Differences

This shows you the differences between two versions of the page.

--- basic-network [2024/02/19 09:58] – [WAN(x) Settings] rs232
+++ basic-network [2025/05/10 23:21] (current) – [Wireless (2.4 GHz / interface eth1)] -Formatting hogwild
@@ Line 1: / Line 1: @@
 ====== Network ======
-The Network page includes most basic settings needed to configure the network. It is divided into sections including MultiWAN, WAN Settings, Ethernet Ports Configuration, LAN and Wireless setttings.
+This page includes most basic settings needed to configure the network. It's divided into sections including MultiWAN, WAN Settings, Ethernet Ports Configuration, LAN and Wireless settings.
 ===== MultiWAN =====
-{{:pasted:20220318-155543.png}}
+{{:pasted:20220318-155543.png?457}}
  \\
-**Number of WAN ports**: This lets you select the number of WAN ports to be used on the device.
+**Number of WAN ports**: lets you select the number of WAN ports to be used on the device.
-On routers with only one physical WAN interface, options with more WAN ports will be greyed out. You can select only “1 WAN” on such devices.
+On models with 1 physical WAN interface, only “1 WAN” can be selected. Other options are greyed out.
  \\
-**Tune route cache**: This is intended for MultiWAN configurations with load balancing.
+**Tune route cache**: is used for MultiWAN configurations with load balancing.
-This setting is advised when two or more WANs have a weight larger than "0". Basically, it uses kernel tweaks to improve workload sharing. For more details, see the [[basic-network#network_notes_and_troubleshooting|Notes]] section below.  \\  \\
+Recommended when 2 or more WANs have weight larger than "0". It uses kernel tweaks to improve workload sharing.
-**Check Connections Every: **This is an easy way for FreshTomato to automatically test WAN connection reliability. (Default: Disabled). Choosing any setting but [Disabled] will execute the Watchdog script. This sets how often the router pings to check it is still connected to the Internet.
+For details, see the [[basic-network#network_notes_and_troubleshooting|Notes]] section below.\\  \\
-The Watchdog script uses ping or traceroute to test WAN connection status.
+**Check Connections Every: **makes FreshTomato automatically test WAN link reliability.
-Choosing a setting other than Disabled will make "Target 1" and "Target 2" fields appear.
+It sets how often the router tests its Internet connection. Any option but Disabled runs the Watchdog script.
-  * Target 1 -** **Here, enter the address of the first host to ping regularly (Default: Google.com)
+Watchdog uses ping/traceroute to test WAN connection status. (Default: Disabled).
-  * Target 2 - Here, enter the address of the second host to ping regularly (Default: Microsoft.com)\\   \\
+Any option but Disabled makes "Target 1" and "Target 2" fields appear.
+ \\
+  * Target 1 -** **the address of the first host to ping \\ (Default: Google.com)
+  * Target 2 - the address of the second host to ping \\ (Default: Microsoft.com)\\   \\
 ==== WAN(x) Settings ====
-Settings in this section are used to configure the WAN interface. These settings depend on your ISP.
+Settings here are used to configure the WAN interface. These settings depend on your ISP.
-Depending on the type selected, other settings specific to that type of connection will be shown or hidden.
+Depending on the selected type, specific connection settings will be shown or hidden.
-**Type: **This sets the connection mode the WAN interface will use to connect to your ISP. (Default: DHCP).
+ \\
-  * **DHCP - **Your ISP's DHCP server will dynamically assign a WAN IP lease to FreshTomato.
+**Type:  **sets the connection mode the WAN interface uses to connect to your ISP. (Default: DHCP).
-    * DHCP does not use authentication. \\  \\
-  * **PPPoE - **The WAN port will respond to authentication requests from your ISP's PPPoE server.
+ \\
-    * This is most often used for DSL networks.
-    * This stores in FreshTomato the PPPoE username and password assigned by your ISP.
+  * **DHCP **- Your ISP's DHCP server dynamically assigns a WAN IP lease to FreshTomato.
-    * If authentication succeeds, the PPPoE server allows logon to the ISP network, and a DHCP server assigns you a WAN IP lease.
+    * DHCP doesn't use authentication. \\  \\
+  * **PPPoE **- The WAN port responds to authentication requests from the ISP's PPPoE server.
+    * Usually used on DSL networks.
+    * FreshTomato stores the PPPoE username/password assigned by your ISP.
+    * If authentication succeeds, the PPPoE server allows logon to the ISP network, \\ and a DHCP server assigns you a WAN IP lease.
     * Leave the //Service Name// field blank.
-    * Starting with release 2021.3, support for Baby Jumbo Frames (RFC 4638) was added in the [[advanced-misc|Miscellaneous]] menu.
+    * Starting with release 2021.3, support for Baby Jumbo Frames (RFC 4638) \\ was added to the [[advanced-misc|Miscellaneous]] menu.
-    * When using Baby Jumbo Frames, set MTU to 1500, consistent with the Baby Jumbo Frames change. (See [[https://wiki.freshtomato.org/doku.php/basic-network#network_notes_and_troubleshooting|Notes]]) \\  \\
+    * When using Baby Jumbo Frames, set MTU to 1500, to be consistent with the \\ Baby Jumbo Frames change. (See [[basic-network#network_notes_and_troubleshooting|Notes]]).\\  \\
-  * **Static - **This choice will configure your WAN port with a static IP.
+  * **Static **- will configure your WAN port with a static IP.
-    * You must manually enter the following settings in FreshTomato, from your ISP:
+    * You must manually enter these settings in FreshTomato, from your ISP:
       * Static IP address
       * Subnet mask
       * Gateway address
       * DNS server addresses
-    * This mode is commonly used for business accounts, when the IP address shouldn't change. \\  \\
+    * This mode is usually used for business, when an IP address mustn't change. \\  \\
-  * **PPTP - **This configures the WAN port to use Microsoft's PPTP (VPN) tunneling protocol to connect.
+  * **PPTP **- configures the WAN port to use Microsoft's PPTP protocol to connect.
-    * This section will require you to enter:
+    * This section requires you to enter:
       * a username
       * password
       * gateway server settings (given by your ISP). \\  \\
-  * **L2TP - **Choosing this configures the WAN port to connect using Cisco's Layer Two Tunnelling Protocol.
+  * **L2TP **- configures the WAN port to connect using Layer Two Tunneling Protocol.
-    * FreshTomato will require you enter the following, provided by your ISP:
+    * FreshTomato requires you enter the following, provided by your ISP:
       * L2TP username
       * Password
@@ Line 70: / Line 80: @@
       * Gateway setting \\  \\
-  * **3G modem - **This setting will enable support for 3G GSM (cellular) USB modems.
+  * **3G modem - **enables support for 3G cellular USB modems.
-    * Ensure USB and 3G/4G/5G modem support are checked in [[nas-usb|USB Support]] for the modem to be detected. \\  \\
+    * To detect modems, enable USB and 3G/4G/5G modem support in [[nas-usb|USB Support]].\\  \\
-  * **4G/LTE - **This enables support for fourth generation GSM (cellular) / LTE USB modems.
+  * **4G/LTE - **enables support for 4th generation cellular/LTE USB modems.
-    * When choosing 4G, PIN code and APN fields appear. These must be filled with correct settings (see below).
+    * When using 4G, PIN code and APN fields appear. You must enter these settings.
-    * Check USB and 3G/4G/5G modem support are enabled in the [[nas-usb|USB Support]] menu for the modem to be detected. \\  \\
+    * To detect modems, enable USB and 3G/4G/5G modem support in [[nas-usb|USB Support]]. \\  \\
-  * **Disabled - **This disables the physical WAN port on your router.
+  * **Disabled - **disables the physical WAN port on the router.
-    * This effectively makes your FreshTomato device function only as a switch (if it has that function) and/or;
+    * This makes your device function only as a switch (if it has that function) and/or;
-    * It may effectively make your device function as a WiFi access point (if it has that function). \\  \\
+    * It may effectively make your device function as a WiFi A/P (if capable). \\  \\
-**Wireless Client Mode:  **This enables FreshTomato's Wireless Client mode.
+ \\ **Wireless Client Mode:  **enables FreshTomato's Wireless Client mode.
-This mode lets the router act as a client to connect to another router/AP, similar to how a WiFi adapter would.  \\ (For details, see Wireless Mode tables below).
+This lets the router act as a client (WiFi adapter) to connect to another router/AP.\\ (For details, see Wireless Mode tables below).
-  * Disabled - Wireless Client mode will be disabled.
+ \\
-  * 2.4 GHz - Wireless Client mode will be enabled on the 2.4 GHz interface.
-  * 5 GHz - Wireless Client mode will enabled on the 5 GHz interface.
- \\ {{::basic-network-wan_settings-2023.2.jpg?805}}
+  * Disabled - wireless Client mode will be disabled.
+  * 2.4 GHz - wireless Client mode will be enabled on the 2.4 GHz band.
+  * 5 GHz - wireless Client mode will enabled on the 5 GHz band.
  \\
-**Load Balance Weight:   **Only visible when number of WANs > 1, can be set between 0 and 256\\
+{{::basic-network-wan_settings-2024.1.png?627}}
+ \\   \\
+**Load Balance Weight:**   appears only when number of WANs > 1. Valid settings are (0 - 256).\\
+{{:pasted:20240219-103900.png?476}}\\  \\
+In a MultiWAN configuration, FreshTomato performs load sharing on the link traffic. Giving each interface a Load Balance Weight adjusts how it participates in MultiWAN activities. Load sharing is done on a per-session basis to avoid issues with interactive traffic like:
-A very important concept to digest when setting up your device in MultiWAN is the fact that this is a load-sharing of links. A load share is intentionally performed on a session basis this is to prevent issues with interactive traffic like real-time voice/video, RDP, or anything else that classifies as interactive. To tweak how a specific interface will participate in MultiWAN activities you can set the Load Balancing Weight on each interface. See some example here below:\\
-\\
-Load Balance Weight: 0\\
-Does not actively route traffic but will be "enabled" automatically as a last resort in case all the other primary interfaces with weight greater than 1, fail for whatever reason. This is commonly used in the so called fail-over scenarios. When an interface with weight 0 is auto-enabled it will be assigned a weight of 1. NOw let's assume we have 2x WANS with weight 0 and 1 respectively, in case any of the other WANs in fail state state is to fix itself, The interface with original weight 0 is to go back idling while any new traffic is to be handled by the resuscitated interface/s. \\
-\\
-Load Balance Weight: 1\\
-Any value higher than 0 makes the interface actively route packed. a weight of 1 doesn't necessarily mean anything by itself as it needs to be compared with other Interfaces Load Balance Weight.\\
-\\
-Load Balance Weight: 5\\
-An interface set with e.g. weight 5 would essentially handle 5 new sessions before any other interface is to be used.\\
-\\
-In a practical example let's say we have 3WANs:\\
-''WAN0 = 0
-WAN1 = 1
-WAN2 = 5
-''
-In this scenario WAN0 is to be used only if both WAN1 and WAN2 are both in failed state (can't route packets). WAN1 will handle the very 1st LAN client new session going through the router, where WAN2 is to handle the 2nd,3d,4th,5th,6th. So what's happens to the 7th? It starts again from WAN1 with 1 session and WAN2 will take care of the next 5 new sessions so 8th,9th,10,11,12th.
  \\
-**Modem device: **Here, you specify the 3G modem's Linux device path/filename.
+  - Real-time voice
+  - Video
+  - RDP.
-  * If you don't know what to choose, check the [[dongle_compatibility|3G/4G/5G Dongle compatibility]] page to see if your modem is listed.
+ \\
-  * To ensure your modem is detected, check [[nas-usb|USB Support]] is enabled in the [[nas-usb|USB Support]] menu.
-  * When 3G modem or 4G/LTE is set as the WAN type, other fields appear, prompting for more information.
+Per-packet loadsharing isn't recommended in cases where link speeds vary. It would generate out-of-order packets, and in doing so, could make interactive traffic unusable.
+\\  \\ //**Example: Load Balance Weight: 0  (Failover)**//
+ \\ \\ If "0" is used, FreshTomato won't route traffic when other WAN interfaces are functioning. However, if all other WAN interfaces with weight "1" or higher fail, a WAN connection with weight "0" will automatically enable. Then, when the interface with weight "0" is automatically enabled, it is assigned a weight of "1". Such functionality is commonly used as a failover configuration.
+ \\
+For example, let's say:
+ \\
+  * There are 2 WANs
+  * WAN0="weight 0"
+  * WAN1="weight 1" \\
+ \\
+In this example, routing would proceed as follows:
+ \\
+  - When the failure of WAN1 is detected, WAN0 will activate \\ (assigned with weight: "1") and begin routing packets.
+  - Later, WAN1 recovers its connectivity. As soon as FreshTomato \\ notices, (seconds/minutes), WAN0 will be reset to idle status \\ while traffic is rerouted through the revived WAN1.
+ \\
+Recovery back to the originally-active interface is called //preempting//.** **It's the default (fixed) behavior.\\  \\  \\ //**Example: Load Balance Weight: 1**//
+\\ Any value > "0" makes an interface actively route packets.
+A weight of "1" isn't very meaningful, since weights are relative. Each weight is compared to others to direct functionality.
+A good way to understand this is:
+ \\
+  * "1=100%
+  * "0=0%"
+  * Thus, if WAN0=“weight 0” and WAN1=“weight 1”, WAN1 would handle 100% of the traffic.
+ \\ \\ //**Example: Load Balance Weight: 5**//
+ \\ \\ Basically, an interface set to weight: "5" would handle 5 new sessions before any other interface was used.\\  \\ For example, say we have 3 WANs, as follows: \\
+  * WAN0 = weight 0
+  * WAN1 = weight 1
+  * WAN2 = weight 5
+ \\ \\ In this example, routing would proceed as follows:
+ \\
+  - WAN0 would be used only if WAN1 and WAN2 are failing/unable to route.
+  - WAN1 would handle the first new LAN client session through the router.
+  - WAN2 is set to handle the second, third, fourth, fifth and sixth sessions.
+  - The seventh new session would be treated as another, first new LAN client, \\  so would start again from WAN1.
+  - WAN2 would then handle the next five new sessions, (eighth through twelfth).\\  \\
+ \\ **These settings affect only outbound traffic.** Return traffic tries to return via the WAN interface it came from.
+Allocation of a new session to a WAN is dynamic. You can set which traffic gets allocated to which Interface ("sticky connection") in [[advanced-pbr|MultiWAN routing]].
+ \\
+**Modem device: **here, specify the 3G/4G/5G modem's Linux device path/filename.
+ \\
+  * If unsure, check the modem is listed in [[dongle_compatibility|3G/4G/5G Dongle compatibility]].
+  * If it isn't detected, enable 3G/4G/5G modem and USB support in [[nas-usb|USB Support]].
+  * If WAN type is 3G or 4G/LTE, fields appear asking for more information.
   * The Default device filename is the first serial device on the first USB port: (/dev/ttyUSB0).
-  * The “tty” part of the device's filename represents a serial device.
+    * The “tty” part of the filename represents a serial device.
-  * The “USB0” part of the device's filename means the device is connected to the first USB port.
+    * “USB0” in the filename means the device is connected to the first USB port.
-  * Devices listed as "/ttyUSB" use the newer Serial→USB device driver framework.
+    * Devices listed as "/ttyUSB" use the newer Serial→USB device driver framework.
-    * This device type uses Linux's serial modem driver framework.
+  * “ACM” in the device name type means the device type is: “Abstract Control Model”
-  * If the interface lists: “/dev/ttyACM0" instead, “ACM” means device type is: “Abstract Control Model”
-    * ACM modems let the modem hardware perform analog functions.
+ \\
-To get device details, you could also log on to FreshTomato via Telnet/SSH and use the lsusb or dmesg commands .
+To get modem details, log on to FreshTomato via Telnet/SSH and use the "lsusb" or "dmesg" commands .
  \\
-**PIN Code: **This is the 3-digit PIN code for the SIM card associated with your cell account.
+**PIN Code: **the 3-digit PIN code for the SIM card associated with your cell account.
   * Leave this blank if your SIM card code was deactivated. \\  \\
-**Modem init string: **Here, enter the modem's default initialization string.
+**Modem init string: **enter the modem's default initialization string.
-  * This will come from your cell provider, or the modem manufacturer. (Default: *99#). \\  \\
+  * Your cellular provider or modem manufacturer gives you this. (Default: *99#).\\  \\
-**APN: **The access point name (provided by your cell carrier).
+**APN: **the access point name (provided by your cell carrier).
-  * This specifies a gateway to route data between your carrier and the Internet. (Default: internet). \\  \\
+  * Sets a gateway to route data between the carrier and the Internet. (Default: internet).\\  \\
-**Username: **Here, enter the (carrier-provided) username to access your cell carrier's APN gateway.
+**Username: **the (carrier-provided) username to access your cell carrier's APN gateway.
-  * Some carriers don't require this info. \\  \\
+  * Some carriers don't require this. \\  \\
-**Password: **Here, enter the (carrier-provided) password to authenticate to your cell carrier's APN gateway.
+**Password: **the (carrier-provided) password to authenticate to your cell carrier's APN gateway.
-  * Some carriers do not require this info. \\  \\
+  * Some carriers do not require this. \\  \\
-**Network Type: **This menu appears when WAN type is set to 4G/LTE. (Default setting: 4G/3G/2G).
+**Network Type: **appears when WAN type is set to 4G/LTE. (Default: 4G/3G/2G).
-  * The default setting configures FreshTomato to start negotiating with a 4G connection. \\ If that fails, it falls back to negotiating a 3G connection, and failing that, a 2G connection. \\  \\
+  * The default makes FreshTomato start negotiating with a 4G connection. \\ If that fails, it falls back to negotiating 3G. Finally, it tries a 2G connection. \\  \\
-**DNS Server: **
+**DNS Server:**
-  * AUTO - FreshTomato uses DNS server addresses included in your Internet Provider's DHCP lease.
+ \\
-  * Manual - Enables the DNS server function (dnsmasq). This makes "DNS 1" and "DNS 2" fields appear.
-    * DNS 1 - Enter the first DNS server address here (if DNS Server is set to Manual).
-    * DNS 2 - Enter the second DNS server address here (if DNS Server is set to Manual).
- \\ Manually-set DNS servers are useful if your ISP's DNS servers are slow/unreliable. Also, some can provide content filtering. \\  \\
+  * AUTO - FreshTomato uses DNS server addresses in your ISP's\\  DHCP lease.
+  * Manual - enables DNS server functions in dnsmasq. "DNS 1" \\ and "DNS 2" fields appear.
+    * DNS 1 - enter DNS server 1 address here.
+    * DNS 2 - enter DNS server 2 address here.
-**MTU:**  This sets the Maximum Transmission Unit, (maximum Ethernet frame size) for traffic between WAN and LAN.
+ \\ Manually-set DNS servers can be helpful if your ISP's DNS servers are slow/unreliable. \\  \\
-This is only for the WAN interface. It won't affect LAN traffic. However, different MTU sizes among devices can cause problems.
+**MTU:**  sets the Maximum Transmission Unit, (Ethernet frame size) for WAN<-->LAN traffic.
-  * (Default: 1500) - This is typical for Ethernet devices, and is usually suitable. The Manual field value is greyed out and fixed.
+This is for the WAN interface only and won't affect LAN traffic.
-  * Manual - Choosing this lets you to enter a custom number in the field beside it. Jumbo Frame sizes start at 2000 bytes. \\  \\
-**Use DHCP:**  This function is rarely used, and you are advised to leave it disabled.
+  * (Default: 1500) - good for most Ethernet devices. \\ Choosing it \\ greys out the Manual field.
+  * Manual - Enter a custom value. Jumbo Frames \\ start at 2000 bytes.
-  * On a few Internet providers, addressing is separated from PPPoE functionality. \\  \\
+ \\
-**Single Line MLPPP**: This is outdated, and rarely used nowadays.
+Different MTU sizes across devices may cause issues.\\
-Multilink PPP is a version of the PPP protocol that lets you bond two or more physical connections to increase apparent bandwidth. \\ Single Line MLPPP is similar, but lets you use one modem to bond the bandwidth of multiple PPPoE sessions. \\ A side effect of using this is that it bypassed some Internet Providers' bandwidth throttling. \\ \\  \\
+ \\
-**Route Modem IP: **This function lets you access a modem "behind a router" with a simple configuration change. (Default: Off)
+**Use DHCP:**  is rarely used. Usually, you should leave it disabled.
-  * When using a separate modem and router, usually you set the modem in bridge mode/PPPoE passthrough mode.
+  * A few Internet providers separate addressing from PPPoE functions.\\  \\
-  * That means you can't easily access the modem's LAN interface while it's "behind" the router.
-  * The router's WAN interface has a public address, but the modem is reachable only via a private LAN address.
-  * Private addresses aren't routable, so by default, FreshTomato blocks LAN > WAN > MODEM PRIVATE IP traffic.
-  * Route Modem IP adds a simple static route to the routing table, giving the modem a private IP on a /32 subnet.
-  * This makes the private address reachable via the WAN interface.
-  * The mask allows only one host, so only the modem is reachable on that subnet.\\  \\
-**Query Hilink Modem IP:**  This function is only for Huawei USB modems supporting Hilink mode. (Default: Disabled).
+**Single Line MLPPP:** is outdated, and rarely used now.
-Some Huawei modems have a "HiLink" operation mode. Enabling this lets you communicate with a modem in HiLink mode connected to a device on the network other than the FreshTomato device. This is useful when monitoring LTE statistics, or signal strength.
+This Multilink PPP version lets a modem bond the bandwidth of multiple PPPoE sessions.
+A side effect of it was that it bypassed some ISPs' bandwidth throttling.\\ \\  \\
+**Route Modem IP: **lets you access a modem "behind a router" with a quick setting change.
  \\
+  * When using separate modem and router, usually the modem is in bridge mode or \\ PPPoE passthrough mode. This makes it hard to access the modem's LAN interface, \\ as it's "behind" the router.
+  * The router's WAN interface has a public address, but the modem is reachable \\ only via a private LAN address.
+  * Private addresses aren't routable, so by default, FreshTomato blocks any traffic\\ on a path of: LAN ---> WAN ---> (MODEM with PRIVATE IP).
+  * Route Modem IP adds a static route to the routing table, giving the modem a\\ private address on a /32 subnet. This makes the private address reachable via \\ the WAN interface, and thus via the LAN.
+  * The mask allows only one host, so only the modem is reachable on that subnet.
+ \\ .
+(Default: Off)\\  \\
+**Query Hilink Modem IP:**  is for Huawei USB modems with Hilink mode.
+It lets you communicate with a modem in Hilink mode connected to a LAN device other than the router.
+It can be used to monitor modem statistics/signal strength. (Default: Disabled).\\  \\
 **Call Custom Status Script: ** TBD.
@@ Line 199: / Line 287: @@
  \\
-**Connect Mode: **This chooses the method used to keep the router connected to the Internet provider. (Default: Keepalive).
+**Connect Mode: **chooses the method to keep the router connected to the Internet provider.
-  * Connect on Demand - will make FreshTomato disconnect from the ISP after the period in the //Max Idle Time// field. \\ FreshTomato will reconnect to the Internet a soon as any LAN client requests Internet access.
+ \\
+  * Connect on Demand - makes the router disconnect from the ISP after \\ the //Max Idle Time//. FreshTomato reconnects to the Internet as soon as \\ a LAN client requests Internet access.
   * Some ISPs drop a connection if their router detects no Internet activity.
-    * Keepalive - Selecting this makes FreshTomato send small [[https://en.wikipedia.org/wiki/Keepalive#TCP_keepalive|keepalive]] packets at brief, specified intervals. \\ This makes it look to the ISP like there's intermittent activity, even when no clients request Internet access.
+    * Keepalive * - makes FreshTomato send [[https://en.wikipedia.org/wiki/Keepalive#TCP_keepalive|keepalive]] packets at brief, \\ specified intervals. This makes the ISP "see" intermittent activity \\ when no clients request \\ Internet access.
-  * Redial Interval - Here, enter how often the router will check the Internet connection. (Default: 10 seconds). \\ This minimizes your Internet connection response time, since usually, the connection will always be up.
+  * Redial Interval - how often the router checks the Internet connection. \\ (Default: 10 seconds). This minimizes Internet connection response time, \\ since usually the connection will be up.
  \\
-**Redial Interval: **  When PPPoE dialling fails, the Redial Interval is used to delay attempts for the defined number of seconds. \\ This allows more time for the PPPoE server or network gear to restart proper functioning before trying a PPPoE connection again. \\ (Default: 10 seconds). \\  \\
+(Default: Keepalive).\\
-**LCP Echo Interval: **The Link Control Protocol sends and receives frames between two peers to verify they're still connected.
+ \\
+**Redial Interval: **if PPPoE dialing fails, this delays attempts for a defined number of seconds.
+This allows more time for the PPPoE server/network equipment to restart properly before re-establishing a PPPoE link. \\ (Default: 10 seconds).\\  \\
+**LCP Echo Interval: **Link Control Protocol exchanges frames between 2 peers to check they're connected.  \\
-  * LCP Echo Interval is the period between these signals. Usually, this is used to verify that a DSL modem's PPPoE \\  is still connected to the ISP.
+  * LCP Echo Interval is the time between these signals.
+  * Usually used to check a DSL modem's PPPoE is still connected to the ISP.
   * (Default: 10 seconds).
  \\
-**LCP Echo Link fail limit: **This is the number of times LCP echo requests can fail between LCP peers before the status is considered dead.
+**LCP Echo Link fail limit: **how many failed LCP echo requests between peers before link is deemed down.
-  * The client DSL modem will then drop the PPPoE link. LCP will try to renegotiate a new PPPoE session.
+ \\
+  * The client DSL modem will then drop the PPPoE link.
+  * LCP will then try to renegotiate a new PPPoE session.
  \\
-**Disable Watchdog:  **Checking this disables the Watchdog function, (described in //Watchdog Mode// below). It disables Watchdog only for the WAN connection currently seen on that menu. (Default: Enabled, using Tracert).
+**Disable Watchdog: **disables the Watchdog function, for only the WAN connection in the menu. \\ (Default: Enabled/Tracert).
  \\
-**Watchdog Mode:  **This regularly checks that a given WAN connection is up. It is supported for DHCP, PPPoE, PPTP, L2TP, and 3G/4G/5G LTE connection types. Here, you choose which method is used to test the connection.
+**Watchdog Mode: **regularly checks a given WAN connection is up.
+This chooses the method used to test the connection.
+ \\
   * Traceroute *
   * Ping
+ \\
+The Watchdog function supports connection types:
+ \\
+  - DHCP
+  - PPPoE
+  - PPTP
+  - L2TP
+  - 3G/4G/5G LTE
+ \\
 ===== LAN =====
+The LAN section includes information and settings to configure FreshTomato's LAN interface functions.\\
+ \\
+{{::basic-network-lan.png?799}}
-The LAN section includes information and settings to configure FreshTomato's LAN interface functions.
+ \\
-This includes FreshTomato's:
+This includes:
-  * LAN IP address and subnet mask
+  - LAN IP address and subnet mask
-  * Spanning Tree Protocol function
+  - Spanning Tree Protocol function
-  * DHCP server status and settings (through dnsmasq), such as scope and lease time
+  - DHCP server status/settings (via dnsmasq), such as scope and lease time
-  * Stubby (DNS-over-TLS) setting and WINS settings
+  - Stubby (DNS-over-TLS) setting and WINS settings
-\\  {{:pasted:20230223-144115.png}}\\  \\
+ \\
-**Bridge:  **This lets you Selects the bridge whose LAN settings will be modified \\ \\
+**Bridge:** lets you selects the bridge whose LAN settings will be modified \\ \\
-**STP**:  This enables Spanning Tree Protocol to prevent forwarding loops in switches. The default (off) setting is recommended, unless you are highly experienced. \\ \\
+**STP**:  enables Spanning Tree Protocol to prevent forwarding loops in switches.
-**IP Address:  **Here, enter the IP Address to assign to the specified LAN interface. (Default: 192.168.1.1). FreshTomato supports Class A, B, and C networks. \\ \\
+The default (off) is recommended, unless you are highly experienced. \\ \\
-**Netmask**:  The subnet mask associated with FreshTomato's LAN IP address. (Default: 255.255.255.0 - class "C" netmask). \\ \\
+**IP Address:** the IP Address to assign to the specified LAN interface.
-**DHCP**:  Checking this enables DHCP server functions in dnsmasq. (Default: Off) \\ \\
+FreshTomato supports Class A/B/C networks. (Default: 192.168.1.1).\\ \\
-**IP Range //(first/last)//**:  In the top field, enter the first allowable address in the subnet. In the bottom field, enter the last address. This will form the range of IP addresses the DHCP server will assign to LAN clients. \\ \\
+**Netmask**:  the subnet mask associated with FreshTomato's LAN IP address.
-**Lease Time (//mins.//)**: This is the DHCP lease time, in minutes. (Default: 1440). \\ \\
+(Default: 255.255.255.0 - class "C" netmask). \\ \\
-**Automatic IP**:  Since release 2022.6, you can select this option if the router is in AP Mode, Wireless Ethernet Bridge Mode or Media Bridge Mode. This lets FreshTomato obtain a LAN IP via DHCP. \\ \\
+**DHCP**:  enables DHCP server functions in dnsmasq. (Default: Off) \\ \\
-After saving settings, the router's new, default address is 192.168.1.1 while it awaits DHCP details. That address will change once it obtains DHCP data. \\ \\
+**IP Range //(first/last)//**:  the range of IP addresses the DHCP server will assign to LAN clients.
- \\
+In the top field, enter the first valid address in the subnet. Enter the the last address in the bottom field. \\ \\
-{{:pasted:20220907-091646.png}}
+**Lease Time (//mins.//)**: the DHCP lease time, in minutes. (Default: 1440). \\ \\
- \\
+**Automatic IP**: lets FreshTomato obtain a LAN IP via DHCP.
+Since release 2022.6, this option is supported in: \\
+ \\
+  - AP Mode
+  - Wireless Ethernet Bridge (WEB) Mode
+  - Media Bridge Mode.\\ \\
+After saving settings, the router's new default address is 192.168.1.1 until it obtains DHCP data.\\
 ===== Ethernet Ports State - Configuration =====
-[[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=a6a415f4dc7913bbf0c6b45958973582.png|{{:a6a415f4dc7913bbf0c6b45958973582.png}}]]  \\
+Settings here are for the Ethernet Ports State graphic in the [[status-overview|Overview]] menu. Link status, Link speed and Diagnostic information are shown for each port, .
- \\   \\ These are settings for the **Ethernet Ports State** graphic in the [[status-overview|Overview]] menu. The graphic shows status, link speed, and diagnostic information for all ports.
+ \\
-**Enable Ports State:**  Checking this enables the Ethernet Ports State graphic. (Default: On). \\ \\
+{{basic-network-ethernet_ports_state_configuration-2024.1.png?291}}
-**Show Speed Info:**  Checking this displays the link speed of each port, (1GB/100MB/10MB). (Default: On). \\ \\
+ \\
+**Enable Ports State:** enables the Ethernet Ports State graphic. (Default: On). \\ \\
+**Show Speed Info:** checking this displays the link speed of each port, (1GB/100MB/10MB).
+(Default: On). \\ \\
+**Invert ports order:** displays port icons in the opposite order from where they are on the hardware.
-**Invert ports order:**  Enabling this displays port icons in Ethernet Ports State in the opposite order from where they are on the hardware. This is useful when the sequence of display icons doesn't match the actual locations on the router. (Default: Off).
+This is useful when the order of display icons doesn't match the physical locations on the router. (Default: Off).
 ===== Wireless Band Steering =====
-[[https://wiki.freshtomato.org/lib/exe/detail.php?id=network&media=736e934886107c2e5ab80563e9e98bb5.png|{{:736e934886107c2e5ab80563e9e98bb5.png}}]]  \\   \\
+This feature makes FreshTomato assess on which band a client device should connect, and then "nudges" it towards that band.
-With Wireless Band Steering enabled, FreshTomato can assess on which band the client device should try to connect. It then "nudge" the client towards that band.
+\\
-  * Disable *
+{{::wireless_band_steering.png?564}}
-  * Enable
-To achieve this, for all WiFi interfaces, enter the same:
+ \\
-  * SSID name
+When enabled, these settings are saved to NVRAM, then replicated from the first WiFi radio to all other radios:
-  * Security settings
-  * Password
-  * Other settings (see picture below)
-Remember that client devices can also try to switch bands on their own, without the influence of Wireless Band Steering.
+ \\
-Wireless Band Steering is available starting with release 2020.8 (and only for ARM hardware). See the Notes section below for more details on how it works.
+  - SSID
+  - Broadcast
+  - KEY1-4
+  - Shared Key
+  - Encryption
+  - Radius Key
+  - Radius Port
+  - Radius IP
  \\
+(Visibility depends on the wireless security selected)
-==== Wireless (2.4 GHz / interface eth1) ====
+Among the wireless settings that will NOT be replicated are:
-The Wireless (2.4 GHz) section displays information and settings for the 2.4 GHz wireless network interface.
+ \\
-Your device may show a different device name than eth1. FreshTomato hardware device numbers begin at "0". The first Ethernet device might be called "eth0". The second wireless device might be called "wl1".
+  * Channel
+  * Channel Width
+  * Wireless Network Mode
+  * Band (2.4 / 5 GHz)
+  * Country Code/Rev
+  * Beamforming
-**Enable Wireless:** When checked, this turns on the 2.4 GHz WiFi interface. When unchecked, the 2.4 GHz WiFi interface is off. \\ \\
+ \\
-**MAC Address:** This displays the MAC address of the 2.4 GHz WiFi interface. Clicking on it takes you to the [[:mac_address|MAC Address]] page, where you can specify a custom MAC address for this interface. \\ \\
+Client devices also may try to switch bands on their own, without the influence of Wireless Band Steering.
-**Wireless Mode:** This allows you to select the wireless mode (function) of the 2.4 GHz WiFi network interface.  \\   \\
+This feature is available since release 2020.8 (for ARM hardware only). See the [[https://wiki.freshtomato.org/doku.php/basic-network#network_notes_and_troubleshooting|Notes]] section for more details.
+ \\
+===== Wireless (2.4 GHz / interface eth1) =====
+The Wireless (2.4 GHz) section displays information and settings for the 2.4 GHz wireless interface.
+Your device may show a different device name than eth1. Hardware device numbers begin at "0".
+The first Ethernet device might be called "eth0". The second might be called "wl1".
+ \\
+**Enable Wireless:** enables the 2.4 GHz WiFi interface. When unchecked disables that interface. \\ \\
+**MAC Address:** displays the MAC address of the 2.4 GHz WiFi interface.
+Clicking this takes you to the [[:mac_address|MAC Address]] page, to specify a custom address for this interface. \\ \\
+**Wireless Mode:** here, choose the wireless mode (function) of the 2.4 GHz WiFi interface.  \\   \\
  \\
@@ Line 323: / Line 490: @@
 ^   ^  **Table: 2.4 GHZ Interface Wireless Modes**  ^
 |  **Wireless Mode**  |  **Description**  |
-|  \\ Access Point  | \\ The (default) setting, which allows clients to connect to FreshTomato's wireless network(s). \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
+|  \\ Access Point  | \\ The (default) setting, that allows clients to connect to FreshTomato's WiFi networks. \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
-|  \\ Access Point WDS  | \\ Sets the router in "repeater mode", allowing clients to connect via wireless while simultaneously acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
+|  \\ Access Point WDS  | \\ Sets the router in "repeater mode". Clients can connect via WiFi while simultaneously acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
-|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for:\\    MIPS devices (SDK5: RT and RT-N images)\\    ARM devices (SDK6 & SDK7) starting with release 2021.5\\ -  This mode does not workyet on SDK6 MIPS RT-AC builds.\\ -  Only one wireless radio can be used in this mode. Other radio modules, (if present), can be used in Access Point mode. \\ -  Disable band steering if using this mode (at least for the initial setup. Advanced users may adjust nvram values for band steering).\\ -  The recommended security setup for WiFi connections is WPA2 Personal with AES. \\ -  If no connection is possible using the above, try WPA / WPA2 Personal + AES.\\ -  This is the recommended security setup for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ |
+|  \\ Wireless Client  | \\ The router connects to another router/access point as any other WiFi client device would. \\ \\ -  Wireless Client mode works for:\\    MIPS devices (SDK5: RT and RT-N images)\\    ARM devices (SDK6 & SDK7 & SDK714) starting with release 2021.5\\ -  This mode does not work yet on SDK6 MIPS RT-AC builds. \\   (The option will be removed from the GUI starting with Release 2024.3)\\ -  Only one wireless radio can be used in this mode. Other radio modules, (if present), can be used in Access Point mode. \\ -  Disable band steering if using this mode (at least for the initial setup. Advanced users may adjust NVRAM values for band steering).\\ -  The recommended security setup for WiFi connections is WPA2 Personal with AES. \\ -  If no connection is possible using the above, try WPA / WPA2 Personal + AES.\\ -  This is the recommended security setup for MIPS SDK5 (RT and RT-N) wireless client mode). \\ \\ |
-|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. All clients connected to both routers remain in the same subnet. \\ \\ -  Since Wireless Ethernet Bridge 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge interface only to connect to your main AP (no virtual interfaces). Other radio modules present can be used, for example, in Access Point mode.\\ \\ |
+|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  Since Wireless Ethernet Bridge 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will be blocked (Bug within wl driver ==> router may crash; Use Media Bridge Mode for IPv6 support)\\ -  ARM SDK7 not working/possible (Option will be removed from the GUI starting with Release 2024.3)\\ -  ARM SDK6 & SDK714 working correctly\\ -  MIPS SDK5: RT and RT-N working correctly\\ -  MIPS SDK6 RT-AC not working/possible (Option will be removed from the GUI starting with Release 2024.3)\\ -  Do not enable wireless band steering (BSD) while this mode is enabled.\\ \\ Recommendation: Use this interface only to connect to your main AP (no virtual interfaces). Other radio modules present can be used, for example, in A/P mode.\\ \\ |
-|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\ All clients connected to both routers remain in the same subnet. \\ -  Support for this mode is available starting with release 2021.6 .\\ -  This mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (only for MIPS RT-AC images and all ARM images). \\ -  Recommendations: Use Wireless Ethernet Bridge mode for MIPS RT and RT-N builds (like the RT-N16, E4200v1).\\ -  This Mode is not supported in SDK5 (RT / RT-N) builds.\\ -  Both IPv4 and IPv6 communication function well.  You don't need to enable IPv6 via the web interface. IPv6 traffic will work. \\ -  Do not enable wireless band steering (BSD) if this mode is enabled.\\ -  Use Media Bridge interface only to connect to your main AP (not to virtual interfaces). Other present radio modules can be used, for example, in Access Point mode.\\ \\ |
+|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point.\\ All clients connected to both routers remain in the same subnet.  \\ \\ -  Support for this mode is available starting with release 2021.6 .\\ -  This mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (only for MIPS RT-AC images and all ARM images). \\ -  Recommendations: Use Wireless Ethernet Bridge mode for MIPS RT and RT-N builds (like the RT-N16, E4200v1).\\ -  This Mode is not supported in SDK5 (RT / RT-N) builds.\\ -  ARM SDK6 & SDK7 & SDK714 working correctly\\ -  MIPS SDK6 RT-AC working correctly\\ -  Both IPv4 and IPv6 communication function well.  You don't need to enable IPv6 via the web interface. IPv6 traffic will work. \\ -  Do not enable wireless band steering (BSD) if this mode is enabled.\\  \\ Recommendation: use this interface only to connect to your main A/P (not to virtual interfaces). Other present radio modules can be used, for example, in A/P mode.\\ \\ |
 |  \\ WDS  | \\ Serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ |
 | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||
-\\ **Wireless Network Mode: **This lets you choose which 802.11 WiFi protocol(s) to make available to clients.
+\\  \\
-The network modes available in this dropdown will depend on your hardware.
+**Wireless Network Mode: **selects which 802.11 WiFi protocols to make available to clients.
-  * Auto: *  FreshTomato and WiFi client devices negotiate the best protocol automatically.
+The network modes available here will depend on your hardware.
-    * Auto is recommended, unless you're very knowledgeable about networking.
-    * Compatibility issues can create many problems. The best settings are not always obvious.
-  * B Only:  This allows WiFi clients to connect using only the 802.11b protocol.
-  * G Only:  This allows WiFi clients to connect using only the 802.11n protocol.
-  * B/G Mixed:  This allows clients to connect using either 802.11b or 802.11g protocols.
-  * N only:  This allows clients to connect using only the 802.11n protocol.
-These apply only to the 2.4 GHz band interface. There are separate Wireless Network Mode settings for any 5 GHz interface.
+ \\
-\\
+  * Auto: * - router/WiFi clients automatically negotiate the best protocol.
+    * Recommended, unless you have advanced networking skills.
+    * Incompatibilities may exist.
+    * The best settings may not be obvious.
+  * B Only - allows WiFi clients to connect using only 802.11b.
+  * G Only - allows WiFi clients to connect using only 802.11n.
+  * B/G Mixed - allows clients to connect using 802.11b/802.11g.
+  * N only - allows clients to connect using only the 802.11n.
-**SSID:**  This is the network name (Service Set IDentifier) for the 2.4 GHz WiFi interface. For security reasons, you're advised not to include personal words which may indicate your identity, address, location, or equipment type. For example, “HELENLIUNG” would be a poor choice, unless you want everyone nearby to know who owns the network. Single dictionary words also make for very poor security. \\ (Default: FreshTomatoXX, where “XX” is the two numbers in the band.)  For example, on the 2.4 GHz network, the default SSID is “FreshTomato24”. \\ \\
+ \\
-**Broadcast: **Checking this enables SSID broadcasting. This “announces” the SSID on the air, so it's easy to find and connect to. Some argue that disabling SSID Broadcast provides more security. However, SSID names are easily sniffed using common software. Thus, disabling this provides little increase in security. \\ \\
+These apply only to the 2.4 GHz interface. Any 5 GHz interface will have separate Mode settings.
-**Channel: **Selects the channel on which the 2.4 GHz radio interface will operate. Generally, it's best to choose a different channel than your neighbours are using. (Default: Auto).
+ \\
-  * Auto: This default is generally safe unless there's significant interference from other networks or equipment. FreshTomato chooses and uses the channel it believes has the least interference.
+**SSID:** the network name (Service Set IDentifier) for the 2.4 GHz WiFi interface.
-  * Channel: This menu lets you manually choose available channels on the band. Unavailable channels won't appear here. \\ \\
-**Channel Width:**  This menu lets you choose the width of the channel (in terms of frequency).
+For security, don't include personal identity/address/location/equipment type. Single dictionary words are also poor for security.
+(Default: FreshTomatoXX, where “XX” is the two band numbers.)  On a 2.4 GHz network, the default SSID is: “FreshTomato24”. \\ \\
+**Broadcast: **enables SSID broadcasting.
+This “announces” the SSID, so it's easy to find and connect to.
+Common software can easily sniff SSIDs. Contrary to claims, disabling Broadcast provides little security increase.\\ \\
+**Channel: **the channel on which the 2.4 GHz interface operates.
+Generally, choose a different channel than your neighbours'. (Default: Auto).
+ \\
+  * Auto* - this default is generally safe unless there's too much  \\ interference from other, nearby equipment. \\ FreshTomato uses the channel it senses has the least interference.
+  * Channel - lets you manually choose available channels on the band. \\ Unavailable channels won't appear. \\ \\
+**Channel Width:** lets you choose the (frequency) width of the channel.
+ \\
   * 20 MHz
   * 40 MHz
-.11n can use 40 MHz channel width, but to maintain compatibility with legacy systems, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel. \\ \\
+ \\
-**Control Sideband:**  This option is only available If the 20 or 40 Channel Width is selected. This lets you choose whether the extra sideband channel used is above (Upper) or below (Lower) the main channel used. (Default: Upper).
+.11n can use 40 MHz channel width, but to maintain legacy compatibility, it uses one main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel. \\ \\
-  * Upper
+**Control Sideband:** lets you choose whether the sideband channel used is above (Upper) or below (Lower) the main channel.
-  * Lower \\ \\
-**Security**: This menu lets you select the security protocol that will be used on the 2.4 GHz WiFi interface.
+(Default: Upper). This is only available If 20 or 40 Channel Width is selected.
-  * Disabled:  This disables security entirely, leaving the network open to anyone. Avoid using this.
+  * Upper *
-    * This is a basically an unlimited security risk.
+  * Lower\\ \\
-  * WEP: This enables Wired Equivalent Privacy protocol. Avoid using this. It's obsolete due to serious vulnerabilities, \\ such as weak encryption.
+**Security**: here, choose the security protocol used on the 2.4 GHz WiFi interface.
-  * WPA Personal: This enables WiFi Protected Access Protocol 1.x. WPA uses the RC4-based TKIP protocol.
+ \\
-    * This lets hosts exchange pre-shared keys, for more security.
-    * While more secure than WEP, WPA still has weaknesses, like lower encryption standards.
-    * WPA2 is strongly encouraged instead of WPA.
-  * WPA Enterprise: also known as WPA-802.1X. It's similar to WPA Personal, but each user has their own username/password.
+  * Disabled - disables all security, leaving the network open to anyone. \\ Avoid using this. It is a basically an unlimited security risk.
+  * WEP - enables Wired Equivalent Privacy protocol. Avoid this. It's obsolete \\ due to serious vulnerabilities, including weak encryption.
+  * WPA Personal - enables WiFi Protected Access Protocol 1.x.
+    * Uses the RC4-based TKIP protocol.
+    * Lets hosts exchange pre-shared keys, for more security.
+    * More secure than WEP, but has weaknesses like lower encryption standards.
+    * WPA2 is strongly encouraged instead.
+  * WPA Enterprise: (AKA: WPA-802.1X) - is similar to WPA Personal, \\ but each user has his/her own username/password.
     * No common pre-shared key is used.
-    * WPA Enterprise doesn't require a RADIUS server. Often, one is used anyway for compatibility/security reasons.
+    * Doesn't require a RADIUS server.
-    * WPA Enterprise is more secure against dictionary attacks on short passwords.
+    * Is more secure against dictionary attacks on short passwords.
-    * This is suitable for larger, more formal networks.
+    * Is suitable for larger, more formal networks.
-  * WPA2 Personal: WiFi Protected Access version 2 uses elements of the 802.11i standard.
+  * WPA2 Personal - WiFi Protected Access version 2 uses parts of 802.11i.
-    * This supports mandatory use of AES encryption, so it is much more secure than older protocols.
+    * Supports mandatory AES encryption, so much more secure than old protocols.
-    * WPA2 Personal is recommended for small- to mid-sized, informal networks.
+    * Recommended for small- to mid-sized, informal networks.
-  * WPA2 Enterprise: This enables the Enterprise version of WPA2.
+  * WPA2 Enterprise - enables the Enterprise version of WPA2.
-    * This uses WPA2, but each user has their own WiFi username/passkey, not a common pre-shared key.
+    * Uses WPA2, but each user has their own WiFi username/passkey.
-    * WPA2 Enterprise is based on parts of 802.11i.
+    * Is based on parts of 802.11i.
-    * This does NOT require a RADIUS server, but one is often used for legacy purposes for compatibility/security.
+    * Doesn't require a RADIUS server.
-    * This is appropriate for larger, more structured networks.
+    * Appropriate for larger, more structured networks.
-  * WPA / WPA2 Personal:
+  * WPA / WPA2 Personal - enables both protocols. \\ The router will communicate \\ via whatever it detects from the client.
-  * WPA / WPA2 Enterprise:
+  * WPA / WPA2 Enterprise - enables both protocols. \\ The router will communicated \\ via whatever it detects from the client.
-  * RADIUS: Enables Remote Access Dialup User Service.
+  * RADIUS - enables Remote Access Dialup User Service.
-    * This is designed for larger organizations.
+    * Designed for larger organizations.
-    * This uses a separate server to authenticate, permit and keep track of users.
+    * Uses a separate server to authenticate/permit/track users.
-    * This supports authentication via certificates, which eases user management.
+    * Supports authentication via certificates.
-    * This is usually only for advanced users. \\ \\
+    * Is usually only for advanced users. \\ \\
-**Shared Key:**  Here, enter the shared key to authenticate WiFi clients on the LAN. The field shows asterisks until you click your cursor in it. \\ \\
+**Shared Key:**  the authentication key for WiFi LAN clients. Asterisks display before inserting the cursor. \\ \\
-**Group Key Renewal:**  This sets how often encryption keys are used between clients and the router/AP are rotated/changed. \\ This is a part of the WPA protocol. (Default: 3600 seconds = 1 hour).
+**Group Key Renewal:**  sets how often encryption keys used between clients and router are rotated. \\ This is a part of the WPA protocol. (Default: 3600 seconds/1 hour).
-Starting with release 2023.5 and newer the user can adjust rotation interval within the following limits: \\
+ \\
-sec up to 2592000 sec [for mips RT-N / mips-RT-AC and all ARM routers] \\
-=> disabled (not recommended)
-Releases up to 2023.4 can adjust this value within the following limits:
+The following limits apply to adjusting key rotation interval:
-sec up to 7200 sec [all routers]
+ \\
+  * Release 2023.5 and later: From 1 second to 2592000 seconds \\ [for ARM-based and MIPS RT-N / MIPS-RT-AC hardware] \\ Where: 0 = disabled   (not advised).
+  * Releases 2023.4 and earlier (for all hardware): 60 - 7200 seconds.
 ===== Wireless (5 GHz / interface eth2) =====
-The Wireless (5 GHz) section displays information and settings for the wireless network interface on the 5 GHz WiFi band.
+The Wireless (5 GHz) section displays settings and information for the 5 GHz WiFi network interface.
-Your device may show a different device name than eth1. Note: FreshTomato hardware device numbers begin at 0. \\  For example, the first Ethernet device might be called eth0. The second wireless device might be called wl1.
+Your device may show a different device name than eth1. FreshTomato hardware device numbers begin at 0.
-Typically, the 5 GHz WiFi band has higher bandwidth, but shorter distance propagation than the 2.4 GHz band.
+ \\
-**Enable Wireless:**  Checking this turns on the 5 GHz WiFi interface. When unchecked, the 5 GHz WiFi interface is turned off. \\ \\
+For example,
-**MAC Address:**  This displays the MAC (hardware) address of the 5 GHz WiFi interface. \\ Clicking on the MAC address takes you to the [[:mac_address|MAC Address]] page, where you can choose your own MAC address for this interface. \\ \\
+  * The first Ethernet device might be called "eth0".
+  * The second wireless device might be called "wl1".
-**Wireless Mode:**  This lets you choose the wireless mode (function) of the 5 GHz WiFi interface. \\   \\   \\
+ \\
+Typically, the 5 GHz WiFi band has higher bandwidth, but shorter range than the 2.4 GHz band.
+ \\
+**Enable Wireless:**  checking this enables the 5 GHz WiFi interface. \\ \\
+**MAC Address:**  displays the MAC (hardware) address of the 5 GHz WiFi interface. \\ Clicking on this takes you to the [[:mac_address|MAC Address]] page to choose your own address for the interface. \\ \\
+**Wireless Mode:**  lets you select the wireless mode (function) of the 5 GHz interface. \\   \\   \\
 ^   ^  **Table: 5 GHz interface Wireless Mode**  ^
@@ Line 437: / Line 644: @@
 |  \\ Access Point  | \\ The (default) setting, which allows clients to connect to FreshTomato's wireless network(s). \\ \\ -  IPv4 & IPv6 communication work for both MIPS and ARM. \\ |
 |  \\ Access Point WDS  | \\ Sets the router in "repeater mode", allowing clients to connect via WiFi while acting as a \\ WDS [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System]] base station. \\ \\ |
-|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for: MIPS devices (SDK5: RT and RT-N images) and\\    ARM devices (SDK6 & SDK7) starting with release 2021.5 \\ -  This mode does not yet work on SDK6 MIPS RT-AC images.\\ -  Only one wireless radio can be used in this mode. Other radio modules present can be used in AP mode.\\ -  Disable wireless band steering when in this mode during default setup. Advanced users can adjust band steering nvram values.\\ -  WPA2 Personal with AES is the recommended security setup for WiFi connections.\\ -  If connection isn't possible using the above, try WPA / WPA2 Personal + AES. This is the recommended security configuration for MIPS SDK5 (RT and RT-N) wireless client mode. \\ \\ |
+|  \\ Wireless Client  | \\ The router connects to another router/access point as any other wireless client device would. \\ \\ -  Wireless Client mode works for: MIPS devices (SDK5: RT and RT-N images) and\\    ARM devices (SDK6 & SDK7) starting with release 2021.5 \\ -  This mode does not yet work on SDK6 MIPS RT-AC images.\\ -  Only one wireless radio can be used in this mode. Other radio modules present can be used in A/P mode.\\ -  Disable Wireless Band Steering when in this mode during default setup. \\ (Advanced users can adjust band steering NVRAM values).\\ -  [WPA2 Personal with AES] is the recommended security setup for WiFi connections.\\ -  If connection won't establish using the above, try [WPA / WPA2 Personal + AES]. This is the recommended security configuration for MIPS SDK5 (RT and RT-N) wireless client mode. \\ \\ |
-|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. All clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge only to connect to your main AP (no virtual interfaces). Other radio modules can be used, for example, in AP mode. \\ \\ |
+|  \\ Wireless Ethernet Bridge  | \\ Configures FreshTomato to connect to another router. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  As of version 1.19, this mode must have security set to WPA2 to work properly. \\ -  IPv4 communication works for MIPS and ARM builds. \\ -  IPv6 communication will only work for FreshTomato 2021.1 SDK6 ARM Dual-Core and newer\\ -  SDK7 not working/possible. \\ -  Do not enable wireless band steering (BSD) while this mode is enabled. \\ -  Recommendation: Use Wireless Ethernet Bridge only to connect to your main AP (no virtual interfaces). Other radio modules can be used, for example, in AP mode. \\ \\ |
-|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This new mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (for MIPS RT-AC and all ARM images).\\ -  Using Wireless Ethernet Bridge mode is recommended for MIPS RT and RT-N images (like the RT-N16, E4200v1).\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds\\ -  Both IPv4 and IPv6 communication function. IPv6 traffic works without needing to enable IPv6 in the web interface. . \\ -  Support for this mode started with release 2021.6.\\ -  Do not enable wireless band steering with this mode enabled. \\ -  You should use use Media Bridge interface to connect to your main AP only (no virtual interfaces). Other radio modules can be used, for example, in AP mode. \\ \\ |
+|  \\ Media Bridge Mode  | \\ Configures FreshTomato to connect to another router/access point. \\  \\ All clients connected to both routers remain in the same subnet. \\ \\ -  This new mode is similar to Wireless Ethernet Bridge mode for SDK6 and up (for MIPS RT-AC and all ARM images).\\ -  Using Wireless Ethernet Bridge mode is recommended for MIPS RT and RT-N images (like the RT-N16, E4200v1).\\ -  This Mode is not supported with SDK5 (RT / RT-N) builds\\ -  Both IPv4 and IPv6 communication function. IPv6 traffic works without needing to enable IPv6 in the web interface. . \\ -  Support for this mode started with release 2021.6.\\ -  Do not enable wireless band steering with this mode enabled. \\ -  You should use use Media Bridge interface to connect to your main AP only (no virtual interfaces). Other radio modules can be used, for example, in AP mode. \\ \\ |
-|  \\ WDS  | \\ FreshTomato will serve as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station only. \\ \\ |
+|  \\ WDS  | \\ FreshTomato will act only as a [[https://en.wikipedia.org/wiki/Wireless_Distribution_System|Wireless Distribution System (WDS)]] base station. \\ \\ |
 | //Table derived from (Creative Commons) Wikibooks - “Tomato Firmware/Menu Reference” Wireless Mode Selections//  ||
- \\  **Wireless Network Mode: **This lets you choose which 802.11 WiFi protocol(s) to make available to clients.
+ \\  \\
-  * Auto - On this setting, FreshTomato and WiFi clients negotiate the best wireless protocol automatically.
+ **Wireless Network Mode: **Select the 802.11 WiFi protocols available to clients.
-    * Auto is recommended unless you are highly experienced with networking/WiFi.
-    * Compatibility issues can create problems. Often, the most “logical” setting is not the best.
-  * A Only - allows WiFi clients to connect using only the 802.11a protocol.
-  * N Only -  allows clients to connect using only the 802.11n protocol.
-  * N/AC mixed - allows clients to connect using only 802.11AC or 802.11N.
-  * AC Only - allows clients to connect using only the 802.11ac protocol.
-Note that releases before 2021.8 do NOT have a separate setting for 802.11ac. That only arrived with 2021.8.
+ \\
-Separate Wireless Network Mode settings will exist for any 2.4 GHz band interface. See the 2.4 GHz section. \\  (Default: Auto) \\ \\
+  * Auto - FreshTomato/WiFi clients automatically negotiate the best WiFi protocol.
+    * Recommended unless you're highly experienced with WiFi.
+    * Compatibility issues may occur. The “logical” setting isn't always the best.
+  * A Only - allows WiFi clients to connect using only 802.11a.
+  * N Only -  allows WiFi clients to connect using only 802.11n.
+  * N/AC mixed - allows WiFi clients to connect using only 802.11ac or 802.11n.
+  * AC Only - allows WiFi clients to connect using only 802.11ac.
-**SSID:**  This the 5 GHz WiFi interface's network name. For security you should not include any personal words/phrases here which might indicate your identity, address, location, or equipment type. For example, “HELENLIUNG” would be a poor choice, unless you want everyone nearby to know who owns that network. Single dictionary words also make for poor security.  \\ \\ (Default: FreshTomatoXX, where “XX” is the digits in the band.) For example, on a 5 GHz network, the default SSID is “FreshTomato50”. \\ \\
+ \\ (Default: Auto)
-**Broadcast: **Checking this enables SSID broadcasting. This “announces” the SSID on the air, so it's easy to find and connect to. Some argue disabling SSID Broadcast provides more security. However, SSIDs names are easily sniffed with common software. Disabling SSID Broadcast provides little increase in security. \\ \\
+Only releases 2021.8 and later have have a separate setting for 802.11ac.
-**Channel: **Selects the channel on which the 5 GHz radio interface will operate. (Default: Auto).
+Any 2.4 GHz band interface will have separate Mode settings. See the 2.4 GHz section.\\ \\
-Generally, it's a good idea to choose a different channel than the one your neighbours are using.
+**SSID:**  the network name of the 5 GHz WiFi.
-  * Auto: This default is generally safe unless there's significant interference from nearby equipment.
+For security, don't include personal words/phrases indicating your name, identity, address, location, or equipment type. Single dictionary words also make for very poor security.\\ \\ (Default: FreshTomatoXX, where “XX” is the digits in the band.) On a 5 GHz network, the default SSID is “FreshTomato50”. \\ \\
-    * On this setting, FreshTomato selects and uses the channel it believes has the least interference.
-  * Channel: This lets you manually choose from available channels on the band. Unavailable channels won't appear here. \\ \\
-**Channel Width:**  This allows you to choose the width of the channel (in terms of frequency).
+**Broadcast: **enables SSID broadcasting.
+This “announces” the SSID, so it's easy to find. Contrary to claims, SSIDs are easily sniffed with common software. Disabling SSID Broadcast offers little security improvement. \\ \\
+**Channel: **selects the channel on which the 5 GHz WiFi interface will operate..
+Generally, you should choose a different channel than the one your neighbours use.
+ \\
+  * Auto: This default is usually safe unless there's too much interference from nearby equipment.
+    * FreshTomato selects/uses the channel it believes has the least interference.
+  * Channel: lets you manually choose from available channels on the band. \\ Unavailable channels won't appear.
+\\
+**Channel Width:**  lets you select the channel width (frequency-wise).
+ \\
   *  20 MHz
@@ Line 476: / Line 699: @@
   * 160 MHz (not yet supported. May be supported on some SDK714 models)
- \\ 20 MHz channels on the 5 GHz band have no overlap, so the 5GHz band is less prone to interference and noise. Larger channel widths provide more speed/bandwidth if there's low interference. Interference is more common on the 2.4 GHz band. It's usually fine to choose a wider channel width here. However, if you see slowdowns or trouble authenticating/associating with the router, you may need to use a narrower channel width.
+ \\  \\
-.11N can use 40 MHz channel width. However, to maintain legacy compatibility, it uses a main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main channel. \\ \\
+Larger channel widths provide more speed/bandwidth if there's low interference.
-**Control Sideband:**  This option is available only if the 40, 80 or 160 MHz Channel Width is selected. This lets you choose whether the extra channel used is above (Upper) or below (Lower) the main channel being used. (Default: Upper).
+The 5GHz band is less prone to interference and noise, because on that band, 20 MHz channels don't overlap. Interference is more common on the 2.4 GHz band.
-Starting with release 2023.3, this menu will allow you to choose the exact control channel for use FixME! \\ \\
+Usually, it's fine to choose a larger channel width. However, if you see slow traffic, or clients having trouble authenticating/associating with the router, try a narrower channel width.
-**Security:** This menu lets you select the security protocol that will be used on the 2.4 GHz WiFi interface.
+.11n can use 40 MHz channel width. However, for legacy compatibility, it uses a main 20 MHz channel plus a free adjacent channel 20 MHz above or below the main one. \\ \\
-  * Disabled:  disables security entirely, leaving the network open to anyone. Avoid using this.
+**Control Sideband:**  select whether the extra channel used is above (Upper) or below (Lower) the main channel.
-    * This is a basically an unlimited security risk.
-  * WEP: enables Wired Equivalent Privacy protocol. Avoid using this.
+This is available only if 40/80/160 MHz Channel Width is selected. (Default: Upper).\\ \\
-    * This is obsolete due to serious vulnerabilities, such as weak encryption.
-  * WPA Personal:  enables WiFi Protected Access Protocol 1.x. WPA uses the RC4-based TKIP protocol.
+**Security:** lets you choose the security protocol to be used on the 2.4 GHz interface.
-    * This lets hosts exchange pre-shared keys, for more security.
-    * While more secure than WEP, WPA still has weaknesses, like lower encryption standards.
-    * WPA2 is strongly encouraged instead of WPA.
-  * WPA Enterprise: also known as WPA-802.1X. This is similar to WPA Personal, but each user has their own username/password
+ \\
+  * Disabled - disables all security, leaving the network open to anyone.
+    * Avoid using this. It's basically an unlimited security risk.
+  * WEP - enables Wired Equivalent Privacy protocol. Avoid using this.
+    * Obsolete due to serious vulnerabilities, such as weak encryption.
+  * WPA Personal - enables WiFi Protected Access 1.x (with RC4-based TKIP protocol).
+    * Lets hosts exchange pre-shared keys, for more security.
+    * More secure than WEP, but problems include low encryption standards.
+    * Strongly encouraged instead of WPA.
+  * WPA Enterprise (or: "WPA-802.1X") - similar to WPA Personal, \\ but each user has\\ their own username/password.
     * No common pre-shared key is used.
-    * WPA Enterprise doesn't require a RADIUS server. Often, one is used anyway for compatibility and security reasons.
+    * Doesn't require a RADIUS server.
-    * WPA Enterprise is more secure against dictionary attacks on short passwords.
+    * Is more secure against short-password dictionary attacks.
-    * This is suitable for larger, more formal networks.
+    * Is suitable for larger, more formal networks.
-  * WPA2 Personal: WiFi Protected Access version 2 uses elements of the 802.11i standard.
+  * WPA2 Personal - uses elements of the 802.11i standard.
-    * This supports mandatory use of AES encryption. It is much more secure than older protocols.
+    * Supports mandatory use of AES encryption. More secure than old protocols.
-    * WPA2 Personal is recommended for small to mid-sized, informal networks.
+    * Is recommended for small/mid-sized informal networks.
-  * WPA2 Enterprise: This enables the Enterprise version of WPA2.
+  * WPA2 Enterprise - enables the Enterprise version of WPA2.
-    * This uses WPA2, but each user has their own WiFi username/passkey, not a common pre-shared key.
+    * Uses WPA2, but each user has their own username/passkey.
-    * WPA2 Enterprise is based on parts of 802.11i.
+    * Is based on parts of 802.11i.
-    * This does NOT require a RADIUS server, but one is often used for legacy purposes for compatibility and security.
+    * Doesn't require a RADIUS server.
-    * This is appropriate for larger, more structured networks.
+    * Is appropriate for larger, more structured networks.
-  * WPA / WPA2 Personal: This uses WPA2 Personal, and if that fails, allows WPA security
+  * WPA / WPA2 Personal - uses WPA2 Personal, and if that fails, WPA security.
-  * WPA / WPA2 Enterprise: This uses WPA2 Enterprise, or WPA.
+  * WPA / WPA2 Enterprise - uses WPA2 Enterprise, and if that fails, WPA .
-  * RADIUS: Enables Remote Access Dialup User Service.
+  * RADIUS - enables Remote Access Dialup User Service.
-    * This is designed for larger organizations.
+    * Is designed for larger organizations.
-    * This uses a separate server to authenticate, permit and keep track of users.
+    * Uses a separate server to authenticate/permit/track users.
-    * This supports authentication via certificates, which eases user management.
+    * Supports authentication via certificates.
-    * This is usually only for advanced users.
+    * Suitable for advanced users.
  \\
-**Shared Key:**  Here, enter the shared key to authenticate WiFi clients on the network. The field shows asterisks until you click your cursor in it. \\ \\
+**Shared Key:**  the shared authentication key for WiFi LAN clients. Asterisks display until you click your cursor. \\ \\
+**Group Key Renewal:**  sets how often encryption keys used between clients/router are rotated.
-**Group Key Renewal:**  This sets how often encryption keys used between clients and the router are rotated. This is part of the WPA protocol.
+This is part of the WPA protocol. See the first wireless radio unit for more details.
-(Default: 3600 seconds). Please see the first wireless radio unit for more infos!
+(Default: 3600 seconds).
@@ Line 564: / Line 797: @@
 ==== Baby Jumbo Frames ====
-Support for Baby Jumbo Frames (RFC 4638) was added starting with release 2021.3. This function works only on gigabit routers. Not all ISPs support Jumbo Frames for PPPoE (RFC 4638).
+Support for Baby Jumbo Frames is included since release 2021.3. It works only on gigabit routers. Not all ISPs support Jumbo Frames for PPPoE.
+ \\
 To enable Baby Jumbo Frames:
-  * Go the Miscellaneous menu. Check //Enable jumbo frame support// in that menu. The router will reboot.
+  * Go the [[advanced-misc|Miscellaneous]] menu. Check //Enable jumbo frame support// . \\ The router will reboot.
-  * In the Network menu, Set the MTU option to manual, and enter an MTU value of 1500 for PPPoE operation. (Usually, packet size will be 1492)
+  * In the [[basic-network|Network]] menu, Set MTU to manual. For PPPoE operation,  \\ enter an MTU of: 1500. (Usually, use packet size: 1492).
-  * Clamping can be manually disabled, if needed. (Type ''nvram set tcp_clamp_disable=1'' at a FreshTomato command prompt).
+  * Clamping can be manually disabled, if needed. At a FreshTomato\\ command prompt: type: "nvram set tcp_clamp_disable=1"
-  * Ping with packet size 1472 to verify that you have a working PPP MTU of 1500.
+  * Ping with packet size of 1472 to verify a working PPP MTU of 1500.
  \\
@@ Line 577: / Line 812: @@
 ==== Wireless Band Steering ====
- \\
-This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:  \\
+ \\  This example shows the default parameters to steer clients from the 2.4 GHz band to the 5 GHz band:  \\   \\
- \\
 <code ->
 Steer Policy:
@@ Line 594: / Line 829: @@
 N ONLY: NO
 </code>
- \\
- \\
+ \\   \\  \\
-This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:  \\
- \\
+This example shows default parameters to steer clients from the 5 GHz band to the 2.4 GHz band:  \\   \\
 <code ->
 Steer Policy:
@@ Line 613: / Line 849: @@
 </code>
-\\   \\  For more details, see: \\ [[https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0|https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0]]  \\   \\
+\\   \\  For more details, see: \\ [[https://www.smallnetbuilder.com/wireless/wireless-howto/32653-asus-rt-ac3200-smart-connect-the-missing-manual?start=0|Smallnetbuilder.com: Asus RT-AC3200 Smart Connect-the Missing Manual]]  \\   \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools