YesTurnkey Qon™ QA-250/QR-250/QG-300 Wi-Fi AP, Router & Gateway
QA-250 Wi-Fi AP/QR-250 Wi-Fi Router/QG-300 Wi-Fi Gateway
YesTurnkey's QA-250, QR-250, and QG-300 enable wireless ISPs, enterprises,
or schools to deploy WLANs with user authentication support. Based on the Web Redirection
technology, when an unauthenticated wireless user is trying to access a Web page,
a logon page is shown instead of the requested page, so that the user can type his/her
user name and password for authentication. Then, the user credential information
is sent to a back-end RADIUS (Remote Authentication User Dial-In Service) server
to see if the wireless user is allowed to access the Internet.
User Authentication, Authorization, and Accounting (AAA)
- Web redirection. When an unauthenticated wireless user is trying to access
a Web page, he/she is redirected to a logon page for entering the user name and
password. Then, the user credential information is sent to a back-end RADIUS server
- Captive portal. The access gateway can be configured to use a captive portal
page on the Web server maintained by the WISP.
- CGI-Based Authentication. Username/password information can be sent by directly
calling a CGI (Common Gateway Interface) function on the access gateway. This feature
is useful for authentication automation achieved by a specifically designed program
running on the wireless client computer.
- Unrestricted clients. Client computers with specific IP addresses or MAC
addresses can bypass the Web redirection-based access control.
- Walled garden. Some specific URLs can be accessed without authentication.
These URLs can be exploited by WISPs for advertisement purposes.
- RADIUS client. The WLAN hotspot access gateway communicates with a back-end
RADIUS server for wireless user authentication, authorization, and accounting.
- Showing authenticated users. Showing the status and statistics of every RADIUS-authenticated
user. And an authenticated user can be terminated at any time for management purposes.
- Authentication session control. Several mechanisms are provided for the network
administrator to control user authentication session lifetimes.
- IEEE 802.1x. If a wireless client computer supports IEEE 802.1x
Port-Based Network Access Control, the user of the computer can be authenticated
by the access gateway and wireless data can be encrypted when the
digital-certificate-based EAP-TLS authentication method is selected.
- Access point. The wireless access gateway is equipped with a built-in
Access Point (AP), which bridges packets between the wireless IEEE 802.11n
network interface and the wired Ethernet interface.
- 64-bit and 128-bit WEP, WPA, WAP2. For authentication and data
- Enabling/disabling SSID broadcasts. The user can enable or disable the
SSID broadcasts functionality for security reasons. When the SSID broadcasts
functionality is disabled, a client computer cannot associate the wireless AP
with an “any” network name (SSID, Service Set ID); the correct SSID has to be
specified on client computers.
- MAC-address-based access control. Blocking unauthorized wireless client
computers based on MAC (Media Access Control) addresses.
- Wireless client isolation. Wireless-to-wireless traffic can be blocked so
that the wireless clients cannot see each other. This capability can be used in
hotspots applications to prevent wireless hackers from attacking other wireless
- Associated wireless clients status. Showing the status of every wireless
client that is associated with the wireless AP.
- Detachable antennas. The factory-mounted antennas can be replaced with
high-gain antennas for different purposes.
Internet Connection Sharing
- DNS proxy. The WLAN hotspot access gateway can forward DNS (Domain Name System)
requests from client computers to DNS servers on the Internet. And DNS 3 responses
from the DNS servers can be forwarded back to the client computers.
- NAT server. Client computers can share a public IP address provided by an
ISP (Internet Service Provider) by NAT (Network Address Translation).
- DSL/Cable Modem Support. Supporting dynamic IP address assignment by PPPoE
(Point-to-Point Protocol over Ethernet) or DHCP and static IP address assignment.
- Bandwidth control. Network bandwidth consumed by each client can be limited.
Clients are identified by MAC address range or IP address range.
- Firmware upgrade. The firmware of the WLAN hotspot access gateway can be
upgraded by HTTP.
- Configuration backup. The configuration settings of the WLAN hotspot access
gateway can be backed up to a file via HTTP for later restoring.
- Configuration reset. Resetting the configuration settings to factory-default
- Web-based management. Configuring and monitoring the WLAN hotspot access
gateway via a Web browser. The management protocol is HTTP (HeperText Transfer Protocol)-based.
The access gateway can be configured to be managed by specific hosts from the WAN
- SNTP. Support for absolute system time by SNTP (Simple Network Time Protocol).
- Dynamic DNS. Support for dynamic DNS services provided by YesTurnkey DDNS
service, so that the access gateway can be associated with a domain name even if
it obtains an IP address dynamically by PPP, PPPoE or DHCP.
- Local log. System events are logged to the on-board RAM of the access gateway.
- Remote log by BSD syslog. Systems events are sent in the form of Syslog to
a remote SNMP management server.
- Periodical restart every day. The access gateway can be configured to restart
at a specific time every day. This mechanism is aimed at solving lockup caused by
firmware bugs that surface only after the access gateway has operated for a long
- Wireless LAN: IEEE802.11n
- Ethernet: IEEE802.3u 10/100BaseTX
- USA: 1-11 (FCC)
- Canada: 1-11 (IC)
- Europe: 1-13 (ETSI)
- France: 10-13
- Japan: 1-14
- 64-bit and 128-bit WEP encryption
- WPA-PSK, WPA, WPA2
- WAN: RJ-45 x 1 (10/100BaseTX)
- LAN: RJ-45 × 5 (10/100BaseTX)
- Power x 1
- AIR x 1
- WAN x 1
- LAN x 4
** The features and specifications are subject to change
without notice and does not represent a commitment on the part of the vendor.
Latest updated: 2014/07/09