DR-4000-CA
Multi WAN Gigabit AP Controller with Gateway Router
CERIO DR-4000-CA is a high-efficiency, Multi-function Multi WAN Gigabit AP management controller gateway. It is a professional AP management controller specifically designed for centralized management of APs using the CERIO CenOS5.0 software core, capable of managing up to 128 APs. This controller can scan all CERIO APs in the network environment and add them to the database for management. Its main functions include monitoring the connection status and traffic usage of the APs, remotely updating AP firmware, and providing detailed usage statistics and reporting features. This greatly simplifies the management and maintenance of wireless networks, improving network stability, security, and performance.
In addition to the above functions, the DR-4000-CA is also a Multi WAN Gigabit VPN router gateway. The features including network security, SPI(Stateful Packet Inspection)firewall protection, policy auditing (such as content filtering, VPN tunnel and MAC/IP filtering), captive portal login authentication and RADIUS authentication capabilities. Moreover, it supports multiple WAN ports, allowing users to perform load balancing or failover for enhanced network efficiency. It is designed specifically for organizations with multifunctional, high-efficiency, and comprehensive networking needs. Whether the company’s network architecture involves on-premises servers or outsourced cloud-based servers, the CERIO DR-400-CA is an ideal VPN security gateway device solution for small to medium-sized enterprises seeking robust networking capabilities.
The CERIO Multi WAN Gigabit AP Management Controller Gateway is highly suitable for deployment in environments that require high reliability, efficiency, security, and throughput, such as corporate offices, government agencies, and public venues. It features IP gateway routing functionality, authentication gateway, high availability (HA) redundancy, VPN functionality, multiple WAN ports, QoS bandwidth management, an integrated functional Radius server for authentication and firewall capabilities. Hotspot technology allows Internet providers to offer Internet access to customers, while applying certain Internet use rules and limitation. Whether for offices, hotels, airports, schools, or other commercial establishments, it allows real-time monitoring of each user’s online activity, including usage time, data sent/received, real-time accounting and more enabling administrators to conduct audits efficiently.
AP Management Controller Features
Multi WAN: Supports multiple WAN connections and provides load balancing and failover functions to ensure high availability and stability of the network.
High-Efficiency Transmission Rate: Provides Gigabit 10/100/1000Mbps Ethernet connections, ensuring high-speed data transmission and network performance.
AP Management: Centralizes management and control of APs, supporting management of up to 128 APs, simplifying network administration.
Real-time Monitoring: Capable of real-time monitoring of AP status and performance, offering remote configuration and firmware update capabilities.
Load Balancing: Automatically distributes traffic across different WAN connections, optimizing network resource usage and preventing single-port overload.
Security Features: Offers various security functions including firewall, VPN, intrusion detection, and protection. Supports multiple encryption protocols to ensure the security of data transmission.
QoS Management: Supports QoS settings to prioritize critical applications and services, ensuring the quality of traffic.
Monitoring Reports: Provides detailed traffic monitoring and reporting features, helping administrators understand network usage and optimize network performance.
Easy Configuration and Management: Supports web browsers and dedicated management software, simplifying device configuration and daily management.
Strong hardware VPN engine
CERIO’s DR-4000-CA Multifunction VPN Gateway is an easy-to-use, flexible, high-performance device well suited for small businesses. It provides comprehensive data security and privacy for accessing and exchanging sensitive and confidential information, supporting multiple VPN protocols including IPSec, PPTP, L2TP over IPSec, and VPN P2P. With website filtering functionality, it offers safer, more flexible, and more robust network connectivity for small to medium-sized offices, branch offices, and remote employees. It is particularly well-suited for deployment in small to medium-sized enterprise network environments.
Multi-WAN Supported
It supports up to 3 WAN ports, providing automatic traffic balancing, bandwidth optimization, automatic failover mechanisms, and increased bandwidth capacity. Through multiple WAN ports, it offers real-time load balancing and optimal routing algorithms. For companies hosting their own web servers, one WAN port can handle external HTTP port 80, while the internal network uses a second WAN port. This setup provides a simple and secure network segregation. With real-time load balancing and Optimum Route algorithm, DR-4000-CA intelligent router engine directs each session or connection to the best available link. It also supports policy-based routing, persistent routing, and traffic scheduling to effectively adapt your business policy into your network policy.
Bandwidth Allocation and Management Mechanism
As broadband usage proliferates coupled with the alarming rise of file sharing trend, in certain cases, it is important to assign quota for user bandwidth consumption, particularly in the education institutions, hot spots, or in a community with shared Internet access provider subsystem. DR-4000-CA supports two different quota mechanisms: prepaid and periodical, in order to meet different real-life business needs. The quota system can also be integrated with external accounting and billing systems. By traffic setting size and filtering mechanism, DR-4000-CA optimizes bandwidth utilization and ensures the best transmission quality for the transfer of mission-critical data. The bandwidth management mechanism includes limiting allocation based on IP sessions, as well as providing individual and specific IP range-based controls. It encompasses appropriate upstream and downstream bandwidth control for SIP/RSTP/RTP/Web modes, ensuring smooth network performance overall.
Excellent Protective Capability
The DR-4000-CA has a built-in SPI (Stateful Packet Inspection) firewall and supports specific Layer-7 protocols such as VoIP protocols (H.323 and SIP), video conferencing, and various IM protocols. In terms of content filtering, it supports IP/MAC filtering and can filter or scan through Layer-7 application layers. It has a built-in policy-based DoS/DDoS firewall protection, offering efficient and comprehensive protection against hacker attacks, thus enhancing network security.
Multiple Authentication Methods
It offers multiple authentication methods to meet the needs of various enterprises. The web authentication feature supports remote RADIUS servers, local accounts, third-party OAuth 2.0 (ex. Google, Facebook login), POP3 servers, LDAP (AD) account authentication, remote MAC batch authentication, and guest access. It also supports web authentication Captive Portal, providing diverse authentication methods to meet the requirements of numerous users.
Account and Password Voucher Control Output Functionality.
By purchasing the SP-800-PRINTER (optional) account voucher printer POS system (network control server + thermal printer), you can quickly select and print account and password vouchers for authenticated personnel using a controller. This feature is a great benefit for both the image and network security of the company, especially for one-time visitors.
Time Scheduling
The built-in time policy supports daily scheduling with up to 300 detailed time slot rules. These rules can be applied to advanced features, including timed activation of IP/MAC filtering and virtual server access control based on open ports, enabling time-based restrictions for allowing or disallowing access. For example, if the mail server’s port 25 is targeted by bots resulting in prolonged IP lockouts and continuous malicious attempts to log in. Therefore, use this function to make necessary port arrangements and allow multiple changes in the access interval to reduce daily malicious attacks and the possibility of IP paralysis.
Ping Watchdog
Supports Ping Watchdog for automatic monitoring and can be configured for repeated reboots to ensure operation. Administrators don’t need to worry about network crashes, and it also supports Auto Reboot by scheduling. Administrators can set to automatically reboot daily, weekly, or monthly as per their requirements.
Wake-on-LAN
Supports Wake-on-LAN function to wake up specified network members based on their MAC addresses. Administrators can schedule automatic wake-up for these devices daily, weekly, or monthly according to their needs.
Supports DC In and PoE In
In addition to providing DC In power input, it also supports PoE input allowing the device to receive both network data and power signals through a UTP cable. This meets the needs of long-distance cabling, eliminating the need for traditional power outlets and simplifying the construction of your network environment.
Hardware Overview
Software Specifications
| Authentication Capabilities | Max : 250 clients per Controller. |
| Provide Local Account : 2000. | |
| Bandwidth Managermant | IEEE802.11p Class of Service/Quality of Service (CoS /QoS) |
| IEEE802.11e Wi-Fi Multimedia (WMM). | |
| Differv Codpoint (DSCP) | |
| Traffic Analysis and Statistics. | |
| Diff/TOS | |
| IEEE 802.1Q Tag VLAN priority control. | |
| IGMP Snooping for efficient multicast delivery. | |
| Upload and Download Traffic Management. | |
| IP-based Bandwidth Limit. | |
| Session Limit Per IP | |
| Authentication | Authentication: single sign-on (SSO) client with authentication integrated into the local authentication environment through local/domain, LDAP(AD), PoP3, RADIUS, 802.1x and Guest. |
| Authentication Type. | |
| IEEE802.1X(EAP,LEAP,EAP-TLS,EAP-TTLS,EAP-GTC,EAP-MD5) | |
| RFC2865 RADIUS Authentication. | |
| RFC3579 RADIUS Support for EAP. | |
| RFC3748 Extensible Authentication Protocol. | |
| MAC Adress authentication. | |
| Web-based captive portal authentication. | |
| Hotspot functions | Provides billing plans for pre-setting / on-demand function. |
| Enables session expiration control for On-demand accounts by time (Hours) and data volume (MB) | |
| Detailed per-user traffic history based on time and data volume for both local and on-demand accounts. | |
| Support local on-demand and external RADIUS server. | |
| Contain 10 configurable billing plans for on-demand accounts. | |
| Provide session expiration control for on-demand accounts. | |
| Support automatic email network traffic history | |
| Load Balancing | WAN port bandwidth load balancing. |
| Outbound redundancy. | |
| Outbound load balancing. | |
| Bandwidth management by traffic, either individually or across different networks. | |
| WAN connection detection. | |
| VPN | IPSec ( LAN to LAN and Client to LAN ) |
| PPTP ( PPTP Server with client ) | |
| L2TP over IPSec ( L2TP Server over IPSec with client ) | |
| VPN P2P ( VPN Server with peer ) | |
| IPsec Encryption : AES128,AES192,AES256,3DES. | |
| PPTP Encryption : MPPE40,MPPE128. | |
| VPN P2P Encryption : Blowflash,AES,3DES and RSA certificate public key. | |
| Ipsec Authentication: MD5,SHA1, SHA2-256. | |
| IKE Authentication : Pre-Shared Key. |
| Firewall | Active Firewall Session 100000. |
| Built-in DoS Attack Defense. | |
| Layer 7 Protocol Blocking. | |
| Supports packet filtering, MAC filtering and IP filtering. | |
| Access Control List : : TCP、UDP、IMCP、Content Filter、Domain Filter、IP P2P、IM. |
| Network | Support static IP, Dynamic IP (DHCP Client), PPPoE and PPTP on WAN connection. |
| Supports a total of 16 VLANs, with each VLAN service area having its own DHCP server. It supports multiple DHCP networks. The DHCP server includes DHCP Relay, Bind-IP-MAC, and DDNS server. | |
| Routing protocols : Static Route、OSPF、RIP、Distribute OSPF over RIP、Distribute RIP over OSPF. | |
| 802.1q VLAN Tagging, with support for configuring up to 4096 VLAN Tags. | |
| System Management | Support HA (High Availability) backup function. |
| SNMP v2c, v3 and SNMP Trap etc. | |
| System Log: System Event Log |
|
| Supports RTC (Real Time Clock) time memory and NTP server time synchronization | |
| Administrative Access : HTTP, HTTPS, Telnet, SSH. | |
| Remote firmware upgrade (via Web), configuration file import and export functionality. | |
| Supports Auto Reboot and Wake on LAN (WOL) automatic network wake-up. | |
| Log | Status monitoring of on-line users. |
| Local System Log, including event system records | |
| Session Log | |
| Authentication Log | |
| Remote System log can be sent to ftp or System log server | |
| Wireless Location Tracking Log for local wireless users, including user traffic history records. | |
| Notification Alert: E-mail by SMTP1, SMTP2, including Radius, Session,authentication, System and Location Tracking Log Capacity, AP Detection etc. | |
| Operation Mode | Router Mode Supports as a single WAN router or with multi-WAN load balancing, supporting up to 3 WANs. |
| Captive Portal Mode(In this mode without Router function) When switching to Captive Portal mode, the authentication mechanism remains the same as for hotspot authentication. (In this mode without Router function) |
|
| Control Mode (In this mode without Router function) When switching to Captive Portal mode, the authentication mechanism remains the same as for hotspot authentication. (In this mode without Router function) |
|
| AP Management | This functionality focuses on centralized management of wireless access points using the CERIO CenOS5.0 core. It can scan all CERIO APs in the network environment and add them to a database for management. Through this feature, parameters for APs can be configured, and functionalities such as group management and displaying AP map locations can be established. Its features include:
Scanning for APs : It can scan all CERIO APs in the local area network and display them in a list. Administrators can centrally or individually modify the IP addresses and login passwords of the managed APs within the list and incorporate them into a centralized database for management. Batch Setup: Allows for centralized management of APs in batches, including group management, VLAN tag settings, IP addresses, configuration file application, gateway and DNS address settings, system time for managed APs, system management settings, wireless settings, advanced wireless settings, WMM settings, firmware updates, and rebooting of all APs. AP Settings : Display the status of all managed APs under VLAN, indicating whether they are offline or online. It also enables the removal of specific managed APs from management. Group Settings : Allows management through grouping, enabling administrators to more clearly and conveniently manage APs. Map Settings : Allows administrators to drag and drop APs onto the map to indicate their physical locations, providing clear positioning information for easier management. Authentication Profile : When all managed APs need to enable web authentication, the conditions and rules for web authentication can be defined in a profile and then applied. System Status : It can scan all CERIO APs in the local area network and display them in a list. Administrators can centrally or individually modify the IP addresses and login passwords of the managed APs within the list and incorporate them into a centralized database for management. Scanning for APs : Administrators can view the Tx/Rx traffic information of managed APs, display the number of connections for each AP, and monitor the system’s CPU and memory usage and depict statistics in diagrams. |
| Standards & Hardware Specifications | |
| CPU Clock Speed | Quad-core 1.2Ghz CPU |
| Ethernet Configuration | 4 Gigabit Ethernet Port , support 3 type WAN Mode : |
| 1WAN + 3LAN | |
| 2WAN + 2LAN | |
| 3WAN + 1LAN | |
| Reset Button | Reset to the factory default |
| LED Indicators | PWR*1 |
| ON LINE*1 | |
| FAIL*1 | |
| ETH 1 (PoE In)*1 | |
| ETH 2 (PoE In)*1 | |
| ETH 3*1 | |
| ETH 4*1 | |
| VPN & Network Specifications | |
| Operation Mode | Router Mode |
| Captive Portal Mode | |
| Control Mode | |
| NAT Throughput | Max. 930Mbps |
| VPN Throughput | Max. 60Mbps on IPsec |
| VPN Tunnels (LAN to LAN) | Max. 20 |
| VPN Tunnels (LAN to Client) | Max. 60 |
| NAT Session | Max.100,000 |
| Routing Protocol | Static Route / Open Shortest Path First (OSPF) & Routing Information Protocol (RIP) |
| Load Balancing | IP based, Session based |
| Environmental & Mechanical Characteristics | |
| Operating Temperature | 0 °C ~ 40 °C |
| Storage Temperature | -40 °C ~ 75°C |
| Operating Humidity | 10% – 90% Non-Condensing |
| Storage Humidity | 5% – 90% Non-Condensing |
| Form Factor | Desktop, 19-inch rack installation |
| Power Consumption | 14Watt (Standby) |
| Power Requirement | 802.3at 52~57V PoE In or DC Jack 12~56 VDC In |
| Dimensions ( W x H x D ) | 250 x 172 x 44mm |
| Weight(kg) | 1.17kg |
| Case of Material | Metal case |
| Production Location | TW |
| Certifications | FCC, CE, RoHS Compliant |
| Package Contents | |
| Contents | DR-4000-CA Main Unit |
| Ethernet cable | |
| Power Adapter | |
| 19” Rack Mount Brackets | |
| Warranty Card | |
