This page includes most basic settings needed to configure the network. It's divided into sections including MultiWAN, WAN Settings, Ethernet Ports Configuration, LAN and Wireless settings.

Number of WAN ports: lets you select the number of WAN ports to be used on the device.

On models with 1 physical WAN interface, only “1 WAN” can be selected. Other options are greyed out.

Tune route cache: is used for MultiWAN configurations with load balancing.

Recommended when 2 or more WANs have weight larger than “0”. It uses kernel tweaks to improve workload sharing.

For details, see the Notes section below.

Check Connections Every: makes FreshTomato automatically test WAN link reliability.

It sets how often the router tests its Internet connection. Any option but Disabled runs the Watchdog script.

Watchdog uses ping/traceroute to test WAN connection status. (Default: Disabled).

Any option but Disabled makes “Target 1” and “Target 2” fields appear.

• Target 1 - the address of the first host to ping
  (Default: Google.com)
• Target 2 - the address of the second host to ping
  (Default: Microsoft.com)
  
  

Settings here are used to configure the WAN interface. These settings depend on your ISP.

Depending on the selected type, specific connection settings will be shown or hidden.

Type: sets the connection mode the WAN interface uses to connect to your ISP. (Default: DHCP).

• DHCP - Your ISP's DHCP server dynamically assigns a WAN IP lease to FreshTomato.
  • DHCP doesn't use authentication.
    
    

• PPPoE - The WAN port responds to authentication requests from the ISP's PPPoE server.
  • Usually used on DSL networks.
  • FreshTomato stores the PPPoE username/password assigned by your ISP.
  • If authentication succeeds, the PPPoE server allows logon to the ISP network,
    and a DHCP server assigns you a WAN IP lease.
  • Leave the Service Name field blank.
  • Starting with release 2021.3, support for Baby Jumbo Frames (RFC 4638)
    was added to the Miscellaneous menu.
  • When using Baby Jumbo Frames, set MTU to 1500, to be consistent with the
    Baby Jumbo Frames change. (See Notes).
    
    

• Static - will configure your WAN port with a static IP.
  • You must manually enter these settings in FreshTomato, from your ISP:
    • Static IP address
    • Subnet mask
    • Gateway address
    • DNS server addresses
  • This mode is usually used for business, when an IP address mustn't change.
    
    

• PPTP - configures the WAN port to use Microsoft's PPTP protocol to connect.
  • This section requires you to enter:
    • a username
    • password
    • gateway server settings (given by your ISP).
      
      

• L2TP - configures the WAN port to connect using Layer Two Tunneling Protocol.
  • FreshTomato requires you enter the following, provided by your ISP:
    • L2TP username
    • Password
    • L2TP server static IP address
    • Subnet mask
    • Gateway setting
      
      

• 3G modem - enables support for 3G cellular USB modems.
  • To detect modems, enable USB and 3G/4G/5G modem support in USB Support.
    
    

• 4G/LTE - enables support for 4th generation cellular/LTE USB modems.
  • When using 4G, PIN code and APN fields appear. You must enter these settings.
  • To detect modems, enable USB and 3G/4G/5G modem support in USB Support.
    
    

• Disabled - disables the physical WAN port on the router.
  • This makes your device function only as a switch (if it has that function) and/or;
  • It may effectively make your device function as a WiFi A/P (if capable).
    
    

Wireless Client Mode: enables FreshTomato's Wireless Client mode.

This lets the router act as a client (WiFi adapter) to connect to another router/AP.
(For details, see Wireless Mode tables below).

• Disabled - wireless Client mode will be disabled.
• 2.4 GHz - wireless Client mode will be enabled on the 2.4 GHz band.
• 5 GHz - wireless Client mode will enabled on the 5 GHz band.

Load Balance Weight: appears only when number of WANs > 1. Valid settings are (0 - 256).

In a MultiWAN configuration, FreshTomato performs load sharing on the link traffic. Giving each interface a Load Balance Weight adjusts how it participates in MultiWAN activities. Load sharing is done on a per-session basis to avoid issues with interactive traffic like:

1. Real-time voice
2. Video
3. RDP.

Per-packet loadsharing isn't recommended in cases where link speeds vary. It would generate out-of-order packets, and in doing so, could make interactive traffic unusable.

Example: Load Balance Weight: 0 (Failover)

If “0” is used, FreshTomato won't route traffic when other WAN interfaces are functioning. However, if all other WAN interfaces with weight “1” or higher fail, a WAN connection with weight “0” will automatically enable. Then, when the interface with weight “0” is automatically enabled, it is assigned a weight of “1”. Such functionality is commonly used as a failover configuration.

For example, let's say:

• There are 2 WANs
• WAN0=“weight 0”
• WAN1=“weight 1”
  

In this example, routing would proceed as follows:

1. When the failure of WAN1 is detected, WAN0 will activate
   (assigned with weight: “1”) and begin routing packets.
2. Later, WAN1 recovers its connectivity. As soon as FreshTomato
   notices, (seconds/minutes), WAN0 will be reset to idle status
   while traffic is rerouted through the revived WAN1.

Recovery back to the originally-active interface is called preempting. It's the default (fixed) behavior.


Example: Load Balance Weight: 1

Any value > “0” makes an interface actively route packets.

A weight of “1” isn't very meaningful, since weights are relative. Each weight is compared to others to direct functionality.

A good way to understand this is:

• “1=100%
• “0=0%”
• Thus, if WAN0=“weight 0” and WAN1=“weight 1”, WAN1 would handle 100% of the traffic.

Example: Load Balance Weight: 5

Basically, an interface set to weight: “5” would handle 5 new sessions before any other interface was used.

For example, say we have 3 WANs, as follows:

• WAN0 = weight 0
• WAN1 = weight 1
• WAN2 = weight 5

In this example, routing would proceed as follows:

1. WAN0 would be used only if WAN1 and WAN2 are failing/unable to route.
2. WAN1 would handle the first new LAN client session through the router.
3. WAN2 is set to handle the second, third, fourth, fifth and sixth sessions.
4. The seventh new session would be treated as another, first new LAN client,
   so would start again from WAN1.
5. WAN2 would then handle the next five new sessions, (eighth through twelfth).
   
   

These settings affect only outbound traffic. Return traffic tries to return via the WAN interface it came from.

Allocation of a new session to a WAN is dynamic. You can set which traffic gets allocated to which Interface (“sticky connection”) in MultiWAN routing.

Modem device: here, specify the 3G/4G/5G modem's Linux device path/filename.

• If unsure, check the modem is listed in 3G/4G/5G Dongle compatibility.
• If it isn't detected, enable 3G/4G/5G modem and USB support in USB Support.
• If WAN type is 3G or 4G/LTE, fields appear asking for more information.
• The Default device filename is the first serial device on the first USB port: (/dev/ttyUSB0).
  • The “tty” part of the filename represents a serial device.
  • “USB0” in the filename means the device is connected to the first USB port.
  • Devices listed as ”/ttyUSB“ use the newer Serial→USB device driver framework.
• “ACM” in the device name type means the device type is: “Abstract Control Model”

To get modem details, log on to FreshTomato via Telnet/SSH and use the “lsusb” or “dmesg” commands .

PIN Code: the 3-digit PIN code for the SIM card associated with your cell account.

• Leave this blank if your SIM card code was deactivated.
  
  

Modem init string: enter the modem's default initialization string.

• Your cellular provider or modem manufacturer gives you this. (Default: *99#).
  
  

APN: the access point name (provided by your cell carrier).

• Sets a gateway to route data between the carrier and the Internet. (Default: internet).
  
  

Username: the (carrier-provided) username to access your cell carrier's APN gateway.

• Some carriers don't require this.
  
  

Password: the (carrier-provided) password to authenticate to your cell carrier's APN gateway.

• Some carriers do not require this.
  
  

Network Type: appears when WAN type is set to 4G/LTE. (Default: 4G/3G/2G).

• The default makes FreshTomato start negotiating with a 4G connection.
  If that fails, it falls back to negotiating 3G. Finally, it tries a 2G connection.
  
  

DNS Server:

• AUTO - FreshTomato uses DNS server addresses in your ISP's
  DHCP lease.
• Manual - enables DNS server functions in dnsmasq. “DNS 1”
  and “DNS 2” fields appear.
  • DNS 1 - enter DNS server 1 address here.
  • DNS 2 - enter DNS server 2 address here.

Manually-set DNS servers can be helpful if your ISP's DNS servers are slow/unreliable.

MTU: sets the Maximum Transmission Unit, (Ethernet frame size) for WAN←→LAN traffic.

This is for the WAN interface only and won't affect LAN traffic.

• (Default: 1500) - good for most Ethernet devices.
  Choosing it
  greys out the Manual field.
• Manual - Enter a custom value. Jumbo Frames
  start at 2000 bytes.

Different MTU sizes across devices may cause issues.

Use DHCP: is rarely used. Usually, you should leave it disabled.

• A few Internet providers separate addressing from PPPoE functions.
  
  

Single Line MLPPP: is outdated, and rarely used now.

This Multilink PPP version lets a modem bond the bandwidth of multiple PPPoE sessions.

A side effect of it was that it bypassed some ISPs' bandwidth throttling.

Route Modem IP: lets you access a modem “behind a router” with a quick setting change.

• When using separate modem and router, usually the modem is in bridge mode or
  PPPoE passthrough mode. This makes it hard to access the modem's LAN interface,
  as it's “behind” the router.
• The router's WAN interface has a public address, but the modem is reachable
  only via a private LAN address.
• Private addresses aren't routable, so by default, FreshTomato blocks any traffic
  on a path of: LAN —> WAN —> (MODEM with PRIVATE IP).
• Route Modem IP adds a static route to the routing table, giving the modem a
  private address on a /32 subnet. This makes the private address reachable via
  the WAN interface, and thus via the LAN.
• The mask allows only one host, so only the modem is reachable on that subnet.

.

(Default: Off)

Query Hilink Modem IP: is for Huawei USB modems with Hilink mode.

It lets you communicate with a modem in Hilink mode connected to a LAN device other than the router.

It can be used to monitor modem statistics/signal strength. (Default: Disabled).

Call Custom Status Script: TBD.

Connect Mode: chooses the method to keep the router connected to the Internet provider.

• Connect on Demand - makes the router disconnect from the ISP after
  the Max Idle Time. FreshTomato reconnects to the Internet as soon as
  a LAN client requests Internet access.
• Some ISPs drop a connection if their router detects no Internet activity.
  • Keepalive * - makes FreshTomato send keepalive packets at brief,
    specified intervals. This makes the ISP “see” intermittent activity
    when no clients request
    Internet access.
• Redial Interval - how often the router checks the Internet connection.
  (Default: 10 seconds). This minimizes Internet connection response time,
  since usually the connection will be up.

(Default: Keepalive).

Redial Interval: if PPPoE dialing fails, this delays attempts for a defined number of seconds.

This allows more time for the PPPoE server/network equipment to restart properly before re-establishing a PPPoE link.
(Default: 10 seconds).

LCP Echo Interval: Link Control Protocol exchanges frames between 2 peers to check they're connected.

• LCP Echo Interval is the time between these signals.
• Usually used to check a DSL modem's PPPoE is still connected to the ISP.
• (Default: 10 seconds).

LCP Echo Link fail limit: how many failed LCP echo requests between peers before link is deemed down.

• The client DSL modem will then drop the PPPoE link.
• LCP will then try to renegotiate a new PPPoE session.

Disable Watchdog: disables the Watchdog function, for only the WAN connection in the menu.
(Default: Enabled/Tracert).

Watchdog Mode: regularly checks a given WAN connection is up.

This chooses the method used to test the connection.

• Traceroute *
• Ping

The Watchdog function supports connection types:

1. DHCP
2. PPPoE
3. PPTP
4. L2TP
5. 3G/4G/5G LTE

The LAN section includes information and settings to configure FreshTomato's LAN interface functions.

This includes:

1. LAN IP address and subnet mask
2. Spanning Tree Protocol function
3. DHCP server status/settings (via dnsmasq), such as scope and lease time
4. Stubby (DNS-over-TLS) setting and WINS settings

Bridge: lets you selects the bridge whose LAN settings will be modified

STP: enables Spanning Tree Protocol to prevent forwarding loops in switches.

The default (off) is recommended, unless you are highly experienced.

IP Address: the IP Address to assign to the specified LAN interface.

FreshTomato supports Class A/B/C networks. (Default: 192.168.1.1).

Netmask: the subnet mask associated with FreshTomato's LAN IP address.

(Default: 255.255.255.0 - class “C” netmask).

DHCP: enables DHCP server functions in dnsmasq. (Default: Off)

IP Range (first/last): the range of IP addresses the DHCP server will assign to LAN clients.

In the top field, enter the first valid address in the subnet. Enter the the last address in the bottom field.

Lease Time (mins.): the DHCP lease time, in minutes. (Default: 1440).

Automatic IP: lets FreshTomato obtain a LAN IP via DHCP.

Since release 2022.6, this option is supported in:

1. AP Mode
2. Wireless Ethernet Bridge (WEB) Mode
3. Media Bridge Mode.
   
   

After saving settings, the router's new default address is 192.168.1.1 until it obtains DHCP data.

Settings here are for the Ethernet Ports State graphic in the Overview menu. Link status, Link speed and Diagnostic information are shown for each port, .

Enable Ports State: enables the Ethernet Ports State graphic. (Default: On).

Show Speed Info: checking this displays the link speed of each port, (1GB/100MB/10MB).

(Default: On).

Invert ports order: displays port icons in the opposite order from where they are on the hardware.

This is useful when the order of display icons doesn't match the physical locations on the router. (Default: Off).

This feature makes FreshTomato assess on which band a client device should connect, and then “nudges” it towards that band.

When enabled, these settings are saved to NVRAM, then replicated from the first WiFi radio to all other radios:

1. SSID
2. Broadcast
3. KEY1-4
4. Shared Key
5. Encryption
6. Radius Key
7. Radius Port
8. Radius IP

(Visibility depends on the wireless security selected)

Among the wireless settings that will NOT be replicated are:

• Channel
• Channel Width
• Wireless Network Mode
• Band (2.4 / 5 GHz)
• Country Code/Rev
• Beamforming

Client devices also may try to switch bands on their own, without the influence of Wireless Band Steering.

This feature is available since release 2020.8 (for ARM hardware only). See the Notes section for more details.

The Wireless (2.4 GHz) section displays information and settings for the 2.4 GHz wireless interface.

Your device may show a different device name than eth1. Hardware device numbers begin at “0”.

The first Ethernet device might be called “eth0”. The second might be called “wl1”.

Enable Wireless: enables the 2.4 GHz WiFi interface. When unchecked disables that interface.

MAC Address: displays the MAC address of the 2.4 GHz WiFi interface.

Clicking this takes you to the MAC Address page, to specify a custom address for this interface.

Wireless Mode: here, choose the wireless mode (function) of the 2.4 GHz WiFi interface.

Wireless Network Mode: selects which 802.11 WiFi protocols to make available to clients.

The network modes available here will depend on your hardware.

• Auto: * - router/WiFi clients automatically negotiate the best protocol.
  • Recommended, unless you have advanced networking skills.
  • Incompatibilities may exist.
  • The best settings may not be obvious.
• B Only - allows WiFi clients to connect using only 802.11b.
• G Only - allows WiFi clients to connect using only 802.11n.
• B/G Mixed - allows clients to connect using 802.11b/802.11g.
• N only - allows clients to connect using only the 802.11n.

These apply only to the 2.4 GHz interface. Any 5 GHz interface will have separate Mode settings.

SSID: the network name (Service Set IDentifier) for the 2.4 GHz WiFi interface.

For security, don't include personal identity/address/location/equipment type. Single dictionary words are also poor for security.

(Default: FreshTomatoXX, where “XX” is the two band numbers.) On a 2.4 GHz network, the default SSID is: “FreshTomato24”.

Broadcast: enables SSID broadcasting.

This “announces” the SSID, so it's easy to find and connect to.

Common software can easily sniff SSIDs. Contrary to claims, disabling Broadcast provides little security increase.

Channel: the channel on which the 2.4 GHz interface operates.

Generally, choose a different channel than your neighbours'. (Default: Auto).

• Auto* - this default is generally safe unless there's too much
  interference from other, nearby equipment.
  FreshTomato uses the channel it senses has the least interference.
• Channel - lets you manually choose available channels on the band.
  Unavailable channels won't appear.
  
  

Channel Width: lets you choose the (frequency) width of the channel.

• 20 MHz
• 40 MHz

802.11n can use 40 MHz channel width, but to maintain legacy compatibility, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel.

Control Sideband: lets you choose whether the sideband channel used is above (Upper) or below (Lower) the main channel.

(Default: Upper). This is only available If 20 or 40 Channel Width is selected.

• Upper *
• Lower
  
  

Security: here, choose the security protocol used on the 2.4 GHz WiFi interface.

• Disabled - disables all security, leaving the network open to anyone.
  Avoid using this. It is a basically an unlimited security risk.

• WEP - enables Wired Equivalent Privacy protocol. Avoid this. It's obsolete
  due to serious vulnerabilities, including weak encryption.

• WPA Personal - enables WiFi Protected Access Protocol 1.x.
  • Uses the RC4-based TKIP protocol.
  • Lets hosts exchange pre-shared keys, for more security.
  • More secure than WEP, but has weaknesses like lower encryption standards.
  • WPA2 is strongly encouraged instead.

• WPA Enterprise: (AKA: WPA-802.1X) - is similar to WPA Personal,
  but each user has his/her own username/password.
  • No common pre-shared key is used.
  • Doesn't require a RADIUS server.
  • Is more secure against dictionary attacks on short passwords.
  • Is suitable for larger, more formal networks.

• WPA2 Personal - WiFi Protected Access version 2 uses parts of 802.11i.
  • Supports mandatory AES encryption, so much more secure than old protocols.
  • Recommended for small- to mid-sized, informal networks.

• WPA2 Enterprise - enables the Enterprise version of WPA2.
  • Uses WPA2, but each user has their own WiFi username/passkey.
  • Is based on parts of 802.11i.
  • Doesn't require a RADIUS server.
  • Appropriate for larger, more structured networks.

• WPA / WPA2 Personal - enables both protocols.
  The router will communicate
  via whatever it detects from the client.

• WPA / WPA2 Enterprise - enables both protocols.
  The router will communicated
  via whatever it detects from the client.

• RADIUS - enables Remote Access Dialup User Service.
  • Designed for larger organizations.
  • Uses a separate server to authenticate/permit/track users.
  • Supports authentication via certificates.
  • Is usually only for advanced users.
    
    

Shared Key: the authentication key for WiFi LAN clients. Asterisks display before inserting the cursor.

Group Key Renewal: sets how often encryption keys used between clients and router are rotated.
This is a part of the WPA protocol. (Default: 3600 seconds/1 hour).

The following limits apply to adjusting key rotation interval:

• Release 2023.5 and later: From 1 second to 2592000 seconds
  [for ARM-based and MIPS RT-N / MIPS-RT-AC hardware]
  Where: 0 = disabled (not advised).

• Releases 2023.4 and earlier (for all hardware): 60 - 7200 seconds.

The Wireless (5 GHz) section displays settings and information for the 5 GHz WiFi network interface.

Your device may show a different device name than eth1. FreshTomato hardware device numbers begin at 0.

For example,

• The first Ethernet device might be called “eth0”.
• The second wireless device might be called “wl1”.

Typically, the 5 GHz WiFi band has higher bandwidth, but shorter range than the 2.4 GHz band.

Enable Wireless: checking this enables the 5 GHz WiFi interface.

MAC Address: displays the MAC (hardware) address of the 5 GHz WiFi interface.
Clicking on this takes you to the MAC Address page to choose your own address for the interface.

Wireless Mode: lets you select the wireless mode (function) of the 5 GHz interface.

Wireless Network Mode: Select the 802.11 WiFi protocols available to clients.

• Auto - FreshTomato/WiFi clients automatically negotiate the best WiFi protocol.
  • Recommended unless you're highly experienced with WiFi.
  • Compatibility issues may occur. The “logical” setting isn't always the best.
• A Only - allows WiFi clients to connect using only 802.11a.
• N Only - allows WiFi clients to connect using only 802.11n.
• N/AC mixed - allows WiFi clients to connect using only 802.11ac or 802.11n.
• AC Only - allows WiFi clients to connect using only 802.11ac.

(Default: Auto)

Only releases 2021.8 and later have have a separate setting for 802.11ac.

Any 2.4 GHz band interface will have separate Mode settings. See the 2.4 GHz section.

SSID: the network name of the 5 GHz WiFi.

For security, don't include personal words/phrases indicating your name, identity, address, location, or equipment type. Single dictionary words also make for very poor security.

(Default: FreshTomatoXX, where “XX” is the digits in the band.) On a 5 GHz network, the default SSID is “FreshTomato50”.

Broadcast: enables SSID broadcasting.

This “announces” the SSID, so it's easy to find. Contrary to claims, SSIDs are easily sniffed with common software. Disabling SSID Broadcast offers little security improvement.

Channel: selects the channel on which the 5 GHz WiFi interface will operate..

Generally, you should choose a different channel than the one your neighbours use.

• Auto: This default is usually safe unless there's too much interference from nearby equipment.
  • FreshTomato selects/uses the channel it believes has the least interference.
• Channel: lets you manually choose from available channels on the band.
  Unavailable channels won't appear.

Channel Width: lets you select the channel width (frequency-wise).

• 20 MHz
• 40 MHz
• 80 MHz
• 160 MHz (not yet supported. May be supported on some SDK714 models)

Larger channel widths provide more speed/bandwidth if there's low interference.

The 5GHz band is less prone to interference and noise, because on that band, 20 MHz channels don't overlap. Interference is more common on the 2.4 GHz band.

Usually, it's fine to choose a larger channel width. However, if you see slow traffic, or clients having trouble authenticating/associating with the router, try a narrower channel width.

802.11n can use 40 MHz channel width. However, for legacy compatibility, it uses a main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main one.

Control Sideband: select whether the extra channel used is above (Upper) or below (Lower) the main channel.

This is available only if 40/80/160 MHz Channel Width is selected. (Default: Upper).

Security: lets you choose the security protocol to be used on the 2.4 GHz interface.

• Disabled - disables all security, leaving the network open to anyone.
  • Avoid using this. It's basically an unlimited security risk.

• WEP - enables Wired Equivalent Privacy protocol. Avoid using this.
  • Obsolete due to serious vulnerabilities, such as weak encryption.

• WPA Personal - enables WiFi Protected Access 1.x (with RC4-based TKIP protocol).
  • Lets hosts exchange pre-shared keys, for more security.
  • More secure than WEP, but problems include low encryption standards.
  • Strongly encouraged instead of WPA.

• WPA Enterprise (or: “WPA-802.1X”) - similar to WPA Personal,
  but each user has
  their own username/password.
  • No common pre-shared key is used.
  • Doesn't require a RADIUS server.
  • Is more secure against short-password dictionary attacks.
  • Is suitable for larger, more formal networks.

• WPA2 Personal - uses elements of the 802.11i standard.
  • Supports mandatory use of AES encryption. More secure than old protocols.
  • Is recommended for small/mid-sized informal networks.

• WPA2 Enterprise - enables the Enterprise version of WPA2.
  • Uses WPA2, but each user has their own username/passkey.
  • Is based on parts of 802.11i.
  • Doesn't require a RADIUS server.
  • Is appropriate for larger, more structured networks.

• WPA / WPA2 Personal - uses WPA2 Personal, and if that fails, WPA security.

• WPA / WPA2 Enterprise - uses WPA2 Enterprise, and if that fails, WPA .

• RADIUS - enables Remote Access Dialup User Service.
  • Is designed for larger organizations.
  • Uses a separate server to authenticate/permit/track users.
  • Supports authentication via certificates.
  • Suitable for advanced users.

Shared Key: the shared authentication key for WiFi LAN clients. Asterisks display until you click your cursor.

Group Key Renewal: sets how often encryption keys used between clients/router are rotated.

This is part of the WPA protocol. See the first wireless radio unit for more details.

(Default: 3600 seconds).

Specifically, enabling this option does the following:

# 2018-01-19
# Reduce and flush the route cache to ensure a more synchronous load-balancing across multi-wan
# https://vincent.bernat.im/en/blog/2011-ipv4-route-cache-linux
 
/bin/echo 1 > /proc/sys/net/ipv4/route/flush
/bin/echo 1 > /proc/sys/net/ipv4/route/secret_interval
/bin/echo 0 > /proc/sys/net/ipv4/route/min_delay
/bin/echo 1 > /proc/sys/net/ipv4/route/max_delay
/bin/echo 1 > /proc/sys/net/ipv4/route/gc_interval
/bin/echo 1 > /proc/sys/net/ipv4/route/gc_elasticity
/bin/echo 1 > /proc/sys/net/ipv4/route/gc_min_interval_ms
/bin/echo 0 > /proc/sys/net/ipv4/route/gc_min_interval
/bin/echo 1 > /proc/sys/net/ipv4/route/gc_thresh
/bin/echo 1 > /proc/sys/net/ipv4/route/gc_timeout
 
#Causes connectivity issues if this value is too small, use defaults or tune accordingly
/bin/echo 512 > /proc/sys/net/ipv4/route/max_size

Support for Baby Jumbo Frames is included since release 2021.3. It works only on gigabit routers. Not all ISPs support Jumbo Frames for PPPoE.

To enable Baby Jumbo Frames:

• Go the Miscellaneous menu. Check Enable jumbo frame support .
  The router will reboot.
• In the Network menu, Set MTU to manual. For PPPoE operation,
  enter an MTU of: 1500. (Usually, use packet size: 1492).
• Clamping can be manually disabled, if needed. At a FreshTomato
  command prompt: type: “nvram set tcp_clamp_disable=1”
• Ping with packet size of 1472 to verify a working PPP MTU of 1500.

This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:

Steer Policy:
max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3
Rule Logic: OR
RSSI: Greater than
VHT: Allowed
NON VHT: Allowed
NEXT RF: NO
PHYRATE (HIGH): Greater than or Equal to
LOAD BALANCE: NO
STA NUM BALANCE: NO
PHYRATE (LOW): Less than
N ONLY: NO

This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:

Steer Policy:
max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2
Rule Logic: OR
RSSI: Less than or Equal to
VHT: Allowed
NON VHT: Allowed
NEXT RF: NO
PHYRATE (HIGH): Greater than or Equal to
LOAD BALANCE: NO
STA NUM BALANCE: NO
PHYRATE (LOW): Less than
N ONLY: NO

For more details, see:
Smallnetbuilder.com: Asus RT-AC3200 Smart Connect-the Missing Manual