Download Print this page

Cerio CW-500 R1 User Manual

Cenos 5.0 extreme high power wifi6 dual-radio ax1800 ceiling/wall poe

Advertisement

Quick Links

CERIO Corporation
CenOS 5.0
User Manual
CW-500 R1
eXtreme High Power WiFi6 Dual-Radio AX1800 Ceiling/Wall PoE
V1.1
V1.0a

Advertisement

loading
Need help?

Need help?

Do you have a question about the CW-500 R1 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Cerio CW-500 R1

  • Page 1 CERIO Corporation CenOS 5.0 User Manual CW-500 R1 eXtreme High Power WiFi6 Dual-Radio AX1800 Ceiling/Wall PoE V1.1 V1.0a...
  • Page 2 Content Device and Software Configuration ......................6 1-1. Device appearance ........................6 1-2. Setup Preparation of AP ......................7 1-3. Login Web Page ......................... 8 Operating Mode Introduction ........................10 2-1. Access Point Mode (Default Mode) ..................10 2-2. Client Bridge + Repeater Mode ....................11 2-3.
  • Page 3 4-3-3. OAuth 2.0 ........................... 40 #Sample for Google OAuth2.0 setup ..................... 40 #Sample for Facebook OAuth2.0 setup ....................43 4-3-4. POP3/IMAP Server ......................47 4-3-5. Customize ........................... 47 4-3-6. Language ..........................49 4-3-7. Walled Garden ........................50 4-3-8. Privilege Address ......................... 50 4-3-9.
  • Page 4 5-4-5. Station Setup ........................78 5-4-6. Station Porfile Setup ......................80 5-4-7. Repeater AP Setup ......................81 5-4-8. MAC Filter Setup ......................... 85 5-4-9. 802.11r Fast Roaming ......................86 WISP Mode .............................. 88 6-1. Change Setup mode ......................... 88 6-2. Configure WAN Setup ......................
  • Page 5 System Log ..........................136 10. [ Other technical documents] ........................136 10-1. Point to Point / Multi-Point for WDS settings ................136 10-2. Apply CERIO web authentication login page sample ..............137 Appendix A. WEB GUI Valid Characters ......................143 V1.1 V1.0a...
  • Page 6 Device and Software Configuration Device appearance 1-1. 2.4GHz Repeater/Bridge Power LED 1Gb ETH2 Ethernet LED 5GHz Repeater/Bridge 2.4GHz WiFi LED 1Gb ETH1 Ethernet LED 5GHz WiFi LED DC Power Input 1Gb ETH1 / PoE Input 1Gb ETH2 / PoE Input Reset Button V1.1 V1.0a...
  • Page 7 Setup Preparation of AP 1-2. Please PC link to Device used cat5/6 Ethernet cable. The following setup uses a Windows PC, user OS may vary. Step 1: Please click on the computer icon in the bottom right window, and click “Open Network and Internet settings”...
  • Page 8 Step 4: In Properties page to setting IP address, please find “Internet Protocol Version 4 (TCP/IPv4)” and double click or click “OK” button. Step 5 : Select “Use the following IP address”, and fix in IP Address : 192.168.2.# ex. The # is any number by 1 to 253 Subnet mask : 255.255.255.0 And Click "OK"...
  • Page 9 Launch as web browser to access the web management interface of system by entering the default IP Address, http://192.168.2.254, in the URL field, and then press Enter. Default login Usermane is〝root〞and Password is〝default〞.  V1.1 V1.0a...
  • Page 10 Operating Mode Introduction Access Point Mode (Default Mode) 2-1. Please click on System ->Mode Setup and choose Access Point Mode It can be deployed as a traditional fixed wireless Access Point  It allow wireless clients or Stations ( STA ) to access ...
  • Page 11 Client Bridge + Repeater Mode 2-2. Please click on System ->Mode Setup and choose Client Bridge Mode It can be used as a Client Bridge + Repeater AP to receive wireless signals over last mile applications,  helping WISPs deliver wireless broadband Internet service to new residential and business customers.
  • Page 12 Note: If Client Bridge used 5GHz connection to AP station then Repeater AP only use 2.4GHz. WISP + Repeater AP Mode 2-3. Please click on System ->Mode Setup and choose WISP Mode It can be used as an WISP (Wireless Internet Service Provide) to receive wireless signals over last mile ...
  • Page 13 CAP mode (Centralizes Access Point) 2-4. Please click on System ->Mode Setup and choose CAP Mode Control Management of CenOS5.0 APs  AP Management support 802.1Q VLAN infrastructure  Centralized setting Access Point function and firmware upgrade.  APs Group management for concept. ...
  • Page 14 System Configuration Management 3-1. Please click on System ->Management and choose System Language. System Language:Administrator can select system language for English and Traditional Chinese  System Information:Administrator can set the system name / Description and Location.  Root Password:Administrator can change system login password. ...
  • Page 15 Interval:Ping interval of time.  Delay:After system start, the set time value starts execution Ping watchdog.  Times of faults:After the error exceeds the set value, system will auto reboot.  Login Methods:Administrator can set system login protocol of the http/https/telnet and SSH. ...
  • Page 16 “Cerio AP Controller” corresponds to port 514. If you use the built-in log server function of Cerio's AP Controller product, please use the default 514 remote server port for the designated connection. The built-in log server of the AP management controller provided by Cerio Company provides a complete log format and all complete format information for its wireless AP devices of Cerio Company.
  • Page 17 NTP Server:Administrator can setting as NTP Server. For example, select the time server of  "cerio.com.tw" on the Internet as the basis for NTP time calibration as follows. Time Zone:Administrator can select a desired time zone from the drop-down list. ...
  • Page 18 Administrator can select manual or via a NTP server to modify system time for the right local time. 1. This product supports hardware battery memory time keep design, When "Manual Update" time is selected and the time can be stored in the hardware memory, if the time cannot be stored and always becomes invalid and returns to the default time, the hardware battery must be replaced.
  • Page 19 SNMP V3 Function  Active:Administrator can select Enable or Disable the service.  RO Username:Set a community string to authorize read-only access.  RO Password:Set a password to authorize read-only access.  RW Username:Set a community string to authorize read/write access. ...
  • Page 20 Configure Time Policy 3-4. Please click Edit button to setting Time Policy rules  Comment: Enter the description of Time Policy rule.  Mode: Administrator can select On schedule or Out of schedule to execution the rules.  Administrator can set time for week / start time and end time. ...
  • Page 21 For the first time after switching modes, always perform access management on the LAN default IP address of 192.168.2.254 2. Cerio’s dual-band wireless base station supports 16 VLANs and 32 SSIDs ( Each VLAN supports 2.4Ghz SSID x1 and 5Ghz band SSID x1 ) VLAN Setup 4-2.
  • Page 22 VLAN Mode:Display on/off for the VLAN network.  Flag:Display master VLAN and VLAN Tag No. information. When displayed  it means that the current main wired connection is this virtual network as the main login system. IP Address:Display IP Address for VLAN Network ...
  • Page 23 # Network Setup Administrator can click “ “ button to set VLAN network functions. VLAN Mode:Administrator can select Enable or disable for the VLAN Network.  IP Mode:Administrator can select enable or disable function for VLAN IP.  IP Address/ NetMask:Administrator can set IP address and netmask for the VLAN. ...
  • Page 24 Control Port:Administrator can select one of the VLAN as managed AP.  IAPP:Administrator can select radio 2.4G or 5G for IAPP roaming.(the IAPP condition must  use WPA2-PSK Wi-Fi security and AES algorithm) VLAN Tag Setup: Set the VLAN used tags. ...
  • Page 25 1. The conditions for IAPP roaming are that the SSID must be the same, and wireless encryption must use WPA2-PSK and the encryption algorithm using AES.) If this WPA2-PSK and the encryption algorithm using AES are not used, the IAPP roaming function will not work.
  • Page 26 Start IP: Set Start IP address for DHCP Service.  End IP: Set End IP address for DHCP Service.  Netmask: Set IP Netmask, the default is 255.255.255.0  Gateway: Set Gateway IP address for DHCP Service.  DNS(1-2) IP : Set DNS IP address for DHCP Service. ...
  • Page 27 Bandwidth Control 4-2-2. Administrators can set bandwidth limit the max/min bandwidth of the Wi-Fi users, Bandwidth control can set IP/MASK , IP Range, Port(Service), SIP, RTP/RTSP and WEB. Bandwidth Control / Total Bandwidth Control  Mode: Administratior can Enable or Disable the function. ...
  • Page 28 Radio 0(2.4G)/1(5G) Access Point Setup 4-2-3. Administrator can Enable or Disable radio 0/1 (2.4/5G) Wi-Fi. If radio 0/1 (2.4/5G) are enabled, administrators can set the SSID and security for the 2.4/5G access point. Access Point: Administrator can Enable or Disable the radio 0/1 (2.4G/5G). ...
  • Page 29 Open System:Data is not unencrypted during transmission when this option is selected.(  not recommended for use  : WEP Auth Method:Administrator can choose the WEP Open system open authentication  method or the WEP Shared password authentication method. WEP Length:Administrator can choose to use 64bits, 128bits, and 152bits encryption key ...
  • Page 30 WPA / WPA2-Personal:  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method.  AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a ...
  • Page 31 WPA / WPA2-Enterprise:  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method.  AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a ...
  • Page 32 anti-spy, and anti-skimming password Management Frame Protection (MFP). If the AP enabled this mode, please ensure that both the AP and the client running in this mode need Management Frame Protection (MFP) support. The WPA3 is latest and most secure protocol currently available for Wi-Fi devices. It is applicable to all access devices that support Wi-Fi 6 (802.11ax).
  • Page 33 access point will allow connection in MAC address list. MAC Address: Set managed MAC address of the client.  MAC Address List: Display managed MAC address list.  Click “Save” button to save your changes. Then click Reboot button to activate your changes. 802.11r Fast Roaming Setup 4-2-5.
  • Page 34 Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the same  SSID) between which a STA can use Fast BSS Transition. This setting must be 2-octet of hex string codes. For example, enter 8c4d R0 Key Lifetime: Default lifetime of the PMK-RO in minutes, the default is 10000, administrator ...
  • Page 35 Address of AP2, and AP2 must key in the MAC Address of AP1. The NAS Identifier and 128-bit Key should be identical in both AP settings. This will enable device roaming between the two Access Points. MAC Address: Administrators must enter the MAC Address of another side AP. ...
  • Page 36 When enable web authentication function, please does make the Access Point can be connected to gateway. Please refer to VLAN Setup. If the gateway IP address is set error address then web login page can't display #:Display VLANs number.  VLAN Mode:Displays VLAN on/off status.
  • Page 37 Session Log:If network have Syslog server. Administrator can to systemmanagement setting  IP address for syslog server and enable the function. Account session log will copy to the Cerio Controller device ‘s syslog server. ( For this part of the “AP controller’s log server function, please refer to the detailed description of "Session Log"...
  • Page 38 Local User:Administrator can enable authentication for local user. Create user account can to  reference “ Local User” setup. After activating the local account, be sure to go to the "Local Account" function menu to create an authenticated user account.. RADIUS:Authentication support remote RADIUS Server.
  • Page 39 services (such as statistics traffic, etc.), you can set the accounting service port of the remote RADIUS server here. Authentication type:You can choose the authentication type of PAP or CHAP.  Secret Key::Enter the key to connect to the remote RADIUS server. ...
  • Page 40 Local User 4-3-2. Administrator can create local user account for web login. User Name: Administrator can create users account.  Password:Set account password.  OAuth 2.0 4-3-3. The OAuth2.0 function supports Facebook and Google by default. Users can add additional ...
  • Page 41 Step.2 Click Credentials to create OAuth client ID in the API manager page. Step.3 Select web application in the “Application Type” section and set “Restrictions” URL. V1.1 V1.0a...
  • Page 42 Step.4 Set Authorized JavaScript origins and Authorized redirect URLs (important) Administrator must set login URL in the device function. After complete set of login URL go to the “Restrictions” function in web page. Follow the steps below to set login URLs Setup login URL in the device.
  • Page 43 Google Authorized JavaScript origins URL is http://domain0.login.com (same as Login URL)  Google Authorized redirect URLs is http://domain0.login.com/login/callback.cgi  Step.5 After completing the “Restrictions” setup, click the create button. An OAuth Client page will pop-up with your “client ID” and “client secret”. Administrators must copy and paste their client ID and secret into the OAuth 2.0 Setup page in our software UI.
  • Page 44 steps below. Step.1 Please to Facebook developer’s page and add a New App Step.2 Select WWW function Step.3 Administrator must set www for your information. Step.4 Please click “Setting” and add Platform V1.1 V1.0a...
  • Page 45 Step.5 Select Platform for “Website” Step.6 Enter URL is http://domain0.login.com/login/callback.cgi Administrator must set login URL in the device function. After complete set of login URL go to the “Facebook Site URL” function in web page. Follow the steps below to set login URLs Setup login URL in the device.
  • Page 46 After complete set of login URL go to the “Facebook Site URL” function in web page. Copy and paste the login URL from the system display into the “ Site URL” page on the Facebook website. Step.7 Click Advanced function to enable the “Native or desktop app?” and “Is App Secret embedded in the client? “...
  • Page 47 POP3/IMAP Server 4-3-4. The purpose of this integrated function is to allow clients to link a POP3 server for receiving emails from a remote server. Service: Administrator can choose Enable or Disable the PoP3 authentication.  Display Name:Set the “Display Name” based on the appropriate POP3 user or client. ...
  • Page 48 Page Setup Template:Administrator can select Enable or disable.  Select enable to active default Login Page  Select disable to active HTML Source code window for customization  V1.1 V1.0a...
  • Page 49 Sample: See sample login page below that is customized by html coding (sample login page html code templates are available on Cerio website) The following function uses the enabled Template Multiple Language:Administrator can select enable or disable multiple language for login page.
  • Page 50 Language: Set description of language.  Default Language: Display default language.  Walled Garden 4-3-7. This function provides certain free services or advertisement web pages for users to access the websites listed before login and authentication. User without the network access right can still have a chance to experience the actual network service free of charge in Walled Garden URL list.
  • Page 51 Device Name: Enter Device or Users Name.  IP Address: Enter used IP Address of Device or Users PC.  MAC Address: Enter MAC Address of Device or Users PC.  Click “Save” button to save your changes. Then click Reboot button to activate your changes.. Bulk MAC Address 4-3-9.
  • Page 52 Profile 4-3-10. Administrator can backup current authentication configuration and login page for HTML Source code. But also can recover. Click “Save” button to save your changes. Then click Reboot button to activate your changes. RADIUS Server 4-4. Service:Administrator can select Enable or disable the function. ...
  • Page 53 User Name:Create users name for RADIUS account.  Password:Enter password for user name.  Export User File:Administrator can export account list in RADIUS Server.  Import From PC:Administrator can import account list to the RADIUS Server.  Wireless Configuration 4-6. Radio 0 (2.4G) Basic Setup 4-6-1.
  • Page 54 Auto Channel:Administrator can Enable or Disable the function. If disabled, the WiFi channel will  be fixed to the manually selected channel. Channel:There are different options for wireless operation modes in regions, which can be used  for Upper or Lower extension. Tx Power:Administrator can control the WiFi Tx output power.
  • Page 55  HP Physical Mode TX/RX Stream : The CenOS 5.0 AP support 2TX/2RX streams. Administrator can select 1 or 2 TX/RX.  The default is 2TX/2RX. Channel Bandwidth:The "20/40” MHz option is usually best. The other option is available for ...
  • Page 56 Aggregation Frames: Set frames size of Aggregation.  Aggregation Size: Set aggregation size  Radio 1 (5G) Basic Setup 4-6-2.  General Setup MAC Address: Display 5G WiFi MAC address.  Country: Administrator can select country: US or EU or Taiwan. ...
  • Page 57 entered. The system will automatically calculate the ideal reference value for the Slot Time and ACK Timeout. The input distance is calculated in units (meters). ACK timeout:When waiting for the "ACKnowledgment frame" interval is too long to be received,  the ACK will be retransmitted.
  • Page 58 also increase error rate in some installations, due to increased sensitivity to radio-frequency reflections. Select the option that works best for your installation. Aggregation: By default, it's “Enabled”. Select “Disable” to deactivate Aggregation.  A part of the 802.11n standard (or draft-standard), it allows sending multiple frames per single access to the medium by combining frames together into one larger frame.
  • Page 59 SSID, channel, encryption keys, signal strength, time stamp, support data rate. All the radio stations received beacon recognizes the existence of such AP, and may proceed next actions if the information from AP matches the requirement. Beacon is sent on a periodic basis, the time interval can be adjusted.
  • Page 60 frames. Short Preamble: By default, this function is “Enabled”. Disabling will automatically use the Long  128-bit Preamble Synchronization field. The preamble is used to signal "here is a train of data coming" to the receiver. The short preamble provides 72-bit Synchronization field to improve WLAN transmission efficiency with less overhead.
  • Page 61 AC Type:  Data Transmitted Queue Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data is sent to this queue.
  • Page 62 AIFS:The Arbitration Inter-Frame Spacing Number specifies a wait time (in milliseconds) for data  frames TxOP Limit: Transmission Opportunity is an interval of time when a WME AP has the right to  initiate transmissions onto the wireless medium (WM). This value specifies (in milliseconds) the Transmission Opportunity (TXOP) for AP;...
  • Page 63 When the WDS function is enabled, it can be set to use Radio 0 (2.4G) for WDS or Radio 1 (5G) for WDS, etc., and a maximum of 16 groups can be set up to bridge to 2.4G + 5G. In WDS The function supports VLAN tag transmission.
  • Page 64 WDS Setup: Administrator can select Enable or Disable.  Radio ESSID: For connected Radio, please enter the same SSID name for each radio.  Security Type: Enable or Disable AES encryption function.  PassPhrase: AES encryption custom key can input 0 ~ 9 numbers or A ~ Z uppercase and ...
  • Page 65 WDS Status 4-6-6. Displays 2.4G and 5G radio WDS link status through MAC and Date (TX/RX) Please click on Wireless -> WDS status MAC Address:Display connected MAC Address.  Rate(TX/RX):Display Tx/Rx rate of the point to point.  RSSI: Display signal connection value of RSSI. ...
  • Page 66 Client Bridge Mode If the administrator needs to switch to Client Bridge mode, Please click "System"-> " Mode Setup " to change Client Bridge mode. Change Setup Mode 5-1. This section provides detailed explanation for users to configure in the Client Bridge Mode and Repeater AP function with help of illustrations.
  • Page 67 That when using a dynamic IP, the system will automatically obtain the IP address sent by DHCP, and the obtained IP address will be obtained after the operation is confirmed by the upper DHCP server. Obtaining the IP address is not fixed. For system management, the upper DHCP server must query the IP address obtained by the current system.
  • Page 68 Click “Save” button to save your set function. Then click “Reboot” button to activate your changes. Configure DHCP Setup 5-3. The DHCP Service function in the Client Bridge device can select a separate IP Address range within the same network segment of the source AP, and allocate those IP Addresses to connecting clients. Start IP / End IP: Specify the range of IP addresses to be used by the DHCP server when ...
  • Page 69 Netmask: The netmask default is 255.255.255.0.  Gateway: Enter source gateway IP address.  DNS1: Enter IP address of the first DNS server; this field is required.  DNS2: Enter IP address of the second DNS server; this is optional ...
  • Page 70 Static Lease IP List: Display users list of static IP address. Click “Save” button to save your set function. Then click “Reboot” button to activate your changes. Wireless General Setup 5-4. Radio 0 (2.4G) Basic Setup 5-4-1.  General Setup MAC Address:Display 2.4G WiFi MAC address.
  • Page 71 Channel:There are different options for wireless operation modes in regions, which can be used  for Upper or Lower extension. Tx Power:Administrator can control the WiFi Tx output power. The power Max. Level 9.  Slot Timout : You can enter the slot time value here. When the distance is long or short, the ...
  • Page 72 Extension Channel:Sets channel select to Upper or Lower. The Upper supports 1 to 7 range CH  and Lower supports 5 to 11 range CH. MIN MCS: MCS compilation is a representation proposed by 802.11ax on the communication rate  of WLAN.The MCS coding value will affect the main factor of the communication rate and corresponds to the channel bandwidth.
  • Page 73 Country: Administrator can select country: US or EU or Taiwan.  Band Mode: Administrator can select 5G Band for 802.11a、802.11a/n、802.11n、802.11ac. or  802.11ax, The default is 802.11ax Auto Channel: Administrator can Enable or Disable the function. If select disabled function the ...
  • Page 74 Min MCS value. Shout GI: Short Guard Interval is “Enabled” by default to increase throughput. However, it can  also increase error rate in some installations, due to increased sensitivity to radio-frequency reflections. Select the option that works best for your installation. Aggregation: By default, it's “Enabled”.
  • Page 75 time interval can be adjusted. By increasing the beacon interval, you can reduce the number of beacons and associated overhead,  but that will likely delay the association and roaming process because stations scanning for available access points may miss the beacons. You can decrease the beacon interval, which increases the rate of beacons.
  • Page 76 routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams. Multicasts may be filtered from the links which do not need them and thus controls which ports receive specific multicast traffic. Greenfield: In wireless WLAN technology, greenfield mode is a feature of major components of the ...
  • Page 77 AC Type:  Data Transmitted Queue Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data is sent to this queue.
  • Page 78 doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. Once the Maximum Contention Window size is reached, retries will continue until a maximum number of retries allowed is reached. Valid values for the "cwmax" are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1024.
  • Page 79 MAC Address List: The function can discovery AP Station and select want to link the AP station,  please click site survey button.  If want to discovery 2.4G station then administrator need to enable station mode in Radio 0 (2.4G) function page (reference manual 5.4.1 “Radio 0 Basic Setup”).
  • Page 80 Station Porfile Setup 5-4-6. You can create setting multiple configuration files for your working Client Bridge AP connection settings and choose whether to enable single or multiple transactions at the same time. It will automatically connect wirelessly to the bridging base stations (stations) when you move with sufficient RSSI quality.
  • Page 81 Repeater AP Setup 5-4-7. Administrators can configure ESSID, SSID broadcasting, Maximum number of client associations. Access Point: Administrator can Enable or Disable the Repeater AP function.  ESSID: Enter the Repeater AP of ESSID name.  SSID Visibility: The default it’s Enable. When select Disable the SSID will not is discovered. ...
  • Page 82 Open System:Data is not unencrypted during transmission when this option is selected.(  not recommended for use  : WEP Auth Method:Administrator can choose the WEP Open system open authentication  method or the WEP Shared password authentication method. WEP Length:Administrator can choose to use 64bits, 128bits, and 152bits encryption key ...
  • Page 83 WPA / WPA2-Personal:  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method.  AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a ...
  • Page 84 WPA / WPA2-Enterprise:  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method.  AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a ...
  • Page 85 mode need Management Frame Protection (MFP) support. Click “Save” button to save your set function. Then click “Reboot” button to activate your changes. MAC Filter Setup 5-4-8. Administrator can setup allow or reject WiFi clients(MAC address) to access Repeater AP. Rule: Select the desired access control type from the drop-down list;...
  • Page 86 802.11r Fast Roaming 5-4-9. 802.11r/802.11k function for 2.4G and 5G radio. 802.11r, which is the IEEE The system support standard for fast roaming, introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP. Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the same SSID) ...
  • Page 87 R0 Key Address: To enable roaming between multiple AP devices, AP1 must key in the MAC Address of AP2, and AP2 must key in the MAC Address of AP1. The NAS Identifier and 128-bit Key should be identical in both AP settings. This will enable device roaming between the two Access Points.
  • Page 88 Click “Save” button to save your set function. Then click “Reboot” button to activate your changes WISP Mode WISP Mode is a router function, if the Telecom company permits wireless connection to their WAN, administrators can change the CenOS 5.0 AP to WISP Mode to connect to the wifi network. The WISP Mode support PPPoE / Static IP / Dynamic IP and PPTP for WAN, and support Repeater AP function.
  • Page 89 Static IP: Users can manually setup the WAN IP address with a static IP provided by WISP.  IP Address: The IP address of the WAN port.  IP Netmask: The Subnet mask of the WAN port.  IP Gateway: The default gateway of the WAN port. ...
  • Page 90 PPPoE : To create wireless PPPoE WAN connection to a PPPoE server in network.  User Name : Enter User Name for PPPoE connection  Password : Enter Password for PPPoE connection  MTU: By default, MTU is set to 1492 bytes. MTU stands for Maximum Transmission Unit. ...
  • Page 91 WAN IP: The IP address of the WAN port.  Netmask: The Subnet mask of the WAN port.  MTU: By default, it’s 1460 bytes. MTU stands for Maximum Transmission Unit. Consult with  WISP for a correct MTU setting. MPPE40/128: Microsoft Point-to-Point Encryption (MPPE) encrypts data in Point-to-Point ...
  • Page 92 Primary DNS: The IP address of the primary DNS server.  Secondary DNS: The IP address of the secondary DNS server.  Click “Save” button to save your set function. Then click “Reboot” button to activate your changes. Configure LAN Setup 6-3.
  • Page 93 Configure DHCP Setup 6-4. The DHCP Service function in the WISP device can select a separate IP Address range within the same network segment of the source AP, and allocate those IP Addresses to connecting clients. DHCP Setup Start IP / End IP: Specify the range of IP addresses to be used by the DHCP server when ...
  • Page 94 conflicts, but might cause more interruptions to the client while it will acquire new IP addresses from the DHCP server. Default is 86400 seconds DHCP Clients List: When users link to CenOS 5.0 AP and use IP address of the DHCP service, the DHCP Client List will display users the information and used IP address.
  • Page 95 Wireless General Setup 6-5. Radio 0 (2.4G) Basic Setup 6-5-1.  General Setup Address:Display 2.4G WiFi MAC address.  Country:Administrator can select country: US or EU or Taiwan.  Band Mode:Administrator can select 2.4G Band for 802.11b、802.11b/g、802.11b/g/n、  802.11n. or 802.11ax, The default is 802.11ax Auto Channel:Administrator can Enable or Disable the function.
  • Page 96 timeout:When waiting for the "ACKnowledgment frame" interval is too long to be received,  the ACK will be retransmitted. A higher ACK Timeout will reduce packet loss, but the transmission efficiency will be poor. Setting ACK Timeout can strengthen the long-distance connection. Changing the value can optimize the setting.
  • Page 97 MCS value. Short GI : Short Guard Interval is “Enabled” by default to increase throughput. However, it can also  increase error rate in some installations, due to increased sensitivity to radio-frequency reflections. Select the option that works best for your installation. Aggregation: By default, it's “Enabled”.
  • Page 98 Auto Channel: Administrator can Enable or Disable the function. If select disabled function the  WiFi channel can be manually fixed. Channel:There are different options for wireless operation modes in regions.  Tx Power: Administrator can control the WiFi Tx output power. The power Max. Level 9. ...
  • Page 99 Aggregation: By default, it's “Enabled”. Select “Disable” to deactivate Aggregation.  A part of the 802.11n standard (or draft-standard), it allows sending multiple frames per single  access to the medium by combining frames together into one larger frame. It creates the larger frame by combining smaller frames with the same physical source and destination end points and traffic class (i.e.
  • Page 100 access points may miss the beacons. You can decrease the beacon interval, which increases the rate of beacons. This will make the association and roaming process very responsive; however, the network will incur additional overhead and throughput will go down. DTIM Interval: The DTIM interval is in the range of 1~255.
  • Page 101 Greenfield: In wireless WLAN technology, greenfield mode is a feature of major components of the  802.11n specification. The greenfield mode feature is designed to improve efficiency by eliminating support for 802.11b/g devices in an all draft-n network. In greenfield mode the network can be set to ignore all earlier standards.
  • Page 102 AC Type:  Data Transmitted Queue Priority Description AP to Clients AC_BK Background High throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example). AC_BE Best Effort Medium Medium throughput and delay. Most traditional IP data is sent to this queue.
  • Page 103 Window is the upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. Once the Maximum Contention Window size is reached, retries will continue until a maximum number of retries allowed is reached.
  • Page 104 Station Setup 6-5-5. The functions setting functions include WISP link to AP station. Administrator can used “site survey” function to Search for AP stations. MAC Address List: The function can discovery AP Station and select want to link the AP station, ...
  • Page 105 Station Porfile Setup 6-5-6. You can create setting multiple configuration files for your working WISP AP connection settings and choose whether to enable single or multiple transactions at the same time. It will automatically connect wirelessly to the bridging base stations (stations) when you move with sufficient RSSI quality.
  • Page 106 Repeater AP Setup 6-5-7. Administrators can configure ESSID, SSID broadcasting, Maximum number of client associations. Access Point: Administrator can Enable or Disable the Repeater AP function.  ESSID: Enter the Repeater AP of ESSID name.  SSID Visibility: The default it’s Enable. When select Disable the SSID will not is discovered. ...
  • Page 107 Open System:Data is not unencrypted during transmission when this option is selected.(  not recommended for use  : WEP Auth Method:Administrator can choose the WEP Open system open authentication  method or the WEP Shared password authentication method. WEP Length:Administrator can choose to use 64bits, 128bits, and 152bits encryption key ...
  • Page 108 WPA / WPA2-Personal:  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method.  AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a ...
  • Page 109 WPA / WPA2-Enterprise:  WPA Mode: Administrator can select security for Auto or only WPA or only WPA2.  Cipher Type: Administrator can select use AES or TKIP with WPA / WPA2 encryption method.  AES is short for “Advanced Encryption Standard”, The AES cipher is specified as a ...
  • Page 110 WPA3 :  The 802.11ax peer-to-peer entity authentication mode is different from the Pre-Shared Key . SAE Password:When the administrator sets this virtual wireless network SSID to use WPA3  calculation, the SAE connection password must be at least 8 characters. SAE PWE:Optionally enable the SAE PWE (Password Element) function, before exchanging ...
  • Page 111 Only Deny List MAC: Define certain wireless clients in the list which will have denied access to  the Access Point while the access will be granted for all the remaining clients - Action Type is set to “Only Deny List MAC”. MAC Address: Enter MAC Address for WiFi Clients.
  • Page 112 Mobility Domain: MDID is used to indicate a group of APs (within an ESS, i.e., sharing the same SSID)  between which a STA can use Fast BSS Transition. Please enter 2-octet identifier as a hex string. R0 Key Lifetime: Default lifetime of the PMK-RO in minutes, the default is 10000, administrator can ...
  • Page 113 NAS Identifier: Enter 1~48 octets of network domain name.  Shared Key of 128 bit. 128-bit Key: Enter  R0 Key Holder List: After setting "R0 Key holders" function the information will appear in list. R1 Key Holder List: Enter a unified set of R1 Key Holder identification certification. MAC Address: Enter the main roaming device MAC address ...
  • Page 114 Advanced Setup 6-6. Administrator can set basic routing security functions, including DMZ / IP and MAC filtering / virtual servers and access control management (basic firewall rules) in Advance memu. 6-6-1. DMZ is commonly work with the NAT functionality as an alternative of Virtual Server(Port Forwarding) while wanting all ports of DMZ host visible to Internet users.
  • Page 115 IP Filter 6-6-2. Can allow or deny filter ingress or egress packets from specific source and/or to destination IP address on wired (LAN) or Wireless (WAN) ports. Filter rules could be used to filter unicast or multicast packets on different protocols as shown in the IP Filter Setup. Important to note that IP filter rules has precedence over Virtual server rules.
  • Page 116 Active: Administrator can select Enable or Disable the service.  Comment: Enter the description of IP filter rule.  Policy: Administrator can select the IP flow rule of Deny or Pass.  In/ Out: Administrator can select the IP flow rule of In/out bound. ...
  • Page 117 Click “Save” button to add IP filter rule. Total of 20 rules maximum allowed in the IP Filter List. All  rules can be edited or removed from the List. Click Reboot button to activate your changes. MAC Filter 6-6-3. Allows creating MAC filter rules to allow or deny unicast or multicast packets from limited number of MAC addresses.
  • Page 118 Virtual Server 6-6-4. The “Virtual Server” can also referred to as “Port Forward” as well and used interchangeably. Resources in the network can be exposed to the Internet users in a controlled manner including on-line gaming, video conferencing or others via Virtual Server setup. Don’t repeat ports’ usage to avoid confusion. Suppose you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), and port 80 to another (B in the example).
  • Page 119 Access Control 6-6-5. The Access Control function administrator can to block or allow specific kinds of TCP/UDP/ICMP protocol, such as Internet access, designated services, and websites. The Access Control function can set 20 profiles. Please click on Advance -> Access Control and follow the below setting. #:Display access control list.
  • Page 120 ANY: Select "Any" is all deny Protocol, administrator can filter local IP / IP range go to  destination IP / IP range and use protocol. TCP: Deny TCP Protocol, Administrator can set TCP protocol and assign IP / IP range. ...
  • Page 121 CAP Mode Change Setup Mode 7-1. If the administrator needs to switch to CAP mode, Please click "System"-> " Mode Setup " to change CAP mode. Click “Save” button to save your changes. And click “Reboot” button to activate your changes Please note that the LAN IP addresses in each mode are different from each other and will not continue.
  • Page 122 is displayed, it means that the current main wired connection is the virtual network as the main login system. IP Address:Display IP address for the VLAN mode.  NetMask:Display netmask for the VLAN mode.  Action:Administrator can set VLAN IP、Radio 2.4 or 5G on/off、Spanning tree、IAPP and VLAN tag ...
  • Page 123 ETH1 VLAN Tag Setup: Administrator can set Tag ID for the Ethernet port.  ETH2 VLAN Tag Setup:Administrator select Enable/disable the Ethernet port and set the Tag ID for  the Ethernet port. Click “Save” button to save your set function. Then click “Reboot” button to activate your changes. AP Control 7-3.
  • Page 124 Filter Device: VLAN#:Administrator can select VLAN network to discovery managed Aps  Default Password:Set login system password by managed Aps.  Sort:Administrator can select discovery managed Aps Type. (IP or MAC)  Scan Result #: Display managed APs items  Device:Administrator can select all or single for managed Aps.
  • Page 125 VLAN:When VLAN Tag function is enabled (please refer to 4.2 for System VLAN Setup),  administrator can change VLAN tag for managed APs Group:When AP Groups are created (please refer to 7.3.4 Group setup), Administrators can  select and change group settings of managed APs. Batch Setup:Administrator can centralize setting changes for managed APs.
  • Page 126 AP Setup 7-3-3. Administrator can monitor statuses and modify managed APs information. VLAN:Select desired VLAN for AP setup  Setup:Administrator can modify IP addresses, system login passwords, and web login port  for managed APs. If administrator has change AP devices, administrator can modify MAC address of the new managed AP.
  • Page 127 network Create New Map:Click the button to create map  Map Name:Enter map name.  Image URL:Paste Map image url  Description:Enter the description for the map.  Image-View Button:Once the Map is created and properly in the Map List, administrators can ...
  • Page 128 After the Map URL setup confirmation, please reboot the system. View:Once complete, administrators can click the “View” button to monitor AP statuses and locations.。 Authentication Profile (Profile) 7-3-6. Administrator can pre-set authentication conditions in the profile, the authentication set can refer “Authentication”.
  • Page 129 Status 7-3-7. Administrator can monitor Tx/Rx flow information, show online users and check system CPU / Memory information and on/off line for the managed APs. The information data display support graphical interface. Utility Profile Setting 8-1. This Functions purpose is to backup current configuration, restore prior configuration or reset back to factory default configurations.
  • Page 130 System Upgrade 8-2. Firmware is the main software image that system needs to respond to requests and to manage real time operations. Firmware upgrades are sometimes required to include new features or bugs fix. It takes around 2 minutes to upgrade due to complexity of firmware. To upgrade system firmware, click Browse button to locate the new firmware, and then click Upgrade button to upgrade.
  • Page 131 We strongly recommend that you perform the firmware update by following these steps: 1.Please use a RJ-45 network cable to connect the computer and the wireless base AP mode to perform the update operation. Do not use a wireless connection for firmware update operations.
  • Page 132 Traceroute:Allows tracing the hops from the CenOS 5.0 AP device to a selected outgoing IP  address. It should be used for the finding the route taken by ICMP packets across the network to the destination host. The test is started using the Start button, click Stop button to stopped test. Destination Host: Specifies the Destination Host for the finding the route taken by ICMP ...
  • Page 133 Status The status mainly displays system related information, including system network information, wireless base station information, and wireless user connection information. Overview 9-1. Overview:It mainly displays the current mode, name, time, firmware version, network card  address and related network settings. Information:Shows the performance / memory usage of the total CPU space used by the ...
  • Page 134 Radio 0/Radio 1:Displays the basic operating mode information of the current Radio 0  (2.4GHz) / Radio 1 (5GHz) wireless AP. Wireless Client 9-2. The page can be display Wireless user information link to access point. Administrator can monitor ※ In addition to CAP mode) MAC address / rate and RSSI for the wireless users.
  • Page 135 Online Users 9-3. The status can display online users by Captive Portal. Administrator can monitor user’s login / logout time and account type for the authentication account. (This page only used AP mode) This function works in the wireless AP mode. When the web authentication function is activated, the current connection status and related information of online users who have passed the authentication will be displayed.
  • Page 136 System Log 9-5. Time:The date and time when the event occurred.  Facility:It helps users to identify source of events such “System” or “User”  Severity:Severity level that a specific event is associated such as “info”, “error”, “warning”, etc.  Message:Description of the event.
  • Page 137 AP + WDS application. If the wireless AP is not required to use the WDS function purely, you can refer to the manual 4.2 "VLAN Setup" instructions, turn off the wireless AP, as shown below. Apply CERIO web authentication login page sample 10-2.
  • Page 138 Step 3 : Please go to the pull-down function button of the authentication function, and enter the “User Name” and “password” , See as follows. * If want to use the system preset page, please refer to step * If want to apply our template, please refer to below for step 5, * If want to edit the webpage by yourself, please refer to step...
  • Page 139 Step 6 : Go to the company's Cerio website to download the sample file first. And open your download sample, select all the HTML syntax and copy it, then paste it on the custom edit page of the system and save it.
  • Page 140 Login page for template below : V1.1 V1.0a...
  • Page 141 This part must be within 190 lines. If the written HTML / CSS and other source code exceeds a certain line, it is recommended to save the CSS source code to the remote Web server, and then enter the IP address of the remote web server.
  • Page 142 Add <style> .form-signin-heading {display: none;} </ style> in the head to hide the description “Please Sign in” as shown in the figure below, and find the Please Sign in word disappeared, and so on. V1.1 V1.0a...
  • Page 143 Appendix A. WEB GUI Valid Characters Table A WEB GUI Valid Characters Block Field Valid Characters IP Address IP Format; 1-254 IP Netmask 128.0.0.0 ~ 255.255.255.252 IP Gateway IP Format; 1-254 Primary DNS IP Format; 1-254 Secondary DNS IP Format; 1-254 Hostname Length : 32 0-9, A-Z, a-z...
  • Page 144 Table B WEB GUI Valid Characters (continued) Block Field Valid Characters Management System Name/ Location Length : 32 0-9, A-Z, a-z Space ~ ! @ # $ % ^ * ( ) _ + - { } | : < > ? [ ] / ; ` , . = Description 32 chars Password...
  • Page 145 Table B WEB GUI Valid Characters (continued) Block Field Valid Characters Virtual AP Setup ESSID Length : 31 Space 0-9, A-Z, a-z ~ ! @ # $ % ^ * ( ) _ + - { } | : < > ? [ ] / ; ` , . = Maximum Clients 1 ~ 32 VLAN ID...