This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
basic-network [2022/02/16 23:48] – [WAN Settings]-spelling Wifi hogwild | basic-network [2024/02/21 17:54] (current) – [WAN(x) Settings] -clarify Load Balance Weight and add OOO explanation hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Network ====== | ====== Network ====== | ||
- | The Network page includes most settings needed to configure the network. It is divided into sections including MultiWAN, WAN Settings, Ethernet Ports Configuration, | + | The Network page includes most basic settings needed to configure the network. It is divided into sections including MultiWAN, WAN Settings, Ethernet Ports Configuration, |
===== MultiWAN ===== | ===== MultiWAN ===== | ||
- | **Number of WAN ports**: This lets you select the number of WAN ports to be used on the device. On routers with only one physical WAN interface, options with WAN ports larger than one will be greyed out. This allows you to select only “1 WAN” on such devices. | + | {{:pasted: |
- | **Check Connections Every: **This is a quick way to make FreshTomato automatically test the reliability of your WAN connection. (Default: Disabled). Choosing any setting other than [Disabled] will execute the Watchdog script. The Watchdog script uses ping or traceroute to test WAN connection status. | + | \\ |
- | This setting specifies how often you want the router | + | **Number of WAN ports**: |
- | **Target 1: **Address of first host you want FreshTomato to ping regularly (Default: Google.com)\\ | + | On routers with only one physical WAN interface, options with more WAN ports will be greyed out. You can select only “1 WAN” on such devices. |
- | [[https:// | + | \\ |
- | ===== WAN Settings ===== | + | **Tune route cache**: This is intended for MultiWAN configurations with load balancing. |
- | Settings in this section are used to configure | + | This setting is advised when two or more WANs have a weight larger than " |
- | **Type: **This | + | **Check Connections Every: **This |
- | **DHCP**: A DHCP server at your ISP will dynamically assign a WAN IP lease to your FreshTomato router. DHCP uses no authentication. | + | The Watchdog script |
- | **PPPoE**: The router' | + | Choosing |
- | Starting with release 2021.3, support for Baby Jumbo Frames (RFC 4638) was added. FreshTomato will try to increase | + | * Target 1 -** **Here, enter the address of the first host to ping regularly (Default: Google.com) |
+ | * Target 2 - Here, enter the address | ||
- | To enable Baby Jumbo Frames: | ||
- | | + | ==== WAN(x) Settings ==== |
- | - Set MTU to 1500 for PPPoE. | + | |
- | - Clamping can be disabled manually | + | Settings in this section are used to configure the WAN interface. These settings depend on your ISP. |
+ | |||
+ | Depending on the type selected, other settings specific to that type of connection will be shown or hidden. | ||
+ | |||
+ | **Type: **This sets the connection mode the WAN interface will use to connect to your ISP. (Default: DHCP). | ||
+ | |||
+ | * **DHCP | ||
+ | * DHCP does not use authentication. | ||
+ | |||
+ | * **PPPoE - **The WAN port will respond to authentication requests from your ISP's PPPoE server. | ||
+ | * This is most often used for DSL networks. | ||
+ | * This stores in FreshTomato the PPPoE username and password assigned by your ISP. | ||
+ | * If authentication succeeds, the PPPoE server allows logon to the ISP network, and a DHCP server assigns you a WAN IP lease. | ||
+ | * Leave the //Service Name// field blank. | ||
+ | * Starting with release 2021.3, support for Baby Jumbo Frames (RFC 4638) was added in the [[advanced-misc|Miscellaneous]] menu. | ||
+ | * When using Baby Jumbo Frames, set MTU to 1500, consistent with the Baby Jumbo Frames change. (See [[https:// | ||
+ | |||
+ | * **Static - **This choice will configure your WAN port with a static IP. | ||
+ | * You must manually enter the following settings in FreshTomato, | ||
+ | * Static IP address | ||
+ | * Subnet mask | ||
+ | * Gateway address | ||
+ | * DNS server addresses | ||
+ | * This mode is commonly used for business accounts, when the IP address shouldn' | ||
+ | |||
+ | | ||
+ | * This section will require you to enter: | ||
+ | * a username | ||
+ | * password | ||
+ | * gateway server settings (given by your ISP). \\ \\ | ||
+ | |||
+ | * **L2TP - **Choosing this configures the WAN port to connect using Cisco' | ||
+ | * FreshTomato will require you enter the following, provided by your ISP: | ||
+ | * L2TP username | ||
+ | * Password | ||
+ | * L2TP server static IP address | ||
+ | * Subnet mask | ||
+ | * Gateway setting \\ \\ | ||
+ | |||
+ | * **3G modem - **This setting will enable support for 3G GSM (cellular) USB modems. | ||
+ | * Ensure USB and 3G/4G/5G modem support are checked in [[nas-usb|USB Support]] for the modem to be detected. \\ \\ | ||
+ | |||
+ | * **4G/LTE - **This enables support for fourth generation GSM (cellular) / LTE USB modems. | ||
+ | * When choosing 4G, PIN code and APN fields appear. These must be filled with correct settings (see below). | ||
+ | * Check USB and 3G/4G/5G modem support are enabled in the [[nas-usb|USB Support]] menu for the modem to be detected. \\ \\ | ||
+ | |||
+ | * **Disabled - **This disables the physical WAN port on your router. | ||
+ | * This effectively makes your FreshTomato device function only as a switch (if it has that function) and/or; | ||
+ | * It may effectively make your device function as a WiFi access point (if it has that function). \\ \\ | ||
+ | |||
+ | **Wireless Client Mode: **This enables FreshTomato' | ||
+ | |||
+ | This mode lets the router act as a client to connect to another router/AP, similar to how a WiFi adapter would. | ||
+ | |||
+ | * Disabled - Wireless Client mode will be disabled. | ||
+ | * 2.4 GHz - Wireless Client mode will be enabled on the 2.4 GHz interface. | ||
+ | * 5 GHz - Wireless Client mode will enabled on the 5 GHz interface. | ||
+ | |||
+ | \\ {{:: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Load Balance Weight: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | When configuring a router in a MultiWAN configuration, | ||
+ | |||
+ | For example: | ||
+ | |||
+ | Let's assume we have 2 WANs, as follows: | ||
+ | |||
+ | WAN0=" | ||
+ | |||
+ | WAN1=" | ||
- | Then verify | + | At some point, WAN1 fails. As soon as this failure is noticed, WAN0 will activate (assigned with weight 1) and begin routing packets. Later, WAN1 recovers its connectivity. As soon as FreshTomato recognizes this, (within seconds |
- | **Static: **This choice will configure your WAN port with a static IP. You must manually enter the static IP, subnet mask, gateway address and DNS server addresses into FreshTomato. These settings are given to you by your ISP. Static mode is typically used for business accounts, when it's important the IP address doesn' | + | \\ |
- | **PPTP**: This will configure your WAN port to use Microsoft' | + | **Modem device: |
- | **L2TP: **Choosing this will configure | + | |
+ | | ||
+ | * When 3G modem or 4G/LTE is set as the WAN type, other fields appear, prompting for more information. | ||
+ | * The Default device filename is the first serial device on the first USB port: (/ | ||
+ | * The “tty” part of the device' | ||
+ | * The “USB0” part of the device' | ||
+ | * Devices listed | ||
+ | * This device type uses Linux' | ||
+ | * If the interface lists: “/ | ||
+ | * ACM modems let the modem hardware perform analog functions. | ||
- | **3G modem: **This setting will enable support for a 3G GSM (cellular) network dongle connected | + | To get device details, you could also log on to FreshTomato via Telnet/SSH and use the lsusb or dmesg commands |
- | **4G/LTE: **This enables support for fourth generation GSM (cellular) / LTE USB modem dongles. When choosing 4G/LTE, the PIN code and APN fields will appear, and must be completed with correct settings (see descriptions below). Always ensure USB and 3G/4G modem support are checked in the [[: | + | \\ |
- | **Disabled: **Disables the physical WAN port on your router. | + | **PIN Code: **This |
- | **Wireless Client Mode: **This enables FreshTomato' | + | |
- | | + | **Modem init string: **Here, enter the modem' |
- | * **2.4 GHz**: FreshTomato will enable Wireless Client mode on the 2.4 GHz interface. | + | |
- | * **5 GHz**: FreshTomato will enable Wireless Client mode on the 5 GHz interface. | + | |
- | | + | |
- | **Modem device: **Here you specify the 3G modem' | + | **APN: **The access point name (provided by your cell carrier). |
- | You could also log on to FreshTomato via Telnet | + | * This specifies a gateway |
- | **PIN Code: **This is the 3-digit PIN code for the SIM card associated with your cell account. Leave this field blank if your SIM card code has been deactivated. | + | **Username: **Here, enter the (carrier-provided) username to access |
- | **Modem init string: **Here, you enter the modem's default initialization string. This will come from your cell provider, or the modem manufacturer. (Default: *99#). | + | |
- | **APN: **The access point name (provided | + | **Password: **Here, enter the (carrier-provided) |
- | **Username: **Here you enter the username to access your cell carrier' | + | |
- | **Password: **Here you enter the password | + | **Network Type: **This menu appears when WAN type is set to 4G/ |
- | **Network Type: **This menu appears when WAN type is set to 4G/LTE. (Default setting: 4G/ | + | |
**DNS Server: ** | **DNS Server: ** | ||
- | * AUTO - FreshTomato uses the DNS server addresses included in your Internet Provider' | + | * AUTO - FreshTomato uses DNS server addresses included in your Internet Provider' |
- | * Manual - This enables FreshTomato' | + | * Manual - Enables the DNS server function (dnsmasq). This makes "DNS 1" and "DNS 2" fields appear. |
- | | + | * DNS 1 - Enter the first DNS server address here (if DNS Server is set to Manual). |
- | | + | * DNS 2 - Enter the second DNS server address here (if DNS Server is set to Manual). |
- | \\ Manually | + | \\ Manually-set DNS servers are useful if your ISP's DNS servers are slow/unreliable. Also, some can provide content |
- | **MTU: | + | **MTU: |
- | * (Default: 1500), | + | This is only for the WAN interface. It won' |
- | * Manual: Selecting manual lets you to enter a custom number in the field \\ beside it. Jumbo Frame sizes typically begin at a size of 2000 bytes. | + | |
- | **Use DHCP:** | + | |
+ | * Manual - Choosing this lets you to enter a custom number in the field beside | ||
- | **Single Line MLPPP**: This is similar to Multilink PPP (MLPPP). Multilink PPP is a version of the Point-to-Point Protocol which allows | + | **Use DHCP:** This function |
- | **Route Modem IP:** When using a separate modem and router, you typically use the modem in bridge mode, or PPPoE passthrough mode. That means you can't easily access the modem' | + | |
- | **Query Hilink Modem IP:** This function | + | **Single Line MLPPP**: This is outdated, and rarely used nowadays. |
- | **Call Custom Status Script: **TBD. | + | Multilink PPP is a version of the PPP protocol that lets you bond two or more physical connections to increase apparent bandwidth. \\ Single Line MLPPP is similar, but lets you use one modem to bond the bandwidth of multiple PPPoE sessions. \\ A side effect of using this is that it bypassed some Internet Providers' |
- | **Connect Mode: **This | + | **Route Modem IP: **This |
- | Some Internet Providers drop a connection if their router | + | * When using a separate modem and router, usually |
+ | * That means you can't easily access the modem' | ||
+ | * The router' | ||
+ | * Private addresses aren't routable, so by default, FreshTomato | ||
+ | * Route Modem IP adds a simple static route to the routing table, giving | ||
+ | * This makes the private address reachable via the WAN interface. | ||
+ | * The mask allows only one host, so only the modem is reachable on that subnet.\\ \\ | ||
- | (Default: | + | **Query Hilink Modem IP:** This function is only for Huawei USB modems supporting Hilink mode. (Default: |
- | **Redial Interval: ** When PPPoE dialling fails, the Redial Interval is used to delay each attempt for the defined number of seconds. (Default: 10 seconds). This allows more time for the PPPoE server | + | Some Huawei modems have a " |
- | **LCP Echo Interval: **The Link Control Protocol sends and receives frames between two peers to determine if they are still connected. The LCP Echo Interval is the period of time between these signals. This is typically used to verify a DSL modem still has a valid PPPoE connection to the Internet provider. (Default: 10 seconds). | + | \\ |
- | **LCP Echo Link fail limit: **This is the number of times LCP echo request checks | + | **Call Custom Status Script: ** TBD. |
+ | |||
+ | \\ | ||
+ | |||
+ | **Connect Mode: **This chooses the method used to keep the router connected to the Internet provider. (Default: Keepalive). | ||
+ | |||
+ | * Connect on Demand - will make FreshTomato disconnect from the ISP after the period in the //Max Idle Time// field. \\ FreshTomato will reconnect to the Internet a soon as any LAN client requests Internet access. | ||
+ | * Some ISPs drop a connection if their router detects no Internet activity. | ||
+ | * Keepalive - Selecting this makes FreshTomato send small [[https:// | ||
+ | * Redial Interval - Here, enter how often the router will check the Internet connection. (Default: 10 seconds). \\ This minimizes your Internet connection response time, since usually, the connection will always be up. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Redial Interval: ** When PPPoE dialling fails, the Redial Interval is used to delay attempts for the defined number of seconds. \\ This allows more time for the PPPoE server or network gear to restart proper functioning before trying a PPPoE connection again. \\ (Default: 10 seconds). \\ \\ | ||
+ | |||
+ | **LCP Echo Interval: **The Link Control Protocol sends and receives frames between two peers to verify they' | ||
+ | |||
+ | * LCP Echo Interval is the period between these signals. Usually, this is used to verify that a DSL modem' | ||
+ | * (Default: 10 seconds). | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **LCP Echo Link fail limit: **This is the number of times LCP echo requests | ||
+ | |||
+ | * The client DSL modem will then drop the PPPoE link. LCP will try to renegotiate a new PPPoE session. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Disable Watchdog: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Watchdog Mode: **This regularly checks that a given WAN connection is up. It is supported for DHCP, PPPoE, PPTP, L2TP, and 3G/4G/5G LTE connection types. Here, you choose which method is used to test the connection. | ||
+ | |||
+ | * Traceroute * | ||
+ | * Ping | ||
===== LAN ===== | ===== LAN ===== | ||
- | The LAN section includes information and settings to configure FreshTomato' | + | The LAN section includes information and settings to configure FreshTomato' |
+ | |||
+ | This includes FreshTomato' | ||
- | * LAN IP address and (sub)netmask | + | * LAN IP address and subnet mask |
* Spanning Tree Protocol function | * Spanning Tree Protocol function | ||
* DHCP server status and settings (through dnsmasq), such as scope and lease time | * DHCP server status and settings (through dnsmasq), such as scope and lease time | ||
* Stubby (DNS-over-TLS) setting and WINS settings | * Stubby (DNS-over-TLS) setting and WINS settings | ||
- | \\ \\ | + | \\ {{:pasted: |
- | **STP**: Checking or unchecking this enables or disables Spanning Tree Protocol. | + | **Bridge: |
- | **IP Address: | + | **STP**: This enables Spanning Tree Protocol |
- | **Netmask**: The (sub)netmask associated with FreshTomato' | + | **IP Address: |
- | **DHCP**: Checking this box enables the DHCP server functions in dnsmasq. Unchecking this disables | + | **Netmask**: The subnet mask associated with FreshTomato' |
- | **IP Range // | + | **DHCP**: |
+ | |||
+ | **IP Range // | ||
+ | |||
+ | **Lease Time (// | ||
+ | |||
+ | **Automatic IP**: Since release 2022.6, you can select this option if the router is in AP Mode, Wireless Ethernet Bridge Mode or Media Bridge Mode. This lets FreshTomato obtain a LAN IP via DHCP. \\ \\ | ||
+ | |||
+ | After saving settings, the router' | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | \\ | ||
- | **Lease Time (// | ||
===== Ethernet Ports State - Configuration ===== | ===== Ethernet Ports State - Configuration ===== | ||
- | [[https:// | + | [[https:// |
+ | |||
+ | \\ | ||
+ | |||
+ | **Enable Ports State: | ||
+ | |||
+ | **Show Speed Info: | ||
- | **Show Speed Info: | + | **Invert ports order: |
- | **Invert ports order: | ||
===== Wireless Band Steering ===== | ===== Wireless Band Steering ===== | ||
Line 143: | Line 287: | ||
[[https:// | [[https:// | ||
- | Options: | + | With Wireless Band Steering enabled, FreshTomato can assess on which band the client device should try to connect. It then " |
- | * Disable | + | * Disable |
* Enable | * Enable | ||
- | If you enable Wireless Band Steering, FreshTomato can decide, for each dual-band client device, on which band the client device should try to connect. | + | To achieve this, for all WiFi interfaces, enter the same: |
- | Note: client devices can also try to switch bands on their own, without Wireless Band Steering' | + | * SSID name |
+ | * Security settings | ||
+ | * Password | ||
+ | * Other settings | ||
- | This example shows the default parameters | + | Remember that client devices can also try to switch bands on their own, without |
- | <code -> | + | Wireless Band Steering is available starting with release 2020.8 |
- | Steer Policy: | + | |
- | max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3 | + | |
- | Rule Logic: OR | + | |
- | RSSI: Greater than | + | |
- | VHT: Allowed | + | |
- | NON VHT: Allowed | + | |
- | NEXT RF: NO | + | |
- | PHYRATE | + | |
- | LOAD BALANCE: NO | + | |
- | STA NUM BALANCE: NO | + | |
- | PHYRATE (LOW): Less than | + | |
- | N ONLY: NO | + | |
- | </ | + | |
- | \\ | + | \\ |
- | <code -> | ||
- | Steer Policy: | ||
- | max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2 | ||
- | Rule Logic: OR | ||
- | RSSI: Less than or Equal to | ||
- | VHT: Allowed | ||
- | NON VHT: Allowed | ||
- | NEXT RF: NO | ||
- | PHYRATE (HIGH): Greater than or Equal to | ||
- | LOAD BALANCE: NO | ||
- | STA NUM BALANCE: NO | ||
- | PHYRATE (LOW): Less than | ||
- | N ONLY: NO | ||
- | </ | ||
- | |||
- | \\ | ||
- | Wireless | + | ==== Wireless |
- | ===== Wireless (2.4 GHz / interface eth1) ===== | + | The Wireless (2.4 GHz) section displays information and settings for the 2.4 GHz wireless network interface. |
- | The Wireless (2.4 GHz) section displays information and settings for the wireless | + | Your device may show a different device name than eth1. FreshTomato hardware device numbers begin at " |
- | Your device may show a different device name than eth1. Note: FreshTomato hardware device numbers begin at 0. For example, the first Ethernet device might be called eth0. The second wireless device might be called wl1. | + | **Enable Wireless:** When checked, this turns on the 2.4 GHz WiFi interface. When unchecked, the 2.4 GHz WiFi interface is off. \\ \\ |
- | **Enable Wireless:** When checked, this turns on the 2.4 GHz Wi-Fi network | + | **MAC Address:** This displays the MAC address of the 2.4 GHz WiFi interface. |
- | **MAC Address:** This displays | + | **Wireless Mode:** This allows you to select |
- | **Wireless Mode:** This allows you to select the wireless mode (function) of the 2.4 GHz Wi-Fi network interface. | + | \\ |
- | ^ Wireless | + | ^ ^ |
+ | | **Wireless Mode** | ||
| \\ Access Point | \\ The (default) setting, which allows clients to connect to FreshTomato' | | \\ Access Point | \\ The (default) setting, which allows clients to connect to FreshTomato' | ||
| \\ Access Point WDS | \\ Sets the router in " | | \\ Access Point WDS | \\ Sets the router in " | ||
- | | \\ Wireless Client | + | | \\ Wireless Client |
- | | \\ Wireless Ethernet Bridge | + | | \\ Wireless Ethernet Bridge |
- | | \\ Media Bridge Mode | \\ Configures FreshTomato to connect to another router/ | + | | \\ Media Bridge Mode | \\ Configures FreshTomato to connect to another router/ |
| \\ WDS | \\ Serve as a [[https:// | | \\ WDS | \\ Serve as a [[https:// | ||
| //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/ | | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/ | ||
- | \\ **Wireless Network Mode: **This lets you choose which 802.11 | + | \\ **Wireless Network Mode: **This lets you choose which 802.11 |
- | * Auto: FreshTomato and Wi-Fi client devices negotiate the best wireless\\ protocol automatically. Generally, Auto is recommended, | + | The network modes available in this dropdown will depend on your hardware. |
- | * B Only: This allows Wi-Fi clients to connect using only the 802.11b protocol. | + | |
- | * G Only: This allows Wi-Fi clients to connect using only the 802.11n protocol. | + | |
- | * B/G Mixed: This allows clients to connect using either 802.11b/g protocols. | + | |
- | * N only: This allows clients to connect using only the 802.11n protocol only. | + | |
- | These apply only to the 2.4 GHz band interface. Separate Wireless Network Mode settings exist for any 5 GHz band interface. | + | * Auto: * FreshTomato and WiFi client devices negotiate the best protocol automatically. |
+ | * Auto is recommended, | ||
+ | * Compatibility issues can create many problems. The best settings are not always obvious. | ||
+ | * B Only: This allows WiFi clients to connect using only the 802.11b protocol. | ||
+ | * G Only: This allows WiFi clients | ||
+ | * B/G Mixed: | ||
+ | * N only: This allows clients to connect using only the 802.11n protocol. | ||
- | (Default: Auto) | + | These apply only to the 2.4 GHz band interface. There are separate Wireless Network Mode settings for any 5 GHz interface. |
- | **SSID: | + | \\ |
- | **Broadcast: **Checking this enables SSID broadcasting. | + | **SSID:** This is the network name (Service Set IDentifier) for the 2.4 GHz WiFi interface. For security reasons, you're advised not to include personal words which may indicate your identity, address, location, or equipment type. For example, “HELENLIUNG” would be a poor choice, unless you want everyone nearby |
- | **Channel: **Selects | + | **Broadcast: **Checking this enables SSID broadcasting. This “announces” |
- | | + | **Channel: **Selects the channel on which the 2.4 GHz radio interface will operate. Generally, it's best to choose a different channel than your neighbours are using. (Default: Auto). |
- | FreshTomato chooses and uses the channel it believes has the least interference. | + | * Auto: This default is generally safe unless there' |
+ | * Channel: This menu lets you manually choose available channels on the band. Unavailable channels won't appear here. \\ \\ | ||
- | * Channel: This menu lets you manually choose available Wi-Fi channels \\ on the band. Unavailable channels will not appear here. | + | **Channel Width: |
- | + | ||
- | **Channel Width: | + | |
* 20 MHz | * 20 MHz | ||
* 40 MHz | * 40 MHz | ||
- | 802.11n can use 40 MHz channel width, but to maintain compatibility with legacy systems, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel. | + | 802.11n can use 40 MHz channel width, but to maintain compatibility with legacy systems, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel. |
- | **Control Sideband: | + | **Control Sideband: |
* Upper | * Upper | ||
- | * Lower | + | * Lower \\ \\ |
- | **Security**: | + | **Security**: |
+ | |||
+ | * Disabled: | ||
+ | * This is a basically an unlimited security risk. | ||
+ | |||
+ | * WEP: This enables Wired Equivalent Privacy protocol. Avoid using this. It's obsolete due to serious vulnerabilities, | ||
+ | |||
+ | * WPA Personal: This enables WiFi Protected Access Protocol 1.x. WPA uses the RC4-based TKIP protocol. | ||
+ | * This lets hosts exchange pre-shared keys, for more security. | ||
+ | * While more secure than WEP, WPA still has weaknesses, like lower encryption standards. | ||
+ | * WPA2 is strongly encouraged instead of WPA. | ||
+ | |||
+ | * WPA Enterprise: also known as WPA-802.1X. It's similar to WPA Personal, but each user has their own username/ | ||
+ | * No common pre-shared key is used. | ||
+ | * WPA Enterprise doesn' | ||
+ | * WPA Enterprise is more secure against dictionary attacks on short passwords. | ||
+ | * This is suitable for larger, more formal networks. | ||
+ | |||
+ | * WPA2 Personal: WiFi Protected Access version 2 uses elements of the 802.11i standard. | ||
+ | * This supports mandatory use of AES encryption, so it is much more secure than older protocols. | ||
+ | * WPA2 Personal is recommended for small- to mid-sized, informal networks. | ||
+ | |||
+ | * WPA2 Enterprise: This enables the Enterprise version of WPA2. | ||
+ | * This uses WPA2, but each user has their own WiFi username/ | ||
+ | * WPA2 Enterprise is based on parts of 802.11i. | ||
+ | * This does NOT require a RADIUS server, but one is often used for legacy purposes for compatibility/ | ||
+ | * This is appropriate for larger, more structured networks. | ||
- | * Disabled: disables security entirely, leaving the network open to anyone. \\ Avoid using this, as it is an almost unlimited security risk. | ||
- | * WEP: enables Wired Equivalent Privacy protocol. Avoid using this. It's obsolete \\ due to serious vulnerabilities, | ||
- | * WPA Personal: enables Wi-Fi Protected Access Protocol (1.x). WPA uses the \\ RC4-based TKIP protocol, letting hosts exchange pre-shared keys more secure. \\ While more secure than WEP, WPA still has weaknesses, like lower encryption \\ standards. WPA is strongly discouraged in favour of WPA2 or higher. | ||
- | * WPA Enterprise: Also known as WPA-802.1X, this is similar to WPA Personal, \\ but each user has their own username/ | ||
- | * WPA2 Personal: Wi-Fi Protected Access version 2 uses elements of the\\ 802.11i standard, like mandatory support for AES encryption. This makes it\\ much more secure than older protocols. WPA2 Personal is recommended for small-\\ to mid-sized, informal networks. | ||
- | * WPA2 Enterprise: This enables the Enterprise version of WPA2. This uses WPA2, but\\ each user has their own Wi-Fi username/ | ||
* WPA / WPA2 Personal: | * WPA / WPA2 Personal: | ||
+ | |||
* WPA / WPA2 Enterprise: | * WPA / WPA2 Enterprise: | ||
- | * RADIUS: Enables FreshTomato' | ||
- | **Shared Key: | + | * RADIUS: Enables Remote Access Dialup User Service. |
+ | * This is designed for larger organizations. | ||
+ | * This uses a separate server to authenticate, | ||
+ | * This supports authentication via certificates, | ||
+ | * This is usually only for advanced users. \\ \\ | ||
+ | |||
+ | **Shared Key: | ||
+ | |||
+ | **Group Key Renewal: | ||
+ | |||
+ | Starting with release 2023.5, you can adjust | ||
+ | |||
+ | In releases up to 2023.4, you can set this within the following limits: 60 sec to 7200 sec [all routers] | ||
- | **Group Key Renewal: | ||
===== Wireless (5 GHz / interface eth2) ===== | ===== Wireless (5 GHz / interface eth2) ===== | ||
- | The Wireless (5 GHz) section displays information and settings for the wireless network interface on the 5 GHz Wi-Fi band. | + | The Wireless (5 GHz) section displays information and settings for the wireless network interface on the 5 GHz WiFi band. |
Your device may show a different device name than eth1. Note: FreshTomato hardware device numbers begin at 0. \\ For example, the first Ethernet device might be called eth0. The second wireless device might be called wl1. | Your device may show a different device name than eth1. Note: FreshTomato hardware device numbers begin at 0. \\ For example, the first Ethernet device might be called eth0. The second wireless device might be called wl1. | ||
- | Typically, the 5 GHz Wi-Fi band has higher bandwidth, but shorter distance propagation than the 2.4 GHz band. | + | Typically, the 5 GHz WiFi band has higher bandwidth, but shorter distance propagation than the 2.4 GHz band. |
- | **Enable Wireless: | + | **Enable Wireless: |
- | **MAC Address: | + | **MAC Address: |
- | **Wireless Mode: | + | **Wireless Mode: |
- | ^ Wireless Mode ^ Description | + | ^ ^ |
+ | | **Wireless Mode** | ||
| \\ Access Point | \\ The (default) setting, which allows clients to connect to FreshTomato' | | \\ Access Point | \\ The (default) setting, which allows clients to connect to FreshTomato' | ||
- | | \\ Access Point WDS | \\ Sets the router in " | + | | \\ Access Point WDS | \\ Sets the router in " |
- | | \\ Wireless Client | + | | \\ Wireless Client |
- | | \\ Wireless Ethernet Bridge | + | | \\ Wireless Ethernet Bridge |
- | | \\ Media Bridge Mode | \\ Configures FreshTomato to connect to another router/ | + | | \\ Media Bridge Mode | \\ Configures FreshTomato to connect to another router/ |
- | | \\ WDS | \\ Serve as a [[https:// | + | | \\ WDS | \\ FreshTomato will serve as a [[https:// |
| //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/ | | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/ | ||
- | | + | |
- | * Auto: On this setting, FreshTomato and Wi-Fi client devices | + | * Auto - On this setting, FreshTomato and WiFi clients |
- | * A Only: allows Wi-Fi clients to connect using only the 802.11a protocol. | + | * Auto is recommended unless you are highly experienced with networking/WiFi. |
- | * N Only: allows Wi-Fi clients to connect using only the 802.11n protocol. | + | * Compatibility issues can create problems. Often, the most “logical” setting is not the best. |
+ | * A Only - allows WiFi clients to connect using only the 802.11a protocol. | ||
+ | * N Only - | ||
+ | * N/AC mixed - allows clients to connect using only 802.11AC or 802.11N. | ||
+ | * AC Only - allows clients to connect using only the 802.11ac | ||
- | Note that releases before 2021.8 do NOT have a separate setting for 802.11ac. That only arrived with 2021.8 . | + | Note that releases before 2021.8 do NOT have a separate setting for 802.11ac. That only arrived with 2021.8. |
- | Separate Wireless Network Mode settings will exist for any 2.4 GHz band interface. See the 2.4 GHz section. \\ (Default: Auto) | + | Separate Wireless Network Mode settings will exist for any 2.4 GHz band interface. See the 2.4 GHz section. \\ (Default: Auto) \\ \\ |
- | **SSID: | + | **SSID: |
- | **Broadcast: | + | **Broadcast: |
- | **Channel: **Selects the channel on which the 5 GHz radio interface will operate. | + | **Channel: **Selects the channel on which the 5 GHz radio interface will operate. |
- | * Auto: This is the default, and is generally safe unless you have significant interference from nearby networks or other equipment. On this setting, FreshTomato chooses and uses the channel | + | Generally, it's a good idea to choose |
- | * Channel: This menu lets you manually | + | |
- | (Default: | + | * Auto: This default is generally safe unless there' |
+ | * On this setting, FreshTomato selects and uses the channel it believes has the least interference. | ||
+ | * Channel: This lets you manually choose from available channels on the band. Unavailable channels won't appear here. \\ \\ | ||
- | **Channel Width: | + | **Channel Width: |
- | * 20 MHz | + | * 20 MHz |
- | * 40 MHz | + | * 40 MHz |
- | * 80 MHz | + | * 80 MHz |
- | * 160 MHz | + | * 160 MHz (not yet supported. May be supported on some SDK714 models) |
- | The 20 MHz channels on the 5 GHz band have no overlap. Therefore, the 5GHz band is less prone to interference and noise. Larger channel widths provide more speed/ | + | |
- | 802.11N can use 40 MHz channel width, | + | 802.11N can use 40 MHz channel width. However, to maintain legacy |
- | **Control Sideband: | + | **Control Sideband: |
- | * Upper | + | Starting with release 2023.3, this menu will allow you to choose the exact control channel for use FixME! \\ \\ |
- | * Lower | + | |
- | **Security** | + | **Security:** This menu lets you select the security protocol that will be used on the 2.4 GHz WiFi interface. |
- | * Disabled: disables security entirely, leaving the network open to anyone. | + | * Disabled: |
- | * WEP: enables Wired Equivalent Privacy protocol. Avoid using this, as it is obsolete \\ due to serious vulnerabilities, | + | * This is a basically an unlimited |
- | * WPA Personal: enables Wi-Fi Protected Access Protocol (1.x). WPA uses the \\ RC4-based TKIP protocol, letting hosts exchange pre-shared keys more secure. \\ While more secure than WEP, WPA still has weaknesses, like lower encryption standards. \\ WPA is strongly discouraged in favour of WPA2 or higher. | + | |
- | * WPA Enterprise: Also known as WPA-802.1X, this is similar to WPA Personal, \\ but each user has their own username/ | + | |
- | * WPA2 Personal: Wi-Fi Protected Access version 2 uses elements of the\\ 802.11i standard, like mandatory support for AES encryption. | + | |
- | * WPA2 Enterprise: This enables the Enterprise version of WPA2. This uses WPA2, but\\ each user has their own Wi-Fi username/ | + | |
- | * WPA / WPA2 Personal: | + | |
- | * WPA / WPA2 Enterprise: | + | |
- | * RADIUS: Enables FreshTomato' | + | |
- | **Shared Key: | + | * WEP: enables Wired Equivalent Privacy protocol. Avoid using this. |
+ | * This is obsolete due to serious vulnerabilities, | ||
+ | |||
+ | * WPA Personal: | ||
+ | * This lets hosts exchange pre-shared keys, for more security. | ||
+ | * While more secure than WEP, WPA still has weaknesses, like lower encryption standards. | ||
+ | * WPA2 is strongly encouraged instead of WPA. | ||
+ | |||
+ | * WPA Enterprise: also known as WPA-802.1X. This is similar to WPA Personal, but each user has their own username/ | ||
+ | * No common pre-shared key is used. | ||
+ | * WPA Enterprise doesn' | ||
+ | * WPA Enterprise is more secure against dictionary attacks on short passwords. | ||
+ | * This is suitable for larger, more formal networks. | ||
+ | |||
+ | * WPA2 Personal: WiFi Protected Access version 2 uses elements of the 802.11i standard. | ||
+ | * This supports mandatory use of AES encryption. It is much more secure than older protocols. | ||
+ | * WPA2 Personal is recommended for small to mid-sized, informal networks. | ||
+ | |||
+ | * WPA2 Enterprise: This enables the Enterprise version of WPA2. | ||
+ | * This uses WPA2, but each user has their own WiFi username/ | ||
+ | * WPA2 Enterprise is based on parts of 802.11i. | ||
+ | * This does NOT require a RADIUS server, but one is often used for legacy purposes for compatibility and security. | ||
+ | * This is appropriate for larger, more structured networks. | ||
+ | |||
+ | * WPA / WPA2 Personal: This uses WPA2 Personal, and if that fails, allows WPA security | ||
+ | |||
+ | * WPA / WPA2 Enterprise: This uses WPA2 Enterprise, or WPA. | ||
+ | |||
+ | * RADIUS: Enables Remote Access Dialup User Service. | ||
+ | * This is designed for larger organizations. | ||
+ | * This uses a separate server to authenticate, | ||
+ | * This supports authentication via certificates, | ||
+ | * This is usually only for advanced users. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Shared Key: | ||
+ | |||
+ | **Group Key Renewal: | ||
+ | |||
+ | (Default: 3600 seconds). Please see the first wireless radio unit for more infos! | ||
+ | |||
+ | |||
+ | ===== Network Notes and Troubleshooting ===== | ||
+ | |||
+ | ==== Tune Route Cache ==== | ||
+ | |||
+ | Specifically, | ||
+ | |||
+ | \\ | ||
+ | |||
+ | <code bash> | ||
+ | # 2018-01-19 | ||
+ | # Reduce and flush the route cache to ensure a more synchronous load-balancing across multi-wan | ||
+ | # https:// | ||
+ | |||
+ | /bin/echo 1 > / | ||
+ | /bin/echo 1 > / | ||
+ | /bin/echo 0 > / | ||
+ | /bin/echo 1 > / | ||
+ | /bin/echo 1 > / | ||
+ | /bin/echo 1 > / | ||
+ | /bin/echo 1 > / | ||
+ | /bin/echo 0 > / | ||
+ | /bin/echo 1 > / | ||
+ | /bin/echo 1 > / | ||
+ | |||
+ | #Causes connectivity issues if this value is too small, use defaults or tune accordingly | ||
+ | /bin/echo 512 > / | ||
+ | </ | ||
+ | |||
+ | | ||
+ | |||
+ | ==== Baby Jumbo Frames ==== | ||
+ | |||
+ | Support for Baby Jumbo Frames (RFC 4638) was added starting with release 2021.3. This function works only on gigabit routers. Not all ISPs support Jumbo Frames for PPPoE (RFC 4638). | ||
+ | |||
+ | To enable Baby Jumbo Frames: | ||
+ | |||
+ | * Go the Miscellaneous menu. Check //Enable jumbo frame support// in that menu. The router | ||
+ | * In the Network menu, Set the MTU option to manual, and enter an MTU value of 1500 for PPPoE operation. (Usually, packet size will be 1492) | ||
+ | * Clamping can be manually disabled, if needed. (Type '' | ||
+ | * Ping with packet size 1472 to verify that you have a working PPP MTU of 1500. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | |||
+ | ==== Wireless Band Steering ==== | ||
+ | \\ | ||
+ | This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band: \\ | ||
+ | \\ | ||
+ | <code -> | ||
+ | Steer Policy: | ||
+ | max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3 | ||
+ | Rule Logic: OR | ||
+ | RSSI: Greater than | ||
+ | VHT: Allowed | ||
+ | NON VHT: Allowed | ||
+ | NEXT RF: NO | ||
+ | PHYRATE (HIGH): Greater than or Equal to | ||
+ | LOAD BALANCE: NO | ||
+ | STA NUM BALANCE: NO | ||
+ | PHYRATE (LOW): Less than | ||
+ | N ONLY: NO | ||
+ | </ | ||
+ | \\ | ||
+ | | ||
+ | This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band: \\ | ||
+ | \\ | ||
+ | <code -> | ||
+ | Steer Policy: | ||
+ | max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2 | ||
+ | Rule Logic: OR | ||
+ | RSSI: Less than or Equal to | ||
+ | VHT: Allowed | ||
+ | NON VHT: Allowed | ||
+ | NEXT RF: NO | ||
+ | PHYRATE (HIGH): Greater than or Equal to | ||
+ | LOAD BALANCE: NO | ||
+ | STA NUM BALANCE: NO | ||
+ | PHYRATE (LOW): Less than | ||
+ | N ONLY: NO | ||
+ | </ | ||
- | **Group Key Renewal: | + | \\ |