DR-5000-CA

Multi WAN 2.5Gigabit AP Controller with Gateway Router

CERIO DR-5000-CA is a high-efficiency, Multi-function Multi WAN 2.5Gigabit AP management controller gateway. It is a professional AP management controller specifically designed for centralized management of APs using the CERIO CenOS5.0 software core, capable of managing up to 250 APs. This controller can scan all CERIO APs in the network environment and add them to the database for management. Its main functions include monitoring the connection status and traffic usage of the APs, remotely updating AP firmware, and providing detailed usage statistics and reporting features. This greatly simplifies the management and maintenance of wireless networks, improving network stability, security, and performance.

In addition to the above functions, the DR-5000-CA is also a Multi WAN 2.5Gigabit VPN router gateway. The features including network security, SPI(Stateful Packet Inspection)firewall protection, policy auditing (such as content filtering, VPN tunnel and MAC/IP filtering), captive portal login authentication and RADIUS authentication capabilities. Moreover, it supports multiple WAN ports and ETH1 supports 2.5G Ethernet transmission capability, allowing users to perform load balancing or failover for enhanced network efficiency. It is designed specifically for organizations with multifunctional, high-efficiency, and comprehensive networking needs. Whether the company’s network architecture involves on-premises servers or outsourced cloud-based servers, the CERIO DR-5000-CA is an ideal VPN security gateway device solution for small to medium-sized enterprises seeking robust networking capabilities.

The CERIO Multi WAN 2.5Gigabit AP Management Controller Gateway is highly suitable for deployment in environments that require high reliability, efficiency, security, and throughput, such as corporate offices, government agencies, and public venues. It features IP gateway routing functionality, authentication gateway, high availability (HA) redundancy, VPN functionality, multiple WAN ports, QoS bandwidth management, an integrated functional Radius server for authentication and firewall capabilities. Hotspot technology allows Internet providers to offer Internet access to customers, while applying certain Internet use rules and limitation. Whether for offices, hotels, airports, schools, or other commercial establishments, it allows real-time monitoring of each user’s online activity, including usage time, data sent/received, real-time accounting and more enabling administrators to conduct audits efficiently.

 

AP Management Controller Features

Multi WAN: Supports multiple WAN connections and ETH1 supports 2.5G Ethernet transmission capability and provides load balancing and failover functions to ensure high availability and stability of the network.High-Efficiency Transmission Rate: Provides Gigabit 10/100/1000/2500Mbps Ethernet connections, ensuring high-speed data transmission and network performance.AP Management: Centralizes management and control of APs, supporting management of up to 250 APs, simplifying network administration.
Real-time Monitoring: Capable of real-time monitoring of AP status and performance, offering remote configuration and firmware update capabilities.
Load Balancing: Automatically distributes traffic across different WAN connections, optimizing network resource usage and preventing single-port overload.
Security Features: Offers various security functions including firewall, VPN, intrusion detection, and protection. Supports multiple encryption protocols to ensure the security of data transmission.
QoS Management: Supports QoS settings to prioritize critical applications and services, ensuring the quality of traffic.
Monitoring Reports: Provides detailed traffic monitoring and reporting features, helping administrators understand network usage and optimize network performance.
Easy Configuration and Management: Supports web browsers and dedicated management software, simplifying device configuration and daily management.

 

Strong hardware VPN engine
CERIO’s DR-5000-CA Multifunction VPN Gateway is an easy-to-use, flexible, high-performance device well suited for small businesses. It provides comprehensive data security and privacy for accessing and exchanging sensitive and confidential information, supporting multiple VPN protocols including IPSec, PPTP, L2TP over IPSec, and VPN P2P. With website filtering functionality, it offers safer, more flexible, and more robust network connectivity for small to medium-sized offices, branch offices, and remote employees. It is particularly well-suited for deployment in small to medium-sized enterprise network environments.

Multi-WAN Supported
It supports up to 3 WAN ports and ETH1 supports 2.5G Ethernet transmission capability, providing automatic traffic balancing, bandwidth optimization, automatic failover mechanisms, and increased bandwidth capacity. Through multiple WAN ports, it offers real-time load balancing and optimal routing algorithms. For companies hosting their own web servers, one WAN port can handle external HTTP port 80, while the internal network uses a second WAN port. This setup provides a simple and secure network segregation. With real-time load balancing and Optimum Route algorithm, DR-5000-CA intelligent router engine directs each session or connection to the best available link. It also supports policy-based routing, persistent routing, and traffic scheduling to effectively adapt your business policy into your network policy.

Bandwidth Allocation and Management Mechanism
As broadband usage proliferates coupled with the alarming rise of file sharing trend, in certain cases, it is important to assign quota for user bandwidth consumption, particularly in the education institutions, hot spots, or in a community with shared Internet access provider subsystem. DR-5000-CA supports two different quota mechanisms: prepaid and periodical, in order to meet different real-life business needs. The quota system can also be integrated with external accounting and billing systems. By traffic setting size and filtering mechanism, DR-5000-CA optimizes bandwidth utilization and ensures the best transmission quality for the transfer of mission-critical data. The bandwidth management mechanism includes limiting allocation based on IP sessions, as well as providing individual and specific IP range-based controls. It encompasses appropriate upstream and downstream bandwidth control for SIP/RSTP/RTP/Web modes, ensuring smooth network performance overall.

Excellent Protective Capability
The DR-5000-CA has a built-in SPI (Stateful Packet Inspection) firewall and supports specific Layer-7 protocols such as VoIP protocols (H.323 and SIP), video conferencing, and various IM protocols. In terms of content filtering, it supports IP/MAC filtering and can filter or scan through Layer-7 application layers. It has a built-in policy-based DoS/DDoS firewall protection, offering efficient and comprehensive protection against hacker attacks, thus enhancing network security.

Multiple Authentication Methods
It offers multiple authentication methods to meet the needs of various enterprises. The web authentication feature supports remote RADIUS servers, local users (supports creation of 10 local users), third-party OAuth 2.0 (ex. Google, Facebook login), POP3 servers, LDAP (AD) account authentication, remote MAC batch authentication, and guest access. It also supports web authentication Captive Portal, providing diverse authentication methods to meet the requirements of numerous users.

Account and Password Voucher Control Output Functionality.
By purchasing the SP-800-PRINTER (optional) account voucher printer POS system (network control server + thermal printer) and use it with built in Radio Server function, you can quickly select and print account and password vouchers for authenticated personnel using a controller. This feature is a great benefit for both the image and network security of the company, especially for one-time visitors.

Time Scheduling
The built-in time policy supports daily scheduling with up to 300 detailed time slot rules. These rules can be applied to advanced features, including timed activation of IP/MAC filtering and virtual server access control based on open ports, enabling time-based restrictions for allowing or disallowing access. For example, if the mail server’s port 25 is targeted by bots resulting in prolonged IP lockouts and continuous malicious attempts to log in. Therefore, use this function to make necessary port arrangements and allow multiple changes in the access interval to reduce daily malicious attacks and the possibility of IP paralysis.

Ping Watchdog
Supports Ping Watchdog for automatic monitoring and can be configured for repeated reboots to ensure operation. Administrators don’t need to worry about network crashes, and it also supports Auto Reboot by scheduling. Administrators can set to automatically reboot daily, weekly, or monthly as per their requirements.

Wake-on-LAN
Supports Wake-on-LAN function to wake up specified network members based on their MAC addresses. Administrators can schedule automatic wake-up for these devices daily, weekly, or monthly according to their needs.

Supports DC In and PoE In
In addition to providing DC In power input, it also supports PoE input allowing the device to receive both network data and power signals through a UTP cable. This meets the needs of long-distance cabling, eliminating the need for traditional power outlets and simplifying the construction of your network environment.

Hardware Overview

 

 

    

Software Specifications

Authentication Function

Authenticate Capability: Up to 800 wireless or wired network users simultaneously
Places with high load capacity such as corporate office, units, public places, etc. A maximum of 800 users can be connected simultaneously. It has IP gateway routing function and authentication gateway function.
Provide Radius Server account up to 8000.
The DR-5000 series built in RADIUS Server function and able to create accounts (Local account) for a total of 8,000 accounts, providing centralized control and security for wired and wireless deployments.
  Bandwidth Managermant IEEE802.11p Class of Service/Quality of Service (CoS /QoS)
IEEE802.11e Wi-Fi Multimedia (WMM).
Differv Codpoint (DSCP)
Traffic Analysis and Statistics.
Diff/TOS
IEEE 802.1Q Tag VLAN priority control.
IGMP Snooping for efficient multicast delivery.
Upload and Download Traffic Management.
IP-based Bandwidth Limit.
Session Limit Per IP
 Authentication Authentication: single sign-on (SSO) client with authentication integrated into the local authentication environment through local/domain,LDAP (AD), PoP3, RADIUS, 802.1x and Guest.
Authentication Type.
IEEE802.1X(EAP,LEAP,EAP-TLS,EAP-TTLS,EAP-GTC,EAP-MD5)
RFC2865 RADIUS Authentication.
RFC3579 RADIUS Support for EAP.
RFC3748 Extensible Authentication Protocol.
MAC Adress authentication.
Web-based captive portal authentication.
   Built in Radius

   Server functions

Provides billing plans for pre-setting / on-demand function.
Enables session expiration control for On-demand accounts by time (Hours) and data volume (MB)
Detailed per-user traffic history based on time and data volume for both local and on-demand accounts.
Support local on-demand and external RADIUS server.
Contain 10 configurable billing plans for on-demand accounts.
Provide session expiration control for on-demand accounts.
Support automatic email network traffic history
    Load Balancing WAN port bandwidth load balancing.
Outbound redundancy.
Outbound load balancing.
Bandwidth management by traffic, either individually or across different networks.
WAN connection detection.
    VPN  IPSec ( LAN to LAN and Client to LAN )
PPTP ( PPTP Server with client )
L2TP over IPSec ( L2TP Server over IPSec with client )
VPN P2P ( VPN Server with peer )
IPsec Encryption : AES128,AES192,AES256,3DES.
PPTP Encryption : MPPE40,MPPE128.
VPN P2P Encryption : Blowflash,AES,3DES and RSA certificate public key.
Ipsec Authentication: MD5,SHA1, SHA2-256.
IKE Authentication : Pre-Shared Key.
    Firewall Active Firewall Session 100000.
Built-in DoS Attack Defense.
OSI Layer 7 Protocol Blocking.
Supports packet filtering, MAC filtering and IP filtering.
Access Control List : : TCP、UDP、IMCP、Content Filter、Domain Filter、IP P2P、IM.
    Network Support static IP, Dynamic IP (DHCP Client), PPPoE and PPTP on WAN connection.
Supports a total of 16 VLANs, with each VLAN service area having its own DHCP server. It supports multiple DHCP networks. The DHCP server includes DHCP Relay, Bind-IP-MAC, and DDNS server.
Routing protocols : Static Route、OSPF、RIP、Distribute OSPF over RIP、Distribute RIP over OSPF.
802.1q VLAN Tagging, with support for configuring up to 4096 VLAN Tags.
    System  Management

Support HA (High Availability) backup function.
SNMP v2c, v3 and SNMP Trap etc.
System Log: System Event Log
Supports RTC (Real Time Clock) time memory and NTP server time synchronization
Administrative Access : HTTP, HTTPS, Telnet, SSH.
Remote firmware upgrade (via Web), configuration file import and export functionality.
Supports Auto Reboot and Wake on LAN (WOL) automatic network wake-up.
Jumbo Frame : Can be enabled or disabled to determine whether all physical Ethernet ports use Gigabit 9K Jumbo Frame as the primary packet transmission format.
    Log Status monitoring of on-line users.
Local System Log, including event system records
Session Log
Authentication Log
Remote System log can be sent to ftp or System log server
Wireless Location Tracking Log for local wireless users, including user traffic history records.
Notification Alert: E-mail by SMTP1, SMTP2, including Radius, Session,authentication, System and Location Tracking Log Capacity, AP Detection etc.
    Operation Mode   Router Mode
Supports as a single WAN router or with multi-WAN load balancing, supporting up to 3 WANs and ETH1 supports 2.5G Ethernet transmission capability.
  Captive Portal Mode
When switching to Captive Portal mode, the authentication mechanism remains the same as for hotspot authentication. (In this mode without Router function)
  Control Mode (In this mode without Router function)
When switched to Control Mode, it as a centralized management controller for APs. It supports Port VLAN and 802.1Q tag VLAN and can centrally manage wireless access points remotely via VPN. It can manage up to 250 wireless access points simultaneously. (In this mode without Router function)
    AP Management This functionality focuses on centralized management of wireless access points using the CERIO CenOS5.0 core. It can scan all CERIO APs in the network environment and add them to a database for management. Through this feature, parameters for APs can be configured, and functionalities such as group management and displaying AP map locations can be established. Its features include:
Scanning for APs : It can scan all CERIO APs in the local area network and display them in a list. Administrators can centrally or individually modify the IP addresses and login passwords of the managed APs within the list and incorporate them into a centralized database for management.
Batch Setup: Allows for centralized management of APs in batches, including group management, VLAN tag settings, IP addresses, configuration file application, gateway and DNS address settings, system time for managed APs, system management settings, wireless settings, advanced wireless settings, WMM settings, firmware updates, and rebooting of all APs.
AP Settings: Display the status of all managed APs under VLAN, indicating whether they are offline or online. It also enables the removal of specific managed APs from management.
Group Settings: Allows management through grouping, enabling administrators to more clearly and conveniently manage APs.
Map Settings: Allows administrators to drag and drop APs onto the map to indicate their physical locations, providing clear positioning information for easier management.
Authentication Profile: When all managed APs need to enable web authentication, the conditions and rules for web authentication can be defined in a profile and then applied
.•System Status: Administrators can view the Tx/Rx traffic information of managed APs, display the number of connections for each AP, and monitor the system’s CPU and memory usage and depict statistics in diagrams.
System Status: Administrators can view the Tx/Rx traffic information of managed APs, display the number of connections for each AP, and monitor the system’s CPU and memory usage and depict statistics in diagrams.
 
 

 

Standards & Hardware Specifications
CPU Clock Speed Quad-core 1.8Ghz CPU
Ethernet Configuration One 2.5Gigabit Ethernet Port and three Gigabit Ethernet ports, support 3 type WAN Mode :
1WAN + 3LAN
2WAN + 2LAN
3WAN + 1LAN
Reset Button Reset to the factory default
Grounding Port Metal case design supports surge grounding and grounding port
LED Indicators PWR*1
ON LINE*1
FAIL*1
ETH1 / 2.5G (PoE In)*1
ETH 2 (PoE In)*1
ETH 3*1
ETH 4*1
VPN & Network Specifications
Operation Mode Router Mode
Captive Portal Mode
Control Mode
NAT Throughput (1Gb)WAN to LAN(1Gb) : Max. 940Mbps
(2.5Gb)WAN to LAN(3 Port LAN) : Max.2350Mbps
VPN Throughput Max. 90Mbps on IPsec
VPN Tunnels (LAN to LAN) Max. 20
VPN Tunnels (LAN to Client) Max. 60
NAT Session Max.100,000
Routing Protocol Static Route / Open Shortest Path First (OSPF) &
Routing Information Protocol (RIP)
Load Balancing IP based, Session based
Environmental & Mechanical Characteristics
Operating Temperature 0 °C ~ 40 °C
Storage Temperature -40 °C ~ 75°C
Operating Humidity 10% – 90% Non-Condensing
Storage Humidity 5% – 90% Non-Condensing
Form Factor Desktop, 19-inch rack installation
Power Consumption 8.7Watt (Standby)
Power Requirement 802.3at 52~57V PoE In or DC Jack 12~56 VDC In
Dimensions ( W x H x D ) 250 x 172 x 44mm
Weight(kg) 1.38kg
Case of Material Metal case
Production Location TW
Certifications FCC, CE, RoHS Compliant
Package Contents
Contents DR-5000-CA Main Unit
Ethernet cable
Power Adapter
19” Rack Mount Brackets
Warranty Card