Differences

This shows you the differences between two versions of the page.

--- basic-network [2025/08/28 01:26] – [WAN(x) Settings] hogwild
+++ basic-network [2025/08/28 03:25] (current) – old revision restored (2025/08/28 03:10) hogwild
@@ Line 3: / Line 3: @@
 This page includes most basic settings needed to configure a network. Its sections include MultiWAN, WAN Settings, Ethernet Ports Configuration, LAN and Wireless settings.
-Default menu settings are denoted with an astersik (" * ")
+Default settings are denoted with an asterisk (" * ")
  \\
 ===== MultiWAN =====
@@ Line 39: / Line 40: @@
  \\
 ==== WAN(x) Settings ====
@@ Line 57: / Line 59: @@
   * [PPPoE]** **- The WAN port responds to authentication from the ISP PPPoE server.
     * Usually used on DSL networks.
-    * User Name. Password, Service Name, and Options fields appear.
+    * User Name, Password, Service Name, and Options fields appear.
     * Freshtomato stores the User Name / Password you enter.
     * If authentication succeeds, the PPPoE server allows logon to the ISP.
@@ Line 64: / Line 66: @@
   * [Static]** **- will configure your WAN port with a static IP.
-    * You must enter these settings from your ISP here: Static IP address \\ Subnet mask  Gateway address  DNS server addresses \\ \\
+    * You must enter these settings from your ISP here:
+      * Static IP address
+      * Subnet mask
+      * Gateway address
+      * DNS server addresses \\ \\
   * [PPTP]** **- configures the WAN port to connect using PPTP protocol.
@@ Line 73: / Line 79: @@
   * [L2TP]** **- configures the WAN port to connect using Layer Two Tunneling Protocol.
     * FreshTomato requires you to enter these L2TP settings (from your ISP):
-      * Username, password, server static IP/mask, gateway address. \\  \\
+      * Uusername, password, server static IP/mask, gateway address. \\  \\
   * [3G modem]** **- enables support for 3G cellular USB modems.
@@ Line 80: / Line 86: @@
   * [4G/LTE]** **- enables support for 4th generation cellular USB modems.
     * PIN code and APN fields appear in which you must enter settings.
-    * To detect modems, enable USB and 3G/4G/5G modem support in [[nas-usb|USB Support]]. \\  (The latter applies to releases before r2025.3).\\  \\
+    * To detect modems, enable USB and 3G/4G/5G modem support in [[nas-usb|USB Support]]. \\  (The latter applies to releases before r2025.3).\\
   * [Disabled]** **- disables the physical WAN port on the router.
@@ Line 181: / Line 187: @@
  \\ {{::basic-network-wan0_settings-modem_device_to_apn-default_theme-2025.png?475}}\\  \\
-  * Check your modem is listed in [[dongle_compatibility|3G/4G/5G Dongle compatibility]]. \\  \\
+  * Check your modem is listed in [[dongle_compatibility|3G/4G/5G Dongle compatibility]]. \\ \\
-  * If it isn't detected, enable //3G/4G/5G modem// and //USB support// in [[nas-usb|USB Support]]. \\  \\
+  * If it isn't detected, enable //3G/4G/5G modem// and //USB support// in [[nas-usb|USB Support]]. \\ \\
-  * If WAN type is 3G or 4G/LTE, fields appear asking for more input. \\  \\
+  * If WAN type is 3G or 4G/LTE, fields appear asking for more input. \\ \\
   * The default device filename is the first serial device on the first USB port:
     * For example, (in "/dev/ttyUSB0"), the “tty” represents a serial device.
     * “USB0” in the filename means the device is connected to the first USB port.
-    * Devices listed as "/ttyUSB" use the Serial→USB device driver framework. \\  \\
+    * Devices listed as "/ttyUSB" use the Serial→USB device driver framework. \\ \\
-  * “ACM” in the device name type means a device type of: “Abstract Control Model” \\  \\
+  * “ACM” in the device name type means a device type of: “Abstract Control Model” \\ \\
   * To get modem details, log on via Telnet/SSH and use "lsusb" or "dmesg".
@@ Line 195: / Line 201: @@
 **PIN Code: **the 3-digit PIN code for the SIM card associated with your cell account.
-  * Leave this blank if your SIM card code was deactivated. \\ \\
+  * Leave this blank if your SIM card code was deactivated. \\
+ \\
 **Modem init string: **enter the modem's default initialization string.
@@ Line 282: / Line 290: @@
 This Multilink PPP version lets a modem bond the bandwidth of multiple PPPoE sessions.\\  \\
-**Route Modem IP: **lets you access a modem/device "behind a router" with a quick setting change.
+**Route Modem IP: **allows quick access to a modem/device "behind a router" with a setting change.
  \\
@@ Line 302: / Line 310: @@
 **Query Hilink Modem IP:** is for Huawei USB modems with Hilink mode.
-It lets you communicate with a modem in Hilink mode connected to a LAN device other than the router.
+This lets you communicate with a modem in Hilink mode connected to a LAN device other than the router.
 This can be useful for monitoring modem statistics/signal strength.
@@ Line 323: / Line 331: @@
   * [Connect on Demand] - makes the router disconnect from the ISP after \\ the //Max Idle Time//. FreshTomato reconnects to the Internet as soon as \\ a LAN client requests Internet access. \\
-    * IP to trigger connect - the IP address whose activity will trigger\\ FreshTomato to reconnect to the Internet.
+    * IP to trigger connect - the IP address whose activity will \\ trigger FreshTomato to reconnect to the Internet.
-    * Max idle time - the maximum period of inactivity after which \\ the router disconnects from the internet if \\ no LAN client is requesting access.\\ \\
+    * Max idle time - the maximum period of inactivity after which \\ the router disconnects from the internet if no LAN client \\ is requesting access.\\ \\
   * [Keepalive] * - makes FreshTomato send keepalive packets at specified intervals. \\ Some ISPs drop the connection if they detect no Internet activity. \\ This option makes FreshTomato send [[https://en.wikipedia.org/wiki/Keepalive#TCP_keepalive|keepalive]] packets at brief, \\ specified intervals. The ISP "sees" this intermittent activity \\ when no clients request Internet and maintains the connection.  \\
     * Redial Interval - how often FreshTomato checks the WAN connection. \\ This minimizes Internet connection response time, as usually \\ the connection will be up. (Default: 10 seconds).
@@ Line 332: / Line 340: @@
 **Redial Interval: **if PPPoE dialing fails, this delays attempts for a defined number of seconds.
-This allows more time for the PPPoE server/network gear to restart properly before re-establishing a PPPoE link. \\ (Default: 10 seconds). FIXME-Same explanation as under Keepalive?
+This allows the PPPoE server/network gear more time to restart before re-establishing a PPPoE link. \\ (Default: 10 seconds). FIXME-Same explanation as under Keepalive?
  \\
@@ Line 340: / Line 348: @@
   * LCP Echo Interval is the time, in seconds between these signals.
   * Usually used to check a DSL modem's PPPoE connection to the ISP.
-  * (Default: 10).**LCP Echo Link fail limit: **how many failed LCP echo requests between peers before link is deemed down.
+  * (Default: 10).
  \\
+**LCP Echo Link fail limit:** number of failed echo requests between peers before a link is deemed down.
   * The client modem will then drop the PPPoE link.
@@ Line 381: / Line 391: @@
  \\
 ===== LAN =====
@@ Line 403: / Line 414: @@
 The default (off) is recommended, unless you are highly experienced. \\ \\
-**IP Address:** the IP Address to assign to the specified LAN interface.  \\  FreshTomato supports Class A/B/C networks. (Default: 192.168.1.1).\\ \\
+**IP Address:** the IP Address to assign to the specified LAN interface.
+ \\
+FreshTomato supports Class A/B/C networks. (Default: 192.168.1.1).\\ \\
 **Netmask**:  the subnet mask associated with FreshTomato's LAN IP address.
@@ Line 411: / Line 424: @@
 **DHCP**:  enables DHCP server functions in dnsmasq. (Default: Off) \\ \\
-**IP Range //(first/last):  the range of IP addresses the DHCP server will assign to LAN clients.  In the top field, enter the first valid address in the subnet. Enter the the last address in the bottom field. **//\\ \\ //**  Lease Time (mins.//)**: the DHCP lease time, in minutes. (Default: 1440). \\ \\   **Automatic IP**: lets FreshTomato obtain a LAN IP via DHCP.  \\  Since release 2022.6, this option is supported in: \\   \\   \\     - AP Mode   - Wireless Ethernet Bridge Mode   - Media Bridge Mode.\\ \\   After saving settings, the router's new default address is 192.168.1.1 until it obtains DHCP data.\\   ===== Ethernet Ports State - Configuration =====  Settings here are for the Ethernet Ports State graphic in the [[status-overview|Overview]] menu. Link status, Link speed and Diagnostic information are shown for each port, .   \\   {{basic-network-ethernet_ports_state_configuration-2024.1.png?291}}   \\   **Enable Ports State:** enables the Ethernet Ports State graphic. (Default: On). \\ \\   **Show Speed Info:** checking this displays the link speed of each port, (1GB/100MB/10MB).  (Default: On). \\ \\   **Invert ports order:** displays port icons in the opposite order from where they are on the hardware.  This is useful when the order of display icons doesn't match the physical locations on the router. (Default: Off).  ===== Wireless Band Steering =====  This feature makes FreshTomato assess on which band a client should connect, then "nudge" it towards that band.  \\   {{::wireless_band_steering.png?564}}   \\   When enabled, these settings are saved to NVRAM, then replicated from the first WiFi radio to all other radios:   \\     - SSID   - Broadcast   - KEY1-4   - Shared Key   - Encryption   - Radius Key   - Radius Port   - Radius IP   \\   (Visibility depends on the wireless security selected)   \\   Among the settings that will NOT be replicated are:   \\     * Channel   * Channel Width   * Wireless Network Mode   * Band (2.4 / 5 GHz)   * Country Code/Rev   * Beamforming   \\   This feature is available since r2020.8 (for ARM hardware only). See the [[https://wiki.freshtomato.org/doku.php/basic-network#network_notes_and_troubleshooting|Notes]] section for more details.  Client devices also may try to switch bands on their own, without the influence of Wireless Band Steering.  \\   ===== Wireless (2.4 GHz / interface eth1) =====  The Wireless (2.4 GHz) section displays information and settings for the 2.4 GHz wireless interface.  Your device may show a different device name than eth1. Hardware device numbers begin at "0".  The first Ethernet device might be called "eth0". The second might be called "wl1".   \\   **Enable Wireless:** enables the 2.4 GHz WiFi interface. When unchecked disables that interface. \\ \\   **MAC Address:** displays the MAC address of the 2.4 GHz WiFi interface.  Clicking this takes you to the [[:mac_address|MAC Address]] page, to specify a custom address for this interface. \\ \\   **Wireless Mode:** here, choose the wireless mode (function) of the 2.4 GHz WiFi interface.  \\   \\    \\   ^   ^  **Table: 2.4 GHZ Interface Wireless Modes**  ^ |  **Wireless Mode**  |  **Description**  | |  \\ Access Point*  | \\ The (default) setting, that allows clients to connect to FreshTomato WiFi networks. \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ | |  \\ Access Point WDS  | \\ Sets the router in "repeater mode". Clients can connect via WiFi while \\ the router also acts as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ | |  \\  \\  \\  \\  \\   \\ \\ \\ Wireless Client  | \\ The router connects to another router/AP as any other WiFi client would. \\ \\ -  Wireless Client mode works for:\\    -  MIPS devices (SDK5: RT and RT-N images)\\    -  ARM devices (SDK6 & SDK7 & SDK714) starting with r2021.5\\ -  This mode does not yet work on SDK6 MIPS RT-AC builds. \\     (The option was removed from the GUI starting with r2024.3) \\ \\ -  Only one WiFi radio can be used in this mode. \\    -  Other radio modules present can be used in AP mode. \\ \\ -  Disable band steering when in this mode, (at least for initial setup). \\   -  Advanced users may adjust NVRAM values for band steering. \\ \\ -  The recommended WiFi security for this mode is WPA2 Personal/AES. \\    -  If no connection is possible using the above, try those settings.\\    -  This is especially true for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ | |  \\  \\  \\  \\  \\   \\  \\  \\ \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  Since WEB v1.19, this mode must have security set to WPA2 to work. \\ \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will be blocked. \\    -  A bug in the Linux wl driver may cause crashes. \\    -  For IPv6 support, use Media Bridge Mode. \\ \\ -  ARM SDK7 is not working/will never be possible. \\    - The option was removed from the GUI since r2024.3.\\ -  ARM SDK6 & SDK714 work correctly\\ -  MIPS SDK5: RT and RT-N work correctly\\ -  MIPS SDK6 RT-AC not working/will never be possible \\    -  (The option was removed from the GUI starting with r2024.3) \\ \\ -  Do not enable wireless band steering (BSD) when using this mode.\\ \\ -  Use this interface to connect only to your main AP (no virtual interfaces). \\   -  Other radio modules present can be used, for example, in A/P mode.\\ \\ | |  \\  \\  \\  \\  \\  \\  \\  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point.\\ All clients connected to both routers remain in the same subnet.  \\ \\ -  Support for this mode started with r2021.6.\\ -  Similar to Wireless Ethernet Bridge mode for SDK6 and up \\ -  (only for MIPS RT-AC images + ARM images). \\ \\ -  Use Wireless Ethernet Bridge mode for MIPS RT / RT-N builds, \\    like the RT-N16, E4200v1.\\ -  This Mode isn't supported in SDK5 (RT / RT-N) builds.\\ -  ARM SDK6 & SDK7 & SDK714 work properly.\\ -  MIPS SDK6 RT-AC work properly. \\ \\ -  Both IPv4 and IPv6 function well. \\   -  You don't need to enable IPv6 via the GUI. IPv6 traffic just works. \\ \\ -  Don't enable wireless band steering (BSD) with this mode enabled.\\    Use this interface only to connect to your main A/P (not to virtual interfaces). \\    -  Other radio modules can be used, for example, in A/P mode.\\ \\ | |  \\ WDS  | \\ Serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ | | Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||  //\\ // //\\ //  **Wireless Network Mode: **selects which 802.11 WiFi protocols to make available to clients.  The network modes available here will depend on your hardware.   //\\ //    * Auto * - WiFi clients automatically negotiate the best protocol.     * Recommended, unless you have advanced knowledge.     * Incompatibilities may occur.     * The best settings may not be obvious. //\\ \\ //   * B Only - allows clients to connect using only 802.11b. //\\ \\ //   * G Only - allows clients to connect using only 802.11n. //\\ \\ //   * B/G Mixed - allows clients to connect using 802.11b/802.11g. //\\ \\ //   * N only - allows clients to connect using only the 802.11n. //\\ \\ //   //\\ //  These apply only to the 2.4 GHz interface. Any 5 GHz interface will have separate Mode settings.   //\\ //  **SSID:** the network name (Service Set IDentifier) for the 2.4 GHz WiFi interface.  For security, don't include personal identity/address/location/equipment type. Avoid using single dictionary words.  (Default: FreshTomatoXX, where “XX” is the band numbers.)  For example: “FreshTomato24”. //\\ \\ //  **Broadcast: **enables SSID broadcasting.  This “announces” the SSID, so it's easy to find and connect to.  Common software can easily sniff SSIDs, so in reality, disabling Broadcast provides little security increase.//\\ \\ //  **Channel: **the channel on which the 2.4 GHz interface operates.  Generally, choose a different channel than your neighbours'. (Default: Auto).   //\\ //    * [Auto]* - this default is generally safe unless there's too much  //\\ //interference from other, nearby equipment. //\\ //FreshTomato uses the channel it senses has the least interference.   * [Channel] - lets you manually choose available channels on the band. //\\ //Unavailable channels won't appear. //\\ \\ //  **Channel Width:** lets you choose the (frequency) width of the channel.   //\\ //    * [20 MHz]   * [40 MHz]   //\\ //  802.11n uses a 40 MHz channel by combining a main 20 MHz channel with an adjacent 20 MHz channel above/below for compatibility.   //\\ //   //\\ //  **Control Sideband:** this lets you choose whether the sideband channel is above (Upper) or below (Lower) the main channel.   //\\ //    * Upper *   * Lower//\\ //  This is only available If 20 or 40 Channel Width is selected. (Default: Upper).  //\\ //  **Security**: here, choose the security protocol used on the 2.4 GHz WiFi interface.   //\\ //    * [Disabled] - disables all security, leaving the network open to anyone. //\\ //Avoid using this. It is a basically an unlimited security risk. //\\ //   //\\ //    * [WEP] - enables Wired Equivalent Privacy protocol. Avoid this. //\\ //It's obsolete //\\ //due to serious vulnerabilities, including weak encryption. //\\ //   //\\ //    * [WPA Personal] - enables WiFi Protected Access Protocol 1.x.      * Uses the RC4-based TKIP protocol.     * Lets hosts exchange pre-shared keys, for more security.      * More secure than WEP, but has weaker encryption standards.     * WPA2 is strongly encouraged instead. //\\ //   //\\ //    * [WPA Enterprise] - (WPA-802.1X) - is similar to WPA Personal, //\\ //but each user has his/her own username/password.     * No common pre-shared key is used.     * Doesn't require a RADIUS server.      * Is more secure against short password dictionary attacks.      * Suitable for larger, more formal networks. //\\ //   //\\ //    * [WPA2 Personal] - WiFi Protected Access v2 uses parts of 802.11i.     * Makes AES encryption mandatory, so more secure.      * Recommended for small- to mid-sized, informal networks. //\\ //   //\\ //    * [WPA2 Enterprise] - enables the Enterprise version of WPA2.      * Uses WPA2, but each user has own username/passkey.      * Is based on parts of 802.11i.      * Doesn't require a RADIUS server.     * Suitable for larger, more structured networks. //\\ //   //\\ //    * [WPA / WPA2 Personal] - enables both protocols. //\\ //The router communicates via whatever it detects from the client. //\\ //   //\\ //    * [WPA / WPA2 Enterprise] - enables both protocols. //\\ //The router communicates via whatever it detects from the client. //\\ //   //\\ //    * [RADIUS] - enables Remote Access Dialup User Service.     * Designed for larger organizations.      * Uses a separate server to authenticate/permit/track users.      * Supports authentication via certificates.     * Is usually only for advanced users.//\\ \\ //   //\\ //  **Shared Key:**  the authentication key for WiFi LAN clients. Asterisks display before inserting the cursor. //\\ \\ //  **Group Key Renewal:**  sets how often client-router encryption keys are rotated.  This is a part of the WPA protocol.  (Default: 3600 seconds).   //\\ //  The following limits apply to adjusting key rotation interval:   //\\ //    * r2023.5 and later: From 1 second to 2592000 seconds //\\ //[for ARM-based and MIPS RT-N / MIPS-RT-AC hardware] //\\ //Where: 0 = disabled   (not advised).    * r2023.4 and earlier (for all hardware): 60 - 7200 seconds.  ===== Wireless (5 GHz / interface eth2) =====  The Wireless (5 GHz) section displays settings and information for the 5 GHz WiFi network interface.  Your device may show a different device name than eth1. FreshTomato hardware device numbers begin at 0.   //\\ //  For example,    * The first Ethernet device might be called "eth0".    * The second wireless device might be called "wl1".   //\\ //  Typically, the 5 GHz WiFi band has higher bandwidth, but shorter range than the 2.4 GHz band.   //\\ //  **Enable Wireless:**  checking this enables the 5 GHz WiFi interface. //\\ \\ //  **MAC Address:**  displays the MAC (hardware) address of the 5 GHz WiFi interface. //\\ //Clicking on this takes you to the [[:mac_address|MAC Address]] page to choose your own address for the interface. //\\ \\ //  **Wireless Mode:**  lets you select the wireless mode (function) of the 5 GHz interface. //\\ //  //\\ //  //\\ //  ^   ^  **Table: 5 GHz interface Wireless Mode**  ^ |  **Wireless Mode**  |  **Description**  | |  //\\ //Access Point  | //\\ //The default setting that allows clients to connect to FreshTomato wireless networks. //\\ \\ //-   IPv4 & IPv6 communication work for MIPS and ARM. //\\ //| |  //\\ //Access Point WDS  | //\\ //Sets the router in "repeater mode", letting clients to connect via WiFi while acting as a //\\ //WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. //\\ \\ //| |  //\\ \\ // //\\ // //\\ \\ // //\\ //Wireless Client  | //\\ //The router connects to another router/AP like any other wireless client would. //\\ \\ //-  This mode works for: //\\ //    -  MIPS devices (SDK5: RT and RT-N images) and//\\ //    -  ARM devices (SDK6 & SDK7) starting with r2021.5 //\\ //-  This mode doesn't yet work on SDK6 MIPS RT-AC images. //\\ \\ //-  Only one WiFi radio can be used in this mode. //\\ //   -  Other radio modules present can be used in AP mode. //\\ \\ //-  Disable Wireless Band Steering with mode during initial setup. //\\ //(Advanced users can adjust band steering NVRAM values). //\\ \\ //-  WPA2 Personal with AES is the recommended security setup for WiFi connections, //\\ //especially for MIPS SDK5 (RT + RT-N) //\\ //   -  Try these settings if you cannot establish a connection.//\\ \\ //| |  //\\ // //\\ \\ // //\\ //Wireless Ethernet Bridge  | //\\ //Configures FreshTomato to connect to another router. //\\ //Clients connected to both routers remain in the same subnet. //\\ \\ //-  As of version 1.19, this mode must have security set to WPA2 //\\ //to work properly.-  IPv4 communication works for MIPS + ARM builds. //\\ //-  IPv6 will only work for r2021.1 SDK6 ARM Dual-Core and later. //\\ \\ //-  SDK7 does not work/will not ever work in this mode. //\\ \\ //-  Do not enable wireless band steering (BSD) with this mode enabled. //\\ \\ //-  Use Wireless Ethernet Bridge to connect only to your main AP (no virtual interfaces). //\\ //   -  Other radio modules can be used, for example, in AP mode. //\\ \\ //| |  //\\ // //\\ // //\\ // //\\ // //\\ // //\\ //Media Bridge Mode  | //\\ //Configures FreshTomato to connect to another router/AP. //\\ //All clients connected to both routers remain in the same subnet. //\\ \\ //-  This is similar to Wireless Ethernet Bridge mode for SDK6 //\\ //and up (for MIPS RT-AC and all ARM images).//\\ //-  Using Wireless Ethernet Bridge mode is recommended for //\\ //MIPS RT and RT-N images (like the RT-N16, E4200v1).//\\ //-  This Mode is not supported with SDK5 (RT / RT-N) builds //\\ \\ //-  Both IPv4 and IPv6 function properly. IPv6 traffic works without //\\ //needing to enable IPv6 in the web interface. //\\ // //\\ //-  Support for this mode started with r2021.6. //\\ \\ //-  Do not enable wireless band steering with this mode enabled.//\\ //-  Use Media Bridge interface to connect only to your main AP (no virtual interfaces). //\\ //     -  Other radio modules can be used, for example, in AP mode. //\\ \\ //| |  //\\ //WDS  | //\\ //FreshTomato will act only as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station. //\\ \\ //| | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||   //\\ // //\\ //   **Wireless Network Mode: **here, select the 802.11 WiFi protocols available to clients.   //\\ //    * [Auto] - WiFi clients automatically negotiate the best protocol.     * Recommended unless you're highly experienced with WiFi.     * Compatibility issues may occur. The “logical” setting isn't always best. //\\ \\ //   * [A Only] - allows clients to connect using only 802.11a. //\\ \\ //   * [N Only] -  allows clients to connect using only 802.11n. //\\ \\ //   * [N/AC mixed] - allows clients to connect using only 802.11ac or 802.11n. //\\ \\ //   * [AC Only] - allows clients to connect using only 802.11ac.   //\\ //(Default: Auto)  //\\ // Only r2021.8 and later have have a separate setting for 802.11ac. Any 2.4 GHz band interface will have separate Mode settings.//\\ \\ //  **SSID:**  the network name of the 5 GHz WiFi.  For security, don't include personal words/phrases indicating your name, identity, address, location, or equipment type. Single dictionary words also make for very poor security.//\\ \\ //(Default: FreshTomatoXX, where “XX” is the digits in the band.) On a 5 GHz network, the default SSID is “FreshTomato50”. //\\ \\ //  **Broadcast: **enables SSID broadcasting.  This “announces” the SSID, so it's easy to find. SSIDs are easily sniffed, so disabling SSID Broadcast offers little security improvement. //\\ \\ //  **Channel: **selects the channel on which the 5 GHz WiFi interface will operate..  Generally, you should choose a different channel than the one your neighbours use.   //\\ //    * [Auto]*: This default is usually safe unless there's too much //\\ //interference from nearby equipment.      * FreshTomato selects the channel it thinks has the least interference.   * [Channel]: lets you manually choose from available channels //\\ //on the band. Unavailable channels won't appear.  //\\ //  **Channel Width:**  lets you select the channel width (frequency-wise).   //\\ //    *  [20 MHz]   *  [40 MHz]   *  [80 MHz]   * [160 MHz] (not yet supported, but may eventually be on some SDK714 models)   //\\ // //\\ //  Larger channel widths provide more speed/bandwidth if there's low interference.  The 5GHz band is less prone to interference and noise, because on that band, 20 MHz channels don't overlap. Interference is more common on the 2.4 GHz band.  Usually, it's fine to choose a larger channel width. However, if you see slow traffic, or clients having trouble authenticating/associating with the router, try a narrower channel width.  802.11n can use 40 MHz channel width. However, for legacy compatibility, it uses a main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main one. //\\ \\ //  **Control Sideband:**  select whether the extra channel used is above (Upper) or below (Lower) the main channel.  This is available only if 40/80/160 MHz Channel Width is selected. (Default: Upper).//\\ \\ //  **Security:** lets you choose the security protocol to be used on the 2.4 GHz interface.   //\\ //    * [Disabled] - disables all security, leaving the network open to anyone.     * Avoid using this. It's basically an unlimited security risk. //\\ //   //\\ //    * [WEP] - enables Wired Equivalent Privacy protocol. Avoid using this.     * Obsolete due to serious vulnerabilities like weak encryption. //\\ //   //\\ //    * [WPA Personal] - enables WiFi Protected Access 1.x (with RC4-based TKIP protocol).     * Lets hosts exchange pre-shared keys for more security.      * More secure than WEP, but problems include low encryption standards.      * Strongly encouraged instead of WPA. //\\ //   //\\ //    * [WPA Enterprise] (or: "WPA-802.1X") - similar to WPA Personal, //\\ //but each user has their own username/password.     * No common pre-shared key is used.     * Doesn't require a RADIUS server.      * More secure against short-password dictionary attacks.      * Suitable for larger, more formal networks. //\\ //   //\\ //    * [WPA2 Personal] - uses elements of the 802.11i standard.     * Supports mandatory use of AES. More secure than old protocols.      * Recommended for small/mid-sized informal networks.   //\\ //    * [WPA2 Enterprise] - enables the Enterprise version of WPA2.      * Uses WPA2, but each user has their own username/passkey.      * Is based on parts of 802.11i.      * Doesn't require a RADIUS server.      * Is appropriate for larger, more structured networks. //\\ //   //\\ //    * [WPA / WPA2 Personal] - uses WPA2 Personal, and if that fails, WPA.   //\\ //    * [WPA / WPA2 Enterprise] - uses WPA2 Enterprise, and if that fails, WPA .   //\\ //    * [RADIUS] - enables Remote Access Dialup User Service.     * Designed for larger organizations.      * Uses a separate server to authenticate/permit/track users.      * Supports authentication via certificates.     * Suitable for advanced users.   //\\ //  **Shared Key:**  the shared authentication key for WiFi LAN clients. Asterisks display until you click your cursor. //\\ \\ //  **Group Key Renewal:**  sets how often client-router encryption keys are rotated.  This is part of the WPA protocol. See the first wireless radio unit for more details.  (Default: 3600 seconds).  ===== Network Notes and Troubleshooting =====  ==== Tune Route Cache ====  Specifically, enabling this option does the following:   //\\ //  <code bash> # 2018-01-19 # Reduce and flush the route cache to ensure a more synchronous load-balancing across multi-wan # [[https://vincent.bernat.im/en/blog/2011-ipv4-route-cache-linux]]  /bin/echo 1 > /proc/sys/net/ipv4/route/flush /bin/echo 1 > /proc/sys/net/ipv4/route/secret_interval /bin/echo 0 > /proc/sys/net/ipv4/route/min_delay /bin/echo 1 > /proc/sys/net/ipv4/route/max_delay /bin/echo 1 > /proc/sys/net/ipv4/route/gc_interval /bin/echo 1 > /proc/sys/net/ipv4/route/gc_elasticity /bin/echo 1 > /proc/sys/net/ipv4/route/gc_min_interval_ms /bin/echo 0 > /proc/sys/net/ipv4/route/gc_min_interval /bin/echo 1 > /proc/sys/net/ipv4/route/gc_thresh /bin/echo 1 > /proc/sys/net/ipv4/route/gc_timeout  #Causes connectivity issues if this value is too small, use defaults or tune accordingly /bin/echo 512 > /proc/sys/net/ipv4/route/max_size </code>   //\\ //  //\\ //  //\\ //  ==== Baby Jumbo Frames ====  Support for Baby Jumbo Frames started with r2021.3. It works only on gigabit routers.  Very few ISPs support Jumbo Frames for PPPoE. To enable Baby Jumbo Frames:   //\\ //    * Go the [[advanced-misc|Miscellaneous]] menu. Check //Enable jumbo frame support// . //\\ //The router will reboot.   * In the [[basic-network|Network]] menu, Set MTU to manual. For PPPoE operation,  //\\ //enter an MTU of: 1500. (Usually, use packet size: 1492).   * Clamping can be manually disabled, if needed. At a FreshTomato//\\ //command prompt: type: "nvram set tcp_clamp_disable=1"    * Ping with packet size of 1472 to verify a working PPP MTU of 1500.   //\\ //  ==== Wireless Band Steering ====   //\\ // This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:  //\\ //  //\\ //  <code -> Steer Policy: max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3 Rule Logic: OR RSSI: Greater than VHT: Allowed NON VHT: Allowed NEXT RF: NO PHYRATE (HIGH): Greater than or Equal to LOAD BALANCE: NO STA NUM BALANCE: NO PHYRATE (LOW): Less than N ONLY: NO </code>   //\\ //  //\\ // //\\ //  This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:  //\\ //  //\\ //  <code -> Steer Policy: max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2 Rule Logic: OR RSSI: Less than or Equal to VHT: Allowed NON VHT: Allowed NEXT RF: NO PHYRATE (HIGH): Greater than or Equal to LOAD BALANCE: NO STA NUM BALANCE: NO PHYRATE (LOW): Less than N ONLY: NO </code>  //\\ //  //\\ // For more details, see: //\\ //[[https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0|Smallnetbuilder: Asus RT-AC3200 Smart Connect-the Missing Manual]]  //\\ //  //\\
+**IP Range //(first/last)//**:  the range of IP addresses the DHCP server will assign to LAN clients.
+In the top field, enter the first valid address in the subnet. Enter the the last address in the bottom field. \\ \\
+**Lease Time (//mins.//)**: the DHCP lease time, in minutes. (Default: 1440). \\ \\
+**Automatic IP**: lets FreshTomato obtain a LAN IP via DHCP.  \\  Since release 2022.6, this option is supported in: \\   \\   \\
+  - AP Mode
+  - Wireless Ethernet Bridge Mode
+  - Media Bridge Mode.\\ \\
+After saving settings, the router's new default address is 192.168.1.1 until it obtains DHCP data.\\
+===== Ethernet Ports State - Configuration =====
+Settings here are for the Ethernet Ports State graphic in the [[status-overview|Overview]] menu. Link status, Link speed and Diagnostic information are shown for each port, .
+ \\
+{{basic-network-ethernet_ports_state_configuration-2024.1.png?291}}
+ \\
+**Enable Ports State:** enables the Ethernet Ports State graphic. (Default: On). \\ \\
+**Show Speed Info:** checking this displays the link speed of each port, (1GB/100MB/10MB).
+(Default: On). \\ \\
+**Invert ports order:** displays port icons in the opposite order from where they are on the hardware.
+This is useful when the order of display icons doesn't match the physical locations on the router. (Default: Off).
+===== Wireless Band Steering =====
+This feature makes FreshTomato assess on which band a client should connect, then "nudge" it towards that band.
+\\
+{{::wireless_band_steering.png?564}}
+ \\
+When enabled, these settings are saved to NVRAM, then replicated from the first WiFi radio to all other radios:
+ \\
+  - SSID
+  - Broadcast
+  - KEY1-4
+  - Shared Key
+  - Encryption
+  - Radius Key
+  - Radius Port
+  - Radius IP
+ \\
+(Visibility depends on the wireless security selected)
+ \\
+Among the settings that will NOT be replicated are:
+ \\
+  * Channel
+  * Channel Width
+  * Wireless Network Mode
+  * Band (2.4 / 5 GHz)
+  * Country Code/Rev
+  * Beamforming
+ \\
+This feature is available since r2020.8 (for ARM hardware only). See the [[https://wiki.freshtomato.org/doku.php/basic-network#network_notes_and_troubleshooting|Notes]] section for more details.
+Client devices also may try to switch bands on their own, without the influence of Wireless Band Steering.
+\\
+===== Wireless (2.4 GHz / interface eth1) =====
+The Wireless (2.4 GHz) section displays information and settings for the 2.4 GHz wireless interface.
+Your device may show a different device name than eth1. Hardware device numbers begin at "0".
+The first Ethernet device might be called "eth0". The second might be called "wl1".
+ \\
+**Enable Wireless:** enables the 2.4 GHz WiFi interface. When unchecked disables that interface. \\ \\
+**MAC Address:** displays the MAC address of the 2.4 GHz WiFi interface.
+Clicking this takes you to the [[:mac_address|MAC Address]] page, to specify a custom address for this interface. \\ \\
+**Wireless Mode:** here, choose the wireless mode (function) of the 2.4 GHz WiFi interface.  \\   \\
+ \\
+^   ^  **Table: 2.4 GHZ Interface Wireless Modes**  ^
+|  **Wireless Mode**  |  **Description**  |
+|  \\ Access Point*  | \\ The (default) setting, that allows clients to connect to FreshTomato WiFi networks. \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
+|  \\ Access Point WDS  | \\ Sets the router in "repeater mode". Clients can connect via WiFi while \\ the router also acts as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
+|  \\  \\  \\  \\  \\   \\ \\ \\ Wireless Client  | \\ The router connects to another router/AP as any other WiFi client would. \\ \\ -  Wireless Client mode works for:\\    -  MIPS devices (SDK5: RT and RT-N images)\\    -  ARM devices (SDK6 & SDK7 & SDK714) starting with r2021.5\\ -  This mode does not yet work on SDK6 MIPS RT-AC builds. \\     (The option was removed from the GUI starting with r2024.3) \\ \\ -  Only one WiFi radio can be used in this mode. \\    -  Other radio modules present can be used in AP mode. \\ \\ -  Disable band steering when in this mode, (at least for initial setup). \\   -  Advanced users may adjust NVRAM values for band steering. \\ \\ -  The recommended WiFi security for this mode is WPA2 Personal/AES. \\    -  If no connection is possible using the above, try those settings.\\    -  This is especially true for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ |
+|  \\  \\  \\  \\  \\   \\  \\  \\ \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  Since WEB v1.19, this mode must have security set to WPA2 to work. \\ \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will be blocked. \\    -  A bug in the Linux wl driver may cause crashes. \\    -  For IPv6 support, use Media Bridge Mode. \\ \\ -  ARM SDK7 is not working/will never be possible. \\    - The option was removed from the GUI since r2024.3.\\ -  ARM SDK6 & SDK714 work correctly\\ -  MIPS SDK5: RT and RT-N work correctly\\ -  MIPS SDK6 RT-AC not working/will never be possible \\    -  (The option was removed from the GUI starting with r2024.3) \\ \\ -  Do not enable wireless band steering (BSD) when using this mode.\\ \\ -  Use this interface to connect only to your main AP (no virtual interfaces). \\   -  Other radio modules present can be used, for example, in A/P mode.\\ \\ |
+|  \\  \\  \\  \\  \\  \\  \\  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point.\\ All clients connected to both routers remain in the same subnet.  \\ \\ -  Support for this mode started with r2021.6.\\ -  Similar to Wireless Ethernet Bridge mode for SDK6 and up \\ -  (only for MIPS RT-AC images + ARM images). \\ \\ -  Use Wireless Ethernet Bridge mode for MIPS RT / RT-N builds, \\    like the RT-N16, E4200v1.\\ -  This Mode isn't supported in SDK5 (RT / RT-N) builds.\\ -  ARM SDK6 & SDK7 & SDK714 work properly.\\ -  MIPS SDK6 RT-AC work properly. \\ \\ -  Both IPv4 and IPv6 function well. \\   -  You don't need to enable IPv6 via the GUI. IPv6 traffic just works. \\ \\ -  Don't enable wireless band steering (BSD) with this mode enabled.\\    Use this interface only to connect to your main A/P (not to virtual interfaces). \\    -  Other radio modules can be used, for example, in A/P mode.\\ \\ |
+|  \\ WDS  | \\ Serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ |
+| //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||
+\\  \\
+**Wireless Network Mode: **selects which 802.11 WiFi protocols to make available to clients.
+The network modes available here will depend on your hardware.
+ \\
+  * Auto * - WiFi clients automatically negotiate the best protocol.
+    * Recommended, unless you have advanced knowledge.
+    * Incompatibilities may occur.
+    * The best settings may not be obvious. \\ \\
+  * B Only - allows clients to connect using only 802.11b. \\ \\
+  * G Only - allows clients to connect using only 802.11n. \\ \\
+  * B/G Mixed - allows clients to connect using 802.11b/802.11g. \\ \\
+  * N only - allows clients to connect using only the 802.11n. \\ \\
+ \\
+These apply only to the 2.4 GHz interface. Any 5 GHz interface will have separate Mode settings.
+ \\
+**SSID:** the network name (Service Set IDentifier) for the 2.4 GHz WiFi interface.
+For security, don't include personal identity/address/location/equipment type. Avoid using single dictionary words.
+(Default: FreshTomatoXX, where “XX” is the band numbers.)  For example: “FreshTomato24”. \\ \\
+**Broadcast: **enables SSID broadcasting.
+This “announces” the SSID, so it's easy to find and connect to.
+Common software can easily sniff SSIDs, so in reality, disabling Broadcast provides little security increase.\\ \\
+**Channel: **the channel on which the 2.4 GHz interface operates.
+Generally, choose a different channel than your neighbours'. (Default: Auto).
+ \\
+  * [Auto]* - this default is generally safe unless there's too much  \\ interference from other, nearby equipment. \\ FreshTomato uses the channel it senses has the least interference.
+  * [Channel] - lets you manually choose available channels on the band. \\ Unavailable channels won't appear. \\ \\
+**Channel Width:** lets you choose the (frequency) width of the channel.
+ \\
+  * [20 MHz]
+  * [40 MHz]
+ \\
+.11n uses a 40 MHz channel by combining a main 20 MHz channel with an adjacent 20 MHz channel above/below for compatibility.
+ \\
+ \\
+**Control Sideband:** this lets you choose whether the sideband channel is above (Upper) or below (Lower) the main channel.
+ \\
+  * Upper *
+  * Lower\\
+This is only available If 20 or 40 Channel Width is selected. (Default: Upper).
+\\
+**Security**: here, choose the security protocol used on the 2.4 GHz WiFi interface.
+ \\
+  * [Disabled] - disables all security, leaving the network open to anyone. \\ Avoid using this. It is a basically an unlimited security risk. \\
+ \\
+  * [WEP] - enables Wired Equivalent Privacy protocol. Avoid this. \\ It's obsolete \\ due to serious vulnerabilities, including weak encryption. \\
+ \\
+  * [WPA Personal] - enables WiFi Protected Access Protocol 1.x.
+    * Uses the RC4-based TKIP protocol.
+    * Lets hosts exchange pre-shared keys, for more security.
+    * More secure than WEP, but has weaker encryption standards.
+    * WPA2 is strongly encouraged instead. \\
+ \\
+  * [WPA Enterprise] - (WPA-802.1X) - is similar to WPA Personal, \\ but each user has his/her own username/password.
+    * No common pre-shared key is used.
+    * Doesn't require a RADIUS server.
+    * Is more secure against short password dictionary attacks.
+    * Suitable for larger, more formal networks. \\
+ \\
+  * [WPA2 Personal] - WiFi Protected Access v2 uses parts of 802.11i.
+    * Makes AES encryption mandatory, so more secure.
+    * Recommended for small- to mid-sized, informal networks. \\
+ \\
+  * [WPA2 Enterprise] - enables the Enterprise version of WPA2.
+    * Uses WPA2, but each user has own username/passkey.
+    * Is based on parts of 802.11i.
+    * Doesn't require a RADIUS server.
+    * Suitable for larger, more structured networks. \\
+ \\
+  * [WPA / WPA2 Personal] - enables both protocols. \\ The router communicates via whatever it detects from the client. \\
+ \\
+  * [WPA / WPA2 Enterprise] - enables both protocols. \\ The router communicates via whatever it detects from the client. \\
+ \\
+  * [RADIUS] - enables Remote Access Dialup User Service.
+    * Designed for larger organizations.
+    * Uses a separate server to authenticate/permit/track users.
+    * Supports authentication via certificates.
+    * Is usually only for advanced users.\\ \\
+ \\
+**Shared Key:**  the authentication key for WiFi LAN clients. Asterisks display before inserting the cursor. \\ \\
+**Group Key Renewal:**  sets how often client-router encryption keys are rotated.
+This is a part of the WPA protocol.
+(Default: 3600 seconds).
+ \\
+The following limits apply to adjusting key rotation interval:
+ \\
+  * r2023.5 and later: From 1 second to 2592000 seconds \\ [for ARM-based and MIPS RT-N / MIPS-RT-AC hardware] \\ Where: 0 = disabled   (not advised).
+  * r2023.4 and earlier (for all hardware): 60 - 7200 seconds.
+===== Wireless (5 GHz / interface eth2) =====
+The Wireless (5 GHz) section displays settings and information for the 5 GHz WiFi network interface.
+Your device may show a different device name than eth1. FreshTomato hardware device numbers begin at 0.
+ \\
+For example,
+  * The first Ethernet device might be called "eth0".
+  * The second wireless device might be called "wl1".
+ \\
+Typically, the 5 GHz WiFi band has higher bandwidth, but shorter range than the 2.4 GHz band.
+ \\
+**Enable Wireless:**  checking this enables the 5 GHz WiFi interface. \\ \\
+**MAC Address:**  displays the MAC (hardware) address of the 5 GHz WiFi interface. \\ Clicking on this takes you to the [[:mac_address|MAC Address]] page to choose your own address for the interface. \\ \\
+**Wireless Mode:**  lets you select the wireless mode (function) of the 5 GHz interface. \\   \\   \\
+^   ^  **Table: 5 GHz interface Wireless Mode**  ^
+|  **Wireless Mode**  |  **Description**  |
+|  \\ Access Point  | \\ The default setting that allows clients to connect to FreshTomato wireless networks. \\ \\ -   IPv4 & IPv6 communication work for MIPS and ARM. \\ |
+|  \\ Access Point WDS  | \\ Sets the router in "repeater mode", letting clients to connect via WiFi while acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
+|  \\ \\  \\  \\ \\  \\ Wireless Client  | \\ The router connects to another router/AP like any other wireless client would. \\ \\ -  This mode works for: \\     -  MIPS devices (SDK5: RT and RT-N images) and\\     -  ARM devices (SDK6 & SDK7) starting with r2021.5 \\ -  This mode doesn't yet work on SDK6 MIPS RT-AC images. \\ \\ -  Only one WiFi radio can be used in this mode. \\    -  Other radio modules present can be used in AP mode. \\ \\ -  Disable Wireless Band Steering with mode during initial setup. \\ (Advanced users can adjust band steering NVRAM values). \\ \\ -  WPA2 Personal with AES is the recommended security setup for WiFi connections, \\ especially for MIPS SDK5 (RT + RT-N) \\    -  Try these settings if you cannot establish a connection.\\ \\ |
+|  \\  \\ \\  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. \\ Clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 \\ to work properly.-  IPv4 communication works for MIPS + ARM builds. \\ -  IPv6 will only work for r2021.1 SDK6 ARM Dual-Core and later. \\ \\ -  SDK7 does not work/will not ever work in this mode. \\ \\ -  Do not enable wireless band steering (BSD) with this mode enabled. \\ \\ -  Use Wireless Ethernet Bridge to connect only to your main AP (no virtual interfaces). \\    -  Other radio modules can be used, for example, in AP mode. \\ \\ |
+|  \\  \\  \\  \\  \\  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/AP. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This is similar to Wireless Ethernet Bridge mode for SDK6 \\ and up (for MIPS RT-AC and all ARM images).\\ -  Using Wireless Ethernet Bridge mode is recommended for \\ MIPS RT and RT-N images (like the RT-N16, E4200v1).\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds \\ \\ -  Both IPv4 and IPv6 function properly. IPv6 traffic works without \\ needing to enable IPv6 in the web interface. \\  \\ -  Support for this mode started with r2021.6. \\ \\ -  Do not enable wireless band steering with this mode enabled.\\ -  Use Media Bridge interface to connect only to your main AP (no virtual interfaces). \\      -  Other radio modules can be used, for example, in AP mode. \\ \\ |
+|  \\ WDS  | \\ FreshTomato will act only as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station. \\ \\ |
+| //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||
+ \\  \\
+ **Wireless Network Mode: **here, select the 802.11 WiFi protocols available to clients.
+ \\
+  * [Auto] - WiFi clients automatically negotiate the best protocol.
+    * Recommended unless you're highly experienced with WiFi.
+    * Compatibility issues may occur. The “logical” setting isn't always best. \\ \\
+  * [A Only] - allows clients to connect using only 802.11a. \\ \\
+  * [N Only] -  allows clients to connect using only 802.11n. \\ \\
+  * [N/AC mixed] - allows clients to connect using only 802.11ac or 802.11n. \\ \\
+  * [AC Only] - allows clients to connect using only 802.11ac.
+ \\ (Default: Auto)  \\  Only r2021.8 and later have have a separate setting for 802.11ac. Any 2.4 GHz band interface will have separate Mode settings.\\ \\
+**SSID:**  the network name of the 5 GHz WiFi.
+For security, don't include personal words/phrases indicating your name, identity, address, location, or equipment type. Single dictionary words also make for very poor security.\\ \\ (Default: FreshTomatoXX, where “XX” is the digits in the band.) On a 5 GHz network, the default SSID is “FreshTomato50”. \\ \\
+**Broadcast: **enables SSID broadcasting.
+This “announces” the SSID, so it's easy to find. SSIDs are easily sniffed, so disabling SSID Broadcast offers little security improvement. \\ \\
+**Channel: **selects the channel on which the 5 GHz WiFi interface will operate..
+Generally, you should choose a different channel than the one your neighbours use.
+ \\
+  * [Auto]*: This default is usually safe unless there's too much \\ interference from nearby equipment.
+    * FreshTomato selects the channel it thinks has the least interference.
+  * [Channel]: lets you manually choose from available channels \\ on the band. Unavailable channels won't appear.
+\\
+**Channel Width:**  lets you select the channel width (frequency-wise).
+ \\
+  *  [20 MHz]
+  *  [40 MHz]
+  *  [80 MHz]
+  * [160 MHz] (not yet supported, but may eventually be on some SDK714 models)
+ \\  \\
+Larger channel widths provide more speed/bandwidth if there's low interference.
+The 5GHz band is less prone to interference and noise, because on that band, 20 MHz channels don't overlap. Interference is more common on the 2.4 GHz band.
+Usually, it's fine to choose a larger channel width. However, if you see slow traffic, or clients having trouble authenticating/associating with the router, try a narrower channel width. 802.11n can use 40 MHz channel width. However, for legacy compatibility, it uses a main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main one. \\ \\
+**Control Sideband:**  select whether the extra channel used is above (Upper) or below (Lower) the main channel.
+This is available only if 40/80/160 MHz Channel Width is selected. (Default: Upper).\\ \\
+**Security:** lets you choose the security protocol to be used on the 2.4 GHz interface.
+ \\
+  * [Disabled] - disables all security, leaving the network open to anyone.
+    * Avoid using this. It's basically an unlimited security risk. \\
+ \\
+  * [WEP] - enables Wired Equivalent Privacy protocol. Avoid using this.
+    * Obsolete due to serious vulnerabilities like weak encryption. \\
+ \\
+  * [WPA Personal] - enables WiFi Protected Access 1.x (with RC4-based TKIP protocol).
+    * Lets hosts exchange pre-shared keys for more security.
+    * More secure than WEP, but problems include low encryption standards.
+    * Strongly encouraged instead of WPA. \\
+ \\
+  * [WPA Enterprise] (or: "WPA-802.1X") - similar to WPA Personal, \\ but each user has their own username/password.
+    * No common pre-shared key is used.
+    * Doesn't require a RADIUS server.
+    * More secure against short-password dictionary attacks.
+    * Suitable for larger, more formal networks. \\
+ \\
+  * [WPA2 Personal] - uses elements of the 802.11i standard.
+    * Supports mandatory use of AES. More secure than old protocols.
+    * Recommended for small/mid-sized informal networks.
+ \\
+  * [WPA2 Enterprise] - enables the Enterprise version of WPA2.
+    * Uses WPA2, but each user has their own username/passkey.
+    * Is based on parts of 802.11i.
+    * Doesn't require a RADIUS server.
+    * Is appropriate for larger, more structured networks. \\
+ \\
+  * [WPA / WPA2 Personal] - uses WPA2 Personal, and if that fails, WPA.
+ \\
+  * [WPA / WPA2 Enterprise] - uses WPA2 Enterprise, and if that fails, WPA .
+ \\
+  * [RADIUS] - enables Remote Access Dialup User Service.
+    * Designed for larger organizations.
+    * Uses a separate server to authenticate/permit/track users.
+    * Supports authentication via certificates.
+    * Suitable for advanced users.
+ \\
+**Shared Key:**  the shared authentication key for WiFi LAN clients. Asterisks display until you click your cursor. \\ \\
+**Group Key Renewal:**  sets how often client-router encryption keys are rotated.
+This is part of the WPA protocol. See the first wireless radio unit for more details.
+(Default: 3600 seconds).
+===== Network Notes and Troubleshooting =====
+==== Tune Route Cache ====
+Specifically, enabling this option does the following:
+ \\
+<code bash>
+# 2018-01-19
+# Reduce and flush the route cache to ensure a more synchronous load-balancing across multi-wan
+# https://vincent.bernat.im/en/blog/2011-ipv4-route-cache-linux
+/bin/echo 1 > /proc/sys/net/ipv4/route/flush
+/bin/echo 1 > /proc/sys/net/ipv4/route/secret_interval
+/bin/echo 0 > /proc/sys/net/ipv4/route/min_delay
+/bin/echo 1 > /proc/sys/net/ipv4/route/max_delay
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_interval
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_elasticity
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_min_interval_ms
+/bin/echo 0 > /proc/sys/net/ipv4/route/gc_min_interval
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_thresh
+/bin/echo 1 > /proc/sys/net/ipv4/route/gc_timeout
+#Causes connectivity issues if this value is too small, use defaults or tune accordingly
+/bin/echo 512 > /proc/sys/net/ipv4/route/max_size
+</code>
+ \\   \\   \\
+==== Baby Jumbo Frames ====
+Support for Baby Jumbo Frames started with r2021.3. It works only on gigabit routers.
+Very few ISPs support Jumbo Frames for PPPoE. To enable Baby Jumbo Frames:
+ \\
+  * Go the [[advanced-misc|Miscellaneous]] menu. Check //Enable jumbo frame support// . \\ The router will reboot.
+  * In the [[basic-network|Network]] menu, Set MTU to manual. For PPPoE operation,  \\ enter an MTU of: 1500. (Usually, use packet size: 1492).
+  * Clamping can be manually disabled, if needed. At a FreshTomato\\ command prompt: type: "nvram set tcp_clamp_disable=1"
+  * Ping with packet size of 1472 to verify a working PPP MTU of 1500.
+ \\
+==== Wireless Band Steering ====
+ \\  This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:  \\   \\
+<code ->
+Steer Policy:
+max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3
+Rule Logic: OR
+RSSI: Greater than
+VHT: Allowed
+NON VHT: Allowed
+NEXT RF: NO
+PHYRATE (HIGH): Greater than or Equal to
+LOAD BALANCE: NO
+STA NUM BALANCE: NO
+PHYRATE (LOW): Less than
+N ONLY: NO
+</code>
+ \\   \\  \\
+This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:  \\   \\
+<code ->
+Steer Policy:
+max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2
+Rule Logic: OR
+RSSI: Less than or Equal to
+VHT: Allowed
+NON VHT: Allowed
+NEXT RF: NO
+PHYRATE (HIGH): Greater than or Equal to
+LOAD BALANCE: NO
+STA NUM BALANCE: NO
+PHYRATE (LOW): Less than
+N ONLY: NO
+</code>
+\\   \\  For more details, see: \\ [[https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0|Smallnetbuilder: Asus RT-AC3200 Smart Connect-the Missing Manual]]  \\   \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools