Documente Academic
Documente Profesional
Documente Cultură
Security
Bandwidth management
Wireless connection sharing
Configuration using Linux console
Bridge, Router, WISP, WDS Modes
Wroc∏aw 2007
APPro54G
Software User’s Guide
Version for
OvisLink WL-5460AP
Access Point
Witold Warczak
Przemys∏aw Kobel
ISBN-13: 978-83-924807-0-9
Published by:
Alfanet Sp.z o.o.
Bulwar Ikara 29A/2
54-130 Wroc∏aw
www: http://www.approsoftware.com
email: info@approsoftware.com
tel: +48 71 79 56 000
fax.: +48 71 79 56 500
Images of OvisLink Access Point used with courtesy of Action SA.
Print:
„Duet” S.C. Drukarnia
ul. Cybulskiego 35b
50-205 Wroc∏aw
tel. (071) 32 87 879
All rights reserved, including rights to reprint and translation. No part of this book may be published without
prior written consent of the publisher. This also applies to photocopying, microfilms and transferring data to
computer systems.
Acknowledgements
Authors of this book want to thank many persons for their valuable input and support that helped
to complete the work. In particular, we are thankful to: Robert Bogacz, Bohumil Boura, Robert
Kowal, Jacek Pasek, and ¸ukasz Piotrowski. Also, the product managers of Polish distributors had
their part in communication with hardware manufacturers. Without that help APPro development
would be much more difficult – if not impossible. That’s why we want to send our thanks to:
Pawe∏ Koz∏owski, Pawe∏ Martyniuk, Maciej Miku∏owski, Pawe∏ Walczak and Bartosz Wróbel.
Maciej Miku∏owski is the first person that believed in APPro success and in November 2004 agreed
to install this software on Access Points. Since then, APPro/APlite software has been installed on
over 100 000 devices around the globe.
Thak you!
Table of contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 Basic modes of operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2. Device setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1 Starting the AP device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.2 Accessing the Web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.3 Restoring AP’s default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.4 Changing the access password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.5 Confirming and activating new settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.6 Updating the firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
4.2.1 Basic Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
4.2.2 Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.2.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
4.2.4 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.2.5 Site Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.2.6 WDS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
7 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
7.1 How to report problems with software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148
7.2 Sending the AP for service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
8. Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
A Literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
B Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
1. Introduction
This guide contains description of innovative APPro54G software, created by Alfanet – a company
based in Wroclaw, Poland. This software enables the creation and complete oversight of computer
networks – both wired (LAN), and wireless (WiFi or WLAN) – while maintaining a very low cost of
construction and operation of such a network. Thanks to APPro54G, a simple Access Point (AP in
short) gains new capabilities, matching (and sometimes even exceeding) those of high-profile,
expensive wireless devices. While advanced, the software is still easy to use. More experienced users
can get extra functionality by logging on to the built-in Linux system.
About us
Alfanet sp. z o.o. is a Wroc∏aw-based Polish company, operating since 1996 as an ISP, as well as
provider of solutions based on Open-Source Software and Linux operating system. We offer to our
customers such services as Web hosting, domain registration and maintenance, design of Web
applications and Web pages, network security and wireless Internet access. Alfanet also designs and
sells specialized APPro54G software for Access Points based on RTL8186 chipset.
1.1 AP overview
Ovislink WL-5460AP is designed for indoor use only. Its power supply has an output voltage of
12 V and a current of 800 mA. The power supply can be replaced with a PoE (Power over Ethernet)
adapter connected to a UTP/STP (LAN) cable.
Power socket (1) is placed on the AP’s backplate. Next to it, there are two RJ-45 ports (2) and (3),
used for connecting to LAN networks. These ports can work in several modes, depending on software
configuration.
The Reset button (4) allows quick restoration of the device’s default settings.
The last socket on WL-5460AP is an RP-SMA port (5) intended for WiFi antenna. In this socket,
you can install enclosed antenna. It’s possible to use other antennas as well, as long as they are
designed to work in 2,4 GHz frequency band, and have an impedance of 50 ohms.
10 INTRODUCTION
Using an improper antenna type may damage the radio module of the
device!and ports Ethernet 2 to 5 are used for LAN network.
On the front panel AP has LEDs that indicate device’s status. They have following meaning:
• Power (6) Power indicator.
• Status (7) Device status. If the red LED is lit, it means that the data is
written to flash memory, device is starting up or its
configuration is being changed. When this LED goes out, AP is
ready to work.
• Link/Act (8) Network connection status.
• WEP (9) Wireless network protection is on.
• MAC Ctrl (10) MAC addresses filtering.
• Repeater (11) The device is working as a bridge, wireless repeater or uses
PPPoE connection.
• LAN1, LAN2 (12), (13): These LEDs indicate data transmission through AP’s LAN ports.
For more information about differences between particular flavors of APPro54G, visit the site
http://approsoftware. com/appro54g/. This book refers to the standard version of the softwa-
re. Devices equipped with APPro54G can operate in several basic modes, including Access Point, Ro-
uter, Access Point Client, Bridge or part of WDS (Wireless Distribution System) . In each of these mo-
des, the device performs different functions, suited for specific applications.
Access Point
In this mode, AP enables connection between WiFi devices and resources of wired LAN network.
AP’s LAN interfaces work as a multiport switch, relaying traffic between traditional LAN and wireless
WLAN networks. For more information: see page 16.
INTRODUCTION 11
AP Client
In this mode AP operates as a WiFi network adapter, connected to the computer via an ordinary LAN
port. Simultaneously it’s possible to use AP as a multiport network switch that relays traffic between
LAN and WLAN networks, but to connect multiple LAN users to WiFi, adequate device configuration
is necessary. For more information: see page 22.
Bridge
Devices operating in bridge mode allow connection of several different LAN networks (up to five) with
wireless links. Such configuration offers slightly higher performance than common AP – APC connec-
tion. For more information: see page 28.
WDS/Repeater
Device operating in this mode acts as an element of Wireless Distribution System (WDS) . Such sys-
tem enables creation of a wireless network that covers a much larger area than is possible with single
Access Point. For more information: see page 61.
APPro54G software has much greater capabilities, such as functions that optimize network opera-
tion, connection diagnostics, address filtering or bandwidth management for specific users. These topics
are covered in detail on (in the) next sections of this guide.
12 DEVICE SETUP
2 Device setup
• In the Internet Protocol (TCP/IP) Properties dialog enable Use the following
IP address option, and in IP address and Subnet mask fields type values
192.168.100.1 and 255.255.255.0 respectively. You can leave other fields unchanged.
• Close dialogs, confirming new settings with OK button.
Your computer is now ready to work the with Access Point device. Now you can power up the AP, and
on computer launch a Web browser that supports JavaScript (some of popular browsers are Internet
Explorer, Mozilla and Opera) .
In order to improve network security, you should change device’s default user-
name and password. This will prevent unauthorized users from changing
AP’s configuration.
Advanced users will appreciate the possibility of logging on directly to device’s Linux console via Telnet
or SSH protocols. To use this feature, all you need to do is to enter device’s IP as a host address. User-
name and password are the same as in AP’s Web interface.
14 DEVICE SETUP
3.1 AP Mode
In this mode, you can use your AP to connect wireless devices to a standard wired LAN network. Ac-
cess Point operates like a multiport network switch, that relays traffic between LAN and WLAN net-
works.
This section doesn’t apply to AP mode with NAT feature enabled. Such configurations are dis-
cussed on following pages.
Connection setup
LAN network can be connected to LAN1 or LAN2 port in the AP. Additionally, these ports work as a
standard network switch, which allows connection to extra devices.
Requirements
• To configure AP device, it has to operate with IP address and subnet mask consistent with
addressing scheme established by network administrator or service provider (see: page 12).
• To provide AP with Internet access, you need to set up proper gateway and name server
(DNS) addresses in device’s options.
• If AP’s configuration was previously altered, it’s recommended to restore its default settings.
STEP BY STEP: COMMON CONFIGURATIONS 17
Actions
• Log on to the AP (see: page 12).
• On Wireless/Site Survey page find a free, or the least occupied WiFi channel
(see: page 99).
• On Wireless/Basic Settings page set the following options:
r Mode: AP Access Point;
r ESSID: enter name of your network, e. g.: MY_NET;
r Enable Packet Aggregation: remove selection;
r Channel Number: choose number of channel found on Site Survey page;
r Modulation: choose 802.11b;
r Click on OK button.
18 STEP BY STEP: COMMON CONFIGURATIONS
After setting these options, you need to configure each computer in the wireless network with appro-
priate settings. At this point the Internet connection should be already available. If network operates
properly with new settings, you can additionally configure:
• encryption of data transmission (see: page 97),
• authentication of client devices (see: page 94),
• bandwidth management (see: page 72).
22 STEP BY STEP: COMMON CONFIGURATIONS
This section doesn’t apply to APC mode with NAT feature enabled. Such configurations are discus-
sed on following pages.
Connection setup
LAN network can be connected to LAN1 or LAN2 port in the AP. Additionally, these ports operate as
a standard network switch, which allows connection to extra devices.
Requirements
• To enable AP’s connection with wireless network, you need to know that network’s SSID.
• For proper operation of AP in client mode, you need to know channel number and mode
(b or g) of wireless network you’d like to connect to.
• If your network uses encryption, you need to know WEP or WPA encryption keys as well.
• To enable communication between computers in LAN and a wireless network, machines in
LAN need to have IP addresses and subnet mask consistent with addressing scheme
established for WiFi network by AP administrator.
• To configure AP device, it has to operate with IP address and subnet mask consistent with
addressing scheme established by network administrator or service provider.
• To provide AP with Internet access, you need to set up proper gateway and name server
(DNS) addresses in device’s options.
• If AP’s configuration was previously altered, it’s recommended to restore its default settings.
STEP BY STEP: COMMON CONFIGURATIONS 23
Actions
• Log on to the AP (see: page 12).
• On the Wireless/Site Survey page find the correct base station
(see: page 99). Ensure that this station’s signal has adequate strength (recommended value
is 35 or more).
• On Wireless/Basic Settings page set the following options:
r Mode: APC Infrastructure Client;
r ESSID: type SSID identifier of wireless network you want to connect to;
r Enable Packet Aggregation: remove selection;
r Modulation: choose operating mode of wireless network you want to connect to.
If you don’t know the correct value, select 802.11b;
r Click on OK button.
24 STEP BY STEP: COMMON CONFIGURATIONS
After setting these options, you need to configure each computer in the wireless network with appropria-
te settings. At this point the Internet connection should be already available. If network operates properly
with new settings, you can additionally configure:
• access options for computers in LAN network and bandwidth management (see: page 72).
Connection setup
LAN network can be connected to LAN1 or LAN2 port in the AP. Additionally, these ports operate as
a standard network switch, which allows connection to extra devices.
STEP BY STEP: COMMON CONFIGURATIONS 29
Requirements
• In order to connect other APs configured as Bridge Slaves, it’s necessary to know their MAC
addresses.
Make sure that MAC addresses of Bridge Slaves are actually their WLAN inter-
face addresses (BSSID value on the AP Status page of APPro54G
Web interface).
• To communicate with Bridge Master, Slave devices need to have IP addresses and subnet
masks consistent with addressing scheme established by network administrator or connec-
tion provider.
• To properly configure Bridge Master device, you need to set AP’s IP address and subnet
mask that are consistent with addressing scheme established by network administrator
or service provider.
• To provide AP with Internet access, you need to set up proper gateway and name server
(DNS) addresses in device’s options.
• If AP’s configuration was previously altered, it’s recommended to restore its default settings.
30 STEP BY STEP: COMMON CONFIGURATIONS
Actions
• Log on to the AP (see: page 12).
• On Wireless/Site Survey page find a free, or the least occupied WiFi channel, on which the
bridge will operate (see: page 99). All devices set up as bridge elements have to operate
on the same channel.
• On Wireless/Basic Settings page set the following options:
r Mode: Bridge Master;
r ESSID: type name of your network, e.g.: MY_NET;
r Enable Packet Aggregation: remove selection;
r Channel Number: choose number of channel found on Site Survey page;
r Modulation: choose 802.11b;
r Slave MAC Address: type MAC addresses of Slave devices communicating with your
AP. MAC addresses need to be entered in xx:xx:xx:xx:xx:xx format, where ’x’ stands for digits
0–9 and letters a–f (lowercase).
r Click on OK button.
STEP BY STEP: COMMON CONFIGURATIONS 31
After setting these options, you need to configure other parts of the bridge – the devices operating as
Bridge Slaves. At this point it should be possible to communicate with other APs operating in Bridge
Slave mode.
If this initial set up is working properly, it is recommended to set up additional features:
• bandwidth management (see: page 72),
• encryption (see: page 84).
Connection setup
LAN network can be connected to LAN1 or LAN2 port in the AP. Additionally, these ports operate as
a standard network switch, which allows connection to extra devices.
Requirements
• To establish connection between your device and another AP that operates in Bridge Master
mode (or Slave in two-point bridges), it’s necessary to know MAC address of the other
device.
Make sure that MAC address of the other device is actually its WLAN interface
address (BSSID value on the AP Status page of APPro54G Web interface).
• To properly configure Bridge Slave device, you need to set AP’s IP address and subnet mask
that are consistent with addressing scheme established by network administrator or service
provider (see: page 12).
• To connect to the Internet, it’s recommended to enter Gateway and name server (DNS)
addresses.
• If AP’s configuration was previously altered, it’s recommended to restore its default settings.
36 STEP BY STEP: COMMON CONFIGURATIONS
Actions
• Log on to the AP (see: page 12).
• On Wireless/Site Survey page find a free, or the least occupied WiFi channel
(see: page 99).
Repeat these steps on each Slave and Master device of wireless bridge. All
APs configured as parts of your bridge have to operate on the same channel.
After setting these options, you need to configure device on other side of the bridge – operating either
as Bridge Slave or Master. At this point it should be possible to communicate with other AP operating
in Bridge mode.
If this initial set up is working properly, it is recommended to set up additional features:
• bandwidth management (see: page 72).
STEP BY STEP: COMMON CONFIGURATIONS 41
Connection setup
LAN network can be connected to LAN1 or LAN2 port in the AP. Additionally, these ports operate as
a standard network switch, which allows connection to extra devices.
Requirements
• To enable AP’s connection with wireless network, you need to know that network’s SSID.
• For proper operation of AP in client mode, you need to know a channel number and a mode
(b or g) of the wireless network you’d like to connect to.
• If your network uses encryption, you need to know WEP or WPA encryption keys as well.
• To enable communication between your AP and a WiFi network, you need to configure proper
IP address and subnet mask on AP’s wireless interface (obtained from connection provider).
• To connect to the Internet, you need to know Gateway and name server (DNS) addresses.
• If AP’s configuration was previously altered, it’s recommended to restore its default settings.
Actions
• Log on to the AP (see: page 12).
• On Wireless/Site Survey page find a free, or the least occupied WiFi channel
(see: page 99). Also ensure that available signal has adequate strength (recommended value
is 35 or more).
• On Wireless/Basic Settings page set the following options:
r Mode: APC Infrastructure Client;
r ESSID: type SSID identifier of wireless network you want to connect to;
r Enable Packet Aggregation: remove selection;
r Channel Number: choose number of channel found on Site Survey page;
r Modulation: choose operating mode of wireless network you want to connect to. If
you don’t know the correct value, select 802.11b;
r Click on OK button.
STEP BY STEP: COMMON CONFIGURATIONS 43
After setting these options, you need to configure computers in LAN network, by using following
settings:
• IP Address: unique address from range of 172.20.1.2 – 172.20.1.254;
• Subnet mask: 255.255.255.0;
• Gateway Address: 172.20.1.1;
• DNS Server: obtained from wireless connection provider or one of openly available servers,
e.g.: 194.204.159.1.
At this point it should be possible to communicate with the Internet. If this initial set up is working
properly, it is recommended to set up additional features:
• authentication of client devices (see: page 97),
• bandwidth management (see: page 72),
• DHCP Server. (see: page 107).
Requirements:
• Internet cable should be connected to AP’s LAN2 port.
• Internal LAN network should be connected to any of AP’s LAN1 port.
• To enable communication between AP and the Internet (via the WAN interface), you need
to set proper IP address and subnet mask (obtained from connection provider).
• To connect with the Internet, you need to know Gateway and name server (DNS) addresses.
• If AP’s configuration was previously altered, it’s recommended to restore its default settings.
48 STEP BY STEP: COMMON CONFIGURATIONS
Actions
• Log on to the AP (see: page 12).
• On Wireless/Site Survey page find a free, or the least occupied WiFi channel
(see: page 99).
• On Wireless/Basic Settings page set following options:
r Mode: AP Access Point;
r ESSID: type wireless network identifier (SSID), e.g. MY_NET;
r Enable Packet Aggregation: remove selection;
r Channel Number: choose number of channel found on Site Survey page;
r Modulation: choose 802.11b;
r Click on OK button.
STEP BY STEP: COMMON CONFIGURATIONS 49
After setting these options, you need to configure computers in LAN network with the following settings:
• IP Address: unique address from range of 172.20.1.2 – 172.20.1.254;
• Subnet mask: 255.255.255.0;
• Gateway Address: 172.20.1.1;
• SDNS Server: obtained from wireless connection provider or one of openly available servers,
e.g.: 194.204.159.1.
At this point it should be possible to communicate with the Internet. If this initial set up is working
properly, it is recommended to set up additional features:
• encryption of data transmission (see: page 97),
• authentication of client devices (see: page 97),
• bandwidth management (see: page 72),
• DHCP Server (see: page 107).
Requirements
• Working Internet connection and complete information (obtained from service provider),
needed to configure your device (IP address with subnet mask, Gateway, and DNS).
• Your DSL modem should be connected to LAN2 port in the AP. In AP device this port can
operate as WAN interface. Computers in local network can be connected to AP’s LAN1 port.
From now on, AP’s configuration procedure is identical to WAN connection sharing (page 47).
54 STEP BY STEP: COMMON CONFIGURATIONS
Requirements
• Internet cable from ADSL modem should be connected to AP’s LAN2 port.
• Internal LAN network should be connected to any of AP’s LAN1 port.
• For proper operation of Internet connection, it’s necessary to know IP, DNS and Gateway
addresses, as well as subnet mask – this informations should be obtained from your service
provider.
• If AP’s configuration was previously altered, it’s recommended to restore its default settings.
STEP BY STEP: COMMON CONFIGURATIONS 55
Actions
• Log on to the AP (see: page 12).
• On Wireless/Site Survey page find a free, or the least occupied WiFi channel
(see: page 99).
• On Wireless/Basic Settings page set the following options:
r Mode: AP Access Point;
r ESSID: type wireless network identifier (SSID), e.g. MY_NET;
r Enable Packet Aggregation: remove selection;
r Channel Number: choose number of channel found on Site Survey page;
r Modulation: choose 802.11b;
r Click on OK button.
56 STEP BY STEP: COMMON CONFIGURATIONS
When established, the PPPoE connection is indicated with an orange Bridge LED.
After setting these options, you need to configure computers in LAN and WLAN networks with the
following settings:
• IP Address: unique address from range of 172.20.1.2 – 172.20.1.254;
• Subnet mask: 255.255.255.0;
• Gateway Address: 172.20.1.1;
• DNS Server: obtained from wireless connection provider or one of openly available servers, e.g.:
194.204.159.1.
At this point it should be possible to communicate with the Internet. If this initial setup is working
properly, it is recommended to set up additional features:
• encryption of data transmission (see: page 97),
• authentication of client devices (see: page 97),
• bandwidth management (see: page 72),
• DHCP Server (see: page 107).
STEP BY STEP: COMMON CONFIGURATIONS 61
Actions
• Configure primary and secondary base stations for AP mode (see: page 16). Each device
has to operate on the same WiFi channel and with the same settings of transmission speed
and mode, but they can use different ESSID identifiers.
62 STEP BY STEP: COMMON CONFIGURATIONS
Actions
• Configure base stations of your WDS chain for AP mode (see: page 16). Each device has to
operate on the same WiFi channel and with the same settings of transmission speed and
mode, but they can use different ESSID identifiers.
• Log on to first base station (see: page 12).
• On Wireless/WDS Settings page set the following options:
r Enable WDS: select this option;
r MAC Address/Comment: Enter MAC address and description of second station in WDS
chain. MAC address needs to be entered in xx:xx:xx:xx:xx:xx format, where ‘x’ stands
for digits 0–9 and letters a–f (lowercase). Add parameters of secondary WDS station,
by clicking on OK button. Make sure you specified MAC address of a wireless
interface. You can find it in BSSID value on AP Status page of APPro54G Web
interface.
r Click on OK button.
STEP BY STEP: COMMON CONFIGURATIONS 67
• Log on to third (in this case – last) base station of WDS chain (see: page 12).
• On Wireless/WDS Settings page set the following options:
r Enable WDS: select this option;
r MAC Address/Comment: enter MAC address and description of second (previous)
station in WDS chain. MAC address needs to be entered in xx:xx:xx:xx:xx:xx format,
where ‘x’ stands for digits 0–9 and letters a–f (lowercase). Add parameters of WDS
stations by clicking on OK button.
Make sure you specified MAC address of a wireless interface. You can find it in
BSSID value on AP Status page of APPro54G Web interface.
r Click on OK button.
STEP BY STEP: COMMON CONFIGURATIONS 71
In WDS mode the routing options are not available for traffic transmitted over WDS.
However, you can route traffic and enable NAT for Ethernet (LAN) interfaces.
72 STEP BY STEP: COMMON CONFIGURATIONS
You must not choose the same port to be both the uplink and downlink interface.
To ensure correct operation of QoS and Traffic Manager features, configure your AP in one of the modes
described in sections 3.1–3.9. Next, you need to configure Uplink and Downlink interfaces on
TCP/IP Advanced Settings page (Bandwidth management section), based on the following
description:
• AP mode:
r Uplink interface – select LAN1 or LAN2,
r Downlink interface – select WLAN.
To enable bandwidth management in WDS mode, you need to select the WDS option as well.
• APC mode:
r Uplink interface – select WLAN.
r Downlink interface – select LAN1 and LAN2.
• Bridge Master mode:
r Uplink interface – select LAN1 and LAN2,
r Downlink interface – select WDS.
• Bridge Slave mode:
r Uplink interface – select WDS.
r Downlink interface – select LAN1 and LAN2.
• WISP mode (wireless connection sharing):
r Uplink interface – select WLAN,
r Downlink interface – select LAN1 and LAN2.
• WISP PPPoE mode (wireless connection sharing):
r Uplink interface – select PPPoE,
r Downlink interface – select LAN1 and LAN2.
• Wireless Router mode (WAN/DSL connection sharing):
r Uplink interface – select LAN2,
r Downlink interface – select LAN1 and WLAN.
74 STEP BY STEP: COMMON CONFIGURATIONS
If your WDS network is connected in line configuration, it’s optimal to set up bandwidth management
options on line’s first device – the one that connects a LAN network with the rest of WDS. It’s not
possible to manage the bandwidth on intermediate base stations of a WDS line.
When configuring Uplink and Downlink interfaces, keep in mind the following guidelines:
• The same interface should not be assigned both to Uplink and Downlink traffic at the
same time.
• Bandwidth management is available only for traffic going out of any given interface
(Downlink traffic), because only in that case is packet queuing possible. In Linux system,
queuing for Uplink traffic actually applies to packets leaving the interface on the opposite
side of the data transmission path.
• To have your traffic properly managed by APPro54G, you need to configure it in such a way,
that the data transmission to a client has to leave the Downlink interface, and the
transmission from a client leaves the Uplink interface.
• This is the same reason why it’s not possible to manage traffic simultaneously between
devices on your local network (connected to LAN1 and LAN2 interfaces) and between your
network and the Internet (traffic leaving the WLAN port). If you configured WLAN interface
as Uplink, and your LAN1/LAN2 as a Downlink (these settings are required for the
management of Internet traffic), transmissions between LAN1 and LAN2 will be controlled
only partially, in one direction.
• Similar restrictions apply to configurations with LAN2 set-up as Uplink and LAN1/WLAN as
a Downlink interface. In that case, transmissions between LAN1 and WLAN interfaces will
have only partial traffic management available.
• If some of AP’s interfaces are not assigned to Uplink or Downlink categories, traffic coming
from such interfaces won’t be subjected to the traffic management features.
• After you enable Deny option on TCP/IP Traffic Management page, clients that are not
placed on that page’s access list will be blocked, even if they are connected to interfaces not
assigned to the Uplink or Downlink categories.
76 STEP BY STEP: COMMON CONFIGURATIONS
In QoS settings, you can set the priority and percentage of total bandwidth assigned to each of four
traffic categories:
• ACK/UDP/ICMP – packet acknowledgement signals in TCP/IP sessions, DNS queries, DHCP
traffic, VoIP Internet Telephony and ICMP control messages.
STEP BY STEP: COMMON CONFIGURATIONS 77
• Web Traffic – traffic generated by typical Web services (packets sent through ports 80,
443, 3128 and 8080).
• Mail Traffic – traffic generated by e-mail sending and receiving (ports 25, 110, 465 and
995).
• P2P Traffic – depending on firmware version, these are the packets marked with ipp2p
module or sent through ports typical to most common P2P networks.
• Other Traffic – packets that don’t fall into any of the above categories.
Remember that low priority packets will be sent only after the higher priority
transmissions are completed. When transmission limits are set, traffic with
lower priority will still pass the AP if total bandwidth for high-priority traffic
is lower than the maximum bandwidth of your connection.
Actions:
• Log on to the AP (see: page 12).
• On TCP/IP/ Quality of Service page set the following options:
r Advanced QoS: Enabled;
r Downlink: enter the speed of data download from the external network (in kilobits per
second); this value should be determined according to the description at the beginning
of this section. This value combines speeds achieved on interfaces selected in the
Downlink section of the TCP/IP Advanced Settings page.
r Uplink: maximum speed of sending data to the external network (through interface
selected as Uplink on the TCP/IP Advanced Settings page). This value should be
determined according to the description at the beginning of this section.
r Queuing Discipline: choose Traffic Limiter;
r ACK/UDP/ICMP Priority: choose HIGH, and in limit field type value of 20%;
r Web Traffic Priority: choose MEDIUM, and in limit field type value of 50%;
r Mail Traffic Priority: choose HIGH, and in limit field type value of 80%;
r P2P Traffic Priority: choose LOW, and in limit field type value of 40%;
r Other Traffic Priority: choose LOW, and in limit field type value of 40%;
r Click on Apply Changes button.
78 STEP BY STEP: COMMON CONFIGURATIONS
You can verify QoS operation a few minutes after you enable it – relevant
information is located on page Statistics/QoS Statistics.
• Downlink packet limit – maximum total number of packets received in one second
from the external network (e.g. from the Internet). Set this value according to description at
the beginning of this section.
• Uplink packet limit – maximum total number of packets sent in one second to the
external network. Set this value according to description at the beginning of this section.
• Downlink connection limit – maximum total number of concurrent TCP connections
from the external network.
• Uplink connection limit – maximum total number of concurrent TCP connections to
the external network.
STEP BY STEP: COMMON CONFIGURATIONS 79
Remember that some devices (e.g. access points operating in APC mode) can
mask MAC addresses of computers connected to their LAN ports. In such
cases you should use only IP addresses (in this instance: address of
the APC device).
You can restrict bandwidth and packet transmission speeds for the following protocols:
• TCP – limits TCP packets traffic only.
• UDP – limits UDP packets traffic only.
• Both – limits traffic for both TCP and UDP protocols.
• Block – blocks any traffic for a given device or user.
Aside from the above traffic-limiting options, you can set an additional management rule. This rule is
specified with Unlisted Clients Traffic option:
• Deny – blocks traffic to clients not included in Traffic Manager table, or those that don’t
have matching IP and MAC addresses.
• Forward – AP lets traffic pass without any restrictions.
80 STEP BY STEP: COMMON CONFIGURATIONS
Actions:
• Log on to the AP (see: page 12).
• On TCP/IP/ Traffic Manager page set the following options:
r Traffic Manager: Enabled;
r Unlisted Clients Traffic: Deny;
r In Traffic Manager table enter settings for each user of your network, using adequate IP
(Client IP) or MAC address (Client MAC). Set appropriate Uplink and Downlink
speeds, and select protocol for the traffic you want to regulate. You can also set the
maximum allowed number of TCP connections (Connection limit), and the
transmission speed for packets (Packet limit – applies to traffic other than Web
browsing, e-mail, DNS and DHCP). In Comment field you can type description for each
set of parameters, and then add it to a list, by clicking on OK button.
r Click on Apply Changes button.
STEP BY STEP: COMMON CONFIGURATIONS 81
3.11 Security
Wireless networks do require special means of data protection. You need to protect both transmitted
data (against eavesdropping), and the network itself, so only authorized users could get access to it.
Remember, that radio network is much more vulnerable to tapping than wired LANs: user data can be
intercepted even from long distances, and furthermore, it’s relatively easy to connect an unauthorized
client station to the network.
APPro54G offers the following ways to improve network’s security:
• Access Control List (ACL) for wireless client stations, identified with their MAC addresses;
• uwireless station authentication;
• data encryption;
• hiding SSID identifier;
• blocking connection with unauthorized clients based on pairs of MAC/IP addresses.
Actions:
• Log on to the AP (see: page 12).
• On Wireless/Access Control page set the following options:
r Enable Wireless Access Control: select this option.
r Access Mode: choose Allow option.
r MAC Address: Type MAC address of client station, that’s allowed to communicate with
your AP. Ensure that you use correct address notation (use hexadecimal numbers
separated with colons – xx:xx:xx:xx:xx:xx).
r Comment: You can enter here a description that will make it easier to identify devices
on Access Control list.
r Add entered set of parameters to the list by clicking on OK button.
82 STEP BY STEP: COMMON CONFIGURATIONS
r Repeat last three steps for each device you want to add to the list
(it holds up to 63 entries).
r Click on Apply Changes button.
Authentication has an advantage over ACL – authentication protects both base station (against
unauthorized clients), and users (against connecting with incorrect base station). During the
authentication process the station’s identity is verified. You can choose authentication methods on the
Security page. The following options are available:
• Auto, Both – Authentication method will be chosen automatically. With this option, first
the Shared Key (WEP) authentication will be attempted – if one of the stations doesn’t
support this method, the Open System method will be used.
• Open Authentication lub Open System – Method based on a very simple algorithm that
only theoretically meets requirements for an authentication system. In reality, it doesn’t
provide any security or authorization, and it allows connection to any client station. This
authentication method consists of two steps. In the first step, a data frame is sent from
device that attempts to gain access to the authenticating point. This frame is an
authentication request. In the second step, a frame (a result of the authentication process) is
STEP BY STEP: COMMON CONFIGURATIONS 83
sent in the opposite direction. If both operations completed successfully, so did the
authentication process.
• Shared Key – Method utilizing shared set of WEP encryption keys. This method verifies
whether both stations taking part in authentication process have identical secret WEP key.
Since this system is based on WEP encryption algorithm, it inherited WEP’s weak points.
To use this method, you need to have WEP encryption enabled (see: page 97). This
authentication method consists of four basic steps. In the first step, the device that requests
authentication sends a data frame (like in OSA method described above). But in the second
step, the frame sent is encrypted with WEP protocol. Authenticating station generates
a stream of bits that identify the station trying to connect. The third frame contains the same
data as the second one, but it is encrypted with another WEP key. Authenticating point
compares contents of frame it generated with the third frame, received as an answer. This
comparison determines, whether the fourth frame (sent from authenticating point) allows
or denies further access. Unfortunately, a hacker monitoring such a session will be able to
decrypt all the communication, by determining key for RC4 encryption algorithm
(used in WEP). That’s why the most secure practice is to use the Shared Key method with
additional authentication protocol, e.g. 802.1x.
• WPA-RADIUS – In this method, authentication is based on EAP protocol (Extensible
Authentication Protocol). It requires the use of an external RADIUS authentication server as
well as implementation of the 802.1x architecture. All information regarding client’s identity
(e.g. login and password, MAC address or client station certificate) is stored on RADIUS
server. Access Point requests verification of client’s identity, and in turn that client sends
appropriate data to both Access Point and the authenticating server. Server verifies client’s
identity, and then sends a message that allows or denies further access.
• WPA-PSK – This authentication method is based on main common key (Pre-Shared Key),
initially used in authentication process. Next, dynamic encryption keys are generated for
each of the clients. Also, these keys are automatically replaced after some time. The main
encryption key should be identical on all communicating devices. To use this method, TKIP
encryption must be enabled.
Pre-shared key shouldn’t have less than 16 characters and they (it)
ought to be hard to guess.
Not every wireless device supports all the authentication methods mentioned above. However, you
should always use the best possible method available for all devices in your network. Authentication is
connected with the data encryption, hence its configuration is discussed in next section.
3.11.3 Encryption
Data encryption methods ensure secure transmissions through publicly-available radio channels.
Encryption methods implemented in APPro54G are listed on Wireless/Security page of
management interface.
• Users of older wireless devices should use Shared Key authentication and 128-bit WEP key.
• On modern WiFi devices, the optimal choice is the WPA-PSK authentication and the AES
encryption.
• Users of networks with 802.1x architecture should configure base station to work with the
RADIUS server and enable the WPA-RADIUS authentication.
STEP BY STEP: COMMON CONFIGURATIONS 85
Actions:
• Log on to the AP (see: page 12).
• On Wireless/Security page set following options:
r Authentication Type: choose Shared Key;
r Encryption Method: choose WEP;
r Key Length: choose 128 bit;
r Key Format: choose ASCII (13 characters);
r Default Tx Key: choose Key 1;
r Encryption Key 1 do Encryption Key 4: type four encryption keys, each one
should be 13 characters long.
r Click on Apply Changes button.
Enable the same encryption and authentication settings in each client device of your network.
Unfortunately, not every device supports Shared Key authentication. If any problems occur, change
authentication method to Open System and enable WEP encryption only.
86 STEP BY STEP: COMMON CONFIGURATIONS
Actions:
• Log on to the AP (see: page 12).
• On Wireless/Security page set following options:
r Authentication Type: choose WPA-PSK;
r Encryption Method: choose AES;
r WPA Passphrase (Pre-Shared Key): enter main key (Pre-Shared Key must be the
same for each device operating in your WiFi network). Key should have at least 16
characters, and be hard to guess.
r Click on Apply Changes button.
STEP BY STEP: COMMON CONFIGURATIONS 87
Enable the same encryption and authentication settings in each client device of your network.
Unfortunately, not every device supports AES encryption. If such devices operate in your network, use
an alternative but less secure TKIP method.
Actions:
• Log on to the AP (see: page 12).
• Enable and configure bandwidth management options as discussed on page 78. If there’s
no need to limit the traffic, enter large values for both transmission directions,
e.g. 2000 kbit/s.
• Set Unlisted Clients Traffic option to Deny.
• Click on Apply Changes button.
• Status – information section that presents data about the state of your AP device, software
and network connections. (see: page 88)
• Wireless – wireless network setup. (see: page 92)
• TCP/IP – general network settings. (see: page 102)
• Other – software’s additional features. (see: page 114)
• Statistics – reports that recap operation of network devices. (see: page 118)
The next pages contain a detailed description of available options and their purpose.
4.1 Status
This section provides information on wireless device’s status and about the Linux OS that controls it.
4.1.1 AP Status
This page shows the basic settings of your Access Point. APPro54G presents here the following
information:
If you need to contact the tech support staff, it’s essential to include
information about the exact firmware version and the compilation date.
• Wireless LAN Packet Counter – Number of packets sent through wireless network.
r Sent Packets – Number of packets sent.
r Received Packets – Number of packets received.
• Ethernet LAN Packet Counter – Number of packets sent through wired (LAN) network.
Parameters in this section have the identical meaning as above, but they refer to LAN
interface.
• Sensors Info – Information collected from sensors on APPro hardware module.
r APPro Module – information about installed module type. Example: APPro Module
1.5 Flash 64kb TEMP HUMD VOLT LED0 LED1 EEPR FLSH.
r Temperature – TTemperature of Access Point’s microprocessor (in Celsius).
Example: 78.85.
r Voltage – Voltage powering AP’s microprocessor. Example: 3.35.
By clicking on MAC address, you can obtain additional information about manufacturer of the device
connected to your AP. Furthermore, when you place mouse pointer over a column with operating mode
information (applies only for connections in Client mode), you’ll see following data:
Notes
• Indicator of signal strength (RSSI) shows values between 0 (weakest signal) to 100 (the
strongest). Minimum value that ensures fast and reliable connection is 40.
• Signal strength indicator works only in APC or AP mode – it’s unavailable for Bridge and
WDS connections.
• Building the client list displayed on this page may take up to 60 seconds. This delay is
caused by algorithm that detects IP addresses of devices connected to your AP.
92 AP’S WEB INTERFACE
If traffic volume is high, creating the list of connections could take even
a couple of minutes.
4.2 Wireless
In this section you can find options needed to configure the WiFi interface, security features, and
functions that control access of wireless devices.
• Alias Name – A name that makes it easier for administrator to identify the device. This
name is displayed (along SSID) in title bar of Web interface’s window, also this is a
hostname in device’s system shell (shown when you log on to AP via Telnet or SSH
protocol).
• Disable Wireless LAN Interface – Selecting this option switches off wireless
interface.
• Mode – Device’s mode of operation. There are 5 mode settings available:
r AP Access Point – In this mode, your device operates as a transition point between
cable LAN and wireless devices that work within AP’s range.
r AdHoc Station – This mode allows direct connection between your AP and another
wireless device. This type of connection doesn’t require the presence of any master
devices (e.g. Access Points).
AP’S WEB INTERFACE 93
r APC Infrastructure Client – Choosing this mode turns your AP into a WiFi
network adapter (a slave device that needs to connect with another Access Point).
r P2P Bridge/Bridge Slave – With this mode enabled, you can build a two-point
WiFi bridge, or set up your AP as a slave element of a multipoint bridge. Such bridges
are transparent to other network devices and protocols.
r Bridge Master – Thanks to this option, you can set up your AP as the master device
of a multipoint bridge. There’s only one master device allowed per bridge.
• ESSID – Name of your wireless network. You need to enter correct ESSID name (the same as
in other devices), in order to connect your device with an existing WiFi network (in client mode),
or to let other users connect with your AP.
• Peer MAC Address – MAC address of the master device of a multipoint WiFi bridge (or other
device in a two-point bridge). This value applies only to wireless bridge mode. MAC address is
formatted as hexadecimal values separated with colons (e.g. 12:34:56:78:9a:bc).
• Enable Packet Aggregation – This option improves the performance of wireless bridges.
You should enable it only when other bridge elements also have APPro54G software. This
feature combines many short data packets into one – a single and bigger one. This significantly
increases bridge’s efficiency.
• Channel Number – Number of radio channel in WiFi spectrum. In AP and bridge modes, you
can select the channel manually. This option is unavailable in Ad-hoc and APC modes.
• Modulation – Type of supported wireless network. Available options are: 802.11b (with
maximum transmission speed of 11 Mbit/s), 802.11g (54 Mbit/s) and the automatic choice of
a WiFi standard. Optimum modulation setting depends on your network’s operating conditions.
Typically, 802.11g standard offers the best performance for indoor networks, but in some more
difficult cases you can get better results with 802.11b. This is also true for distances longer
than 1000 meters and a large number of clients. Mixed mode Both (b+g) could degrade
performance for 802.11g devices, but only this setting allows connections with faster
(802.11g) and slower (802.11b) clients.
• Slave MAC Address – If your AP operates as the master device of a multipoint bridge, in these
fields type MAC addresses of slave devices. MAC address is formatted as hexadecimal values
separated with colons (e.g. 12:34:56:78:9a:bc).
A device that operates in 802.11g mode will not detect any 802.11b devices
(on Site Survey page), and it will not be detected by these devices.
A device that operates in 802.11b mode will not detect any 802.11g devices
(on Site Survey page), and it will not be detected by these devices.
94 AP’S WEB INTERFACE
• ACK Timeout – Time limit for packet acknowledgement (ACK). If AP won’t receive ACK in
time specified here, it sends the packet again. Large value of this parameter is useful (it can
improve network performance) when you work with long-distance connections or your
network has many intermediary devices. In such cases, optimum value for ACK Timeout is
255.
• Fragment Threshold – This parameter specifies the maximum size of a frame (basic
packet of information) that still may be sent without dividing it into smaller portions.
Lowering this value reduces impact of radio interferences on overall network performance
(in case of failed transmission, AP needs to resend smaller packet of data). If interferences
aren’t an issue in your network, you could increase this value to improve maximum
transmission speed. Extended discussion on this topic is available in section 6.8
(page 145).
• RTS Threshold – Frames larger than this value are preceded with RTS/CTS packets. These
packets reserve the radio channel for data transmission. Lowering this value improves
performance in networks that include large number of hidden nodes (devices that can
communicate with Access Point, but not with one another). Increasing this value improves
network’s maximum performance, unless there are some interferences. Extended discussion
on this topic is available in section 6.8 (page 145).
• Beacon Interval – Time interval between transmitting consecutive Beacon frames
(by your Access Point). These frames synchronize network devices, also they enable both WiFi
network detection, and connection. Lowering Beacon Interval value speeds up connection
of new devices to your network. Increasing this value slightly improves performance of WiFi
transmissions. Additionally, it reduces power requirements of devices operating in sleep mode.
• DTIM Period – Value that specifies how often Beacon frame will be accompanied by a
DTIM element. This element precedes transmission of buffered frames (that are collected in
memory of a WiFi device) between Access Point and a device that operates in sleep mode.
Buffering applies to broadcast (sent to all users at the same time) and multicast frames (sent
to many users) – such frames are special packets of information that don’t require
acknowledgement of reception. Increasing this value will decrease power consumption of
devices in sleep mode, and decreasing it speeds up delivery of buffered frames.
• Receiver Sensitivity – Lower value of this parameter (larger number after minus sign)
makes your AP receive weaker signals. Seemingly the receiver should be as sensitive as
possible to receive even the weakest radio transmission. However, a receiver that’s too
sensitive could “hear” other WiFi networks or other devices operating on the same frequency
band. This degrades network’s performance. That’s why you should adjust optimum
sensitivity to specific circumstances (e.g. number of wireless networks in your area,
interference level, physical obstacles blocking radio waves, etc.).
AP’S WEB INTERFACE 95
• Tx Power – Power of radio transmitter. Higher output power improves wireless network’s
range. However, sometimes it’s necessary to lower this value, e.g. to meet local regulations
for transmitter power, to avoid interferences with other wireless networks, or to prevent
signal overdrive. Recommended TX Power value is 18 dBm.
• Tx Rate – Speed of sending data from radio transmitter. Access Point can automatically
adjust this value (Auto setting), but this may degrade performance if the interferences occur.
You can also set transmission speed manually (to a value from 1 to 54 Mbit/s range).
Considering device’s sensitivity, the optimum transmission speed for 802.11g mode is 36
Mbit/s, and for 802.11b – 11 Mbit/s. In networks operating in open areas (outside
buildings) it’s recommended to use 802.11b mode.
• Tx Operation Rate – Working transmission speeds. With these options you can specify
at what speeds your device can send data. During data transmission, AP will try to use
highest speed available, and in the case of transmission errors – lower and lower ones.
• Tx Basic Rate – Supported transmission speeds. With these options you can specify
what transmission speed your device will support. This has some implications if your
network’s supposed to work with older WiFi devices that support a limited number of
transmission speeds. If a device’s set of supported speeds doesn’t match the set of your AP,
that device won’t get connected to the network.
• Preamble Type – Lets you choose type of preamble – a stream of bits that synchronize
wireless transmission and indicate beginning of a data frame. To preserve compatibility with
older standards, networks use Long Preamble, which is 144-bits long. Since preamble is
always sent at the speed of 1 Mbit/s, it significantly degrades effective transmission speed of
a WiFi network. You can solve this problem with Short Preamble. It has only 72 bits, so
processing it takes half the time needed for a long preamble, hence it improves network
efficiency. Ensure that all devices operating in your network use the same preamble type.
• Broadcast SSID – Broadcasting of your network’s name. If Enabled, other clients can
easily find your network and connect to it. If you set this option to Disabled, your Access
Point will be invisible to standard methods of WiFi network detection. This would also mean
that users of your network should set SSID value manually. Remember that this feature will
hide your network from unauthorized users, but it won’t protect it – for this, there are other
means available.
• IAPP – Support for Inter-Access Point Protocol (IAPP). Setting this option to Enabled would
make your AP pass data from a foreign WiFi device to another AP (appropriate to that device).
However, that other AP has to cooperate with yours. This feature resembles roaming in cellular
phone networks, and it provides uninterrupted network access for mobile devices that move
between areas covered by different Access Points. Switching this option to Disabled causes
your AP to connect only with the devices that are members of your network.
96 AP’S WEB INTERFACE
• Block IBSS Traffic – Blocking of direct data exchange between users operating within range
of your AP. Enabling this option disallows sending information between client WLAN devices
(they won’t “see” one another), but communications between WiFi and LAN devices won’t be
affected. Blocking IBSS traffic can significantly improve operation of a network that offers Internet
access. Since blocking eliminates traffic between users, it decreases the load on your AP. An
additional benefit of this feature is blocking one of the common paths of virus attacks.
• NETBIOS Filtering – Blocking packets related to NETBIOS service. Enabling this option
eliminates traffic (between LAN 1, LAN 2 and WLAN interfaces) needed for “Network
Neighborhood” communication in Windows OS, and for sharing printers and other computer
resources. Because these packets are sent quite frequently, they decrease usable
transmission bandwidth. Additionally, this option improves network security and adds
immunity to some forms of virus infection. This feature works with IP protocol only, as it
blocks traffic on ports 135, 136, 137, 138, as well as 427, 445, 1025, and 1512. If your
network employs another protocol (e.g. IPX), NETBIOS service will be unaffected and still
could degrade wireless transmission speeds.
• Busy channel sensing – Method of automatic detection of occupied WiFi channels. You
can choose algorithms based on analysis of signal strength (Energy Detection), WiFi
signal characteristics (Carrier Sensing) or both methods combined (Both).
• Long retry limit – Maximum number of repetitions of large data frames (larger than
RTS Threshlold value).
• Short retry limit – Maximum number of repetitions of small data frames.
• Disable G-Protection – Selecting this option disables feature of protecting 802.11g
transmissions. This protection is based on WiFi channel reservation with CTS/RTS frames that
are sent in 802.11b mode. Following data packets are transmitted in faster 802.11g mode.
Thanks to this procedure, devices operating in an older (slower) mode will know about
transmission taking place, and won’t disturb it. Unfortunately, G-Protection degrades network
performance (by about 10 to 40 percent), hence it’s better to disable it if all devices operating
in your area support modern 802.11g standard.
• Disable OLBC Mode – Selecting this option switches off Overlapping Legacy BSS Condition
mode (OLBC). This mode ensures proper operation of a WiFi network (at the expense of
performance), in cases when on a given area and on the same channel, there is another AP
that supports 802.11b mode only (e.g. this is an older device or its clients operate in
802.11b mode).
AP’S WEB INTERFACE 97
4.2.3 Security
Thanks to options on that page you can protect your wireless network against uninvited guests.
• Authentication Type – Authentication method for wireless devices taking part in data
exchange. There are three authentication methods available. Authentication process makes
some use of encryption keys, but it is not connected with the actual encryption of data
packets or Access Control List (see: page 81). Authentication serves only as a means of
confirming access rights for a given device.
r Open System – Basic authentication algorithm that grants access to your AP to each
device asking for it. The only requirement here is sending a frame to Access Point,
which in turn answers with another frame. Performing these steps without errors
means that authentication was successful.
r Shared Key – Authentication based on WEP encryption keys stored in the memory of
each device in your network. In this method, after initial contact made by device,
it receives a frame with encrypted data, to which it has to answer with the same data
(also encrypted). Only after completing these steps such a device would be
authenticated.
r Auto – Automatic choice of authentication method (one of two described above).
Selecting this option means that authentication would be performed for devices that
make use of encryption, as well as those that don’t.
• AP Cloaking – Hiding your Access Point. Enabling this option has the same effect as
disabling Broadcast SSID option.
• Wireless LAN Encryption – Options related to data encryption in AP and APC modes.
• Encryption Method – Encryption algorithm used in your WiFi network. Choosing one of
them will protect data sent through the network against snooping software and devices. The
more advanced encryption, the higher potential load on network devices that not always are
equipped with hardware support for modern algorithms (this doesn’t apply to your Access
Point, which has hardware encryption built-in).
r WEP – Simplest, and most basic encryption algorithm. Unfortunately, it is also easy to
crack, so it should be employed at best for protection against accidental connection of
foreign users. This algorithm is based on a set of a few alternating encryption keys.
r WPA/TKIP – One of the successors of WEP algorithm. It is based on WEP’s cipher
hardware (which means it could be implemented on the same hardware as WEP), but
it has a more advanced encryption algorithm, better mechanism for choosing and
replacing encryption keys, as well as improved transmission control. Support for this
algorithm is quite widespread among wireless devices.
r WPA/AES – One of the safest encryption algorithms developed to date. This method also
has many improvements in elements that support the main algorithm – that further
boosts the security level.
r WPA2/AES – By choosing this option, you force other devices to communicate with your
AP only with the AES encryption enabled. Devices that don’t have support for AES
won’t be allowed to connect.
r Choosing the Disabled option switches the data encryption off.
98 AP’S WEB INTERFACE
• Key Length – Length of WEP keys (64 or 128 bits). The longer encryption keys mean
more robust protection of data transmission. Unfortunately, in the case of WEP method even
128-bit keys can’t provide an acceptable level of security.
• Key Format – Notation of WEP encryption keys. In the case of ASCII format it has the
form of character sequence (e.g. letters and digits) with specified length
(5 or 13 characters). Hex format (10 or 26 characters) is simply a collection of hexadecimal
numbers (digits 0–9 and letters a–f).
• Default Tx Key – Default WEP encryption key. For each user, this is the first encryption key
used in data exchange. After a given key is used, it gets replaced with another one.
• Encryption Key 1–4 – WEP encryption keys. Keys are stored in a format specified with
options discussed above. To protect your keys against snooping, their real values are masked
with asterisk characters.
• WPA Passphrase – Password for WPA algorithms. This password is a basis for encryption
keys created during data transmission.
• Enable Wireless Access Control – Selecting this option activates access control
feature for your WiFi network.
• Access Mode – Operating mode of the Access Control feature. In Allow mode your AP is
accessible only to users placed on the list shown in lower part of the window. In Deny
mode, the situation is opposite – AP is accessible to all users except for those placed on
the list.
• MAC Address – Here you can type the MAC address of the device you want to add to
Access Control List. MAC address is formatted as hexadecimal values separated with colons
(e.g. 12:34:56:78:9a:bc).
• Comment – In this field you can put a short comment (description) that makes it easier to
identify a new entry in the list.
The Access Control List is located in the lower part of the window. This list contains MAC addresses
and comments that have been added earlier, as well as a selection box (in Select column) for
removing entries from the list. Below the list the following buttons are placed:
• RSSI/SQ – Power of received signal and its quality. Higher RSSI value indicates that a
stronger signal reaches your Access Point. Maximum RSSI value equals 100.
Minimum at which you still can have a good connection quality is 40.
• Select – Selection box for connecting to specified network.
By clicking on MAC address, you can obtain additional information about the manufacturer of the
device connected to your AP. Additionally, if you place the mouse pointer over SSID column, the
following information will be displayed:
• Station Address – actual address of a base station, usually identical with BSSID;
• Basic Rates – basic transmission speeds offered by a base station;
• Supported Rates – operating speeds supported by a base station;
• Preamble Type – type of preamble (long or short) that precedes packets in wireless
transmissions;
• Encryption – Enabled or Disabled data encryption.
If connecting to selected network fails, there are several possible reasons for failure:
Device with WDS mode enabled fully supports users connected to both
WLAN and LAN interfaces.
In the lower part of the windows there’s a list (that contains MAC addresses and comments) of devices
connected with your AP in WDS mode. Each entry has a selection box (in Select column) that allows
deletion of the selected entry from the list. Below the list there are following buttons:
• Delete Selected – Removes selected entries from the list.
• Delete All – Clears all entries from the list.
• Reset – Clears all selection boxes on the list.
4.3 TCP/IP
With options in this section, you can configure wired LAN interfaces, advanced traffic control, and
manage the way your network operates.
WDS connections are always bridged with WLAN interface (as br0 interface).
Each request to the WLAN interface applies to wlan0 as well
as wlan0-wds0... wlan0-wds5.
LAN1 port in APPro software is the equivalent of an eth0 interface
in Linux system.
LAN2 port in APPro software is the equivalent of an eth1 interface
in Linux system.
r Router – In this mode, all AP’s interfaces operate independently. Your AP device
operates as a three-port router (LAN1 is eth0 interface, LAN2 – eth1, and WLAN is an
br0 interface). For each interface, you need to configure separate IP settings:
– IP Address – IP address of a given interface;
– Subnet Mask – mask of subnet, in which interface operates.
– Clone MAC Address – optional MAC address of the interface (set it if you need an
address other than the default);
r Router (LAN1, LAN2 Bridged) – Interfaces LAN1 (eth0) and LAN2 (eth1) are
connected with a bridge (br1 interface) and they operate much like a network switch.
They have a common IP address and a subnet mask (this address is also used to gain
access to your AP). WLAN interface operates independently from these ports, and your
AP works like a two-port router that manages traffic between LAN ports and a WLAN
(wireless interface). This mode operates exactly as in Ovislink 1120 device, and in APC
mode it allows connection to more clients with NAT feature enabled.
104 AP’S WEB INTERFACE
r DHCP Relay IP – IP address of DHCP server that receives the requests from your
clients.
• Network Address Translation – Settings of NAT feature that serves two primary
purposes. Most important one enables sharing of a single network address (in Internet)
between many clients of your internal network. These clients use private addresses from
10.0.0.0/8, 192.168.0.0/16, and 172.20.0.0/16 classes. At the same time, NAT masks
real IP addresses of the devices (they are ‘visible’ as just one IP) and it disallows direct
connections from the Internet to your internal network. This is the second most important
NAT feature – hiding identity and protecting your network’s users from external attacks.
r NAT – Enables or Disables feature of network address translation. This function is
relevant only in router mode.
r Outside Interface (Internet) – From this list you can choose the interface used
to communicate with the Internet. Available interfaces are: LAN ports, WLAN and
PPPoE (Point to Point Protocol over Ethernet). After enabling NAT feature, all packets
leaving selected interface will have sender’s IP address replaced with the IP of that
interface.
r Modify TTL – This option can be useful in many cases. It specifies operations
performed on TTL parameter (Time To Live), found in each TCP/IP packet. This
parameter defines the number of devices that packet can pass, before it will be
considered lost (expired) and as such removed. Purpose of this mechanism is to
prevent constant circulation of packets that can’t reach their destination address.
In practice however, TTL is also used to limit Internet access. If TTL value is set to 1
(by your network provider), packets received from the Internet can reach only the first
device in your local network. If this device isn’t user’s computer but for example
a router, such a packet will never reach it’s destination – it will never pass the router.
For this option, the following settings are available:
– Disabled – APPro54G operates in default mode and decreases each packet’s TTL
value by 1.
– Block Sharing – AP limits Internet access for its users. Packets from the Internet
will reach only devices that directly communicate with your AP, but not clients
behind such devices. This method can be used to protect your connection from
overloading by an excessive number of users.
– Increment – TTL value will be increased by 1. This way packets preserve their
original state, which in turn transfers any access limits from AP to AP’s clients.
– Set 128 – TTL value is set to 128, which provides devices connected to your AP
with unlimited Internet access. Choosing this option is somewhat risky, since it
could lead to creation of packets that constantly circulate in your network until you
power down your AP.
• Bandwidth management – Settings for initial configuration of traffic management feature.
r Uplink Interface (Internet) – From this list you can choose interface used to
communicate with the Internet. Traffic on this interface will be treated by management
feature as the traffic that comes from your clients to the Internet. You should choose
AP’S WEB INTERFACE 107
only one interface (LAN1, LAN2, WLAN, WDS or PPPoE) that is used to communicate
with the external network.
r Downlink Interface (clients) – Connection or connections assigned to clients in
AP’s internal network. Traffic on this interface will be treated as the traffic from the
Internet to your clients. You can select several interfaces used by your clients (LAN1,
LAN2, WLAN or WDS), but you can’t use interface already chosen as Uplink.
• Other settings – Additional TCP/IP protocol settings.
r DNS1 Address, DNS2 Address – Addresses of DNS servers. Thanks to these servers,
your AP is able to tie domain names with their assigned IP addresses. Thanks to DNS
service, you have to remember only the domain names (e.g. approsoftware.com
instead of 62.111.156.26). You should enter addresses of different DNS servers, so in
case of primary DNS malfunction, you could still use a secondary server. Additionally,
the DNS configuration is required if you use DHCP server, since DNS settings are
passed to your DHCP clients.
r Time server – Address of server providing current date and time. Such a server plays
an important role in synchronizing networks, and it ensures that the clock of your
operating system is always right.
• DHCP Server – Enables or Disables DHCP server built into APPro54G software.
• DHCP Server Interface – From this list you can choose a network interface or interfaces
assigned to automatic configuration feature. You shouldn’t enable DHCP server with the
Bridge mode activated. There should be only one DHCP server per network. Available
options are closely linked to AP’s mode of operation (see: page 102):
r in router mode, there are LAN1, LAN2 and WLAN ports available – DHCP server will
assign IP addresses to the users connected only to one of these interfaces (as specified
in your configuration);
r in Router (LAN1/LAN2 Bridged) mode, you can choose either connected LAN1 and
LAN2 ports or the WLAN interface; in the case of LAN ports, the DHCP server will
assign IP addresses to the users connected to any of these interfaces (they are treated
as a single port);
r in Router (WLAN/LAN1 Bridged) mode, you can choose WLAN/LAN1 port – DHCP
server will assign IP addresses to the users connected to LAN1 and WLAN interfaces
(they are treated as a single port);
r in Router (WLAN/LAN2 Bridged) mode, you can choose WLAN/LAN2 port – DHCP
server will assign IP addresses to the users connected to LAN2 and WLAN interfaces
(they are treated as a single port);
108 AP’S WEB INTERFACE
• DHCP Client Range – IP address range reserved for DHCP server’s clients. These
addresses are automatically assigned to clients connecting with your AP. In these fields you
need to type values that are valid for your IP network and its subnet mask. If your DHCP
server uses static addresses only (see below), in DHCP Client Range fields enter range of
0.0.0.0 – 0.0.0.0. Also you need to remember that different interfaces cannot have different
IP ranges – a network may have just one DHCP server that manages available addresses.
With fields described below you can create static DHCP binds. These binds permanently link device’s
MAC and IP addresses.
• MAC Address – MAC address of a device connected with your AP. MAC address is
formatted as hexadecimal values separated with colons (e.g. 12:34:56:78:9a:bc).
• IP Address – IP assigned to a device connected with your AP. Ensure that IP address is
valid for your local network (e.g. it is consistent with subnet mask). Additionally, if the
dynamic part of DHCP server is also active (see above), the static address has to be located
outside IP range reserved with DHCP Client Range fields.
• Comment – In this field you can put a short comment (description) that makes it easier to
identify a device in the list.
• Add – Clicking on this button adds entered information to DHCP server’s static list.
Each entry on the DHCP list is accompanied with a selection box (the Select column). This box is
used to select entries you want to delete. Below the list the following buttons are located:
If your network does not have any specific DNS server, you can use one of
following which are openly available:
• 194.204.159.1,
• 212.87.0.37,
• 213.134.128.19,
• 213.134.128.20,
• 62.111.156.14.
You need to enable this option if your AP is operating in router mode. In APC
mode without router enabled, this option isn’t required for proper operation.
IF you enable this option in APC mode, you need to disable MAC translation
feature.
r PPPoE Clients on – Interface connected with clients that use the external PPPoE
server.
r PPPoE Relay Sessions – Maximum number of sessions (independent connections)
that your clients may establish with the PPPoE server.
r Idle timeout – Time (in seconds), after which an inactive connection will be closed.
• PPPoE Client Settings – Settings required to establish a connection with the external
PPPoE server.
r PPPoE Client – Enables or Disables feature of connecting your AP with the
external PPPoE server.
r Interface – Choose an interface, to which external PPPoE server is connected.
Available interfaces are: one of wired (LAN) and the wireless (WLAN) interfaces.
r PPPoE User Name – User name for PPPoE server.
r PPPoE Password – Access password for PPPoE server.
After setting options of packet filtering, you can add them to the list of rules with the OK button. If you
click on Reset button, the page returns to values displayed when you opened that page. The Apply
Changes button causes the device to restart with your new settings enabled. The bottom part of the
window contains the list of filtering rules you created.
Port filtering applies to all packets (and on all interfaces) that have source or
destination ports matching entered port range.
Keep in mind that setting a port range that’s too broad (from 1024 to 65535)
will block your traffic completely.
In the bottom part of the window there’s the table of rules that control packet-forwarding feature. Apart
from options already described, each entry on that list has a selection box (in Select column), that
allows selection of multiple entries. Below the list there are the following buttons:
After setting these parameters, you can add them to the management rules list by clicking on OK button.
If you click on Reset button the page returns to values displayed when you opened that page. The
Apply Changes button causes the device to restart with your new settings enabled.
Below these elements, there’s a list of traffic manager rules. On this list there are the same settings
you entered and the selection box in Select column that will let you select multiple rules. With these
buttons you can change the contents of the list:
114 AP’S WEB INTERFACE
4.4. Other
Options in this section aren’t related to network settings. With them, you can for example enable
supervising functions and update your AP’s firmware.
4.4.1 Reboot
This page contains only the Reboot button. Clicking on it will cause your device to restart (switching
your Access Point off and on has a similar effect). Your device will be inaccessible until Status LED
indicates otherwise.
• Restore Default – Clicking on this button reverts all AP settings to their default values
(pressing the Reset button on device’s backplate has similar effect). Default configuration
will be activated after you restart your AP or click on Apply Changes button.
• Backup/Restore Configuration – Thanks to these options, you can save current AP
settings in a file and restore them from one of such files.
r Please click here to download[…] – this link points to a file with current AP’s
configuration. The file is saved in GZIP format.
r Select File – Here you can type or choose a configuration file (saved earlier), which
will be uploaded to your AP.
AP’S WEB INTERFACE 115
r Upload Config – Clicking on this button uploads a file selected earlier to the Access
Point. This function is useful in case when you want to quickly restore device’s
configuration. Restored configuration will be activated after restarting your AP or
clicking on Apply Changes button.
r Reset – Restores Select File field to its initial value.
• Upgrade Firmware – With these elements you can send new version of APPro54G (or
other software intended for your device) to the AP.
r Select File – Here you can type (or choose) the name of a file that contains new
firmware version.
r Upload – By clicking on this button you can send chosen file to your device. After
successful completion of this operation you need to restart your Access Point.
r Reset – Restores Select File field to its initial value.
• Syslog settings – Settings for logging of system events occurring in APPro54G software.
r Syslog mode – Syslog’s mode of operation. Available options are Disabled
and Normal.
r Syslog server IP – IP address of a device that will register events occurring in your
Access Point.
• OK – Clicking on this button saves settings described above.
• Reset – This button returns opened page’s fields to their initial values.
• Apply Changes – Clicking this button restarts your Access Point with the new settings
enabled.
• Technical support – Here you can obtain information useful for analysis and resolving
technical problems. To use this feature, click on Generate button – AP device will create a
report describing its current configuration and operation. This report should be handed over
to tech support staff. To get this report file, you need to open System Settings page
again, and click on Get technical support link.
Files with settings and information for tech support are compressed in tar.gz format.
Tech support files may contain passwords and IP addresses of other devices.
Creating support file may take up to several minutes.
AP’S WEB INTERFACE 117
• Register – Clicking on this button sends entered e-mail address to authors of APPro54G
software. After you register, messages asking for product registration will not show up again.
4.5 Statistics
This section provides summary information on device’s state and its past operation.
Statistics on this page will be lost after you restart your AP device.
Requirements
Recommended SSH client for Windows OS is Putty software,
(available at <http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html>),
and for Linux or Mac OS users there’s SSH client built-in.
• http://man.he.net/
• http://busybox.net/
• http://www.eng.hawaii.edu/Tutor/vi.html
For users of the APPro54G software, the most important files are placed in
/etc, /usr/local and /var/log directories.
All configuration files in APPro54G are prone to syntax errors. When you edit
such files, you need to strictly comply with correct format of these files.
Any mistake made in configuration files may disturb access to the AP
(to regain it you’d need to reset your device).
124 CONFIGURATION USING LINUX CONSOLE
After you update AP’s firmware, its default settings may be written (for safety reasons) in the following
directories:
/etc/crontabs/
/etc/crontabs/root
/etc/defaults/
/etc/defaults/udhcpd.conf.def
/etc/defaults/resolv.conf.def
/etc/defaults/passwd.def
/etc/fstab
/etc/inetd.conf
/etc/inittab
/etc/ppp/
/etc/ppp/pppoe-server-options
/etc/ppp/options
/etc/ppp/pap-secrets -> chap-secrets
/etc/ppp/chap-secrets
/etc/qos.conf
/etc/wlan.conf
/usr/local directory
You can store user scripts and programs in /usr/local directory. Binary programs should be compiled
for MIPS architecture, with file size not larger than 128 KB. If user needs to start his own script during
APPro54G startup, he should save it with user.sh name in /usr/local directory. Next, it’s
necessary to set file’s execution attribute (with command chmod a+x user.sh) and save directory
contents with flash save command. After doing this, the user script will be started every time the
settings of APPor54G are activated.
Remember that you need to use /bin/sh shell, not the /bin/bash!
Example script:
#!/bin/sh
echo "Configuration test"
To store contents of this directory in flash memory, use flash save command.
CONFIGURATION USING LINUX CONSOLE 125
/var/log directory
This directory contains the following log files (created by APPro54G):
Log files are deleted every hour, which is necessary because of the small
amount of free space in device’s filesystem. If you need to analyze or store
logs created over longer period of time, you need to configure APPro54G to
send logs to an external syslog server.
• ifstat -W -i eth0,eth1,wlan0 -T -S -b 1
shows real time traffic statistics for each interface;
• iwpriv this command is used for advanced configuration
of the wireless interface;
This command uses proprietary parameters that are not compatible with the
wireless tools standard. Undocumented parameters
(with unknown purpose) are listed below:
• loading modules;
• kernel configuration;
• decompression of a file that contains user data (saved earlier with flash save command);
• decompression of configuration data (saved with flash save-config command);
• reading of hardware configuration;
• starting processes that are invoked only once after AP’s restart;
• launching the inetd daemon;
• launching the init program.
The start.sh script is responsible for proper APPro54G configuration – either after device’s restart,
or when you click on Apply Changes button in AP’s Web interface. It performs the following actions:
Configuration of inetd daemon ensures access to Telnet and SSH services. You can change it by
editing /etc/inetd.conf file. If you modify scripts, remember that any mistake you make may lead
to improper AP operation and the necessity of reverting to default settings (with the Reset button).
Additionally, it’s necessary to launch the firewall.sh script before qos.sh – otherwise, the QoS
feature won’t operate properly.
130 CONFIGURATION USING LINUX CONSOLE
Depending on the requirements, interfaces in APPro54G can be combined into a bridge thanks to
kernel’s features and the brctl tool. Bridge configuration depends on AP’s operating mode chosen on
TCP/IP Basic Settings page (in Routing/Bridging mode section):
• Bridge
r In this mode, all interfaces (eth0, eth1, wlan0 and – if WDS is enabled and MAC
addresses entered – active wlan0–wds0 – wlan0–wds5 interfaces) are connected
to the br0 interface.
r IP and MAC addresses, as well as the subnet mask entered in Bridge Interface
settings section, are associated with the br0 interface.
• Router
r In this mode the wlan0 and – if WDS is enabled and MAC addresses entered – active
wlan0–wds0 – wlan0–wds5 interfaces are connected to the br0 interface.
r eth0 interface operates independently.
r eth1 interface operates independently.
r IP and MAC addresses, as well as the subnet mask entered in LAN1 Interface
settings section, are associated with the eth0 interface.
r IP and MAC addresses as well as the subnet mask entered in LAN2 Interface
settings section, are associated with the eth1 interface.
r IP and MAC addresses as well as the subnet mask entered in WLAN Interface
settings section, are associated with the br0 interface.
CONFIGURATION USING LINUX CONSOLE 131
APPro54G software also makes use of imq0 and imq1 interfaces – these are
used for bandwidth management, but they don’t have assigned IP addresses.
132 CONFIGURATION USING LINUX CONSOLE
• NETBIOS traffic filtering, if NETBIOS Filtering option is enabled. In that case, TCP/UDP
traffic on 135, 137, 138, 139, 427, 445, 1025 and 1512 ports is blocked.
• traffic filtering on ports specified by user (option Port Filtering in Web interface);
• packet marking for QoS and Traffic Manager modules;
• limiting number of concurrent connections and packet transmission speed;
• NAT feature implementation.
Detailed diagram of packet flow through firewall in APPro54G software:
• Flow Limits – module that imposes global limits (for all users and traffic categories) on
packet transfer speeds and number of connections. In order to achieve this functionality,
Flow Limits utilizes limit and conlimit modules of the firewall. Limiting the traffic takes
place in FORWARD chain. Connections that exceed specified values are rejected with tcp-
reset message.
• Traffic Manager – module that utilizes eth0, eth1, wlan0 and wlan0–wds0 to
wlan0–wds5 interfaces. Choice of these interfaces is based on settings for UPLINK traffic
(coming from interface set as Uplink Interface (Internet) on TCP/IP Advanced
Settings page) as well as for DOWNLINK traffic (coming from interfaces set as Downlink
Interface (clients) on TCP/IP Advanced Settings page).
QoS mechanism creates four HTB classes for each of imq0 and imq1
interfaces (this is also based on settings from TCP/IP Quality of Service
page). Each class has its own ESFQ queue. Assigning traffic to each of these
queues is based on ports and markings added to packets with IPP2P
module.
134 CONFIGURATION USING LINUX CONSOLE
6. Advanced topics
6.1 Syslog
Syslog is a mechanism of registering event messages with a special remote server. A syslog server is
built into each Linux OS distribution, but usually it’s configured in such a way that it accepts messages
from local machine only (not from the network).
To configure syslog server in Linux for receiving messages sent by APPro54G, you need to add ‘-r’
switch to the syslog call.
syslogd -r
Configure your device with extra care. The following procedure is intended for
advanced users only. Any mistake could lead to disabling access to your AP!!!
• Place a Web page with the message to your users in AP’s memory. Keep this message file
as small and simple as possible. If you need to have some graphics files with your message,
put them on other servers. These files will be downloaded from there, while the message
itself will come from your AP. Save your page in /usr/local/ directory (in AP’s filesystem).
• Create a script that will act as a Web server. Put that script in /usr/local/ directory
(in AP’s filesystem).
• Add call to this script to inetd daemon tasks list, so it will be executed while establishing
connections on specified port (in this case: 1080).
• New settings will be activated after each restart of your AP device. You can also activate
new configuration without restarting the AP. You just need to restart inetd daemon. First, you
need to find pid of the daemon on process list, then stop it with kill command, and start the
process again.
Online.PL/APPro (Poltegor.zachod)# ps
PID Uid VmSize Stat Command
1 admin 364 S init
2 admin SW [keventd]
3 admin SWN [ksoftirqd_CPU0]
4 admin SW [kswapd]
5 admin SW [bdflush]
6 admin SW [kupdated]
7 admin SW [mtdblockd]
29 admin 244 S /sbin/watchdog -t 20 /dev/watchdog
474 admin 488 S -sh
476 admin 372 S /usr/sbin/crond -f
477 admin 272 S /usr/sbin/rtl8181d
478 admin 416 S /bin/sh /usr/sbin/watchdog.sh
5246 admin 284 S telnetd
5247 admin 544 S -sh
5511 admin 364 S inetd
6361 admin 220 S sleep 1140
6406 admin 404 S /bin/webs
6423 admin 332 R ps
Online.PL/APPro (Poltegor.zachod)# kill 5511
Online.PL/APPro (Poltegor.zachod)# inetd
• After restarting the inetd you should check whether your new configuration works properly.
You can do that by entering http://ap_ip_address:1080/ in your Web browser address.
You should see the following message:
• Remember to save edited file in device’s flash memory with the flash save command,
and to activate new configuration using the reload command.
Files saved this way will be automatically restored from flash memory when AP
is restarting. Remember that erroneous configuration in one of the files could
disable your AP until you restore its default configuration.
If user space in flash memory gets occupied, flash save command becomes
unavailable (this command uses the same flash space). Of course, flash save-
config command still will be accessible. The amount of flash memory reserved
for file saving is 128 KB.
140 ADVANCED TOPICS
With dmesg command you can display large amounts of information related to connection status:
[1] rssi 44% real 47 tx 11 rx 11
[2] rssi 41% real 41 tx 11 rx 11
[1] rssi 44% real 34 tx 11 rx 11
[2] rssi 41% real 38 tx 11 rx 11
first field refers to station number, next – to RSSI value, and the tx 11 with rx 11 describe current
speeds of data sending and receiving from a given station (in this case – 11 Mbit/s).
• With the Reset button pressed, turn on your AP– the Status LED should be alight.
• Keep that button pressed for another five seconds or so, until the Status LED goes out.
• Release the Reset button.
• Send new firmware to your AP with the following command:
tftp -m binary 192.168.1.6 -c put 5460recovery.bin.
• Wait while the AP saves new data to the flash memory and restarts (this could take up to
three minutes). At the end of this operation Status LED will go out, and the WLAN LED
should start blinking.
At this point your device should be accessible at its default IP address (192.168.100.252). Log on to
AP’s Web interface and continue with firmware update procedure by following the guidelines shown
on your screen.
With this procedure, you can also upgrade Ovislink 5460 to any version of APPro54G firmware. You
just need to upload it instead of ‘rescue’ firmware file.
Above results were obtained in a controlled test environment and with the following features disabled:
NAT, NETBIOS Filtering, Port Filtering and Port Forwarding. Also the Quality of Service and the Traffic
Manager features were disabled unless specified otherwise.
General guidelines:
• Use only WiFi antennas from renowned manufacturers. On base stations you should install
collinear or sector antennas with the vertical polarization, and on client stations – panels
made with microstrip technology.
• When you install antennas, remember that the higher the antenna’s gain, the narrower the
vertical angle of WiFi signal radiation. This angle ranges from 3 to 30 degrees, which in
practice means that you need to install antennas on the same level, or to tilt base station’s
antenna towards the clients.
• Antennas need to “see” one another without any obstacles, and additionally ensure that
nothing stands in the way in the so called Fresnel zone. In short, this zone can be regarded
as a straight tunnel that connects the base station with its client. Depending on the distance
between these devices, the tunnel’s diameter varies from 5 to 30 meters (greater distance
means bigger diameter). The zone should be free of any trees, rooftops, chimneys, and such
like.
• The length of antennas’ cables should not exceed 3 meters, and they should be made by
renowned makers (along with installed connectors).
• Client stations should be placed at similar distances from the base station.
• If your network’s performance has a high priority, a single base station shouldn’t be connected
with more than 15 WiFi clients. This is a result of wireless transmission system’s limitations.
• When choosing a wireless channel for your network, the best one would be placed at least 3
channels from other channels occupied in your area. Never select channels adjacent to ones
that are occupied by devices that emit a strong signal.
The following settings are available on Wireless/Advanced Settings page of APPro54G Web
interface.
and then:
• Busy channel sensing: Energy Detection;
• Long retry limit: 3;
• Short retry limit: 1;
• Preamble Type: Short;
• Disable G-Protection: select this option if there are no 802.11b devices in your
network. Otherwise, this option should be disabled.
• After enabling QoS feature, remember that traffic coming out of APPro54G device should not
exceed 4 Mbit/s.
• With the Traffic Manager enabled, the maximum transmission speed comes to about
6 Mbit/s.
• Maximum bandwidth assigned to a single client with the Traffic Manager should not exceed
2 Mbit/s.
• After enabling the NAT feature, the maximum transmission speed amounts to 8 Mbit/s.
To achieve a maximum transfer in 802.11g mode, disable the following features:
• NETBIOS Filtering (Wireless/Advanced Settings page);
• Port Filtering;
• Port Forwarding;
• Quality of Service;
• Traffic Manager (all these options are found in TCP/IP section).
If you need transfer speeds higher than 10 Mbit/s, it’s recommended that you install APPro54G turbo
edition. Additionally, you should enable Traffic Manager in TCP/IP Bridge mode, and shouldn’t use
such features as NETBIOS Filtering, Port Filtering, Port Forwarding or Quality of Service.
• Check the values returned by the ping command for packets with a length of 100 bytes.
Such packets should be sent to each client without any losses and in time shorter than
5 ms.
• Try the ping command for packets that are 1300 bytes long. Also here you shouldn’t
experience any losses, and the measured time shouldn’t exceed 12 ms.
• Log on to your AP with a Telnet client and issue the command
cat /proc/wlan0/sta_info. Next, check if each client station has the proper values
for entries listed below (values below are just examples):
r tx_bytes: 266623897,
r rx_bytes: 566937573,
r tx_pkts: 484798,
r rx_pkts: 620389,
r tx_fail: 100 (this value shouldn’t exceed 0.1% of the tx_pkts value),
r rssi: 55 (this value shouldn’t be lower than 40),
r current_tx_rate: 11 (tx_rate and rx_rate values should be identical in all
devices),
r current_rx_rate: 11.
If the tests give a negative result for one of connections, the probable cause of your network’s issues is
an incorrect antenna setup or a configuration on client’s side. If improper values are found in a larger
number of clients, you need to check the antenna and the configuration of the base station.
• Familiarize yourself with the guidelines from section 6.7, and check whether you didn’t
exceed device’s maximum transfer rate in a given configuration.
• Set the “safe” configuration of a wireless interface, described in section 6.7.
• Check the effects of changing the Disable G-Protection option.
• If your problem lies in the periodical disconnection of client stations, or in signal loss that
repeats every couple of seconds, you need to disable the packet aggregation option.
• If your network suffers from large delays (indicated with high ping values), the problem may
be caused by setting too a low transfer speed in relation to client traffic. Minimum transfer
speed that ensures reasonably low delays is 5.5 Mbit/s. If the traffic exceeds bandwidth of a
given connection segment, you need to lower its volume with the Traffic Manager
feature. Adjust transfer limits until you achieve acceptable delays.
• If your network suffers from large delays and low performance, your problems may be
caused by an overloaded AP device, that has to handle excessive traffic volumes (see:
section 6.7) or too many wireless clients. In such cases you can either upgrade APPro54G
software to turbo edition, disable some of the traffic control features, or divide your traffic
between several access points.
146 ADVANCED TOPICS
• In the case of recurring losses of larger data packets, your network may suffer from
interferences originating from adjacent WiFi channels or other devices operating in the area.
If you cannot switch to another WiFi channel, or such a change doesn’t improve the
situation, check how your network operates after lowering the Fragment Threshold
parameter (on Wireless/Advanced Settings page). Suggested values are 1500, 1000,
800 and 500.
• If your problem consists of delays and data loss, but only when the network’s under high
traffic load, your problems may be caused by a hidden WiFi station. In such a case test
how your network operates after lowering the RTS Threshold parameter (on
Wireless/Advanced Settings page). Suggested values are 1500, 1000, 800 and 500.
• If the problems occur only in APC mode, ensure that you enabled MAC address masking
(APC MAC Translation option on TCP/IP Advanced Settings page).
• login attempt for nonexistent user – Someone attempted to log on with an invalid
username.
• invalid password for 'admin' on 'ttyp1' – Someone attempted to log on with an
invalid password.
• Process '/usr/sbin/webs.sh' (pid 17437) exited. Scheduling it for
restart – The Web server was restarted (this is a normal behavior of an AP).
• Starting pid 21324, console /dev/null: '/usr/sbin/webs.sh' – Launching a
Web server started (this is a normal behavior of an AP).
• br0: port 1(wlan0) [komunikat] – A change of bridge’s configuration (this is a normal
behavior of an AP).
• HTB init, kernel part version 3.17 – A change of QoS configuration
(this is a normal behavior of an AP).
• PPPoE Relay feature is needed only when your AP operates as a router, and it has to be
transparent to PPPoE protocol.
• To separate client and Internet network completely (on TCP/IP protocol level), and at the
same time to enable relaying PPPoE traffic, you should:
r configure your device as a router without any IP address assigned to the interface to
which the client is connected;
r enable PPPoE Relay feature;
r configure PPPoE software on a client computer.
• To ensure proper operation of PPPoE client in APC mode, it’s recommended to disable
masking of MAC addresses.
148 TROUBLESHOOTING
7 Troubleshooting
If your AP is not operating properly, it doesn’t necessarily mean that it is defective. Often you can
resolve the problem or find its cause after you adapt just a few simple advices.
• Check your antenna. Usually a faulty antenna causes 90% of all problems with wireless
connectivity. If you use no name antennas, for testing you should replace them with some
good-quality products (recommended brands are Dipol, Interline, and Elbox) or use the
antenna provided with your AP device.
• Use network devices of similar class, if possible. Some older models, e.g. based on Atmel or
ACX 100 chipsets, will not communicate with more recent WiFi devices.
• To ensure the proper operation of a wireless connection, test it at 100% of optical visibility,
and with clean Fresnel zone (an area of radio energy propagation along the axis connecting
the transmitter with the receiver).
• Check whether the packets with a length of 1400 bytes can be transmitted. If the
transmission gets disrupted (packets are lost), usually it indicates problems with the antennas.
• Upgrade device’s firmware to the latest version of APPro54G or APlite54G (shown in red on
APPro homepage – Download section).
• Ensure that QoS and Traffic Manager are configured according to guidelines found
in section 3.10.
• Ensure that the wireless interface is configured according to guidelines found in sections 6.7
and 6.8.
• If you’re convinced that the problem is connected with the functionality significant for all
users, make a submission on our forum: http://approsoftware.com/ and send an e-
mail with additional information to service@approsoftware.com address.
• If you think that the problem occurs only in your specific configuration, send only an e-mail
to service@approsoftware.com address.
• If you just need some help in configuring your device, start a new thread on our forum.
Before you submit your problem, create a log for tech support:
Tech support file contains IP and MAC addresses, as well as login and access
password to the AP device. This file shouldn’t be made available to any
third parties (e.g. via the Internet).
• Precisely describe the nature of your problem. Use ping and traceroute commands to obtain
additional information.
• Try to describe your network’s topology. Including some illustration would be a good idea.
• Include a file obtained with get technical support link (see: page 115).
• Add some information about AP’s configuration (include screenshots if needed).
• Include info on versions of software, AP models and antenna types (and their
manufacturers) on both ends of your connection.
After receiving your e-mail, the authors of APPro54G software will contact you
only if they require some additional information to resolve the problem.
Received submissions are ordered and the discovered errors will be fixed
in successive editions of APPro54G. Usually, we recreate the configuration
that causes the problems. However, you need to remember that some
problems have sources that are independent from us, such as the hardware’s
performance, or errors in third-party software. In such cases fixing a problem
may not be possible
8. Appendices
A. Literature
The field of wireless networks is very broad. To make the most of a WiFi network and devices’
capabilities, you need to master some extensive knowledge. Creators of APPro54G software
recommend following resources:
Internet
• http://approsoftware.com/ – homepage of APPro54G and APLite54G software;
also contains the list of national representatives;
• http://www.dslreports.com/faq/wlan – useful information on computer networks;
• http://www.wi-fitechnology.com/ – forum dedicated to computer networks;
• http://www.linux.ie/newusers/beginners-linux-guide/ – guide for beginners in
Linux use and administration;
• http://www.ssuet.edu.pk/~amkhan/Linuxbooks/OReilly%20%20Linux_
Network_Administrator's_Guide_Second_Edition.pdf – PDF file with book
Linux – network administration guide.
B. CE certificate
152 APPENDICES
APPENDICES 153
154 APPENDICES
APPENDICES 155
Visit: http://approsoftware.com/