From Deliberant wiki

Contents 1 Introduction 2 Initial Setup 3 General Device Operation 3.1 Refresh 3.2 Submit 3.3 Save 3.4 Reboot 3.5 Logout 4 Statistics 4.1 System Information 4.2 Interfaces 4.3 Wireless 4.3.1 Wireless Statistics 4.3.2 Peers/Access Points 4.3.3 Radio Information 4.3.4 Peers Pop-Up Window 4.3.5 Peer Stats Pop-Up Window 4.4 Routes 4.5 ARP Table 5 System Configuration 5.1 Administrative Account 5.2 License 5.3 Skins 5.4 Management 5.4.1 Clock/NTP 5.4.1.1 Manual Time Entry 5.4.1.2 NTP (Network Time Protocol) 5.4.2 RCMS Settings 5.4.3 Instant Settings 5.5 Maintenance 5.5.1 Troubleshooting Package 5.5.2 Firmware Upgrade 5.5.3 Reboot 5.5.4 Factory Defaults 6 Network Configuration 6.1 Operating Mode 6.1.1 Bridge Mode 6.1.1.1 Enable STP (Spanning Tree Protocol) 6.1.1.2 LAN Network Settings 6.1.2 Router Mode 6.1.2.1 Enable NAT 6.1.2.2 Enable STP (Spanning Tree Protocol) 6.1.2.3 LAN Network Settings 6.1.2.3.1 DHCP Mode 6.1.2.3.1.1 Disabled 6.1.2.3.1.2 DHCP Client 6.1.2.3.1.3 DHCP Server 6.1.2.4 WAN Network Settings 6.1.2.4.1 WAN Mode 6.1.3 Advanced Mode 6.2 Interfaces 6.2.1 Network Interfaces 6.2.2 Network Settings 6.2.3 IP Aliases 6.3 Bridges 6.3.1 Bridge Builder 6.3.1.1 Bridge Creation 6.3.1.2 Bridge Editing 6.4 VLAN 6.4.1 Creating a VLAN 6.5 DNS 6.6 Routes 6.6.1 Static Routes 6.6.2 Dynamic Routing 6.7 Firewall Rules 6.7.1 Port Forwarding 6.7.2 DMZ 7 Radio Settings 8 Wireless Settings 8.1 Wireless Interfaces 8.2 Virtual Radios 8.3 Wireless Settings 8.3.1 Operating Mode 8.3.2 Proprietary Transparent Bridge 8.3.3 Throughput Enhancements 8.3.4 SSID 8.3.5 Quality of Service (WMM) 8.3.6 Client Isolation 9 Wireless Security 9.1 Authentication 9.2 Access Control 10 Expert Mode - Configuration File Management 10.1 Edit Configuration 11 Services 11.1 Wireless Statistics 11.2 SSH 11.3 Syslog 11.4 HTTP 12 Tools 12.1 Site Survey 12.2 Antenna Alignment 12.3 Traffic Generator 12.3.1 Rates Test 12.3.2 ACK Timeout Test 12.3.3 Throughput Test

Introduction

DLB-AP products contain a powerful web configuration interface, allowing setups ranging from very simple to very complex.

Initial Setup

The default IP address for all Deliberant products is: 192.168.2.66

Default administrator logon settings are: User Name: admin Password: admin01

To access the device, configure your PC with a static IP address on the 192.168.2.0 subnet with mask 255.255.255.0. Connect the Deliberant device ethernet interface in to the same physical network as your PC. Open the Web browser and type the default IP address of the Deliberant device: http://192.168.2.66

General Device Operation

There are three general actions to manage configuration file using the skin: Refresh status, Submit configuration changes, Save to save new device configuration and Reboot to reboot the device after changes have been applied.

Refresh

Statistics pages or other pages that may change frequently and do not have any configurable items may have a Refresh button available which when clicked refreshes the information on the page.

Submit

Configuration pages contain a page-wide submit button at the top of the screen that submits all changes made on a single page to a temporary configuration cache. In previous versions, it may have been necessary to click a Change button in multiple sections on the page. This is no longer necessary.

The Submit button does not save the configuration permanently, only temporary. Once the Submit button is pressed, the SAVE button must also be pressed to save the configuration to the device.It is OK to edit multiple consecutive pages using the Submit button before clicking the SAVE button.

Save

Whenever a Submit button has been clicked on any page, the message “This config contains unsaved changes, click to SAVE” appears in the header of the web page. The SAVE button is clickable. By clicking save, all temporary changes made by clicking Submit will be applied to the actual configuration of the device. No changes will be made unless the SAVE button is clicked.

Changes will not take effect until the device is rebooted

Reboot

After the SAVE button has been pressed, the device will need to be rebooted before any changes will take effect. The message “REBOOT device to apply changes” will appear. The REBOOT is clickable. When REBOOT is clicked, the device will be rebooted and will come back up with all changes applied.

Logout

Click LOGOUT link on the top right corner of the main menu to leave the Web management interface: When the LOGOUT button is clicked, the administrator is redirected to the login page.

Statistics

Use the Statistics menu to check the DLB-AP device current status (this is the default page when accessing the device web management interface). There are five sections of statistics information:

• System Information
• Interfaces
• Wireless
• Routes
• ARP Table

System Information

System Information menu displays general devices status (device name, firmware version, hardware revision, uptime, system memory, average load), license status and short information about current skin.

Uptime – displays the time, expressed in days, hours and minutes since the system was last rebooted.

Hardware version – displays the device hardware version.

Device name – displays the device type.

Friendly name – displays the device name used by RCMS and SNMP.

Firmware version – displays current version of the firmware [<PRODUCT>.<HW>.<VERSION>.<CPU>.<RADIO>.<SKIN>.<BUILD-NO>.<BUILD-TIME>]

Average system load – displays the average load of the device processor in the period of the last 1minute, 5 minutes and 15 minutes (a larger value means a larger average load on the processor).

• <1.0 – System is idle
• =1.0 – Normal load
• >1.0 – Processor is busy.

System memory – displays total and free system memory [kB].

License status – displays a status of the current license.

Active skin – displays the name and the version of current skin

Interfaces

The Network Statistics page displays the main network configuration and receive/transmit statistics of all interfaces.

Network statistics – displays detailed receive and transmit statistics of each interface.

Network configuration – displays the main parameters of the interfaces (MAC address, IP address, Netmask and Broadcast address).

Wireless

The Wireless Statistics screen displays useful information regarding your wireless interfaces

Wireless Statistics

Shows general wireless statistics for each wireless interface running on your device

Status: Displays whether the interface is up or down

Link: The general quality of the interface. This number is an average of the quality of all associated peers

Level: The general signal strength of the interface. This number is the sum of the Link and the Noise Level.

Noise: The level of noise around the interface

Invalid Network ID: Number of packets received with a different Network ID or SSID. Used to detect configuration problems or adjacent network existence running on the same frequency.

Decryption Errors: Number of packets hardware was unable to decrypt. This can be used to detect invalid encryption settings.

Invalid Fragments: Number of packets for which the hardware was not able to properly reassemble the link layer fragments

Retry Count: Number of packets that the hardware failed to deliver

Miscellaneous Errors: Other packets lost in relation with specific wireless operations

Missed Beacons: Number of periodic beacons from the cell or access point missed. Beacons are sent at regular intervals to maintain cell coordination; failure to receive them usually indicates that the radio is out of range.

Peers/Access Points

View Peer List Displays a pop-up window with a list of associated clients for each wireless interface Displays Mode, MAC Address, Quality (quality is determined by a signal to noise ratio), signal level, noise level, and association data rate View Peer Stats Displays a pop-up window with a list of usage stats for associated clients Displays hardware address of client, Friendly Name of client if available, Association time, Received bytes, Sent bytes, and SSID client is connected to

Radio Information

Provides information for each wireless interface running on the device

Peers Pop-Up Window

Displays Mode, MAC Address, Quality (quality is determined by a signal to noise ratio), signal level, noise level, association data rate, custom association label, and IP address (if available)

The IP address is loaded from the local ARP table, so unless the client is talking directly to the device (such as in routing mode) the IP address may not be available.

To add a custom label to associated peers for easier management, you can type in a name in the text field and click update.

Once updated, this label is stored to the device and will appear every time the client associates.

Peer Stats Pop-Up Window

Provides statistics for clients associated to any of the Access Points on the Deliberant Unit. This feature only works if the option has been turned on in the Configuration > Services section.

Peer Stats will not be available for interfaces operating in client mode

The following information is available:

Hardware Address: This is the MAC address of the wireless client that is associating

Friendly Name: This is the friendly name that is available if one has been entered in the Wireless Peers section. This is read only in the Peer Stats section

Association Time: The time the client associated to the access point. For this to work properly, the time settings must be configured in System > Management

Received Bytes: Traffic received on the AP from the client

Sent Bytes: Traffic sent from the AP to the client

ESSID: SSID client is associated to

Routes

The routes page displays the IP-route table for each interface

ARP Table

The ARP Table page displays the table of ARP (Address Resolution Protocol) entries. ARP entries will only exist for units that the unit is talking directly to. If the device is in bridge mode, not all clients should show up in this list.

System Configuration

Administrative Account

We recommend to change the default administrator password as soon as possible.

The Administrative Account menu is for changing the existing administrators’ password.

Username – displays the username of the current connected administrator. This parameter is not changeable.

Old password – enter the old administrator password.

New password – enter the new administrator password for user authentication.

Verify password – re-enter the new password to verify its accuracy.

The only way to gain access to the web management if you forget the administrator password is to reset the WILI-AP to factory default settings.

Default administrator login settings are: User Name: admin Password: admin01

License

When the device is installed and ready for use, the valid license file should be uploaded on the device to activate a full set of the device features. The license status is displayed on the device System Information page:

License status – displays the license validity status:

• valid – this license status means that devise has full functionality of the purchased WILI-S firmware release. With a valid license, you can get all service releases of the purchased FW version for free.
• not valid – this license status provides only a very limited functionality.

The license will be still valid after resetting the device to defaults.

If the device has an invalid license uploaded, only very limited set of the device functionality is enabled:

• It runs only with a default configuration. Only a single BSSID is allowed; DHCP client runs on WAN interface, DHCP servers run on LAN and Wireless interfaces.

• It is impossible to change the configuration. All features are locked down until a valid license is presented. Any changes made in configuration will be stored in the flash memory of the device. Thus only a default setting will be used after the reboot.

To manage the license file, use the System | License menu:

License status – displays the validity status of current license.

Download current license file – click to download current device license file to your local PC.

License File Upload – click for the license file upload on the device.

To upload a new valid license file on the device use the Upload button under the Upload New License section:

Browse… – click to specify the license file you want to upload on the device.

Upload – click to upload the chosen license file on the device.

Be sure for certain you are uploading a valid license file.

After the new license file is uploaded, the device must be rebooted for changes to take effect. For instructions how to reboot the device, refer to the section Reboot on the Maintenance page.

In case the fault license file has been uploaded, the device becomes inactive after reboot and the default configuration will be uploaded with the dynamic IP address given by the local DHCP server.

Skins

The are two types of skins: build-in and custom. The build-in skins comes with a WILI device firmware and are undeletable so even after the device reset to factory defaults the build-in skins will remain. The custom skins are fully manageable - they can be uploaded and deleted from the system by the administrator.

Use the System | Skin page for skin upload, download or activation.

Skin name – displays the name of the particular skin.

Active – marks which skin is activated on the system.

Type – specifies the type of particular skin:

• build-in – skins that are built in device firmware and cannot be removed. The built-in skins will remain even after device reset to factory defaults.

• custom – skins developed under customers' needs and uploaded to the device manually.

Activate – load and activate selected skin on the system. After the selected skin will be activated, the new web interface appearance will be displayed.

Take a note that after activation of a new skin, the configuration file and parameter values will be reverted to the default values of the activated skin (including the IP address of the device and administrator's credentials).

It is recommended to refresh your browser (Ctrl+F5) after the successful activation of a skin.

Delete – remove the selected skins from the system. The build-in skins are not removable, only custom skins can be deleted.

Download – download the selected skin to your local PC.

Use the Upload New Skin section to upload custom skins on the WILI device system:

Browse… – click the button to select the new skin archive from a folder on the PC.

Upload – upload the new skin on the system. Successfully uploaded skin archive will appear on the Skin table under Device Skins section.

Management

Clock/NTP

There are two ways to configure the time on a Deliberant unit:

• Manual Entry of Time
• NTP (Network Time Protocol)

Manual Time Entry

TimeZone - Enter time zone in GMT (Greenwich Mean Time) deviation

Date (YYY.MM.DD) - Enter the current date (e.g. 2008.05.05)

Time - Enter time in 24 hour format (e.g. 14:35)

Save last known time - Saves the last known time in a persistent store

NTP (Network Time Protocol)

Server IP - The IP Address or DNS address of a valid reachable NTP address

Add IP - Add extra NTP servers

Delete Selected - Will delete the selected NTP server

GMT Offsets:

RCMS Settings

RCMS (Remote Configuration Management Server) is a centralized monitoring and management solution for Deliberant products. At the heart of RCMS is a powerful and efficient engine that securely gathers, interprets and records information from registered network devices, and makes that information available to network administrators through a convenient, secure, and attractive Web interface.

RCMS settings must be defined on each individual client before the RCMS server can receive information about the device.

An RCMS server is required in order to utilize the RCMS functionality.

Enable RCMS - Enable/Disable RCMS daemon to run

RCMS server URL - URL for RCMS daemon to send heartbeat packets

e.g. http://rcms.thebestwispontheplanet.net/heartbeat.php

Heartbeat Interval - Interval in seconds between subsequent heartbeat notifications (Default: 30)

Heartbeat timeout - Maximum number of seconds to wait for a response from the RCMS server before considering the connection as having timed out. (Default: 60)

Statistics Update Interval - Heartbeat interval in seconds between statistics collection (Default: 300)

Statistics items - Allow adding/removing statistics items based on an SNMP OID to be monitored by RCMS

Instant Settings

By default Deliberant settings are applied when the device first boots. This means that settings must be stored in the configuration of the device, and then those settings are loaded when the device is rebooted. Some options have the ability to be changed instantly. When this option is selected, a Set button will appear to any configuration options that have instant change capabilities.

Maintenance

Troubleshooting Package

Allows the download of a package that can be used for troubleshooting

This package includes various files that include current radio stats and debug messages.

Includes:

• Output from /var/log/messages
• Running configuration file
• Various stats from device

Firmware Upgrade

Allows the upload of firmware images.

Do not switch off and do not disconnect the device from the power supply during the firmware update process as the device could be damaged!

Reboot

Reboots the device

Factory Defaults

Pressing reset will reset the device to factory defaults

Network Configuration

Operating Mode

There are three operating modes the device can function as, bridged mode, router mode, or advanced mode

• Bridged mode bridges all interfaces on the device together
• Router mode bridges all interfaces except one designated WAN interface
• Advanced mode allows you to create custom bridges and separate interfaces according to your needs

Bridge Mode

By default the device is configured in Bridged Mode. Bridged mode groups all interfaces into an OSI layer 2 bridge. A bridge connects multiple network segments/interfaces together and allows traffic to pass among them.

Enable STP (Spanning Tree Protocol)

STP, or Spanning Tree Protocol, is useful if there are potential loops in your network layout. If a network loop occurs, your network may experience a broadcast storm, and STP protects against this.

LAN Network Settings

When in bridge mode you have the ability to enter the following information:

• IP Address
• Subnet Mask
• Default gateway
• DNS Server 1
• DNS Server 2

Since all of the interfaces are bridged, the unit will be accessible from any interface on the unit at the IP specified. E.G. By default the unit is bridged with an IP Address of 192.168.2.254. This means that if you connect wirelessly to the default AP you can connect to the unit at 192.168.2.254 or if you connect by cable you can access it at 192.168.2.254

Router Mode

Router mode separates the device into two subnets, a LAN subnet and a WAN subnet. When setting the device to Router Mode, you must select the interface you want to function as the WAN interface. Once the WAN interface is selected, all other interfaces are grouped together to form the LAN bridge. The WAN interface and LAN bridge will have separate IP settings and will reside on separate IP subnets. E.G. If the Ethernet interface is designated as the WAN interface, all wireless interfaces (ath0, wds1, etc) will be added to the LAN bridge. Or if the WDS interface is designated as the WAN interface, the Ethernet and parent wireless interface (eth0, wds1) will be added to the LAN bridge.

This can be useful for the following scenarios:

• Only one public IP is available and multiple computers need to share that IP address
• Separation is needed between an Access Point and the rest of the network

Enable NAT

NAT, or Network Address Translation, allows a group of computers to share one public IP address to access outside networks. This is enabled by default

Enable STP (Spanning Tree Protocol)

STP, or Spanning Tree Protocol, is useful if there are potential loops in your network layout. If a network loop occurs, your network may experience a broadcast storm, and STP protects against this.

LAN Network Settings

This section configures IP settings for the LAN interface. This section is always enabled. When the device is in Bridge Mode, all five textboxes are available; however, in Router Mode, Default Gateway, DNS Server 1, and DNS Server 2 are not available.

DHCP Mode

DHCP Mode has three options: Disabled, Client, and Server.

Disabled

Disabled does not provide any DHCP functionality. A static IP must be set.

DHCP Client

DHCP Client sets the LAN interface to obtain an IP automatically if there is a DHCP server on the subnet. If device cannot automatically obtain an IP from the DHCP server, device will use the statically assigned IP address from the section above it.

DHCP Server

DHCP Server sets a DHCP server to run on the LAN subnet. This is typical in Router Mode when providing network access to a group of computers separated from your WAN subnet.

DHCP Start - the beginning IP for the IP range in which to hand out IP addresses

DHCP End - the ending IP for the IP range in which to hand out IP addresses

DHCP Netmask - the 32 bit mask used to identify the local portion of the LAN subnet (e.g. 255.255.255.0)

DHCP Gateway - the IP address to hand out to DHCP clients as the gateway to pass all traffic (In this case it will be the LAN IP address of the device

DHCP lease time - the amount of time (in seconds) until the DHCP lease expires on the server

DHCP DNS server - the IP address to hand out to DHCP clients as the DNS server (In this case it will be the LAN IP address of the device)

Show DHCP Leases - will open a new window with a list of current DHCP leases on the LAN interface

WAN Network Settings

This section configures the interface connecting your device to outside networks in router mode.

The default WAN IP address is: 172.1.1.1

WAN Mode

• Static IP allows the entry of a static IP address and IP information

• DHCP client allows the radio to obtain WAN IP information automatically from a DHCP server on the network

• PPPoE mode allows radio to authenticate against a PPPoE server and obtain IP information from server once authenticated

Advanced Mode

Image:Wan-advancedmode.png

Advanced Mode is for advanced users that need more flexibility in their network setup than bridge or router mode. This mode allows you to do things such as:

• Add/Remove bridges with the Bridge Builder
• Add/Remove interfaces from bridges
• Assign IP Information to individual interfaces
• Add multiple IP addresses to single interfaces
• Create VLAN Interfaces

Interfaces

Network Interfaces

The Network Interfaces screen displays a summary of all interfaces in the unit that IP address information can be assigned to. Any interfaces that are included in a bridge will not be displayed in the interface list since IP information cannot be applied to it.

The following information is displayed in the summary table:

• Interface Name (Can be physical interface, bridge, radio, VLAN, or virtual radio)
• Status – (enabled/disabled) Displays current status of interface
• IP Address – Displays primary IP address for device. If address is 0.0.0.0, no IP address has been set for this interface. IP Aliases (secondary addresses) are not displayed here.
• Subnet Mask – The subnet mask for the primary IP address assigned to interface
• NAT Status – (enabled/disabled) Displays whether NAT is enabled or disabled on the interface
• DHCP Mode – (none/client/server) Displays what DHCP mode the current interface is operating with
• Has IP Aliases – (yes/no) Displays whether interface has an IP Aliases enabled
• Edit Button – Clicking this button will open a new page that allows viewing/editing of current interface’s Network Settings

Network Settings

This section contains the network settings for the interface selected from the Network Interfaces page.

Enable - Enables/Disables interface

IP Address - The IP address of the current interface (e.g. 192.168.2.254)

Subnet Mask - The Subnet Mask of the current interface (e.g. 255.255.255.0)

Default Gateway - The default gateway IP address to send all traffic on this interface to (e.g. 192.168.2.1)

Enable NAT - Enables Network Address Translation (NAT). When this is enabled, all IP traffic headed outbound on current interface will be masqueraded behind the IP of the current interface.

DHCP Mode - Selection of which DHCP mode to implement on the interface, if any. There are two modes available:

• Client – If DHCP Client is enabled, interface will attempt to pick up DHCP address from a server on the network. If no DHCP server is present, interface will reside on static IP address entered in IP address field above.
• Server – Enables a DHCP server on current interface that will assign IP addresses to clients on same network. When a client connects, the DHCP server will assign an IP address from the designated pool of IPs with appropriate settings.

DHCP Start - sets the beginning IP for the IP range in which to hand out IP addresses

DHCP End - sets the ending IP for the IP range in which to hand out IP addresses

DHCP Netmask - is the 32 bit mask used to identify the local portion of the LAN subnet (e.g. 255.255.255.0)

DHCP Gateway - is the IP address to hand out to DHCP clients as the gateway to pass all traffic (In this case it will be the LAN IP address of the device

DHCP lease time - is the amount of time (in seconds) until the DHCP lease expires on the server

DHCP DNS server - is the IP address to hand out to DHCP clients as the DNS server (In this case it will be the LAN IP address of the device)

Show DHCP Leases - will open a new window with a list of current DHCP leases on the LAN interface

IP Aliases

It is possible with IP Aliasing to add multiple IP addresses to a single interface. The interface will then be accessible from any of the IP Aliases or the standard IP

IP Address - The additional IP address that is being added to the interface

Subnet Mask - The subnet mask of the alias being added

Bridges

The Bridges section is only available in Advanced Mode

The Bridges section allows the creation/deletion of interface bridges. A bridge transparently relays traffic between multiple network interfaces. There are a few restrictions when using bridges:

• It is not possible to add a device to multiple bridges
• VLANs cannot be created on bridge interfaces they can only be added to them
• A bridge cannot be added to another bridge

Bridge Builder

Bridge Creation

To create a new bridge, there must be at least one interface available that is not already in a bridge.

1. Select one or more interfaces that will make up the bridge
2. Select the ‘Create New Bridge’ drop down option
3. Click the Add button
4. A new bridge section will be created that contains the selected interfaces

Bridge names are incremental. Naming starts at br0, and is incremented by one, so the next bridge will be br1, then br2 and so on…

To add interfaces to existing bridges, there must be at least one interface available that is not already in a bridge

1. Select one or more interfaces that will be added to the bridge
2. Select the desired bridge in the drop down menu
3. Click Add
4. The selected interfaces will be added to the selected bridge

Bridge Editing

Each bridge is displayed in incremental order along with associated settings for each bridge

Enable Bridge - Enables/disables the bridge. Disabling the bridge does not disable the interfaces in the bridge.

Enable STP - Enables/disables STP (Spanning Tree Protocol) for the bridge.

Spanning Tree Protocol is useful if you may have loops in your network layout. If you are running multiple or redundant bridges, then you need to enable the Spanning Tree Protocol (STP) to optimize multiple hops and avoid bridging loops. Normally redundant bridges would result in duplicated packets which would saturate the connected networks. Bridges configured to use STP negotiate the shortest possible link between the connected networks and disable all other possible links. If a link fails STP recalculates the links and can enable a workaround for the failed link. For the bridge to take part in this negotiation, STP must be enabled. It is disabled by default when creating the bridge.

Remove Bridge - Removes the bridge. Removing the bridge will free all of the interfaces contained in the bridge, allowing interfaces to have separate IP information or be added to other bridges

For each interface in the bridge, the following options are available:

Enable Interface - Enables/Disables selected interface. Disabling an interface does not remove the interface from the bridge.

Remove Interface - To remove an interface from the bridge check the Remove Interface checkbox and click the Update button

Remove All - To remove all interfaces from the bridge, click the Remove All buttons. This will free all of the interfaces contained in the bridge, allowing interfaces to have separate IP information or to be added to other bridges

VLAN

The VLAN Section is only available in Advanced mode

Deliberant products are capable of 802.1Q VLAN Tagging. A Virtual Local Area Network (VLAN) is a method of creating independent logical networks within a physical network. This helps in reducing the broadcast domain and aids in network administration by separating logical segments of a LAN (like company departments) that should not exchange data using a LAN.

Creating a VLAN

VLANs are created ‘on top’ of parent interfaces and given an integer ID

Valid IDs are integer numbers between 2 and 4095

When a VLAN is created on top of a parent interface, a new interface is created with the name of the parent interface name and a dot or ‘.’ then the VLAN ID appended E.G. If a VLAN is created with an ID of 100 on interface ixp1, a new interface will be created named ixp1.100

Limitations:

• VLANs cannot be created on top of bridges
• VLANs can be created on top of wireless interfaces, but VLANs do not have wireless extensions, so VLAN interfaces will not show up in the Wireless Settings

DNS

The DNS Section is only available in Advanced mode

The DNS section allows you to specify what DNS servers the device will use to resolve hostnames There are a few requirements for the DNS Servers:

• DNS Servers must be entered in IP format
• DNS Servers must either be on same subnet as device or routes must be set up between device and server

Routes

This section allows for setting up special routes to route IP traffic in other places than the default gateway.

Static Routes

Destination - The Subnet ID of the subnet you want traffic routed to a different location Subnet Mask - The 32 bit mask identifying the routed subnet Default Gateway - The IP to route all traffic in specified route to. (This IP must already be accessible by device)

Make sure the route is correct before adding. Web configuration will allow routes to be added even if incorrect! Use a subnet calculator to verify

Dynamic Routing

Deliberant units contain the Quagga routing suite and provide the capability of performing RIP and OSPF.

Since Quagga is based on text based configuration files, Deliberant units provide the ability to edit these configuration files directly.

Since there are many different configuration options for the Quagga suite, please refer directly to the Quagga site for any questions regarding Quagga configuration: http://www.quagga.net/docs.php

Firewall Rules

The Firewall Rules section gives you the ability to pass traffic behind an interface that has NAT enabled. For instance if the unit is in router mode with NAT enabled on the WAN interface, no devices on the outside of the WAN interface can see any private IPs on the LAN side of the unit. By using port forwarding or DMZ you can pass traffic through to these private IP addresses.

Port Forwarding

This option allows traffic to pass through the NAT firewall from the public IP to a specified private IP on a certain port.

Source Port - Port that will be accessed externally using the public IP address

e.g. http://www.deliberant.com:8080 (port 8080)

Private IP address - IP address behind NAT that public traffic will get forwarded to

e.g. Web server on 192.168.2.200

Destination Port - Listening port on private computer behind NAT

e.g. HTTP listening port on internal web server 192.168.2.200:80

Protocol - TCP traffic, UDP traffic, or Both

DMZ

This allows the device to forward all incoming traffic on the WAN interface to an internal IP address behind the NAT firewall. Doing this allows one computer to function as if it is not behind the firewall.

Radio Settings

This section configures the physical aspects of the wireless interfaces. Any settings in this section will apply to the physical interface and any virtual interfaces created on top of it.

Country Code - The default country is United States. This cannot be changed without running the international version of the firmware.

Enable Radio - This checkbox enables or disables the physical radio. Disabling the radio will also disable any virtual interfaces created on the physical radio.

IEEE Mode - Sets the 802.11 mode of the radio. Options include (A, B Only, G Only, B/G)

IEEE Mode only available on certain Delibierant Units

Current Channel - Displays the channel the radio is currently operating on. If radio is currently set to Client Mode and is not connected to an Access Point, radio may be roaming and display different channels at different times.

Channel - A list of available channels the radio can operate on. If in Access Point mode and set to Auto, radio will scan around to find the least noisy channel at boot time and operate on it.

Channel Size - (Full/Half/Quarter) The default channel bandwidth for 802.11a is 20mhz wide. The default for 802.11g is 22mhz. Changing the channel size to a half or quarter size channel can allow for a more efficient use of the 802.11 spectrum. Reducing the channel size will increase the power density and at the same time can reduce noise and interference. However, reducing the channel size will result in a drop in available throughput by a half or a fourth of a standard sized channel’s throughput when using half or quarter size channels respectively.

Only clients that have support for smaller channel sizes will be able to associate to Access Points that have been set to use a half/quarter channel size. Most laptop users will not be able to associate to an AP in half/quarter channel mode.

Automatic Data Rate Mode - Enabling this function will allow the radio to change the association’s data rate depending on the quality of the link. This is helpful in environments where the quality of links may change or can be unpredictable.

Data Rate, Mbps - The data rate this radio will associate at when connecting to peers. If radio is functioning in Auto Data Rate Mode, this option depicts the MAX data rate the radio can associate at.

Transmit Power (dBm) - The output power of the physical radio. If value is set higher than radio can perform at, the next highest available power setting is used. (e.g. if a txpower of 30dbm is used but the radio only goes up to 26dbm, the radio will actually run at 26dbm even though it says 30dbm.)

If using a high-gain antenna, it may be necessary to lower transmit power to stay in accordance with FCC regulations.

ACK Timeout - 802.11 radios have an ACK Timeout setting (acknowledgement timeout) where if the transmitting radio doesn’t get a response from the receiving radio within a certain timeframe it will assume the packets have been lost and retransmit the packets. If you have long range links, the time to send a message and then get a response back will increase and may exceed the standard ACK timeout settings. On long-range links, increasing this setting will reduce retransmits and improve the quality of the link. However, at the same time, if you have short links and your ACK settings are too high, if a packet gets lost in transit, the sender will wait longer to retransmit than usual which will degrade the link unnecessarily.

The formula to determine a baseline ACK setting is: ACK = 23 + (Distance in meters / 150)

This is just a guideline, and adjustments may need to be made depending on environment.

Fragmentation - The fragmentation threshold which determines whether data frames will be fragmented and what size.

RTS - (Request to Send) Specifies the maximum packet size until the radio sends a ‘Request to Send’

Wireless Settings

Wireless Interfaces

This section displays a summary of all wireless interfaces (physical and virtual) running on the device. Physical interfaces are shown in bold, with virtual interfaces shown as sub-items under the physical interfaces

The following information is available in the summary table:

• Interface Name
• Parent – the parent of the interface. If the interface is the physical interface
• SSID – The Service Set Identifier of the wireless access point or client
• Mode – The mode of the interface (AP/Client)
• Edit Button – Displays a new page that allows viewing or editing the properties of the associated wireless interface
• Delete Button (Only available for virtual interfaces) – Deletes the selected virtual interface

Virtual Radios

Creation of Virtual Radios (VSSIDs) is also available from the Wireless Interfaces screen.

1. Select the parent radio virtual radio will be created on from the Create a New Virtual Radio drop down menu and click OK.
2. The wireless settings for the virtual interface will be displayed
3. Modify settings appropriately and click the OK button
4. A virtual radio will be created with the label <interface name>-vap<index-1> where index is the count of virtual radios on the parent radio. (e.g. The third virtual AP created on ath0 will be named ath0-vap2)

There are a few rules to keep in mind when using Virtual Radios:

• Virtual Radios can only be created on parent radios that are operating in AP mode. Parent radios operating in client mode will not appear in the drop down menu.
• Only one virtual radio may run in Client Mode on a parent interface at one time
• When a virtual radio is created that is set to Client Mode, the parent interface will be ‘down’ until the client virtual radio is associated to an AP
• Virtual Radios do not use the same hardware MAC as the parent interfaces, so if using an Access Control List or MAC authentication be sure to get the correct MAC in the Statistics > Wireless section
• Virtual Radios will run on the same channel as the parent radio
• Each virtual radio can run security settings separate from other virtual radios and the parent radio

Wireless Settings

This section contains settings for the wireless interfaces. These settings can be applied independently to physical and virtual radios.

Operating Mode

There are two wireless operating modes: AP and Client

AP - Enables the radio to function as an Access Point. When in AP mode, wireless clients can see the AP broadcast and associate to it if settings are configured correctly.

Client - Sets the radio to run in client, or managed, mode. When in client mode, radio does not broadcast an SSID and clients cannot connect to it. Client mode allows the radio to connect to other radios functioning as an AP.

Changing a parent radio from AP to Client mode will delete all Virtual Radios already created on that interface since no Virtual Radios may be created on a parent radio that is operating in Client mode.

Proprietary Transparent Bridge

Enabling this function allows all traffic to pass through the client radio to the access point transparently. This function must be enabled on the AP and Client radios. When this option is disabled, Client radios will connect in Station mode and perform Proxy-Arp on all traffic going from the Client to the AP. The Client will proxy all traffic being transferred through it to the AP and make it look to the AP that all traffic is coming from one MAC address even if there are multiple hosts connected to the Client radio. Enabling Transparent Bridge allows all traffic to pass freely and is MAC-transparent. This is sometimes referred to as WDS (Wireless Distribution System).

This is only supported on Deliberant to Deliberant setups.

Throughput Enhancements

Performance enhancements available for the radio (Only available for 802.11A and 802.11G)

Fast Frames - Frame aggregation (allows up to 3000 bytes), as well as timing modification

Packet Bursting - More data frames per given period of time

Compression - Lempel Ziv real-time hardware data compression

SSID

(Service Set Identifier) This is the SSID that will either be broadcasted if radio is in AP mode, or that the radio will scan for and attempt to connect to if in Client mode.

Broadcast SSID: Enables or disables the broadcasting of the SSID for APs. (This is not available for interfaces operating in client mode)

Quality of Service (WMM)

Subset of 802.11e. Provides basic QoS features to 802.11 networks. WMM prioritizes traffic based on four “Access Categories” – Voice, Video, Best Effort, and Background. It is suitable for simple applications that require QoS such as Voice over IP (VoIP).

Client Isolation

Layer 2 isolation that blocks clients from communicating with each other

Wireless Security

Authentication

Deliberant supports various authentication/encryption methods. The Wireless Security page displays all wireless interfaces (physical and virtual) and allows security settings to be applied per interface.

Authentication Method - Select which authentication method the radio will run as

• None – No security is implemented on this interface
• WPA-PSK-TKIP – WPA pre-shared key security using the TKIP (Temporal Key Integrity Protocol) algorithm
• WPA-PSK-CCMP – WPA pre-shared key security using the CCMP (AES) algorithm
• WPA2-PSK-TKIP – WPA2 pre-shared key security using the TKIP (Temporal Key Integrity Protocol) algorithm
• WPA2-PSK-CCMP – WPA2 pre-shared key security using the CCMP (AES) algorithm
• WEP64 – Wireless Equivalent Privacy (64 bit)
• WEP128 – Wireless Equivalent Privacy (128 bit)

Passphrase - This field accepts a pre-shared key that will be used when authenticating against peer radio Accepted Values:

• WPA/WPA2 - Pass phrases of length from 8 to 63 characters (All characters allowed)
• WEP-64bit - 5 hexadecimal pairs delimited by colons (00:11:22:33:44)
• WEP-128bit - 13 hexadecimal pairs delimited by colons (00:11:22:33:44:00:11:22:33:44:00:11:22)

Access Control

Access Control provides the ability to limit associations wirelessly based on MAC address to an AP by creating an Access Control List (ACL).

If Instant setting changes have been enabled, the Access Control List operations will happen immediately.

Policy - There are two policies for creating an Access Control List.

• Allow – All MAC addresses are allowed by default EXCEPT the MAC addresses listed
  • This means the ACL is more of a MAC blacklist
• Deny – All MAC addresses are denied by default EXCEPT the MAC addresses listed
  • This means the ACL is more of a MAC whitelist

Interface - Select which interface to implement the Access Control list on (physical or virtual)

Only one ACL (either accept or deny) can be implemented per interface at one time

There are two ways to add MAC addresses to Access Control Lists:

• Enter MAC addresses individually
• Upload text file containing MAC addresses

When entering a MAC address individually, the following options are available:

MAC - A single MAC address to add to current list (00:11:22:33:44:55)

Friendly Name - (Optional) Add a friendly name to MAC address. This can help to distinguish MAC addresses if the Access Control List becomes large

When uploading a text file with multiple MAC addresses, the following options are available:

Upload File - Upload a file (comma-separated or newline separated) that will be added to the existing list of ACL Mac addresses

Expert Mode - Configuration File Management

Allows advanced users the ability to modify configuration file directly

Upload New Configuration File - Allows upload of custom or backup configuration files

Download Running Configuration File - Download the config that the device is currently running

Edit Configuration

Editing the configuration file directly can be useful if you need configuration options that are too advanced to be included into the web configuration, or for fine tuning after the web configuration has been used to apply general settings.

Making changes in the skin’s web configuration after directly modifying the configuration file may cause any changes made in configuration file to be LOST!

Save - Saves current configuration file to the device. When the device reboots, current configuration will be effective

Reset - Clears any changes made to the configuration file in current edit

Read Active - Loads the last saved configuration file from device memory

Read Backup - Loads the next-to-last saved configuration file from device memory

Adjust edit area height - Adjusts the number of lines viewable of the configuration text box

Incorrect changes in the configuration file can render the device unusable!

Services

Wireless Statistics

Deliberant Access Points provide the functionality to monitor wireless peer traffic in real-time.

The following information is available:

• Associated peer’s hardware MAC address
• Associated peer’s friendly name
• Association Time
• Received bytes (traffic received on the AP from the client)
• Sent bytes (traffic sent from the AP to the client)
• SSID client is connected to

SSH

Configuration for the SSH daemon

Enable SSH - Enables or disables the SSH daemon

Port - Specifies which port SSH will accept connections on

Syslog

Configuration for the Syslog (System Log)

Message Level - Specifies the verbosity of the logs and the detail to which to keep logs

Forward Enabled - Enables logs to be sent to an external Syslog server

Host IP Address - IP Address of external Syslog server

Host Port - Port Syslog server listens on

Forward message level - Specifies detail of which to forward logs

Forward backup enabled - Allow a secondary or backup Syslog server

Forward host IP address - Backup external Syslog server

Forward Host Port - Port Backup Syslog server listens on

HTTP

Enables or disables configuration/management through HTTP.

https is always enabled

Tools

Site Survey

The Site Survey test shows overview information for any wireless networks that are within communication range of the device. Using this test, an administrator can scan for working access points, check their operating channels, WEP encryption and see signal/noise levels. An administrator can use this feature to identify a clear channel to set the Deliberant device to that will not receive interference from adjacent APs.

MAC Address - The MAC address of the remote wireless radio

ESSID - Extended Service Set Identifier – Identifying name of the wireless access point

Encryption - Specifies whether the AP has encryption enabled or disabled

Signal Strength - The receive signal strength the device is picking up from remote radio

Noise Floor - Measures the amount of noise in the area of the device

Frequency - Displays the frequency the remote radio is running at

Channel - Displays the channel the remote radio is running on

Choose Wireless Interface - Will select the wireless radio to run the scan on

Running the site survey tool momentarily disables normal operation of the radio!

Connect to selected radio - If radio is in client mode, selecting an Access Point’s radio button and clicking this button will automatically set up a client for that Access Point

Antenna Alignment

The antenna alignment test measures signal quality between the bridge/access point and other wireless networking devices. For best results during the antenna alignment test, turn off all wireless networking devices within range of the device except the device(s) with which you are trying to align the antenna. Watch the constantly updated display in the Alignment Test window as you adjust the antenna.

Choose wireless interface - select the wireless interface on which the Antenna Alignment test will be performed.

The Antenna Alignment test results appear when you click the Start button, and finishes when you click Stop button.

Traffic Generator

The built-in traffic generator provides a method of determining the speed of a link, or how much traffic can travel across a link in a given amount of time. This is useful when setting up or troubleshooting wireless links.

Rates Test

The Rates Test section is a supplement to the Traffic Generator tool that allows you to manually set the maximum data rate the radio will communicate at.

Set - Temporarily sets the radio to associate at selected data rate (to be used for testing with the traffic generator)

Save - Saves the data rate to the device so the device will continue to operate at that data rate in the future

ACK Timeout Test

The ACK Timeout Test is a supplement for the Traffic Generator tool that allows manipulation of ACK settings at run-time. ACK timeout settings generally only need to be changed for long distance links.

Set - Temporarily sets the ACK timeout for the radio

Save - Saves the ACK timeout value to the device so the device will continue to use this ACK timeout value in the future

Throughput Test

Tests the amount of throughput that can be passed across the wireless link at a time

Operating Mode - The two operating modes are Server and Client.

• Server opens a connection and waits for another throughput test in client mode to begin and begin communication with the server
• Client will contact a throughput test running in Server mode and begin the test. When the test isn’t run in duplex mode, the client downloads the data from the Server. So the traffic goes from the Server to the Client.

Protocol - Specifies the protocol to run the test on (either TCP or UDP)

Host - This is the IP address of the device acting as the throughput test server. This is entered on the client side of the throughput test.

Duplex Traffic - This toggles the option to make the traffic full duplex. When disabled, traffic goes in the direction of Server -> Client. When enabled the traffic goes from Server -> Client and Client -> Server at the same time.

Start - In server mode, begins the server daemon listening. In client mode, contacts server and begins test

Stop - Stops the test

Show Results - Shows current results of test on screen. Test does not need to be complete for this to run.