YesTurnkey Qon™ QA-250/QR-250/QG-300 Wi-Fi AP, Router & Gateway

QA-250 Wi-Fi AP/QR-250 Wi-Fi Router/QG-300 Wi-Fi Gateway


YesTurnkey's QA-250, QR-250, and QG-300 enable wireless ISPs, enterprises, or schools to deploy WLANs with user authentication support. Based on the Web Redirection technology, when an unauthenticated wireless user is trying to access a Web page, a logon page is shown instead of the requested page, so that the user can type his/her user name and password for authentication. Then, the user credential information is sent to a back-end RADIUS (Remote Authentication User Dial-In Service) server to see if the wireless user is allowed to access the Internet.


User Authentication, Authorization, and Accounting (AAA)

  • Web redirection. When an unauthenticated wireless user is trying to access a Web page, he/she is redirected to a logon page for entering the user name and password. Then, the user credential information is sent to a back-end RADIUS server for authentication.
    • Captive portal. The access gateway can be configured to use a captive portal page on the Web server maintained by the WISP.
    • CGI-Based Authentication. Username/password information can be sent by directly calling a CGI (Common Gateway Interface) function on the access gateway. This feature is useful for authentication automation achieved by a specifically designed program running on the wireless client computer.
    • Unrestricted clients. Client computers with specific IP addresses or MAC addresses can bypass the Web redirection-based access control.
    •  Walled garden. Some specific URLs can be accessed without authentication. These URLs can be exploited by WISPs for advertisement purposes.
  • RADIUS client. The WLAN hotspot access gateway communicates with a back-end RADIUS server for wireless user authentication, authorization, and accounting.
    • Showing authenticated users. Showing the status and statistics of every RADIUS-authenticated user. And an authenticated user can be terminated at any time for management purposes.
  • Authentication session control. Several mechanisms are provided for the network administrator to control user authentication session lifetimes.
  • IEEE 802.1x. If a wireless client computer supports IEEE 802.1x Port-Based Network Access Control, the user of the computer can be authenticated by the access gateway and wireless data can be encrypted when the digital-certificate-based EAP-TLS authentication method is selected.

IEEE 802.11n

  • Access point. The wireless access gateway is equipped with a built-in Access Point (AP), which bridges packets between the wireless IEEE 802.11n network interface and the wired Ethernet interface.
  • 64-bit and 128-bit WEP, WPA, WAP2. For authentication and data encryption.
  • Enabling/disabling SSID broadcasts. The user can enable or disable the SSID broadcasts functionality for security reasons. When the SSID broadcasts functionality is disabled, a client computer cannot associate the wireless AP with an “any” network name (SSID, Service Set ID); the correct SSID has to be specified on client computers.
  • MAC-address-based access control. Blocking unauthorized wireless client computers based on MAC (Media Access Control) addresses.
  • Wireless client isolation. Wireless-to-wireless traffic can be blocked so that the wireless clients cannot see each other. This capability can be used in hotspots applications to prevent wireless hackers from attacking other wireless users’ computers.
  • Associated wireless clients status. Showing the status of every wireless client that is associated with the wireless AP.
  • Detachable antennas. The factory-mounted antennas can be replaced with high-gain antennas for different purposes.

Internet Connection Sharing

  • DNS proxy. The WLAN hotspot access gateway can forward DNS (Domain Name System) requests from client computers to DNS servers on the Internet. And DNS 3 responses from the DNS servers can be forwarded back to the client computers.
  • NAT server. Client computers can share a public IP address provided by an ISP (Internet Service Provider) by NAT (Network Address Translation).
  • DSL/Cable Modem Support. Supporting dynamic IP address assignment by PPPoE (Point-to-Point Protocol over Ethernet) or DHCP and static IP address assignment.
  • Bandwidth control. Network bandwidth consumed by each client can be limited. Clients are identified by MAC address range or IP address range.

Firmware Tools

  • Firmware upgrade. The firmware of the WLAN hotspot access gateway can be upgraded by HTTP.
  • Configuration backup. The configuration settings of the WLAN hotspot access gateway can be backed up to a file via HTTP for later restoring.
  • Configuration reset. Resetting the configuration settings to factory-default values.


  • Web-based management. Configuring and monitoring the WLAN hotspot access gateway via a Web browser. The management protocol is HTTP (HeperText Transfer Protocol)-based. The access gateway can be configured to be managed by specific hosts from the WAN side.
  • SNTP. Support for absolute system time by SNTP (Simple Network Time Protocol).
  • Dynamic DNS. Support for dynamic DNS services provided by YesTurnkey DDNS service, so that the access gateway can be associated with a domain name even if it obtains an IP address dynamically by PPP, PPPoE or DHCP.

System log

  • Local log. System events are logged to the on-board RAM of the access gateway.
  • Remote log by BSD syslog. Systems events are sent in the form of Syslog to a remote SNMP management server.

Auto Recovery

  • Periodical restart every day. The access gateway can be configured to restart at a specific time every day. This mechanism is aimed at solving lockup caused by firmware bugs that surface only after the access gateway has operated for a long time.



  • Wireless LAN: IEEE802.11n
  • Ethernet: IEEE802.3u 10/100BaseTX

Frequency Range

  • 2.4-2.4835 GHz


  • USA: 1-11 (FCC)
  • Canada: 1-11 (IC)
  • Europe: 1-13 (ETSI)
  • France: 10-13
  • Japan: 1-14


  • 64-bit and 128-bit WEP encryption

Port Characteristics

  • WAN: RJ-45 x 1 (10/100BaseTX)
  • LAN: RJ-45 × 5 (10/100BaseTX)


  • Power x 1
  • AIR x 1
  • WAN x 1
  • LAN x 4


    1 year

** The features and specifications are subject to change without notice and does not represent a commitment on the part of the vendor.

Latest updated: 2019/07/15