Differences

This shows you the differences between two versions of the page.

--- basic-network [2022/03/25 08:34] – add recommendation for Wireless Ethernet Bridge m_ars
+++ basic-network [2025/08/28 03:25] (current) – old revision restored (2025/08/28 03:10) hogwild
@@ Line 1: / Line 1: @@
 ====== Network ======
-The Network page includes most settings needed to configure the network. It is divided into sections including MultiWAN, WAN Settings, Ethernet Ports Configuration, LAN and Wireless setttings.
+This page includes most basic settings needed to configure a network. Its sections include MultiWAN, WAN Settings, Ethernet Ports Configuration, LAN and Wireless settings.
+Default settings are denoted with an asterisk (" * ")
+ \\
 ===== MultiWAN =====
-{{:pasted:20220318-155543.png}}
+{{:pasted:20220318-155543.png?457}}
-**Number of WAN ports**: This lets you select the number of WAN ports to be used on the device. On routers with only one physical WAN interface, options with WAN ports larger than one will be greyed out. This allows you to select only “1 WAN” on such devices.
+ \\
-**Tune route cache**: for multiwan in load balancing mode - This is a suggested settings if two or more of your WANs have a weight higher than 0. Basically to improve the worload sharing some kernel tweaks are needed. Enabling this option you specifically affect the following:
+**Number of WAN ports**: lets you select the number of WAN ports to be used on the device.
-<code bash>
+On models with 1 physical WAN interface, only “1 WAN” can be selected. Other options are greyed out.
-# 2018-01-19
-# Reduce and flush the route cache to ensure a more synchronous load-balancing across multi-wan
-# https://vincent.bernat.im/en/blog/2011-ipv4-route-cache-linux
-/bin/echo 1 > /proc/sys/net/ipv4/route/flush
+ \\
-/bin/echo 1 > /proc/sys/net/ipv4/route/secret_interval
-/bin/echo 0 > /proc/sys/net/ipv4/route/min_delay
-/bin/echo 1 > /proc/sys/net/ipv4/route/max_delay
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_interval
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_elasticity
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_min_interval_ms
-/bin/echo 0 > /proc/sys/net/ipv4/route/gc_min_interval
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_thresh
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_timeout
-#Causes connectivity issues if this value is too small, use defaults or tune accordingly
+**Tune route cache**: is used for MultiWAN configurations with load balancing.
-/bin/echo 512 > /proc/sys/net/ipv4/route/max_size
-</code>
-**Check Connections Every: **This is a quick way to make FreshTomato automatically test the reliability of your WAN connection. (Default: Disabled). Choosing any setting other than [Disabled] will execute the Watchdog script. The Watchdog script uses ping or traceroute to test WAN connection status.
+Recommended when 2 or more WANs have weight > "0". It uses kernel tweaks to improve workload sharing.
-This setting specifies how often you want the router to send ICMP ping packets to check that it is still connected to the Internet. Choosing any setting other than Disabled will make the Target 1 and Target 2 fields appear.
+For details, see the [[basic-network#network_notes_and_troubleshooting|Notes and Troubleshooting]] section below.\\  \\
-**Target 1: **Address of first host you want FreshTomato to ping regularly (Default: Google.com)\\ **Target 2:** Address of second host you want FreshTomato to ping regularly (Default: Microsoft.com)  \\   \\
+**Check Connections Every: **makes FreshTomato automatically test WAN link reliability.
-===== WAN Settings =====
+This sets how often the router tests a WAN connection. Any option but Disabled runs the Watchdog script. \\ and reveals the "Target 1" / "Target 2" fields.
-Settings in this section are used to configure the WAN interface.
+ \\
-**Type: **This sets the connection mode the WAN interface uses to connect to your ISP. Depending on which Type you select, other configuration settings specific to that type of connection will be shown or hidden. See below. (Default: DHCP). The Type setting will depend on your ISP's setup.
+  * Target 1 -** **the address of the first host to ping \\ Google.com *
+  * Target 2 - the address of the second host to ping \\ Microsoft.com *
-**DHCP**: A DHCP server at your ISP will dynamically assign a WAN IP lease to your FreshTomato router. DHCP uses no authentication.
+ \\
-**PPPoE**: The router's WAN port will respond to authentication requests from your ISP's PPPoE server. This will require you to store in FreshTomato the PPPoE username and password that were assigned by your ISP. If authentication is successful, the PPPoE server will allow you to log on to the ISP's network, and a DHCP server will assign you a WAN IP lease. PPPoE is most often used for DSL networks, again with exceptions. It is suggested you leave the Service Name field blank.\\  Note: If you use your FreshTomato router for PPPoE authentication, you should ideally configure your DSL or cable modem for bridge mode. Otherwise, if your modem and router both have routing functions enabled, you have a situation called “Double NAT”. Double NAT may create various problems, such as VoIP issues, and reduced speed.
+(Default: Disabled).
-Starting with release 2021.3, support for Baby Jumbo Frames (RFC 4638) was added. FreshTomato will try to increase the WAN interface MTU to 1508. That is a PPPoE MTU/MRU value of 1500 with an 8 byte overhead. (Default is 1492).
+ \\
-To enable Baby Jumbo Frames:
-  - Enable jumbo frame support in the [[:advanced-misc|Miscellaneous]] menu. (The router will reboot. This works only on gigabit routers).
+==== WAN(x) Settings ====
-  - Set MTU to 1500 for PPPoE.
-  - Clamping can be disabled manually if needed \\ (Type //nvram set tcp_clamp_disable=1// at a FreshTomato command prompt).
-Then verify (using ifconfig or ipconfig to ping with packet size 1472) that you have a working PPP MTU of 1500. Not all ISPs support RFC 4638. Usually, packet size will be 1492.
+Settings here are used to configure the WAN interface. These depend on your ISP.
-**Static: **This choice will configure your WAN port with a static IP. You must manually enter the static IP, subnet mask, gateway address and DNS server addresses into FreshTomato. These settings are given to you by your ISP. Static mode is typically used for business accounts, when it's important the IP address doesn't change.
+Depending on the selected type, specific connection settings will be shown or hidden.
-**PPTP**: This configures the WAN port to use Microsoft's PPTP (VPN) tunnelling protocol to connect. PPTP has encryption to provie some security, so your account credentials can't be stolen easily. PPTP will require you to enter a username and password, and gateway server settings (given by your ISP).
+ \\
-**L2TP: **Choosing this will configure your WAN port to connect using Cisco's Layer Two Tunnelling Protocol. FreshTomato will require you enter the L2TP username, password, L2TP server, (static) IP address, subnet mask and gateway settings, as provided by your ISP. By default, only L2TP control messages are encrypted, not content. L2TP provides a tunnel for layer 2 protocols. Content is encrypted by layer 2 protocols, such as Ethernet or PPP.
+**Type:  **sets the connection mode the WAN interface uses to connect to your ISP. (Default: DHCP).  \\   \\ {{::basic-network-wan0_settings-type-2025.3-default_theme.png?300}}
-**3G modem: **This setting will enable support for a 3G GSM (cellular) network dongle connected to a USB port. Always ensure USB and 3G/4G modem support are checked in the [[:usb_support|USB Support ]]menu or this mode might not work. The modem might not be detected.
+ \\
-**4G/LTE: **This enables support for fourth generation GSM (cellular) / LTE USB modem dongles. When choosing 4G/LTE, the PIN code and APN fields will appear, and must be completed with correct settings (see descriptions below). Always ensure USB and 3G/4G modem support are checked in the [[:usb_support|USB Support]] menu for this mode to work. If the modem is not detected, check FreshTomato has USB Support enabled in the [[:usb_support|USB Support ]]menu.
+  * [DHCP]** **- Your ISP's DHCP server dynamically assigns a WAN IP lease to FreshTomato.
+    * DHCP uses no use authentication, so it is not secure. \\  \\
-**Disabled: **Disables the physical WAN port on your router. This effectively makes your FreshTomato device function only as a switch (if it has switching functions) and/or a WiFi access point (if it has those capabilities).
+  * [PPPoE]** **- The WAN port responds to authentication from the ISP PPPoE server.
+    * Usually used on DSL networks.
+    * User Name, Password, Service Name, and Options fields appear.
+    * Freshtomato stores the User Name / Password you enter.
+    * If authentication succeeds, the PPPoE server allows logon to the ISP.
+    * Since r2021.3, support for Baby Jumbo Frames (RFC 4638) \\ was added to the [[advanced-misc|Miscellaneous]] menu.
+    * When using Baby Jumbo Frames, set MTU to 1500, to match \\ the Baby Jumbo Frames change. (See: [[basic-network#network_notes_and_troubleshooting|Notes and Troubleshooting]]).\\  \\
-**Wireless Client Mode: **This enables FreshTomato's Wireless Client mode. Wireless client mode allows the FreshTomato router to act as a client and connect to another router/AP, much like a normal wireless network adapter. (For more details on wireless modes, see Wireless Mode tables below).
+  * [Static]** **- will configure your WAN port with a static IP.
+    * You must enter these settings from your ISP here:
+      * Static IP address
+      * Subnet mask
+      * Gateway address
+      * DNS server addresses \\ \\
-  * **Disabled: **FreshTomato's Wireless Client mode will be disabled.
+  * [PPTP]** **- configures the WAN port to connect using PPTP protocol.
-  * **2.4 GHz**: FreshTomato will enable Wireless Client mode on the 2.4 GHz interface.
+    * User Name, Password, Gateway, PPTP Gateway, Options fields appear.
-  * **5 GHz**: FreshTomato will enable Wireless Client mode on the 5 GHz interface.
+      * After you enter the User Name / Password, FreshTomato stores them.
+      * Other settings required must be obtained from your ISP.\\  \\
- \\   \\  [[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=a7f6d02036b882f562f1d0ea6954a99f.png|{{:a7f6d02036b882f562f1d0ea6954a99f.png}}]]  \\   \\
+  * [L2TP]** **- configures the WAN port to connect using Layer Two Tunneling Protocol.
+    * FreshTomato requires you to enter these L2TP settings (from your ISP):
+      * Uusername, password, server static IP/mask, gateway address. \\  \\
-**Modem device: **Here you specify the 3G modem's Linux device path/filename. If you're not sure what to choose, check the USB support page to see if your modem dongle is listed there. The Default device filename is the first serial device on the first USB port: (/dev/ttyUSB0). The “TTY” part of the device's filename represents a serial device and the “USB0” part of the device's filename means that device is connected to the first USB port on the FreshTomato machine. The /ttyUSB devices use the newer Serial→USB device driver framework. If your interface lists, for example, “/dev/ttyACM0 instead, the “ACM” means the device is of type “Abstract Control Model”, which uses Linux's serial modem driver framework. To ensure your modem is detected, check FreshTomato has USB Support enabled in the [[:usb_support|USB Support]] menu.
+  * [3G modem]** **- enables support for 3G cellular USB modems.
+    * To detect modems, enable USB and 3G/4G/5G modem support in [[nas-usb|USB Support]].\\  \\
-You could also log on to FreshTomato via Telnet and use the lsusb or dmesg commands to get device info. When you set 3G modem or 4G/LTE as the WAN type, other fields will appear, prompting you for more information.
+  * [4G/LTE]** **- enables support for 4th generation cellular USB modems.
+    * PIN code and APN fields appear in which you must enter settings.
+    * To detect modems, enable USB and 3G/4G/5G modem support in [[nas-usb|USB Support]]. \\  (The latter applies to releases before r2025.3).\\
-**PIN Code: **This is the 3-digit PIN code for the SIM card associated with your cell account. Leave this field blank if your SIM card code has been deactivated.
+  * [Disabled]** **- disables the physical WAN port on the router.
+    * This makes your device function only as a switch (if capable) and/or;
+    * It may effectively make your device function as a WiFi AP (if capable). \\  \\
-**Modem init string: **Here, you enter the modem's default initialization string. This will come from your cell provider, or the modem manufacturer. (Default: *99#).
+ \\ **Wireless Client Mode:  **enables FreshTomato's Wireless Client mode.
-**APN: **The access point name (provided by your carrier). This specfies a gateway to route data between your cell carrier and the Internet. (Default: internet).
+This lets the router act as a client WiFi adapter to connect to another router/AP.
-**Username: **Here you enter the username to access your cell carrier's APN (provided by your cell carrier) gateway. \\ Some carriers don't require this info.
+ \\
-**Password: **Here you enter the password to authenticate to your cell carrier's APN (provided by your cell carrier) gateway. \\ Some carriers do not require this info.
+  * [Disabled] - disables the wireless Client mode.
+  * [2.4 GHz] - enables Wireless Client mode on the 2.4 GHz band.
+  * [5 GHz] - enables Wireless Client mode on the 5 GHz band.
-**Network Type: **This menu appears when WAN type is set to 4G/LTE. (Default setting: 4G/3G/2G). The default setting configures FreshTomato to start negotiating with a 4G connection, and, if that fails, fall back to negotiating a 3G connection, and failing that, a 2G connection.
+ \\   \\ **Load Balance Weight:**   appears only when number of WANs > 1. Valid settings are: (0 - 256).\\
-**DNS Server: **
+{{:pasted:20240219-103900.png?550}}\\  \\
-  * AUTO - FreshTomato uses the DNS server addresses included in your Internet Provider's DHCP lease.
+In MultiWAN configuration, FreshTomato performs load sharing on link traffic. Giving each interface a Load Balance Weight adjusts how it participates in MultiWAN activities.
-  * Manual - This enables FreshTomato's DNS server function (in dnsmaq). Selecting this causes the "DNS 1" and "DNS 2" fields to appear.
-    * **DNS 1:**  Enter the first DNS server address here. (only when DNS Server is set to Manual).
-    * **DNS 2:**  Enter the second DNS server address here. (only when DNS Server is set to Manual).
-\\  Manually chosen DNS servers are useful if your ISP's DNS servers are slow or unreliable, or can be used for parental filtering.
+Load sharing is done on a per-session basis to avoid issues with interactive traffic such as:
-**MTU:**  Maximum Transmission Unit, the maximum size of Ethernet frames to be transferred between WAN and LAN. \\ This is only for the WAN interface and won't alter client devices on the LAN. However, MTU size differences among devices can cause issues.
+ \\
-  * (Default: 1500), is typical for Ethernet devices, and is usually suitable. \\ When Default is selected, the number in the Manual field is greyed out \\ and can't be changed.
+  - Real-time voice
-  * Manual: Selecting manual lets you to enter a custom number in the field \\ beside it. Jumbo Frame sizes typically begin at a size of 2000 bytes.
+  - Video
+  - Remote Desktop / RDP
-**Use DHCP:**  This function is rarely used, and it is recommended you leave it disabled. On a few Internet providers, addressing is separated from PPPoE functionality. TBD.
+ \\
-**Single Line MLPPP**: This is similar to Multilink PPP (MLPPP). Multilink PPP is a version of the Point-to-Point Protocol which allows you to bond two or more physical connections to increase the bandwidth available. Single Line MLPPP is a version which lets you use one modem, but bond the bandwidth of multiple PPPoE sessions. A side effect of using this is that it bypassed some Internet Providers' bandwidth throttling. This is rarely used nowadays.
+Per-packet loadsharing isn't recommended when link speeds vary. It can generate out-of-order packets, making interactive traffic unusable.
-**Route Modem IP:**  When using a separate modem and router, you typically use the modem in bridge mode, or PPPoE passthrough mode. That means you can't easily access the modem's LAN interface when it's behind the router. This is because FreshTomato's WAN interface will get a public IP address, whereas the modem will be reachable via a private LAN address, for local administration only. Since private addresses are not routable on the Internet, FreshTomato would block the LAN > WAN > MODEM PRIVATE IP traffic, by default. The Route Modem IP function adds a simple static route in FreshTomato's routing table to make the modem a private IP on a /32 subnet, reachable via the WAN interface. That subnet mask allows only one host, so only the modem will be reachable. You can then communicate with the modem without having to resort to other, more difficult measures. (Default: Off)
+\\  \\ //**Example: Load Balance Weight: 0  (Failover)**//
-**Query Hilink Modem IP:**  This function is specifically for Hilink brand modems. (Default: Disabled).
+ \\ \\ If "0" is used, FreshTomato won't route traffic when other WAN interfaces are functioning. However, if all other WAN interfaces with weight  ≥ "1" fail, a WAN connection with weight "0" will automatically enable. Then, when an interface with weight "0" is automatically enabled, it is assigned weight "1," enabling failover functionality.
-**Call Custom Status Script: **TBD.
+ \\
-**Connect Mode: **This chooses which method is used to keep the FreshTomato router connected to the Internet provider. Selecting //Connect on Demand//  will make FreshTomato disconnect from the Internet provider after the time period specified in the //Max Idle Time//  field. FreshTomato will reconnect to the Internet a soon as one of its LAN clients requests Internet access.
+For example, say:
-Some Internet Providers drop a connection if their router sees no Internet activity. If you select //Keepalive, //FreshTomato will send small [[https://en.wikipedia.org/wiki/Keepalive#TCP_keepalive|keepalive]] packets at specified, brief intervals. This will make the connection appear to the Internet Provider as if there is intermittent activity, even when no FreshTomato clients request Internet access. //Redial Interval: //Here, enter the time in seconds for how often the router should check the Internet connection. (Default: 10 seconds). This option minimizes your Internet connection response time, since generally, the connection will always be up.
+ \\
-(Default: Keepalive).
+  * There are 2 WANs
+  * WAN0="weight 0"
+  * WAN1="weight 1" \\
-**Redial Interval: **  When PPPoE dialling fails, the Redial Interval is used to delay each attempt for the defined number of seconds. (Default: 10 seconds). This allows more time for the PPPoE server or network infrastructure to start functioning properly again before attempting another PPPoE connection.
+ \\
-**LCP Echo Interval: **The Link Control Protocol sends and receives frames between two peers to determine if they are still connected. The LCP Echo Interval is the period of time between these signals. This is typically used to verify a DSL modem still has a valid PPPoE connection to the Internet provider. (Default: 10 seconds).
+In this example, routing would proceed as follows:
+ \\
+  - When the failure of WAN1 is detected, WAN0 will activate \\ (assigned with weight: "1") and begin routing packets.
+  - Later, WAN1 recovers its connectivity. As soon as FreshTomato \\ notices, (seconds/minutes), WAN0 will be reset to idle status \\ while traffic is rerouted through the revived WAN1.
+ \\
+Recovery back to the originally-active interface is called //preempting//.** **It's the default (fixed) behavior.\\  \\  \\ //**Example: Load Balance Weight: 1**//
+\\ Any value > "0" makes an interface actively route packets.
+A weight of "1" isn't very meaningful, since weights are relative. Each weight is compared to others to direct functionality.
+A good way to understand this is:
+ \\
+  * "1=100%
+  * "0=0%"
+  * Thus, if: \\ WAN0=“weight 0” and \\ WAN1=“weight 1”, then\\ WAN1 would handle 100% of the traffic.
+ \\ \\ //**Example: Load Balance Weight: 5**//
+ \\ \\ Basically, an interface set to weight: "5" would handle 5 new sessions before any other interface was used.\\  \\ For example, say we have 3 WANs, as follows: \\
+  * WAN0 = weight 0
+  * WAN1 = weight 1
+  * WAN2 = weight 5
+ \\ \\ In this example, routing would proceed as follows:
+ \\
+  - WAN0 would be used only if WAN1 and WAN2 are failing/unable to route.
+  - WAN1 would handle the first new LAN client session through the router.
+  - WAN2 is set to handle the second, third, fourth, fifth and sixth sessions.
+  - The seventh new session would be treated as another, first new LAN client, \\  so would start again from WAN1.
+  - WAN2 would then handle the next five new sessions, (eighth through twelfth).
+ \\ \\ **These settings affect only outbound traffic.** Return traffic tries to return via the WAN interface it came from.
+Allocation of new sessions to a WAN is dynamic. You can set which traffic is allocated to each Interface ("sticky connection") in [[advanced-pbr|MultiWAN routing]].
+ \\
+**Modem device: **here, specify the 3G/4G/5G modem's Linux device path/filename.
+ \\ {{::basic-network-wan0_settings-modem_device_to_apn-default_theme-2025.png?475}}\\  \\
+  * Check your modem is listed in [[dongle_compatibility|3G/4G/5G Dongle compatibility]]. \\ \\
+  * If it isn't detected, enable //3G/4G/5G modem// and //USB support// in [[nas-usb|USB Support]]. \\ \\
+  * If WAN type is 3G or 4G/LTE, fields appear asking for more input. \\ \\
+  * The default device filename is the first serial device on the first USB port:
+    * For example, (in "/dev/ttyUSB0"), the “tty” represents a serial device.
+    * “USB0” in the filename means the device is connected to the first USB port.
+    * Devices listed as "/ttyUSB" use the Serial→USB device driver framework. \\ \\
+  * “ACM” in the device name type means a device type of: “Abstract Control Model” \\ \\
+  * To get modem details, log on via Telnet/SSH and use "lsusb" or "dmesg".
+ \\
+**PIN Code: **the 3-digit PIN code for the SIM card associated with your cell account.
+  * Leave this blank if your SIM card code was deactivated. \\
+ \\
+**Modem init string: **enter the modem's default initialization string.
+  * This is obtained from your cellular provider or modem manufacturer. (Default: *99#).
+ \\
+**APN: **the access point name (provided by your cell carrier).
+  * Sets a gateway to route data between the carrier and the Internet.
+  * (Default: "internet").
+ \\
+**Username: **the (carrier-provided) username to access your cell carrier's APN gateway.
+  * This field appears only when PPPoE, PPTP, or L2TP is selected in the //Type// menu.
+ \\
+{{::basic-network-wan0_settings-username_to_options-default_theme-2025.3.png?375}}
+ \\
+**Password: **the (carrier-provided) password to authenticate to your carrier's APN gateway.
+  * This field appears only when PPPoE, PPTP, or L2TP is selected in the //Type// menu.
+ \\
+**Service Name:** the service name of the connection with your ISP.
+  * Most ISPs don't require a value here, so a blank entry is usually fine. \\ Very few small DSL or Fibre providers will require it. With those \\ providers, you must include it, you won't be able to log on to their network.
+ \\
+**Options:  **here, you can enter optional settings/parameters for certain connection types.
+  * This field appears only when PPPoE, PPTP or L2TP is chosen as the Connection Type.
+\\
+**Network Type: **appears when 4G/LTE WAN type is selected. (Default: 4G/3G/2G).
+  * The default makes FreshTomato start negotiating with a 4G connection. \\ If that fails, it falls back to negotiating 3G. Finally, it tries a 2G connection. FIXME
+ \\
+**DNS Server: ** here, you configure the DNS servers to use for name resolution.
+ \\
+{{::basic-network-wan0_settings-dns_server-default_theme-2025.3.png?400}}\\  \\
+  * [AUTO] * - FreshTomato uses DNS server addresses offered \\ to your router in your ISP's  DHCP lease. \\ \\
+  * [Manual] - enables DNS the server functions in dnsmasq. \\ This makes the "DNS 1" and "DNS 2" fields appear.
+    * DNS 1 - enter the IP address of your first DNS server here.
+    * DNS 2 - enter the IP address of your second DNS server here.
+ \\
+Manually-set DNS servers can be useful if your ISP DNS servers are slow/unreliable.\\
+ \\
+**MTU:**  sets the Maximum Transmission Unit/Ethernet frame size for WAN<-->WAN traffic.\\   \\   \\ {{::basic-network-wan0_settings-mtu_to_query_hilink_modem_ip-default-theme-2025.3.png?400}}\\   \\
+  * [Default: 1500] * - fine for most Ethernet devices. \\ Choosing it greys out the Manual field.
+  * [Manual] - Enter a custom value. Jumbo Frames \\ start at 2000 bytes.
+ \\ Different MTU sizes across devices may cause issues.
+This applies only to the WAN interface and won't affect LAN traffic.
+\\
+**Use DHCP:**  is rarely used. Usually, you should leave it disabled.
+  * Very few Internet providers separate addressing from PPPoE functions.
+ \\
+**Single Line MLPPP:** is outdated, and rarely used now.
+This Multilink PPP version lets a modem bond the bandwidth of multiple PPPoE sessions.\\  \\
+**Route Modem IP: **allows quick access to a modem/device "behind a router" with a setting change.
+ \\
+{{::basic-network-wan0_settings-route_modem_ip_to_call_custom_status_script-default_theme-2025.3.png?400}}\\  \\
+  * When using separate modem and router, usually the modem is in bridge mode or \\ passthrough mode. This makes it hard to access the modem's LAN interface, \\ as it's "behind" the router. \\ \\
+  * The router's WAN interface has a public address, but the modem is reachable \\ only via a private LAN address. \\ \\
+  * Private addresses aren't routable, so by default, FreshTomato blocks any traffic\\ travelling from LAN --> WAN --> (MODEM with PRIVATE IP). \\ \\
+  * Route Modem IP adds a static route to the routing table, giving the modem a\\ private address on a /32 subnet. This makes the private address reachable via \\ the WAN interface, and thus via the LAN. \\ \\
+  * The mask allows only one host, so only the modem is reachable on that subnet.
+ \\
+Default: blank/off.
+\\
+**Query Hilink Modem IP:** is for Huawei USB modems with Hilink mode.
+This lets you communicate with a modem in Hilink mode connected to a LAN device other than the router.
+This can be useful for monitoring modem statistics/signal strength.
+(Default: 0.0.0.0/Disabled).
+ \\
+**Call Custom Status Script: ** allows you to define and execute a custom shell script.
+This can be useful for monitoring or to report router status.
+ \\
+**Connect Mode: **here, select the method to keep the router connected to the Internet provider.
+ \\ {{::basic-network-wan0_settings-connect_mode_to_lcp_echo_liink_fail_limit-2025.3.png?500}}
+ \\
+  * [Connect on Demand] - makes the router disconnect from the ISP after \\ the //Max Idle Time//. FreshTomato reconnects to the Internet as soon as \\ a LAN client requests Internet access. \\
+    * IP to trigger connect - the IP address whose activity will \\ trigger FreshTomato to reconnect to the Internet.
+    * Max idle time - the maximum period of inactivity after which \\ the router disconnects from the internet if no LAN client \\ is requesting access.\\ \\
+  * [Keepalive] * - makes FreshTomato send keepalive packets at specified intervals. \\ Some ISPs drop the connection if they detect no Internet activity. \\ This option makes FreshTomato send [[https://en.wikipedia.org/wiki/Keepalive#TCP_keepalive|keepalive]] packets at brief, \\ specified intervals. The ISP "sees" this intermittent activity \\ when no clients request Internet and maintains the connection.  \\
+    * Redial Interval - how often FreshTomato checks the WAN connection. \\ This minimizes Internet connection response time, as usually \\ the connection will be up. (Default: 10 seconds).
+ \\
+**Redial Interval: **if PPPoE dialing fails, this delays attempts for a defined number of seconds.
+This allows the PPPoE server/network gear more time to restart before re-establishing a PPPoE link. \\ (Default: 10 seconds). FIXME-Same explanation as under Keepalive?
+ \\
+**LCP Echo Interval: **Link Control Protocol exchanges frames between 2 peers to check they're connected.  \\
+  * LCP Echo Interval is the time, in seconds between these signals.
+  * Usually used to check a DSL modem's PPPoE connection to the ISP.
+  * (Default: 10).
+ \\
+**LCP Echo Link fail limit:** number of failed echo requests between peers before a link is deemed down.
+  * The client modem will then drop the PPPoE link.
+  * LCP will then try to renegotiate a new PPPoE session.
+ \\
+{{::basic-network-disable_watchdog_to_watchdog_mode-2025.3.png?400}}
+ \\
+**Disable Watchdog: **disables the Watchdog function, only for the WAN connection in the menu.
+Default: unchecked.
+ \\
+**Watchdog Mode: **regularly checks a given WAN connection is up.
+This setting allows you to choose the method used to test the connection.
+ \\
+  * Traceroute *
+  * Ping
+ \\
+Watchdog supports the following connection types:
+ \\
+  - DHCP
+  - PPPoE
+  - PPTP
+  - L2TP
+  - 3G/4G/5G LTE
+ \\
-**LCP Echo Link fail limit: **This is the number of times LCP echo request checks can fail between two LCP peers before the status is deemed to be dead. The client DSL modem will then drop the PPPoE link. When the link is terminated, LCP will try to renegotiate a new PPPoE session.
 ===== LAN =====
-The LAN section includes information and settings to configure FreshTomato's LAN interface functions. This includes FreshTomato's:
+The LAN section includes information and settings to configure FreshTomato's LAN interface functions.\\   \\ {{::basic-network-lan.png?799}}
-  * LAN IP address and (sub)netmask
+ \\
-  * Spanning Tree Protocol function
-  * DHCP server status and settings (through dnsmasq), such as scope and lease time
-  * Stubby (DNS-over-TLS) setting and WINS settings
-\\   \\  [[https://wiki.freshtomato.org/lib/exe/fetch.php?tok=301c77&media=https://wiki.freshtomato.org/lib/plugins/ckgedit/fckeditor/userfiles/image/basic-new.png|{{https://wiki.freshtomato.org/lib/plugins/ckgedit/fckeditor/userfiles/image/basic-new.png?966x219|LAN settings}}]]  \\   \\ **Bridge: **Selects the bridge whose LAN settings will be modified
+This includes:
-**STP**: Checking or unchecking this enables or disables Spanning Tree Protocol. This is used primarily to prevent forwarding loops in switches. The recommended setting is off, unless you're very experienced with networks. (Default: Off).
+  - LAN IP address and subnet mask
+  - Spanning Tree Protocol function
+  - DHCP server status/settings (via dnsmasq), such as scope and lease time
+  - Stubby (DNS-over-TLS) setting and WINS settings
-**IP Address: **Here you enter the IP Address you want to assign to the specified LAN interface. (Default: 192.168.1.1)
+ \\
-**Netmask**: The (sub)netmask associated with FreshTomato's LAN IP address. (Default: 255.255.255.0 - a class C netmask).
+**Bridge:** lets you selects the bridge whose LAN settings will be modified \\ \\
-**DHCP**: Checking this box enables the DHCP server functions in dnsmasq. Unchecking this disables FreshTomato's DHCP server functions. (Default: Off)
+**STP**:  enables Spanning Tree Protocol to prevent forwarding loops in switches.
-**IP Range //(first/last)//**  : Here you enter the first address and last address of the DHCP Scope. This is the range of IP addresses FreshTomato's DHCP server will assign to LAN clients.
+The default (off) is recommended, unless you are highly experienced. \\ \\
-**Lease Time (//mins.//)**: This is the DHCP lease time, in minutes. (Default: 1440 = one day).
+**IP Address:** the IP Address to assign to the specified LAN interface.
+ \\
+FreshTomato supports Class A/B/C networks. (Default: 192.168.1.1).\\ \\
+**Netmask**:  the subnet mask associated with FreshTomato's LAN IP address.
+(Default: 255.255.255.0 - class "C" netmask). \\ \\
+**DHCP**:  enables DHCP server functions in dnsmasq. (Default: Off) \\ \\
+**IP Range //(first/last)//**:  the range of IP addresses the DHCP server will assign to LAN clients.
+In the top field, enter the first valid address in the subnet. Enter the the last address in the bottom field. \\ \\
+**Lease Time (//mins.//)**: the DHCP lease time, in minutes. (Default: 1440). \\ \\
+**Automatic IP**: lets FreshTomato obtain a LAN IP via DHCP.  \\  Since release 2022.6, this option is supported in: \\   \\   \\
+  - AP Mode
+  - Wireless Ethernet Bridge Mode
+  - Media Bridge Mode.\\ \\
+After saving settings, the router's new default address is 192.168.1.1 until it obtains DHCP data.\\
 ===== Ethernet Ports State - Configuration =====
-[[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=a6a415f4dc7913bbf0c6b45958973582.png|{{:a6a415f4dc7913bbf0c6b45958973582.png}}]]  \\   \\ This section has settings for the **Ethernet Ports State**  graphic on the Status/Overview page. That graphic intuitively shows the status, link speed, and other diagnostic information for each Ethernet port on the router. \\ **Enable Ports State:**  Checking this enables the Ethernet Ports State graphic on the Status/Overview page. (Default: On).
+Settings here are for the Ethernet Ports State graphic in the [[status-overview|Overview]] menu. Link status, Link speed and Diagnostic information are shown for each port, .
+ \\
+{{basic-network-ethernet_ports_state_configuration-2024.1.png?291}}
+ \\
+**Enable Ports State:** enables the Ethernet Ports State graphic. (Default: On). \\ \\
+**Show Speed Info:** checking this displays the link speed of each port, (1GB/100MB/10MB).
+(Default: On). \\ \\
-**Show Speed Info:**  Checking this displays the link speed of each Ethernet port, (such as 1GB/100MB/10MB). (Default: On).
+**Invert ports order:** displays port icons in the opposite order from where they are on the hardware.
-**Invert ports order:**  Checking this option displays the port icons in the Ethernet Ports State graphic in the opposite order to the default where they are located on the switch. This is useful in situations where the sequence of icons on the Ethernet Ports State do not match the actual port locations on the router's switch. (Default: Off).
+This is useful when the order of display icons doesn't match the physical locations on the router. (Default: Off).
 ===== Wireless Band Steering =====
-[[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=736e934886107c2e5ab80563e9e98bb5.png|{{:736e934886107c2e5ab80563e9e98bb5.png}}]]  \\   \\
+This feature makes FreshTomato assess on which band a client should connect, then "nudge" it towards that band.
-Options:
+\\
-  * Disable
+{{::wireless_band_steering.png?564}}
-  * Enable
-If you enable Wireless Band Steering, FreshTomato can decide, for each dual-band client device, on which band the client device should try to connect. To achieve this, enter the same SSID name, security settings, password, and other settings (see picture below) for all wireless interfaces (up to 3 on a Tri-Band-Router).
+ \\
-Note: client devices can also try to switch bands on their own, without Wireless Band Steering's influence. (Default: Disabled).
+When enabled, these settings are saved to NVRAM, then replicated from the first WiFi radio to all other radios:
-This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:  \\
+ \\
-<code ->
+  - SSID
-Steer Policy:
+  - Broadcast
-max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3
+  - KEY1-4
-Rule Logic: OR
+  - Shared Key
-RSSI: Greater than
+  - Encryption
-VHT: Allowed
+  - Radius Key
-NON VHT: Allowed
+  - Radius Port
-NEXT RF: NO
+  - Radius IP
-PHYRATE (HIGH): Greater than or Equal to
-LOAD BALANCE: NO
-STA NUM BALANCE: NO
-PHYRATE (LOW): Less than
-N ONLY: NO
-</code>
-\\   \\   \\  This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:  \\
+ \\
-<code ->
+(Visibility depends on the wireless security selected)
-Steer Policy:
-max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2
-Rule Logic: OR
-RSSI: Less than or Equal to
-VHT: Allowed
-NON VHT: Allowed
-NEXT RF: NO
-PHYRATE (HIGH): Greater than or Equal to
-LOAD BALANCE: NO
-STA NUM BALANCE: NO
-PHYRATE (LOW): Less than
-N ONLY: NO
-</code>
-\\   \\  For more details, see: \\ [[https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0|https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0]]
+ \\
-Wireless Band Steering is available starting with release 2020.8 .
+Among the settings that will NOT be replicated are:
+ \\
+  * Channel
+  * Channel Width
+  * Wireless Network Mode
+  * Band (2.4 / 5 GHz)
+  * Country Code/Rev
+  * Beamforming
+ \\
+This feature is available since r2020.8 (for ARM hardware only). See the [[https://wiki.freshtomato.org/doku.php/basic-network#network_notes_and_troubleshooting|Notes]] section for more details.
+Client devices also may try to switch bands on their own, without the influence of Wireless Band Steering.
+\\
 ===== Wireless (2.4 GHz / interface eth1) =====
-The Wireless (2.4 GHz) section displays information and settings for the wireless network interface on the 2.4 GHz WiFi band.
+The Wireless (2.4 GHz) section displays information and settings for the 2.4 GHz wireless interface.
+Your device may show a different device name than eth1. Hardware device numbers begin at "0".
+The first Ethernet device might be called "eth0". The second might be called "wl1".
+ \\
+**Enable Wireless:** enables the 2.4 GHz WiFi interface. When unchecked disables that interface. \\ \\
-Your device may show a different device name than eth1. Note: FreshTomato hardware device numbers begin at 0. For example, the first Ethernet device might be called eth0. The second wireless device might be called wl1.
+**MAC Address:** displays the MAC address of the 2.4 GHz WiFi interface.
-**Enable Wireless:** When checked, this turns on the 2.4 GHz WiFi network interface. When unchecked, the 2.4 GHz WiFi interface is off.
+Clicking this takes you to the [[:mac_address|MAC Address]] page, to specify a custom address for this interface. \\ \\
-**MAC Address:** This displays the MAC address of the 2.4 GHz WiFi radio interface. Clicking on it takes you to the [[:mac_address|MAC Address]] page, where you can specify your own MAC address for this interface.
+**Wireless Mode:** here, choose the wireless mode (function) of the 2.4 GHz WiFi interface.  \\   \\
-**Wireless Mode:** This allows you to select the wireless mode (function) of the 2.4 GHz WiFi network interface.  \\   \\
+ \\
-^  Wireless Mode  ^  Description  ^
+^   ^  **Table: 2.4 GHZ Interface Wireless Modes**  ^
-|  \\ Access Point  | \\ The (default) setting, which allows clients to connect to FreshTomato's wireless network(s). \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
+|  **Wireless Mode**  |  **Description**  |
-|  \\ Access Point WDS  | \\ Sets the router in "repeater mode", allowing clients to connect via wireless while simultaneously acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
+|  \\ Access Point*  | \\ The (default) setting, that allows clients to connect to FreshTomato WiFi networks. \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
-|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for:\\    MIPS devices (SDK5: RT and RT-N images)\\    ARM devices (SDK6 & SDK7) starting with release 2021.5 \\ -  This mode is not working yet on SDK6 MIPS RT-AC images.\\ -  Only one wireless radio can be used in this mode. Other radio modules, (if present), can be used in Access Point mode. \\ -  Disable wireless band steering when using this mode (at least for the default setup. Advanced users could adjust nvram values for band steering).\\ -  The recommended security setup for wireless connections is WPA2 Personal with AES. \\ -  If no connection is possible using the above, please try WPA / WPA2 Personal + AES. \\ -  This is the recommended security setup for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ |
+|  \\ Access Point WDS  | \\ Sets the router in "repeater mode". Clients can connect via WiFi while \\ the router also acts as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
-|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. All clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules (if present) can be used, for example, in Access Point mode. \\ \\ |
+|  \\  \\  \\  \\  \\   \\ \\ \\ Wireless Client  | \\ The router connects to another router/AP as any other WiFi client would. \\ \\ -  Wireless Client mode works for:\\    -  MIPS devices (SDK5: RT and RT-N images)\\    -  ARM devices (SDK6 & SDK7 & SDK714) starting with r2021.5\\ -  This mode does not yet work on SDK6 MIPS RT-AC builds. \\     (The option was removed from the GUI starting with r2024.3) \\ \\ -  Only one WiFi radio can be used in this mode. \\    -  Other radio modules present can be used in AP mode. \\ \\ -  Disable band steering when in this mode, (at least for initial setup). \\   -  Advanced users may adjust NVRAM values for band steering. \\ \\ -  The recommended WiFi security for this mode is WPA2 Personal/AES. \\    -  If no connection is possible using the above, try those settings.\\    -  This is especially true for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ |
-|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This new operation mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (only for MIPS RT-AC images and all ARM images). \\ -  Recommendations: Use Wireless Ethernet Bridge mode for MIPS RT and RT-N images (like the RT-N16, E4200v1)\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds\\ -  Both IPv4 and IPv6 communication are functioning.  You do not need to enable IPv6 via the web interface. IPv6 traffic will work. \\ -  Support for this mode is available starting with release 2021.6. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Media Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules (if present) can be used, for example, in Access Point mode. \\ \\ |
+|  \\  \\  \\  \\  \\   \\  \\  \\ \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  Since WEB v1.19, this mode must have security set to WPA2 to work. \\ \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will be blocked. \\    -  A bug in the Linux wl driver may cause crashes. \\    -  For IPv6 support, use Media Bridge Mode. \\ \\ -  ARM SDK7 is not working/will never be possible. \\    - The option was removed from the GUI since r2024.3.\\ -  ARM SDK6 & SDK714 work correctly\\ -  MIPS SDK5: RT and RT-N work correctly\\ -  MIPS SDK6 RT-AC not working/will never be possible \\    -  (The option was removed from the GUI starting with r2024.3) \\ \\ -  Do not enable wireless band steering (BSD) when using this mode.\\ \\ -  Use this interface to connect only to your main AP (no virtual interfaces). \\   -  Other radio modules present can be used, for example, in A/P mode.\\ \\ |
+|  \\  \\  \\  \\  \\  \\  \\  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point.\\ All clients connected to both routers remain in the same subnet.  \\ \\ -  Support for this mode started with r2021.6.\\ -  Similar to Wireless Ethernet Bridge mode for SDK6 and up \\ -  (only for MIPS RT-AC images + ARM images). \\ \\ -  Use Wireless Ethernet Bridge mode for MIPS RT / RT-N builds, \\    like the RT-N16, E4200v1.\\ -  This Mode isn't supported in SDK5 (RT / RT-N) builds.\\ -  ARM SDK6 & SDK7 & SDK714 work properly.\\ -  MIPS SDK6 RT-AC work properly. \\ \\ -  Both IPv4 and IPv6 function well. \\   -  You don't need to enable IPv6 via the GUI. IPv6 traffic just works. \\ \\ -  Don't enable wireless band steering (BSD) with this mode enabled.\\    Use this interface only to connect to your main A/P (not to virtual interfaces). \\    -  Other radio modules can be used, for example, in A/P mode.\\ \\ |
 |  \\ WDS  | \\ Serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ |
 | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||
-\\  **Wireless Network Mode: **This lets you choose which 802.11 WiFi protocol(s) to make available to clients.
+\\  \\
-  * Auto: FreshTomato and WiFi client devices negotiate the best wireless\\ protocol automatically. Generally, Auto is recommended, unless you are\\ very knowledgeable about networking. Compatibility issues can create\\ all kinds of problems, and often, the most "logical" setting is not the best one.
+**Wireless Network Mode: **selects which 802.11 WiFi protocols to make available to clients.
-  * B Only: This allows W-Fi clients to connect using only the 802.11b protocol.
-  * G Only: This allows WiFi clients to connect using only the 802.11n protocol.
-  * B/G Mixed: This allows clients to connect using either 802.11b/g protocols.
-  * N only: This allows clients to connect using only the 802.11n protocol only.
-These apply only to the 2.4 GHz band interface. Separate Wireless Network Mode settings exist for any 5 GHz band interface.
+The network modes available here will depend on your hardware.
-(Default: Auto)
+ \\
-**SSID:**  This is the network name for the 2.4 GHz WiFi interface (Service Set IDentifier). For security purposes, it's recommended you don't include any personal words or phrases which might indicate your identity, address, location, or equipment type in your SSID. For example, “HELENLIUNG” would not be a good choice, unless you want everyone on the street to know who owns that network. Common words found in the dictionary also make for poor security. \\  (Default: FreshTomatoXX, where “XX” is the two numbers in the frequency band.) On the 2.4 GHz network, for example, the default SSID is “FreshTomato24”.
+  * Auto * - WiFi clients automatically negotiate the best protocol.
+    * Recommended, unless you have advanced knowledge.
+    * Incompatibilities may occur.
+    * The best settings may not be obvious. \\ \\
+  * B Only - allows clients to connect using only 802.11b. \\ \\
+  * G Only - allows clients to connect using only 802.11n. \\ \\
+  * B/G Mixed - allows clients to connect using 802.11b/802.11g. \\ \\
+  * N only - allows clients to connect using only the 802.11n. \\ \\
-**Broadcast: **Checking this enables SSID broadcasting. This “announces” the SSID (network name) on the air, so it's easy to find and connect to. Some people argue that disabling SSID Broadcast provides more security. However, SSIDs names can be easily sniffed using common software. Therefore, disabling SSID Broadcast provides little increase in security.
+ \\
-**Channel: **Selects the channel on which the 2.4 GHz radio interface will operate. Generally, it's a good idea to choose a different channel than the one your neighbours are using. (Default: Auto).
+These apply only to the 2.4 GHz interface. Any 5 GHz interface will have separate Mode settings.
-  * Auto: This default setting is generally safe unless there is significant interference \\ from nearby networks or other equipment.
+ \\
-FreshTomato chooses and uses the channel it believes has the least interference.
+**SSID:** the network name (Service Set IDentifier) for the 2.4 GHz WiFi interface.
-  * Channel: This menu lets you manually choose available WiFi channels \\ on the band. Unavailable channels will not appear here.
+For security, don't include personal identity/address/location/equipment type. Avoid using single dictionary words.
-**Channel Width:**  This menu allows you to choose the width of the channel (in terms of frequency).
+(Default: FreshTomatoXX, where “XX” is the band numbers.)  For example: “FreshTomato24”. \\ \\
-  * 20 MHz
+**Broadcast: **enables SSID broadcasting.
-  * 40 MHz
-.11n can use 40 MHz channel width, but to maintain compatibility with legacy systems, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel.
+This “announces” the SSID, so it's easy to find and connect to.
-**Control Sideband:**  This option is only available If the 20 or 40 Channel Width is selected. This menu allows you to choose whether the extra channel used is above (Upper) or below (Lower) the main channel being used. (Default: Upper).
+Common software can easily sniff SSIDs, so in reality, disabling Broadcast provides little security increase.\\ \\
-  * Upper
+**Channel: **the channel on which the 2.4 GHz interface operates.
-  * Lower
-**Security**: This menu lets you select the security protocol that will be used on the 2.4 GHz WiFi interface.
+Generally, choose a different channel than your neighbours'. (Default: Auto).
-  * Disabled: disables security entirely, leaving the network open to anyone. \\ Avoid using this, as it is an almost unlimited security risk.
+ \\
-  * WEP: enables Wired Equivalent Privacy protocol. Avoid using this. It's obsolete \\ due to serious vulnerabilities, including weak encryption.
-  * WPA Personal: enables WiFi Protected Access Protocol (1.x). WPA uses the \\ RC4-based TKIP protocol, letting hosts exchange pre-shared keys more secure. \\ While more secure than WEP, WPA still has weaknesses, like lower encryption \\ standards. WPA is strongly discouraged in favour of WPA2 or higher.
-  * WPA Enterprise: Also known as WPA-802.1X, this is similar to WPA Personal, \\ but each user has their own username/password, instead of the same pre-shared key. \\ WPA2 Enterprise does not requires a RADIUS server. However, often one is used \\ anyway for compatibility and security purposes. WPA Enterprise is more secure against \\ dictionary attacks on short passwords. Suitable for larger, more formal networks.
-  * WPA2 Personal: WiFi Protected Access version 2 uses elements of the\\ 802.11i standard, like mandatory support for AES encryption. This makes it\\ much more secure than older protocols. WPA2 Personal is recommended for small-\\ to mid-sized, informal networks.
-  * WPA2 Enterprise: This enables the Enterprise version of WPA2. This uses WPA2, but\\ each user has their own WiFi username/passkey, instead of the same pre-shared key.\\ WPA2 Enterprise is based on parts of 802.11i. . This does NOT require a RADIUS server, \\ but one is often used for legacy purposes \\ to maintain compatibility and security. Appropriate for larger, more structured networks.
-  * WPA / WPA2 Personal:
-  * WPA / WPA2 Enterprise:
-  * RADIUS: Enables FreshTomato's Remote Access Dialup User Service. \\ Designed for larger organizations, RADIUS uses a separate server to authenticate, \\ permit and keep track of users. RADIUS also supports authentication via certificates, \\ which makes user management easier. This is usually used by advanced users.
-**Shared Key:**  Here, enter the shared key which authenticates the WiFi client on the network. The field shows only asterisks until you click your cursor in it. Then, the characters become visible.
+  * [Auto]* - this default is generally safe unless there's too much  \\ interference from other, nearby equipment. \\ FreshTomato uses the channel it senses has the least interference.
+  * [Channel] - lets you manually choose available channels on the band. \\ Unavailable channels won't appear. \\ \\
-**Group Key Renewal:**  This sets the interval for how often the encryption keys used between client devices and the router/access point are rotated/changed. This is a part of the WPA protocol. (Default: 3600 seconds = 1 hour).
+**Channel Width:** lets you choose the (frequency) width of the channel.
+ \\
+  * [20 MHz]
+  * [40 MHz]
+ \\
+.11n uses a 40 MHz channel by combining a main 20 MHz channel with an adjacent 20 MHz channel above/below for compatibility.
+ \\
+ \\
+**Control Sideband:** this lets you choose whether the sideband channel is above (Upper) or below (Lower) the main channel.
+ \\
+  * Upper *
+  * Lower\\
+This is only available If 20 or 40 Channel Width is selected. (Default: Upper).
+\\
+**Security**: here, choose the security protocol used on the 2.4 GHz WiFi interface.
+ \\
+  * [Disabled] - disables all security, leaving the network open to anyone. \\ Avoid using this. It is a basically an unlimited security risk. \\
+ \\
+  * [WEP] - enables Wired Equivalent Privacy protocol. Avoid this. \\ It's obsolete \\ due to serious vulnerabilities, including weak encryption. \\
+ \\
+  * [WPA Personal] - enables WiFi Protected Access Protocol 1.x.
+    * Uses the RC4-based TKIP protocol.
+    * Lets hosts exchange pre-shared keys, for more security.
+    * More secure than WEP, but has weaker encryption standards.
+    * WPA2 is strongly encouraged instead. \\
+ \\
+  * [WPA Enterprise] - (WPA-802.1X) - is similar to WPA Personal, \\ but each user has his/her own username/password.
+    * No common pre-shared key is used.
+    * Doesn't require a RADIUS server.
+    * Is more secure against short password dictionary attacks.
+    * Suitable for larger, more formal networks. \\
+ \\
+  * [WPA2 Personal] - WiFi Protected Access v2 uses parts of 802.11i.
+    * Makes AES encryption mandatory, so more secure.
+    * Recommended for small- to mid-sized, informal networks. \\
+ \\
+  * [WPA2 Enterprise] - enables the Enterprise version of WPA2.
+    * Uses WPA2, but each user has own username/passkey.
+    * Is based on parts of 802.11i.
+    * Doesn't require a RADIUS server.
+    * Suitable for larger, more structured networks. \\
+ \\
+  * [WPA / WPA2 Personal] - enables both protocols. \\ The router communicates via whatever it detects from the client. \\
+ \\
+  * [WPA / WPA2 Enterprise] - enables both protocols. \\ The router communicates via whatever it detects from the client. \\
+ \\
+  * [RADIUS] - enables Remote Access Dialup User Service.
+    * Designed for larger organizations.
+    * Uses a separate server to authenticate/permit/track users.
+    * Supports authentication via certificates.
+    * Is usually only for advanced users.\\ \\
+ \\
+**Shared Key:**  the authentication key for WiFi LAN clients. Asterisks display before inserting the cursor. \\ \\
+**Group Key Renewal:**  sets how often client-router encryption keys are rotated.
+This is a part of the WPA protocol.
+(Default: 3600 seconds).
+ \\
+The following limits apply to adjusting key rotation interval:
+ \\
+  * r2023.5 and later: From 1 second to 2592000 seconds \\ [for ARM-based and MIPS RT-N / MIPS-RT-AC hardware] \\ Where: 0 = disabled   (not advised).
+  * r2023.4 and earlier (for all hardware): 60 - 7200 seconds.
 ===== Wireless (5 GHz / interface eth2) =====
-The Wireless (5 GHz) section displays information and settings for the wireless network interface on the 5 GHz WiFi band.
+The Wireless (5 GHz) section displays settings and information for the 5 GHz WiFi network interface.
-Your device may show a different device name than eth1. Note: FreshTomato hardware device numbers begin at 0. \\  For example, the first Ethernet device might be called eth0. The second wireless device might be called wl1.
+Your device may show a different device name than eth1. FreshTomato hardware device numbers begin at 0.
-Typically, the 5 GHz WiFi band has higher bandwidth, but shorter distance propagation than the 2.4 GHz band.
+ \\
-**Enable Wireless:**  Checking this turns on the 5 GHz WiFi interface. When unchecked, the 5 GHz WiFi interface is turned off.
+For example,
-**MAC Address:**  This displays the MAC (hardware) address of the 5 GHz WiFi interface. \\ Clicking on the MAC address takes you to the [[:mac_address|MAC Address]] page, where you can choose your own MAC address for this interface.
+  * The first Ethernet device might be called "eth0".
+  * The second wireless device might be called "wl1".
-**Wireless Mode:**  This lets you choose the wireless mode (function) of the 5 GHz WiFi interface.  \\   \\
+ \\
-^  Wireless Mode  ^  Description  ^
+Typically, the 5 GHz WiFi band has higher bandwidth, but shorter range than the 2.4 GHz band.
-|  \\ Access Point  | \\ The (default) setting, which allows clients to connect to FreshTomato's wireless network(s). \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
-|  \\ Access Point WDS  | \\ Sets the router in "repeater mode", allowing clients to connect via wireless while simultaneously acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
+ \\
-|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for:\\ MIPS devices (SDK5: RT and RT-N images)\\ ARM devices (SDK6 & SDK7) starting with release 2021.5 \\ -  This mode is not working yet on SDK6 MIPS RT-AC images.\\ -  Only one wireless radio can be used in this mode. Other radio modules, (if present), can be used in Access Point mode. \\ -  Disable wireless band steering when using this mode (at least for the default setup; Advanced user can or could adjust nvram values for band steering).\\ -  The recommended security setup for wireless connections is WPA2 Personal with AES. \\ -  If no connection is possible using the above, please try WPA / WPA2 Personal + AES. \\ -  This is the recommended security setup for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ |
-|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. All clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules (if present) can be used, for example, in Access Point mode. \\ \\ |
+**Enable Wireless:**  checking this enables the 5 GHz WiFi interface. \\ \\
-|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This new operation mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (only for MIPS RT-AC images and all ARM images). \\ -  Recommendations: Use Wireless Ethernet Bridge mode for MIPS RT and RT-N images (like the RT-N16, E4200v1)\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds\\ -  Both IPv4 and IPv6 communication are functioning.  You do not need to enable IPv6 via the web interface. IPv6 traffic will work. \\ -  Support for this mode is available starting with release 2021.6. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Media Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules (if present) can be used, for example, in Access Point mode. \\ \\ |
-|  \\ WDS  | \\ Serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ |
+**MAC Address:**  displays the MAC (hardware) address of the 5 GHz WiFi interface. \\ Clicking on this takes you to the [[:mac_address|MAC Address]] page to choose your own address for the interface. \\ \\
+**Wireless Mode:**  lets you select the wireless mode (function) of the 5 GHz interface. \\   \\   \\
+^   ^  **Table: 5 GHz interface Wireless Mode**  ^
+|  **Wireless Mode**  |  **Description**  |
+|  \\ Access Point  | \\ The default setting that allows clients to connect to FreshTomato wireless networks. \\ \\ -   IPv4 & IPv6 communication work for MIPS and ARM. \\ |
+|  \\ Access Point WDS  | \\ Sets the router in "repeater mode", letting clients to connect via WiFi while acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
+|  \\ \\  \\  \\ \\  \\ Wireless Client  | \\ The router connects to another router/AP like any other wireless client would. \\ \\ -  This mode works for: \\     -  MIPS devices (SDK5: RT and RT-N images) and\\     -  ARM devices (SDK6 & SDK7) starting with r2021.5 \\ -  This mode doesn't yet work on SDK6 MIPS RT-AC images. \\ \\ -  Only one WiFi radio can be used in this mode. \\    -  Other radio modules present can be used in AP mode. \\ \\ -  Disable Wireless Band Steering with mode during initial setup. \\ (Advanced users can adjust band steering NVRAM values). \\ \\ -  WPA2 Personal with AES is the recommended security setup for WiFi connections, \\ especially for MIPS SDK5 (RT + RT-N) \\    -  Try these settings if you cannot establish a connection.\\ \\ |
+|  \\  \\ \\  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. \\ Clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 \\ to work properly.-  IPv4 communication works for MIPS + ARM builds. \\ -  IPv6 will only work for r2021.1 SDK6 ARM Dual-Core and later. \\ \\ -  SDK7 does not work/will not ever work in this mode. \\ \\ -  Do not enable wireless band steering (BSD) with this mode enabled. \\ \\ -  Use Wireless Ethernet Bridge to connect only to your main AP (no virtual interfaces). \\    -  Other radio modules can be used, for example, in AP mode. \\ \\ |
+|  \\  \\  \\  \\  \\  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/AP. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This is similar to Wireless Ethernet Bridge mode for SDK6 \\ and up (for MIPS RT-AC and all ARM images).\\ -  Using Wireless Ethernet Bridge mode is recommended for \\ MIPS RT and RT-N images (like the RT-N16, E4200v1).\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds \\ \\ -  Both IPv4 and IPv6 function properly. IPv6 traffic works without \\ needing to enable IPv6 in the web interface. \\  \\ -  Support for this mode started with r2021.6. \\ \\ -  Do not enable wireless band steering with this mode enabled.\\ -  Use Media Bridge interface to connect only to your main AP (no virtual interfaces). \\      -  Other radio modules can be used, for example, in AP mode. \\ \\ |
+|  \\ WDS  | \\ FreshTomato will act only as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station. \\ \\ |
 | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||
- \\  **Wireless Network Mode: **This lets you choose which 802.11 WiFi protocol(s) to make available to clients.
+ \\  \\
-  * Auto: On this setting, FreshTomato and WiFi client devices negotiate the best wireless protocol automatically. Auto is recommended unless you are very knowledgeable about networking/WiFi. Compatibility issues can create all kinds of problems, and often, the most “logical” setting is not the best one.
+ **Wireless Network Mode: **here, select the 802.11 WiFi protocols available to clients.
-  * A Only: allows WiFi clients to connect using only the 802.11a protocol.
-  * N Only: allows WiFi clients to connect using only the 802.11n protocol.
-Note that releases before 2021.8 do NOT have a separate setting for 802.11ac. That only arrived with 2021.8 .
+ \\
-Separate Wireless Network Mode settings will exist for any 2.4 GHz band interface. See the 2.4 GHz section. \\  (Default: Auto)
+  * [Auto] - WiFi clients automatically negotiate the best protocol.
+    * Recommended unless you're highly experienced with WiFi.
+    * Compatibility issues may occur. The “logical” setting isn't always best. \\ \\
+  * [A Only] - allows clients to connect using only 802.11a. \\ \\
+  * [N Only] -  allows clients to connect using only 802.11n. \\ \\
+  * [N/AC mixed] - allows clients to connect using only 802.11ac or 802.11n. \\ \\
+  * [AC Only] - allows clients to connect using only 802.11ac.
-**SSID:**  This the 5 GHz WiFi interface's network name, (Service Set IDentifier). For security purposes, it's recommended you don't include any personal words or phrases which might indicate your identity, address, location, or equipment type here. For example, “HELENLIUNG” would not be a good choice, unless you want everyone on the street to know who owns that network. Common words found in the dictionary also make for poor security. \\ (Default: FreshTomatoXX, where “XX” is the two numbers in the frequency band.) On a 5 GHz network, for example, the default SSID is “FreshTomato50”.
+ \\ (Default: Auto)  \\  Only r2021.8 and later have have a separate setting for 802.11ac. Any 2.4 GHz band interface will have separate Mode settings.\\ \\
-**Broadcast: **Checking this enables SSID broadcasting. This “announces” the SSID (network name) on the air, so it's easy to find and connect to. Some people argue that disabling SSID Broadcast provides more security. However, SSIDs names can be easily sniffed using common software. Therefore, disabling SSID Broadcast provides little increase in security.
+**SSID:**  the network name of the 5 GHz WiFi.
-**Channel: **Selects the channel on which the 5 GHz radio interface will operate. Generally, it's a good idea to choose a different channel than the one your neighbours are using.
+For security, don't include personal words/phrases indicating your name, identity, address, location, or equipment type. Single dictionary words also make for very poor security.\\ \\ (Default: FreshTomatoXX, where “XX” is the digits in the band.) On a 5 GHz network, the default SSID is “FreshTomato50”. \\ \\
-  * Auto: This is the default, and is generally safe unless you have significant interference from nearby networks or other equipment. On this setting, FreshTomato chooses and uses the channel it believes has the least interference.
+**Broadcast: **enables SSID broadcasting.
-  * Channel: This menu lets you manually choose available WiFi channels on the band. Unavailable channels will not appear in this menu.
-(Default: Auto).
+This “announces” the SSID, so it's easy to find. SSIDs are easily sniffed, so disabling SSID Broadcast offers little security improvement. \\ \\
-**Channel Width:**  This menu allows you to choose the width of the channel (in terms of frequency).
+**Channel: **selects the channel on which the 5 GHz WiFi interface will operate..
-  * 20 MHz
+Generally, you should choose a different channel than the one your neighbours use.
-  * 40 MHz
-  * 80 MHz
-  * 160 MHz
-The 20 MHz channels on the 5 GHz band have no overlap. Therefore, the 5GHz band is less prone to interference and noise. Larger channel widths provide more speed/bandwidth if there's minimal interference. Interference is more common on the 2.4 GHz band than it on the 5 GHz band. It is usually fine to choose a wider channel width here. However, if you see effects, such as slow speeds or trouble authenticating/associating with the router, you may need to use a narrower channel width.
+ \\
-.11N can use 40 MHz channel width, but to maintain compatibility with legacy systems, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel.
+  * [Auto]*: This default is usually safe unless there's too much \\ interference from nearby equipment.
+    * FreshTomato selects the channel it thinks has the least interference.
+  * [Channel]: lets you manually choose from available channels \\ on the band. Unavailable channels won't appear.
-**Control Sideband:**  This option is available only if the 40, 80 or 160 MHz Channel Width is selected. This menu allows you to choose whether the extra channel used is above (Upper) or below (Lower) the main channel being used. (Default: Upper).
+\\
-  * Upper
+**Channel Width:**  lets you select the channel width (frequency-wise).
-  * Lower
-**Security**
+ \\
-  * Disabled: disables security entirely, leaving the network open to anyone. \\ Avoid using this, as it is an almost unlimited security risk.
+  *  [20 MHz]
-  * WEP: enables Wired Equivalent Privacy protocol. Avoid using this, as it is obsolete \\ due to serious vulnerabilities, including weak encryption.
+  *  [40 MHz]
-  * WPA Personal: enables WiFi Protected Access Protocol (1.x). WPA uses the \\ RC4-based TKIP protocol, letting hosts exchange pre-shared keys more secure. \\ While more secure than WEP, WPA still has weaknesses, like lower encryption standards. \\ WPA is strongly discouraged in favour of WPA2 or higher.
+  *  [80 MHz]
-  * WPA Enterprise: Also known as WPA-802.1X, this is similar to WPA Personal, \\ but each user has their own username/password, instead of the same pre-shared key. \\ WPA2 Enterprise does not requires a RADIUS server. However, often one is used \\ anyway for compatibility and security purposes. WPA Enterprise is more secure against \\ dictionary attacks on short passwords. Suitable for larger, more formal networks.
+  * [160 MHz] (not yet supported, but may eventually be on some SDK714 models)
-  * WPA2 Personal: WiFi Protected Access version 2 uses elements of the\\ 802.11i standard, like mandatory support for AES encryption. This makes it\\ much more secure than older protocols. WPA2 Personal is recommended for small-\\ to mid-sized, informal networks.
-  * WPA2 Enterprise: This enables the Enterprise version of WPA2. This uses WPA2, but\\ each user has their own WiFi username/passkey, instead of the same pre-shared key.\\ WPA2 Enterprise is based on parts of 802.11i. This does not require a RADIUS server,\\ but one is often used for legacy purposes \\ to maintain compatibility and security. Appropriate for larger, more structured networks.
-  * WPA / WPA2 Personal:
-  * WPA / WPA2 Enterprise:
-  * RADIUS: Enables FreshTomato's Remote Access Dialup User Service. \\ Designed for larger organizations, RADIUS uses a separate server to authenticate, \\ permit and keep track of users. RADIUS also supports authentication via certificates, \\ which makes user management easier. This is usually used by advanced users.
-**Shared Key:**  Here, enter the shared key used to authenticate the WiFi client on the network. The field will show asterisks until you click your cursor in it. The characters will then become visible.
+ \\  \\
+Larger channel widths provide more speed/bandwidth if there's low interference.
+The 5GHz band is less prone to interference and noise, because on that band, 20 MHz channels don't overlap. Interference is more common on the 2.4 GHz band.
+Usually, it's fine to choose a larger channel width. However, if you see slow traffic, or clients having trouble authenticating/associating with the router, try a narrower channel width. 802.11n can use 40 MHz channel width. However, for legacy compatibility, it uses a main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main one. \\ \\
+**Control Sideband:**  select whether the extra channel used is above (Upper) or below (Lower) the main channel.
+This is available only if 40/80/160 MHz Channel Width is selected. (Default: Upper).\\ \\
+**Security:** lets you choose the security protocol to be used on the 2.4 GHz interface.
+ \\
+  * [Disabled] - disables all security, leaving the network open to anyone.
+    * Avoid using this. It's basically an unlimited security risk. \\
+ \\
+  * [WEP] - enables Wired Equivalent Privacy protocol. Avoid using this.
+    * Obsolete due to serious vulnerabilities like weak encryption. \\
+ \\
+  * [WPA Personal] - enables WiFi Protected Access 1.x (with RC4-based TKIP protocol).
+    * Lets hosts exchange pre-shared keys for more security.
+    * More secure than WEP, but problems include low encryption standards.
+    * Strongly encouraged instead of WPA. \\
+ \\
+  * [WPA Enterprise] (or: "WPA-802.1X") - similar to WPA Personal, \\ but each user has their own username/password.
+    * No common pre-shared key is used.
+    * Doesn't require a RADIUS server.
+    * More secure against short-password dictionary attacks.
+    * Suitable for larger, more formal networks. \\
+ \\
+  * [WPA2 Personal] - uses elements of the 802.11i standard.
+    * Supports mandatory use of AES. More secure than old protocols.
+    * Recommended for small/mid-sized informal networks.
+ \\
+  * [WPA2 Enterprise] - enables the Enterprise version of WPA2.
+    * Uses WPA2, but each user has their own username/passkey.
+    * Is based on parts of 802.11i.
+    * Doesn't require a RADIUS server.
+    * Is appropriate for larger, more structured networks. \\
+ \\
+  * [WPA / WPA2 Personal] - uses WPA2 Personal, and if that fails, WPA.
+ \\
+  * [WPA / WPA2 Enterprise] - uses WPA2 Enterprise, and if that fails, WPA .
+ \\
+  * [RADIUS] - enables Remote Access Dialup User Service.
+    * Designed for larger organizations.
+    * Uses a separate server to authenticate/permit/track users.
+    * Supports authentication via certificates.
+    * Suitable for advanced users.
+ \\
+**Shared Key:**  the shared authentication key for WiFi LAN clients. Asterisks display until you click your cursor. \\ \\
+**Group Key Renewal:**  sets how often client-router encryption keys are rotated.
+This is part of the WPA protocol. See the first wireless radio unit for more details.
+(Default: 3600 seconds).
+===== Network Notes and Troubleshooting =====
+==== Tune Route Cache ====
+Specifically, enabling this option does the following:
+ \\
+<code bash>
+# 2018-01-19
+# Reduce and flush the route cache to ensure a more synchronous load-balancing across multi-wan
+# https://vincent.bernat.im/en/blog/2011-ipv4-route-cache-linux
+/bin/echo 1 > /proc/sys/net/ipv4/route/flush
+/bin/echo 1 > /proc/sys/net/ipv4/route/secret_interval
+/bin/echo 0 > /proc/sys/net/ipv4/route/min_delay
+/bin/echo 1 > /proc/sys/net/ipv4/route/max_delay
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_interval
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_elasticity
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_min_interval_ms
+/bin/echo 0 > /proc/sys/net/ipv4/route/gc_min_interval
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_thresh
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_timeout
+#Causes connectivity issues if this value is too small, use defaults or tune accordingly
+/bin/echo 512 > /proc/sys/net/ipv4/route/max_size
+</code>
+ \\   \\   \\
+==== Baby Jumbo Frames ====
+Support for Baby Jumbo Frames started with r2021.3. It works only on gigabit routers.
+Very few ISPs support Jumbo Frames for PPPoE. To enable Baby Jumbo Frames:
+ \\
+  * Go the [[advanced-misc|Miscellaneous]] menu. Check //Enable jumbo frame support// . \\ The router will reboot.
+  * In the [[basic-network|Network]] menu, Set MTU to manual. For PPPoE operation,  \\ enter an MTU of: 1500. (Usually, use packet size: 1492).
+  * Clamping can be manually disabled, if needed. At a FreshTomato\\ command prompt: type: "nvram set tcp_clamp_disable=1"
+  * Ping with packet size of 1472 to verify a working PPP MTU of 1500.
+ \\
+==== Wireless Band Steering ====
+ \\  This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:  \\   \\
+<code ->
+Steer Policy:
+max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3
+Rule Logic: OR
+RSSI: Greater than
+VHT: Allowed
+NON VHT: Allowed
+NEXT RF: NO
+PHYRATE (HIGH): Greater than or Equal to
+LOAD BALANCE: NO
+STA NUM BALANCE: NO
+PHYRATE (LOW): Less than
+N ONLY: NO
+</code>
+ \\   \\  \\
+This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:  \\   \\
+<code ->
+Steer Policy:
+max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2
+Rule Logic: OR
+RSSI: Less than or Equal to
+VHT: Allowed
+NON VHT: Allowed
+NEXT RF: NO
+PHYRATE (HIGH): Greater than or Equal to
+LOAD BALANCE: NO
+STA NUM BALANCE: NO
+PHYRATE (LOW): Less than
+N ONLY: NO
+</code>
-**Group Key Renewal:**  This sets how often the encryption keys used between clients and the router/access point are rotated/changed. This is a part of the WPA protocol. (Default: 3600 seconds = 1 hour).
+\\   \\  For more details, see: \\ [[https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0|Smallnetbuilder: Asus RT-AC3200 Smart Connect-the Missing Manual]]  \\   \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools