YesTurnkey Qon™ QG-1000/QG-2000/QG-3000 Network Access Gateway




YesTurnkey's QG-1000/QG-2000/QG-3000 Network Access Gateway enables ISPs, enterprises, or schools to deploy LAN/WLANs with user authentication support. Based on the Web Redirection technology, when an unauthenticated user is trying to access a Web page, a logon page is shown instead of the requested page, so that the user can type his/her user name and password for authentication. Then, the user credential information is sent to a back-end RADIUS (Remote Authentication User Dial-In Service) server to see if the user is allowed to access the Internet.


User Authentication, Authorization, and Accounting (AAA)

  • Web redirection. When an unauthenticated wireless user is trying to access a Web page, he/she is redirected to a logon page for entering the user name and password. Then, the user credential information is sent to a back-end RADIUS server for authentication.
    • Captive portal. The access gateway can be configured to use a captive portal page on the Web server maintained by the WISP.
    • CGI-Based Authentication. Username/password information can be sent by directly calling a CGI (Common Gateway Interface) function on the access gateway. This feature is useful for authentication automation achieved by a specifically designed program running on the wireless client computer.
    • Unrestricted clients. Client computers with specific IP addresses or MAC addresses can bypass the Web redirection-based access control.
    •  Walled garden. Some specific URLs can be accessed without authentication. These URLs can be exploited by WISPs for advertisement purposes.
  • RADIUS client. The WLAN hotspot access gateway communicates with a back-end RADIUS server for wireless user authentication, authorization, and accounting.
    • Showing authenticated users. Showing the status and statistics of every RADIUS-authenticated user. And an authenticated user can be terminated at any time for management purposes.
  • Authentication session control. Several mechanisms are provided for the network administrator to control user authentication session lifetimes.

Internet Connection Sharing

  • DNS proxy. The WLAN hotspot access gateway can forward DNS (Domain Name System) requests from client computers to DNS servers on the Internet. And DNS 3 responses from the DNS servers can be forwarded back to the client computers.
  • NAT server. Client computers can share a public IP address provided by an ISP (Internet Service Provider) by NAT (Network Address Translation).
  • DSL/Cable Modem Support. Supporting dynamic IP address assignment by PPPoE (Point-to-Point Protocol over Ethernet) or DHCP and static IP address assignment.
  • Bandwidth control. Network bandwidth consumed by each client can be limited. Clients are identified by MAC address range or IP address range.


  • Web-based management. Configuring and monitoring the WLAN hotspot access gateway via a Web browser. The management protocol is HTTP (HeperText Transfer Protocol)-based. The access gateway can be configured to be managed by specific hosts from the WAN side.
  • SNTP. Support for absolute system time by SNTP (Simple Network Time Protocol).
  • Dynamic DNS. Support for dynamic DNS services provided by YesTurnkey DDNS service, so that the access gateway can be associated with a domain name even if it obtains an IP address dynamically by PPP, PPPoE or DHCP.

System log

  • Local log. System events are logged to the on-board RAM of the access gateway.
  • Remote log by BSD syslog. Systems events are sent in the form of Syslog to a remote SNMP management server.

Auto Recovery

  • Periodical restart every day. The access gateway can be configured to restart at a specific time every day. This mechanism is aimed at solving lockup caused by firmware bugs that surface only after the access gateway has operated for a long time.



  • Ethernet: IEEE802.3u 10/100BaseTX

Port Characteristics

  • WAN: RJ-45 x 1 (10/100BaseTX)
  • LAN: RJ-45 x 3 (10/100BaseTX)


  • Power, HDD, Bypass, Ethernet active & speed


  • 1 year

** The features and specifications are subject to change without notice and does not represent a commitment on the part of the vendor.

Latest updated: 2019/07/15