C COVER WA512G Series Industrial IEEE 802.11a/b/g/n/ac Wireless Mesh AP/Client Nov.2020 V.1.
WoMaster WA512G Industrial Dual Radio 2.4G+5GHz Concurrent Wireless Mesh AP/Client User Manual Copyright Notice © WoMaster. All rights reserved. About This Manual This user manual is intended to guide a professional installer to install and to configure the WoMaster Industrial Wireless MESH AP/Client. It includes procedures to assist you in avoiding unforeseen problems. NOTE: Only qualified and trained personnel should be involved with installation, inspection, and repairs of this router.
TABLE OF CONTENTS COVER................................................................................................................................................................................................. 1 TABLE OF CONTENTS ....................................................................................................................................................................... 3 DECLARATION OF CONFORMITY ...............................................................................
3.1.4 Date and Time....................................................................................................................................... 33 3.1.5 DHCP Server .......................................................................................................................................... 34 3.2 ETHERNET PORT ......................................................................................................................................... 36 3.2.1 Port Status .................
3.8 IOT ......................................................................................................................................................... 96 3.8.1 AWS IoT ................................................................................................................................................ 96 3.8.2 AZURE IoT ............................................................................................................................................. 99 3.8.3 Private IoT.......
Declaration of Conformity CE RED (Radio Device Directive) While you see the CE Marking print in our product, it indicates the product comfort to the requirement of the CE RED. We provide the CE RED Declaration of Conformity (DoC) for our Wireless Router, WLAN AP products in our web site. The DoC includes the Brand Name, Product Name, Model Name, Description, compliant standards and Manufacture information.
FCC Federal Communications Commission Statement This device complies with FCC Rules Part 15. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operation. FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user‘s authority to operate the equipment.
SAFETY PRECAUTION General Notification SELV: The device is designed for operation with SELV (extra-low voltage). It is powered from DC source. Connect the unit only to DC power source that complies with the SELV requirements in IEC/EN 62368 based safety standards. The product does Not include the AC power adapter. Electrical energy source classifications: The design is complaint with the ES1 definition of the EN62368-1 standard.
Power Source: External power source must be UL listed / IEC 60950-1 / IEC 62368-1 compliant. In practical, the SELV DC product has no internal DC/DC isolation design. For external power, it is suggested to use isolated AC to DC or DC to DC power design PSU for installation. The output voltage and current of the Power Supply conforms to the range of the input voltage and inrush current of the equipment. Its minimum ambient temperature is equal to maximum operating temperature of the product.
installed <2m height environment. Indoor Area: The product (WA512GM Series, WR312/322/212/222/224) is defined as indoor product. Most of the I/O interface is connected inside the cabinet/box, for example the power terminal block, USB and RJ-45 connectors. Note of the WR319/329 Series: The RJ-45 Ethernet LAN ports (port 1~8) is only allowed to be installed within indoor area. Only the RJ-45 Ethernet WAN port (port 9) can be connected to external device outside the box.
(Lightning) DAMAGE IS NOT COVERED UNDER WARRANTY. PoE (Only for PoE model) The product supports standard PoE Input, please make sure the voltage range of PSE comforts to the standard PoE request. The voltage range of the 802.3at definition is 50~57V, 802.3af is 46~57V. According to the PoE/PoE+ definition, the maximum current through the Ethernet cable is 600mA/802.3at or 350mA/802.3af, the CAT 5E or above standard cable is suggested and the maximum Ethernet cable distance is less than 100m.
1. Introduction 1.1 Overview WA512G series is designed for IIoT application by dual band concurrent Wireless LAN Radio. WA512G is equipped with high performance Quad core ARM processor with 5GHz IEEE 802.11ac Wave 2 and 2.4G 802.11n WLAN radio, up to 866M+300Mbps high throughput, 2 Gigabit Eth ernet port are able to support Bridge/Router mode and powered by 802.3af PoE switch.
1.2 Major Features Below are the major features of WA512G Series: - Quad-Core ARM Processor - IEEE 802.11ac Wave 2, compatible with 802.11a/b/g/n - Concurrent dual-band 2.4 G+5GHz radio, up to 866Mbps + 300Mbps Bandwidth - 2x SMA/N-type Antenna socket for 2.4GHz + 5GHz DBDC (Dual Band Dual Concurrent) - Dual Gigabit Ethernet ports in Router mode for WLAN/LAN to Eth-WAN routing - Support IEEE 802.3af PoE P.D.
2. Installation This chapter introduces mechanical and contains information on installation and configuration procedures. 2.1 WA512G (IP67 Housing) 2.1.1 Dimension Dimensions of WA512G-IP67: 239mm(H) x 269mm(H) x 68mm (D) / without mounting clip 2.1.
2.2.3 Product Package Standard package includes: 1x Product Unit 1x Quick Installation Guide 1x PoE Injector with AC Plug 3x Cable Gland 1x Mounting kit *Note: Antenna not included 2.2.4 Interface Installation After unpacking the box, follow the steps below in order to properly connect the device.
2.2.4.1 Wiring Power Input Standard package includes a PoE injector to power on WA512G-IP67 series. WA512G is a standard IEEE 802.3 PoE P.D. device and can also be power by PoE switch (P.S.E). Wiring the Power Input through PoE Injector 1) Install PoE injector power cord. 2) Install Ethernet cable between PoE ports of WA512G and PoE injector. 3) Install Ethernet cable between LAN ports of WA512G and PC/NB whenever proceeding WebGUI configuration.
2.2.4.2 Wiring Antenna Antenna Socket on device - N-type female The antenna socket is N-type female and located on the top of the device. The antenna is usually installed in the upper/upward position. You can install the external antennas or you can install an antenna cables to connect to a long-distance antenna. Antenna/Antenna Cable - N-type male You can wire the waterproof antenna with N-type Male connector directly to the N-female socket on the top of the device.
2.2.4.3 Wiring Waterproof Connector As shown in the figure, there are some steps to wire the waterproof connectors. Step 1~3: Lock the waterproof cover for the unused RJ45, USB and LED light connectors. The steps can be done before go to the field. Step 4~7: Wiring Ethernet cable. Since the Ethernet cable length is not fixed in every site, the steps are usually done in the field. Connect the Ethernet cable to the waterproof cable gland in sequence.
2.2.5 Mounting the AP Mount the AP on a Pole/Wall 1) Screw up the attached mounting plate and the Access Point by screw A (M5, 15mm). 2) Screw up the mounting kit between pole and Access Point. 3) Mount the Access Point steadily to the pole by locking the pole mounting kit tightly. The antenna is installed in the upper/upward position. While installed the AP in high tall factory, the AP is also available by pole mounting on the ceiling.
Mounting plate in Vertical installation (The N-Type Antenna socket is in upper/upward side.) 2.2.6 LED Check system status through LED connector. WA512G-IP67 series LED 5GHz 2.
2.2 WA512G-D (DIN-Rail) 2.2.1 Dimension 2.2.
2.2.3 Product Package (WA512G-D) Standard package includes: 1x Product Unit 1x Quick Installation Guide 2x WLAN Antenna, White The Antenna supports 2.4G/5G wide range. Attached them to ANT1 and ANT2 sockets. 1 x Attached Din Clip Note: The model doesn’t offer PoE injector. If you need additional PoE injector or PoE switch, check with our sales contact window. 2.2.4 Interface Installation After unpacking the box, follow the steps below in order to properly connect the device. 2.2.4.
1) Install Ethernet cable between PoE ports of WA512G and PSE switch 2) Install Ethernet cable between LAN ports of WA512G and PSE switch whenever proceeding WebGUI configuration. 2.2.4.2 Wiring the Ground The chassis grounding screw is located on the bottom side of the router. For avoiding system damage by noise or electric shock, establish a direct connection between the ground screw and the grounding surface prior to connecting devices. 2.2.
To mount the router on DIN Rail track, do the following instruction: 1. Insert the top side of DIN Rail track into the slot of DIN Rail clip. 2. Lightly clip the bottom of DIN-Rail to the track and make sure it attached well. 3. To remove the device from the track, reverse the steps. 2.2.5.
To mount the AP to the WALL/BOX, do the following instruction: 1. Remove the attached DIN Rail Clip first. 2. This wall-mount plate can be shared with our switch or router. For WA512GM-D, please use the 6 screw holes near the inside. 3. Lock the wall-mount plate by the attached “M3” 6mm length screw to the device. 4. Lock the wall-mount plate to the WALL. The suggested screw size for wall-mount is M6 12mm length. (This screw varies from site to site, we do not attach it.
2.2.6 ANTENNA & LED WiFi Antenna WA512GM-D Series supports Dual Band in One Antenna socket design. It means one antenna can transmit dual band dual radio signal, you should choose Dual Band antenna. Connect the attached dual band antenna to the SMA connector on the front panel. Alternatively, you can connect the antenna through extended RF cable with antenna holder to SMA on the front panel and screwing the antenna holder on the field box. The magnet holder is also popular for metal box installation.
3. Web Management Configuration To access the management interface, WoMaster router has two ways access mode through a network; they are web management and telnet management. Web interface management is the most common way and the easiest way to manage a network, through web interface management, a router interface offering status information and a subset of device commands through a standard web browser. If the network is down, another alternative to access the management interface can be used.
In this Web management for Featured Configuration, user will see all of WoMaster Router’s various configuration menus at the left side from the interface. Through this web management interface, user can configure, monitoring, and set the administration functions. The whole information used web management interface to introduce the featured functions. User can use all of the standard web-browser to configure and access the router on the network.
3.1 System When the user login to the router, user will see the system section appear. This section provides all the basic setting and information or common setting from the router that can be configured by the administrator. Following topics are included: 3.1.1 Information Information section, this section shows the basic information from the router to make it easier to identify different router that is connected to User network and also it shows LAN Settings information.
With the Name first login setting is administrator user name level and the authority allow user to configure all of configuration parameters. The Login Setting interface describes how to configure the system username and password for the web management login. To change the Name and Password, user just needs to input a new Name and New Password then confirm the new password in this section. Try to re-login with the new username and password. Below is the interface for guest level.
The description of the Login Setting interface is as below: TERMS DESCRIPTION User Name/ Guest Name Default: admin/guest Key in new username here. New Password Key in new password here. Confirm Password Re-type the new password again to confirm it. After finishing configure the Username and Password, click on Submit to apply the configuration. Don’t forget to Save the configuration.
3.1.3 Network Settings The Network Setting section allows users to configure both IPv4 values for management access over the network. WoMaster’ router supports IPv4 and can be managed through either of these address types. Below is the IP Setting interface for Bridge Mode. The description of the columns is as below: TERMS DESCRIPTION Type User can select to DHCP or Static IP to activate the function.
And below is the IP Setting interface for the Router Mode where it supports with the WAN port on port 2. User can configure the WAN Settings. The description of the columns is as below: TERMS DESCRIPTION Type User can select to DHCP Client or Static IP to activate the function. DHCP Client: Select DCHP Client to activate DHCP Client Function, no need to assign IP Address and received IP Address from DHCP Server.
The description of the columns is as below: TERMS DESCRIPTION Current Time User can configure time by input it manually. Get PC Time: get the time the PC Time Zone Choose the Time Zone section to adjust the time zone based on the user area. NTP Enable NTP Client update by checking this box. Select the time server from the NTP Server dropdown list or select Manual IP to manually input the IP address of available time server. *Make sure that the device also has the internet connection.
The description of the columns is as below: TERMS DESCRIPTION DHCP Setting Select to Enable or Disable to activate and deactivate DHCP Server function. IP Address Start Assign the IP Address Start range. IP Address End Assign the IP Address End range. Subnet Mask Default: 255.255.255.0 Assign the subnet mask for the IP address here for DHCP Server. Gateway Assign the gateway for the router here for DHCP Server.
3.2 Ethernet Port Ethernet Port section is used to access the port configuration and rate limit control. It also allows User to view port status and port trunk information. 3.2.1 Port Status Port Status section allows users to see the current status from the Ethernet. The description of the columns is as below: TERMS DESCRIPTION Link Display the Ethernet status, whether it is Link Up or Link Down.
3.2.3 Traffic Control Traffic control is a form of flow control used to enforce a strict bandwidth limit at a port. User can configure separate Incoming Outgoing rate limits and burst The description of the columns is as below: TERMS DESCRIPTION Enable Traffic Control Check the box to activate the function Outgoing Rate Limit Default: 1024000 kbit/s Set the maximum outgoing rate. Outgoing Burst Default: 20 kBytes Set the maximum outgoing burst. Click on Submit to apply the configuration. 3.
3.3.2 GPS Settings In this GPS Setting section, user can manually input GPS coordinates. The coordinates can be used to report to cloud or specific server. TERMS DESCRIPTION GPS mode Default: Disable Disable: Disable GPS function. GPS: Enable GPS function. WA512G series does not support active GPS. Contact WoMaster salesperson for GPS support. User Input: Input Latitude and Longitude. The coordinates can be used to report to cloud or specific server.
3.4 Wireless LAN This Wireless LAN configuration pages only support the device that supported with Wi-Fi feature. This configuration page allows users to configure the Wireless LAN configuration. 3.4.1 WLAN Status The figure below shows the WLAN status.
3.4.2 WLAN Settings WLAN Setting page, on this page user may configure the parameters for Wireless LAN Interface includes change wireless interface modes and all of the related parameters for each operation mode. There are 2 WLAN interfaces supported in WA512G series. WLAN1 for 2.4GHz and WLAN2 for 5GHz in AP mode can be configured in the same time. Only one radio can be configured to client mode in the same time.
By enabling the broadcast SSID, it makes the AP can be accessed and searched by the clients, and for the security concern by disabling this broadcast SSID, the network will be hidden in order to prevent any malicious attack. Wireless Separation Default: Disable By enabling the function, connected clients will be separated and can reach each other (ex: can’t ping each other) WMM support Default: Enable To enable or disable WIFI multi-media QoS. Max.
This option would be appeared when user select the Channel Mode to 20/40MHz or 40MHz. To put range for the frequency, it provides the Lower Channel (2417MHz (2)) with the 40MHz center frequency is 2427MHz (4) and Upper Channel (2457MHz (10)) with the 40MHz center frequency is 2447MHz (8). Channel Mode Default: 20MHz There are three channel modes, 20MHz, 20/40MHz and 40MHz. If user select 20MHz, the frequency that can be received maximum is 20MHz.
function, it may decrease wireless network performance. Click Submit to apply the configuration At the SSID section, there is a Multi SSID button appeared. This AP mode supports the multiple SSID or multiple access point connections. So user may separate the connection into several access points and it is supported with 8 profiles for multiple SSID. Click the button then another form will appear, see the figure below.
The Multi SSID section shows the configuration page where the Profile1 always enabled. In this section, user may configure each Profile by check the box to enable the Profile and then click the profile name to open the configuration page for specific Profile. The figure below is the pop-up WLAN Security configuration page for each Profile.
3.4.2.2 Client mode Wireless Client mode, in this mode the device is able to connect to the Access Point and join the wireless network around the device that opens the connection. User can find the best connection for the AP by click the Site Survey and the AP list will appear. The description of the columns is as below: TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireless functions. Operation Mode Select the Operation Mode for the router.
There are three channel modes, 20MHz, 20/40MHz and 40MHz. If user select 20MHz, the frequency that can be received maximum is 20MHz. For 20/40MHz it can receive both frequency, and for the 40MHz, it provides bigger data rate and received the 40MHz frequency. But basically, if the transmission happened between the AP and the client, both AP and client can have the negotiation phase about the frequency. Maximum Output Power Default: Half Specify the transmission power.
Wireless Site Survey (Wireless Client & WDS-Client) Click the Site Survey button to open the Wireless Site Survey page. On this page user may choose the Access Point that appeared on the list. After selects the specific AP, then click Selected to apply the choice. Click Scan to refresh the list. The description of the columns is as below: TERMS DESCRIPTION Select Select the SSID. SSID Display the detected SSID’s name Frequency/Channel Display the current frequency of the AP.
3.4.2.3 WDS AP Mode The WDS-AP mode usually implements the Point to Point (P2P) connection, so the access point should be WDS-AP and the wireless client should be WDS-Client. In this case, the AP just can share the connection to the specific wireless client that has its MAC Address. But WDS-AP can be a repeater to provide network access to general clients.
Wireless Mode Default: 802.11G/N Select the specific wireless mode, different wireless mode has different configuration. For each wireless mode, it has specific frequency and it has different basic setting. HT Protect Default: Disabled Select Enabled to activate the High Throughput protect to ensure HT transmission with MAC mechanism. Channel Default: 2437MHz (6) Select the proper channel, each country has different band user may select the channel based on the situation.
select 20MHz, the frequency that can be received maximum is 20MHz. For 20/40MHz it can receive both frequencies, and for the 40MHz, it provides bigger data rate and received the 40MHz frequency. But basically, if the transmission happened between the AP and the client, both AP and client can have the negotiation phase about the frequency. Maximum Output Power Default: Half Specify the transmission power.
3.4.2.4 WDS Client Mode In WDS-Client mode, user must specify the specific WDS-AP’s SSID and MAC address. So WDS-Client just do the transmission to the WDS-AP only. In this mode, please make sure that the configuration should be the same as the WDS-AP as well. The description of the columns is as below: TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireless functions. Operation Mode Select the Operation Mode for the router.
Channel Mode Default: 20MHz There are three channel modes, 20MHz, 20/40MHz and 40MHz. If user select 20MHz, the frequency that can be received maximum is 20MHz. For 20/40MHz it can receive both frequencies, and for the 40MHz, it provides bigger data rate and received the 40MHz frequency. But basically, if the transmission happened between the AP and the client, both AP and client can have the negotiation phase about the frequency. Maximum Output Power Default: Half Specify the transmission power.
3.4.2.5 Mesh Settings WA512GM series support mesh network. Click checkbox and submit button to enable mesh network. SSID will be used as connections for both mesh links and wireless clients. Mesh link will be connected automatically to form adaptive mesh network. There are 2 roles in mesh network: CAP: Central AP, also known as root AP, with a wired data connection that can be configured to relay data to and from mesh APs. In CAP, you can enable MESH in 2.
SSID The SSID will be used for both mesh links and wireless clients. The setting within the MESH network must be the same. WPA Pre-Share Key Passphrase used to connect to SSID. The setting within the MESH network must be the same. MESH Status Click MESH Status, you can find the MESH status of the connected AP in this page. The MESH Status in CAP: In Local Status, you can find the information of the WLAN interface, Operation mode, MESH SSID, Uplink Status, Hop to CAP(0 in CAP), Downlink number and Hops.
Quick MESH configuraiton in ViewMaster ViewMaster allows user to group assign and change WLAN MESH Setting. Scan and select all the MESH APs, you can assign/change SSID, Key and enable CAP. Once you change the settings, please reboot all the MESH device to activate the new seting. ViewMaster Configuration Utility Download: • Go to the Support/Software & Literature/Software page of the WoMaster web site. Apply the member account and login, then you can download the ViewMaster software.
3.4.2.6 Client Router (Wireless WAN NAT) Mode Some of the specific firmware supports the “Client Router” operation mode, also known as WLAN NAT or Wireless WAN mode. The configured WLAN 1 or WLAN 2 interface acts as WAN interface instead of other Ethernet or WLAN interfaces. Refer to the below comparison table of WALN/Ethernet interface to Router operation mode. RJ45 Interface Interface\ Operation Mode WLAN 1Clinet Router WLAN 2Clinet Router Ethernet - Router Ethernet - Bridge (Default Setting) Eth 1 Eth
3.4.3 WLAN Security On this configuration page, user can configure the WLAN Security feature. The description of the columns is as below: TERMS DESCRIPTION Encryption Configure the data encryption mode. None: Available only when the authentication type is an open system. 64 bits WEP: It is made up of 10 hexadecimal numbers. 128 bits WEP: It is made up of 26 hexadecimal numbers. TKIP: Temporal Key Integrity Protocol, which is a kind of dynamic encryption, is co-used with WPA-PSK.
3.4.4 Advanced The page allows the advanced user to configure advanced wireless setting with more experience about the WLAN. If user doesn’t have any qualified knowledge about WLAN, we suggest not to change the default setting except user know the effects when the setting is changed. The wrong configuration may impact the performance of wireless network. The description of the columns is as below: TERMS DESCRIPTION A-MPDU/A-MSDU For the AP mode, the data rate of the AP could be enhanced greatly.
Specify the interval to broadcast packets. DTIM Interval Default: 1 (1-255) Delivery Traffic Indication Message interval is an additional message added after the beacon interval broadcast by access point. It is for enhancing the wireless transmission efficiency. The more intervals we added, the more power that we need. By setting a low value of DTIM, user can effectively keep the devices awake indefinitely so they never go into sleep mode when idling.
3.4.4.1 Roaming (Client based Fast Roaming) The feature can be applied in Wireless client mode, configured WLAN setting to 2.4G or 5G Radio Frequency, then you can find the command in Advance WLAN setting page. There are two major setting, Roaming Threshold (dbm) and Roaming difference. Roaming Threshold(dbm): While there are some APs, the client checks the signal strength, listens the available APs, and start to connect new AP while reaching the Roaming Threshold.
The feature can be applied in Wireless client mode only. Choose one of the Radio in WLAN Settings and configure Wireless Client operation Mode. Note: Please noted that the SSID of the target APs for the fast roaming client must be the same. The available fast roaming scan channel is 3, the APs’ channel setting should be one of the three available channels. Due to the different language and input method types, some characters may be mistaken for the same SSID, but they are actually different SSIDs.
Figure 3.4.4.4-3: The WLAN Advanced Setting: Fast Roaming Setting. The description of the columns after Enabled Fast Roaming is as below: TERMS DESCRIPTION Roaming Select “Enable” to configure the Fast Roaming feature, you will find more advanced settings as below. Default is Disable. Roaming Threshold(dbm) Type the Threshold of when to roaming to new AP. In practical, you should do site survey in your environment and find out the suitable value for your field.
3.4.5 RADIUS Server (AP Mode) The Remote Authentication Dial In User Service (RADIUS) mechanism is a centralized “AAA” (Authentication, Authorization, and Accounting) system for connecting to network services. The fundamental purpose of RADIUS is to provide an efficient and secure mechanism for user account management. The RADIUS server system allows you to access the router through secure networks against unauthorized access. How to set up a RADIUS server: a.
3.4.6 Certificate File (Client Mode) Using digital certificates for authentication method through the RADIUS that provided by the AP. User needs to upload the specific certificate file, so then the client can access the Wi-Fi connection.
3.5 Security WoMaster Router provides several security features for User to secure access to its management functions and it can be remotely managed (monitored and configured). 3.5.1 Access Control WoMaster router provides access control mode in several ways, such as Remote Management, WAN Service Access Control and Custom Exception. By configuring this configuration, user can enhance the security access to the device.
HTTPS Only HTTP Secure is the use of the HTTP protocol over an SSL/TLS protocol. It is used primarily to protect against eavesdropping of communication between a web browser and the web site to which it is connected. This is especially important when you wish to have a secure connection over a public network such as the internet. HTTPS connections are secured through the use of certificates issued by trusted certificate authorities.
WAN Access When user changes the device mode to router mode (Port 1 – WAN interface) the WAN Access feature can be activated. This feature is about the exception to access the device through the WAN interface for security concern. So that the access or the traffic that coming through the WAN interface can be limited as required.
Custom Exception Another choice for the access control is also provided by WoMaster, it is called custom exception feature. Through this feature, it can help to allow the incoming access through the firewall to local devices. If the condition does not meet the requirement from the table, then the access would be denied. The description of the columns is as below: TERMS DESCRIPTION Src IP Address Set up the source IP Address that may access the device.
3.5.2 Outbound Firewall WoMaster’ router has different types firewall settings, user can enable the setting, configure the rules. The following section is Outbound Firewall Settings pages where user can configure the Outbound Firewall setting. TERMS DESCRIPTION Source IP Filter Source IP addresses Filtering from LAN to Internet through the router. Destination IP Filter Destination IP addresses Filtering from the LAN to Internet through the router.
Dest IP Filter By entries parameters in this table are used to restrict the computers in LAN from accessing certain websites in WAN according to IP address. The concept is the same as the source IP Filter. The packet would not send to the specific IP Address that showed on the list. Only the IP Address that shows on the list that cannot receive the packets.
Src Port Filter Entries in this table are used to restrict certain ports of data packets from user’s local network to the Internet through the Router. Use of such filters can be helpful in securing or restricting local network. The device just cannot receive any packets from the source port that showed on the list, the other packet that sent from any source port that not on the list would be received.
Dest Port Filter Entries in this table are used to restrict certain ports of data packets from user’s local network to Internet through the router. Use of such filters can be helpful in securing or restricting local network. And the device cannot send any packets to the destination port that showed on the list. Select Enable Destination Port Filtering, type the Port Range of below Protocol type, the protocol type can be UDP, TCP or Both.
3.5.3 NAT Setting Network Address Translation is the process where a network device, usually a firewall, assigns a public address to a device or group of devices inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economic and security purposes. The simple type of NAT provides one to one translation of IP address.
The description of the columns is as below: TERMS DESCRIPTION Port Forwarding Select Enable to activate Port Forwarding function. Public Port Range Configure the port range, which will be public to a WAN / Internet. User can configure one or a range of TCP/UDP port number. IP Address Configure the IP Address of the LAN PC. The traffic from the public port range will be redirected to this IP address. Protocol Configure TCP, UDP or Both (TCP + UDP) protocol type.
The description of the columns is as below: TERMS DESCRIPTION NAPT Enable Select the Interface while the router supports multiple WAN ports. There is only one activate WAN interfaces in this AP, select either Ethernet WAN or Wireless WAN. While you select Router/Client Router mode for both Ethernet and Wireless LAN interfaces, Client Router of Wireless WAN has higher priority and only it works.
The description of the columns is as below: TERMS DESCRIPTION 1 to 1 NAT Check the box to enable the function Local IP Address The target local IP Address WAN IP Address The incoming IP Address that coming through the WAN Comment Enter a comment Click Submit to apply the configuration.
3.5.4 OpenVPN WoMaster router supports OpenVPN. It implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. It is possible to create one-to-many tunnel for the VPN Server. OpenVPN implementation offers a cost-effective, simply configurable alternative to other VPN technologies. OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. The server and client have almost the same configuration.
OpenVPN Client This page is about the OpenVPN Client configuration page. While the device set as the VPN client, the parameters must follow the VPN Server settings. User should adjust the parameters with the administrator of the VPN server to entry the correct parameters. Two VPN servers IP are also provided in order to have the backup connection for VPN Server.
Port Default: 1194 Input the port number that VPN service used. Please check the VPN Server port setting. The range from 1-65535. Tunnel Protocol Choose use TCP or UDP to establish the VPN connection. Encryption Cipher Select the encryption cipher from Blowfish to AES in Pull-down menus.
OpenVPN Server To help user create the One to One Secure connection for the remote devices, WoMaster device supports both OpenVPN Server and OpenVPN Client. This Server setting allows user to configure the Secure M2M connection for one remote Client. But WoMaster router also supports one to multiple for VPN Client.
Encryption Cipher Select the encryption cipher from Blowfish to AES in Pull-down menus. Hash Algorithm Hash algorithm provides a method of quick access to data, including SHA1, SHA256, SHA512, and MD5 ping-timer-rem Default: Enable Select enable or disable the ping-timer-rem, this function is to prevent unnecessary restart at server/client when the network fails.
In OpenVPN client, you must type correct user name and password for authentication. Below is our OpenVPN client setting page, select the “TLS” Encryption Mode and Enable ”Login” checkbox, then the Username/Password columns are displayed. Type correct Username and password added in OpenVPN User Settings.
OpenVPN Certificate Using digital certificates for authentication instead of preshared keys in VPNs is considered more secure. In WoMaster’ devices, digital certificates are one way of authenticating two peer devices to establish a VPN tunnel. Key Generation in the device For OpenVPN connectivity, the OpenVPN Client must have the client Key/CA file generated by the OpenVPN Server. Normally, you can generate the key in your VPN server and upload to the router switch which is Open VPN client.
The description of the columns is as below: TERMS DESCRIPTION Delete VPN Key Display the ca/key files after generated TLS/Static Key. You can select and Delete the ca/key file here. Upload VPN Key Upload a certificate file from a specified file location. Generate TLS Keys The setting allows you to generate TLS key/ca files by the router switch. After click Generate, the system prompts you to wait 30 seconds to generate the key. Click Yes to start…then you will have multiple key/ca files.
3.5.5 IPSEC Settings Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. By configure this configuration page, user allows IPsec tunnels to pass through the router.
Set IPsec Remote Host, use the default setting if remote is dynamic IP Remote Subnet Set IPsec Remote Protected Subnet/Subnet Netmask Click Submit to apply the configuration. An Example of IPSec VPN: The reference topology above is how the branch office can get the access to the headquarter. The two laptops are connected to the secure router switch through the Ethernet cable. Enable the IPSec, type the same pre-share key and select the same cipher for both ends. Configure the IP address for both ends.
3.5.6 L2TP SETTING L2TP is a popular choice for remote roaming users for VPN applications since an L2TP client is built in to the Microsoft Windows operating system. In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.
Password Password for L2TP connection Select Select the list on the table, so user can press Edit or Delete Selected to delete. Click the Refresh button to refresh the list.
3.6 Warning WoMaster’ router provides several types of Warning feature for remote monitoring of end devices status or network changes. 3.6.1 Ping Watchdog Ping Watchdog is a feature that helps WoMaster’ router to allow user continuously ping a specific remote host for connection status using a user-defined IP address (or an Internet gateway). In this section, WoMaster provides two target IP Addresses, in order if the other IP Address cannot be reached, so there is another backup IP address.
3.6.2 SYSLOG Settings System Log is useful to provide system administrator locally or remotely monitor router events history. Once User finishes configuring the settings, click on Submit to apply User configuration. User can monitor the system logs in [Diagnostics] / [Event Log] page The condition or term described as following table. TERMS DESCRIPTION Enable Remote Syslog Server Select Enable to enable system log IP Address Specify the IP address of the server.
3.7 Diagnostics WoMaster Router provides several types of features for User to monitor the status of the router or diagnostic for User to check the problem when encountering problems related to the router. 3.7.1 Event Logs When remote System Log server mode is activated, the router will record occurred events in local log table. This page shows this log table. The entry includes the index, occurred data, time and content of the events.
Data Format Protocol Header: 802.3 + 802.2 LLC + 802.2 snap |- (DS + SA + Len) -|- DSAP + SSAP + CTRL -|- Org + type This page shows the routers active ARP table. An ARP table contains recently cached MAC addresses of every immediate device that was communicating with the router. Click on Reload to change the value.
3.7.3 Ping WoMaster’ provides Ping utility in the management interface, the function is to give users a simple but powerful tool for troubleshooting network problems and check that the remote device is still alive or not. Type Destination IP address of the target device and click on Ping to start the ping. 3.7.4 Traceroute Traceroute is a diagnostics tool for displaying the route (path) and measuring transit delays of packets across an Internet IP network.
3.7.5 Network Statistics This section shows about the packet data that transmitted or received regarding the Ethernet and Cellular activity. The Cellular packets include Wi-Fi and 2G/3G/LTE transmission. Click on Reload to refresh the table. The description of the columns is as below: TERMS DESCRIPTION Poll Interval Default: 5 To set the Poll Interval time setting with range from 0 to 65534. (second) Set To set new Interval time. Stop the old Poll Interval first before set the new interval.
3.7.6 Client Association List This Client Association List displays the current wireless connection status when there is a client that connected to the AP. It shows the SSID, MAC Address, Signal Strength, Noise Floor, Connection Time, Last IP and Action. For the security concern, in this page user can do the security action, such as Kick the unexpected user from the wireless networks.
3.8 IoT Over the past decade or so, the word “cloud” has taken on a new meaning to many people. Rather than a visible mass of condensed water vapor floating in the sky, the cloud has taken to the IoT industry in the form of data. WoMaster Industrial Router is supported with private clouds, ThingsMaster and public clouds, AWS and Microsoft Azure. Clouds offer great promise in improving the agility and flexibility of IT to respond to the requirements of the business cost effectively.
HOW TO CONNECT THE DEVICE TO AWS Create and login to AWS account. Select AWS IoT Services – click Thing. Add your device shadow. Create and download the key or certificate. Certificate, private key, root CA is necessary. Public key is used by AWS server to authenticate with private key. The public key and private cannot be downloaded back after the user closes the page. Policy can be added later.
Get the Target host to connect with the device. Go to Manage -> Things -> click the device name -> Click Interact. Copy the HTTPS link to update user’s Thing Shadow using this Rest API Endpoint. Connect the device to AWS. Copy the link and paste on the Target Host field at the AWS IoT page.
3.8.2 AZURE IoT Azure IoT Hub is a fully managed service that enables reliable and secure bi-directional communications between millions of Internet of Things (IoT) devices and a solution back end. One of the biggest challenges that IoT projects face is how to reliably and securely connect devices to the solution back end. To address this challenge, IoT Hub: Offers reliable device-to-cloud and cloud-to-device hyper-scale messaging.
CONFIGURE THE DEVICE AS A MQTT CLIENT In the Microsoft Azure Portal, go to IoT Hub menu and select: Devices > myCreatedDevice > Shared access policies > iothubowner > Connection string - primary key. User has to annotate the value of this field. 1. Get the connection string. Click the IoT Hub -> Shared access policies. 2. Click registryReadWrite -> copy the Connection string---Primary Key.
3. Download and install the Azure Device Explorer to generate the SAS Token. Go to this link to download the software: https://github.com/Azure/azure-iot-sdk-csharp/releases/download/2018-3-13/SetupDeviceExplorer.msi 4. Paste the Connection String --- Primary Key to the IoT Hub Connection String box. Then type the Protocol Gateway HostName and click Update. In the end, generate the SAS Token.
5. Configure the MQTT Client from the Web GUI. Enter the value based on the IoT Hub setting. And the device is connected to the cloud. Please find the Root CA through this link: https://github.com/Azure/azure-iot-sdk-c/blob/master/certs/certs.c 3.8.3 Private IoT WoMaster provides its own cloud service, ThingsMaster that could support the Industrial Plants Network. Under the cloud architecture, software, hardware, applications, and storage can all be provided as services.
Client ID Enter the client ID that has been registered. MQTT Publish Topic Specify the MQTT Topic MQTT The interval time to update the data Publish Interval Update on change Default: Uncheck Check the box to send update on when data changed. CA Certificate The function from this certificate file is to create an encrypted MQTT communication. User will get this file when download the ThingsMaster server file. Note. This field only supports in ThingsMaster v1.
Port Default: 8883 ACCESS TOKEN Generate the token from ThingsMaster RMS; this access token is used to access the device. GPS Location User Input: User input the device location information. By Hardware: if the device is supported with the GPS feature, then it will directly generate the location.
HOW TO ESTABLISH AND CONNECT TO THE THINGSMASTER OTA RMS SERVER Note: The UI of the ThingMaster, ThingMaster OTA RMS and VMWare software and download link is often updated, following steps and figures may be updated. 1. Contact our Sales to get the access to the ThingsMaster RMS Account. 2. Login to ThingsMaster OTA RMS, using RMS Account. Login: Password: 3. Go to Home -> Device Management to register the device.
4. Add new device information, by clicking the “+” at the corner of the page. After click “+” menu then a page will pop up. Enter the device information. - Name: Please start the name with Router + Number.
5. After the device is registered, then click on the device folder go to Details -> Click on Copy Access Token. This access token is code to link the device with the RMS Server. 6. Go to the Web GUI -> IoT -> RMS. Paste the Access Token code to the Web GUI. And complete the configuration.
7. After the configuration is done then go back to ThingsMaster RMS Server. And then click on the newly added Router -> Attributes-> Client Attributes to see if the data has been uploaded. 8. If all of the data has been uploaded, user can create a dashboard to visualize the data. Go to Dashboards menu. In this page, user can upload the JSON file that sent by the WoMaster Sales in the email. Click the “+” to import JSON File or Create a new Dashboard.
3.9 Backup and Restore User can use WoMaster’s Backup and Restore configuration to save and load configuration through the router. Users can browse the target folder and then type the file name to back-up the configuration. Browse the target folder and select existed configuration file to restore the configuration back to the router. This mode is only provided by Web UI while CLI is not supported.
3.10 Firmware Upgrade WoMaster provides the latest firmware online at www.womaster.eu. The new firmware may include new features, bug fixes or other software changes. WoMaster also provides the release notes for the update as well. For technical viewpoint, WoMaster suggests user uses the latest firmware before installing the router to the customer site. Note that the system will be automatically rebooted after User finished upgrading the new firmware.
3.11 Reset to Defaults This function provides users with a quick way of restoring the WoMaster router’s configuration to factory defaults. By check the Restore Factory default IP setting, it means the IP of the device will directly change to the default IP (192.168.10.1). Pop-up message screen to show User that have done the command. Click on OK to close the screen and reboot the device. Below is the interface for resetting the device with keep the IP Settings.
3.12 Save Save option allows user to save any configuration. Powering off the router without clicking on Save will cause loss of new settings. After selecting Save, click on Yes to save new configuration.
3.13 Logout There are 2 logout methods. If user doesn’t input any command within 30 seconds, the web connection will be logged out. The Logout command allows user to manually logout the web connection. Click on Yes to logout. 3.14 Reboot System Reboot allows user to reboot the device. Some of the feature changes require user to reboot the system. Click on Reboot to reboot device. Remember to click on Save button to save configuration settings.
4. REVISION HISTORY Version Description V1.0 1 released User Manual st Date Editor 20191212 Andrew 20200506 Orwell 20200821 Orwell Sep.21,2020 Orwell Sep.24,2020 Orwell No N:1 NAT page No OpenVPN user page V1.1 Update WA512G-D with DC Terminal Block Input -Appearance, Wiring power input with DC terminal block Update description of MESH Status Add 3.4.2.6 Client Router (Wireless WAN NAT) mode for Wireless interface. Supported by V1.4 and later firmware.
48V 0.5A rating for PoE. V1.3 Add FCC Statement Oct.
