FCC ID: 2AXAMWA512GM WLAN AP/Router

WA512G Series Industrial IEEE 802.11a/b/g/n/ac Wireless Mesh AP/Client COVER C Nov.2020 V.1.3 Industrial Dual Radio 2.4G+5GHz Concurrent Wireless Mesh AP/Client WoMaster WA512G User Manual Copyright Notice WoMaster. All rights reserved. About This Manual This user manual is intended to guide a professional installer to install and to configure the WoMaster Industrial Wireless MESH AP/Client. It includes procedures to assist you in avoiding unforeseen problems. Only qualified and trained personnel should be involved with installation, inspection, and repairs of this router. NOTE:

Disclaimer WoMaster reserves the right to make changes to this Manual or to the product hardware at any time without notice. Information provided here is intended to be accurate and reliable. However, it might not cover all details and variations in the equipment and does not claim to provide for every possible contingency met in the process of installation, operation, or maintenance. Should further information be required or should particular problem arise which are not covered sufficiently for the users purposes, the matter should be referred to WoMaster. Users must be aware that updates and amendments will be made from time to time to add new information and/or correct possible unintentional technical or typographical mistakes. It is the users responsibility to determine whether there have been any such updates or amendments of the Manual. WoMaster assumes no responsibility for its use by the third parties. WoMaster Online Technical Services At WoMaster, you can use the online service forms to request the support. The submitted forms are stored in server for WoMaster team member to assign tasks and monitor the status of your service. Please feel free to write to help@womaster.eu if you encounter any problems. 2 TABLE OF CONTENTS COVER................................................................................................................................................................................................. 1 TABLE OF CONTENTS ....................................................................................................................................................................... 3 DECLARATION OF CONFORMITY ................................................................................................................................................... 6 SAFETY PRECAUTION ....................................................................................................................................................................... 8 1. INTRODUCTION ......................................................................................................................................................................... 12 1.1 OVERVIEW ................................................................................................................................................ 12 1.2 MAJOR FEATURES ....................................................................................................................................... 13 2. INSTALLATION ............................................................................................................................................................................ 14 2.1 WA512G (IP67 HOUSING) .......................................................................................................................... 14 2.1.1 Dimension ............................................................................................................................................. 14 2.1.2 Product Appearance.............................................................................................................................. 14 2.2.3 Product Package ................................................................................................................................... 15 2.2.4 Interface Installation ............................................................................................................................. 15 2.2.4.1 Wiring Power Input ............................................................................................................................ 16 2.2.4.2 Wiring Antenna .................................................................................................................................. 17 2.2.4.3 Wiring Waterproof Connector ............................................................................................................ 18 2.2.5 Mounting the AP ................................................................................................................................... 19 2.2.6 LED ........................................................................................................................................................ 20 2.2 WA512G-D (DIN-RAIL) ............................................................................................................................. 21 2.2.1 Dimension ............................................................................................................................................. 21 2.2.2 Product Appearance.............................................................................................................................. 21 2.2.3 Product Package (WA512G-D)............................................................................................................... 22 2.2.4 Interface Installation ............................................................................................................................. 22 2.2.4.1 Wiring Power Input ............................................................................................................................ 22 2.2.4.2 Wiring the Ground ............................................................................................................................. 23 2.2.5 Mounting the AP ................................................................................................................................... 23 2.2.5.1 DIN-Rail Mounting ............................................................................................................................. 23 2.2.5.2 WALL Mounting ................................................................................................................................. 24 2.2.6 ANTENNA & LED.................................................................................................................................... 26 3. WEB MANAGEMENT CONFIGURATION ................................................................................................................................ 27 3.1 SYSTEM .................................................................................................................................................... 29 3.1.1 Information ........................................................................................................................................... 29 3.1.2 Login Settings ....................................................................................................................................... 29 3.1.3 Network Settings .................................................................................................................................. 32 3 3.1.4 Date and Time....................................................................................................................................... 33 3.1.5 DHCP Server .......................................................................................................................................... 34 3.2 ETHERNET PORT ......................................................................................................................................... 36 3.2.1 Port Status ............................................................................................................................................ 36 3.2.2 Ethernet Setting .................................................................................................................................... 36 3.2.3 Traffic Control ....................................................................................................................................... 37 3.3 GPS ........................................................................................................................................................ 37 3.3.1 GPS Status ............................................................................................................................................. 37 3.3.2 GPS Settings .......................................................................................................................................... 38 3.4 WIRELESS LAN .......................................................................................................................................... 39 3.4.1 WLAN Status ......................................................................................................................................... 39 3.4.2 WLAN Settings ...................................................................................................................................... 40 3.4.2.1 AP mode............................................................................................................................................. 40 3.4.2.2 Client mode ........................................................................................................................................ 45 3.4.2.3 WDS AP Mode .................................................................................................................................... 48 3.4.2.4 WDS Client Mode ............................................................................................................................... 51 3.4.2.5 Mesh Settings .................................................................................................................................... 53 3.4.2.6 Client Router (Wireless WAN NAT) Mode ........................................................................................... 56 3.4.3 WLAN Security ...................................................................................................................................... 57 3.4.4 Advanced .............................................................................................................................................. 58 3.4.4.1 Roaming (Client based Fast Roaming) ................................................................................................ 60 3.4.5 RADIUS Server (AP Mode) ..................................................................................................................... 63 3.4.6 Certificate File (Client Mode) ................................................................................................................. 64 3.5 SECURITY .................................................................................................................................................. 65 3.5.1 Access Control ....................................................................................................................................... 65 3.5.2 Outbound Firewall ................................................................................................................................ 69 3.5.3 NAT Setting ........................................................................................................................................... 73 3.5.4 OpenVPN .............................................................................................................................................. 77 3.5.5 IPSEC Settings ....................................................................................................................................... 85 3.5.6 L2TP SETTING ........................................................................................................................................ 87 3.6 WARNING ................................................................................................................................................. 89 3.6.1 Ping Watchdog ..................................................................................................................................... 89 3.6.2 SYSLOG Settings .................................................................................................................................... 90 3.7 DIAGNOSTICS ............................................................................................................................................. 91 3.7.1 Event Logs ............................................................................................................................................. 91 3.7.2 ARP Table .............................................................................................................................................. 91 3.7.3 Ping ....................................................................................................................................................... 93 3.7.4 Traceroute ............................................................................................................................................ 93 3.7.5 Network Statistics ................................................................................................................................. 94 3.7.6 Client Association List ........................................................................................................................... 95 4 3.8 IOT ......................................................................................................................................................... 96 3.8.1 AWS IoT ................................................................................................................................................ 96 3.8.2 AZURE IoT ............................................................................................................................................. 99 3.8.3 Private IoT ........................................................................................................................................... 102 3.8.4 RMS (Remote Management System) ..................................................................................... 103 3.9 BACKUP AND RESTORE ............................................................................................................................... 109 3.10 FIRMWARE UPGRADE ............................................................................................................................... 110 3.11 RESET TO DEFAULTS ................................................................................................................................. 111 3.12 SAVE ................................................................................................................................................... 112 3.13 LOGOUT ............................................................................................................................................... 113 3.14 REBOOT ............................................................................................................................................... 113 4. REVISION HISTORY .................................................................................................................................................................114 5 Declaration of Conformity CE RED (Radio Device Directive) While you see the CE Marking print in our product, it indicates the product comfort to the requirement of the CE RED. We provide the CE RED Declaration of Conformity (DoC) for our Wireless Router, WLAN AP products in our web site. The DoC includes the Brand Name, Product Name, Model Name, Description, compliant standards and Manufacture information. Different product may comfort to different standards of Safety, Health, EMC, Radio and other specific standard. You can download the formal document of the product in our Web site or apply from our Sales/Technical people. The DoC in this product manual applied to below models:

Brand Name: WoMaster Product Name: Industrial Din-Rail /Waterproof IP67 2.4+5GHz 802.11ac Wave 2 MESH WLAN AP/outer Model Name: WA512GM-D/IP67, WA512G-D/IP67 Compliant Standard:

Safety: UL62368-1 RF: EN300328, EN301893 B1, EN62311 EMC: EN301489-1/17, EN55032/35, EN61000-3-2/3 Also Complaint with FCC Standard:

RF: Part 15C 2.4G, FCC Part 15E 5G B1/B4, CFR 2.1091 EMC: FCC Part 15B The declaration of CE RED is authorized at the following company and address. WoM Asia.

( Manufacturer Name ) 4F, No.86-2, Yiwen 1st St., Taoyuan Dist., Taoyuan 330, Taiwan

( Manufacturer Address ) 6 FCC Federal Communications Commission Statement This device complies with FCC Rules Part 15. Operation is subject to the following two conditions:

This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operation. FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the users authority to operate the equipment. The antenna(s) used for this transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance. To maintain compliance with FCC exposure compliance requirement, please follow operation instruction as documented in this manual. Radiation Exposure Statement:

This equipment must be installed and operated in accordance with provided instructions and the antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter Installer Compliance Responsibility Devices must be professionally installed and it is the professional installers responsibility to make sure the device is operated within local country regulatory requirements. The device is compliance with IEC62368-1, EN62368-1, UL62368-1 Safety Request. Please read the safety precaution in user manual. 7 SAFETY PRECAUTION General Notification SELV: The device is designed for operation with SELV (extra-low voltage). It is powered from DC source. Connect the unit only to DC power source that complies with the SELV requirements in IEC/EN 62368 based safety standards. The product does Not include the AC power adapter. Electrical energy source classifications: The design is complaint with the ES1 definition of the EN62368-1 standard. This product is intended to be supplied by an external power source (UL listed / IEC 60950-1 / IEC 62368-1) which output is complied with ES1, PS2/LPS, output rating 24 Vdc (10-50 Vdc), 0.5 A min.(DC Terminal Block) or 48 Vdc, 0.5 A min.(PoE Input), ambient temperature 70 C minimum. The power cord of adapter should be connected to a socket outlet with an earthing connection, except for the adapter is complied with Class II construction. High temperature warning for IEC/EN 60950

(1) This equipment is intended to be used in Restrict Access Location. The access can only be gained by Skilled person or by Instructed person who have been instructed about the metal chassis of the equipment is so hot that Skilled person have to pay special attention or take special protection. Only authorized by well trained professional person can access the restrict access location.

(2) External metal parts are hot!! Before touching it, special attention or protection is necessary. Classification of use by: Please read the safety precaution and the user manual first before install the product. The ordinary person is only allowed to connect low voltage (<60V) power connector and configured the software settings. If you need to change the power system, reallocated the hardware installation, you MUST get approval and handled by skilled person. If you dont get exact info you need, you can contact our technical people of distributor or contact us by email:

support@womaster.eu Power For power connection, make sure the following requirement are met:

Power Specification: Follow the power installing instruction of the user manual, it indicates the available input voltage range, V+/V- pin assignment, power consumption and other notice. 8 Power Source: External power source must be UL listed / IEC 60950-1 / IEC 62368-1 compliant. In practical, the SELV DC product has no internal DC/DC isolation design. For external power, it is suggested to use isolated AC to DC or DC to DC power design PSU for installation. The output voltage and current of the Power Supply conforms to the range of the input voltage and inrush current of the equipment. Its minimum ambient temperature is equal to maximum operating temperature of the product. Switch ON Notice: Only switch on the supply voltage while the housing is closed, the input voltage is correct and the terminal blocks are wired correctly. Wiring: The connection cables used are permitted for the specified electronic voltage, current, wire diameter and temperature range. For DC voltage, it is at least 1.0mm, AWG16. Grounding: Besides the PSU selection, the Power Supply must be well installed, includes grounded and other notices which are defined in its instruction guide. The well digital/earth grounding is important and make sure everything is done correctly before power on the system. High Voltage Station Notice: If the product is installed inside the high voltage cabinet/station, for example the Wind power tower is usually 690V power system, shut down the power system before user go into the tower. The error 690V will kill your life and can not be cured. This is usually defined in the Safety Precaution of the high voltage station, just remind again here for warming. Environment & Housing Only operate the device at the specified ambient temperature and humidity. The temperature of the surrounding air means a distance of up to 5cm from the device. While installing multiple devices within the cabinet, remains suitable width between the devices is MUST for better heat dispersing. Hot surface. The enclosure is metal housing with rugged heat dispersing heat sink on top. Reserve some space for top heat sink can have better heat dispersing. Avoid touching the device while it is operating, especially in high temperature environment. NOT allow to open the housing: Only technicians authorized by the manufacturer are permitted to open the housing. Without the manufacturer permitted, open the housing means the product is not warrantied and no responsible for any unexpected risk. IP Degree: Connect the equipment which meets the IP degree of protection requirements for the application case. Installation Devices must be professionally installed and it is the professional installers responsibility to make sure the device is operated within local country regulatory requirements. The classification of Machine energy source is MS1. According to the definition, the product can be 9 installed <2m height environment. Indoor Area:

The product (WA512GM Series, WR312/322/212/222/224) is defined as indoor product. Most of the I/O interface is connected inside the cabinet/box, for example the power terminal block, USB and RJ-45 Note of the WR319/329 Series: The RJ-45 Ethernet LAN ports (port 1~8) is only allowed to be installed within indoor area. Only the RJ-45 Ethernet WAN port (port 9) can be connected to external device connectors. outside the box. USB: The attached USB socket is defined for device maintenance purpose only. Do NOT use it for other purpose, especially for charging the battery by the USB is restricted. If the device is damaged due to the restricted behavior, this is not included in product warranty range. (WA512G-IP67, WR312/322, WR316, WR319/329 Series supports USB interface.) Grounding: The equipment must be grounded. Ground the device before connecting the Ethernet cables, RF antenna, antenna cables and power supply. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. WLAN Plan Professional Wireless IT: If you are installing the equipment in the factory, station, open area, the professional Wireless IT Engineer can provide better service for AP location, channel and field plan to get better performance and coverage. RF (Radio Frequency) Notice:

Read the Radio output power, receiver sensitivity, antenna gain specification before installing. The shipped products and antenna comforts to the CE request and allowed to be used in all European countries. It also comfort to the FCC request and allowed to be used in USA. When installing external antennas, the Radio Output power and antenna gain value must be allowed according to the regulations of the country. When the system is operational with high gain antenna, avoid standing directly in front of it. Strong RF fields are present when the transmitter is on. When the system is operational with high gain antenna in short distance, adjust the radio output lower (still within the regulation of the country). Strong output power plus high gain antenna is not good installation for short distance transmission. Metal Limitation: Install the device in a cabinet or in an operating site with limited access, the metal cabinet will filter the radio signals, use the extended antenna cable and install the external antenna in free space helps to get better Radio signal. Note that You are responsible for undertaking suitable lightning protection. The Field EMD 10

(Lightning) DAMAGE IS NOT COVERED UNDER WARRANTY. PoE (Only for PoE model) The product supports standard PoE Input, please make sure the voltage range of PSE comforts to the standard PoE request. The voltage range of the 802.3at definition is 50~57V, 802.3af is 46~57V. According to the PoE/PoE+ definition, the maximum current through the Ethernet cable is 600mA/802.3at or 350mA/802.3af, the CAT 5E or above standard cable is suggested and the maximum Ethernet cable distance is less than 100m. Users MUST use the safety certificated PoE Switch, PoE Injector and Power Supply. The Industrial PoE Switch and PoE injector/adapter is recommended. Be notice the maximum power consumption of the product, it is NOT allowed to connect over the This wireless AP/Client, WA512GM Series supports one 802.3af PD (Power Device) port as power input. specification. There is no PoE output functionality. be not routing to outside plants. When this equipment (WA512GM Series) is to be connected to Power in PoE networks, which would 11 1. Introduction 1.1 Overview WA512G series is designed for IIoT application by dual band concurrent Wireless LAN Radio. WA512G is equipped with high performance Quad core ARM processor with 5GHz IEEE 802.11ac Wave 2 and 2.4G 802.11n WLAN radio, up to 866M+300Mbps high throughput, 2 Gigabit Eth ernet port are able to support Bridge/Router mode and powered by 802.3af PoE switch. It supports MESH self -healing wireless network, DHCP Server, NAT and secure VPN connectivity can reach 150Mbps IPsec performance in 256 -bit encryption. Model Name Description IP67 Series WA512GM-IP67-E WA512GM-IP67-U WA512G-IP67-E WA512G-IP67-U DIN-Rail Series WA512GM-D WA512G-D Industrial 802.11ac Din-Rail Dual Radio 2.4+5GHz Concurrent Wireless Mesh AP, 802.11ac Wave 2 +

802.11b/g/n WLAN, 2GE, USB, IP67 Enclosure, EU-plug Industrial 802.11ac Din-Rail Dual Radio 2.4+5GHz Concurrent Wireless Mesh AP, 802.11ac Wave 2 +

802.11b/g/n WLAN, 2GE, USB, IP67 Enclosure, US-plug Industrial 802.11ac Din-Rail Dual Radio 2.4+5GHz Concurrent Wireless AP/Client, 802.11ac Wave 2 +

802.11b/g/n WLAN, 2GE, USB, IP67 Enclosure, EU-plug Industrial 802.11ac Din-Rail Dual Radio 2.4+5GHz Concurrent Wireless AP/Client, 802.11ac Wave 2 +

802.11b/g/n WLAN, 2GE, USB, IP67 Enclosure, US-plug Industrial 802.11ac Din-Rail Dual Radio 2.4+5GHz Concurrent Wireless Mesh AP, 802.11ac+802.11b/g/n WLAN, 2GE, Din-Rail, 24VDC Terminal Block WLAN, 2GE, Din-Rail, 24VDC Terminal Block Industrial 802.11ac Din-Rail Dual Radio 2.4+5GHz Concurrent Wireless AP/Client, 802.11ac+802.11b/g/n 12

1.2 Major Features Below are the major features of WA512G Series:

- Quad-Core ARM Processor IEEE 802.11ac Wave 2, compatible with 802.11a/b/g/n Concurrent dual-band 2.4 G+5GHz radio, up to 866Mbps + 300Mbps Bandwidth 2x SMA/N-type Antenna socket for 2.4GHz + 5GHz DBDC (Dual Band Dual Concurrent)

- Dual Gigabit Ethernet ports in Router mode for WLAN/LAN to Eth-WAN routing

Support IEEE 802.3af PoE P.D. Input

- Qualcomm Wi-Fi SON MESH Technology (WA512GM Series) Self-Healing auto rerouting through multi-hop (up to 4 hops and 10 nodes) Self-Configuring Plug-and-play via Wireless network with ViewMaster utility

Enhanced Cyber Security & Redundancy Support Firewall for inbound/outbound traffic OpenVPN (server/client), IPsec for secure remote connection IPSec Performance >150Mbps @256-bit encryption Support L2TP with PPP, PAP, CHAP(LCP, IPCP) HTTPs/SSH secure login Support TACACS+ multi-user authentication for privileged user management Support Industrial IoT Cloud Server, AWS, Azure, Private IoT and communication protocol Support Network management utility ViewMaster and NetMaster NMS Support Private cloud management server ThingMaster, ThingMaster OTA for Remote Management Slim size 110x106x40mm Din-Rail mounting design (WA512GM/WA512G-D) Support 24V(9-50V) DC Input (WA512GM/WA512G-D) Support IP67 enclosure for industrial application (WA512GM/WA512G-IP67)

- Wide range operating temperature -40~70C 13 2. Installation This chapter introduces mechanical and contains information on installation and configuration procedures. 2.1 WA512G (IP67 Housing) 2.1.1 Dimension Dimensions of WA512G-IP67: 239mm(H) x 269mm(H) x 68mm (D) / without mounting clip 2.1.2 Product Appearance 14 2.2.3 Product Package Standard package includes:

1x Product Unit 1x Quick Installation Guide 1x PoE Injector with AC Plug 3x Cable Gland 1x Mounting kit

*Note: Antenna not included 2.2.4 Interface Installation After unpacking the box, follow the steps below in order to properly connect the device. 15 2.2.4.1 Wiring Power Input Standard package includes a PoE injector to power on WA512G-IP67 series. WA512G is a standard IEEE 802.3 PoE P.D. device and can also be power by PoE switch (P.S.E). Wiring the Power Input through PoE Injector 1) Install PoE injector power cord. 2) Install Ethernet cable between PoE ports of WA512G and PoE injector. 3) Install Ethernet cable between LAN ports of WA512G and PC/NB whenever proceeding WebGUI Wiring the Power Input through PSE switch 1) Install Ethernet cable between PoE ports of WA512G and PSE switch 2) Install Ethernet cable between LAN ports of WA512G and PSE switch whenever proceeding WebGUI configuration. configuration. 16 2.2.4.2 Wiring Antenna Antenna Socket on device - N-type female The antenna socket is N-type female and located on the top of the device. The antenna is usually installed in the upper/upward position. You can install the external antennas or you can install an antenna cables to connect to a long-distance antenna. Antenna/Antenna Cable - N-type male You can wire the waterproof antenna with N-type Male connector directly to the N-female socket on the top of the device. For safely installation, it is usually applied for short length, lower gain omni-antenna. You can also Wire extended antenna cable with N-type Male connector to connect the external antenna. Please noted that the longer RF cable must cause more signal lost, the shorter the more suitable. The RF cable quality is also important for the extended antenna installation. We recommend the high quality RF cable, for example the RF400 50ohm LOW LOSS COAXIAL CABLE with UV RESISTANCE. Note: In field installation, the RF Surge Arrestor is also important for product safety. RF Surge Arrestors RF surge arrester is also known as cable free coaxial lightning arrestors/suppressors. It is used for antenna feeder equipment, it can protect the communication device from the lightning strike. The arrestor features an N-type male and an N-type female connector to connect the extended RF cable. An earth bond connection must be created using the shortest path to the ground. 17 2.2.4.3 Wiring Waterproof Connector As shown in the figure, there are some steps to wire the waterproof connectors. Step 1~3: Lock the waterproof cover for the unused RJ45, USB and LED light connectors. The steps can be done before go to the field. Step 4~7: Wiring Ethernet cable. Since the Ethernet cable length is not fixed in every site, the steps are usually done in the field. Connect the Ethernet cable to the waterproof cable gland in sequence. If your RJ45 crystal connector is larger than the aperture, you must thread the cable before pressing the RJ45 crystal connector. Lock the Ethernet connector with cable gland finally. Step 8: After completing the installation of the connector, please check whether the Ethernet cable and the waterproof cable gland are fastened, and inject waterproof silicone to avoid water leakage. 18 2.2.5 Mounting the AP Mount the AP on a Pole/Wall 1) Screw up the attached mounting plate and the Access Point by screw A (M5, 15mm). 2) Screw up the mounting kit between pole and Access Point. 3) Mount the Access Point steadily to the pole by locking the pole mounting kit tightly. The antenna is installed in the upper/upward position. While installed the AP in high tall factory, the AP is also available by pole mounting on the ceiling. 4) You can also mount the Access Point steadily to the wall by locking the wall mounting plate tightly. The antenna is installed in the upper/upward position. You can use the attached screw B and its expansion screw. While using other type screw for wall-mounting, make sure the device is fixed well. 5)The mount plate can be installed in Horizontal or Vertical direction, refer to the below steps. Mounting plate in Horizontal installation (The N-Type Antenna socket is in upper/upward side.) 19 Mounting plate in Vertical installation (The N-Type Antenna socket is in upper/upward side.) 2.2.6 LED Check system status through LED connector. WA512G-IP67 series LED Status Description Amber On AP mode 5GHz Amber Blinking Station mode client connected Off Station mode/radio disabled Green On AP mode 2.4GHz Green Blinking Station mode client connected Station mode/radio disabled Off Off Red On Power On Power Not Receiving Power 20 2.2 WA512G-D (DIN-Rail) 2.2.1 Dimension 2.2.2 Product Appearance 21 2.2.3 Product Package (WA512G-D) Standard package includes:

1x Product Unit 1x Quick Installation Guide 2x WLAN Antenna, White 1 x Attached Din Clip sales contact window. The Antenna supports 2.4G/5G wide range. Attached them to ANT1 and ANT2 sockets. Note: The model doesnt offer PoE injector. If you need additional PoE injector or PoE switch, check with our 2.2.4 Interface Installation After unpacking the box, follow the steps below in order to properly connect the device. 2.2.4.1 Wiring Power Input The WA512G-D supports DC terminal block with 24V(9~50V) DC input. The typical power input voltage is 24VDC. Wire the power positive(+) and native(-) correctly before turn on the power supply. WA512G supports standard IEEE 802.3af PoE Power Device (PD), it can be powered by PoE switch (P.S.E) or PoE injector. WA512G equips with gigabit Ethernet ports and dual WLAN radio, its MUST to choose full gigabit PoE Switch with higher Ethernet bandwidth, for example the DP208, DP412, DP612. The standard package in WA512G-D does NOT have PoE injector inside. You can buy our passive 48V (not standard 802.3af/at PoE), you can also choose standard IEEE 802.3af/af PoE Injector for powering. You can aslo buy our PoE Switch. Wiring the Power Input through DC Terminal Block 1) Insert the positive and negative wires into the V+ and V- contact on the terminal block connector. 3) Connect the power wires to suitable DC Switching type power supply. The input DC voltage should be in the 2) Tighten the wire-clamp screws. range of the spec. Wiring the Power Input through PoE Injector 1) Install PoE injector power cord. WebGUI configuration. Wiring the Power Input through PSE switch 22 2) Install Ethernet cable between PoE ports of WA512G and PoE injector. 3) Install Ethernet cable between LAN ports of WA512G and PC/NB whenever proceeding 1) Install Ethernet cable between PoE ports of WA512G and PSE switch 2) Install Ethernet cable between LAN ports of WA512G and PSE switch whenever proceeding WebGUI configuration. 2.2.4.2 Wiring the Ground The chassis grounding screw is located on the bottom side of the router. For avoiding system damage by noise or electric shock, establish a direct connection between the ground screw and the grounding surface prior to connecting devices. 2.2.5 Mounting the AP You can mount the AP by attached Din-Rail Clip or Wall-mount by optional wall-mount plate. 2.2.5.1 DIN-Rail Mounting as shown by the following figures. The EN50022 DIN-Rail plate should be already attached to the back panel of the device screwed tightly. If user needs to reattach the DIN-Rail attachment plate to the device, make sure the plate is situated towards the top, 23 1. 2. 3. To mount the router on DIN Rail track, do the following instruction:

Insert the top side of DIN Rail track into the slot of DIN Rail clip. Lightly clip the bottom of DIN-Rail to the track and make sure it attached well. To remove the device from the track, reverse the steps. 2.2.5.2 WALL Mounting Optional Wall-mount Plate, MK-D1-2:

Name MK-D1-2 Specification WALL-MOUNTING KIT WITH 2 PLATES AND 8 SCREWS DP210 WALL MOUNT PLATE 2pc DP210 WALL MOUNT PLATE, PANTON BLACK (Or other color by request) Flat head M3 screw 8pcs Flat head screw, M3, length 6MM, nickel plated Packing material, zipper bag No3 Packing material, zipper bag No.3, 70(W)x100(L)MM for SCREW Packing material, zipper bag No.6 Packing material, zipper bag No.6, 120(W)x170(L)MM for All MK-D1-2 Dimension:

24 To mount the AP to the WALL/BOX, do the following instruction:

1. Remove the attached DIN Rail Clip first. 2. This wall-mount plate can be shared with our switch or router. For WA512GM-D, please use the 6 screw holes near the inside. 3. Lock the wall-mount plate by the attached M3 6mm length screw to the device. 4. Lock the wall-mount plate to the WALL. The suggested screw size for wall-mount is M6 12mm length. (This screw varies from site to site, we do not attach it.) Reference Wall-mount screw: M6 12mm 25 2.2.6 ANTENNA & LED WiFi Antenna WA512GM-D Series supports Dual Band in One Antenna socket design. It means one antenna can transmit dual band dual radio signal, you should choose Dual Band antenna. Connect the attached dual band antenna to the SMA connector on the front panel. Alternatively, you can connect the antenna through extended RF cable with antenna holder to SMA on the front panel and screwing the antenna holder on the field box. The magnet holder is also popular for metal box installation. Major Specification of attached antenna:

Frequency S.W.R Peak Gain (Max.) Efficiency Polarization Impedance 2400 ~ 2500 MHz 5150 ~ 5850 MHz

<= 2.0 @ 2400 ~ 2500 MHz

<= 2.0 @ 5150 ~ 5850 MHz The data is tested with 1M cable 1.92 dBi @ 2450 MHz 3.4 dBi @ 5150 MHz 70 % @ 2400 ~ 2500 MHz 85 % @ 5150 ~ 5850 MHz Linear 50 Ohm Connector Type SMA Male Reverse Operational Temperature

- 40 C ~ +65 C WA512GM/WA512G-D LED:

LED Status Description Green On Power On Off Not Receiving Power Green On Link Green Blinking Activity Green On AP mode Power Port 1/2 Ra (2.4GHz) Rb (5GHz) Green Blinking Station mode client connected Off Station mode/radio disabled 26 3. Web Management Configuration To access the management interface, WoMaster router has two ways access mode through a network; they are web management and telnet management. Web interface management is the most common way and the easiest way to manage a network, through web interface management, a router interface offering status information and a subset of device commands through a standard web browser. If the network is down, another alternative to access the management interface can be used. The alternative way is by using telnet management which is offer configuration way through CLI Interface. This manual describes the procedures for Web Interface and how to configure and monitor the managed router only. PREPARATION FOR WEB INTERFACE MANAGEMENT WoMaster provides Web interface management that allows user through standard web-browser such as Microsoft Internet Explorer, or Mozilla, or Google Chrome, to access and configure the router management on the network. 1. Plug the DC power to the router and connect router to computer. 2. Make sure that the router default IP address is 192.168.10.1. 3. Check that PC has an IP address on the same subnet as the router. For example, the PC and the router are on the same subnet if they both have addresses that start 192.168.10.x (Ex: 192.168.10.2). The subnet mask is 255.255.255.0. 5. 6. 7. appear. 4. Open command prompt and ping 192.168.10.1 to verify that the router is reachable. Launch the web browser (Internet Explorer or Mozilla Firefox or Google Chrome) on the PC. Type http://192.168.10.1 (or the IP address of the router). And then press Enter and the login page will Key in the NEW User name and Password in login screen while first Login. (There is no default user name and password for Security concern) 8. After you click OK, the Welcome page of the web-based management interface will appear. 9. On the left side you can see the list of software features, on the right side available settings. 27 In this Web management for Featured Configuration, user will see all of WoMaster Routers various configuration menus at the left side from the interface. Through this web management interface, user can configure, monitoring, and set the administration functions. The whole information used web management interface to introduce the featured functions. User can use all of the standard web-browser to configure and access the router on the network. 28 3.1 System When the user login to the router, user will see the system section appear. This section provides all the basic setting and information or common setting from the router that can be configured by the administrator. Following topics are included:

3.1.1 Information Information section, this section shows the basic information from the router to make it easier to identify different router that is connected to User network and also it shows LAN Settings information. The figure below shows the interface of the Information section. The description of the Informations interface is as below:

TERMS DESCRIPTION System Name Default: router Set up a name to the device. System Description Display the name of the product. Software Version Display the firmware latest version that installed in the device. MAC Address Display the hardwares MAC address that assigned by the manufacturer. IP Address Display the IP Address of the device Subnet Mask Display the subnet mask of the device 3.1.2 Login Settings WoMaster router supports Login Setting that has several authentication methods. It is supported with TACACS+, Radius, and Multi-User Authentication. This Login Setting consists of two level, admin and guest. Where the admin level, it has the privilege to read and write and for the guest level the privilege is read only. Below is the Login Setting section for admin level. 29 With the Name first login setting is administrator user name level and the authority allow user to configure all of configuration parameters. The Login Setting interface describes how to configure the system username and password for the web management login. To change the Name and Password, user just needs to input a new Name and New Password then confirm the new password in this section. Try to re-login with the new username and password. Below is the interface for guest level. With the Name default setting is guest and the authority allow user to read only all of configuration parameters. When user try to change the configuration, message will appear if user is not permitted to configure the configuration. Below is the interface. 30 The description of the Login Setting interface is as below:

TERMS DESCRIPTION User Name/ Guest Name Default: admin/guest New Password Confirm Password Save the configuration. Key in new username here. Key in new password here. Re-type the new password again to confirm it. After finishing configure the Username and Password, click on Submit to apply the configuration. Dont forget to 31 3.1.3 Network Settings The Network Setting section allows users to configure both IPv4 values for management access over the network. WoMaster router supports IPv4 and can be managed through either of these address types. Below is the IP Setting interface for Bridge Mode. The description of the columns is as below:

DESCRIPTION TERMS Type IP Address Default: 192.168.10.1 User can select to DHCP or Static IP to activate the function. DHCP: Select DHCP to activate DHCP Client Function, no need to assign IP Address and received IP Address from DHCP Server. Static IP: Select Static IP to configure the IP configuration manually Set up the IP address reserved by User network for User device. If DHCP Client function is enabled, no need to assign an IP address to device as it will be overwritten by DHCP server and shown here. Subnet Mask Default: 255.255.255.0 Assign the subnet mask for the IP address here. If DHCP Client function is enabled, no needs to assign the subnet mask. Gateway IP Address Default: 0.0.0.0. Assign the gateway for the device here. DNS 1 DNS 2 Specifies the IP address of the DNS server 1 that used in user network. Specifies the IP address of the DNS server 2 that used in user network. 32 And below is the IP Setting interface for the Router Mode where it supports with the WAN port on port 2. User can configure the WAN Settings. The description of the columns is as below:

TERMS Type DESCRIPTION IP Address Default: 192.168.1.1 Subnet Mask Default: 255.255.255.0 User can select to DHCP Client or Static IP to activate the function. DHCP Client: Select DCHP Client to activate DHCP Client Function, no need to assign IP Address and received IP Address from DHCP Server. Static IP: Select Static IP to configure the IP configuration manually Set up the IP address reserved by User network for User device. If DHCP Client function is enabled, no need to assign an IP address to device as it will be overwritten by DHCP server and shown here. Assign the subnet mask for the IP address here. If DHCP Client function is enabled, no needs to assign the subnet mask. Gateway IP Address Default: 0.0.0.0. Assign the gateway for the device here. DNS 1 DNS 2 Specifies the IP address of the DNS server 1 that used in user network. Specifies the IP address of the DNS server 2 that used in user network. 3.1.4 Date and Time The WoMaster router has a time calibration function based on information from an NTP server or user specified time and date, allowing functions such as automatic warning emails to include a time and date stamp. 33 The description of the columns is as below:

TERMS DESCRIPTION Current Time User can configure time by input it manually. Get PC Time: get the time the PC Time Zone NTP Choose the Time Zone section to adjust the time zone based on the user area. Enable NTP Client update by checking this box. Select the time server from the NTP Server dropdown list or select Manual IP to manually input the IP address of available time server.

*Make sure that the device also has the internet connection. After finished configuring, click on Submit to activate the configuration. 3.1.5 DHCP Server DHCP Server Setting WoMaster router has DHCP Server Function that will provide a new IP address to DHCP Client. After enabling DHCP Server function, set up the Network IP address for the DHCP server IP address, Subnet Mask, Default Gateway address and Lease Time for client. Below is the DHCP Server Setting interface 34 The description of the columns is as below:

TERMS DESCRIPTION DHCP Setting Select to Enable or Disable to activate and deactivate DHCP Server function. IP Address Start Assign the IP Address Start range. IP Address End Assign the IP Address End range. Subnet Mask Default: 255.255.255.0 Assign the subnet mask for the IP address here for DHCP Server. Assign the gateway for the router here for DHCP Server. Gateway WIN S1 WIN S2 Enter WINS Server 1 IP address Enter WINS Server 2 IP address Primary DNS Server Enter Primary DNS Server that used in user network. Secondary DNS Server Enter Secondary DNS Server that used in user network. Lease Time Default: 1440 The maximum length of time for the IP address lease. Enter the Lease time in minutes. (Lease Time range: 15-44640 minutes) The DHCP Server will automatically assign an IP address to the computers on the LAN/private network. Be sure to set user computers to be DHCP clients by setting their TCP/IP settings to Obtain an IP Address Automatically. When user turns the computers on, they will automatically load the proper TCP/IP settings provided by the router. If User manually assigns IP addresses to User computers or devices, make sure the IP addresses are outside of this range or User may have an IP conflict. After finished configuring, click on Submit to activate the configuration. DHCP Leased Entries Click the Reload button to refresh the list. The figure below shows the DHCP Leased Entries. It will show the MAC and IP address that was assigned by router. The description of the columns is as below:

TERMS IP Address DESCRIPTION IP address that was assigned by router. MAC Address The MAC Address of the network interface that was used to acquire Time to expire(s) Remains time for the IP address from DHCP Server leased. the lease. 35 3.2 Ethernet Port Ethernet Port section is used to access the port configuration and rate limit control. It also allows User to view port status and port trunk information. 3.2.1 Port Status Port Status section allows users to see the current status from the Ethernet. Display the Ethernet status, whether it is Link Up or Link Down. Show the Speed/Duplex for each port, such as 10 full,10 half,100 full,100 half mode The description of the columns is as below:

DESCRIPTION TERMS Link Speed/Duplex Default: N/A for Giga Ethernet Port 1~2 Click on Reload to update the information. 3.2.2 Ethernet Setting Use this page to configure the Ethernet setting. The description of the Ethernet Setting page is as below:

TERMS State DESCRIPTION Enable or disable the port. Speed/Duplex Default: Auto / Auto-Negotiation Configure the Speed/Duplex of the port Ethernet 1. Users can set the bandwidth of each port as Auto-negotiation, 100 full, 100 half, 10 full, 10 half mode. Click Submit to apply the configuration that just made. 36 3.2.3 Traffic Control Traffic control is a form of flow control used to enforce a strict bandwidth limit at a port. User can configure separate Incoming Outgoing rate limits and burst The description of the columns is as below:

TERMS DESCRIPTION Enable Traffic Control Check the box to activate the function Outgoing Rate Limit Default: 1024000 kbit/s Outgoing Burst Default: 20 kBytes Set the maximum outgoing rate. Set the maximum outgoing burst. Click on Submit to apply the configuration. 3.3 GPS device location. This GPS section has the function to show the current position of the device. It could help the technician to track the 3.3.1 GPS Status GPS status is always disable since user need to manually input GPS coordinates in GPS settings page. 37 3.3.2 GPS Settings In this GPS Setting section, user can manually input GPS coordinates. The coordinates can be used to report to cloud or specific server. TERMS DESCRIPTION GPS mode Default: Disable Disable: Disable GPS function. GPS: Enable GPS function. WA512G series does not support active GPS. Contact WoMaster salesperson for GPS support. User Input: Input Latitude and Longitude. The coordinates can be used to report to cloud or specific server. 38 This Wireless LAN configuration pages only support the device that supported with Wi-Fi feature. This configuration page allows users to configure the Wireless LAN configuration. 3.4 Wireless LAN 3.4.1 WLAN Status The figure below shows the WLAN status. The description of the columns is as below:

TERMS DESCRIPTION Operation Mode Display the current operating modes on the device Wireless Mode Display the current wireless mode SSID Encryption ACK Timeout WMM Enable Noise Floor TERMS Mode SSID Display the primary name of the SSID Display the encryption mode. The ACK time of wireless beacon packet Display the status of the WMM support. Display the background noise level. DESCRIPTION MESH AP or RE (Range Extender) mode The current SSID of MESH network Description when MESH AP Enabled WLAN 1 Signal Strength WLAN 1 Signal in dBm unit WLAN 1 Status Connected or Disconnected Status WLAN 1 Signal Strength WLAN 2 Signal in dBm unit WLAN 1 Status Connected or Disconnected Status 39 3.4.2 WLAN Settings WLAN Setting page, on this page user may configure the parameters for Wireless LAN Interface includes change wireless interface modes and all of the related parameters for each operation mode. There are 2 WLAN interfaces supported in WA512G series. WLAN1 for 2.4GHz and WLAN2 for 5GHz in AP mode can be configured in the same time. Only one radio can be configured to client mode in the same time. Pop up window will be displayed to indicate only one radio can be configured in client mode 3.4.2.1 AP mode The Access Point mode, it establishes a wireless connection, receive from wireless clients and provide connection for wireless client devices, the client can search and connect to several the access points. The description of the columns is as below:

TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireless Select the Operation Mode for the router. (AP, Wireless Client, WDS-AP Operation Mode SSID functions. Default: AP and WDS-Client) Default: WR322_1 40 Broadcast SSID Default: Enabled. Input the primary name of the access point. By enabling the broadcast SSID, it makes the AP can be accessed and searched by the clients, and for the security concern by disabling this broadcast SSID, the network will be hidden in order to prevent any Wireless Separation Default: Disable malicious attack. By enabling the function, connected clients will be separated and can WMM support Default: Enable reach each other (ex: cant ping each other) To enable or disable WIFI multi-media QoS. Max. Station Num Default: 64 Specify the maximum number of connected clients Country Select your country code for band regulation. Wireless Mode Default: 802.11G/N Select the specific wireless mode, different wireless mode has different configuration. For each wireless mode, it has the specific frequency and it has different basic settings. HT Protect Default: Disabled Channel Default: 2437MHz (6) Select Enabled to activate the High Throughput protect to ensure HT transmission with MAC mechanism. Select the proper channel, each country has different band user may select the channel based on the situation. Or select auto to automatically set the channel. Extension Channel Default: Lower Channel 2417MHz (2) 41 This option would be appeared when user select the Channel Mode to 20/40MHz or 40MHz. To put range for the frequency, it provides the Lower Channel (2417MHz (2)) with the 40MHz center frequency is 2427MHz (4) and Upper Channel (2457MHz (10)) with the 40MHz center Channel Mode Default: 20MHz frequency is 2447MHz (8). There are three channel modes, 20MHz, 20/40MHz and 40MHz. If user select 20MHz, the frequency that can be received maximum is 20MHz. For 20/40MHz it can receive both frequency, and for the 40MHz, it provides bigger data rate and received the 40MHz frequency. But basically, if the transmission happened between the AP and the client, both AP and client can have the negotiation phase about the frequency. Specify the transmission power. For the higher output power, it can cover the signal widely and of course may need big power consumption. The Full output power may need the antenna. Maximum Output Power Default: Half Data Rate Default: Auto Select the specific data rate in order to control the transmission rate. Auto is preferred rate, the access point will automatically select the highest available rate to transmit. User may select the low rate when there is no great demand for transmission speed, for long distance transmission. Extension Channel Protection Select from the dropdown list option between CTS-Self or RTS-CTS to avoid conflict with other wireless network and to improve the ability of the device to catch all the wireless transmissions. By activating this 42 function, it may decrease wireless network performance. Click Submit to apply the configuration At the SSID section, there is a Multi SSID button appeared. This AP mode supports the multiple SSID or multiple access point connections. So user may separate the connection into several access points and it is supported with 8 profiles for multiple SSID. Click the button then another form will appear, see the figure below. The description of the column is as below:

TERMS DESCRIPTION Profile Name Display the available WLAN Profile name SSID Security VLAN ID Enable Display the SSID Name. Display the VLAN ID Display the current security mode for the Wireless network Check the box to enable the WLAN Profile. When user enabled the Profile, user may configure the WLAN Setting by click the Profile name. Click Submit to apply the configuration 43 The Multi SSID section shows the configuration page where the Profile1 always enabled. In this section, user may configure each Profile by check the box to enable the Profile and then click the profile name to open the configuration page for specific Profile. The figure below is the pop-up WLAN Security configuration page for each Profile. In this configuration page, user can configure the AP profile, divide the AP connection and set the security setting by put the encryption mode and set the key or password to access the AP. Refers to the WLAN Security Section for more description (3.7.3). Click Submit to apply the configuration Pop up window may be blocked by browser. Change browser settings to allow pop-up window to configure multi-SSID. 44 3.4.2.2 Client mode Wireless Client mode, in this mode the device is able to connect to the Access Point and join the wireless network around the device that opens the connection. User can find the best connection for the AP by click the Site Survey and the AP list will appear. The description of the columns is as below:

TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireless Operation Mode Select the Operation Mode for the router. (AP, Wireless Client, WDS-AP functions. and WDS-Client) SSID Input the primary name of the access point. WMM support Default: Enable To enable or disable WIFI multi-media QoS. Country Select your country code for band regulation. Wireless Mode Default: 802.11G/N Select the specific wireless mode, different wireless mode has a different configuration. For each wireless mode, it has a specific frequency and it has different basic setting. Channel Mode Default: 20MHz 45 There are three channel modes, 20MHz, 20/40MHz and 40MHz. If user select 20MHz, the frequency that can be received maximum is 20MHz. For 20/40MHz it can receive both frequency, and for the 40MHz, it provides bigger data rate and received the 40MHz frequency. But basically, if the transmission happened between the AP and the client, both AP and client can have the negotiation phase about the frequency. Specify the transmission power. For the higher output power, it can cover the signal widely and of course may need big power consumption. The Full output power may need the antenna. Maximum Output Power Default: Half Maximum Data Rate Default: Auto Select the specific data rate in order to control the transmission rate. Auto is preferred rate; the access point will automatically select the highest available rate to transmit. User may select lower rate when there is no great demand for transmission speed, for long distance transmission. Extension Channel Protection Select from the drop down list option between CTS-Self or RTS-CTS to avoid conflict with other wireless network and to improve the ability of the device to catch all the wireless transmissions. By activating this function, it may decrease wireless network performance. Click Submit to apply the configuration 46 Wireless Site Survey (Wireless Client & WDS-Client) Click the Site Survey button to open the Wireless Site Survey page. On this page user may choose the Access Point that appeared on the list. After selects the specific AP, then click Selected to apply the choice. Click Scan to refresh the list. The description of the columns is as below:

Frequency/Channel Display the current frequency of the AP. TERMS Select SSID MAC Address Wireless Mode Signal Strength Security DESCRIPTION Select the SSID. Display the detected SSIDs name Display the listed AP MAC Address. Display the Wireless mode. Display the signal strength The security mode of the Access Point. Click Selected to connect to the specific SSID. Pop up window may be blocked by browser. Change browser settings to allow pop-up window to configure multi-SSID. 47 3.4.2.3 WDS AP Mode The WDS-AP mode usually implements the Point to Point (P2P) connection, so the access point should be WDS-AP and the wireless client should be WDS-Client. In this case, the AP just can share the connection to the specific wireless client that has its MAC Address. But WDS-AP can be a repeater to provide network access to general clients. The description of the columns is as below:

TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireless Operation Mode Select the Operation Mode for the router. (AP, Wireless Client, WDS-AP SSID Broadcast SSID Default: Enabled. Input the primary name of the access point. By enabling the broadcast SSID, it makes the AP can be accessed and searched by the clients, and for the security concern by disabling this broadcaset SSID, the network will be hidden in order to prevent any function. and WDS-Client) Default: WR322_1 malicious attack. 48 Wireless Mode Default: 802.11G/N Select the specific wireless mode, different wireless mode has different configuration. For each wireless mode, it has specific frequency and it has different basic setting. HT Protect Default: Disabled Channel Default: 2437MHz (6) Select Enabled to activate the High Throughput protect to ensure HT transmission with MAC mechanism. Select the proper channel, each country has different band user may select the channel based on the situation. Or select auto to automatically set the channel. Extension Channel Default: Lower Channel 2417MHz (2) This option would be appeared when user select the Channel Mode to 20/40MHz or 40MHz. To put range for the frequency, it provides the Lower Channel (2417MHz (2)) with the 40MHz center frequency is 2427MHz (4) and Upper Channel (2457MHz (10)) with the 40MHz center Channel Mode Default: 20MHz frequency is 2447MHz (8). There are three channel modes, 20MHz, 20/40MHz and 40MHz. If user 49 Maximum Output Power Default: Half select 20MHz, the frequency that can be received maximum is 20MHz. For 20/40MHz it can receive both frequencies, and for the 40MHz, it provides bigger data rate and received the 40MHz frequency. But basically, if the transmission happened between the AP and the client, both AP and client can have the negotiation phase about the frequency. Specify the transmission power. For the higher output power, it can cover the signal widely and of course may need big power consumption. The Full output power may need the antenna. Data Rate Default: Auto Select the specific data rate in order to control the transmission rate. Auto is preferred rate; the access point will automatically select the highest available rate to transmit. User may select the low rate when there is no great demand for transmission speed, for long distance transmission. Extension Channel Protection Select from the dropdown list option between CTS-Self or RTS-CTS to avoid conflict with other wireless network and to improve the ability of the device to catch all the wireless transmissions. By activating this function it may decrease wireless network performance. Click Submit to apply the configuration 50 3.4.2.4 WDS Client Mode In WDS-Client mode, user must specify the specific WDS-APs SSID and MAC address. So WDS-Client just do the transmission to the WDS-AP only. In this mode, please make sure that the configuration should be the same as the WDS-AP as well. The description of the columns is as below:

TERMS DESCRIPTION WLAN Interface Check the box to disable the WLAN interface and stop all of the wireless Operation Mode Select the Operation Mode for the router. (AP, Wireless Client, WDS-AP and functions. WDS-Client) Default: WR322_1 SSID AP MAC Address Default: 00:00:00:00:00:00 Input the primary name of the access point. Set the specific AP MAC Address of the WDS-AP. Wireless Mode Default: 802.11G/N Select the specific wireless mode, different wireless mode has a different configuration. For each wireless mode, it has a specific frequency and it has different basic setting. 51 Channel Mode Default: 20MHz There are three channel modes, 20MHz, 20/40MHz and 40MHz. If user select 20MHz, the frequency that can be received maximum is 20MHz. For 20/40MHz it can receive both frequencies, and for the 40MHz, it provides bigger data rate and received the 40MHz frequency. But basically, if the transmission happened between the AP and the client, both AP and client can have the negotiation phase about the frequency. Specify the transmission power. For the higher output power, it can cover the signal widely and of course may need big power consumption. The Full output power may need the antenna. Maximum Output Power Default: Half Data Rate Default: Auto Select the specific data rate in order to control the transmission rate. Auto is preferred rate, the access point will automatically select the highest available rate to transmit. User may select the low rate when there is no great demand for transmission speed, for long distance transmission. Extension Channel Protection Select from the dropdown list option between CTS-Self or RTS-CTS to avoid conflict with other wireless network and to improve the ability of the device to catch all the wireless transmissions. By activate this function it may decrease wireless network performance. 52 3.4.2.5 Mesh Settings WA512GM series support mesh network. Click checkbox and submit button to enable mesh network. SSID will be used as connections for both mesh links and wireless clients. Mesh link will be connected automatically to form adaptive mesh network. There are 2 roles in mesh network:

CAP: Central AP, also known as root AP, with a wired data connection that can be configured to relay data to and from mesh APs. In CAP, you can enable MESH in 2.4GHz or 5GHz frequency, define SSID and Key for the MESH network. The DHCP server feature is enabled automatically in CAP, it can assign IP address to MESH RE devices and RE: Range Extender, to form a mesh network by uplink to other RE or CAP. In MESH RE device, the MESH SSID and connected clients. Key setting must follow CAP settings. Note that other wireless modes including AP/client/WDS AP/WDS client modes will be dismissed and cant be configured. Disable mesh to go back to AP/client/WDS AP/WDS client mode. AP/client/WDS AP/WDS client modes will be dismissed when mesh enabled. Disable mesh to enable AP/client/WDS AP/WDS client modes again. MESH Settings TERMS Mesh DESCRIPTION Check the box to enable mesh network Operation Mode Select the Operation Mode in mesh network. CAP: Central AP, node with WAN uplink for outside network. RE: Node has only uplink to other RE nodes or CAP nodes, functions as range extender. WLAN 1 Channel Select the channel of WLAN 1 (CAP only) WLAN 2 Channel Select the channel of WLAN 2 (CAP only) 53 SSID The SSID will be used for both mesh links and wireless clients. The setting within the MESH network must be the same. WPA Pre-Share Key Passphrase used to connect to SSID. The setting within the MESH network must be the same. MESH Status The MESH Status in CAP:

Click MESH Status, you can find the MESH status of the connected AP in this page. In Local Status, you can find the information of the WLAN interface, Operation mode, MESH SSID, Uplink Status, Hop to CAP(0 in CAP), Downlink number and Hops. In Device, you can find all the APs role and information. It helps you to monitor the MESH network. You can draw your MESH network architecture according to the information. The first column you see is ME, the role of your connected AP. While check RE, the first column will be 1(ME): RE mode. 54 Quick MESH configuraiton in ViewMaster ViewMaster allows user to group assign and change WLAN MESH Setting. Scan and select all the MESH APs, you can assign/change SSID, Key and enable CAP. Once you change the settings, please reboot all the MESH device to activate the new seting. ViewMaster Configuration Utility Download:

Go to the Support/Software & Literature/Software page of the WoMaster web site. Apply the member account and login, then you can download the ViewMaster software. The link is as following: https://www.womaster.eu/download_83_84.htm If you cant find the link, search key word WoMaster ViewMaster to find it through searching machine. Install the ViewMaster and run Search Device. You can find your device through network, you can configure basic setting, for example the IP address, WLAN/MESH settings, configuration file backup/restore and firmware upgrade. 55 3.4.2.6 Client Router (Wireless WAN NAT) Mode Some of the specific firmware supports the Client Router operation mode, also known as WLAN NAT or Wireless WAN mode. The configured WLAN 1 or WLAN 2 interface acts as WAN interface instead of other Ethernet or WLAN interfaces. Refer to the below comparison table of WALN/Ethernet interface to Router operation mode. Interface\

Operation Mode WLAN 1-

Clinet Router WLAN 2-

Clinet Router RJ45 Interface WLAN Interface Eth 1 Eth 2/PD WLAN 1 WLAN 2 Note LAN LAN LAN WAN

(ath0) LAN to Wireless WAN NAT Routing. LAN LAN LAN WAN LAN to Wireless WAN

(ath16) NAT Routing. Ethernet - Router LAN LAN LAN WAN

(Eth1) Ethernet - Bridge

(Default Setting) LAN LAN LAN LAN Default: All interfaces work as LAN segment Note: Only one Radio can be enabled as Client/Client Router mode. After enabled the WLAN Client Router mode, the interface of WLAN 1 in WAN Settings of Network settings is ath0. The interface of WLAN 2 in WAN Settings of Network settings is ath16. You can select Static IP or DHCP Client, and assign the IP address for your Wireless WAN interface. The system will run the LAN to Wireless WAN NAT Routing. WLAN 1 is WAN 56 3.4.3 WLAN Security On this configuration page, user can configure the WLAN Security feature. The description of the columns is as below:

TERMS Encryption DESCRIPTION Configure the data encryption mode. None: Available only when the authentication type is an open system. 64 bits WEP: It is made up of 10 hexadecimal numbers. 128 bits WEP: It is made up of 26 hexadecimal numbers. TKIP: Temporal Key Integrity Protocol, which is a kind of dynamic encryption, is co-used with WPA-PSK. AES: Advanced Encryption Standard, it is usually co-used with WEP can be configured with a 64-bit or 128-bit Shared Key (hexadecimal or ASCII). As defined, hexadecimal number is represented by 0-9, A-F or a-f;

ASCII is represented by 0-9, A-F, a-f or punctuation. Each one consists of Key Type WPA2-PSK. Default: Hex Default Key Default: Key 1 two-digit hexadecimal. Set the specific default key. Key 1~4 Enter the specific encryption key. 57 3.4.4 Advanced The page allows the advanced user to configure advanced wireless setting with more experience about the WLAN. If user doesnt have any qualified knowledge about WLAN, we suggest not to change the default setting except user know the effects when the setting is changed. The wrong configuration may impact the performance of wireless network. The description of the columns is as below:

TERMS DESCRIPTION A-MPDU/A-MSDU For the AP mode, the data rate of the AP could be enhanced greatly. Do aggregation not enable this function if the wireless clients dont support A-MPDU/A-MSDU aggregation. Short GI Enable this function to obtain better data rate. (careful with compatibility RTS Threshold Default: 2347 (1-2347) issue) Basically, it is about the transmission process between the AP and the end station. When the AP sends Request to Send frames to station and it will do the negotiation process about sending the data frame. When the station receives an RTS frame, the station will respond with send back Clear to Send frame to confirm the right to start transmission. Specify the maximum size in byte for a packet before data is fragmented into multiple packets. Setting it too low may result in poor network Fragment Threshold Default: 2346 (256-2436) Beacon Interval Default: 100ms (20-1024 ms) performance. 58 DTIM Interval Default: 1 (1-255) Specify the interval to broadcast packets. Preamble Type when idling. Default: Long Delivery Traffic Indication Message interval is an additional message added after the beacon interval broadcast by access point. It is for enhancing the wireless transmission efficiency. The more intervals we added, the more power that we need. By setting a low value of DTIM, user can effectively keep the devices awake indefinitely so they never go into sleep mode Preamble Type setting means that it adds some additional data header strings to help check the Wi-Fi data transmission errors. Basically, preamble type divided into two, long and short. Short is for shorter data strings that adds less data to transmit the error redundancy check which means that it is much faster. Long Preamble Type uses longer data strings which allow for better error checking capability. Auto Preamble Type the device can set the Preamble Type Automatically according to the need, which is can be long or can be short. By enabling IGMP Snooping allows the ports to detect IGMP queries, report packets, and manage multicast traffic through the AP. IGMP Snooping provides the ability to prune multicast traffic so that it travels only to those end destinations that require that traffic. The Antenna Number setting allows user to choose the antenna that used in the wireless connection. Basically, the default setting is set to Two antennas, because the device itself provide two antenna sockets. User can configure One Antenna or Two Antenna. Please refer to the Antenna Placement table to connect the antenna correctly. The feature is available in WLAN Client mode. The client can check better AP by itself and start the Fast Roaming mechanism without AP controller. Select Enable to configure the Fast Roaming feature, you will find more advanced settings. Check the Fast Roaming description in below. IGMP Snooping Default: Enable Antenna Number Default: Two Antenna Roaming Client Based Fast Roaming 59 3.4.4.1 Roaming (Client based Fast Roaming) The feature can be applied in Wireless client mode, configured WLAN setting to 2.4G or 5G Radio Frequency, then you can find the command in Advance WLAN setting page. There are two major setting, Roaming Threshold (dbm) and Roaming difference. Roaming Threshold(dbm): While there are some APs, the client checks the signal strength, listens the available APs, and start to connect new AP while reaching the Roaming Threshold. You can check and measure the performance in the site, then type the suitable value for your environment. Roaming Min Diff: It is practical to install multiple APs with overlapping coverage, this is gray or red zone area. In this area, the client with Fast Roaming can find other available APs, check better signal connectivity and then quickly switch to new AP. However, to avoid frequently switch the connected AP among the available APs, it is better to reserve a minimum gray area before switching from the connected AP to new AP. Figure 3.4.4.4-1: Fast Roaming Architecture For example in above, the Roaming Threshold is configured as -55dbm and the Roaming Min Diff is 5. The client starts Fast Roaming mechanism while the signal strength of other available AP is -55dbm. The Client continuously check the signal strength of the available APs, however, it still connects to original AP until the signal strength of the original AP is lower than -60(-50-5)dbm. Refer to below overlapped area between AP1 and AP2. While the client is moving and signal strength is lower than -60dbm, it start to connect new available AP which has better signal (>Roaming min Diff) than original AP. To reach high fast roaming performance, the frequency channel scanning feature is restricted to 3 specific channel, you can select the channels youd applied in web GUI. 60 The feature can be applied in Wireless client mode only. Choose one of the Radio in WLAN Settings and configure Wireless Client operation Mode. Note: Please noted that the SSID of the target APs for the fast roaming client must be the same. The available fast roaming scan channel is 3, the APs channel setting should be one of the three available channels. Due to the different language and input method types, some characters may be mistaken for the same SSID, but they are actually different SSIDs. Pay attention to avoid this situation. Figure 3.4.4.4-2: The WLAN Setting: Wireless Client operation mode and SSID. Figure 3.4.4.4-3: The WLAN Advanced Setting: Roaming feature is Disable in default. 61 Figure 3.4.4.4-3: The WLAN Advanced Setting: Fast Roaming Setting. The description of the columns after Enabled Fast Roaming is as below:

TERMS Roaming DESCRIPTION Select Enable to configure the Fast Roaming feature, you will find more advanced settings as below. Default is Disable. Roaming Threshold(dbm) Type the Threshold of when to roaming to new AP. In practical, you should do site survey in your environment and find out the suitable value for your field. Roaming Min Diff

(1~10) Default: 3 (Range: 1-10 In practical, you should do site survey in your environment and find out the suitable value for your field. Scan Channel Fixed the target scan channel can reach quick roaming performance. The system allows 3 channels, select the specific channel here. When scanning channels, it is in accordance with the order of settings. Selecting the closest channel in turn can speed up roaming time. 62 3.4.5 RADIUS Server (AP Mode) The Remote Authentication Dial In User Service (RADIUS) mechanism is a centralized AAA (Authentication, Authorization, and Accounting) system for connecting to network services. The fundamental purpose of RADIUS is to provide an efficient and secure mechanism for user account management. The RADIUS server system allows you to access the router through secure networks against unauthorized access. How to set up a RADIUS server:

a. Enter the IP address of the RADIUS server in Server IP Address b. Enter the Shared Secret of the RADIUS server c. Enter the Server port if necessary, by default RADIUS server listens to port 1812 The description of the RADIUS Authentication interface is as below:

d. Click Submit TERMS IP Address Server Port DESCRIPTION Radius Server IP Address Set communication port on an external RADIUS server as the authentication database. The default value is 1812 Shared Key Shared key is used to verify that RADIUS messages, with the exception of the Access-Request message, are sent by a RADIUS-enabled device that is configured with the same shared key. Shared key also verifies that the RADIUS message has not been modified in transit (message integrity). 63 3.4.6 Certificate File (Client Mode) Using digital certificates for authentication method through the RADIUS that provided by the AP. User needs to upload the specific certificate file, so then the client can access the Wi-Fi connection. The description of the columns is as below:

TERMS DESCRIPTION Delete User Key Delete the selected certificate Upload User Key Upload a certificate file from a specified file location 64 3.5 Security WoMaster Router provides several security features for User to secure access to its management functions and it can be remotely managed (monitored and configured). 3.5.1 Access Control WoMaster router provides access control mode in several ways, such as Remote Management, WAN Service Access Control and Custom Exception. By configuring this configuration, user can enhance the security access to the device. Remote Management Port) Remote Management the router. Remote management function: open the Remote Management, that would allow the user via the local access (WAN The description of the columns is as below:

TERMS Telnet DESCRIPTION Allows the user to remotely login and manage the device by Telnet. When user doesnt enable it, the connection through telnet will not allow. SNMP Allows the user to remotely login and manage the device by SNMP. When user doesnt enable it, the connection through SNMP will not allow. SSH Allows the user to remotely login and manage the device by SSH/ When user doesnt enable it, the connection through SSH will not allow. HTTPS Only Allows the user to remotely login and manage the device by HTTPS access for secure connection, and it would disable the HTTP access. Once User finishes configuring the settings, click on Submit to apply configuration. 65 HTTPS Only HTTP Secure is the use of the HTTP protocol over an SSL/TLS protocol. It is used primarily to protect against eavesdropping of communication between a web browser and the web site to which it is connected. This is especially important when you wish to have a secure connection over a public network such as the internet. HTTPS connections are secured through the use of certificates issued by trusted certificate authorities. When a web browser makes a connection attempt to a secured web site, a digital certificate is sent to the browser so that it can verify the authenticity of the site using a built-in list of trusted certificate authorities. If user uses the HTTPS Only, a warning page would appear when user access the device in order to provide a secure access. The picture above is the warning message about the digital certificate and user just need to accept this warning by click Proceed to 192.168.10.1 (unsafe). 66 WAN Access When user changes the device mode to router mode (Port 1 WAN interface) the WAN Access feature can be activated. This feature is about the exception to access the device through the WAN interface for security concern. So that the access or the traffic that coming through the WAN interface can be limited as required. The user may choose the Filter All functions to block all access from the WAN interface or enable the exception options, then the router allows user to remotely access to the router from WAN interface. The description of the columns is as below:

DESCRIPTION By select Filter All, it will block all external access from WAN interface to the device (such as SSH, SNMP, Web and Telnet) and unblock the exception options. from the WAN Interface Select this option to allow access to the router using Web (HTTP or HTTPS) Select this option to allow access to the router using Telnet from the WAN Select this option to allow access to the router using SSH from the WAN Select this option to allow access to the router using SNMP from the WAN Interface Interface Interface Once User finishes configuring the settings, click on Submit to apply configuration. TERMS Filter All Web Telnet SSH SNMP 67 Custom Exception Another choice for the access control is also provided by WoMaster, it is called custom exception feature. Through this feature, it can help to allow the incoming access through the firewall to local devices. If the condition does not meet the requirement from the table, then the access would be denied. The description of the columns is as below:

DESCRIPTION Dest Port Range Set up the destination port range where the access is going to. Set up the source IP Address that may access the device. Set up the source port range where the access came from. Put any notes for the entry. Select the table, so user can press Delete Selected to delete, Click edit to modify the parameters TERMS Src IP Address Src Port Range Comment Select Edit on the table. Once User finishes configuring the settings, click on Submit to apply configuration and a new line will directly appear 68 3.5.2 Outbound Firewall WoMaster router has different types firewall settings, user can enable the setting, configure the rules. The following section is Outbound Firewall Settings pages where user can configure the Outbound Firewall setting. TERMS DESCRIPTION Source IP Filter Source IP addresses Filtering from LAN to Internet through the router. Destination IP Filter Destination IP addresses Filtering from the LAN to Internet through the router. Source Port Filtering Source Ports Filtering from the LAN to Internet through the router. Destination Port Filtering Destination Ports Filtering from the LAN to Internet through the router Src IP Filter By entries parameter in this table, it can restrict certain types of data packets from the local network to the internet through the Router. The Source IP Filter will help to filter all of the packets that coming into the router. If the source IP is on the list, then the packets would be dropped. But if the source IP is not on the list, then the packets can be received. Select Enable to activate Source IP Filtering, type the Local IP Address and Comment to write notes for the entry. Click Submit to activate the settings. After applied, then user can see the new entry shown in the below table. The description of the columns is as below:

TERMS DESCRIPTION Local IP Address Display the Source IP address. Comment Put any notes for the entry. Select Edit Select the table, so user can press Delete Selected to delete, Click edit to modify the parameters Click Refresh to refresh the table 69 Dest IP Filter table. By entries parameters in this table are used to restrict the computers in LAN from accessing certain websites in WAN according to IP address. The concept is the same as the source IP Filter. The packet would not send to the specific IP Address that showed on the list. Only the IP Address that shows on the list that cannot receive the packets. Select Enable to activate Destination IP Filtering, type the Destination IP Address and Comment to write a note for the entry and then click Submit to apply the settings. After applied, then user can see the new entry shown in the below The description of the columns is as below:

TERMS DESCRIPTION Destination IP Address Display the Destination IP address. Comment Put any notes for the entry. Select Edit Select the table, so user can press Delete Selected to delete, Click edit to modify the parameters Click Refresh to refresh the table 70 Src Port Filter Entries in this table are used to restrict certain ports of data packets from users local network to the Internet through the Router. Use of such filters can be helpful in securing or restricting local network. The device just cannot receive any packets from the source port that showed on the list, the other packet that sent from any source port that not on the list would be received. Select Enable Source Port filtering, type the Port Range of below Protocol type, the protocol type can be UDP, TCP or Both. Type the Comment to write a note for the entry and then click Submit to activate the settings. After applied, user can see the new entry shown in the below table. The description of the columns is as below:

TERMS DESCRIPTION Source Port Range Display the Source Port Range (Range is from 1 to 65535) Protocol Comment Select Edit Display the protocol that has been chosen by the user. Put any notes for the entry. Select the table, so user can press Delete Selected to delete, Click edit to modify the parameters Click Refresh to refresh the table 71 Dest Port Filter Entries in this table are used to restrict certain ports of data packets from users local network to Internet through the router. Use of such filters can be helpful in securing or restricting local network. And the device cannot send any packets to the destination port that showed on the list. Select Enable Destination Port Filtering, type the Port Range of below Protocol type, the protocol type can be UDP, TCP or Both. Type the Comment to write note for the entry and then press Submit to apply the settings. After applied, then user can see the new entry shown in the below table. The description of the columns is as below:

TERMS DESCRIPTION Dest Port Range Display the Destination Port Range (Range is from 1 to 65535) Protocol Comment Select Edit Display the protocol that has been chosen by the user. Put any notes for the entry. Select the table, so user can press Delete Selected to delete, Click edit to modify the parameters Click Refresh to refresh the table 72 3.5.3 NAT Setting Network Address Translation is the process where a network device, usually a firewall, assigns a public address to a device or group of devices inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economic and security purposes. The simple type of NAT provides one to one translation of IP address. It can be used to interconnect two IP networks, normally one network is for Local Area Network and the other network is for Wide Area Network/Internet. To support this function, there are two ways to do it, by using Source Network Address Translation (SNAT), Destination Network Address Translation

(DNAT). Basically, Network Address Translation (NAT) occurs when one of the IP addresses in an IP packet header is changed. In a SNAT, the destination IP address is maintained and the source IP address is changed. Most commonly, a SNAT allows a host on the inside of the NAT, in an RFC 1918 IP address space, to initiate a connection to a host on the outside of the NAT. It supports the Port Forwarding, DMZ and 1 to 1 NAT configuration. A DNAT, by way of contrast, occurs when the destination address is changed and the source IP address is maintained. A DNAT allows a host on the outside to connect to a host on the inside. In both cases, the NAT has to maintain a connection table which tells the NAT where to route returning packets. An important difference between a SNAT and a DNAT is that a SNAT allows multiple hosts on the inside to get to any host on the outside. By way of contrast, a DNAT allows any host on the outside to get to a single host on the inside. It is supported in NAPT and 1 to 1 NAT features. To configure the NAT Setting, the Port Forwarding, DMZ, Port Mapping Policy and 1 to 1 NAT configuration page are provided in this section. Port Forwarding By configuring this table, it allows user to automatically redirect common network services to a specific machine behind the NAT firewall. Select Enable to activate Port Forwarding function and then input all of the parameters to configure the port forwarding. 73 The description of the columns is as below:

TERMS DESCRIPTION Port Forwarding Select Enable to activate Port Forwarding function. Public Port Range Configure the port range, which will be public to a WAN / Internet. User can configure one or a range of TCP/UDP port number. IP Address Configure the IP Address of the LAN PC. The traffic from the public port range will be redirected to this IP address. Protocol Configure TCP, UDP or Both (TCP + UDP) protocol type. Port Range Configure the port range of the LAN; the traffic from the public port will be redirected to these ports. Comment Add information to the entry. Once User finishes configuring the settings, click on Submit to apply User configuration. DMZ A Demilitarized Zone is used to provide Internet services without sacrificing unauthorized access to its local private network. Typically, the DMZ host contains device accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (e-mail) servers and DNS servers. Click Enable to activate the function and assign the IP address of DMZ Host IP Address. This is the DMZ computers IP address. Click Submit to activate the function. The description of the columns is as below:

TERMS DMZ DESCRIPTION Select Enable to activate DMZ function. DMZ Host IP Address Configure the port range, which will be public to a WAN / Internet. User can configure one or a range of TCP/UDP port number. Click Submit to apply the configuration. N to 1 NAT (NAPT) /Port Mapping Policy This page allows user to Enable NAPT interface and configure the Port Mapping policy from NAT Setting. 74 The description of the columns is as below:

TERMS DESCRIPTION NAPT Enable Select the Interface while the router supports multiple WAN ports. There is only one activate WAN interfaces in this AP, select either Ethernet WAN or Wireless WAN. While you select Router/Client Router mode for both Ethernet and Wireless LAN interfaces, Client Router of Wireless WAN has higher priority and only it works. Port Mapping Policy Default: Reuse Click Submit to apply the configuration. Reuse: Use the same port number that has been used to access the same remote device. Randomize: Change the port number every time access the remote device. 1 to 1 NAT One-to-one NAT is a way to make systems behind a firewall and configured with private IP addresses (those reserved for private use in RFC 1918) appear to have public IP addresses. With one-to-one NAT, you assign local systems RFC 1918 addresses then establish a one-to-one mapping between those addresses and public IP addresses. For outgoing connections SNAT (Source Network Address Translation) occurs and on incoming connections DNAT (Destination Network Address Translation) occurs. Below is the 1 to 1 NAT section interface. 75 The description of the columns is as below:

TERMS 1 to 1 NAT DESCRIPTION Check the box to enable the function Local IP Address The target local IP Address WAN IP Address The incoming IP Address that coming through the WAN Comment Enter a comment Click Submit to apply the configuration. 76 3.5.4 OpenVPN WoMaster router supports OpenVPN. It implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. It is possible to create one-to-many tunnel for the VPN Server. OpenVPN implementation offers a cost-effective, simply configurable alternative to other VPN technologies. OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. The server and client have almost the same configuration. The difference in the client configuration is the remote endpoint IP or hostname field. Also, the client can set up the keepalive settings. OpenVPN Status This section shows the VPN Client and Server current status. The description of the columns is as below:

TERMS Enabled DESCRIPTION Default: no yes: The VPN function is enabled. no: The VPN function is not enabled Connection Status Default: Disconnected Connected: The VPN connection is established Disconnected: The VPN connection is not established Click Refresh to update the information. 77 OpenVPN Client Server. This page is about the OpenVPN Client configuration page. While the device set as the VPN client, the parameters must follow the VPN Server settings. User should adjust the parameters with the administrator of the VPN server to entry the correct parameters. Two VPN servers IP are also provided in order to have the backup connection for VPN The description of the columns is as below:

TERMS DESCRIPTION Enable VPN Client Select Enable to activate the VPN Client function Encryption Mode Choose the Encryption Mode Static Key: Use a pre-shared static key. TLS: Use SSL/TLS + certificates for authentication and key exchange. Server 1 Server 2 Type the IP Address of the VPN Server Type the second IP Address of the VPN Server if needed. 78 Port Default: 1194 Input the port number that VPN service used. Please check the VPN Server port setting. The range from 1-65535. Tunnel Protocol Choose use TCP or UDP to establish the VPN connection. Encryption Cipher Select the encryption cipher from Blowfish to AES in Pull-down menus. Hash Algorithm Hash algorithm provides a method of quick access to data, including SHA1 SHA256SHA512MD5 ping-timer-rem Default: Enable Select enable or disable the ping-timer-rem, this function prevent unnecessary restart at server/client when network fail. persist-tun Default: Enable persist-key Default: Enable Select enable or disable the persist-tun, enable this function will keep tun(layer 3) device linkup after Keepalive timeout. Select enable or disable the persist-key, enable this function will keep the key first use if VPN restart after Keepalive timeout. LZO Compression Default: Disable Select use LZO Compression or not, this function compresses data to decrease the traffic but also need more CPU effort. Select enable or disable Keepalive function, this function is use to detect the Keepalive Default: Enable Ping Interval Default: 10 status of connection. Retry Timeout Default: 60 Input the ping interval, the range can from 1~99999 seconds. nobind Check the box to activate nobind function. With nobind function, the source Input the retry timeout, the range can from 1~99999 seconds. ifconfig Route ports are random. Input the tunnel IP addresses that VPN use. Input the route IP and MASK. This is the target IP domain that user can access Save Log File Click Save to keep the VPN Client Log. through the VPN tunnel. Click Submit to apply the configuration. 79 OpenVPN Server To help user create the One to One Secure connection for the remote devices, WoMaster device supports both OpenVPN Server and OpenVPN Client. This Server setting allows user to configure the Secure M2M connection for one remote Client. But WoMaster router also supports one to multiple for VPN Client. The description of the columns is as below:

TERMS DESCRIPTION Enable VPN Server Select Enable to activate the VPN Server function Encryption Mode Choose the Encryption Mode Server 1 Server 2 Port Static Key: Use a pre-shared static key. TLS: Use SSL/TLS + certificates for authentication and key exchange. Type the IP Address of the VPN Server Type the second IP Address of the VPN Server if needed. Default: 1194 Input the port number that VPN service used. Please check the VPN Server port setting. The range from 1-65535. Tunnel Protocol Choose use TCP or UDP to establish the VPN connection. 80 Encryption Cipher Select the encryption cipher from Blowfish to AES in Pull-down menus. Hash Algorithm Hash algorithm provides a method of quick access to data, including SHA1, ping-timer-rem Default: Enable SHA256, SHA512, and MD5 persist-tun Default: Enable Select enable or disable the ping-timer-rem, this function is to prevent unnecessary restart at server/client when the network fails. Select enable or disable the persist-tun, enable this function will keep tun(layer 3) device linkup after Keepalive timeout. persist-key Default: Enable Select enable or disable the persist-key, enable this function will keep the key first use if VPN restart after Keepalive timeout. LZO Compression Default: Disable Select use LZO Compression or not, this function compresses data to decrease the traffic, but also need more CPU effort. Keepalive Default: Enable Select enable or disable Keepalive function, this function is used to detect the status of the connection. Ping Interval Input the ping interval, the range can from 1~99999 seconds. Retry Timeout Input the retry timeout, the range can from 1~99999 seconds. ifconfig Route Input the tunnel IP addresses that VPN use. Input the route IP and MASK. This is the target IP domain that user can access Save Log File Click Save to keep the VPN Server Log. through the VPN tunnel. Click Submit to apply the configuration. OpenVPN User Settings This is extended setting of OpenVPN Server and applied in 1 Server to N Clients OpenVPN connectivity. You can add User Name settings in this page. Add User Name, Password and Confirm Password, Remote Network and Netmask and click Submit. Then you can see the User Name database in below column. 81 In OpenVPN client, you must type correct user name and password for authentication. Below is our OpenVPN client setting page, select the TLS Encryption Mode and Enable Login checkbox, then the Username/Password columns are displayed. Type correct Username and password added in OpenVPN User Settings. 82 OpenVPN Certificate Using digital certificates for authentication instead of preshared keys in VPNs is considered more secure. In WoMaster devices, digital certificates are one way of authenticating two peer devices to establish a VPN tunnel. Key Generation in the device For OpenVPN connectivity, the OpenVPN Client must have the client Key/CA file generated by the OpenVPN Server. Normally, you can generate the key in your VPN server and upload to the router switch which is Open VPN client. However, while you just want to establish site to site VPN connectivity, install another Open VPN server may consume lots of cost and engineer effort. In the latest firmware, the WoMaster Secure Router Switch supports Key generation feature. Click Generate in Generate TLS Keys and Generate Static Key in the Open VPN Router, the system prompts you to wait 30 seconds to generate the key. Click Yes to start and wait 30 seconds. After generated, there are some VPN key/CA files generated and stored within the system. The files include both OpenVPN Server and Client key/ca files. The two key/ca files, dh1024.pem and server.crt are applied to Open VPN Server only. The two files must be stored within the Open VPN server. For security concern, the files are not allowed to download. You just need to generate the keys while configured the Router as an Open VPN Server. The rest of key/ca files include CA, Client Cert and Client Key. The three files must be stored within both the Open VPN server and client. You can download the keys to your PC and upload the files to OpenVPN client. Then the client has the same key. This is usefully tool for you to build you OpenVPN connectivity. If you prefer to use Static Key, you can generate the static.key in OpenVPN Server and put the key in both OpenVPN Server and Clients. client key/ca files in below columns. You can see the files name by select the drop-down menu of Delete VPN Key, download/import OpenVPN 83 The description of the columns is as below:

TERMS DESCRIPTION Delete VPN Key Display the ca/key files after generated TLS/Static Key. You can select and Delete the ca/key file here. Upload VPN Key Upload a certificate file from a specified file location. Generate TLS Keys The setting allows you to generate TLS key/ca files by the router switch. After click Generate, the system prompts you to wait 30 seconds to generate the key. Click Yes to startthen you will have multiple key/ca files. Generate Static Key The setting allows you to generate Static key by the router switch. After click Generate, the system prompts you to wait 30 seconds to generate the key. Click Yes to start then you will have static.key file in the system. Download CA Download the generated ca.crt file here. Copy and Upload the key to the OpenVPN client Router. Download Client Cert Download the generated client.crt file here. Copy and Upload the key to the OpenVPN client Router. Download Client Key Download the generated client.key file here. Copy and Upload the key to the OpenVPN client Router. Download Static Key Download the generated static.key file here. Copy and Upload the key to the OpenVPN client Router while you prefer to establish OpenVPN connectivity by using Static Key. 84 3.5.5 IPSEC Settings Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. By configure this configuration page, user allows IPsec tunnels to pass through the router. The description of the columns is as below:

TERMS DESCRIPTION Enable IPsec Select Enable to activate the IPsec function IPsec Status Display the IPsec status, whether it is connected or disconnected When the VPN is connected, the IPsec status will display Connected. Exchange Mode Main or Aggressive mode selection Authentication Default: PSK Method Optional: Pre Shared Key or Certificate Pre-shared key Default: none Type the Pre-shared key. The Pre-share key must be the same in both ends. IPsec Cipher Suites Default: AES128-SHA1-DH2 Set algorithms for IKE and ESP proposal, choose AES128-SHA1-DH2, DES-SHA1-DH2, 3DES-SHA1-DH2 and AES256-SHA1-DH2. The cipher must be the same in both ends. Local IP IP Address of the local side of the tunnel. (Use 0.0.0.0 when WAN is dynamic IP.) Local Subnet Set IPSec local protected subnet and subnet mask, i.e. 192.168.1.0/24 Remote Host Default: 0.0.0.0 85 Set IPsec Remote Host, use the default setting if remote is dynamic IP Remote Subnet Set IPsec Remote Protected Subnet/Subnet Netmask Click Submit to apply the configuration. An Example of IPSec VPN:

86 The reference topology above is how the branch office can get the access to the headquarter. The two laptops are connected to the secure router switch through the Ethernet cable. Enable the IPSec, type the same pre-share key and select the same cipher for both ends. Configure the IP address for both ends. The Router at the branch office normally acts as the VPN Client role

(not really client mode in IPSec), the Router at head quarter normally acts as the VPN Server role. The HQ normally has public IP, thats the Remote IP of the router in branch office. The local subnet in HQ is the remote subnet of the router in branch office. If you have public IP in branch, its better to use public IP address for the WAN interface. If you just have dynamic IP address for branch office, then use 0.0.0.0 as local IP. To check the connection status, you can use Ping tool in Routers Web GUI to check the WAN connection. You must ping remote WAN IP address successfully first. Then you can try ping from PC2 to its connected interface, WAN IP of two routers and then remote PC1. This is also the typical debugging rule to check WAN and VPN connectivity. 3.5.6 L2TP SETTING L2TP is a popular choice for remote roaming users for VPN applications since an L2TP client is built in to the Microsoft Windows operating system. In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. Below is the L2TP Server Setting interface. The description of the column is as below:

TERMS DESCRIPTION L2TP Server Check the box to enable the function. Local IP Address The IP Address of the L2TP Server. Offered IP Range Offered IP Address range for the L2TP Clients (Maximum 10 clients) Authentication Method This section belongs to User Setting section. User can choose authentication using the password authentication protocol (PAP) and challenge handshake authentication protocol (CHAP). Click the Submit button to apply the configuration. Below is the User Setting for the L2TP Authentication connection. The description of the column is as below:

TERMS User Name DESCRIPTION Username for L2TP connection 87 Password Select Password for L2TP connection Select the list on the table, so user can press Edit or Delete Selected to delete. Click the Refresh button to refresh the list. 88 3.6 Warning changes. WoMaster router provides several types of Warning feature for remote monitoring of end devices status or network 3.6.1 Ping Watchdog Ping Watchdog is a feature that helps WoMaster router to allow user continuously ping a specific remote host for connection status using a user-defined IP address (or an Internet gateway). In this section, WoMaster provides two target IP Addresses, in order if the other IP Address cannot be reached, so there is another backup IP address. There are two conditions in this Ping Watchdog section, the first one is when the device continuously ping the target IP and in the end, it can reach one of the target IPs the device would not reboot. But if both targets IPs cannot be reached, the device will start counting the Ping Fail Counter time till it can be reached. If it is unable to ping the target IP address, this device will automatically reboot. After User finishes configuring the settings, click on Submit to apply User configuration. The description of the columns is as below:

TERMS DESCRIPTION Enable Ping IP Address 1 Clicks enable to activate the feature. Set the first IP Address to check if the Enable Ping IP Address 2 Clicks enable to activate the feature. Set the second IP Address to check if device is alive or not the device is alive or not Ping Interval Default: 300 (seconds) Set the interval timer to Ping the remote device. Every 300 seconds the Watchdog Deferred Default: 120 (seconds) >120 device will try to ping the target IP. Ping Fail Counter Default: 30 device continue to reboot itself. The device needs time to boot, the startup delay use to buffer to prevent the When the remaining Ping Fail Counter reach to 0 or reach the failure count, Click Submit to apply the configuration. the device will reboot. 89 3.6.2 SYSLOG Settings System Log is useful to provide system administrator locally or remotely monitor router events history. Once User finishes configuring the settings, click on Submit to apply User configuration. User can monitor the system logs in [Diagnostics] / [Event Log] page The condition or term described as following table. TERMS DESCRIPTION Enable Remote Syslog Server Select Enable to enable system log IP Address Specify the IP address of the server. Port Default: 514 Specify the port number of the server After finish with the configuration, clicks Submit to activate the function. 90 3.7 Diagnostics WoMaster Router provides several types of features for User to monitor the status of the router or diagnostic for User to check the problem when encountering problems related to the router. 3.7.1 Event Logs When remote System Log server mode is activated, the router will record occurred events in local log table. This page shows this log table. The entry includes the index, occurred data, time and content of the events. TERMS DESCRIPTION

Time Source Show the logs source. Message Show the record status. Event index assigned to identify the event sequence. The time is updated based on how the current date and time is set in the Basic Setting page. Click Reload to refresh the table. Click Clear to remove the entire event logs list. User may download the event logs file by click Download. 3.7.2 ARP Table Basically, WoMaster device is supported with two types of ARP which is the standard ARP and ARP with 802.2 LLC Type 2. Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network. A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. The other ARP feature is ARP with 802.2 LLC Type 2 is the new level of ARP where the device will response the request of 802.2 snap ARP on the Ethernet port and not support sending the request of 802.2 snap ARP. Below is the Data format. 91 Data Format Protocol Header:

802.3 + 802.2 LLC + 802.2 snap

|- (DS + SA + Len) -|- DSAP + SSAP + CTRL -|- Org + type This page shows the routers active ARP table. An ARP table contains recently cached MAC addresses of every immediate device that was communicating with the router. Click on Reload to change the value. 92 3.7.3 Ping WoMaster provides Ping utility in the management interface, the function is to give users a simple but powerful tool for troubleshooting network problems and check that the remote device is still alive or not. Type Destination IP address of the target device and click on Ping to start the ping. 3.7.4 Traceroute Traceroute is a diagnostics tool for displaying the route (path) and measuring transit delays of packets across an Internet IP network. Log containing route information will be shown after few seconds. Enter the destination IP Address then click traceroute to start the process. It will start search the route and measuring the transit delays of the packet. 93 3.7.5 Network Statistics This section shows about the packet data that transmitted or received regarding the Ethernet and Cellular activity. The Cellular packets include Wi-Fi and 2G/3G/LTE transmission. Click on Reload to refresh the table. The description of the columns is as below:

TERMS DESCRIPTION Poll Interval Default: 5 To set the Poll Interval time setting with range from 0 to 65534. (second) Set Stop To set new Interval time. Stop the old Poll Interval first before set the new interval. To stop Polling Interval, this action can be executed when user wants to change the poll interval time. 94 3.7.6 Client Association List This Client Association List displays the current wireless connection status when there is a client that connected to the AP. It shows the SSID, MAC Address, Signal Strength, Noise Floor, Connection Time, Last IP and Action. For the security concern, in this page user can do the security action, such as Kick the unexpected user from the wireless networks. This page also provides the refresh function to refresh the list automatically, where user may set the refresh period for refresh the list. Click Set to apply the setting, click Stop to stop the refresh function. Click Reload to refresh the list. The description of the columns is as below:

DESCRIPTION TERMS SSID Last IP Action Display the primary name of the SSID that available on the network. MAC Address Display the MAC Address that connected to the AP. Signal Strength Display the connection signal strength. Noise Floor Display the background noise level. Connection Time Display the time when the client connected to the AP. Show the IP Address of the wireless client. In this section user may do an action by kick the unexpected wireless client. 95 3.8 IoT Over the past decade or so, the word cloud has taken on a new meaning to many people. Rather than a visible mass of condensed water vapor floating in the sky, the cloud has taken to the IoT industry in the form of data. WoMaster Industrial Router is supported with private clouds, ThingsMaster and public clouds, AWS and Microsoft Azure. Clouds offer great promise in improving the agility and flexibility of IT to respond to the requirements of the business cost effectively. The security challenges raised by the loss of control and visibility in the journey to the cloud can be addressed in terms of securing infrastructure, information, identities, and devices. 3.8.1 AWS IoT Amazon Web Services IoT enables secure, bi-directional communication between Internet-connected things (such as sensors, actuators, embedded devices, or smart appliances) and the AWS cloud over MQTT and HTTP. For more information please visit: http://aws.amazon.com/iot/. The description of the columns is as below:

TERMS Enable DESCRIPTION Enable the AWS IoT function AWS Root CA Root CA is necessary. User can download it from the AWS. AWS Certificate file Certificate is necessary. User can download it from the AWS. AWS Private Key file Private key is necessary. User can download it from the AWS. Target Host Enter the target host Port Default: 433 Because AWS uses the HTTPS traffic, user need to add an inbound rule on port 443 Client ID Enter the device client ID My Thing Name Enter the registered device name (Need to be the same) Click Submit to apply the configuration. 96 HOW TO CONNECT THE DEVICE TO AWS Create and login to AWS account. Select AWS IoT Services click Thing. Add your device shadow. Create and download the key or certificate. Certificate, private key, root CA is necessary. Public key is used by AWS server to authenticate with private key. The public key and private cannot be downloaded back after the user closes the page. Policy can be added later. 97 Get the Target host to connect with the device. Go to Manage -> Things -> click the device name -> Click Interact. Copy the HTTPS link to update users Thing Shadow using this Rest API Endpoint. Connect the device to AWS. Copy the link and paste on the Target Host field at the AWS IoT page. 98 3.8.2 AZURE IoT Azure IoT Hub is a fully managed service that enables reliable and secure bi-directional communications between millions of Internet of Things (IoT) devices and a solution back end. One of the biggest challenges that IoT projects face is how to reliably and securely connect devices to the solution back end. To address this challenge, IoT Hub:

Offers reliable device-to-cloud and cloud-to-device hyper-scale messaging. Enables secure communications using per-device security credentials and access control. Includes the most popular communication protocols. The description of the columns is as below:

DESCRIPTION Enable Azure IoT function Download and enter the root CA. TERMS Enable Root CA IoT Hub Port Client ID SAS Token Enter the IoT hub server, this information can be found at the azure platform Display the port number. Because Azure IoT uses the MQTT protocol, so user needs to enter 8883 port number that belongs to MQTT protocol. Enter the SAS Token that needs to be generated by software. (Azure Device Default: 8883 Enter the client ID Explorer) Click Submit to apply the configuration. HOW TO CONNECT THE DEVICE TO MICROSOFT AZURE CREATE IOT HUB To register the device in Azure Portal, user has to follow the guide Get started with Azure IoT Hub for Java:

https://azure.microsoft.com/en-us/documentation/articles/iot-hub-java-java-getstarted/. The guide explains how to create an IoT Hub and a device entity. It is important to annotate the connection string generated after creating the device entity. User will need this parameter later for the device configuration (WoM IoT Configuration). 99 CONFIGURE THE DEVICE AS A MQTT CLIENT In the Microsoft Azure Portal, go to IoT Hub menu and select:

Devices > myCreatedDevice > Shared access policies > iothubowner > Connection string - primary key. User has to annotate the value of this field. 1. Get the connection string. Click the IoT Hub -> Shared access policies. 2. Click registryReadWrite -> copy the Connection string---Primary Key. 100 3. Download and install the Azure Device Explorer to generate the SAS Token. Go to this link to download the software: https://github.com/Azure/azure-iot-sdk-csharp/releases/download/2018-3-13/SetupDeviceExplorer.msi 4. Paste the Connection String --- Primary Key to the IoT Hub Connection String box. Then type the Protocol Gateway HostName and click Update. In the end, generate the SAS Token. 101 5. Configure the MQTT Client from the Web GUI. Enter the value based on the IoT Hub setting. And the device is connected to the cloud. Please find the Root CA through this link: https://github.com/Azure/azure-iot-sdk-c/blob/master/certs/certs.c 3.8.3 Private IoT WoMaster provides its own cloud service, ThingsMaster that could support the Industrial Plants Network. Under the cloud architecture, software, hardware, applications, and storage can all be provided as services. The cloud network service has the advantages of easy expansion, rapid adjustment, and minimal management, and can dynamically meet increasing demands. Users can access the data which stored on the cloud anywhere, anytime, and seamlessly share to any authorized users. The description of the columns is as below:

TERMS Enable DESCRIPTION Enable the WoM IoT function Connection Status Show the status of the connection between the device and ThingsMaster IoT Server Enter the address of Private IoT Server. Port Enter the port of Private IoT Server. 102 Client ID Enter the client ID that has been registered. MQTT Publish Topic Specify the MQTT Topic MQTT Publish The interval time to update the data Interval Update on change Default: Uncheck Check the box to send update on when data changed. CA Certificate The function from this certificate file is to create an encrypted MQTT communication. User will get this file when download the ThingsMaster server file. Note. This field only supports in ThingsMaster v1.1 and later version Debug Mode Check to enable debug mode for CoAP connection. Debug Log Download log for problem analysis between device and CoAP server Click Submit to apply the configuration. 3.8.4 RMS (Remote Management System) WoMaster supports Over-the-Air Remote Monitoring System (RMS), ThingMaster OTA. This page allows the user to configure the RMS settings for the device, so that the device will be monitored through the ThingsMaster OTA RMS. The software is strong and easily to monitor your network over-the-air, you can apply the software with up to thousand nodes monitoring from our sales. Not every version firmware supports this feature, while you have need to run over-the-air monitoring and doesnt find the configuration file, please contact our sales/technical window for further discuss. The description of the columns is as below:

DESCRIPTION TERMS Enable Check the box to enable the RMS function. RMS Server Enter the RMS Server IP Address 103 Port Default: 8883 ACCESS TOKEN Generate the token from ThingsMaster RMS; this access token is used to access the GPS Location User Input: User input the device location information. By Hardware: if the device is supported with the GPS feature, then it will directly generate device. the location. Latitude Enter the Latitude coordinate of the device Longitude Enter the Longitude coordinate of the device CA Certificate The function from this certificate file is to create an encrypted MQTT communication. User will get this file when download the ThingsMaster server file. Note. This field only supports in ThingsMaster v1.1 Click Submit to apply the configuration. After succeed with the registration then the device will appear on the ThingsMaster OTA RMS dashboard. 104 HOW TO ESTABLISH AND CONNECT TO THE THINGSMASTER OTA RMS SERVER Note: The UI of the ThingMaster, ThingMaster OTA RMS and VMWare software and download link is often updated, following steps and figures may be updated. 1. Contact our Sales to get the access to the ThingsMaster RMS Account. 2. Login to ThingsMaster OTA RMS, using RMS Account. Login: <User RMS Account>

Password: <User RMS Password>

3. Go to Home -> Device Management to register the device. 105

4. Add new device information, by clicking the + at the corner of the page. After click + menu then a page will pop up. Enter the device information. Name: Please start the name with Router + Number. Device type: default Is gateway: check the box Click Add 106 5. After the device is registered, then click on the device folder go to Details -> Click on Copy Access Token. This access token is code to link the device with the RMS Server. 6. Go to the Web GUI -> IoT -> RMS. Paste the Access Token code to the Web GUI. And complete the configuration. 107 7. After the configuration is done then go back to ThingsMaster RMS Server. And then click on the newly added Router -> Attributes-> Client Attributes to see if the data has been uploaded. 8. If all of the data has been uploaded, user can create a dashboard to visualize the data. Go to Dashboards menu. In this page, user can upload the JSON file that sent by the WoMaster Sales in the email. Click the + to import JSON File or Create a new Dashboard. 108 3.9 Backup and Restore User can use WoMasters Backup and Restore configuration to save and load configuration through the router. Users can browse the target folder and then type the file name to back-up the configuration. Browse the target folder and select existed configuration file to restore the configuration back to the router. This mode is only provided by Web UI while CLI is not supported. Also, this feature provides the Download Backup button in order to download the backup configuration from the router. 109 3.10 Firmware Upgrade WoMaster provides the latest firmware online at www.womaster.eu. The new firmware may include new features, bug fixes or other software changes. WoMaster also provides the release notes for the update as well. For technical viewpoint, WoMaster suggests user uses the latest firmware before installing the router to the customer site. Note that the system will be automatically rebooted after User finished upgrading the new firmware. Please remind the attached network users before User performs this function. Users can browse the target folder and then type the file name to back-up the configuration. Users also can browse the target folder and select the existed upgrade file. This mode is only provided by Web UI while CLI is not supported. 110 3.11 Reset to Defaults This function provides users with a quick way of restoring the WoMaster routers configuration to factory defaults. By check the Restore Factory default IP setting, it means the IP of the device will directly change to the default IP

(192.168.10.1). Pop-up message screen to show User that have done the command. Click on OK to close the screen and reboot the device. Below is the interface for resetting the device with keep the IP Settings. 111 3.12 Save Save option allows user to save any configuration. Powering off the router without clicking on Save will cause loss of new settings. After selecting Save, click on Yes to save new configuration. 112 3.13 Logout There are 2 logout methods. If user doesnt input any command within 30 seconds, the web connection will be logged out. The Logout command allows user to manually logout the web connection. Click on Yes to logout. 3.14 Reboot Click on Reboot to reboot device. System Reboot allows user to reboot the device. Some of the feature changes require user to reboot the system. Remember to click on Save button to save configuration settings. Otherwise, the settings user made will be gone when the router is powered off. Reboot main screen, to do confirmation request. Click Yes, then the router will reboot immediately. 113 4. REVISION HISTORY Version Description V1.0 1st released User Manual No N:1 NAT page No OpenVPN user page Date Editor 20191212 Andrew V1.1 Update WA512G-D with DC Terminal Block Input 20200506 Orwell

-Appearance, Wiring power input with DC terminal block Update description of MESH Status Add 3.4.2.6 Client Router (Wireless WAN NAT) mode for Wireless interface. Supported by V1.4 and later firmware. Add Fast Roaming chapter in Advanced WLAN Setting. Supported by V1.4 and latest firmware Update/Add description of Web Management:

Update N to 1 NAT (one active WAN only) Update MESH Setting and MESH network Status Update OpenVPN Server/Client/User description Add OpenVPN Certificate Design and description Update IPSec Description Update RMS Description Update ThingMaster OTA description Note:

The manual is user configuration guide, not includes RED declaration of conformity, RF specification and Safety precaution. We offer other declaration of conformity form. Please check our web site for the latest documents or contact our sales/support window. 2. Add WA512GM-IP67 Wiring Antenna and Wiring Waterproof Connector. 3. Update Pole/Wall-mount installation instruction. 4. Update WA512GM-D product appearance figures. 5. Add WA512GM-D Chassis ground installation instruction. 6. Update Fast Roaming description ready by firmware V1.4.5. Wait updating MESH, RF data V1.2b 1. Add Product DOC and Safe Precaution. 20200821 Orwell V1.2c 1. Add more description in Safety Precaution. Sep.21,2020 Orwell 2. Update WA512GM-D product figure, dimension, Din Clip dimension with wall-mount installation, Add Default Antenna spec. V1.2d 1. Updated by UL. Add wall-mount screwing, remove outdoor cabling, Sep.24,2020 Orwell 114 48V 0.5A rating for PoE. V1.3 Add FCC Statement Oct.7,2020 Orwell 115

Model Name: WA512GM-D WoMaster Default IP: 192.168.10.1 ethernet 1 Mac Adress: WINN (1 wi Ethernet 2 MAC Address: 9466F 70034C6 WIFI 1MAC Address: __ ll YA Il WiFl2 MAC Address: __IIINIINIDIINMNI/QINILND INN 9466E70034C8 NM ce USTED FCC ID: 2AXAMWAS 12GM 510621 HW Version: 1.0 ITE. Power Input: 24VDC (10-50V)/ IEEE 802.3af PD 4 RoHS Power Consumption: Max. 9.2Watts Made in Taiwan Model Name: WAS12GM-IP67 WoMa ster Default IP: 192.168.10.1 IO AO Ethernet 1 MAC Address: 66E70034C5 cthernet 2 mac address: Ill MMIII TIM TINT TI wieitmacaddress: IIIT TMIMIIM( 1000 IM 66E70034C7 WIFI2 MACAddress: ||| en 9466E/0034C8 be c/n UII 0 -~

WA2001000001 @-

HW Version: 1.0 oe re C Power Input: IEEE 802.3af PD FCC ID: 2AXAMWAS12GM Power Consumption: Max. 9.2 Watts Made in Taiwan

WOM ASIA CO., LTD FCC Confidential Authorization 2020/09/30 FEDERAL COMMUNICATIONS COMMISSIONS Authorization and Evaluation Division 7435 Oakland Mills Road Columbia, MD 21046 Subject: Confidentiality Request regarding application for certification of FCC ID: 2AXAMWAS512GM In accordance with Sections 0.457 and 0.459 of the Commissions Rules, WOM ASIA CO., LTD hereby requests long-term confidential treatment of information accompanying this application as outlined below:

e Block Diagram Schematics e Operation Description The above materials contain proprietary and confidential information not customarily released to the public. The public disclosure of these materials provides unjustified benefits to its competitors in the market. Sincerely, Orel Orwell Hsieh WOM ASIA CO., LTD 4F., NO.86-2, YIWEN 1ST ST., TAOYUAN DIST., TAOYUAN, 33045, TAIWAN

(R.O.C.) TEL: +886-2-55964238 QA-FR-171-A

WOM ASIA CO., LTD FCC Authorization 2020/09/30 FEDERAL COMMUNICATIONS COMMISSIONS Authorization and Evaluation Division 7435 Oakland Mills Road Columbia, MD 21046 Subject: Agent Authorization To whom it may concern:

We WOM ASIA CO., LTD, the undersigned, Hereby authorizes Bay Area Compliance Laboratories Corporation to act on its behalf in all matters relating to application for

' Equipment authorization, including the signing of all documents relating to these matters. All acts carried out by Bay Area Compliance Laboratory Corporation on our behalf shall have the same effect as our own action. We, the undersigned, hereby certify that we are not subject to a denial of federal benefits, that includes FCC benefits, pursuant to Section 5301 of the Anti-Drug Abuse Act of 1988, 21 U.S.C. 862. This authorization is valid until further written notice from the applicant. Sincerely Yours, Orme LX Orwell Hsieh WOM ASIA CO., LTD 4F., NO.86-2, YIWEN IST ST., TAOYUAN DIST., TAOYUAN, 33045, TAIWAN

(R.0.C.) TEL: +886-2-55964238 QA-FR-170-B 7/29/2014

WOM ASIA CO., LTD DECLARATION OF SIMILARITY October 7, 2020 To:

FEDERAL COMMUNICATIONS COMMISSIONS Authorization and Evaluation Division 7435 Oakland Mills Road Columbia, MD 21046 Dear Sir or Madam:

We WOM ASTA CO., LTD hereby declare WA512GM-DWA512GM-IP67 emissions BACL, the results FCC ID: 2AXAMWA512GM and electromagnetic of which are featured is/are that product:

WLAN AP/Router, model(s):

electrically identical with the same electromagnetic compatibility characteristics as model: WA512GM-D tested by in BACL project:

RXZ200708002. A description as follows:

of the differences between the tested model and those that are declared similar are Model Power Input Interface Antenna Enclosure WA512GM-802.3af IP67 PoE compliant 2xGbE RJ45, N-Type socketIP67 waterproof LED, USB Cable Gland metal housing, Wall/Pole-mount WA512GM-802.3af D PoE, 24VDC LED, GND,24V terminal block tenalblock compliant 2xGbE RJ45, SMA socket Metal Housing, Wall/Din-Rail mount Please contact me should there be need for any additional clarification or information. Orwell Hsieh WOM ASIA CO._! LTD QA-FR-227-A 11/05/2013

FCC Declaration Letter WOM ASIA CO., LTD 2020-11-25 To:

FEDERAL COMMUNICATIONS COMMISSIONS Authorization and Evaluation Division 7435 Oakland Mills Road Columbia, MD 21046 Subject: Professional Installation Statement for FCC ID: 2AXAMWA512GM Product Name: WLAN AP/Router Model(s) Name: WA512GM-D; WA512GM-IP67 Dear Sir or Madam, based on the following reasons:

Please be notified that we, the undersigned, state that our device requires professional installation 1. This device will not be sold to the general public, it will be sold to specific dealers only. 2. This device requires controlled installation location and antenna by professional installers. 3. The device requires professional configuration for use. Please help to deal with it and contact me if you have any question. Sincerely Yours, Orwell Hsieh / CTO WOM ASIA CO., LTD TEL: +886-2-55964238 E-mail : Orwell.h@womtek.com 4F., NO.86-2, YIWEN 1ST ST., TAOYUAN DIST., TAOYUAN, 33045, TAIWAN (R.O.C.)