to access point. Administrator can monitor MAC address / rate and RSSI for the wireless users.

  • Page 148: Online Users By Captive Portal

    11.3 Online Users by Captive Portal The status can display online users by Captive Portal. Administrator can monitor user’s login / logout time and account type for the authentication account. VALN#:Display VLAN number.  Authentication:Display Captive Portal authentication function is on/off in the VLANs. ...

  • Page 149: Authentication Log By Captive Portal

    11.4 Authentication Log by Captive Portal The authentication log can monitor account login/logout type and account use time. 11.5 System Log The system log displays system events when system is up and running. Also, it becomes very useful as a troubleshooting tool when issues are experienced in system. Time:The date and time when the event occurred.

  • Page 150: Appendix A. Web Gui Valid Characters

    Appendix A. WEB GUI Valid Characters Table B WEB GUI Valid Characters Block Field Valid Characters IP Address IP Format; 1-254 IP Netmask 128.0.0.0 ~ 255.255.255.252 IP Gateway IP Format; 1-254 Primary DNS IP Format; 1-254 Secondary DNS IP Format; 1-254 Hostname Length : 32 0-9, A-Z, a-z...
  • Page 151 Table B WEB GUI Valid Characters (continued) Block Field Valid Characters Management System Name/ Location Length : 32 0-9, A-Z, a-z Space ~ ! @ # $ % ^ * ( ) _ + - { } | : < > ? [ ] / ; ` , . = Description 32 chars Password...
  • Page 152 Table B WEB GUI Valid Characters (continued) Block Field Valid Characters Virtual AP Setup ESSID Length : 31 Space 0-9, A-Z, a-z ~ ! @ # $ % ^ * ( ) _ + - { } | : < > ? [ ] / ; ` , . = Maximum Clients 1 ~ 32 VLAN ID...

Table of Contents