DR-3000

CenOS5.0 Access Controller with VPN Gateway

CERIO’s DR-3000 CenOS5.0 System Access Controller with VPN Gateway is designed for applications in which a compact, cost-effective ” all-in-one” networking solution is required. CERIO DR-3000 included Hot spot authentication and policy forced firewall, intelligent 4 Gigabit Ethernet Port for Load balance, Wireless LAN controller, IP Gateway in a desktop-mount enclosure. This device centralized configuration and management model enables the controllers to be deployed, monitored, and controlled without local IT staff.  The DR-3000 is a full-featured Wireless LAN Giga Ethernet security controller that aggregates up to 60/128 access points (APs), built-in 5000 local accounts /5000 on-demand accounts and delivers centralized control and security for wireless deployments.

Introduction

CERIO’s DR-3000 can serve up to 500 simultaneous users, applies to public access networks such as network management guest access, hospitality deployments – which require reliability, efficiency, and security. It supports Hotspot Router / Firewall/ HA / VPN/ Multi-WAN / Captive portal /QoS enforcement and Built-in AAA Radius server, AAA RADIUS Server combines WiFi-Hotspot authentication contain single ticket / Pre-generated ticket / RADIUS account and remote LDAP(AD) Server authentication, simply match CERIO’s CenOS 5.0 AP and enable RADIUS authentication.

Wireless and Wired Access Controller System

Multiple Authentication Methods and Accounting

CERIO’s DR-3000 Wireless Gateway Built-in AAA Radius Base Controller Combined with CERIO’s CenOS 5.0 Captive Portal Authentication Solution provides a perfect high-performance environment for wired/or wireless authentication, authorization, and accounting networks.

 

 

Hotspot technology allows Internet providers to offer Internet access to customers, while applying certain Internet use rules and limitation. It is convenient for Internet cafes, hotels, airports, schools and universities. The Internet provider gets complete tracking records of per customer time spent on the network, data amount sent/ received, real-time accounting and more.

To begin browsing, a client must go through a registration process with the provider, then enter a Passcode of access ticket in a browser Login window that appears on the attempt to open a webpage. Hotspot technology proposes providers to establish and administrate a user database, which can be useful for enterprise such as airports, hotels or universities that offer wireless or Ethernet Internet connectivity to employees, students, guests or other groups of users.

Strong hardware VPN engine

CERIO’s DR-3000 Multifunction VPN Router is an easy-to-use, flexible, high-performance device well suited for small businesses. Now with web filtering, the new DR-3000 delivers highly secure, broadband, wired connectivity to small offices and remote employees. It can also be used either as a standalone router for flexible deployments, offering investment protection as your business needs evolve.

Centralized Access Points Management

Through DR-3000, all CERIO’s Managed Access Points are managed through a unified Web interface. Make sure all Managed Access Points are under good conditions. It is a simple task to keep the firmware of Managed Access Points up to date. The device management is especially important for a wide area deployment.

Zero Configuration for Users

DR-3000 makes Internet access very easy and user-friendly. Users will be redirected to the provider’s welcome page automatically regardless of their PC configuration. The IP Plug and Play feature will accept and translate fixed company IP settings and web proxy configurations, so that users do not have to reset their corporate IP or web settings. Outgoing user e-mails can be redirected to the operator’s mail server in order to facilitate to e-mail forwarding for foreign subscribers. The recipient sees the messages as it was sent from the users’ home provider.

Quota

As broadband usage proliferates coupled with the alarming rise of file sharing trend, in certain cases, it is important to assign quota for user bandwidth consumption, particularly in the education institutions, hot spots, or in a community with shared Internet access provider subsystem.

DR-3000 supports two different quota mechanisms: prepaid and periodical, in order to meet different real-life business needs. The quota system can also be integrated with external accounting and billing systems.

Multi-WAN Support Outbound Load-Balancing

With real-time load balancing and Optimum Route algorithm, DR-3000 intelligent router engine directs each session or connection to the best available link. It also supports policy-based routing, persistent routing, and traffic scheduling to effectively adapt your business policy into your network policy.

Bandwidth Management

By filtering out unexpected traffic, DR-3000 optimizes bandwidth utilization and ensures the best transmission quality for the transfer of mission-critical data.

Protocols Traffic Management

DR-3000 is capable of analyzing and managing many layer-7 protocols such as VoIP protocols (H.323 and SIP), Video Conferencing, ERP, and various IM protocols. With such layer-7 filtering (or scan) capability, DR-3000 empowers business communications and improves efficiency by providing network quality of service management.

Firewall Policy

Both the NAT mode and DMZ mode are supported that they can maintain the existing network infrastructure without reconfiguring. The DR-3000 provides policy-based firewall protection and Anti-blocking hacker DoS attack to network device to enhance the security of local network easily.

Policy-Based Access Control List

Firewall access policies are user definable and can be based on source or destination, type of service, and IP address. It is also implemented in conjunction with traffic scheduling policy. DR-3000 supports specific Layer-7 protocols such as P2P, IM, and H.323 for better network management. The DR-3000 provides Content Blocking feature to block specific URL, Scrip, IM, P2P and download file.

 

Support 3 Modes Application

1.Control Mode

 

2.Router Mode

3.Captive Portal

 

Hardware Overview

 
Software Specifications
Access Controller Max : 60/128 Access Points per Controller
Max : 500 wireless client per Controller
Provide Local Account : 5000
Centralized AP Management / Control AP Group management –maintain a set of setting templates that simplify the task to assign the same setting to multiple APs
AP-Automatic configuration and provisioning by DR-3000
Locally maintained configuration profiles for managed APs
Auto discovery for managed APs
Central firmware Upgrade-Select multiple APs and upgrade their firmware at the same
time , including bulk upgrade
Remote Firmware upgrade
Provides MAC address Control list of client stations for each managed APs
Provide centralized remote management via HTTP/SNMP interface
Support MIB’s : 802.11, 802.1X, MIBII, RADIUS authentication, RADIUS Accounting
SYSLOG support including remote servers
Log-system log : operator action log
AP Monitoring Monitor AP Status
The number of associated clients to the AP
Associated Station List
Monitoring IP List
Load  balancing based on number of users
AP User Statistic –Maintain all wireless clients connection history and depict statics in   diagrams
System alarms and status reports on managed APs
TP Topology Monitor-list monitored device ; periodic update on device status
Radio Management Automatic Channel Assignment and power setting for controlled APs
Simultaneous air monitoring and end user service
Self-healing coverage based on dynamic RF condition
Dense deployment options for capacity optimizations
Multiple BSSID per Radio : 8
Hot Standby at AP mode (support fail-over a standby AP)
Load Balance to another available AP (Real time users limitation )
Coverage interference detection
Bandwidth Managermant IEEE802.11p Class of Service/Quality of Service (CoS /QoS)
IEEE802.11e Wi-Fi Multimedia (WMM)
Differv Codpoint (DSCP)
Traffic Analysis and Statistics
Diff/TOS
IEEE 802.1Q Tag VLAN priority control
IGMP Snooping for efficient multicast delivery
Upload and Download Traffic Management
Wireless Security / Encryption WPA / WPA2 personal and enterprise
WEP40/64 and 104/128-bit
TKIP: RC4-40 and AES(CCMP): 128bit (FIP-197)
SSL and TLS: RC4 128-bit and RSA1024 and 2048 bit
EAP-TLS , EAP-TTL/MSCHAPv2
IEEE802.1X network login user authentication (EAP-MD5/TLS/TTLs ) and
RADIUS server authentication (RFC2618)
Authentication Authentication: single sign-on (SSO) client with authentication integrated into the local
authentication environment through local/domain, LDAP(AD), PoP3,  RADIUS, 802.1x and Guest
Authentication Type
IEEE802.1X(EAP,LEAP,EAP-TLS,EAP-TTLS,EAP-GTC,EAP-MD5)
RFC2865 RADIUS Authentication
RFC3579 RADIUS Support for EAP
RFC3748 Extensible Authentication Protocol
MAC Adress authentication
Web-based captive portal authentication
Authorization Authorization : access control to network resource such as protected network with
intranet, internet, bandwidth, VPN, and full stateful packet
Hotspot functions Provides billing plans for pre-setting / on-demand accounts
Enables session expiration control for On-demand accounts by time(Hours) and data volume (MB)
Detailed per-user traffic history based on time and data volume for both local and on-demand accounts
Support local on-demand and external RADIUS server
Contain 10 configurable billing plans for on-demand accounts
Provide session expiration control for on-demand accounts
Support automatic email network traffic history
Load Balancing Outbound Fault Tolerance and loadbalance for WAN port
Multiple Domain Support
By Traffic
Firewall Built-in DoS attack protection
Inspection Full statefull packet filter
Access Control List
Layer 7 Protocol Blocking
Multiple Domain Support
Support MAC Filter
Support IP Filter
Active Firewall Session 60000
Network Support static IP , Dynamic IP(DHCP Client ) , PPPoE and PPTP on WAN connection
DHCP Server Per Interface; Multiple DHCP Networks
802.3 Bridging
Support NAT
IP/Port destination redirection
DMZ server mapping
Virtual server mapping
H.323 pass-through
Support Static Routing
Support Walled garden (free surfing zone)
Binding VLAN with Ethernet and Wireless interface
Support MAC-address and IP –address pass through
Support IP Plug and Play ( IP PnP )
System Management Support HA backup function
Provide customizable login and logout portal page
CLI access (Remote Management ) via Telnet and SSH
Remote firmware upgrade (via Web)
Utilities to backup and restore the system configuration directly to USB Flash memory
Full Statistics and Status Reporting
Real time traffic monitor
Ping Watchdog
SNMP v1,v2c ,v3
SNMP Traps to a list of IP Address
Support MIB-II
NTP Time Synchronization
Administrative Access : HTTP / HTTPS
Load Balancing Even Syslog
Status monitoring of on-line users
IP-based monitoring of network devices
Interface connection status
Support Syslog for diagnosing and troubleshooting
User traffic history logging
User’s session log can be sent to ftp or Syslog server
Remote Syslog reporting to external server
DR-3000 Hardware Specifications
Standards & Hardware Specifications
CPU Clock Speed Dual Core 880MHz CPU
Console Port 1 RJ45
USB 3.0 Port 1 USB3.0 
Reset Switch Built-in Push-button momentary contact switch   
Ethernet Configuration 10/100/1000 BASE-TX auto-negotiation Gigabit Ethernet port x 4 (RJ-45 connector)
Built-in LED Indicators 1* Power 
1* Status
1* USB Storage
Environmental & Mechanical Characteristics
Operating Temperature 0 °C ~ 50 °C
Storage Temperature -20 °C ~ 75°C
Operating Humidity 10% – 80% Non-Condensing
Storage Humidity 5% – 90% Non-Condensing
Power Supply 110 – 220V AC Power; 12 VDC input. 
Dimensions ( W x H x D ) 265mm x 178mm x 44mm
Unit Weight 1.03kg
Form Factor Desktop, Metal Case
Production Location TW Only
Certifications CE , FCC , RoHs compatible
Package Contents
DR-3000 Main Unit  x1
Power Adapter  x1
CD Manual   x1
Warranty Card  x1
Download Center