Site Tools


basic-network

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
basic-network [2022/03/25 08:34] – add recommendation for Wireless Ethernet Bridge m_arsbasic-network [2024/02/21 17:54] (current) – [WAN(x) Settings] -clarify Load Balance Weight and add OOO explanation hogwild
Line 1: Line 1:
 ====== Network ====== ====== Network ======
  
-The Network page includes most settings needed to configure the network. It is divided into sections including MultiWAN, WAN Settings, Ethernet Ports Configuration, LAN and Wireless setttings.+The Network page includes most basic settings needed to configure the network. It is divided into sections including MultiWAN, WAN Settings, Ethernet Ports Configuration, LAN and Wireless setttings.
  
 ===== MultiWAN ===== ===== MultiWAN =====
Line 7: Line 7:
 {{:pasted:20220318-155543.png}} {{:pasted:20220318-155543.png}}
  
-**Number of WAN ports**: This lets you select the number of WAN ports to be used on the device. On routers with only one physical WAN interface, options with WAN ports larger than one will be greyed out. This allows you to select only “1 WAN” on such devices.+ \\
  
-**Tune route cache**: for multiwan in load balancing mode - This is a suggested settings if two or more of your WANs have a weight higher than 0. Basically to improve the worload sharing some kernel tweaks are neededEnabling this option you specifically affect the following:+**Number of WAN ports**: This lets you select the number of WAN ports to be used on the device.
  
-<code bash> +On routers with only one physical WAN interface, options with more WAN ports will be greyed outYou can select only “1 WAN” on such devices.
-# 2018-01-19 +
-# Reduce and flush the route cache to ensure a more synchronous load-balancing across multi-wan +
-# https://vincent.bernat.im/en/blog/2011-ipv4-route-cache-linux+
  
-/bin/echo 1 > /proc/sys/net/ipv4/route/flush + \\
-/bin/echo 1 > /proc/sys/net/ipv4/route/secret_interval +
-/bin/echo 0 > /proc/sys/net/ipv4/route/min_delay +
-/bin/echo 1 > /proc/sys/net/ipv4/route/max_delay +
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_interval +
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_elasticity +
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_min_interval_ms +
-/bin/echo 0 > /proc/sys/net/ipv4/route/gc_min_interval +
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_thresh +
-/bin/echo 1 > /proc/sys/net/ipv4/route/gc_timeout+
  
-#Causes connectivity issues if this value is too small, use defaults or tune accordingly +**Tune route cache**: This is intended for MultiWAN configurations with load balancing.
-/bin/echo 512 > /proc/sys/net/ipv4/route/max_size +
-</code>+
  
-**Check Connections Every: **This is a quick way to make FreshTomato automatically test the reliability of your WAN connection. (Default: Disabled). Choosing any setting other than [Disabledwill execute the Watchdog script. The Watchdog script uses ping or traceroute to test WAN connection status.+This setting is advised when two or more WANs have weight larger than "0". Basically, it uses kernel tweaks to improve workload sharing. For more details, see the [[basic-network#network_notes_and_troubleshooting|Notes]] section below \\  \\
  
-This setting specifies how often you want the router to send ICMP ping packets to check that it is still connected to the Internet. Choosing any setting other than Disabled will make the Target 1 and Target 2 fields appear.+**Check Connections Every: **This is an easy way for FreshTomato to automatically test WAN connection reliability. (Default: Disabled). Choosing any setting but [Disabled] will execute the Watchdog script. This sets how often the router pings to check it is still connected to the Internet.
  
-**Target 1: **Address of first host you want FreshTomato to ping regularly (Default: Google.com)\\ **Target 2:** Address of second host you want FreshTomato to ping regularly (Default: Microsoft.com)  \\   \\+The Watchdog script uses ping or traceroute to test WAN connection status.
  
-===== WAN Settings =====+Choosing a setting other than Disabled will make "Target 1" and "Target 2" fields appear.
  
-Settings in this section are used to configure the WAN interface.+  * Target 1 -** **Here, enter the address of the first host to ping regularly (Default: Google.com) 
 +  * Target 2 - Here, enter the address of the second host to ping regularly (Default: Microsoft.com)\\   \\
  
-**Type: **This sets the connection mode the WAN interface uses to connect to your ISP. Depending on which Type you select, other configuration settings specific to that type of connection will be shown or hidden. See below. (Default: DHCP). The Type setting will depend on your ISP's setup. 
  
-**DHCP**: A DHCP server at your ISP will dynamically assign a WAN IP lease to your FreshTomato router. DHCP uses no authentication.+==== WAN(x) Settings ====
  
-**PPPoE**: The router's WAN port will respond to authentication requests from your ISP's PPPoE server. This will require you to store in FreshTomato the PPPoE username and password that were assigned by your ISP. If authentication is successful, the PPPoE server will allow you to log on to the ISP's network, and a DHCP server will assign you a WAN IP leasePPPoE is most often used for DSL networks, again with exceptions. It is suggested you leave the Service Name field blank.\\  Note: If you use your FreshTomato router for PPPoE authentication, you should ideally configure your DSL or cable modem for bridge mode. Otherwise, if your modem and router both have routing functions enabled, you have a situation called “Double NAT”. Double NAT may create various problems, such as VoIP issues, and reduced speed.+Settings in this section are used to configure the WAN interfaceThese settings depend on your ISP.
  
-Starting with release 2021.3support for Baby Jumbo Frames (RFC 4638) was added. FreshTomato will try to increase the WAN interface MTU to 1508. That is a PPPoE MTU/MRU value of 1500 with an 8 byte overhead. (Default is 1492).+Depending on the type selectedother settings specific to that type of connection will be shown or hidden.
  
-To enable Baby Jumbo Frames:+**Type: **This sets the connection mode the WAN interface will use to connect to your ISP. (Default: DHCP). 
 + 
 +  * **DHCP - **Your ISP's DHCP server will dynamically assign a WAN IP lease to FreshTomato.  
 +    * DHCP does not use authentication. \\  \\ 
 + 
 +  * **PPPoE - **The WAN port will respond to authentication requests from your ISP's PPPoE server.   
 +    * This is most often used for DSL networks. 
 +    * This stores in FreshTomato the PPPoE username and password assigned by your ISP. 
 +    * If authentication succeeds, the PPPoE server allows logon to the ISP network, and a DHCP server assigns you a WAN IP lease. 
 +    * Leave the //Service Name// field blank. 
 +    * Starting with release 2021.3, support for Baby Jumbo Frames (RFC 4638) was added in the [[advanced-misc|Miscellaneous]] menu. 
 +    * When using Baby Jumbo Frames, set MTU to 1500, consistent with the Baby Jumbo Frames change. (See [[https://wiki.freshtomato.org/doku.php/basic-network#network_notes_and_troubleshooting|Notes]]) \\  \\ 
 + 
 +  * **Static - **This choice will configure your WAN port with a static IP.  
 +    * You must manually enter the following settings in FreshTomato, from your ISP: 
 +      * Static IP address 
 +      * Subnet mask 
 +      * Gateway address 
 +      * DNS server addresses 
 +    * This mode is commonly used for business accounts, when the IP address shouldn't change. \\  \\ 
 + 
 +  * **PPTP - **This configures the WAN port to use Microsoft's PPTP (VPN) tunneling protocol to connect.  
 +    * This section will require you to enter:  
 +      * a username 
 +      * password 
 +      * gateway server settings (given by your ISP). \\  \\ 
 + 
 +  * **L2TP - **Choosing this configures the WAN port to connect using Cisco's Layer Two Tunnelling Protocol. 
 +    * FreshTomato will require you enter the following, provided by your ISP: 
 +      * L2TP username 
 +      * Password 
 +      * L2TP server static IP address 
 +      * Subnet mask 
 +      * Gateway setting \\  \\ 
 + 
 +  * **3G modem - **This setting will enable support for 3G GSM (cellular) USB modems.  
 +    * Ensure USB and 3G/4G/5G modem support are checked in [[nas-usb|USB Support]] for the modem to be detected. \\  \\ 
 + 
 +  * **4G/LTE - **This enables support for fourth generation GSM (cellular) / LTE USB modems.  
 +    * When choosing 4G, PIN code and APN fields appear. These must be filled with correct settings (see below).  
 +    * Check USB and 3G/4G/5G modem support are enabled in the [[nas-usb|USB Support]] menu for the modem to be detected. \\  \\ 
 + 
 +  * **Disabled - **This disables the physical WAN port on your router.  
 +    * This effectively makes your FreshTomato device function only as a switch (if it has that function) and/or; 
 +    * It may effectively make your device function as a WiFi access point (if it has that function). \\  \\ 
 + 
 +**Wireless Client Mode:  **This enables FreshTomato's Wireless Client mode. 
 + 
 +This mode lets the router act as a client to connect to another router/AP, similar to how a WiFi adapter would.  \\ (For details, see Wireless Mode tables below). 
 + 
 +  * Disabled - Wireless Client mode will be disabled. 
 +  * 2.4 GHz - Wireless Client mode will be enabled on the 2.4 GHz interface. 
 +  * 5 GHz - Wireless Client mode will enabled on the 5 GHz interface. 
 + 
 + \\ {{::basic-network-wan_settings-2023.2.jpg?805}} 
 + 
 + \\ 
 + 
 + \\ 
 + 
 +**Load Balance Weight:   **This option is** **visible only when number of WANs > 1. It can be set between 0 and 256.\\ 
 + 
 +{{:pasted:20240219-103900.png}}\\  \\ 
 + 
 +When configuring a router in a MultiWAN configuration, the MultiWAN function performs load sharing of the links. Load sharing is performed on a per-session basis to prevent issues with interactive traffic, such as real-time voice/video, or RDP. The reason for this is that your links might have different speeds and per-packet load-sharing would generate OOO (Out-of-order) packets, which could make interactive traffic pretty much unusable. Setting a Load Balance Weight on each interface adjusts how that interface will participate in MultiWAN activities. Below are some examples.\\  \\ Load Balance Weight: 0  (Failover)\\ If 0 is used, FreshTomato will not actively route traffic if other WAN interfaces are functional. However, the WAN connection with weight "0" will be automatically enabled if there is a failure of all other WAN interfaces with a weight or 1 or more. This is commonly used in "failover" scenarios. When an interface with weight "0" is is automatically enabled, it will be assigned a weight of 1. 
 + 
 +For example: 
 + 
 +Let's assume we have 2 WANs, as follows: 
 + 
 +WAN0="weight 0"
  
-  - Enable jumbo frame support in the [[:advanced-misc|Miscellaneous]] menu. (The router will reboot. This works only on gigabit routers). +WAN1="weight 1"
-  - Set MTU to 1500 for PPPoE. +
-  - Clamping can be disabled manually if needed \\ (Type //nvram set tcp_clamp_disable=1// at a FreshTomato command prompt).+
  
-Then verify (using ifconfig or ipconfig to ping with packet size 1472that you have working PPP MTU of 1500Not all ISPs support RFC 4638Usuallypacket size will be 1492.+At some point, WAN1 fails. As soon as this failure is noticed, WAN0 will activate (assigned with weight 1) and begin routing packets. Later, WAN1 recovers its connectivity. As soon as FreshTomato recognizes this, (within seconds or minutes), WAN0 will be set back to idle status while traffic is rerouted through the revived WAN1. This process of recovering back to the originally active interface is called //preempting//.** **FreshTomato uses Preempting as its default (and fixedbehavior.\\  \\ Load Balance Weight: 1\\ Any value higher than "0" causes an interface to actively route packets. Weights are relative, so weight of "1" doesn't mean muchEach weight is compared to the Load Balance Weights of other Interfaces to direct functionalityOne way of understanding this is to remember: "1=100% and 0=0%". Thus, if WAN0=“weight 0” and WAN1=“weight 1”, that would mean WAN1 is handling 100% of the traffic.​\\  \\ Load Balance Weight: 5\\ An interface set with, for example, weight 5, would essentially handle 5 new sessions before any other interface is to be used.\\  \\ For example, say we have 3 WANs, as follows:\\  \\  WAN0 = weight 0\\  WAN1 = weight 1\\  WAN2 = weight 5\\  \\ In this caseWAN0 will be used only if both WAN1 and WAN2 are both in a failed state, and are unable to route packets. WAN1 will handle the very first new LAN client session going through the router. WAN2 is set to handle the second, third, fourth, fifth and sixth sessions. The seventh new session starts again from WAN1, as it would be treated as a another first new LAN client session. WAN2 will then handle the next five new sessions, meaning the eighth, ninth, tenth eleventh and twelfth sessions.\\   \\ One final point about MultiWAN load sharing: **These settings only affect outbound traffic**. Return traffic will always try to return to the WAN interface from which it originated. As the allocation of new session to a WAN is dynamic, you could control what traffic gets allocated to which Interface (a.k.a. sticky connection) via the [[advanced-pbr|MultiWAN routing]] configuration page.
  
-**Static: **This choice will configure your WAN port with a static IP. You must manually enter the static IP, subnet mask, gateway address and DNS server addresses into FreshTomato. These settings are given to you by your ISP. Static mode is typically used for business accounts, when it's important the IP address doesn't change.+ \\
  
-**PPTP**: This configures the WAN port to use Microsoft'PPTP (VPN) tunnelling protocol to connect. PPTP has encryption to provie some security, so your account credentials can't be stolen easily. PPTP will require you to enter a username and password, and gateway server settings (given by your ISP).+**Modem device: **Here, you specify the 3G modem'Linux device path/filename.
  
-**L2TP: **Choosing this will configure your WAN port to connect using Cisco's Layer Two Tunnelling ProtocolFreshTomato will require you enter the L2TP usernamepassword, L2TP server, (staticIP address, subnet mask and gateway settings, as provided by your ISPBy default, only L2TP control messages are encrypted, not content. L2TP provides tunnel for layer 2 protocolsContent is encrypted by layer 2 protocols, such as Ethernet or PPP.+  If you don't know what to choose, check the [[dongle_compatibility|3G/4G/5G Dongle compatibility]] page to see if your modem is listed. 
 +  To ensure your modem is detected, check [[nas-usb|USB Support]] is enabled in the [[nas-usb|USB Support]] menu. 
 +  * When 3G modem or 4G/LTE is set as the WAN typeother fields appearprompting for more information. 
 +  * The Default device filename is the first serial device on the first USB port: (/dev/ttyUSB0).  
 +  * The “tty” part of the device's filename represents serial device. 
 +  * The “USB0” part of the device's filename means the device is connected to the first USB port. 
 +  * Devices listed as "/ttyUSB" use the newer Serial→USB device driver framework. 
 +    * This device type uses Linux's serial modem driver framework. 
 +  * If the interface lists: “/dev/ttyACM0" instead, “ACM” means device type is: “Abstract Control Model” 
 +    * ACM modems let the modem hardware perform analog functions.
  
-**3G modem: **This setting will enable support for a 3G GSM (cellular) network dongle connected to a USB port. Always ensure USB and 3G/4G modem support are checked in the [[:usb_support|USB Support ]]menu or this mode might not work. The modem might not be detected.+To get device details, you could also log on to FreshTomato via Telnet/SSH and use the lsusb or dmesg commands .
  
-**4G/LTE: **This enables support for fourth generation GSM (cellular) / LTE USB modem dongles. When choosing 4G/LTE, the PIN code and APN fields will appear, and must be completed with correct settings (see descriptions below). Always ensure USB and 3G/4G modem support are checked in the [[:usb_support|USB Support]] menu for this mode to work. If the modem is not detected, check FreshTomato has USB Support enabled in the [[:usb_support|USB Support ]]menu.+ \\
  
-**Disabled: **Disables the physical WAN port on your router. This effectively makes your FreshTomato device function only as a switch (if it has switching functions) and/or a WiFi access point (if it has those capabilities).+**PIN Code: **This is the 3-digit PIN code for the SIM card associated with your cell account.
  
-**Wireless Client Mode: **This enables FreshTomato's Wireless Client mode. Wireless client mode allows the FreshTomato router to act as a client and connect to another router/AP, much like a normal wireless network adapter. (For more details on wireless modes, see Wireless Mode tables below).+  Leave this blank if your SIM card code was deactivated\\  \\
  
-  * **Disabled: **FreshTomato'Wireless Client mode will be disabled. +**Modem init string: **Here, enter the modem'default initialization string.
-  * **2.4 GHz**: FreshTomato will enable Wireless Client mode on the 2.4 GHz interface. +
-  * **5 GHz**: FreshTomato will enable Wireless Client mode on the 5 GHz interface.+
  
- \\   \\  [[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=a7f6d02036b882f562f1d0ea6954a99f.png|{{:a7f6d02036b882f562f1d0ea6954a99f.png}}]]  \\   \\+  * This will come from your cell provider, or the modem manufacturer(Default*99#). \\  \\
  
-**Modem device: **Here you specify the 3G modem's Linux device path/filename. If you're not sure what to choose, check the USB support page to see if your modem dongle is listed there. The Default device filename is the first serial device on the first USB port: (/dev/ttyUSB0). The “TTY” part of the device's filename represents a serial device and the “USB0” part of the device's filename means that device is connected to the first USB port on the FreshTomato machine. The /ttyUSB devices use the newer Serial→USB device driver framework. If your interface lists, for example, “/dev/ttyACM0 instead, the “ACM” means the device is of type “Abstract Control Model”, which uses Linux's serial modem driver framework. To ensure your modem is detected, check FreshTomato has USB Support enabled in the [[:usb_support|USB Support]] menu.+**APN: **The access point name (provided by your cell carrier).
  
-You could also log on to FreshTomato via Telnet and use the lsusb or dmesg commands to get device infoWhen you set 3G modem or 4G/LTE as the WAN type, other fields will appear, prompting you for more information.+  * This specifies a gateway to route data between your carrier and the Internet(Default: internet)\\  \\
  
-**PIN Code: **This is the 3-digit PIN code for the SIM card associated with your cell account. Leave this field blank if your SIM card code has been deactivated.+**Username: **Here, enter the (carrier-provided) username to access your cell carrier's APN gateway.
  
-**Modem init string: **Here, you enter the modem's default initialization string. This will come from your cell provider, or the modem manufacturer. (Default: *99#).+  Some carriers don't require this info\\  \\
  
-**APN: **The access point name (provided by your carrier). This specfies a gateway to route data between your cell carrier and the Internet. (Default: internet).+**Password: **Here, enter the (carrier-provided) password to authenticate to your cell carrier's APN gateway.
  
-**Username: **Here you enter the username to access your cell carrier's APN (provided by your cell carrier) gateway. \\ Some carriers don'require this info.+  * Some carriers do not require this info. \\  \\
  
-**Password: **Here you enter the password to authenticate to your cell carrier's APN (provided by your cell carriergateway. \\ Some carriers do not require this info.+**Network Type: **This menu appears when WAN type is set to 4G/LTE. (Default setting: 4G/3G/2G).
  
-**Network Type: **This menu appears when WAN type is set to 4G/LTE. (Default setting: 4G/3G/2G). The default setting configures FreshTomato to start negotiating with a 4G connection, and, if that fails, fall back to negotiating a 3G connection, and failing that, a 2G connection.+  * The default setting configures FreshTomato to start negotiating with a 4G connection. \\ If that fails, it falls back to negotiating a 3G connection, and failing that, a 2G connection. \\  \\
  
 **DNS Server: ** **DNS Server: **
  
-  * AUTO - FreshTomato uses the DNS server addresses included in your Internet Provider's DHCP lease. +  * AUTO - FreshTomato uses DNS server addresses included in your Internet Provider's DHCP lease. 
-  * Manual - This enables FreshTomato'DNS server function (in dnsmaq). Selecting this causes the "DNS 1" and "DNS 2" fields to appear.  +  * Manual - Enables the DNS server function (dnsmasq). This makes "DNS 1" and "DNS 2" fields appear. 
-    * **DNS 1:**  Enter the first DNS server address here(only when DNS Server is set to Manual). +    * DNS 1 Enter the first DNS server address here (if DNS Server is set to Manual). 
-    * **DNS 2:**  Enter the second DNS server address here(only when DNS Server is set to Manual).+    * DNS 2 Enter the second DNS server address here (if DNS Server is set to Manual).
  
-\\  Manually chosen DNS servers are useful if your ISP's DNS servers are slow or unreliable, or can be used for parental filtering.+ \\ Manually-set DNS servers are useful if your ISP's DNS servers are slow/unreliable. Alsosome can provide content filtering. \\  \\
  
-**MTU:**  Maximum Transmission Unit, the maximum size of Ethernet frames to be transferred between WAN and LAN. \\ This is only for the WAN interface and won't alter client devices on the LAN. However, MTU size differences among devices can cause issues.+**MTU:**  This sets the Maximum Transmission Unit, (maximum Ethernet frame size) for traffic between WAN and LAN.
  
-  * (Default: 1500), is typical for Ethernet devices, and is usually suitable\\ When Default is selected, the number in the Manual field is greyed out \\ and can'be changed. +This is only for the WAN interfaceIt won'affect LAN trafficHowever, different MTU sizes among devices can cause problems.
-  * Manual: Selecting manual lets you to enter a custom number in the field \\ beside it. Jumbo Frame sizes typically begin at a size of 2000 bytes.+
  
-**Use DHCP:**  This function is rarely used, and it is recommended you leave it disabledOn a few Internet providers, addressing is separated from PPPoE functionality. TBD.+  (Default1500) - This is typical for Ethernet devices, and is usually suitable. The Manual field value is greyed out and fixed. 
 +  * Manual - Choosing this lets you to enter a custom number in the field beside it. Jumbo Frame sizes start at 2000 bytes\\  \\
  
-**Single Line MLPPP**This is similar to Multilink PPP (MLPPP). Multilink PPP is a version of the Point-to-Point Protocol which allows you to bond two or more physical connections to increase the bandwidth available. Single Line MLPPP is a version which lets you use one modem, but bond the bandwidth of multiple PPPoE sessions. A side effect of using this is that it bypassed some Internet Providers' bandwidth throttling. This is rarely used nowadays.+**Use DHCP:**  This function is rarely used, and you are advised to leave it disabled.
  
-**Route Modem IP:**  When using separate modem and routeryou typically use the modem in bridge mode, or PPPoE passthrough modeThat means you can't easily access the modem's LAN interface when it's behind the router. This is because FreshTomato's WAN interface will get a public IP address, whereas the modem will be reachable via a private LAN address, for local administration only. Since private addresses are not routable on the Internet, FreshTomato would block the LAN > WAN > MODEM PRIVATE IP traffic, by default. The Route Modem IP function adds a simple static route in FreshTomato's routing table to make the modem a private IP on a /32 subnet, reachable via the WAN interface. That subnet mask allows only one host, so only the modem will be reachable. You can then communicate with the modem without having to resort to other, more difficult measures. (Default: Off)+  On few Internet providersaddressing is separated from PPPoE functionality\\  \\
  
-**Query Hilink Modem IP:**  This function is specifically for Hilink brand modems. (Default: Disabled).+**Single Line MLPPP**This is outdated, and rarely used nowadays.
  
-**Call Custom Status Script: **TBD.+Multilink PPP is a version of the PPP protocol that lets you bond two or more physical connections to increase apparent bandwidth\\ Single Line MLPPP is similar, but lets you use one modem to bond the bandwidth of multiple PPPoE sessions. \\ A side effect of using this is that it bypassed some Internet Providers' bandwidth throttling. \\ \\  \\
  
-**Connect Mode: **This chooses which method is used to keep the FreshTomato router connected to the Internet provider. Selecting //Connect on Demand//  will make FreshTomato disconnect from the Internet provider after the time period specified in the //Max Idle Time//  field. FreshTomato will reconnect to the Internet soon as one of its LAN clients requests Internet access.+**Route Modem IP: **This function lets you access a modem "behind a router" with simple configuration change(Default: Off)
  
-Some Internet Providers drop connection if their router sees no Internet activity. If you select //Keepalive, //FreshTomato will send small [[https://en.wikipedia.org/wiki/Keepalive#TCP_keepalive|keepalive]] packets at specifiedbrief intervals. This will make the connection appear to the Internet Provider as if there is intermittent activityeven when no FreshTomato clients request Internet access//Redial Interval: //Hereenter the time in seconds for how often the router should check the Internet connection(Default: 10 seconds). This option minimizes your Internet connection response time, since generally, the connection will always be up.+  * When using separate modem and router, usually you set the modem in bridge mode/PPPoE passthrough mode. 
 +  * That means you can't easily access the modem's LAN interface while it's "behind" the router. 
 +  * The router's WAN interface has a public addressbut the modem is reachable only via a private LAN address. 
 +  * Private addresses aren't routable, so by default, FreshTomato blocks LAN > WAN > MODEM PRIVATE IP traffic. 
 +  * Route Modem IP adds a simple static route to the routing tablegiving the modem a private IP on a /32 subnet. 
 +  * This makes the private address reachable via the WAN interface. 
 +  * The mask allows only one hostso only the modem is reachable on that subnet.\\  \\
  
-(Default: Keepalive).+**Query Hilink Modem IP:**  This function is only for Huawei USB modems supporting Hilink mode. (Default: Disabled).
  
-**Redial Interval: **  When PPPoE dialling fails, the Redial Interval is used to delay each attempt for the defined number of seconds. (Default: 10 seconds). This allows more time for the PPPoE server or network infrastructure to start functioning properly again before attempting another PPPoE connection.+Some Huawei modems have a "HiLink" operation mode. Enabling this lets you communicate with a modem in HiLink mode connected to a device on the network other than the FreshTomato device. This is useful when monitoring LTE statistics, or signal strength.
  
-**LCP Echo Interval: **The Link Control Protocol sends and receives frames between two peers to determine if they are still connected. The LCP Echo Interval is the period of time between these signals. This is typically used to verify a DSL modem still has a valid PPPoE connection to the Internet provider. (Default: 10 seconds).+ \\ 
 + 
 +**Call Custom Status Script: ** TBD. 
 + 
 + \\ 
 + 
 +**Connect Mode: **This chooses the method used to keep the router connected to the Internet provider. (Default: Keepalive). 
 + 
 +  * Connect on Demand - will make FreshTomato disconnect from the ISP after the period in the //Max Idle Time// field. \\ FreshTomato will reconnect to the Internet a soon as any LAN client requests Internet access. 
 +  * Some ISPs drop a connection if their router detects no Internet activity.  
 +    * Keepalive - Selecting this makes FreshTomato send small [[https://en.wikipedia.org/wiki/Keepalive#TCP_keepalive|keepalive]] packets at brief, specified intervals. \\ This makes it look to the ISP like there's intermittent activity, even when no clients request Internet access. 
 +  * Redial Interval - Here, enter how often the router will check the Internet connection. (Default: 10 seconds). \\ This minimizes your Internet connection response time, since usually, the connection will always be up. 
 + 
 + \\ 
 + 
 +**Redial Interval: **  When PPPoE dialling fails, the Redial Interval is used to delay attempts for the defined number of seconds. \\ This allows more time for the PPPoE server or network gear to restart proper functioning before trying a PPPoE connection again. \\ (Default: 10 seconds). \\  \\ 
 + 
 +**LCP Echo Interval: **The Link Control Protocol sends and receives frames between two peers to verify they're still connected. 
 + 
 +  * LCP Echo Interval is the period between these signals. Usually, this is used to verify that a DSL modem'PPPoE \\  is still connected to the ISP 
 +  * (Default: 10 seconds). 
 + 
 + \\ 
 + 
 +**LCP Echo Link fail limit: **This is the number of times LCP echo requests can fail between LCP peers before the status is considered dead. 
 + 
 +  * The client DSL modem will then drop the PPPoE link. LCP will try to renegotiate a new PPPoE session. 
 + 
 + \\ 
 + 
 +**Disable Watchdog:  **Checking this disables the Watchdog function, (described in //Watchdog Mode// below). It disables Watchdog only for the WAN connection currently seen on that menu. (Default: Enabled, using Tracert). 
 + 
 + \\ 
 + 
 +**Watchdog Mode:  **This regularly checks that a given WAN connection is up. It is supported for DHCP, PPPoE, PPTP, L2TP, and 3G/4G/5G LTE connection types. Here, you choose which method is used to test the connection. 
 + 
 +  * Traceroute * 
 +  * Ping
  
-**LCP Echo Link fail limit: **This is the number of times LCP echo request checks can fail between two LCP peers before the status is deemed to be dead. The client DSL modem will then drop the PPPoE link. When the link is terminated, LCP will try to renegotiate a new PPPoE session. 
  
 ===== LAN ===== ===== LAN =====
  
-The LAN section includes information and settings to configure FreshTomato's LAN interface functions. This includes FreshTomato's:+The LAN section includes information and settings to configure FreshTomato's LAN interface functions. 
 + 
 +This includes FreshTomato's:
  
-  * LAN IP address and (sub)netmask+  * LAN IP address and subnet mask
   * Spanning Tree Protocol function   * Spanning Tree Protocol function
   * DHCP server status and settings (through dnsmasq), such as scope and lease time   * DHCP server status and settings (through dnsmasq), such as scope and lease time
   * Stubby (DNS-over-TLS) setting and WINS settings   * Stubby (DNS-over-TLS) setting and WINS settings
  
-\\   \\  [[https://wiki.freshtomato.org/lib/exe/fetch.php?tok=301c77&media=https://wiki.freshtomato.org/lib/plugins/ckgedit/fckeditor/userfiles/image/basic-new.png|{{https://wiki.freshtomato.org/lib/plugins/ckgedit/fckeditor/userfiles/image/basic-new.png?966x219|LAN settings}}]]  \\   \\ **Bridge: **Selects the bridge whose LAN settings will be modified+\\  {{:pasted:20230223-144115.png}}\\  \\
  
-**STP**: Checking or unchecking this enables or disables Spanning Tree Protocol. This is used primarily to prevent forwarding loops in switches. The recommended setting is off, unless you're very experienced with networks. (Default: Off).+**Bridge:  **This lets you Selects the bridge whose LAN settings will be modified \\ \\ 
  
-**IP Address: **Here you enter the IP Address you want to assign to the specified LAN interface. (Default: 192.168.1.1)+**STP**:  This enables Spanning Tree Protocol to prevent forwarding loops in switchesThe default (off) setting is recommended, unless you are highly experienced\\ \\ 
  
-**Netmask**: The (sub)netmask associated with FreshTomato's LAN IP address. (Default: 255.255.255.0 - a class C netmask).+**IP Address:  **Here, enter the IP Address to assign to the specified LAN interface. (Default: 192.168.1.1). FreshTomato supports Class A, B, and C networks. \\ \\ 
  
-**DHCP**: Checking this box enables the DHCP server functions in dnsmasq. Unchecking this disables FreshTomato'DHCP server functions. (Default: Off)+**Netmask**:  The subnet mask associated with FreshTomato'LAN IP address. (Default: 255.255.255.0 - class "C" netmask). \\ \\ 
  
-**IP Range //(first/last)//**  Here you enter the first address and last address of the DHCP Scope. This is the range of IP addresses FreshTomato'DHCP server will assign to LAN clients.+**DHCP**:  Checking this enables DHCP server functions in dnsmasq. (Default: Off) \\ \\  
 + 
 +**IP Range //(first/last)//**:  In the top field, enter the first allowable address in the subnet. In the bottom field, enter the last address. This will form the range of IP addresses the DHCP server will assign to LAN clients. \\ \\  
 + 
 +**Lease Time (//mins.//)**: This is the DHCP lease time, in minutes. (Default: 1440). \\ \\  
 + 
 +**Automatic IP**:  Since release 2022.6, you can select this option if the router is in AP Mode, Wireless Ethernet Bridge Mode or Media Bridge Mode. This lets FreshTomato obtain a LAN IP via DHCP. \\ \\  
 + 
 +After saving settings, the router's new, default address is 192.168.1.1 while it awaits DHCP details. That address will change once it obtains DHCP data. \\ \\  
 + 
 + \\ 
 + 
 +{{:pasted:20220907-091646.png}} 
 + 
 + \\
  
-**Lease Time (//mins.//)**: This is the DHCP lease time, in minutes. (Default: 1440 = one day). 
  
 ===== Ethernet Ports State - Configuration ===== ===== Ethernet Ports State - Configuration =====
  
-[[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=a6a415f4dc7913bbf0c6b45958973582.png|{{:a6a415f4dc7913bbf0c6b45958973582.png}}]]  \\   \\ This section has settings for the **Ethernet Ports State**  graphic on the Status/Overview page. That graphic intuitively shows the status, link speed, and other diagnostic information for each Ethernet port on the router. \\ **Enable Ports State:**  Checking this enables the Ethernet Ports State graphic on the Status/Overview page. (Default: On).+[[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=a6a415f4dc7913bbf0c6b45958973582.png|{{:a6a415f4dc7913bbf0c6b45958973582.png}}]]  \\
  
-**Show Speed Info:**  Checking this displays the link speed of each Ethernet port, (such as 1GB/100MB/10MB). (Default: On).+ \\   \\ These are settings for the **Ethernet Ports State** graphic in the [[status-overview|Overview]] menu. The graphic shows status, link speed, and diagnostic information for all ports. 
 + 
 +**Enable Ports State:**  Checking this enables the Ethernet Ports State graphic. (Default: On). \\ \\  
 + 
 +**Show Speed Info:**  Checking this displays the link speed of each port, (1GB/100MB/10MB). (Default: On). \\ \\  
 + 
 +**Invert ports order:**  Enabling this displays port icons in Ethernet Ports State in the opposite order from where they are on the hardware. This is useful when the sequence of display icons doesn't match the actual locations on the router. (Default: Off).
  
-**Invert ports order:**  Checking this option displays the port icons in the Ethernet Ports State graphic in the opposite order to the default where they are located on the switch. This is useful in situations where the sequence of icons on the Ethernet Ports State do not match the actual port locations on the router's switch. (Default: Off). 
  
 ===== Wireless Band Steering ===== ===== Wireless Band Steering =====
Line 164: Line 287:
 [[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=736e934886107c2e5ab80563e9e98bb5.png|{{:736e934886107c2e5ab80563e9e98bb5.png}}]]  \\   \\ [[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=736e934886107c2e5ab80563e9e98bb5.png|{{:736e934886107c2e5ab80563e9e98bb5.png}}]]  \\   \\
  
-Options:+With Wireless Band Steering enabled, FreshTomato can assess on which band the client device should try to connect. It then "nudge" the client towards that band.
  
-  * Disable+  * Disable *
   * Enable   * Enable
  
-If you enable Wireless Band Steering, FreshTomato can decide, for each dual-band client device, on which band the client device should try to connect. To achieve this, enter the same SSID name, security settings, password, and other settings (see picture below) for all wireless interfaces (up to 3 on a Tri-Band-Router).+To achieve this, for all WiFi interfaces, enter the same:
  
-Note: client devices can also try to switch bands on their own, without Wireless Band Steering's influence. (Default: Disabled).+  * SSID name 
 +  * Security settings 
 +  * Password  
 +  * Other settings (see picture below)
  
-This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:  \\+Remember that client devices can also try to switch bands on their own, without the influence of Wireless Band Steering.
  
-<code -> +Wireless Band Steering is available starting with release 2020.8 (and only for ARM hardware). See the Notes section below for more details on how it works.
-Steer Policy: +
-max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3 +
-Rule Logic: OR +
-RSSI: Greater than +
-VHT: Allowed +
-NON VHT: Allowed +
-NEXT RF: NO +
-PHYRATE (HIGH): Greater than or Equal to +
-LOAD BALANCE: NO +
-STA NUM BALANCE: NO +
-PHYRATE (LOW): Less than +
-N ONLY: NO +
-</code>+
  
-\\   \\   \\  This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:  \\+ \\
  
-<code -> 
-Steer Policy: 
-max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2 
-Rule Logic: OR 
-RSSI: Less than or Equal to 
-VHT: Allowed 
-NON VHT: Allowed 
-NEXT RF: NO 
-PHYRATE (HIGH): Greater than or Equal to 
-LOAD BALANCE: NO 
-STA NUM BALANCE: NO 
-PHYRATE (LOW): Less than 
-N ONLY: NO 
-</code> 
  
-\\   \\  For more details, see: \\ [[https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0|https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0]]+==== Wireless (2.4 GHz interface eth1) ====
  
-Wireless Band Steering is available starting with release 2020..+The Wireless (2.4 GHz) section displays information and settings for the 2.4 GHz wireless network interface.
  
-===== Wireless (2.4 GHz / interface eth1) =====+Your device may show a different device name than eth1. FreshTomato hardware device numbers begin at "0". The first Ethernet device might be called "eth0". The second wireless device might be called "wl1".
  
-The Wireless (2.4 GHz) section displays information and settings for the wireless network interface on the 2.4 GHz WiFi band.+**Enable Wireless:** When checked, this turns on the 2.4 GHz WiFi interface. When unchecked, the 2.4 GHz WiFi interface is off\\ \\
  
-Your device may show a different device name than eth1. NoteFreshTomato hardware device numbers begin at 0. For example, the first Ethernet device might be called eth0The second wireless device might be called wl1.+**MAC Address:** This displays the MAC address of the 2.4 GHz WiFi interface. Clicking on it takes you to the [[:mac_address|MAC Address]] page, where you can specify a custom MAC address for this interface\\ \\
  
-**Enable Wireless:** When checked, this turns on the 2.4 GHz WiFi network interface. When unchecked, the 2.4 GHz WiFi interface is off.+**Wireless Mode:** This allows you to select the wireless mode (function) of the 2.4 GHz WiFi network interface.  \\   \\
  
-**MAC Address:** This displays the MAC address of the 2.4 GHz WiFi radio interface. Clicking on it takes you to the [[:mac_address|MAC Address]] page, where you can specify your own MAC address for this interface.+ \\
  
-**Wireless Mode:** This allows you to select the wireless mode (function) of the 2.4 GHz WiFi network interface.  \\   \\ +^   ^  **Table: 2.4 GHZ Interface Wireless Modes**  ^ 
- + **Wireless Mode**   **Description**  |
-^  Wireless Mode   Description  ^+
 |  \\ Access Point  | \\ The (default) setting, which allows clients to connect to FreshTomato's wireless network(s). \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ | |  \\ Access Point  | \\ The (default) setting, which allows clients to connect to FreshTomato's wireless network(s). \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
 |  \\ Access Point WDS  | \\ Sets the router in "repeater mode", allowing clients to connect via wireless while simultaneously acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ | |  \\ Access Point WDS  | \\ Sets the router in "repeater mode", allowing clients to connect via wireless while simultaneously acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
-|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for:\\    MIPS devices (SDK5: RT and RT-N images)\\    ARM devices (SDK6 & SDK7) starting with release 2021.5 \\ -  This mode is not working yet on SDK6 MIPS RT-AC images.\\ -  Only one wireless radio can be used in this mode. Other radio modules, (if present), can be used in Access Point mode. \\ -  Disable wireless band steering when using this mode (at least for the default setup. Advanced users could adjust nvram values for band steering).\\ -  The recommended security setup for wireless connections is WPA2 Personal with AES. \\ -  If no connection is possible using the above, please try WPA / WPA2 Personal + AES. \\ -  This is the recommended security setup for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ | +|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for:\\    MIPS devices (SDK5: RT and RT-N images)\\    ARM devices (SDK6 & SDK7) starting with release 2021.5\\ -  This mode does not workyet on SDK6 MIPS RT-AC builds.\\ -  Only one wireless radio can be used in this mode. Other radio modules, (if present), can be used in Access Point mode. \\ -  Disable band steering if using this mode (at least for the initial setup. Advanced users may adjust nvram values for band steering).\\ -  The recommended security setup for WiFi connections is WPA2 Personal with AES. \\ -  If no connection is possible using the above, try WPA / WPA2 Personal + AES.\\ -  This is the recommended security setup for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ | 
-|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. All clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules (if presentcan be used, for example, in Access Point mode. \\ \\ | +|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. All clients connected to both routers remain in the same subnet. \\ \\ -  Since Wireless Ethernet Bridge 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules present can be used, for example, in Access Point mode.\\ \\ | 
-|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This new operation mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (only for MIPS RT-AC images and all ARM images). \\ -  Recommendations: Use Wireless Ethernet Bridge mode for MIPS RT and RT-N images (like the RT-N16, E4200v1)\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds\\ -  Both IPv4 and IPv6 communication are functioning.  You do not need to enable IPv6 via the web interface. IPv6 traffic will work. \\ -  Support for this mode is available starting with release 2021.6. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Media Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules (if present) can be used, for example, in Access Point mode. \\ \\ |+|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\ All clients connected to both routers remain in the same subnet. \\ -  Support for this mode is available starting with release 2021.6 .\\ -  This mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (only for MIPS RT-AC images and all ARM images). \\ -  Recommendations: Use Wireless Ethernet Bridge mode for MIPS RT and RT-N builds (like the RT-N16, E4200v1).\\ -  This Mode is not supported in SDK5 (RT / RT-N) builds.\\ -  Both IPv4 and IPv6 communication function well.  You don'need to enable IPv6 via the web interface. IPv6 traffic will work. \\ -  Do not enable wireless band steering (BSD) if this mode is enabled.\\ -  Use Media Bridge interface only to connect to your main AP (not to virtual interfaces). Other present radio modules can be used, for example, in Access Point mode.\\ \\ |
 |  \\ WDS  | \\ Serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ | |  \\ WDS  | \\ Serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ |
 | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  || | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||
  
-\\  **Wireless Network Mode: **This lets you choose which 802.11 WiFi protocol(s) to make available to clients+\\ **Wireless Network Mode: **This lets you choose which 802.11 WiFi protocol(s) to make available to clients.
- +
-  * Auto: FreshTomato and WiFi client devices negotiate the best wireless\\ protocol automatically. Generally, Auto is recommended, unless you are\\ very knowledgeable about networking. Compatibility issues can create\\ all kinds of problems, and often, the most "logical" setting is not the best one. +
-  * B Only: This allows W-Fi clients to connect using only the 802.11b protocol. +
-  * G Only: This allows WiFi clients to connect using only the 802.11n protocol. +
-  * B/G Mixed: This allows clients to connect using either 802.11b/g protocols. +
-  * N only: This allows clients to connect using only the 802.11n protocol only.+
  
-These apply only to the 2.4 GHz band interface. Separate Wireless Network Mode settings exist for any 5 GHz band interface.+The network modes available in this dropdown will depend on your hardware.
  
-(Default: Auto)+  * Auto*  FreshTomato and WiFi client devices negotiate the best protocol automatically. 
 +    * Auto is recommended, unless you're very knowledgeable about networking. 
 +    * Compatibility issues can create many problems. The best settings are not always obvious. 
 +  * B Only:  This allows WiFi clients to connect using only the 802.11b protocol. 
 +  * G Only:  This allows WiFi clients to connect using only the 802.11n protocol. 
 +  * B/G Mixed:  This allows clients to connect using either 802.11b or 802.11g protocols. 
 +  * N only:  This allows clients to connect using only the 802.11n protocol.
  
-**SSID:**  This is the network name for the 2.4 GHz WiFi interface (Service Set IDentifier)For security purposes, it's recommended you don't include any personal words or phrases which might indicate your identity, address, location, or equipment type in your SSID. For example, “HELENLIUNG” would not be a good choice, unless you want everyone on the street to know who owns that network. Common words found in the dictionary also make for poor security. \\  (Default: FreshTomatoXX, where “XX” is the two numbers in the frequency band.) On the 2.4 GHz network, for example, the default SSID is “FreshTomato24”.+These apply only to the 2.4 GHz band interface. There are separate Wireless Network Mode settings for any GHz interface.
  
-**Broadcast: **Checking this enables SSID broadcasting. This “announces” the SSID (network name) on the air, so it's easy to find and connect to. Some people argue that disabling SSID Broadcast provides more security. However, SSIDs names can be easily sniffed using common software. Therefore, disabling SSID Broadcast provides little increase in security.+\\
  
-**Channel: **Selects the channel on which the 2.4 GHz radio interface will operateGenerallyit's a good idea to choose different channel than the one your neighbours are using. (Default: Auto).+**SSID:**  This is the network name (Service Set IDentifier) for the 2.4 GHz WiFi interface. For security reasonsyou're advised not to include personal words which may indicate your identity, address, location, or equipment type. For example, “HELENLIUNG” would be poor choice, unless you want everyone nearby to know who owns the networkSingle dictionary words also make for very poor security. \\ (Default: FreshTomatoXX, where “XX” is the two numbers in the band. For example, on the 2.4 GHz network, the default SSID is “FreshTomato24”\\ \\
  
-  Auto: This default setting is generally safe unless there is significant interference \\ from nearby networks or other equipment.+**Broadcast**Checking this enables SSID broadcasting. This “announces” the SSID on the air, so it's easy to find and connect to. Some argue that disabling SSID Broadcast provides more security. However, SSID names are easily sniffed using common software. Thus, disabling this provides little increase in security. \\ \\
  
-FreshTomato chooses and uses the channel it believes has the least interference.+**Channel: **Selects the channel on which the 2.4 GHz radio interface will operate. Generally, it's best to choose a different channel than your neighbours are using. (Default: Auto).
  
-  * Channel: This menu lets you manually choose available WiFi channels \\ on the band. Unavailable channels will not appear here.+  * Auto: This default is generally safe unless there's significant interference from other networks or equipment. FreshTomato chooses and uses the channel it believes has the least interference. 
 +  * Channel: This menu lets you manually choose available channels on the band. Unavailable channels won'appear here. \\ \\
  
-**Channel Width:**  This menu allows you to choose the width of the channel (in terms of frequency).+**Channel Width:**  This menu lets you choose the width of the channel (in terms of frequency).
  
   * 20 MHz   * 20 MHz
   * 40 MHz   * 40 MHz
  
-802.11n can use 40 MHz channel width, but to maintain compatibility with legacy systems, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel.+802.11n can use 40 MHz channel width, but to maintain compatibility with legacy systems, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel. \\ \\
  
-**Control Sideband:**  This option is only available If the 20 or 40 Channel Width is selected. This menu allows you to choose whether the extra channel used is above (Upper) or below (Lower) the main channel being used. (Default: Upper).+**Control Sideband:**  This option is only available If the 20 or 40 Channel Width is selected. This lets you choose whether the extra sideband channel used is above (Upper) or below (Lower) the main channel used. (Default: Upper).
  
   * Upper   * Upper
-  * Lower+  * Lower \\ \\
  
 **Security**: This menu lets you select the security protocol that will be used on the 2.4 GHz WiFi interface. **Security**: This menu lets you select the security protocol that will be used on the 2.4 GHz WiFi interface.
  
-  * Disabled: disables security entirely, leaving the network open to anyone. \\ Avoid using this, as it is an almost unlimited security risk. +  * Disabled:  This disables security entirely, leaving the network open to anyone. Avoid using this.  
-  * WEP: enables Wired Equivalent Privacy protocol. Avoid using this. It's obsolete \\ due to serious vulnerabilities, including weak encryption. +    * This is a basically an unlimited security risk. 
-  * WPA Personal: enables WiFi Protected Access Protocol (1.x). WPA uses the \\ RC4-based TKIP protocol, letting hosts exchange pre-shared keys more secure\\ While more secure than WEP, WPA still has weaknesses, like lower encryption \\ standards. WPA is strongly discouraged in favour of WPA2 or higher+ 
-  * WPA Enterprise: Also known as WPA-802.1X, this is similar to WPA Personal, \\ but each user has their own username/password, instead of the same pre-shared key. \\ WPA2 Enterprise does not requires a RADIUS server. Howeveroften one is used \\ anyway for compatibility and security purposes. WPA Enterprise is more secure against \\ dictionary attacks on short passwords. Suitable for larger, more formal networks. +  * WEP: This enables Wired Equivalent Privacy protocol. Avoid using this. It's obsolete due to serious vulnerabilities, \\ such as weak encryption. 
-  * WPA2 Personal: WiFi Protected Access version 2 uses elements of the\\ 802.11i standard, like mandatory support for AES encryption. This makes it\\ much more secure than older protocols. WPA2 Personal is recommended for small-\\ to mid-sized, informal networks. + 
-  * WPA2 Enterprise: This enables the Enterprise version of WPA2. This uses WPA2, but\\ each user has their own WiFi username/passkey, instead of the same pre-shared key.\\ WPA2 Enterprise is based on parts of 802.11i. This does NOT require a RADIUS server, \\ but one is often used for legacy purposes \\ to maintain compatibility and security. Appropriate for larger, more structured networks.+  * WPA Personal: This enables WiFi Protected Access Protocol 1.x. WPA uses the RC4-based TKIP protocol
 +    * This lets hosts exchange pre-shared keys, for more security 
 +    * While more secure than WEP, WPA still has weaknesses, like lower encryption standards.  
 +    * WPA2 is strongly encouraged instead of WPA. 
 + 
 +  * WPA Enterprise: also known as WPA-802.1X. It'similar to WPA Personal, but each user has their own username/password
 +    * No common pre-shared key is used. 
 +    * WPA Enterprise doesn't require a RADIUS server. Often, one is used anyway for compatibility/security reasons 
 +    * WPA Enterprise is more secure against dictionary attacks on short passwords.  
 +    * This is suitable for larger, more formal networks. 
 + 
 +  * WPA2 Personal: WiFi Protected Access version 2 uses elements of the 802.11i standard
 +    * This supports mandatory use of AES encryption, so it is much more secure than older protocols.  
 +    * WPA2 Personal is recommended for small- to mid-sized, informal networks. 
 + 
 +  * WPA2 Enterprise: This enables the Enterprise version of WPA2.  
 +    * This uses WPA2, but each user has their own WiFi username/passkey, not a common pre-shared key.  
 +    * WPA2 Enterprise is based on parts of 802.11i.  
 +    * This does NOT require a RADIUS server, but one is often used for legacy purposes for compatibility/security.  
 +    * This is appropriate for larger, more structured networks. 
   * WPA / WPA2 Personal:   * WPA / WPA2 Personal:
 +
   * WPA / WPA2 Enterprise:   * WPA / WPA2 Enterprise:
-  * RADIUS: Enables FreshTomato's Remote Access Dialup User Service. \\ Designed for larger organizations, RADIUS uses a separate server to authenticate, \\ permit and keep track of users. RADIUS also supports authentication via certificates, \\ which makes user management easier. This is usually used by advanced users. 
  
-**Shared Key:**  Here, enter the shared key which authenticates the WiFi client on the networkThe field shows only asterisks until you click your cursor in itThen, the characters become visible.+  * RADIUS: Enables Remote Access Dialup User Service. 
 +    * This is designed for larger organizations.  
 +    * This uses a separate server to authenticate, permit and keep track of users.  
 +    * This supports authentication via certificates, which eases user management. 
 +    * This is usually only for advanced users. \\ \\ 
 + 
 +**Shared Key:**  Here, enter the shared key to authenticate WiFi clients on the LANAsterisks are shown until you insert your cursor. \\ \\ 
 + 
 +**Group Key Renewal:**  This sets how often encryption keys used between clients and the router are rotated/changed. \\ This is a part of the WPA protocol. (Default: 3600 seconds = 1 hour). 
 + 
 +Starting with release 2023.5you can adjust the key rotation interval within the following limits:\\ From 1 sec to 2592000 sec   [for all ARM routers and MIPS RT-N / MIPS-RT-AC] \\ 0 = disabled   (not recommended) 
 + 
 +In releases up to 2023.4, you can set this within the following limits: 60 sec to 7200 sec [all routers]
  
-**Group Key Renewal:**  This sets the interval for how often the encryption keys used between client devices and the router/access point are rotated/changed. This is a part of the WPA protocol. (Default: 3600 seconds = 1 hour). 
  
 ===== Wireless (5 GHz / interface eth2) ===== ===== Wireless (5 GHz / interface eth2) =====
Line 292: Line 422:
 Typically, the 5 GHz WiFi band has higher bandwidth, but shorter distance propagation than the 2.4 GHz band. Typically, the 5 GHz WiFi band has higher bandwidth, but shorter distance propagation than the 2.4 GHz band.
  
-**Enable Wireless:**  Checking this turns on the 5 GHz WiFi interface. When unchecked, the 5 GHz WiFi interface is turned off.+**Enable Wireless:**  Checking this turns on the 5 GHz WiFi interface. When unchecked, the 5 GHz WiFi interface is turned off. \\ \\
  
-**MAC Address:**  This displays the MAC (hardware) address of the 5 GHz WiFi interface. \\ Clicking on the MAC address takes you to the [[:mac_address|MAC Address]] page, where you can choose your own MAC address for this interface.+**MAC Address:**  This displays the MAC (hardware) address of the 5 GHz WiFi interface. \\ Clicking on the MAC address takes you to the [[:mac_address|MAC Address]] page, where you can choose your own MAC address for this interface. \\ \\
  
-**Wireless Mode:**  This lets you choose the wireless mode (function) of the 5 GHz WiFi interface.  \\   \\+**Wireless Mode:**  This lets you choose the wireless mode (function) of the 5 GHz WiFi interface. \\   \\   \\
  
-^  Wireless Mode  ^  Description  ^+^   ^  **Table: 5 GHz interface Wireless Mode**  ^ 
 + **Wireless Mode**  |  **Description**  |
 |  \\ Access Point  | \\ The (default) setting, which allows clients to connect to FreshTomato's wireless network(s). \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ | |  \\ Access Point  | \\ The (default) setting, which allows clients to connect to FreshTomato's wireless network(s). \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
-|  \\ Access Point WDS  | \\ Sets the router in "repeater mode", allowing clients to connect via wireless while simultaneously acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ | +|  \\ Access Point WDS  | \\ Sets the router in "repeater mode", allowing clients to connect via WiFi while acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ | 
-|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for:\\ MIPS devices (SDK5: RT and RT-N images)\\ ARM devices (SDK6 & SDK7) starting with release 2021.5 \\ -  This mode is not working yet on SDK6 MIPS RT-AC images.\\ -  Only one wireless radio can be used in this mode. Other radio modules, (if present), can be used in Access Point mode. \\ -  Disable wireless band steering when using this mode (at least for the default setupAdvanced user can or could adjust nvram values for band steering).\\ -  The recommended security setup for wireless connections is WPA2 Personal with AES. \\ -  If no connection is possible using the above, please try WPA / WPA2 Personal + AES. \\ -  This is the recommended security setup for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ | +|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for: MIPS devices (SDK5: RT and RT-N images) and\\    ARM devices (SDK6 & SDK7) starting with release 2021.5 \\ -  This mode does not yet work on SDK6 MIPS RT-AC images.\\ -  Only one wireless radio can be used in this mode. Other radio modules present can be used in AP mode.\\ -  Disable wireless band steering when in this mode during default setupAdvanced users can adjust band steering nvram values.\\ -  WPA2 Personal with AES is the recommended security setup for WiFi connections.\\ -  If connection isn'possible using the above, try WPA / WPA2 Personal + AES. This is the recommended security configuration for MIPS SDK5 (RT and RT-N) wireless client mode. \\ \\ | 
-|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. All clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules (if present) can be used, for example, in Access Point mode. \\ \\ | +|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. All clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge only to connect to your main AP (no virtual interfaces). Other radio modules can be used, for example, in AP mode. \\ \\ | 
-|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This new operation mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (only for MIPS RT-AC images and all ARM images). \\ -  Recommendations: Use Wireless Ethernet Bridge mode for MIPS RT and RT-N images (like the RT-N16, E4200v1)\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds\\ -  Both IPv4 and IPv6 communication are functioning You do not need to enable IPv6 via the web interface. IPv6 traffic will work. \\ -  Support for this mode is available starting with release 2021.6. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Media Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules (if present) can be used, for example, in Access Point mode. \\ \\ | +|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This new mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (for MIPS RT-AC and all ARM images).\\ -  Using Wireless Ethernet Bridge mode is recommended for MIPS RT and RT-N images (like the RT-N16, E4200v1).\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds\\ -  Both IPv4 and IPv6 communication functionIPv6 traffic works without needing to enable IPv6 in the web interface. . \\ -  Support for this mode started with release 2021.6.\\ -  Do not enable wireless band steering with this mode enabled. \\ -  You should use use Media Bridge interface to connect to your main AP only (no virtual interfaces). Other radio modules can be used, for example, in AP mode. \\ \\ | 
-|  \\ WDS  | \\ Serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ |+|  \\ WDS  | \\ FreshTomato will serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ |
 | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  || | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||
  
  \\  **Wireless Network Mode: **This lets you choose which 802.11 WiFi protocol(s) to make available to clients.  \\  **Wireless Network Mode: **This lets you choose which 802.11 WiFi protocol(s) to make available to clients.
  
-  * AutoOn this setting, FreshTomato and WiFi client devices negotiate the best wireless protocol automatically. Auto is recommended unless you are very knowledgeable about networking/WiFi. Compatibility issues can create all kinds of problems, and often, the most “logical” setting is not the best one+  * Auto On this setting, FreshTomato and WiFi clients negotiate the best wireless protocol automatically.  
-  * A Onlyallows WiFi clients to connect using only the 802.11a protocol. +    * Auto is recommended unless you are highly experienced with networking/WiFi. 
-  * N Onlyallows WiFi clients to connect using only the 802.11n protocol.+    * Compatibility issues can create problems. Often, the most “logical” setting is not the best. 
 +  * A Only allows WiFi clients to connect using only the 802.11a protocol. 
 +  * N Only -  allows clients to connect using only the 802.11n protocol. 
 +  * N/AC mixed - allows clients to connect using only 802.11AC or 802.11N. 
 +  * AC Only - allows clients to connect using only the 802.11ac protocol.
  
-Note that releases before 2021.8 do NOT have a separate setting for 802.11ac. That only arrived with 2021.8 .+Note that releases before 2021.8 do NOT have a separate setting for 802.11ac. That only arrived with 2021.8.
  
-Separate Wireless Network Mode settings will exist for any 2.4 GHz band interface. See the 2.4 GHz section. \\  (Default: Auto)+Separate Wireless Network Mode settings will exist for any 2.4 GHz band interface. See the 2.4 GHz section. \\  (Default: Auto) \\ \\
  
-**SSID:**  This the 5 GHz WiFi interface's network name, (Service Set IDentifier). For security purposes, it's recommended you don'include any personal words or phrases which might indicate your identity, address, location, or equipment type here. For example, “HELENLIUNG” would not be a good choice, unless you want everyone on the street to know who owns that network. Common words found in the dictionary also make for poor security. \\ (Default: FreshTomatoXX, where “XX” is the two numbers in the frequency band.) On a 5 GHz network, for example, the default SSID is “FreshTomato50”.+**SSID:**  This the 5 GHz WiFi interface's network name. For security you should not include any personal words/phrases here which might indicate your identity, address, location, or equipment type. For example, “HELENLIUNG” would be a poor choice, unless you want everyone nearby to know who owns that network. Single dictionary words also make for poor security.  \\ \\ (Default: FreshTomatoXX, where “XX” is the digits in the band.) For example, on a 5 GHz network, the default SSID is “FreshTomato50”. \\ \\
  
-**Broadcast: **Checking this enables SSID broadcasting. This “announces” the SSID (network name) on the air, so it's easy to find and connect to. Some people argue that disabling SSID Broadcast provides more security. However, SSIDs names can be easily sniffed using common software. Therefore, disabling SSID Broadcast provides little increase in security.+**Broadcast: **Checking this enables SSID broadcasting. This “announces” the SSID on the air, so it's easy to find and connect to. Some argue disabling SSID Broadcast provides more security. However, SSIDs names are easily sniffed with common software. Disabling SSID Broadcast provides little increase in security. \\ \\
  
-**Channel: **Selects the channel on which the 5 GHz radio interface will operate. Generally, it's a good idea to choose a different channel than the one your neighbours are using.+**Channel: **Selects the channel on which the 5 GHz radio interface will operate. (Default: Auto).
  
-  * Auto: This is the defaultand is generally safe unless you have significant interference from nearby networks or other equipment. On this setting, FreshTomato chooses and uses the channel it believes has the least interference. +Generally, it's a good idea to choose a different channel than the one your neighbours are using.
-  * Channel: This menu lets you manually choose available WiFi channels on the band. Unavailable channels will not appear in this menu.+
  
-(Default: Auto).+  * Auto: This default is generally safe unless there's significant interference from nearby equipment.  
 +    * On this setting, FreshTomato selects and uses the channel it believes has the least interference. 
 +  * Channel: This lets you manually choose from available channels on the band. Unavailable channels won't appear here\\ \\
  
-**Channel Width:**  This menu allows you to choose the width of the channel (in terms of frequency).+**Channel Width:**  This allows you to choose the width of the channel (in terms of frequency).
  
-  * 20 MHz +  *  20 MHz 
-  * 40 MHz +  *  40 MHz 
-  * 80 MHz +  *  80 MHz 
-  * 160 MHz+  * 160 MHz (not yet supported. May be supported on some SDK714 models)
  
-The 20 MHz channels on the 5 GHz band have no overlap. Therefore, the 5GHz band is less prone to interference and noise. Larger channel widths provide more speed/bandwidth if there'minimal interference. Interference is more common on the 2.4 GHz band than it on the 5 GHz band. It is usually fine to choose a wider channel width here. However, if you see effects, such as slow speeds or trouble authenticating/associating with the router, you may need to use a narrower channel width.+ \\ 20 MHz channels on the 5 GHz band have no overlap, so the 5GHz band is less prone to interference and noise. Larger channel widths provide more speed/bandwidth if there'low interference. Interference is more common on the 2.4 GHz band. It'usually fine to choose a wider channel width here. However, if you see slowdowns or trouble authenticating/associating with the router, you may need to use a narrower channel width.
  
-802.11N can use 40 MHz channel width, but to maintain compatibility with legacy systems, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel.+802.11N can use 40 MHz channel width. However, to maintain legacy compatibility, it uses main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel. \\ \\
  
-**Control Sideband:**  This option is available only if the 40, 80 or 160 MHz Channel Width is selected. This menu allows you to choose whether the extra channel used is above (Upper) or below (Lower) the main channel being used. (Default: Upper).+**Control Sideband:**  This option is available only if the 40, 80 or 160 MHz Channel Width is selected. This lets you choose whether the extra channel used is above (Upper) or below (Lower) the main channel being used. (Default: Upper).
  
-  * Upper +Starting with release 2023.3, this menu will allow you to choose the exact control channel for use FixME! \\ \\
-  * Lower+
  
-**Security**+**Security:** This menu lets you select the security protocol that will be used on the 2.4 GHz WiFi interface.
  
-  * Disabled: disables security entirely, leaving the network open to anyone. \\ Avoid using this, as it is an almost unlimited security risk+  * Disabled:  disables security entirely, leaving the network open to anyone. Avoid using this.  
-  WEP: enables Wired Equivalent Privacy protocol. Avoid using this, as it is obsolete \\ due to serious vulnerabilities, including weak encryption. +    * This is a basically an unlimited security risk.
-  * WPA Personal: enables WiFi Protected Access Protocol (1.x). WPA uses the \\ RC4-based TKIP protocol, letting hosts exchange pre-shared keys more secure. \\ While more secure than WEP, WPA still has weaknesses, like lower encryption standards. \\ WPA is strongly discouraged in favour of WPA2 or higher. +
-  * WPA Enterprise: Also known as WPA-802.1X, this is similar to WPA Personal, \\ but each user has their own username/password, instead of the same pre-shared key. \\ WPA2 Enterprise does not requires a RADIUS server. However, often one is used \\ anyway for compatibility and security purposes. WPA Enterprise is more secure against \\ dictionary attacks on short passwords. Suitable for larger, more formal networks. +
-  * WPA2 Personal: WiFi Protected Access version 2 uses elements of the\\ 802.11i standard, like mandatory support for AES encryption. This makes it\\ much more secure than older protocols. WPA2 Personal is recommended for small-\\ to mid-sized, informal networks. +
-  * WPA2 Enterprise: This enables the Enterprise version of WPA2. This uses WPA2, but\\ each user has their own WiFi username/passkey, instead of the same pre-shared key.\\ WPA2 Enterprise is based on parts of 802.11i. This does not require RADIUS server,\\ but one is often used for legacy purposes \\ to maintain compatibility and security. Appropriate for larger, more structured networks. +
-  * WPA / WPA2 Personal: +
-  * WPA / WPA2 Enterprise: +
-  * RADIUS: Enables FreshTomato's Remote Access Dialup User Service. \\ Designed for larger organizations, RADIUS uses a separate server to authenticate, \\ permit and keep track of users. RADIUS also supports authentication via certificates, \\ which makes user management easier. This is usually used by advanced users.+
  
-**Shared Key:**  Here, enter the shared key used to authenticate the WiFi client on the network. The field will show asterisks until you click your cursor in it. The characters will then become visible.+  * WEP: enables Wired Equivalent Privacy protocol. Avoid using this. 
 +    * This is obsolete due to serious vulnerabilities, such as weak encryption. 
 + 
 +  * WPA Personal:  enables WiFi Protected Access Protocol 1.x. WPA uses the RC4-based TKIP protocol. 
 +    * This lets hosts exchange pre-shared keys, for more security.  
 +    * While more secure than WEP, WPA still has weaknesses, like lower encryption standards.  
 +    * WPA2 is strongly encouraged instead of WPA. 
 + 
 +  * WPA Enterprise: also known as WPA-802.1X. This is similar to WPA Personal, but each user has their own username/password 
 +    * No common pre-shared key is used. 
 +    * WPA Enterprise doesn't require a RADIUS server. Often, one is used anyway for compatibility and security reasons.  
 +    * WPA Enterprise is more secure against dictionary attacks on short passwords.  
 +    * This is suitable for larger, more formal networks. 
 + 
 +  * WPA2 Personal: WiFi Protected Access version 2 uses elements of the 802.11i standard. 
 +    * This supports mandatory use of AES encryption. It is much more secure than older protocols.  
 +    * WPA2 Personal is recommended for small to mid-sized, informal networks. 
 + 
 +  * WPA2 Enterprise: This enables the Enterprise version of WPA2.  
 +    * This uses WPA2, but each user has their own WiFi username/passkey, not a common pre-shared key.  
 +    * WPA2 Enterprise is based on parts of 802.11i.  
 +    * This does NOT require a RADIUS server, but one is often used for legacy purposes for compatibility and security.  
 +    * This is appropriate for larger, more structured networks. 
 + 
 +  * WPA / WPA2 Personal: This uses WPA2 Personal, and if that fails, allows WPA security 
 + 
 +  * WPA / WPA2 Enterprise: This uses WPA2 Enterprise, or WPA. 
 + 
 +  * RADIUS: Enables Remote Access Dialup User Service. 
 +    * This is designed for larger organizations.  
 +    * This uses a separate server to authenticate, permit and keep track of users.  
 +    * This supports authentication via certificates, which eases user management. 
 +    * This is usually only for advanced users. 
 + 
 + \\ 
 + 
 +**Shared Key:**  Here, enter the shared key to authenticate WiFi clients on the network. The field shows asterisks until you click your cursor in it. \\ \\ 
 + 
 +**Group Key Renewal:**  This sets how often encryption keys used between clients and the router are rotated. This is part of the WPA protocol. 
 + 
 +(Default: 3600 seconds). Please see the first wireless radio unit for more infos! 
 + 
 + 
 +===== Network Notes and Troubleshooting ===== 
 + 
 +==== Tune Route Cache ==== 
 + 
 +Specifically, enabling this option does the following: 
 + 
 + \\ 
 + 
 +<code bash> 
 +# 2018-01-19 
 +# Reduce and flush the route cache to ensure a more synchronous load-balancing across multi-wan 
 +# https://vincent.bernat.im/en/blog/2011-ipv4-route-cache-linux 
 + 
 +/bin/echo 1 > /proc/sys/net/ipv4/route/flush 
 +/bin/echo 1 > /proc/sys/net/ipv4/route/secret_interval 
 +/bin/echo 0 > /proc/sys/net/ipv4/route/min_delay 
 +/bin/echo 1 > /proc/sys/net/ipv4/route/max_delay 
 +/bin/echo 1 > /proc/sys/net/ipv4/route/gc_interval 
 +/bin/echo 1 > /proc/sys/net/ipv4/route/gc_elasticity 
 +/bin/echo 1 > /proc/sys/net/ipv4/route/gc_min_interval_ms 
 +/bin/echo 0 > /proc/sys/net/ipv4/route/gc_min_interval 
 +/bin/echo 1 > /proc/sys/net/ipv4/route/gc_thresh 
 +/bin/echo 1 > /proc/sys/net/ipv4/route/gc_timeout 
 + 
 +#Causes connectivity issues if this value is too small, use defaults or tune accordingly 
 +/bin/echo 512 > /proc/sys/net/ipv4/route/max_size 
 +</code> 
 + 
 + \\   \\   \\ 
 + 
 +==== Baby Jumbo Frames ==== 
 + 
 +Support for Baby Jumbo Frames (RFC 4638) was added starting with release 2021.3. This function works only on gigabit routers. Not all ISPs support Jumbo Frames for PPPoE (RFC 4638). 
 + 
 +To enable Baby Jumbo Frames: 
 + 
 +  * Go the Miscellaneous menu. Check //Enable jumbo frame support// in that menu. The router will reboot. 
 +  * In the Network menu, Set the MTU option to manual, and enter an MTU value of 1500 for PPPoE operation. (Usually, packet size will be 1492) 
 +  * Clamping can be manually disabled, if needed. (Type ''nvram set tcp_clamp_disable=1'' at a FreshTomato command prompt). 
 +  * Ping with packet size 1472 to verify that you have a working PPP MTU of 1500. 
 + 
 + \\ 
 + 
 + 
 +==== Wireless Band Steering ==== 
 + \\  
 +This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:  \\ 
 + \\  
 +<code -> 
 +Steer Policy: 
 +max=0 period=5 cnt=3 rssi=-52 phyrate_high=110 phyrate_low=0 flags=0x22 state=3 
 +Rule Logic: OR 
 +RSSI: Greater than 
 +VHT: Allowed 
 +NON VHT: Allowed 
 +NEXT RF: NO 
 +PHYRATE (HIGH): Greater than or Equal to 
 +LOAD BALANCE: NO 
 +STA NUM BALANCE: NO 
 +PHYRATE (LOW): Less than 
 +N ONLY: NO 
 +</code> 
 + \\ 
 + \\   
 +This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:  \\ 
 + \\  
 +<code -> 
 +Steer Policy: 
 +max=80 period=5 cnt=3 rssi=-82 phyrate_high=0 phyrate_low=0 flags=0x20 state=2 
 +Rule Logic: OR 
 +RSSI: Less than or Equal to 
 +VHT: Allowed 
 +NON VHT: Allowed 
 +NEXT RF: NO 
 +PHYRATE (HIGH): Greater than or Equal to 
 +LOAD BALANCE: NO 
 +STA NUM BALANCE: NO 
 +PHYRATE (LOW): Less than 
 +N ONLY: NO 
 +</code>
  
-**Group Key Renewal:**  This sets how often the encryption keys used between clients and the router/access point are rotated/changedThis is a part of the WPA protocol(Default: 3600 seconds 1 hour).+\\   \\  For more details, see: \\ [[https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0|https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0]]  \\   \\
  
  
basic-network.1648197255.txt.gz · Last modified: 2022/03/25 08:34 by m_ars