Appro54g Ovislink Eng 2

APPro54G
Software User’s Guide.

Version for OvisLink WL-5460AP
Access Point
Witold Warczak, Przemys∏aw Kobel
Security
Bandwidth management
Wireless connection sharing
Configuration using Linux console
Bridge, Router, WISP, WDS Modes
Wroc∏aw 2007
APPro54G
Software User’s Guide
Version for
OvisLink WL-5460AP
Access Point
Witold Warczak
Przemys∏aw Kobel
2007 © by Alfanet Sp. z o.o., Wroc∏aw

All rights reserved
APPro54G Software User’s Guide. Version for OvisLink WL-5460AP
mgr in˝. Witold Warczak, mgr in˝. Przemys∏aw Kobel
2007 © by Alfanet Sp. z o.o., Wroc∏aw

All rights reserved.
ISBN-13: 978-83-924807-0-9
Published by:
Alfanet Sp.z o.o.
Bulwar Ikara 29A/2
54-130 Wroc∏aw
www: http://www.approsoftware.com
email: info@approsoftware.com
tel: +48 71 79 56 000
fax.: +48 71 79 56 500
Images of OvisLink Access Point used with courtesy of Action SA.
Design and DTP:

Rafa∏ Komorowski, Karol ¸otocki, Pro-Forma Sp.z o.o., Tomasz Stasiak
Print:
„Duet” S.C. Drukarnia
ul. Cybulskiego 35b
50-205 Wroc∏aw
tel. (071) 32 87 879
All rights reserved, including rights to reprint and translation. No part of this book may be published without
prior written consent of the publisher. This also applies to photocopying, microfilms and transferring data to
computer systems.
Acknowledgements
Authors of this book want to thank many persons for their valuable input and support that helped
to complete the work. In particular, we are thankful to: Robert Bogacz, Bohumil Boura, Robert
Kowal, Jacek Pasek, and ¸ukasz Piotrowski. Also, the product managers of Polish distributors had
their part in communication with hardware manufacturers. Without that help APPro development
would be much more difficult – if not impossible. That’s why we want to send our thanks to:
Pawe∏ Koz∏owski, Pawe∏ Martyniuk, Maciej Miku∏owski, Pawe∏ Walczak and Bartosz Wróbel.
Maciej Miku∏owski is the first person that believed in APPro success and in November 2004 agreed
to install this software on Access Points. Since then, APPro/APlite software has been installed on
over 100 000 devices around the globe.
Thak you!
The APProSoftware.com Team.

TABLE OF CONTENTS 5
Table of contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 Basic modes of operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2. Device setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1 Starting the AP device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.2 Accessing the Web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.3 Restoring AP’s default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.4 Changing the access password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.5 Confirming and activating new settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.6 Updating the firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3. Step by step: common configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.1 AP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2 APC Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.3 Bridge Master mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.4 Bridge Slave mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.5 WISP mode (wireless connection sharing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.6 Wireless Router mode (WAN connection sharing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.7 Wireless Router mode (DSL connection sharing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.8 Wireless Router mode (DSL with PPPoE connection sharing) . . . . . . . . . . . . . . . . . . . . 54
3.9 WDS/Repeater mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.10 Bandwidth management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.10.1 Selecting uplink and downlink interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.10.2 QoS settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
3.10.3 Flow Limits settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
3.10.4 Traffic Manager settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
3.11 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
3.11.1 Access Control List (ACL) for client stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
3.11.2 Authentication of wireless stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
3.11.3 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
3.11.4 Blocking unauthorized machines with MAC and IP addresses . . . . . . . . . . . . . . . . . 87
4. AP’s Web interface . . . ............................................ 88

4.1 Status . . . . . . . . . . . . ............................................. 88
4.1.1 AP Status . . . . . . . . ............................................. 88
4.1.2 Linux System . . . . . . ............................................. 90
4.1.3 Active clients . . . . . . ............................................. 91
4.1.4 DHCP Clients . . . . . ............................................. 92
4.1.5 Connection Tracking . ............................................. 92
6 TABLE OF CONTENTS
4.2 Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
4.2.1 Basic Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
4.2.2 Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.2.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
4.2.4 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.2.5 Site Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.2.6 WDS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
4.3 TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

4.3.1 Basic Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
4.3.2 Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
4.3.3 DHCP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
4.3.4 PPPoE Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
4.3.5 Port Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
4.3.6 Port Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
4.3.7 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4.3.8. Traffic Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
4.4 Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

4.4.1 Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
4.4.2 Firmware/Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
4.4.3 Password Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
4.4.4 System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
4.4.5 Register Now! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
4.4.6 Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
4.5 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

4.5.1 Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
4.5.2 QoS Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
4.5.3 Client Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
5. Configuration using Linux console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

5.1 Logging on to APPro54G software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.2 Filesystem structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
5.3 Commands specific to APPro54G . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.4 APPro54G’s boot process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
5.5 APPro54G’s interfaces configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
5.6 Internal firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
5.7 QoS module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
TABLE OF CONTENTS 7
6. Advanced topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

6.1 Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
6.2 Messages for AP’s clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
6.3 Modifying system files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
6.4 Disconnecting specific client station . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6.5 Extended connection logging with syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6.6 Repairing corrupted firmware with TFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6.7 Optimizing performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6.8 Common issues in low-performance networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
6.9 Analysis and interpretation of system log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
6.10 PPPoE settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
7 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
7.1 How to report problems with software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148
7.2 Sending the AP for service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
8. Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
A Literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
B Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
C New firmware versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
D New versions of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

8 INTRODUCTION
1. Introduction
This guide contains description of innovative APPro54G software, created by Alfanet – a company
based in Wroclaw, Poland. This software enables the creation and complete oversight of computer
networks – both wired (LAN), and wireless (WiFi or WLAN) – while maintaining a very low cost of
construction and operation of such a network. Thanks to APPro54G, a simple Access Point (AP in
short) gains new capabilities, matching (and sometimes even exceeding) those of high-profile,
expensive wireless devices. While advanced, the software is still easy to use. More experienced users
can get extra functionality by logging on to the built-in Linux system.
About us
Alfanet sp. z o.o. is a Wroc∏aw-based Polish company, operating since 1996 as an ISP, as well as
provider of solutions based on Open-Source Software and Linux operating system. We offer to our
customers such services as Web hosting, domain registration and maintenance, design of Web
applications and Web pages, network security and wireless Internet access. Alfanet also designs and
sells specialized APPro54G software for Access Points based on RTL8186 chipset.
Alfanet, SP. z o.o.

Bulwar Ikara 29A/2
54-130 Wroc∏aw, Poland
INTRODUCTION 9
1.1 AP overview
Ovislink WL-5460AP is designed for indoor use only. Its power supply has an output voltage of
12 V and a current of 800 mA. The power supply can be replaced with a PoE (Power over Ethernet)
adapter connected to a UTP/STP (LAN) cable.
Power socket (1) is placed on the AP’s backplate. Next to it, there are two RJ-45 ports (2) and (3),
used for connecting to LAN networks. These ports can work in several modes, depending on software
configuration.
The Reset button (4) allows quick restoration of the device’s default settings.
The last socket on WL-5460AP is an RP-SMA port (5) intended for WiFi antenna. In this socket,
you can install enclosed antenna. It’s possible to use other antennas as well, as long as they are
designed to work in 2,4 GHz frequency band, and have an impedance of 50 ohms.
10 INTRODUCTION
Using an improper antenna type may damage the radio module of the
device!and ports Ethernet 2 to 5 are used for LAN network.
On the front panel AP has LEDs that indicate device’s status. They have following meaning:
• Power (6) Power indicator.
• Status (7) Device status. If the red LED is lit, it means that the data is
written to flash memory, device is starting up or its
configuration is being changed. When this LED goes out, AP is
ready to work.
• Link/Act (8) Network connection status.
• WEP (9) Wireless network protection is on.
• MAC Ctrl (10) MAC addresses filtering.
• Repeater (11) The device is working as a bridge, wireless repeater or uses
PPPoE connection.
• LAN1, LAN2 (12), (13): These LEDs indicate data transmission through AP’s LAN ports.
1.2 Basic modes of operation

APPro54G software is available in several versions that differ in some features and are tailored to spe-
cific tasks. Users can pick any of these versions, and change them at any time. This way their APs can
always be adapted to any current needs. Steps needed to change installed version of APPro54G soft-
ware are the same as in case of firmware upgrade, discussed in chapter 2.6 and Appendix C.
At this time, the following versions of APPro54G are available:

• APPro54G standard: General-purpose version, intended for most users.
• APPro54G turbo: Optimized version, that offers high transmission speeds (over 10 Mbit/s).
For more information about differences between particular flavors of APPro54G, visit the site
http://approsoftware. com/appro54g/. This book refers to the standard version of the softwa-
re. Devices equipped with APPro54G can operate in several basic modes, including Access Point, Ro-
uter, Access Point Client, Bridge or part of WDS (Wireless Distribution System) . In each of these mo-
des, the device performs different functions, suited for specific applications.
Access Point
In this mode, AP enables connection between WiFi devices and resources of wired LAN network.
AP’s LAN interfaces work as a multiport switch, relaying traffic between traditional LAN and wireless
WLAN networks. For more information: see page 16.
INTRODUCTION 11
AP Client
In this mode AP operates as a WiFi network adapter, connected to the computer via an ordinary LAN
port. Simultaneously it’s possible to use AP as a multiport network switch that relays traffic between
LAN and WLAN networks, but to connect multiple LAN users to WiFi, adequate device configuration
is necessary. For more information: see page 22.
Bridge
Devices operating in bridge mode allow connection of several different LAN networks (up to five) with
wireless links. Such configuration offers slightly higher performance than common AP – APC connec-
tion. For more information: see page 28.
WISP (wireless connection sharing)

In this mode it’s possible to share a single wireless connection between multiple LAN users. Device
operates similarly to a client station (AP Client) , but additionally has routing feature enabled, and
it’s possible to use network address translation (NAT) . For more information: see page 41.
Wireless Router (WAN connection sharing)

This mode enables sharing with multiple users a connection (usually to the Internet) provided via the
Ethernet interface. The shared connection is available to both LAN and WiFi network users. For more
information: see page 47.
WDS/Repeater
Device operating in this mode acts as an element of Wireless Distribution System (WDS) . Such sys-
tem enables creation of a wireless network that covers a much larger area than is possible with single
Access Point. For more information: see page 61.
APPro54G software has much greater capabilities, such as functions that optimize network opera-
tion, connection diagnostics, address filtering or bandwidth management for specific users. These topics
are covered in detail on (in the) next sections of this guide.
12 DEVICE SETUP
2 Device setup
2.1 Starting the AP device

After powering up, the device shortly flashes all its LEDs. Then the operating system is loaded, which
is indicated with Status LED (at the same time the Power LED is lit, which means that the device is
powered up). After the Status LED goes out, AP is ready to work and can be accessed, for example via
the Web browser.
2.2 Accessing the Web interface

Before AP can be used, it’s necessary to connect the device with a PC using enclosed LAN cable. The
computer needs to have a LAN adapter as well. Also, you can connect AP to your existing LAN (for
example to a switch) , and configure the device using any of networked computers. Also, you need to
properly configure network settings of your computer. The following example shows how to configure
a computer with Windows XP OS.
Network settings for Windows XP

Default IP address of Access Point is 192.168.100.252 with subnet mask of 255.255.255.0 (addi-
tional information on default network settings is shown in box below) . In order to communicate with
the AP, your computer needs to have an IP address from the same class, e. g. 192.168.100.1.
Default settings of Access Point

IP Address 192.168.100.252
Subnet mask 255.255.255.0
Gateway 192.168.100.254
login admin
password admin
SSID APPRO
Channel 7
DHCP Server disabled
Mode Access Point
To configure your PC’s network settings for communication with AP

• From Start menu choose Control Panel.
• In Control Panel window click Switch to Classic View and double-click the Network
Connections. A list of network connections will be displayed.
• Right-click on Local Area Connection corresponding to interface connected with AP, and
choose Properties. A dialog box with network settings will be shown.
• Highlight Internet Protocol (TCP/IP) on the list and click Properties button.
DEVICE SETUP 13
• In the Internet Protocol (TCP/IP) Properties dialog enable Use the following
IP address option, and in IP address and Subnet mask fields type values
192.168.100.1 and 255.255.255.0 respectively. You can leave other fields unchanged.
• Close dialogs, confirming new settings with OK button.
Your computer is now ready to work the with Access Point device. Now you can power up the AP, and
on computer launch a Web browser that supports JavaScript (some of popular browsers are Internet
Explorer, Mozilla and Opera) .
Opening device’s management panel

• After proper setup of network connection and powering up the AP, you can open its manage-
ment panel. In order to do that, you need to open a Web browser, in address bar type
http: //192.168.100.252/ and then press the Enter key.
• A dialog box is displayed, asking for username and password. If AP has default password
settings, in both fields type word admin.
In order to improve network security, you should change device’s default user-
name and password. This will prevent unauthorized users from changing
AP’s configuration.
• APPro54G management page will be shown in browser window. If your copy of

APPro54G software is still unregistered, you’ll also see a dialog box asking for product regi-
stration. The registration requires only one piece of information: the e-mail address of the
APPro54G user.
Registered users will receive messages strictly concerning APPro54

software (i.e. about latest updates and new products from APPro family).
E-mail sent during registration won’t be shared with any third party, nor
used for any other purposes than stated above.
Advanced users will appreciate the possibility of logging on directly to device’s Linux console via Telnet
or SSH protocols. To use this feature, all you need to do is to enter device’s IP as a host address. User-
name and password are the same as in AP’s Web interface.
14 DEVICE SETUP
2.3 Restoring AP’s default settings

In case of AP’s incorrect configuration (e.g. resulting in lack of access to Web interface), you can restore
device’s settings to factory defaults. To perform this operation, you need to wait until system loading
completes (Status LED goes out), and then press and hold Reset button, placed on AP’s back panel.
After about three seconds Status LED will be on – at this point you can release Reset button and you
must not press it at least until AP’s completely restarted. AP will be accessible under its default IP
address.
To restore default settings using AP’s Web interface:

• Log on to the AP (see: page 12) .
• In Other section click on Upgrade Firmware.
• Click Restore Default button.
• Wait a few seconds until AP reverts to default settings.
Default settings will be written to device’s memory, but they won’t be

activated until you restart AP or click the Apply Changes button.
2.4 Changing the access password

After installing device you should change default username and password as quickly as possible. This
will prevent AP’s management interface from unauthorized access.
To change APPro54G’s access password:

• Log on to the AP (see: page 12) .
• In Other section click Password Change.
• In User Name field type new username.
• In both New Password and Confirm Password fields enter your new access password.
• Save new settings by clicking OK button.
• To restore page’s initial values, click Reset button.
2.5 Confirming and activating new settings

In APPro54G’s Web interface, each page that allows change of settings contains two buttons: OK and
Apply Changes. Their purpose is always the same – OK button saves new parameters in device’s me-
mory, but activation of these settings will take place only when AP is restarted or after clicking Apply
Changes button. Pressing Apply Changes button also saves new settings, but at the same time it ac-
tivates them.
DEVICE SETUP 15
2.6 Updating the firmware

With the Firmware Update feature users can perform AP modernization. Usually new versions of
APPro54G software include new functionality or improved utilization of AP’s hardware resources.
Upgrade operation is very simple: you just need to download a file with latest version of
APPro54G from the Internet, and then upload it to the device.
To upgrade APPro54G software in AP device:

• Launch Web browser (e. g. Firefox, Opera or Internet Explorer) .
• In addres bar, type the following address http: //approsoftware.com/.
• In Download section, choose the latest version of APPro54G software.
• In browser’s address bar type AP’s IP address (default is http: //192.168.100.252/) .
Enter username and password when asked (default: admin and admin) .
• In Other section click on Upgrade Firmware. A panel will be displayed that allows softwa-
re upgrade.
• In Select File box specify path and filename of downloaded firmware. You can also click
Choose button and select a file from new dialog box.
• Click on Upload button.
• To restart device with the new firmware, in Other section click Reboot, and then click on
Reboot button. The device will perform a complete system restart, and then it will run the
new version of APPro54G.
It is extremely important to ensure that the uploaded file contains correct

firmware and isn’t corrupted. If the downloaded file has some errors or is
intended for another type of device, AP will stop working. To restore AP’s
correct operation (in case of damaged software) or revert to manufacturer’s
original firmware, follow steps described on page 140.
16 STEP BY STEP: COMMON CONFIGURATIONS
3. Step by step: common configurations
3.1 AP Mode
In this mode, you can use your AP to connect wireless devices to a standard wired LAN network. Ac-
cess Point operates like a multiport network switch, that relays traffic between LAN and WLAN net-
works.
This section doesn’t apply to AP mode with NAT feature enabled. Such configurations are dis-
cussed on following pages.
Connection setup
LAN network can be connected to LAN1 or LAN2 port in the AP. Additionally, these ports work as a
standard network switch, which allows connection to extra devices.
Requirements
• To configure AP device, it has to operate with IP address and subnet mask consistent with
addressing scheme established by network administrator or service provider (see: page 12).
• To provide AP with Internet access, you need to set up proper gateway and name server
(DNS) addresses in device’s options.
• If AP’s configuration was previously altered, it’s recommended to restore its default settings.
STEP BY STEP: COMMON CONFIGURATIONS 17
Actions
• Log on to the AP (see: page 12).
• On Wireless/Site Survey page find a free, or the least occupied WiFi channel
(see: page 99).
• On Wireless/Basic Settings page set the following options:
r Mode: AP Access Point;
r ESSID: enter name of your network, e. g.: MY_NET;
r Enable Packet Aggregation: remove selection;
r Channel Number: choose number of channel found on Site Survey page;
r Modulation: choose 802.11b;
r Click on OK button.
• On Wireless/Security page set the following options:

r Authentication Type: Auto;
• On Wireless/Advanced Settings page set the following options:

r ACK Timeout: 255;
r Receiver Sensitivity: -82 dBm;
r TX Power: 18 dBm;
r Tx Rate: 11M;
r Block IBSS Traffic: select this option to disable direct communication between
WiFi adapters;
r NETBIOS Filtering: select this option to disable „network neighborhood” – related com-
munication (like in Windows OS) between LAN and wireless networks;
r Busy channel sensing: Energy Detection;
r Long retry limit: 6;
r Short retry limit: 6;
• On TCP/IP/Basic Settings page set the following options:

r Routing/Bridging mode: Bridge;
r Bridge Interface settings – enter IP address and subnet mask of your
AP device.
– IP Address: IP address;
– Subnet Mask: subnet mask;
r Other settings/Default Gateway: if your AP operates in LAN network with Inter-
net access, enter address of the gateway (a device that relays Internet communication).
• On TCP/IP/Advanced Settings page set the following options:

r In Network Address Translation section:
– NAT: choose Disabled;
r In Bandwidth management section:
– Uplink Interface (Internet) : choose LAN1, LAN2;
– Downlink Interface (clients) : choose WLAN;
r In Other settings section:
– DNS Address: type IP address of the name server (DNS) , obtained from your Inter-
net provider.
• Click on Apply Changes button
After setting these options, you need to configure each computer in the wireless network with appro-
priate settings. At this point the Internet connection should be already available. If network operates
properly with new settings, you can additionally configure:
• encryption of data transmission (see: page 97),
• authentication of client devices (see: page 94),
• bandwidth management (see: page 72).
3.2 APC Mode

In APC mode (Access Point Client) device operates as WiFi network adapter. At the same time,
it serves as a multiport switch, that relays traffic between WLAN and LAN networks. Thanks to MAC
address masking, single Access Point in APC mode can be used to connect several other devices
– however, it’s necessary to properly set up AP’s (base station’s) wireless network options.
This section doesn’t apply to APC mode with NAT feature enabled. Such configurations are discus-
sed on following pages.
Connection setup
LAN network can be connected to LAN1 or LAN2 port in the AP. Additionally, these ports operate as
a standard network switch, which allows connection to extra devices.
Requirements
• To enable AP’s connection with wireless network, you need to know that network’s SSID.
• For proper operation of AP in client mode, you need to know channel number and mode
(b or g) of wireless network you’d like to connect to.
• If your network uses encryption, you need to know WEP or WPA encryption keys as well.
• To enable communication between computers in LAN and a wireless network, machines in
LAN need to have IP addresses and subnet mask consistent with addressing scheme
established for WiFi network by AP administrator.
• To configure AP device, it has to operate with IP address and subnet mask consistent with
addressing scheme established by network administrator or service provider.
Actions
• On the Wireless/Site Survey page find the correct base station
(see: page 99). Ensure that this station’s signal has adequate strength (recommended value
is 35 or more).
r Mode: APC Infrastructure Client;
r ESSID: type SSID identifier of wireless network you want to connect to;
r Modulation: choose operating mode of wireless network you want to connect to.
If you don’t know the correct value, select 802.11b;


r ACK Timeout: 255;
r Receiver Sensitivity: –82 dBm;
r TX Power: 18 dBm;
r Tx Rate: 11M;
WiFi adapters;
r NETBIOS Filtering: select this option to disable ‘network neighborhood’ – related
communication (like in Windows OS) between LAN and wireless networks;

r Bridge Interface settings – type correct (determined earlier) IP address
and subnet mask of your AP device;
r Other settings/Default Gateway: if your AP operates in LAN network with Inter-
net access, enter address of the gateway (a device that relays Internet communication).

r In Bridge settings section:
– APC MAC Translation: choose Enabled;
– Uplink Interface (Internet): choose WLAN;
– Downlink Interface (clients): choose LAN1, LAN2;
– DNS Address: type IP address of the name server (DNS), obtained from your
Internet provider.
• Click on Apply Changes button.
After setting these options, you need to configure each computer in the wireless network with appropria-
te settings. At this point the Internet connection should be already available. If network operates properly
with new settings, you can additionally configure:
• access options for computers in LAN network and bandwidth management (see: page 72).
3.3 Bridge Master mode

In this mode, Access Point can connect together up to five separate LAN networks. It is possible only
after setting up Bridge Slave mode on other APs (max. four) that are connected to the Bridge Master –
each of slaves creates a wireless bridge with your AP. Such a bridge has slightly higher throughput than
typical connection between AP and its client (AP – APC). Additionally, AP in this mode doesn’t mask
MAC addresses.
Connection setup
Requirements
• In order to connect other APs configured as Bridge Slaves, it’s necessary to know their MAC
addresses.
Make sure that MAC addresses of Bridge Slaves are actually their WLAN inter-
face addresses (BSSID value on the AP Status page of APPro54G
Web interface).
• To communicate with Bridge Master, Slave devices need to have IP addresses and subnet
masks consistent with addressing scheme established by network administrator or connec-
tion provider.
• To properly configure Bridge Master device, you need to set AP’s IP address and subnet
mask that are consistent with addressing scheme established by network administrator
or service provider.
Actions
• On Wireless/Site Survey page find a free, or the least occupied WiFi channel, on which the
bridge will operate (see: page 99). All devices set up as bridge elements have to operate
on the same channel.
r Mode: Bridge Master;
r ESSID: type name of your network, e.g.: MY_NET;
r Slave MAC Address: type MAC addresses of Slave devices communicating with your
AP. MAC addresses need to be entered in xx:xx:xx:xx:xx:xx format, where ’x’ stands for digits
0–9 and letters a–f (lowercase).


r ACK Timeout: 255;
r TX Power: 18 dBm;
r Tx Rate: 11M;
r Block IBSS Traffic: zselect this option to disable direct communication between
WiFi adapters;

r Bridge Interface settings – type IP address and subnet mask of your AP device.
r Other settings/Default Gateway: if your AP operates in LAN network with
Internet access, enter address of the gateway (a device that relays Internet
communication).

– Uplink Interface (Internet): choose LAN1, LAN2;
– Downlink Interface (clients): choose WDS (Bridge);
Internet provider.
After setting these options, you need to configure other parts of the bridge – the devices operating as
Bridge Slaves. At this point it should be possible to communicate with other APs operating in Bridge
Slave mode.
If this initial set up is working properly, it is recommended to set up additional features:
• bandwidth management (see: page 72),
• encryption (see: page 84).
3.4 Bridge Slave mode

With Access Point operating in Bridge Slave, you can create a wireless bridge that consists of your AP
and other device configured as Bridge Master or Slave. Such a bridge has slightly higher throughput
than a typical connection between AP and its client (AP – APC). Additionally, it doesn’t mask MAC
addresses.
Connection setup
Requirements
• To establish connection between your device and another AP that operates in Bridge Master
mode (or Slave in two-point bridges), it’s necessary to know MAC address of the other
device.
Make sure that MAC address of the other device is actually its WLAN interface
address (BSSID value on the AP Status page of APPro54G Web interface).
• To properly configure Bridge Slave device, you need to set AP’s IP address and subnet mask
that are consistent with addressing scheme established by network administrator or service
provider (see: page 12).
• To connect to the Internet, it’s recommended to enter Gateway and name server (DNS)
addresses.
Actions
(see: page 99).
Repeat these steps on each Slave and Master device of wireless bridge. All
APs configured as parts of your bridge have to operate on the same channel.

r Mode: Bridge Slave;
r ESSID: type name of your network, e.g.: MY_NET;
r Channel Number: choose channel number found on Site Survey page
(the same channel has to be set on other Master and Slave devices as well);
r Peer MAC Address: type MAC address of bridge device (Master or Slave) that will
communicate with your AP. MAC address needs to be entered in xx:xx:xx:xx:xx:xx
format, where ‘x’ stands for digits 0–9 and letters a–f (lowercase).


r ACK Timeout: 255;
r TX Power: 18 dBm;
r Tx Rate: 11M;
WiFi adapters;

r Bridge Interface settings – type IP address and subnet mask of your AP device.
r Other settings/Default Gateway: if your AP operates in LAN network with
Internet access, type address of the gateway (a device that relays Internet
communication).

– Uplink Interface (Internet): choose WDS (Bridge);
Internet provider.
After setting these options, you need to configure device on other side of the bridge – operating either
as Bridge Slave or Master. At this point it should be possible to communicate with other AP operating
in Bridge mode.
If this initial set up is working properly, it is recommended to set up additional features:
• bandwidth management (see: page 72).
3.5 WISP mode (wireless connection sharing)

Thanks to WISP mode, you can share one wireless connection with many clients. In WISP mode, your
AP operates as a client APC station, but in addition it has enabled routing between wireless link and
LAN ports. Thanks to IP address translation (NAT) it’s also possible to connect several devices to one
AP, even if there’s only one IP address available on the wireless side.
Connection setup
Requirements
• To enable AP’s connection with wireless network, you need to know that network’s SSID.
• For proper operation of AP in client mode, you need to know a channel number and a mode
(b or g) of the wireless network you’d like to connect to.
• If your network uses encryption, you need to know WEP or WPA encryption keys as well.
• To enable communication between your AP and a WiFi network, you need to configure proper
IP address and subnet mask on AP’s wireless interface (obtained from connection provider).
• To connect to the Internet, you need to know Gateway and name server (DNS) addresses.
Example of addressing scheme for computers in LAN network

• IP address range: 172.20.1.2 – 172.20.1.254
• IP address of Access Point: 172.20.1.1
• Subnet mask: 255.255.255.0
Actions
(see: page 99). Also ensure that available signal has adequate strength (recommended value
is 35 or more).
r Mode: APC Infrastructure Client;
r ESSID: type SSID identifier of wireless network you want to connect to;
r Modulation: choose operating mode of wireless network you want to connect to. If
you don’t know the correct value, select 802.11b;


r ACK Timeout: 255;
r TX Power: 18 dBm;
r Tx Rate: 11M;
WiFi adapters;

r Routing/Bridging mode: Router (LAN1/LAN2 Bridged);
r LAN1/LAN2 Bridged interface settings – type IP address and subnet mask
of your AP device.
– IP Address: 172.20.1.1;
– Subnet Mask: 255.255.255.0;
r WLAN Interface settings – enter settings obtained from connection provider.
– IP Address: IP address obtained from connection provider;
– Subnet Mask: subnet mask obtained from connection provider;
r Other settings/Default Gateway: address of the gateway (a computer relaying
communication with Internet), obtained from wireless connection provider.

– NAT: choose Enabled;
– Outside Interface (Internet): choose WLAN;
– Uplink Interface (Internet): choose WLAN;
Internet provider.
After setting these options, you need to configure computers in LAN network, by using following
settings:
• IP Address: unique address from range of 172.20.1.2 – 172.20.1.254;
• Subnet mask: 255.255.255.0;
• Gateway Address: 172.20.1.1;
• DNS Server: obtained from wireless connection provider or one of openly available servers,
e.g.: 194.204.159.1.
At this point it should be possible to communicate with the Internet. If this initial set up is working
properly, it is recommended to set up additional features:
• DHCP Server. (see: page 107).
3.6 Wireless Router mode (WAN connection sharing)

The following section refers to APPro54G’s configuration used for sharing of WAN connection (usually:
to the Internet) provided via Ethernet interface. These settings include NAT functionality and access to
external network for devices operating in both LAN and Wireless networks.
Requirements:
• Internet cable should be connected to AP’s LAN2 port.
• Internal LAN network should be connected to any of AP’s LAN1 port.
• To enable communication between AP and the Internet (via the WAN interface), you need
to set proper IP address and subnet mask (obtained from connection provider).
• To connect with the Internet, you need to know Gateway and name server (DNS) addresses.
Example of addressing scheme for computers in LAN network

• IP address range: 172.20.1.2 – 172.20.1.254
• Subnet mask: 255.255.255.0
Actions
(see: page 99).
• On Wireless/Basic Settings page set following options:
r ESSID: type wireless network identifier (SSID), e.g. MY_NET;


r ACK Timeout: 255;
r TX Power: 18 dBm;
r Tx Rate: 11M;
WiFi adapters;

r Routing/Bridging mode: Router (WLAN, LAN1 Bridged);
r LAN1/WLAN Bridged interface settings – type IP address and subnet mask
of your AP device.
– IP Address: 172.20.1.1;
– Subnet Mask: 255.255.255.0;
r WAN Interface settings (LAN2) – enter settings obtained from connection
provider.
– IP Address: IP address obtained from connection provider;
– Subnet Mask: subnet mask obtained from connection provider;
r Other settings/Default Gateway: address of the gateway (a computer relaying
communication with Internet), obtained from wireless connection provider.

– Outside Interface (Internet): choose LAN2.
– Uplink Interface (Internet): choose LAN2;
– Downlink Interface (clients): choose WLAN, LAN1.
Internet provider.
After setting these options, you need to configure computers in LAN network with the following settings:
• Subnet mask: 255.255.255.0;
• SDNS Server: obtained from wireless connection provider or one of openly available servers,
e.g.: 194.204.159.1.
At this point it should be possible to communicate with the Internet. If this initial set up is working
• DHCP Server (see: page 107).
3.7 Wireless Router mode (DSL connection sharing)

The following section refers to APPro54G’s configuration used for sharing Internet connection (provided
via the DSL modem with Ethernet port). Unfortunately for users of modems equipped with USB ports
only, they will have to replace these devices. This section is not intended for users of services based
on PPPoE protocol.
Requirements
• Working Internet connection and complete information (obtained from service provider),
needed to configure your device (IP address with subnet mask, Gateway, and DNS).
• Your DSL modem should be connected to LAN2 port in the AP. In AP device this port can
operate as WAN interface. Computers in local network can be connected to AP’s LAN1 port.
From now on, AP’s configuration procedure is identical to WAN connection sharing (page 47).
3.8 Wireless Router mode (DSL with PPPoE connection sharing)

The following section refers to APPro54G’s configuration for sharing of DSL connection that uses PPPoE
authentication. In this case, you need an ADSL modem with Ethernet port, but without router functionality.
If your modem is equipped with USB port only, it’s necessary to replace it with an Ethernet model. These
settings include NAT functionality and access to the Internet for devices operating both in LAN and
wireless networks.
Requirements
• Internet cable from ADSL modem should be connected to AP’s LAN2 port.
• Internal LAN network should be connected to any of AP’s LAN1 port.
• For proper operation of Internet connection, it’s necessary to know IP, DNS and Gateway
addresses, as well as subnet mask – this informations should be obtained from your service
provider.
Example of addressing scheme for computers in local network:

• IP address range: 172.20.1.2 – 172.20.1.254
• Subnet mask: 255.255.255.0
Actions
(see: page 99).
r ESSID: type wireless network identifier (SSID), e.g. MY_NET;


r ACK Timeout: 255;
r TX Power: 18 dBm;
r Tx Rate: 11M;
WiFi adapters;

r Routing/Bridging mode: Router (WLAN, LAN1 Bridged);
r LAN1/WLAN Bridged interface settings – type IP address and subnet mask of
your AP device.
– IP Address: 172.20.1.1;
– Subnet Mask: 255.255.255.0;
r WAN Interface settings (LAN2) – tenter settings obtained from connection
provider.
– IP Address: IP address obtained from your service provider, or 0.0.0.0
(this value will be automatically replaced with the correct one);
– Subnet Mask: subnet mask obtained from your service provider, or 255.255.255.0
(this value will be automatically replaced with the correct one);
r Other settings/Default Gateway: address of the Gateway (a computer relaying
Internet traffic) obtained from your service provider, or 0.0.0.0 (this value will be
automatically replaced with the correct one);

– Outside Interface (Internet): choose PPPoE.
– Uplink Interface (Internet): choose PPPoE;
– Downlink Interface (clients): choose WLAN, LAN1.
– DNS Address: type IP address of a name server (DNS) provided by your service
provider.
• On TCP/IP/PPPoE Settings page set the following options:

r PPPoE Relay Settings: choose Disabled;
r PPPoE Client Settings: choose Enabled;
r Interface: choose LAN2;
r PPPoE User Name: type login (user name) for your Internet service;
r PPPoE Password: type password for your Internet service.
When established, the PPPoE connection is indicated with an orange Bridge LED.
After setting these options, you need to configure computers in LAN and WLAN networks with the
following settings:
• Subnet mask: 255.255.255.0;
• DNS Server: obtained from wireless connection provider or one of openly available servers, e.g.:
194.204.159.1.
At this point it should be possible to communicate with the Internet. If this initial setup is working
• DHCP Server (see: page 107).
3.9 WDS/Repeater mode

AP devices operating in WDS mode (Wireless Distribution System) can extend the range of a single
wireless network to much larger areas. Each of WDS base stations can establish multiple connections
with client stations (e.g. computers equipped with WiFi adapters), and – at the same time –
communicate with up to six other base stations (in wireless bridge mode). Each of the base stations
have to operate on the same channel and in the same mode (802.11b or 802.11g). With such stations
it’s possible to get longer range of a WiFi network without using Ethernet cables to connect APs.
WDS mode degrades overall performance of a wireless network. This is

a result of necessity to distribute data over whole network, which doubles
bandwidth requirements with each additional base station in WDS (each data
packet is send to repeater stations first, and only after that to its destination).
Primary and secondary base stations

In typical WDS configurations there’s one primary base station connected to several secondary stations.
Actions
• Configure primary and secondary base stations for AP mode (see: page 16). Each device
has to operate on the same WiFi channel and with the same settings of transmission speed
and mode, but they can use different ESSID identifiers.
• Log on to primary base station (see: page 12).

• On Wireless/WDS Settings page set the following options:
r Enable WDS: select this option;
r MAC Address/Comment: type MAC addresses and descriptions for each secondary
WDS station. MMAC address needs to be entered in xx:xx:xx:xx:xx:xx format, where
‘x’ stands for digits 0–9 and letters a–f (lowercase). Add parameters of secondary
WDS station, by clicking on OK button. The list of secondary stations holds up to six
items;
Make sure you specified MAC address of a wireless interface. You can find it in
BSSID value on AP Status page of APPro54G Web interface.

– Downlink Interface (clients): choose WLAN, WDS;
– DNS Address: type IP address of a name server (DNS) provided by your service
provider.
• Log on to each secondary WDS base station (see: page 12).

r MAC Address/Comment: enter MAC address and description of primary WDS station.
MAC address needs to be entered in xx:xx:xx:xx:xx:xx format, where ‘x’ stands for
digits 0–9 and letters a–f (lowercase). Add parameters of primary WDS station by
clicking on OK button.

– Uplink Interface (Internet): choose WDS;
– Downlink Interface (clients): choose WLAN, LAN1, LAN2;
Chain of connected base stations

Another common WDS configuration is a chain of connected base stations.
Actions
• Configure base stations of your WDS chain for AP mode (see: page 16). Each device has to
operate on the same WiFi channel and with the same settings of transmission speed and
mode, but they can use different ESSID identifiers.
• Log on to first base station (see: page 12).
r MAC Address/Comment: Enter MAC address and description of second station in WDS
chain. MAC address needs to be entered in xx:xx:xx:xx:xx:xx format, where ‘x’ stands
for digits 0–9 and letters a–f (lowercase). Add parameters of secondary WDS station,
by clicking on OK button. Make sure you specified MAC address of a wireless
interface. You can find it in BSSID value on AP Status page of APPro54G Web
interface.

– Downlink Interface (clients): choose WLAN, WDS;
• Log on to second base station (see: page 12).

r MAC Address/Comment: enter MAC addresses and descriptions of first and third
station in WDS chain. MAC address needs to be entered in xx:xx:xx:xx:xx:xx format,
where ‘x’ stands for digits 0–9 and letters a–f (lowercase). Add parameters of WDS
stations by clicking on OK button.

• Log on to third (in this case – last) base station of WDS chain (see: page 12).
r MAC Address/Comment: enter MAC address and description of second (previous)
station in WDS chain. MAC address needs to be entered in xx:xx:xx:xx:xx:xx format,
where ‘x’ stands for digits 0–9 and letters a–f (lowercase). Add parameters of WDS
stations by clicking on OK button.

In WDS mode the routing options are not available for traffic transmitted over WDS.
However, you can route traffic and enable NAT for Ethernet (LAN) interfaces.
3.10 Bandwidth management

APPro54G software employs three independent methods of bandwidth management: QoS lets you
assign a bandwidth to each service type, Flow Limits regulates connection load, and the Traffic
Manager limits bandwidth for selected clients. These features are available in each working mode (AP,
APC), and regardless of router or bridge operation.
3.10.1 Selecting uplink and downlink interfaces

To ensure proper operation of QoS and Traffic Manager, it’s necessary to have correct settings of Uplink
Interface (Internet) and Downlink Interface (clients) parameters on Advanced
Settings page.
• Uplink Interface is the interface used for communication with the Internet, WAN
connection or a base station. Uplink Interface can be configured on any of LAN1, LAN2 or
WLAN interfaces, as well as on WDS or PPPoE connection.
• Downlink Interface refers to interfaces connected to AP’s clients (both in LAN and
wireless networks). Available settings are: LAN1, LAN2, WLAN interface, and WDS link.
You must not choose the same port to be both the uplink and downlink interface.
Uplink parameter, also referred to as upload or transmission rate of data sent

to external network (e.g. the Internet) is maximum speed, at which you can,
for example, send an e-mail. Controlling this kind of traffic is based on
limiting the transmission speed of packets sent through the interface selected
as Uplink.
Downlink parameter, also referred to as download, is maximum speed, at
which you can receive data from an external network. So, this is the speed,
at which you can, for example, get your e-mails. Controlling this traffic is
based on limiting the transmission speed of packets sent through any of the
interfaces selected as Downlink.
To ensure correct operation of QoS and Traffic Manager features, configure your AP in one of the modes
described in sections 3.1–3.9. Next, you need to configure Uplink and Downlink interfaces on
TCP/IP Advanced Settings page (Bandwidth management section), based on the following
description:
• AP mode:
r Uplink interface – select LAN1 or LAN2,
r Downlink interface – select WLAN.
To enable bandwidth management in WDS mode, you need to select the WDS option as well.
• APC mode:
r Uplink interface – select WLAN.
r Downlink interface – select LAN1 and LAN2.
• Bridge Master mode:
r Uplink interface – select LAN1 and LAN2,
r Downlink interface – select WDS.
• Bridge Slave mode:
r Uplink interface – select WDS.
• WISP mode (wireless connection sharing):
r Uplink interface – select WLAN,
• WISP PPPoE mode (wireless connection sharing):
r Uplink interface – select PPPoE,
• Wireless Router mode (WAN/DSL connection sharing):
r Uplink interface – select LAN2,
r Downlink interface – select LAN1 and WLAN.
• Wireless Router mode (WAN/DSL with PPPoE connection sharing):

r Downlink interface – select LAN1 and WLAN.
WDS/Repeater mode (with WDS network in star configuration)
• On the primary base station set the following options:

r Uplink interface – select LAN1 or LAN2,
r Downlink interface – select WDS,
r If the primary base station has its own clients as well, you also need to select WLAN in
the Downlink interface options.
• On each of the secondary base stations set the following options:
r Uplink interface – select WDS;
r Downlink interface – select WLAN;
r If a secondary base station has its own clients connected to its Ethernet ports, you also
need to select LAN1 and LAN2 in the Downlink interface options.
WDS/Repeater mode (with WDS network in line configuration)

If your WDS network is connected in line configuration, it’s optimal to set up bandwidth management
options on line’s first device – the one that connects a LAN network with the rest of WDS. It’s not
possible to manage the bandwidth on intermediate base stations of a WDS line.
• Uplink interface – select LAN1 or LAN2,

• Downlink interface – select WDS.
• PPPoE client mode (Mikrotik):
When configuring Uplink and Downlink interfaces, keep in mind the following guidelines:
• The same interface should not be assigned both to Uplink and Downlink traffic at the
same time.
• Bandwidth management is available only for traffic going out of any given interface
(Downlink traffic), because only in that case is packet queuing possible. In Linux system,
queuing for Uplink traffic actually applies to packets leaving the interface on the opposite
side of the data transmission path.
• To have your traffic properly managed by APPro54G, you need to configure it in such a way,
that the data transmission to a client has to leave the Downlink interface, and the
transmission from a client leaves the Uplink interface.
• This is the same reason why it’s not possible to manage traffic simultaneously between
devices on your local network (connected to LAN1 and LAN2 interfaces) and between your
network and the Internet (traffic leaving the WLAN port). If you configured WLAN interface
as Uplink, and your LAN1/LAN2 as a Downlink (these settings are required for the
management of Internet traffic), transmissions between LAN1 and LAN2 will be controlled
only partially, in one direction.
• Similar restrictions apply to configurations with LAN2 set-up as Uplink and LAN1/WLAN as
a Downlink interface. In that case, transmissions between LAN1 and WLAN interfaces will
have only partial traffic management available.
• If some of AP’s interfaces are not assigned to Uplink or Downlink categories, traffic coming
from such interfaces won’t be subjected to the traffic management features.
• After you enable Deny option on TCP/IP Traffic Management page, clients that are not
placed on that page’s access list will be blocked, even if they are connected to interfaces not
assigned to the Uplink or Downlink categories.
3.10.2 QoS settings

Quality of Service (QoS) feature regulates flow of data through AP by assigning a priority to each packet.
The priority values are based on user preferences for services available. This allows better utilization of
bandwidth, and improves some services (e.g. Web browsing and e-mail sending or receiving) at the
expense of others, whose quality is less dependent on delays (e.g. file transfer with FTP protocol or
P2P networks).
Before you start to configure bandwidth management, it’s necessary to find proper speeds of sending
(upload) and receiving data (download), as well as number of packets per second transmitted in both
directions.
• Because of AP’s performance limitations, maximum transfer speeds assigned to Uplink or
Downlink traffic should not exceed value of 4 Mbit/s.
• For connections based on DSL technology, and with Appro54G operating as the only router
in your network, your Uplink and Downlink speeds should be set at 80% of values stated
by your service provider. Set the speed of packet transmission to a value between 300 and
800 per second.
• In case of wireless connections, first you need to check the actual bandwidth in both
directions, and then set your options at 80% of determined values. Speed of packet
transmission should be set to a value between 300 and 500 per second.
• Users of other service types should determine Uplink and Downlink speeds based on
information from service provider or network administrator. Recommended packet
transmission speed amounts to 120 per second for each megabit of connection bandwidth,
but the total value shouldn’t be lower than 100 packets per second.
Values discussed in this section should be considered as maximum ones. It’s

always possible to lower them, e.g. in order to have clients’ connections
operating at levels described in their ISP contracts. Recommended minimum
data transmission speed equals 256 Kbps, and the packet transmission
speed – 100 per second.
In QoS options, you can choose one of two modes:

• Priority Scheduler – in this mode you can set the priority for each category of traffic, but
without setting any limits. This means that packets from one traffic category can take up the
whole bandwidth (it’s called congestion).
• Traffic Limiter – in this mode you can specify not only a priority, but also the maximum
transfer available for a given category of traffic. With these settings you can prevent
bandwidth congestion with just one class of communication.
In QoS settings, you can set the priority and percentage of total bandwidth assigned to each of four
traffic categories:
• ACK/UDP/ICMP – packet acknowledgement signals in TCP/IP sessions, DNS queries, DHCP
traffic, VoIP Internet Telephony and ICMP control messages.
• Web Traffic – traffic generated by typical Web services (packets sent through ports 80,
443, 3128 and 8080).
• Mail Traffic – traffic generated by e-mail sending and receiving (ports 25, 110, 465 and
995).
• P2P Traffic – depending on firmware version, these are the packets marked with ipp2p
module or sent through ports typical to most common P2P networks.
• Other Traffic – packets that don’t fall into any of the above categories.
Remember that low priority packets will be sent only after the higher priority
transmissions are completed. When transmission limits are set, traffic with
lower priority will still pass the AP if total bandwidth for high-priority traffic
is lower than the maximum bandwidth of your connection.
Combined percentage values of transmission limits don’t have to add up to

100%. This is because these limits describe just the maximum bandwidth
available for each traffic category. However, you shouldn’t set values lower
than 10% or higher than 90%
Actions:
• On TCP/IP/ Quality of Service page set the following options:
r Advanced QoS: Enabled;
r Downlink: enter the speed of data download from the external network (in kilobits per
second); this value should be determined according to the description at the beginning
of this section. This value combines speeds achieved on interfaces selected in the
Downlink section of the TCP/IP Advanced Settings page.
r Uplink: maximum speed of sending data to the external network (through interface
selected as Uplink on the TCP/IP Advanced Settings page). This value should be
determined according to the description at the beginning of this section.
r Queuing Discipline: choose Traffic Limiter;
r ACK/UDP/ICMP Priority: choose HIGH, and in limit field type value of 20%;
r Web Traffic Priority: choose MEDIUM, and in limit field type value of 50%;
r Mail Traffic Priority: choose HIGH, and in limit field type value of 80%;
r P2P Traffic Priority: choose LOW, and in limit field type value of 40%;
r Other Traffic Priority: choose LOW, and in limit field type value of 40%;
r Click on Apply Changes button.
You can verify QoS operation a few minutes after you enable it – relevant
information is located on page Statistics/QoS Statistics.
3.10.3 Flow Limits settings

With these settings you have additional control over connection load.
• Downlink packet limit – maximum total number of packets received in one second
from the external network (e.g. from the Internet). Set this value according to description at
the beginning of this section.
• Uplink packet limit – maximum total number of packets sent in one second to the
external network. Set this value according to description at the beginning of this section.
• Downlink connection limit – maximum total number of concurrent TCP connections
from the external network.
• Uplink connection limit – maximum total number of concurrent TCP connections to
the external network.
Optimum choice of the above settings is discussed at the beginning of this

section.
3.10.4 Traffic Manager settings

Traffic Manager feature lets you assign separate bandwidth settings (including maximum number of
packets per second) for each user or group of users. Because of AP’s performance limitations,
bandwidth assigned to a single client should not exceed 2 Mbit/s, and the combined maximum transfer
managed by APPro54G – 6 Mbit/s.
To set the traffic management rules, you need to identify user by the IP or MAC address. You can
do it in several ways:
• 192.168.3.1 – by specifying the IP address, you can set the management rules for a
computer or other device with that IP address (in this case: 192.168.3.1).
• 192.168.3.16/29 – by specifying IP addresses range, you can set the rules for any
computer operating in a given subnet (in this case notation /29 means, that first 29 bits of
subnet mask are set, which corresponds to the value of 255.255.255.248). Bandwidth
restrictions set for a given address range apply to combined transfer of all computers and
devices operating in that range.
• 00:0b:6a:42:72:6b – When you specify a MAC address, bandwidth management rule
will apply only to a machine with that MAC address (and IP, if specified).
Remember that some devices (e.g. access points operating in APC mode) can
mask MAC addresses of computers connected to their LAN ports. In such
cases you should use only IP addresses (in this instance: address of
the APC device).
You can restrict bandwidth and packet transmission speeds for the following protocols:
• TCP – limits TCP packets traffic only.
• UDP – limits UDP packets traffic only.
• Both – limits traffic for both TCP and UDP protocols.
• Block – blocks any traffic for a given device or user.
Aside from the above traffic-limiting options, you can set an additional management rule. This rule is
specified with Unlisted Clients Traffic option:
• Deny – blocks traffic to clients not included in Traffic Manager table, or those that don’t
have matching IP and MAC addresses.
• Forward – AP lets traffic pass without any restrictions.
Actions:
• On TCP/IP/ Traffic Manager page set the following options:
r Traffic Manager: Enabled;
r Unlisted Clients Traffic: Deny;
r In Traffic Manager table enter settings for each user of your network, using adequate IP
(Client IP) or MAC address (Client MAC). Set appropriate Uplink and Downlink
speeds, and select protocol for the traffic you want to regulate. You can also set the
maximum allowed number of TCP connections (Connection limit), and the
transmission speed for packets (Packet limit – applies to traffic other than Web
browsing, e-mail, DNS and DHCP). In Comment field you can type description for each
set of parameters, and then add it to a list, by clicking on OK button.
• You can verify Traffic Manager’s operation a few minutes after

enabling it, by opening the Statistics/Traffic Manager
Statistics page.
• Limiting number or connections applies to whole TCP traffic,
regardless of protocol used.
• Limiting packets’ transmission speed works in both directions – for
sending as well as receiving data.
• Setting any parameter’s value to 0 makes that parameter irrelevant
for traffic management.
3.11 Security
Wireless networks do require special means of data protection. You need to protect both transmitted
data (against eavesdropping), and the network itself, so only authorized users could get access to it.
Remember, that radio network is much more vulnerable to tapping than wired LANs: user data can be
intercepted even from long distances, and furthermore, it’s relatively easy to connect an unauthorized
client station to the network.
APPro54G offers the following ways to improve network’s security:
• Access Control List (ACL) for wireless client stations, identified with their MAC addresses;
• uwireless station authentication;
• data encryption;
• hiding SSID identifier;
• blocking connection with unauthorized clients based on pairs of MAC/IP addresses.
3.11.1 Access Control List (ACL) for client stations

In base station mode, APPro54G software can remember up to 63 MAC addresses of client stations.
These stations will be allowed to communicate with your Access Point. This feature is available in AP
mode only, and it applies only to wireless devices connecting with your station (you can’t restrict access
of clients connected via Ethernet ports).
Actions:
• On Wireless/Access Control page set the following options:
r Enable Wireless Access Control: select this option.
r Access Mode: choose Allow option.
r MAC Address: Type MAC address of client station, that’s allowed to communicate with
your AP. Ensure that you use correct address notation (use hexadecimal numbers
separated with colons – xx:xx:xx:xx:xx:xx).
r Comment: You can enter here a description that will make it easier to identify devices
on Access Control list.
r Add entered set of parameters to the list by clicking on OK button.
r Repeat last three steps for each device you want to add to the list
(it holds up to 63 entries).
3.11.2 Authentication of wireless stations

Wireless station authentication prevents several types of attacks. It eliminates the following threats:
• Unauthorized client station spoofing authorized one. This type of attack could be executed
even if you authorize stations using MAC addresses – these could be easily modified.
• Attacker replacing original base station with another one, operating on the same channel
and with the same SSID identifier. Users of a network attacked with this method could lose
Internet access or be exposed to data theft (by tapping directly into data transmission).
Authentication has an advantage over ACL – authentication protects both base station (against
unauthorized clients), and users (against connecting with incorrect base station). During the
authentication process the station’s identity is verified. You can choose authentication methods on the
Security page. The following options are available:
• Auto, Both – Authentication method will be chosen automatically. With this option, first
the Shared Key (WEP) authentication will be attempted – if one of the stations doesn’t
support this method, the Open System method will be used.
• Open Authentication lub Open System – Method based on a very simple algorithm that
only theoretically meets requirements for an authentication system. In reality, it doesn’t
provide any security or authorization, and it allows connection to any client station. This
authentication method consists of two steps. In the first step, a data frame is sent from
device that attempts to gain access to the authenticating point. This frame is an
authentication request. In the second step, a frame (a result of the authentication process) is
sent in the opposite direction. If both operations completed successfully, so did the
authentication process.
• Shared Key – Method utilizing shared set of WEP encryption keys. This method verifies
whether both stations taking part in authentication process have identical secret WEP key.
Since this system is based on WEP encryption algorithm, it inherited WEP’s weak points.
To use this method, you need to have WEP encryption enabled (see: page 97). This
authentication method consists of four basic steps. In the first step, the device that requests
authentication sends a data frame (like in OSA method described above). But in the second
step, the frame sent is encrypted with WEP protocol. Authenticating station generates
a stream of bits that identify the station trying to connect. The third frame contains the same
data as the second one, but it is encrypted with another WEP key. Authenticating point
compares contents of frame it generated with the third frame, received as an answer. This
comparison determines, whether the fourth frame (sent from authenticating point) allows
or denies further access. Unfortunately, a hacker monitoring such a session will be able to
decrypt all the communication, by determining key for RC4 encryption algorithm
(used in WEP). That’s why the most secure practice is to use the Shared Key method with
additional authentication protocol, e.g. 802.1x.
• WPA-RADIUS – In this method, authentication is based on EAP protocol (Extensible
Authentication Protocol). It requires the use of an external RADIUS authentication server as
well as implementation of the 802.1x architecture. All information regarding client’s identity
(e.g. login and password, MAC address or client station certificate) is stored on RADIUS
server. Access Point requests verification of client’s identity, and in turn that client sends
appropriate data to both Access Point and the authenticating server. Server verifies client’s
identity, and then sends a message that allows or denies further access.
• WPA-PSK – This authentication method is based on main common key (Pre-Shared Key),
initially used in authentication process. Next, dynamic encryption keys are generated for
each of the clients. Also, these keys are automatically replaced after some time. The main
encryption key should be identical on all communicating devices. To use this method, TKIP
encryption must be enabled.
Pre-shared key shouldn’t have less than 16 characters and they (it)
ought to be hard to guess.
• WPA2-RADIUS – Method similar to WPA-RADIUS, but is based on more advanced

encryption algorithms (AES instead of TKIP).
• WPA2-PSK – Method similar to WPA-PSK, but is based on more advanced encryption
algorithms (AES instead of TKIP).
Not every wireless device supports all the authentication methods mentioned above. However, you
should always use the best possible method available for all devices in your network. Authentication is
connected with the data encryption, hence its configuration is discussed in next section.
3.11.3 Encryption
Data encryption methods ensure secure transmissions through publicly-available radio channels.
Encryption methods implemented in APPro54G are listed on Wireless/Security page of
management interface.
Available encryption methods:
• Disabled – No encryption is used, and the data is transmitted in a completely insecure

manner.
• WEP – Data is encrypted with 64- or 128-bit keys and a simple RC4 algorithm. WEP’s weak
points are commonly known and easy to exploit, which means that the whole transmission
could be decrypted. That’s why WEP is suitable only for networks with very low traffic
volume (in such a network, collecting the amount of data sufficient for breaking the
protection requires a relatively long time). Recommended key length is 128 bits – the same
key should be entered in each station of your network. WEP encryption is available only with
Open System, and Shared Key authentication methods, as well as for an automatic choice of
one of them.
• TKIP – This method employs many 128-bit keys that are created by the TKIP mechanism.
After short usage, the keys are automatically replaced. Keys are used with simple RC4
encryption algorithm. Despite this, TKIP is safer than WEP, although it still has some weak
points. This method is available only with WPA authentication.
• AES – Advanced encryption method that uses long keys and is hard to break. It’s the
foundation of WPA and WPA2 standards. If devices are capable of AES encryption, it’s
strongly recommended to use it. Since this method’s strength depends on encryption key, it
should be as long as possible and complex (hard to guess). This method may be enabled
only with WPA and WPA2 authentication.
Selecting encryption and authentication methods:
• Users of older wireless devices should use Shared Key authentication and 128-bit WEP key.
• On modern WiFi devices, the optimal choice is the WPA-PSK authentication and the AES
encryption.
• Users of networks with 802.1x architecture should configure base station to work with the
RADIUS server and enable the WPA-RADIUS authentication.
Authentication and encryption setup with WEP keys.
Actions:
• On Wireless/Security page set following options:
r Authentication Type: choose Shared Key;
r Encryption Method: choose WEP;
r Key Length: choose 128 bit;
r Key Format: choose ASCII (13 characters);
r Default Tx Key: choose Key 1;
r Encryption Key 1 do Encryption Key 4: type four encryption keys, each one
should be 13 characters long.
Enable the same encryption and authentication settings in each client device of your network.
Unfortunately, not every device supports Shared Key authentication. If any problems occur, change
authentication method to Open System and enable WEP encryption only.
To make the most of authentication’s benefits, each device operating in your

network should have:
• exactly the same set of encryption keys;
• authentication method set to Shared Key.
WPA authentication and encryption setup (without RADIUS server).
Actions:
• On Wireless/Security page set following options:
r Authentication Type: choose WPA-PSK;
r Encryption Method: choose AES;
r WPA Passphrase (Pre-Shared Key): enter main key (Pre-Shared Key must be the
same for each device operating in your WiFi network). Key should have at least 16
characters, and be hard to guess.
Enable the same encryption and authentication settings in each client device of your network.
Unfortunately, not every device supports AES encryption. If such devices operate in your network, use
an alternative but less secure TKIP method.
To make the most of authentication’s benefits, each device operating in your

network should have:
• exactly the same Pre-Shared Key;
• authentication method set to WPA-PSK or WPA2-PSK, and the same
encryption method enabled (AES or TKIP).
3.11.4 Blocking unauthorized machines with MAC and IP addresses

Access control based on pairs of MAC/IP addresses prevents spoofing other network users (by change
of attacker’s IP address). Additionally it’s possible to block access for unauthorized clients. This method
is based on connecting IP address assigned to specific user (by network administrator) with hardware
MAC address of network device. Users that change their IP addresses or a network device (e.g. network
adapter, which also means a different MAC address), will be disconnected from your network until
appropriate update of AP’s configuration. This feature – unlike methods discussed in earlier sections –
applies to client operating in both wireless and LAN networks.
Blocking connections based on IP/MAC address pairs.
Actions:
• Enable and configure bandwidth management options as discussed on page 78. If there’s
no need to limit the traffic, enter large values for both transmission directions,
e.g. 2000 kbit/s.
• Set Unlisted Clients Traffic option to Deny.
Some devices operating in APC mode mask MAC addresses of clients

connected to their LAN ports. In such cases it’s necessary to enter (on Traffic
Manager page) MAC address of the APC and the IP address of a computer
connected to it. If one APC is connected with multiple client devices, for each
of them enter settings with appropriate IP address and MAC address of APC
(the same for each computer).
88 AP’S WEB INTERFACE
4. AP’s Web interface

AP’s Web interface contains a large number of options that enable advanced configuration of
APPro54G software. To use this interface, first you need to set up the appropriate network configuration
on your computer (see: page 12), and then launch a Web browser and type AP device address (default
is http://192.168.100.252/). When new dialog pops up, enter username and password (default:
admin and admin). APPro54G interface is arranged in five sections:
• Status – information section that presents data about the state of your AP device, software
and network connections. (see: page 88)
• Wireless – wireless network setup. (see: page 92)
• TCP/IP – general network settings. (see: page 102)
• Other – software’s additional features. (see: page 114)
• Statistics – reports that recap operation of network devices. (see: page 118)
The next pages contain a detailed description of available options and their purpose.
4.1 Status
This section provides information on wireless device’s status and about the Linux OS that controls it.
4.1.1 AP Status
This page shows the basic settings of your Access Point. APPro54G presents here the following
information:
• System – Basic information on software that controls AP device.

r Alias Name – Device’s symbolic name. This name makes it easier to identify a device,
e.g. after you log on to it via the Telnet protocol. Example: appro54g.
r Uptime – Time passed since device’s last start. This value is reset after both powering
device on, and a restart of the software. Example: 0day:0h:0m:49s
(days:hours:minutes:seconds).
r Firmware Version – Version of installed APPro54G software.
Example: Online.pl/APPro54G (27.04.2006).
r WLAN driver – Driver of the WiFi controller. Without this program, APPro54G couldn’t
communicate with a wireless network. Example: RTL8185 driver version 1.8.
r Compilation – Consecutive number, date and time of firmware’s compilation.
Example: 395 Thu Apr 27 03:09:56 CEST 2006.
AP’S WEB INTERFACE 89
If you need to contact the tech support staff, it’s essential to include
information about the exact firmware version and the compilation date.
• Wireless Configuration – Settings regarding the operation of wireless network.

r SSID – Service Set IDentifier, or name of WLAN network. Your Access Point is available
only for users that entered the same network name as in your device.
Example: APPRO.
r Channel Number – Number of radio channel occupied by your device. APPro54G lets
you manually select a WiFi channel. Example: 1.
r Encryption – Encryption of wireless communication. It can be Enabled
or Disabled.
r State – Device’s current state:
– Started – device was started in AP or Bridge mode and is operating properly;
– Scanning – device was started in APC mode and is searching for base station with
specified SSID identifier;
– Connected – device was started in APC mode and is connected to a base station.
r Associated Clients – number of clients connected to your Access Point.
r BSSID – Basic Service Set ID, which is the identifier that allows it to distinguish
wireless networks operating on the same area. In temporary wireless networks (Ad-
hoc), BSSID has a random, automatically created value. In permanent networks
(Infrastructure), BSSID value is the same as the MAC address assigned to the WIFi
interface of the Access Point. Example: 1a:b2:3c:d4:5e:f6.
• LAN 1 Interface settings – Settings of your AP’s first LAN interface (eth0 interface in
AP’s Linux system).
r IP Address – IP address of first LAN interface. Example: 192.168.0.5.
r Subnet Mask – Subnet mask specifies range of IP addresses that can communicate
through LAN1 interface. If a specific bit in a subnet mask is set to 0, the same bit of IP
address (of other network devices) may have any value (0 or 1). Other bits of devices’
IP addresses must have exactly the same value as IP address of LAN1 interface –
otherwise communication between AP and a device won’t be possible. Example:
255.255.255.0.
r MAC Address – MAC address of first LAN interface. Example: 00:01:ef:20:9f:dd.
• LAN 2 Interface settings – Settings of your AP’s second LAN interface (eth1 interface
in AP’s Linux system). Parameters in this section have the identical meaning as above, but
they refer to LAN2 interface.
• WLAN Interface settings – Settings of your AP’s Wireless LAN interface (wlan0
interface in AP’s Linux system). Parameters in this section have the identical meaning as
above, but they refer to WLAN interface.
• Wireless LAN Packet Counter – Number of packets sent through wireless network.
r Sent Packets – Number of packets sent.
r Received Packets – Number of packets received.
• Ethernet LAN Packet Counter – Number of packets sent through wired (LAN) network.
Parameters in this section have the identical meaning as above, but they refer to LAN
interface.
• Sensors Info – Information collected from sensors on APPro hardware module.
r APPro Module – information about installed module type. Example: APPro Module
1.5 Flash 64kb TEMP HUMD VOLT LED0 LED1 EEPR FLSH.
r Temperature – TTemperature of Access Point’s microprocessor (in Celsius).
Example: 78.85.
r Voltage – Voltage powering AP’s microprocessor. Example: 3.35.
4.1.2 Linux System

This page contains information on settings of Linux operating system – the foundation of APPro54G
software. This information is very useful for advanced users that need to quickly check current system
status after they changed its configuration. The information is arranged in seven categories:
• Interface Configuration – Configuration of network interfaces.

• Routing Configuration – Configuration of module responsible for assigning routes to the
data packets.
• MAC Table – A table containing MAC addresses assigned to AP’s interfaces, as well as
their IP addresses. This table contains real MAC addresses of interfaces, not values cloned
from APPro54G settings.
• Bridge Configuration – Settings of bridges operating within APPro54G software.
• Process List – List of processes running in Linux system.
• Memory Information – Information about device’s memory usage.
• Filesystem Information – Information about device’s filesystem.
Detailed description of information presented on this page is available in Linux OS documentation.

4.1.3 Active clients

After opening this page you’ll see the list of users connected to your AP through the wireless interface.
Apart form IP and MAC addresses, the list also contains basic traffic statistics for each client. The table
contains the following information:
• MAC Address – MAC address of a device connected to your AP;

• IP Address – IP address of that device (if identified properly);
• Mode – type of connection:
r Client – device operates as client station (APC) or a base station (AP);
r Bridge – device operates as part of a wireless Bridge or WDS system.
• Tx Packet – number of packets sent by client;
• Rx Packet – number of packets received by client;
• RSSI – signal strength indicator.
• Tx Rate – transmission speed of data sent by client.
By clicking on MAC address, you can obtain additional information about manufacturer of the device
connected to your AP. Furthermore, when you place mouse pointer over a column with operating mode
information (applies only for connections in Client mode), you’ll see following data:
• Client Info – client name from Access Control List;

• Flags – indicator of connection state – the flag value depends on type of hardware used;
• Tx Fail – number of transmission errors;
• Connect time – time elapsed from establishing a connection.
To refresh statistics displayed on this page, click on Refresh button.
Notes
• Indicator of signal strength (RSSI) shows values between 0 (weakest signal) to 100 (the
strongest). Minimum value that ensures fast and reliable connection is 40.
• Signal strength indicator works only in APC or AP mode – it’s unavailable for Bridge and
WDS connections.
• Building the client list displayed on this page may take up to 60 seconds. This delay is
caused by algorithm that detects IP addresses of devices connected to your AP.
4.1.4 DHCP Clients

List of clients with DHCP protocol enabled. This protocol allows automatic configuration of devices
connecting with your Access Point. The list contains IP and MAC addresses of each user, as well as
allocated period of time (in seconds), after which these settings will expire.
To refresh DHCP clients list, click on Refresh button.
4.1.5 Connection Tracking

Thanks to information on this page you can perform analysis of network connections. Displayed list
contains information such as IP address and port of Source device (from which data is sent), as well
as IP and port for Destination device (one that’s receiving data), protocol used and transmitted data
volume.
If traffic volume is high, creating the list of connections could take even
a couple of minutes.
4.2 Wireless
In this section you can find options needed to configure the WiFi interface, security features, and
functions that control access of wireless devices.
4.2.1 Basic Settings

Basic configuration of AP’s wireless interface. After adjusting these settings, you need to confirm changes
with OK button. If you click on Reset button, the page reverts to values displayed when you opened that
page. The Apply Changes button causes your AP to restart with your new settings enabled.
• Alias Name – A name that makes it easier for administrator to identify the device. This
name is displayed (along SSID) in title bar of Web interface’s window, also this is a
hostname in device’s system shell (shown when you log on to AP via Telnet or SSH
protocol).
• Disable Wireless LAN Interface – Selecting this option switches off wireless
interface.
• Mode – Device’s mode of operation. There are 5 mode settings available:
r AP Access Point – In this mode, your device operates as a transition point between
cable LAN and wireless devices that work within AP’s range.
r AdHoc Station – This mode allows direct connection between your AP and another
wireless device. This type of connection doesn’t require the presence of any master
devices (e.g. Access Points).
r APC Infrastructure Client – Choosing this mode turns your AP into a WiFi
network adapter (a slave device that needs to connect with another Access Point).
r P2P Bridge/Bridge Slave – With this mode enabled, you can build a two-point
WiFi bridge, or set up your AP as a slave element of a multipoint bridge. Such bridges
are transparent to other network devices and protocols.
r Bridge Master – Thanks to this option, you can set up your AP as the master device
of a multipoint bridge. There’s only one master device allowed per bridge.
• ESSID – Name of your wireless network. You need to enter correct ESSID name (the same as
in other devices), in order to connect your device with an existing WiFi network (in client mode),
or to let other users connect with your AP.
• Peer MAC Address – MAC address of the master device of a multipoint WiFi bridge (or other
device in a two-point bridge). This value applies only to wireless bridge mode. MAC address is
formatted as hexadecimal values separated with colons (e.g. 12:34:56:78:9a:bc).
• Enable Packet Aggregation – This option improves the performance of wireless bridges.
You should enable it only when other bridge elements also have APPro54G software. This
feature combines many short data packets into one – a single and bigger one. This significantly
increases bridge’s efficiency.
• Channel Number – Number of radio channel in WiFi spectrum. In AP and bridge modes, you
can select the channel manually. This option is unavailable in Ad-hoc and APC modes.
• Modulation – Type of supported wireless network. Available options are: 802.11b (with
maximum transmission speed of 11 Mbit/s), 802.11g (54 Mbit/s) and the automatic choice of
a WiFi standard. Optimum modulation setting depends on your network’s operating conditions.
Typically, 802.11g standard offers the best performance for indoor networks, but in some more
difficult cases you can get better results with 802.11b. This is also true for distances longer
than 1000 meters and a large number of clients. Mixed mode Both (b+g) could degrade
performance for 802.11g devices, but only this setting allows connections with faster
(802.11g) and slower (802.11b) clients.
• Slave MAC Address – If your AP operates as the master device of a multipoint bridge, in these
fields type MAC addresses of slave devices. MAC address is formatted as hexadecimal values
separated with colons (e.g. 12:34:56:78:9a:bc).
A device that operates in 802.11g mode will not detect any 802.11b devices
(on Site Survey page), and it will not be detected by these devices.
A device that operates in 802.11b mode will not detect any 802.11g devices
(on Site Survey page), and it will not be detected by these devices.
4.2.2 Advanced Settings

This page is intended for advanced users that need to adjust detailed settings of a wireless module.
These settings include transmitter and data transfer configuration. After adjusting these settings, you
need to confirm changes with OK button. If you click on Reset button, the page reverts to values
displayed when you opened that page. The Apply Changes button causes the device to restart with
your new settings.
• ACK Timeout – Time limit for packet acknowledgement (ACK). If AP won’t receive ACK in
time specified here, it sends the packet again. Large value of this parameter is useful (it can
improve network performance) when you work with long-distance connections or your
network has many intermediary devices. In such cases, optimum value for ACK Timeout is
255.
• Fragment Threshold – This parameter specifies the maximum size of a frame (basic
packet of information) that still may be sent without dividing it into smaller portions.
Lowering this value reduces impact of radio interferences on overall network performance
(in case of failed transmission, AP needs to resend smaller packet of data). If interferences
aren’t an issue in your network, you could increase this value to improve maximum
transmission speed. Extended discussion on this topic is available in section 6.8
(page 145).
• RTS Threshold – Frames larger than this value are preceded with RTS/CTS packets. These
packets reserve the radio channel for data transmission. Lowering this value improves
performance in networks that include large number of hidden nodes (devices that can
communicate with Access Point, but not with one another). Increasing this value improves
network’s maximum performance, unless there are some interferences. Extended discussion
on this topic is available in section 6.8 (page 145).
• Beacon Interval – Time interval between transmitting consecutive Beacon frames
(by your Access Point). These frames synchronize network devices, also they enable both WiFi
network detection, and connection. Lowering Beacon Interval value speeds up connection
of new devices to your network. Increasing this value slightly improves performance of WiFi
transmissions. Additionally, it reduces power requirements of devices operating in sleep mode.
• DTIM Period – Value that specifies how often Beacon frame will be accompanied by a
DTIM element. This element precedes transmission of buffered frames (that are collected in
memory of a WiFi device) between Access Point and a device that operates in sleep mode.
Buffering applies to broadcast (sent to all users at the same time) and multicast frames (sent
to many users) – such frames are special packets of information that don’t require
acknowledgement of reception. Increasing this value will decrease power consumption of
devices in sleep mode, and decreasing it speeds up delivery of buffered frames.
• Receiver Sensitivity – Lower value of this parameter (larger number after minus sign)
makes your AP receive weaker signals. Seemingly the receiver should be as sensitive as
possible to receive even the weakest radio transmission. However, a receiver that’s too
sensitive could “hear” other WiFi networks or other devices operating on the same frequency
band. This degrades network’s performance. That’s why you should adjust optimum
sensitivity to specific circumstances (e.g. number of wireless networks in your area,
interference level, physical obstacles blocking radio waves, etc.).
• Tx Power – Power of radio transmitter. Higher output power improves wireless network’s
range. However, sometimes it’s necessary to lower this value, e.g. to meet local regulations
for transmitter power, to avoid interferences with other wireless networks, or to prevent
signal overdrive. Recommended TX Power value is 18 dBm.
• Tx Rate – Speed of sending data from radio transmitter. Access Point can automatically
adjust this value (Auto setting), but this may degrade performance if the interferences occur.
You can also set transmission speed manually (to a value from 1 to 54 Mbit/s range).
Considering device’s sensitivity, the optimum transmission speed for 802.11g mode is 36
Mbit/s, and for 802.11b – 11 Mbit/s. In networks operating in open areas (outside
buildings) it’s recommended to use 802.11b mode.
• Tx Operation Rate – Working transmission speeds. With these options you can specify
at what speeds your device can send data. During data transmission, AP will try to use
highest speed available, and in the case of transmission errors – lower and lower ones.
• Tx Basic Rate – Supported transmission speeds. With these options you can specify
what transmission speed your device will support. This has some implications if your
network’s supposed to work with older WiFi devices that support a limited number of
transmission speeds. If a device’s set of supported speeds doesn’t match the set of your AP,
that device won’t get connected to the network.
Limiting supported speeds to a few of the most reliable ones

(e.g. 11 i 36 Mbit/s) improves performance of a radio link.
• Preamble Type – Lets you choose type of preamble – a stream of bits that synchronize
wireless transmission and indicate beginning of a data frame. To preserve compatibility with
older standards, networks use Long Preamble, which is 144-bits long. Since preamble is
always sent at the speed of 1 Mbit/s, it significantly degrades effective transmission speed of
a WiFi network. You can solve this problem with Short Preamble. It has only 72 bits, so
processing it takes half the time needed for a long preamble, hence it improves network
efficiency. Ensure that all devices operating in your network use the same preamble type.
• Broadcast SSID – Broadcasting of your network’s name. If Enabled, other clients can
easily find your network and connect to it. If you set this option to Disabled, your Access
Point will be invisible to standard methods of WiFi network detection. This would also mean
that users of your network should set SSID value manually. Remember that this feature will
hide your network from unauthorized users, but it won’t protect it – for this, there are other
means available.
• IAPP – Support for Inter-Access Point Protocol (IAPP). Setting this option to Enabled would
make your AP pass data from a foreign WiFi device to another AP (appropriate to that device).
However, that other AP has to cooperate with yours. This feature resembles roaming in cellular
phone networks, and it provides uninterrupted network access for mobile devices that move
between areas covered by different Access Points. Switching this option to Disabled causes
your AP to connect only with the devices that are members of your network.
• Block IBSS Traffic – Blocking of direct data exchange between users operating within range
of your AP. Enabling this option disallows sending information between client WLAN devices
(they won’t “see” one another), but communications between WiFi and LAN devices won’t be
affected. Blocking IBSS traffic can significantly improve operation of a network that offers Internet
access. Since blocking eliminates traffic between users, it decreases the load on your AP. An
additional benefit of this feature is blocking one of the common paths of virus attacks.
• NETBIOS Filtering – Blocking packets related to NETBIOS service. Enabling this option
eliminates traffic (between LAN 1, LAN 2 and WLAN interfaces) needed for “Network
Neighborhood” communication in Windows OS, and for sharing printers and other computer
resources. Because these packets are sent quite frequently, they decrease usable
transmission bandwidth. Additionally, this option improves network security and adds
immunity to some forms of virus infection. This feature works with IP protocol only, as it
blocks traffic on ports 135, 136, 137, 138, as well as 427, 445, 1025, and 1512. If your
network employs another protocol (e.g. IPX), NETBIOS service will be unaffected and still
could degrade wireless transmission speeds.
• Busy channel sensing – Method of automatic detection of occupied WiFi channels. You
can choose algorithms based on analysis of signal strength (Energy Detection), WiFi
signal characteristics (Carrier Sensing) or both methods combined (Both).
• Long retry limit – Maximum number of repetitions of large data frames (larger than
RTS Threshlold value).
• Short retry limit – Maximum number of repetitions of small data frames.
• Disable G-Protection – Selecting this option disables feature of protecting 802.11g
transmissions. This protection is based on WiFi channel reservation with CTS/RTS frames that
are sent in 802.11b mode. Following data packets are transmitted in faster 802.11g mode.
Thanks to this procedure, devices operating in an older (slower) mode will know about
transmission taking place, and won’t disturb it. Unfortunately, G-Protection degrades network
performance (by about 10 to 40 percent), hence it’s better to disable it if all devices operating
in your area support modern 802.11g standard.
• Disable OLBC Mode – Selecting this option switches off Overlapping Legacy BSS Condition
mode (OLBC). This mode ensures proper operation of a WiFi network (at the expense of
performance), in cases when on a given area and on the same channel, there is another AP
that supports 802.11b mode only (e.g. this is an older device or its clients operate in
802.11b mode).
4.2.3 Security
Thanks to options on that page you can protect your wireless network against uninvited guests.
• Authentication Type – Authentication method for wireless devices taking part in data
exchange. There are three authentication methods available. Authentication process makes
some use of encryption keys, but it is not connected with the actual encryption of data
packets or Access Control List (see: page 81). Authentication serves only as a means of
confirming access rights for a given device.
r Open System – Basic authentication algorithm that grants access to your AP to each
device asking for it. The only requirement here is sending a frame to Access Point,
which in turn answers with another frame. Performing these steps without errors
means that authentication was successful.
r Shared Key – Authentication based on WEP encryption keys stored in the memory of
each device in your network. In this method, after initial contact made by device,
it receives a frame with encrypted data, to which it has to answer with the same data
(also encrypted). Only after completing these steps such a device would be
authenticated.
r Auto – Automatic choice of authentication method (one of two described above).
Selecting this option means that authentication would be performed for devices that
make use of encryption, as well as those that don’t.
• AP Cloaking – Hiding your Access Point. Enabling this option has the same effect as
disabling Broadcast SSID option.
• Wireless LAN Encryption – Options related to data encryption in AP and APC modes.
• Encryption Method – Encryption algorithm used in your WiFi network. Choosing one of
them will protect data sent through the network against snooping software and devices. The
more advanced encryption, the higher potential load on network devices that not always are
equipped with hardware support for modern algorithms (this doesn’t apply to your Access
Point, which has hardware encryption built-in).
r WEP – Simplest, and most basic encryption algorithm. Unfortunately, it is also easy to
crack, so it should be employed at best for protection against accidental connection of
foreign users. This algorithm is based on a set of a few alternating encryption keys.
r WPA/TKIP – One of the successors of WEP algorithm. It is based on WEP’s cipher
hardware (which means it could be implemented on the same hardware as WEP), but
it has a more advanced encryption algorithm, better mechanism for choosing and
replacing encryption keys, as well as improved transmission control. Support for this
algorithm is quite widespread among wireless devices.
r WPA/AES – One of the safest encryption algorithms developed to date. This method also
has many improvements in elements that support the main algorithm – that further
boosts the security level.
r WPA2/AES – By choosing this option, you force other devices to communicate with your
AP only with the AES encryption enabled. Devices that don’t have support for AES
won’t be allowed to connect.
r Choosing the Disabled option switches the data encryption off.
With security and compatibility considerations in mind, it’s recommended to

use WPA/AES encryption algorithm (if other devices in your WiFi network
support it). WEP encryption is insufficient for adequate data confidentiality
– at most, you can use it to protect your network against connection of devices
that accidentally got in your AP’s range
• Key Length – Length of WEP keys (64 or 128 bits). The longer encryption keys mean
more robust protection of data transmission. Unfortunately, in the case of WEP method even
128-bit keys can’t provide an acceptable level of security.
• Key Format – Notation of WEP encryption keys. In the case of ASCII format it has the
form of character sequence (e.g. letters and digits) with specified length
(5 or 13 characters). Hex format (10 or 26 characters) is simply a collection of hexadecimal
numbers (digits 0–9 and letters a–f).
• Default Tx Key – Default WEP encryption key. For each user, this is the first encryption key
used in data exchange. After a given key is used, it gets replaced with another one.
• Encryption Key 1–4 – WEP encryption keys. Keys are stored in a format specified with
options discussed above. To protect your keys against snooping, their real values are masked
with asterisk characters.
• WPA Passphrase – Password for WPA algorithms. This password is a basis for encryption
keys created during data transmission.
Options described above apply only to AP and APC modes.
• Bridge/WDS Encryption – Settings for data encryption in WDS or Bridge mode.

r Encryption Method – Switches WEP encryption on or off (Disabled).
r Key Length – Length of WEP key (64 or 128 bits).
r Key Format – Notation of WEP encryption keys. In case of ASCII format, the key is a
sequence of characters (e.g. letters and digits) with a specified length
(5 or 13 characters). Hex format (10 or 26 characters) is simply a collection of
hexadecimal numbers (digits 0–9 and letters a–f).
• Encryption Key 1 – WEP encryption key. Key is stored in a format specified with the
options discussed above. To protect your key against snooping, its real value is masked with
asterisk characters.
4.2.4 Access Control

Access control established for your WiFi network. On this page you can specify which users are allowed
to connect to your network. After adjusting these settings, you need to confirm changes with the OK
button. If you click on Reset button, the page returns to values displayed when you opened that page.
The Apply Changes button causes the device to restart with your new settings enabled.
• Enable Wireless Access Control – Selecting this option activates access control
feature for your WiFi network.
• Access Mode – Operating mode of the Access Control feature. In Allow mode your AP is
accessible only to users placed on the list shown in lower part of the window. In Deny
mode, the situation is opposite – AP is accessible to all users except for those placed on
the list.
• MAC Address – Here you can type the MAC address of the device you want to add to
Access Control List. MAC address is formatted as hexadecimal values separated with colons
(e.g. 12:34:56:78:9a:bc).
• Comment – In this field you can put a short comment (description) that makes it easier to
identify a new entry in the list.
The Access Control List is located in the lower part of the window. This list contains MAC addresses
and comments that have been added earlier, as well as a selection box (in Select column) for
removing entries from the list. Below the list the following buttons are placed:
• Delete Selected – Removes selected entries from the list.

• Delete All – Clears all entries from the list.
• Reset – Clears all selection boxes on the list.
4.2.5 Site Survey

This page gives you access to the wireless network scanning tool built into APPro54G. With this tool,
you can search for networks (including those with protections enabled) on all 14 WiFi channels. In
case of a hidden SSID identifier, instead of network’s name you’ll see <HIDDEN SSID> information.
The list is ordered according to signal strength.
Site Survey tool displays the following information:
• SSID – Name of wireless network.

• BSSID – Wireless network identifier (AP’s MAC address).
• Channel – Number of channel on which the network operates,
and mode of operation (b or g).
• Type – Type of wireless network:
r AP – base station;
r Bridge – WDS or Bridge connection;
r AdHoc – sdirect connection without the participation of any master devices
(e.g. Access Points).
• RSSI/SQ – Power of received signal and its quality. Higher RSSI value indicates that a
stronger signal reaches your Access Point. Maximum RSSI value equals 100.
Minimum at which you still can have a good connection quality is 40.
• Select – Selection box for connecting to specified network.
By clicking on MAC address, you can obtain additional information about the manufacturer of the
device connected to your AP. Additionally, if you place the mouse pointer over SSID column, the
following information will be displayed:
• Station Address – actual address of a base station, usually identical with BSSID;
• Basic Rates – basic transmission speeds offered by a base station;
• Supported Rates – operating speeds supported by a base station;
• Preamble Type – type of preamble (long or short) that precedes packets in wireless
transmissions;
• Encryption – Enabled or Disabled data encryption.
• To repeat procedure of detecting wireless networks,

click on Refresh button.
• Clicking on Connect button connects your AP to the network
selected in the Select column.
If connecting to selected network fails, there are several possible reasons for failure:
• insufficient signal power;

• network’s authentication is based on MAC addresses;
• incorrect WEP or WPA keys (if such encryption is enabled in selected network);
• incorrect configuration of your Access Point (settings of preamble type, data rates, etc.).
4.2.6 WDS Settings

With options on this page you can configure your WDS (Wireless Distribution System). Thanks to this
system, you can use your device as an AP and as a wireless bridge simultaneously. WDS enables quick
setup of complete network infrastructure, which consists of many Access Points connected with radio
interfaces. WDS may be enabled only in AP mode. All member devices of a WDS network must operate
on the same channel, but they may have different SSID identifiers. During WDS network configuration
it’s essential to enter correct MAC addresses for each WDS device.
In line configuration, WDS enables communication over relatively long distances.
WDS with star topology uses secondary wireless stations,

and it can spread traffic over several AP devices..
Device with WDS mode enabled fully supports users connected to both
WLAN and LAN interfaces.
Each AP device holds settings for up to six other WDS devices.

In WDS with line topology, each additional WDS element degrades
network performance by 50%.
• Enable WDS – This option switches your AP to WDS mode.

• MAC Address – Here you can type MAC addresses of devices communicating with your AP
in WDS mode. MAC address is formatted as hexadecimal values separated with colons
(e.g. 12:34:56:78:9a:bc).
identify MAC address on the list.
• OK – Clicking on this button adds MAC address and a comment to the list of WDS devices.
• Reset – Clicking on this button reverts all fields to their initial values (shown when you
opened this page).
• Apply Changes – Clicking on this button restarts your Access Point with new settings
enabled.
In the lower part of the windows there’s a list (that contains MAC addresses and comments) of devices
connected with your AP in WDS mode. Each entry has a selection box (in Select column) that allows
deletion of the selected entry from the list. Below the list there are following buttons:
• Delete All – Clears all entries from the list.
• Reset – Clears all selection boxes on the list.
4.3 TCP/IP
With options in this section, you can configure wired LAN interfaces, advanced traffic control, and
manage the way your network operates.
4.3.1 Basic Settings

Basic configuration of TCP/IP protocol and the functions your AP performs in TCP/IP network. After
adjusting these settings, you need to confirm changes with OK button. If you click on Reset button,
the page reverts to values displayed when you opened that page. The Apply Changes button causes
your AP to restart with your new settings enabled.
A bridge, or a switch, is a device that connects elements of a network, and is

“transparent” (is not visible to other participants of the data transmission). A
bridge operates on MAC address level – it “learns” addresses of devices
connected to its ports and it doesn’t require a configuration of any kind.
Directing data packets to adequate ports of a bridge is based on destination
MAC addresses.
• Routing/Bridging mode – AP’s operating mode in a TCP/IP network. The following

options are available:
r Bridge – All network interfaces are connected with internal bridge as br0 interface. In
this mode, AP operates like a network switch, providing data exchange capabilities
between all active interfaces (LAN and WLAN). In this mode, you can set the following
options:
– IP Address – IP address of your Access Point;

– Subnet Mask – mask of a subnet, in which AP operates.
– Clone MAC Address – optional MAC address of your AP device (set it if you need
an address other than the default;
– Default Gateway – Address of a default gateway (needed for communication with
an external network).
WDS connections are always bridged with WLAN interface (as br0 interface).
Each request to the WLAN interface applies to wlan0 as well
as wlan0-wds0... wlan0-wds5.
LAN1 port in APPro software is the equivalent of an eth0 interface
in Linux system.
LAN2 port in APPro software is the equivalent of an eth1 interface
in Linux system.
A Router is a device that links computer networks, and it operates on

IP address level. Network administrator can assign to router’s ports
independent IP address ranges, which means, that any given port will be
available only to network devices that operate in specified range. Router
analyzes destination IPs of processed packets, and it sends them to adequate
interfaces (those with the destination machines connected). If a packet’s
destination address doesn’t match any of the router’s interfaces, it will be sent
to a router of higher order, also known as a default gateway.
r Router – In this mode, all AP’s interfaces operate independently. Your AP device
operates as a three-port router (LAN1 is eth0 interface, LAN2 – eth1, and WLAN is an
br0 interface). For each interface, you need to configure separate IP settings:
– IP Address – IP address of a given interface;
– Subnet Mask – mask of subnet, in which interface operates.
– Clone MAC Address – optional MAC address of the interface (set it if you need an
address other than the default);
r Router (LAN1, LAN2 Bridged) – Interfaces LAN1 (eth0) and LAN2 (eth1) are
connected with a bridge (br1 interface) and they operate much like a network switch.
They have a common IP address and a subnet mask (this address is also used to gain
access to your AP). WLAN interface operates independently from these ports, and your
AP works like a two-port router that manages traffic between LAN ports and a WLAN
(wireless interface). This mode operates exactly as in Ovislink 1120 device, and in APC
mode it allows connection to more clients with NAT feature enabled.
r LAN1/LAN2 Bridged interface settings – Common settings for LAN interfaces

(connected with a bridge).
– IP Address – IP address of AP’s LAN interfaces;
– Subnet Mask – mask of a subnet, in which interface operates.
– Clone MAC Address – optional MAC address of AP’s LAN ports (set it if you need
an address other than the default).
r WLAN Interface settings – Configuration of a wireless interface.
– IP Address – IP address of AP’s WLAN interface;
– Subnet Mask – mask of a subnet, in which WLAN interface operates;
– Clone MAC Address – optional MAC address of AP’s WLAN port (set it if you need
r Router (WLAN, LAN1 Bridged) – In this mode, the first LAN (eth0 interface) and
WLAN port (wlan0 interface) are connected with internal bridge, which operates like a
network switch. Both interfaces enable access to APPro54G’s management pages
through the same IP address and with the same subnet mask. The second LAN port
operates independently, and your AP operates as a two-port router, that manages traffic
between second LAN and a WLAN bridged with the LAN1 interfaces. In this mode, the
second LAN port is used to connect with external network (WAN), e.g. the Internet,
and in this configuration it’s common to also use connection sharing with NAT enabled.
Typical case for this mode is a DSL connection sharing between users on both wired
and wireless networks.
r LAN1/WLAN Bridged interface settings – Common settings for WLAN and LAN
interfaces (connected with a bridge).
– IP Address – IP address of AP’s WLAN and LAN1 interfaces;
– Subnet Mask – mask of a subnet, in which LAN and WLAN interfaces operate;
– Clone MAC Address – optional MAC address of AP’s LAN and WLAN ports (set it
if you need an address other than the default).
r WAN Interface settings (LAN2) – Settings for LAN interface, used to connect
with external network (the Internet).
– IP Address – IP address of AP’s LAN2 interface;
– Subnet Mask – mask of a subnet, in which LAN2 interface operates;
– Clone MAC Address – optional MAC address of AP’s LAN2 port (set it if you need
r Default Gateway – Address of a default gateway (used to communicate with external
networks). Here you can type IP address of a router responsible for data exchange with
the external network.
4.3.2 Advanced Settings

With options on this page, you can configure advanced settings of TCP/IP protocol. You can, for
example, enable access restrictions or remove some limits imposed by your service provider, etc. After
adjusting these settings, you need to confirm changes with the OK button. If you click on Reset button,
the page reverts to values displayed when you opened that page. The Apply Changes button causes
your AP to restart with your new settings enabled.
• Router Settings – Configuration of the router functionality.

r TCP SACK Algorithm – Enables or Disables a feature that protects Internet
connection against overloading (in cases when delays in packet reception’s
confirmation occur). Thanks to this option, AP repeats transmission of only those
packets that actually didn’t reach their destination.
r Maximum Packet Size – Maximum allowable size of packet, conforming with the
MTU (Maximum Transmission Unit) parameter of your connection. Decreasing this
value helps to avoid packet loss in case of poor quality connection and interferences
that damage large data packets. Adjusting this parameter is useful only in router
configurations.
• Bridge Settings – Extra configuration of a bridge.
r 802.1d Spanning Tree – Enables or Disables ability to automatically build
alternative routes for data packets. Thanks to this feature, it’s possible to retain
communication even in cases of a partial connection malfunction. Additionally, this
protocol ensures that at any given time only one route between two points is used.
In order to use this feature, it should be supported by all devices on data packet’s path.
r APC MAC Translation – This option Enables or Disables MAC address masking of
the devices connected to a bridge. With MAC translation enabled, you can connect
larger number of clients to the APC device. This option should always be enabled,
unless there are other recommendations (e.g. in case of PPPoE connections).
• DHCP Settings – With these settings your AP can automatically configure one of its
network interfaces with an external DHCP server. Additionally, AP can make this server
available to its users.
r DHCP Client – Enables or Disables the client of automatic configuration protocol
(DHCP). If enabled, this option allows your AP to acquire its network address.
r Request IP Address via – From this list you can choose a network interface,
whose address will be configured with DHCP. Make sure that the chosen interface is
connected with DHCP server, and its MAC address is stored in DHCP’s configuration.
r DHCP Relay – Enables or Disables relaying of DHCP communications between
external server and users of your Access Point. With this feature enabled, devices
connected directly to your AP will be configured automatically by an external DHCP
server that operates in another subnet. This option should be enabled if AP operates in
router mode, and your network uses one central DHCP server. This function should be
used in router mode only.
r DHCP Relay IP – IP address of DHCP server that receives the requests from your
clients.
• Network Address Translation – Settings of NAT feature that serves two primary
purposes. Most important one enables sharing of a single network address (in Internet)
between many clients of your internal network. These clients use private addresses from
10.0.0.0/8, 192.168.0.0/16, and 172.20.0.0/16 classes. At the same time, NAT masks
real IP addresses of the devices (they are ‘visible’ as just one IP) and it disallows direct
connections from the Internet to your internal network. This is the second most important
NAT feature – hiding identity and protecting your network’s users from external attacks.
r NAT – Enables or Disables feature of network address translation. This function is
relevant only in router mode.
r Outside Interface (Internet) – From this list you can choose the interface used
to communicate with the Internet. Available interfaces are: LAN ports, WLAN and
PPPoE (Point to Point Protocol over Ethernet). After enabling NAT feature, all packets
leaving selected interface will have sender’s IP address replaced with the IP of that
interface.
r Modify TTL – This option can be useful in many cases. It specifies operations
performed on TTL parameter (Time To Live), found in each TCP/IP packet. This
parameter defines the number of devices that packet can pass, before it will be
considered lost (expired) and as such removed. Purpose of this mechanism is to
prevent constant circulation of packets that can’t reach their destination address.
In practice however, TTL is also used to limit Internet access. If TTL value is set to 1
(by your network provider), packets received from the Internet can reach only the first
device in your local network. If this device isn’t user’s computer but for example
a router, such a packet will never reach it’s destination – it will never pass the router.
For this option, the following settings are available:
– Disabled – APPro54G operates in default mode and decreases each packet’s TTL
value by 1.
– Block Sharing – AP limits Internet access for its users. Packets from the Internet
will reach only devices that directly communicate with your AP, but not clients
behind such devices. This method can be used to protect your connection from
overloading by an excessive number of users.
– Increment – TTL value will be increased by 1. This way packets preserve their
original state, which in turn transfers any access limits from AP to AP’s clients.
– Set 128 – TTL value is set to 128, which provides devices connected to your AP
with unlimited Internet access. Choosing this option is somewhat risky, since it
could lead to creation of packets that constantly circulate in your network until you
power down your AP.
• Bandwidth management – Settings for initial configuration of traffic management feature.
r Uplink Interface (Internet) – From this list you can choose interface used to
communicate with the Internet. Traffic on this interface will be treated by management
feature as the traffic that comes from your clients to the Internet. You should choose
only one interface (LAN1, LAN2, WLAN, WDS or PPPoE) that is used to communicate
with the external network.
r Downlink Interface (clients) – Connection or connections assigned to clients in
AP’s internal network. Traffic on this interface will be treated as the traffic from the
Internet to your clients. You can select several interfaces used by your clients (LAN1,
LAN2, WLAN or WDS), but you can’t use interface already chosen as Uplink.
• Other settings – Additional TCP/IP protocol settings.
r DNS1 Address, DNS2 Address – Addresses of DNS servers. Thanks to these servers,
your AP is able to tie domain names with their assigned IP addresses. Thanks to DNS
service, you have to remember only the domain names (e.g. approsoftware.com
instead of 62.111.156.26). You should enter addresses of different DNS servers, so in
case of primary DNS malfunction, you could still use a secondary server. Additionally,
the DNS configuration is required if you use DHCP server, since DNS settings are
passed to your DHCP clients.
r Time server – Address of server providing current date and time. Such a server plays
an important role in synchronizing networks, and it ensures that the clock of your
operating system is always right.
4.3.3 DHCP Settings

With these options, you can configure a DHCP server built into your AP device. Thanks to the DHCP
feature, devices connected to your AP will be configured automatically. This makes your network much
easier to use, especially for less experienced clients. DHCP server operates only in one of the router
modes.
• DHCP Server – Enables or Disables DHCP server built into APPro54G software.
• DHCP Server Interface – From this list you can choose a network interface or interfaces
assigned to automatic configuration feature. You shouldn’t enable DHCP server with the
Bridge mode activated. There should be only one DHCP server per network. Available
options are closely linked to AP’s mode of operation (see: page 102):
r in router mode, there are LAN1, LAN2 and WLAN ports available – DHCP server will
assign IP addresses to the users connected only to one of these interfaces (as specified
in your configuration);
r in Router (LAN1/LAN2 Bridged) mode, you can choose either connected LAN1 and
LAN2 ports or the WLAN interface; in the case of LAN ports, the DHCP server will
assign IP addresses to the users connected to any of these interfaces (they are treated
as a single port);
r in Router (WLAN/LAN1 Bridged) mode, you can choose WLAN/LAN1 port – DHCP
server will assign IP addresses to the users connected to LAN1 and WLAN interfaces
(they are treated as a single port);
r in Router (WLAN/LAN2 Bridged) mode, you can choose WLAN/LAN2 port – DHCP
server will assign IP addresses to the users connected to LAN2 and WLAN interfaces
(they are treated as a single port);
• DHCP Client Range – IP address range reserved for DHCP server’s clients. These
addresses are automatically assigned to clients connecting with your AP. In these fields you
need to type values that are valid for your IP network and its subnet mask. If your DHCP
server uses static addresses only (see below), in DHCP Client Range fields enter range of
0.0.0.0 – 0.0.0.0. Also you need to remember that different interfaces cannot have different
IP ranges – a network may have just one DHCP server that manages available addresses.
With fields described below you can create static DHCP binds. These binds permanently link device’s
MAC and IP addresses.
• MAC Address – MAC address of a device connected with your AP. MAC address is
formatted as hexadecimal values separated with colons (e.g. 12:34:56:78:9a:bc).
• IP Address – IP assigned to a device connected with your AP. Ensure that IP address is
valid for your local network (e.g. it is consistent with subnet mask). Additionally, if the
dynamic part of DHCP server is also active (see above), the static address has to be located
outside IP range reserved with DHCP Client Range fields.
identify a device in the list.
• Add – Clicking on this button adds entered information to DHCP server’s static list.
Each entry on the DHCP list is accompanied with a selection box (the Select column). This box is
used to select entries you want to delete. Below the list the following buttons are located:

• Delete All – Removes all entries from the list.
• Reset – Clears selection from all boxes in the Select column.
DHCP server assigns the following parameters to each user:
• IP address: acquired from the defined table of static bonds

between IP and MAC addresses, or the first IP available in the
address pool;
• Gateway address: IP address specified on the TCP/IP Basic
Settings page, in the IP Address field of the interface assigned to
the DHCP server (DHCP Server Interface parameter on the
DHCP Settings page);
• Address of a name server: address typed in the DNS1 Address
field, on the TCP/IP Advanced Settings page.
If your network does not have any specific DNS server, you can use one of
following which are openly available:
• 194.204.159.1,
• 212.87.0.37,
• 213.134.128.19,
• 213.134.128.20,
• 62.111.156.14.
4.3.4 PPPoE Settings

Options on this page allow you to log your AP on to the external network (and make it available to AP’s
clients), with the PPPoE protocol. Point to Point over Ethernet is a protocol used to connect with access
device through a LAN network, but in similar fashion to dialup modems (it requires logging on with a
user name and password) PPPoE offers better network protection against unauthorized access than
a list of MAC addresses, and it permits more advanced encryption methods. Additionally, this protocol
is required for some DSL Internet access services. APPro54G also can relay traffic between users of
your internal network and the external PPPoE server – you need this feature in the router mode.
• PPPoE Relay Settings – Settings of PPPoE relay feature.

r PPPoE Relay Suuport – Enables or Disables support for relaying PPPoE packets.
You need to enable this option if your AP is operating in router mode. In APC
mode without router enabled, this option isn’t required for proper operation.
IF you enable this option in APC mode, you need to disable MAC translation
feature.
r PPPoE Server on – Choose the interface to which external PPPoE server is

connected. This list contains one of LAN ports or the wireless interface (WLAN).
r PPPoE Clients on – Interface connected with clients that use the external PPPoE
server.
r PPPoE Relay Sessions – Maximum number of sessions (independent connections)
that your clients may establish with the PPPoE server.
r Idle timeout – Time (in seconds), after which an inactive connection will be closed.
• PPPoE Client Settings – Settings required to establish a connection with the external
PPPoE server.
r PPPoE Client – Enables or Disables feature of connecting your AP with the
external PPPoE server.
r Interface – Choose an interface, to which external PPPoE server is connected.
Available interfaces are: one of wired (LAN) and the wireless (WLAN) interfaces.
r PPPoE User Name – User name for PPPoE server.
r PPPoE Password – Access password for PPPoE server.
Usually configuring your AP as a PPPoE client also requires enabling device’s

router mode with NAT functionality for the PPPoE interface.
4.3.5 Port Filtering

Options on this page are used to block packets that fall into specified categories. Thanks to this feature
you can limit traffic in your network, or protect your clients (by removing packets, e.g. typical to virus
attacks). For example, you can block packets with a specific source or destination port. This function
operates on each interface of your AP.
• Port Filtering – Enables or Disables packet filtering.

• Port – In these fields you can type a range of ports that will be blocked. Ports mentioned
above are numbers stored in data packets that allow organizing transmissions in specific
“channels”. If you want to block just a single port, enter its number in the first field.
• Protocol – Protocol, whose packets will be filtered (blocked). You can block TCP or UDP
protocol, as well as Both of them.
• Comment – Description that makes it easier to identify a set of options on the list of filtering
rules.
After setting options of packet filtering, you can add them to the list of rules with the OK button. If you
click on Reset button, the page returns to values displayed when you opened that page. The Apply
Changes button causes the device to restart with your new settings enabled. The bottom part of the
window contains the list of filtering rules you created.
• Start port – first port of the filtered port range,

• End port – last port of the filtered port range,
• Protocol – filtered protocol,
• Comment – rule’s description,
• Select – a box that allows you to select a rule for later removal from the list.
Below the list the following buttons are placed:
• Delete Selected – removes selected filtering rules from the list,

• Delete All – clears all entries from the list,
• Reset – removes all selections in the Select column.
Port filtering applies to all packets (and on all interfaces) that have source or
destination ports matching entered port range.
Keep in mind that setting a port range that’s too broad (from 1024 to 65535)
will block your traffic completely.
4.3.6 Port Forwarding

With options on this page, you can relay packets originating from the external network to your network’s
clients with specified IP addresses and port numbers. Thanks to this function, you can bypass NAT
mechanism and make ports of client devices (with private IP addresses) available on APPro54G
interface that has a public IP address. This way, your AP will relay connections coming from the
Internet to a client. Forwarding feature is available only with NAT enabled.
• Port Forwarding – Enables or Disables packet forwarding.

• WAN Interface IP – IP address that accepts connection from external network. These
connections will be redirected to specified internal address. Usually this is a public address
acquired from your network provider, and assigned to an interface configured as the
Outside Interface (Internet) on the TCP/IP Advanced Settings page
(in Network Address Translation section). In cases of configurations discussed in
sections 3.6 and 3.7, this is the WAN interface address on TCP/IP Basic Settings page.
In the case of configuration described in section 3.5, this is the address of the WLAN
interface. If your public address is dynamic (it changes in time), enter value of 0.0.0.0/0.
• WAN Port – Port number on your WAN interface. Connection established via this port on
AP device will be transparently passed on to the destination device with specified IP and a
port number.
• Protocol – Packets of this protocol will be forwarded by your AP device. Available
protocols are TCP and UDP.
• Destination IP – Address of a destination device (to which packets will be forwarded).
• Destination Port – Port number in the destination device that will receive packets
passed on by forwarding mechanism.
• Comment – Description that allows identification of a set of options on the list of forwarding
rules.
• OK – Clicking on this button adds settings entered in the fields described above to the list of
forwarding rules.
• Reset – Returns fields described above to their initial values.
• Apply Changes – This button restarts your AP with your new settings enabled.
In the bottom part of the window there’s the table of rules that control packet-forwarding feature. Apart
from options already described, each entry on that list has a selection box (in Select column), that
allows selection of multiple entries. Below the list there are the following buttons:
• Delete Selected – removes selected entries from the list,

• Reset – removes all selections in Select column.
4.3.7 Quality of Service

Options on this page control operation of the QoS (Quality of Service) feature. This mechanism
determines the packet flow in your network. After proper setup it provides many users (and programs)
with connectivity that isn’t too restricted, but at the same time individual connections won’t disturb one
another. After adjusting these settings, you need to confirm changes with the OK button. If you click on
Reset button the page reverts to values displayed when you opened that page. The Apply Changes
button causes your AP to restart with your new settings enabled.
• Advanced QoS – Enables or Disables QoS feature.

• Downlink interface/Uplink interface – This is information about interfaces
connected to external (Uplink), and internal (Downlink) networks.
• Downlink traffic – In this field you should type the maximum speed at which you can
download data from the external network (in kilobits per second).
• Uplink traffic – Here you should specify the maximum speed at which you can send
data to the external network (in kilobits per second).
• Queuing Discipline – Mode of managing the packet queue in QoS. If you choose
Priority Scheduler, QoS limits traffic based on priority assigned to each type of packets.
Traffic Limiter mode additionally allows you to specify the maximum percentage of the
total bandwidth for a given traffic category. Each traffic type can have one of following
priorities: High (the most important), Medium, or Low (the least important).
• ACK/UDP/ICMP Priority – Priority of the ACK packets (that acknowledge reception of
packets in the TCP/IP sessions), the UDP packets (DNS, DHCP, and VoIP communications),
and the ICMP packets (the control messages).
• Web Traffic Priority – Priority for packets transmitted when you browse the Web.
• Mail Traffic Priority – Priority for packets transmitted when you send or receive
e-mails.
• P2P Traffic Priority – Priority for packets utilized by file-sharing software.
• Other Traffic Priority – Priority for packets that don’t fall in any of the above
categories.
• Flow Limits: Enables or Disables Flow Limits feature, that allows you to lower the load
on your connection.
r Downlink packet limit – maximum total number of packets received in one
second from the external network (e.g. from the Internet).
r Uplink packet limit – maximum total number of packets sent in one second to the
external network.
r Downlink connection limit – maximum total number of concurrent TCP

connections from the external network.
r Uplink connection limit – maximum total number of concurrent TCP connections
to the external network.
4.3.8. Traffic Manager

With Traffic Manager options you can specify separate bandwidth settings for each user.
• Traffic Manager – Enables or Disables the Traffic Manager feature.

• Unlisted Clients Traffic – Specifies AP’s behavior for packets sent to and from the
users that are not placed on the list of rules. Available settings are:
r Deny – blocks packets for such clients;
r Forward – passes the packets without any action.
• Downlink interface – Interface to which AP’s users are connected.
• Uplink interface – Interface used for communication with the external network (e.g.
with the Internet).
• Client IP – IP address of a user whose traffic will be controlled. It’s recommended to
configure Traffic Manager using the IP addresses of your network users. You can also specify
a whole IP subclass, using short notation xxx.xxx.xxx.xxx/yy, where /yy is a number of initial
subnet mask’s bits set to 1. Specifying this parameter is optional.
• Client MAC – MAC address of user whose traffic will be controlled. Specifying this
parameter is optional.
• Protocol – Protocol subjected to the Traffic Manger rules:
r TCP – with this option, only the traffic in TCP sessions will be restricted (this applies to
Web browsing, e-mails or file transfer with FTP protocol and P2P networks).
r UDP – only the UDP traffic will be restricted (applies to instant messaging, VoIP
telephony, and some P2P software).
r Both – limits traffic for both TCP and UDP protocols.
r Block – blocks traffic for client with specified IP and/or MAC address.
• Downlink – Download speed assigned to a specified user (in kilobits per second).
• Uplink – Upload speed specified for given user (in kilobits per second).
• Connection limit – Maximum number of concurrent TCP connections.
• Packet limit – Maximum number of packets transmitted in one second.
• Comment – Description that makes it easier to identify an entry on the Traffic Manager
rules list.
After setting these parameters, you can add them to the management rules list by clicking on OK button.
If you click on Reset button the page returns to values displayed when you opened that page. The
Apply Changes button causes the device to restart with your new settings enabled.
Below these elements, there’s a list of traffic manager rules. On this list there are the same settings
you entered and the selection box in Select column that will let you select multiple rules. With these
buttons you can change the contents of the list:
• Delete Selected – removes selected entries from the list,

• Reset – clears all selection boxes on the list.
• Limiting number or connections applies to whole TCP traffic,

regardless of protocol used.
• Limiting packets’ transmission speed works in both directions
– for sending as well as receiving data.
• Setting any parameter’s value to 0 makes that parameter irrelevant
to operation of the traffic management.
• When you place the mouse pointer over one of the entries in
Protocol column, you’ll see additional information about the
specified maximum number of connections and the packet
transmission speed.
4.4. Other
Options in this section aren’t related to network settings. With them, you can for example enable
supervising functions and update your AP’s firmware.
4.4.1 Reboot
This page contains only the Reboot button. Clicking on it will cause your device to restart (switching
your Access Point off and on has a similar effect). Your device will be inaccessible until Status LED
indicates otherwise.
4.4.2 Firmware/Configuration Management

With this page you can update APPro54G firmware, as well as save and restore AP’s configuration.
Before you start this operation, you need to download the latest version of APPro54G or APLite
software. You shouldn’t install other firmware types – non-original versions could put your AP out of
action, forcing you to send the device for servicing.
• Restore Default – Clicking on this button reverts all AP settings to their default values
(pressing the Reset button on device’s backplate has similar effect). Default configuration
will be activated after you restart your AP or click on Apply Changes button.
• Backup/Restore Configuration – Thanks to these options, you can save current AP
settings in a file and restore them from one of such files.
r Please click here to download[…] – this link points to a file with current AP’s
configuration. The file is saved in GZIP format.
r Select File – Here you can type or choose a configuration file (saved earlier), which
will be uploaded to your AP.
r Upload Config – Clicking on this button uploads a file selected earlier to the Access
Point. This function is useful in case when you want to quickly restore device’s
configuration. Restored configuration will be activated after restarting your AP or
clicking on Apply Changes button.
r Reset – Restores Select File field to its initial value.
• Upgrade Firmware – With these elements you can send new version of APPro54G (or
other software intended for your device) to the AP.
r Select File – Here you can type (or choose) the name of a file that contains new
firmware version.
r Upload – By clicking on this button you can send chosen file to your device. After
successful completion of this operation you need to restart your Access Point.
r Reset – Restores Select File field to its initial value.
4.4.3 Password Change

On this page you can change access password to your AP device. The settings from this page also apply
to logging on to the AP with programs that support Telnet or SSH protocols. To remove password
protection, just leave the username and the password fields empty (but remember, that when you do
that, every user of your network will be able to change AP’s settings). After you change the access
settings, it’s necessary to restart the AP device.
• User Name – New user name required to log on to the Access Point.
• New Password – New access password for APPro54G software.
• Confirm Password – Here you need to enter the password again. This repetition ensures
that you enter the password without any errors.
• OK – After you click on this button, the new access password will be in force. Also, the log
on dialog box will show up.
• Reset – This button returns fields described above to their initial values.
4.4.4 System Settings

On this page, you can configure a server used to event logging, and enable the watchdog module, that
oversees AP operation.
• Watchdog settings – Settings of the watchdog module. This module’s operation is based
on sending Ping packets to specified IP address. If this IP stops responding to Pings, your
AP will be restarted. This feature allows quick restoration of connectivity if one of the radio
links hangs.
r Watchdog – Enables or Disables watchdog module.
r Watchdog Interval – From this list you can choose time interval between
consecutive checks of specified IP address. Available are values from 3 to 43 minutes.
r Test IP Address – IP address of a device, whose availability is tested by the
watchdog.
• Syslog settings – Settings for logging of system events occurring in APPro54G software.
r Syslog mode – Syslog’s mode of operation. Available options are Disabled
and Normal.
r Syslog server IP – IP address of a device that will register events occurring in your
Access Point.
• OK – Clicking on this button saves settings described above.
• Reset – This button returns opened page’s fields to their initial values.
• Apply Changes – Clicking this button restarts your Access Point with the new settings
enabled.
• Technical support – Here you can obtain information useful for analysis and resolving
technical problems. To use this feature, click on Generate button – AP device will create a
report describing its current configuration and operation. This report should be handed over
to tech support staff. To get this report file, you need to open System Settings page
again, and click on Get technical support link.
Files with settings and information for tech support are compressed in tar.gz format.
Tech support files may contain passwords and IP addresses of other devices.
Creating support file may take up to several minutes.
4.4.5 Register Now!

On this page you can register your Access Point software. Registered users will receive the latest
information about APPro54G software, e.g. new firmware versions. E-mail addresses of registered
users will not be shared with any third parties. Registering several Access Points with just one e-mail
address will not increase the number of messages sent to that address.
• Register – Clicking on this button sends entered e-mail address to authors of APPro54G
software. After you register, messages asking for product registration will not show up again.
4.4.6 Technical Support

Clicking on this item will direct you to http://approsoftware.com/ Web page. This site contains
tips for APPro users, forum and the means of contacting the authors of this software – they can help
you resolve problems you might encounter.
4.5 Statistics
This section provides summary information on device’s state and its past operation.
Statistics on this page will be lost after you restart your AP device.
4.5.1 Traffic Statistics

Traffic statistics for a network supervised by your AP. Here you can find average transmission rates on
each interface (Current Traffic), as well as WLAN interface’s data for the last hour, day, week, and
month of operation.
4.5.2 QoS Statistics

If you enabled QoS feature, this page lets you check how it is operating. Information about each
category of traffic is displayed in two tables – separate for downloaded (Downlink) and uploaded
(Uplink) packets. You can check the total volume of data transferred (Total - MB), number of
packets (Total - Kpkt), as well as transmission speed in kilobits per second (Traffic - kbps)
and packets per second (Traffic - pps).
4.5.3 Client Statistics

This page contains statistics for each client placed on the list of Traffic Manager rules. These statistics refer
to traffic sent from AP through each interface and WDS. Each section contains such data, such as MAC
and IP addresses of a given device, traffic volume (Total - MB and Total - Kpkt), average
transmission speeds (Traffic - kbps and Traffic - pps), and a description of the device
(Comment).
Restarting your AP or changing its configuration can take up to even couple of

minutes. If instead of statistics you see Please wait while reconfiguring
message, this means that entering new data to the Traffic Manager hasn’t
completed yet.
CONFIGURATION USING LINUX CONSOLE 119
5 Configuration using Linux console
5.1 Logging on to APPro54G software

APPro54G software provides users with Linux system console, accessible by Telnet and SSH protocols.
Requirements
Recommended SSH client for Windows OS is Putty software,
(available at <http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html>),
and for Linux or Mac OS users there’s SSH client built-in.
Actions (Windows OS)

• Start Putty client and type the following:
r Host name: IP address of the AP device;
r Protocol: SSH;
r Port: 22.
• Click on Open button. Use the same login and password data as in AP’s Web interface.
Actions (Linux system)

• Type command ssh -l login ip address, where:
r login: login (user name) for APPro54G software (same as in Web interface);
r ip_address: address of the AP device, to which you want to log on.
• When asked, enter the same password as in AP’s Web interface.
120 CONFIGURATION USING LINUX CONSOLE
After successful logon, user has the access to a Bash-compatible system

shell. Basic configuration tool here is the vi editor. Complete list of available
commands can be obtained after pressing TAB key twice, and short help for
each command is displayed after issuing that command with -h switch.
Sections below discuss only a few shell commands – the ones that are most
relevant to APPro54G software. Complete documentation for each command
and the manual of vi editor can be found on following sites:
• http://man.he.net/
• http://busybox.net/
• http://www.eng.hawaii.edu/Tutor/vi.html
and in following books:

• Learning the vi Editor
By: Linda Lamb, Arnold Robbins
- 83-7197-539-2
• Learning the bash Shell.
By: Cameron Newham, Bill Rosenblatt
- 83-246-0047-7
5.2 Filesystem structure

Primary filesystem of the APPro54G software is placed on a ramdisk. This drive’s content is integrated
with firmware and the user can’t modify the filesystem directly (it is automatically restored after the
device restarts). Hence you need to remember that any changes to system files will be lost after the AP
is shut down. However, you can change APPro’s configuration and its modules by modifying /etc and
/usr/local directories – their contents can be saved to the flash memory with flash save
command. This saved configuration will be restored during AP’s power up or restart.
Filesystem of APPro54G is organized similarly to any other Linux system. Its directories have the
following purpose:
• /bin programs and tools;
• /dev special files of devices;
• /etc configuration files;
• /lib libraries;
• /proc system kernel interface;
• /sbin administrative programs and tools;
• /tmp temporary directory, working files;
• /usr/bin additional programs and tools;

• /usr/sbin administrative programs and tools;
• /usr/local user-installed programs and scripts;
• /var working files;
• /var/log system logs;
• /web Web pages.
For users of the APPro54G software, the most important files are placed in
/etc, /usr/local and /var/log directories.
Configuration files located in /etc directory have the following purpose:

• appro.conf primary configuration file of the AP;
• hw.conf information about hardware configuration (this file is created
automatically during start of the AP);
• macaccess.conf configuration of Access Control List (ACL) for client stations;
File format: mac comment, where:
mac: MAC address of a client device
(e.g. 01:23:45:67:89:ab),
comment: description (optional).
• portfiltering.conf configuration of port filtering feature;
File format: start end mode comment, where:
start: first port in a range (from 1 to 65535);
end: last port in a range (from 1 to 65535);
mode: 0 – UDP + TCP, 1 – TCP, 2 – UDP;
• portforwarding.conf configuration of port forwarding feature;
File format:
wan_ip wan_port mode dest_ip dest_port comment,
where:
wan_ip: WAN interface address, e.g. 0.0.0.0/0;
wan_port: port number on a WAN interface, e.g. 4662;
tryb: 0 – TCP, 1– UDP;
dest_ip: destination IP address, e.g. 192.168.3.244;
dest_port: number of a destination port (from 1 to 65535);
komentarz: description (optional).
• traffic.conf configuration of Traffic Manager feature;
File format: adres_mac adres_ip mode downlink
uplink connections packets comment, where:
adres_mac: MAC address (e.g. 01:23:45:67:89:ab)
or ‘*’ (if any);
adres_ip: IP address (e.g. 1.1.1.1, 1.1.1.1/24)
or ‘*’ (if any);
tryb: 0 – TCP+UDP, 1 – TCP, 2 – UDP, 3 – block;

downlink: maximum limit of the Downlink speed (transfer
rate for downloading data from an external network)
or 0 (if unrestricted);
uplink: maximum limit of the Uplink speed (transfer rate for
uploading data to an external network) or 0 (if unrestricted);
connections : maximum number of concurrent connections
or 0 (if unrestricted);
packets: maximum number of packets transferred in one
second or 0 (if unrestricted);
• wds.conf configuration of WDS connection;
File format: mac comment, where:
mac: MAC address of a WDS device
(e.g. 01:23:45:67:89:ab)
• wlan.conf file with additional settings of the wireless interface;
List of iwpriv commands in following format:
/bin/iwpriv wlan0 set_mib DIG_enable=1
/bin/iwpriv wlan0 set_mib rssi_dump=1
This list is run at the end of configuration process of the
wireless interface.
• wpa-aes.conf settings of WPA/AES encryption;
• wpa2-aes.conf settings of WPA2/AES encryption;
• wpa-tkip.conf settings of WPA/TKIP encryption;
• addr.conf with this file you can assign additional IP addresses to each
AP interface;
• route.conf with this file you can configure new static routes;
• qos.conf with this file you can add new, independent QoS mechanism;
• crontabs/root configuration of cron daemon, responsible for periodical
starting of processes. Crontab used in APPro54G employs
Dillon's Cron format.
• firewall/input.sh with this file you can add new firewall commands to INPUT
chain;
• firewall/forward.sh with this file you can add new firewall commands to
FORWARD chain;
• firewall/output.sh with this file you can add new firewall commands to OUTPUT
chain;
• firewall/nat.sh with this file you can add new firewall commands to MANGLE
and NAT tables;
• inetd.conf configuration of inetd daemon, which in APPro54G is
responsible for starting Telnet and SSH servers. Modifying this
file can disable Telnet or SSH access to your device.
• inittab init process configuration, which is responsible for system

startup and the order of process launching;
• passwd temporary file with passwords,
based on defaults/passwd.def file and AP’s configuration;
• resolv.conf temporary file of the resolver (DNS client), based on
defaults/resolv.conf.def file and AP’s configuration.
Editing this file allows you to change DNS servers used by
APPro54G.
• udhcpd.conf temporary file with DHCP server configuration, based on files
udhcpd.static.conf and defaults/udhcpd.conf.def.
Editing this file allows you to change DHCP configuration.
• udhcpd.static.conf file that stores DHCP’s static links. When DHCP server starts,
this file is used to create udhcpd.conf file.
• ppp directory with configuration of PPPoE server and client;
• TZ file with definition of time zone, which is used by APPro54G
for proper clock setting;
• ssh directory with encryption keys used by SSH server.
For detailed information on format of configuration files, refer to Linux system

manual. Thanks to flash save command, user can store contents of /etc
directory in AP’s flash memory.
All configuration files in APPro54G are prone to syntax errors. When you edit
such files, you need to strictly comply with correct format of these files.
Any mistake made in configuration files may disturb access to the AP
(to regain it you’d need to reset your device).
After you update AP’s firmware, its default settings may be written (for safety reasons) in the following
directories:
/etc/crontabs/
/etc/crontabs/root
/etc/defaults/
/etc/defaults/udhcpd.conf.def
/etc/defaults/resolv.conf.def
/etc/defaults/passwd.def
/etc/fstab
/etc/inetd.conf
/etc/inittab
/etc/ppp/
/etc/ppp/pppoe-server-options
/etc/ppp/options
/etc/ppp/pap-secrets -> chap-secrets
/etc/ppp/chap-secrets
/etc/qos.conf
/etc/wlan.conf
/usr/local directory
You can store user scripts and programs in /usr/local directory. Binary programs should be compiled
for MIPS architecture, with file size not larger than 128 KB. If user needs to start his own script during
APPro54G startup, he should save it with user.sh name in /usr/local directory. Next, it’s
necessary to set file’s execution attribute (with command chmod a+x user.sh) and save directory
contents with flash save command. After doing this, the user script will be started every time the
settings of APPor54G are activated.
Remember that you need to use /bin/sh shell, not the /bin/bash!
Example script:
#!/bin/sh
echo "Configuration test"
To store contents of this directory in flash memory, use flash save command.
/var/log directory
This directory contains the following log files (created by APPro54G):
• boot.log messages related to APPro54G startup;

• iwpriv.log log for configuration of AP’s wireless interface;
• messages.log messages sent with syslog protocol;
• webs.log Web server logs;
• webs.log.err error messages related to Web server.
Log files are deleted every hour, which is necessary because of the small
amount of free space in device’s filesystem. If you need to analyze or store
logs created over longer period of time, you need to configure APPro54G to
send logs to an external syslog server.
5.3 Commands specific to APPro54G
• arp -an displays current contents of ARP table (a table that

contains connections between MAC and IP addresses);
• cat /proc/wlan0/sta_info displays detailed information about wireless clients
connected to APPro54G. With this command, you can
check connection parameters,such as RSSI:
r [...]
r rssi: 35
r wds_tx_bytes: 457717677
r wds_rx_bytes: 703255291
r wds_tx_pkts: 1235093
r wds_rx_pkts: 1325243
r wds_tx_fail: 2
r [...]
r current_tx_rate: 11
r current_rx_rate: 11
r [...]
where tx refers to sending bytes and packets, rx – receiving data,
tx_fail – transmission errors, and ‘current’ entries refer to present transmission
speeds.
• connection_tracking.sh a script that displays list of TCP/IP sessions

maintained by your AP;
• flash save saves the /etc and /usr/local directories to
AP’s flash memory;
• flash restore restores the /etc and /usr/local directories
from AP’s flash memory;
• flash dump nazwa_pliku this command dumps contents of the flash
memory (that contains firmware) to a file with
specified name;
• flash bootloader_dump nazwa_pliku this command dumps contents of the flash
memory (that contains bootloader – a program that
loads firmware) to a file with specified name;
• flash hardware displays hardware configuration of your AP;
• flash save-config saves configuration to device’s flash memory.
This command saves following files:
/etc/appro.conf,
/etc/macaccess.conf,
/etc/portfiltering.conf,
/etc/portforwarding.conf,
/etc/traffic.conf,
/etc/udhcpd.static.conf, /etc/wds.conf
and the directories: /etc/ppp, /etc/ssh.
• flash restore-config restores a configuration from the flash memory;
• flash --reset restores the default configuration of APPro54G;
• system scan starts wireless network scan;
• system sta_info displays detailed information about clients
in a wireless network;
• system module _TEMP shows device’s temperature;
• system module _VOLT shows operating voltage;
• system module _LM35 reads a temperature using a precise LM35 sensor
(before using this command, you should have the
sensor installed on the APPro54G module);
• vnstat -tr -i wlan0 with this command you can analyze the traffic on
specified interface and check the current transfer
rate in kilobytes and packets per second;
• vnstat -h -i wlan0 displays a graph of hourly traffic statistics
for specified interface;
• vnstat -d -i wlan0 displays a table with daily traffic statistics
• vnstat -w -i wlan0 displays a table with weekly traffic statistics
• ifstat -W -i eth0,eth1,wlan0 -T -S -b 1
shows real time traffic statistics for each interface;
• iwpriv this command is used for advanced configuration
of the wireless interface;
This command uses proprietary parameters that are not compatible with the
wireless tools standard. Undocumented parameters
(with unknown purpose) are listed below:
parameter max max

input output
characters characters
r set_mib (89F1) : set 350 char get 0
r get_mib (89F2) : set 40 char get 128 byte
r write_reg (89F3) : set 128 char get 0
r read_reg (89F4) : set 128 char get 128 byte
r write_mem (89F5) : set 128 char get 0
r read_mem (89F6) : set 128 char get 128 byte
r write_bb (89FA) : set 128 char get 0
r read_bb (89FB) : set 128 char get 128 byte
r write_rf (89FC) : set 128 char get 0
r read_rf (89FD) : set 128 char get 128 byte
r del_sta (89F7) : set 128 char get 0
r write_eeprom (89F8) : set 128 char get 0
r read_eeprom (89F9) : set 128 char get 128 byte
r mp_start (8B61) : set 0 get 0
r mp_stop (8B62) : set 0 get 0
r mp_rate (8B63) : set 40 char get 0
r mp_channel (8B64) : set 40 char get 0
r mp_txpower (8B65) : set 40 char get 0
r mp_ctx (8B66) : set 128 char get 0
r mp_arx (8B67) : set 40 char get 128 char
r mp_bssid (8B68) : set 40 char get 0
r mp_ant (8B69) : set 40 char get 0
r mp_query (8B72) : set 40 char get 0
• reload reloads AP’s configuration (this is similar to clicking

on Apply Changes button in AP’s Web interface);
• start.sh script that reloads APPro54G’s configuration. Running this script
has the same effect as clicking on Apply Changes button in
AP’s Web interface. However, it’s recommended to use reload
command instead of this script.
• tcpdump a tool for capturing and analyzing packets transmitted by the AP
device. This is a simplified version of the tcpdump sniffer, which
is included in every Linux distribution. It accepts the following
parameters:
r -i interfejs specifies monitored interface;
r -f expression optional filtering expression (its syntax is described below).
– ! negates next parameter;
– proto udp|tcp|icmp specifies monitored protocol;
– sport numer_portu source port of monitored packets;
– dport numer_portu destination port of monitored packets;
– src adres IP source address of monitored packets;
– dst adres IP destination address of monitored packets.
Example: tcpdump -i wlan0 -f proto tcp src 192.168.3.1
• tc class stats dev wlan0 displays traffic manager statistics for specified interface
(wlan0, eth0, or eth1);
• tc class stats dev imq0 displays QoS statistics for uplink traffic (imq0 interface)
or downlink traffic (imq1 interface).
5.4 APPro54G’s boot process

After the bootloader is started, it loads compressed system kernel, along with a ramdisk image. Next
step is to launch the kernel and decompress contents of a ramdisk to the reserved RAM memory. Then
the boot.sh script is launched, which performs the following tasks:
• loading modules;
• kernel configuration;
• decompression of a file that contains user data (saved earlier with flash save command);
• decompression of configuration data (saved with flash save-config command);
• reading of hardware configuration;
• starting processes that are invoked only once after AP’s restart;
• launching the inetd daemon;
• launching the init program.
Further steps of the startup procedure depend on init program configuration.

Default actions are:
• starting event log mechanism;

• launching start.sh script, which is responsible for AP’s reconfiguration;
• launching the Web server, the watchdog and the cron.
The start.sh script is responsible for proper APPro54G configuration – either after device’s restart,
or when you click on Apply Changes button in AP’s Web interface. It performs the following actions:
• reading of the configuration;

• switching off the wireless module;
• configuring the wireless interface;
• configuring TCP/IP;
• restarting daemons that perform additional functions;
• configuration of DNS, DHCP RELAY, SSH, PPPOE RELAY, and WPA;
• launching the configuration scripts for:
r /bin/dhcp.sh DHCP server and client;
r /bin/pppoe.sh PPPoE client;
r /bin/firewall.sh firewall;
r /bin/qos.sh QoS.
Configuration of inetd daemon ensures access to Telnet and SSH services. You can change it by
editing /etc/inetd.conf file. If you modify scripts, remember that any mistake you make may lead
to improper AP operation and the necessity of reverting to default settings (with the Reset button).
Additionally, it’s necessary to launch the firewall.sh script before qos.sh – otherwise, the QoS
feature won’t operate properly.
5.5 APPro54G’s interfaces configuration

APPro54G software makes use of several system interfaces, usually corresponding to physical
interfaces of the device. The most important interfaces are:
• eth0 First Ethernet interface of the RTL8186 controller,

connected to LAN1 port of the AP device. In AP’s Web
interface, this port is described as LAN1 and it’s intended
for connecting with a local network.
• eth1 Second Ethernet interface of the RTL8186 controller.
It corresponds to LAN2 port of the AP device. In Web
management interface, this port is described as LAN2
or WAN, and it’s intended for connecting with a local
network or a WAN connection (e.g. the Internet).
• wlan0 Primary wireless interface in the AP, APC and AdHoc
modes.
• wlan0-wds0–wlan0-wds5 Virtual wireless interfaces utilized in WDS and Bridge
modes. Each the of devices operating as a WDS or a
Bridge gets separate a wlan0–wdsX port, where X stands
for number of entry in the WDS or Bridge table.
Depending on the requirements, interfaces in APPro54G can be combined into a bridge thanks to
kernel’s features and the brctl tool. Bridge configuration depends on AP’s operating mode chosen on
TCP/IP Basic Settings page (in Routing/Bridging mode section):
• Bridge
r In this mode, all interfaces (eth0, eth1, wlan0 and – if WDS is enabled and MAC
addresses entered – active wlan0–wds0 – wlan0–wds5 interfaces) are connected
to the br0 interface.
r IP and MAC addresses, as well as the subnet mask entered in Bridge Interface
settings section, are associated with the br0 interface.
• Router
r In this mode the wlan0 and – if WDS is enabled and MAC addresses entered – active
wlan0–wds0 – wlan0–wds5 interfaces are connected to the br0 interface.
r eth0 interface operates independently.
r IP and MAC addresses, as well as the subnet mask entered in LAN1 Interface
settings section, are associated with the eth0 interface.
r IP and MAC addresses as well as the subnet mask entered in LAN2 Interface
settings section, are associated with the eth1 interface.
r IP and MAC addresses as well as the subnet mask entered in WLAN Interface
settings section, are associated with the br0 interface.
• Router (LAN1/LAN2 Bridged)

r In this mode wlan0 and – if WDS is enabled and MAC addresses entered – active
r eth0 and eth1 interfaces are assigned to the br1 interface.
r IP and MAC addresses as well as the subnet mask entered in LAN1/LAN2 Bridged
interface settings section are associated with the br1 interface.
r IP and MAC addresses as well as the subnet mask entered in WLAN Interface
settings section are associated with the br0 interface.
• Router (WLAN/LAN1 Bridged)
r In this mode eth0, wlan0 and – if WDS is enabled and MAC addresses entered – active
r IP and MAC addresses as well as the subnet mask entered in LAN1/WLAN Bridged
interface settings fields are associated with the br0 interface.
r IP and MAC addresses as well as the subnet mask entered in WAN Interface
settings (LAN2) fields are associated with the eth1 interface.
• Router (WLAN/LAN2 Bridged)
r In this mode eth1, wlan0 and – if WDS is enabled and MAC addresses entered – active
r IP and MAC addresses as well as the subnet mask entered in WAN Interface
settings (LAN1) section are associated with the eth0 interface.
r IP and MAC addresses as well as the subnet mask entered in LAN2/WLAN Bridged
interface settings section are associated with the br0 interface.
APPro54G software also makes use of imq0 and imq1 interfaces – these are
used for bandwidth management, but they don’t have assigned IP addresses.
5.6 Internal firewall

APPro54G software employs iptables firewall module, operating in both router and bridge
configurations. This firewall serves the following purposes:
• NETBIOS traffic filtering, if NETBIOS Filtering option is enabled. In that case, TCP/UDP
traffic on 135, 137, 138, 139, 427, 445, 1025 and 1512 ports is blocked.
• traffic filtering on ports specified by user (option Port Filtering in Web interface);
• packet marking for QoS and Traffic Manager modules;
• limiting number of concurrent connections and packet transmission speed;
• NAT feature implementation.
Detailed diagram of packet flow through firewall in APPro54G software:
• User of APPro54G software can perform advanced firewall

configuration by modifying scripts found in /etc/firewall/
directory. However, to store all these changes, you need to save
them with the flash save command.
• To display the complete list of extensions installed for iptables,
you can use the iptables -h command.
• Additional information about firewall operation is available on
http://www.docum.org/docum.org/kptd/ Website.
Supplemental information on topics discussed in this section is available on APPro54G’s

homepage: http://approsoftware.com/appro54g/
5.7 QoS module

Thanks to the bandwidth management features that prevent a connection overload, AP ensures
appropriate quality of a network service (usually: Internet access) for all users.
APPro54G software makes use of three independent bandwidth management modules:
• QoS – this module makes use of following interfaces:

r imq0 – interface, to which UPLINK traffic is directed (traffic coming from interface
selected as Uplink Interface (Internet) on TCP/IP Advanced Settings
page);
r imq1 – interface, to which DOWNLINK traffic is directed (traffic coming from interfaces
selected as Downlink Interface (clients) on TCP/IP Advanced Settings
page);
• Flow Limits – module that imposes global limits (for all users and traffic categories) on
packet transfer speeds and number of connections. In order to achieve this functionality,
Flow Limits utilizes limit and conlimit modules of the firewall. Limiting the traffic takes
place in FORWARD chain. Connections that exceed specified values are rejected with tcp-
reset message.
• Traffic Manager – module that utilizes eth0, eth1, wlan0 and wlan0–wds0 to
wlan0–wds5 interfaces. Choice of these interfaces is based on settings for UPLINK traffic
(coming from interface set as Uplink Interface (Internet) on TCP/IP Advanced
Settings page) as well as for DOWNLINK traffic (coming from interfaces set as Downlink
Interface (clients) on TCP/IP Advanced Settings page).
QoS mechanism creates four HTB classes for each of imq0 and imq1
interfaces (this is also based on settings from TCP/IP Quality of Service
page). Each class has its own ESFQ queue. Assigning traffic to each of these
queues is based on ports and markings added to packets with IPP2P
module.
• Traffic Manager creates a separate queue for each user with IP

or MAC specified on TCP/IP Traffic Manager page.
Additionally, for each user special firewall entries are added to
FORWARD chain. These entries limit packet transfer speeds and
number of concurrent connections to the values specified in
preferences. Packet transfer limit doesn’t apply to ports with
numbers 80, 81, 8080, 443, 3128, 110, 25, 465 and 99.
• Additionally, if Unlisted Clients Traffic option is set to
Deny, the firewall passes (in FORWARD chain) traffic for valid
IP/MAC addresses only.

homepage: http://approsoftware.com/appro54g/
ADVANCED TOPICS 135
6. Advanced topics
6.1 Syslog
Syslog is a mechanism of registering event messages with a special remote server. A syslog server is
built into each Linux OS distribution, but usually it’s configured in such a way that it accepts messages
from local machine only (not from the network).
To configure syslog server in Linux for receiving messages sent by APPro54G, you need to add ‘-r’
switch to the syslog call.
syslogd -r
Detailed information about syslog settings is available in Linux system documentation.

Also Windows users can benefit from external syslog server. However, they need to install extra
software, for example downloaded from page http://www.kiwisyslog.com/index.php – even the
freeware version of this application would be sufficient for events coming from APPPro54G. In order to
install this server, you need to run it with default settings (using port 514 of UDP protocol) and make
sure that it will operate uninterrupted (to ensure constant reception of messages).
After installing a syslog server, you need to enter its IP address in APPro54G configuration (on
System Settings page, Syslog server IP field – see page 115). Of course, there should be a connection
established between your Access Point and a computer that logs its events. This requires a change of
firewall settings in order to permit traffic on UDP port 514.
Messages sent to a syslog server look like this:
wlan0: A expired STA is resumed – 00:E0:98:C5:9D:1C

wlan0: A STA is expired – 00:E0:98:C5:9D:1C
wlan0: A STA is expired – 00:4F:62:02:B3:0D
wlan0: A expired STA is resumed – 00:4F:62:02:B3:0D
wlan0: A expired STA is resumed – 00:4F:62:02:B3:0D
136 ADVANCED TOPICS
6.2 Messages for AP’s clients

In some cases it’s necessary to display a special message for users connecting with your AP. In devices
based on the APPro54G software, you can use this feature under the following conditions:
• Devices based on the RTL8181 controller have to operate in router mode.

• Devices based on the RTL8186 controller may operate in bridge or router mode.
• You need to have some knowledge of Linux operating system, iptables software, as well as
bash shell and vi text editor.
• It’s recommended to install the latest version of APPro54G.
Configure your device with extra care. The following procedure is intended for
advanced users only. Any mistake could lead to disabling access to your AP!!!
• Place a Web page with the message to your users in AP’s memory. Keep this message file
as small and simple as possible. If you need to have some graphics files with your message,
put them on other servers. These files will be downloaded from there, while the message
itself will come from your AP. Save your page in /usr/local/ directory (in AP’s filesystem).
Online.PL/APPro (Poltegor.zachod)# cd /usr/local/

Online.PL/APPro (Poltegor.zachod)# vi my_message.htm
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>Internet access denied </TITLE>
</HEAD>
<BODY>
<H1>No access to the Internet</H1>
The connection is blocked.
<P>
Please, contact customer support, tel xx xx xx xx xx.
<P>
</BODY></HTML>
ADVANCED TOPICS 137
• Create a script that will act as a Web server. Put that script in /usr/local/ directory
(in AP’s filesystem).
Online.PL/APPro (Poltegor.zachod)# vi webserver.sh

#!/bin/sh
enter=`echo -e "\r"`
read request
while :
do
read header
if [ "$header" = "$enter" ] ; then
cat /usr/local/my_message.htm
exit
fi
done
• Add call to this script to inetd daemon tasks list, so it will be executed while establishing
connections on specified port (in this case: 1080).
Online.PL/APPro (Poltegor.zachod)# vi /etc/inetd.conf

1080 stream tcp nowait root /usr/local/webserver.sh webserver.sh
• Now, add execution rights to your script file.
Online.PL/APPro (Poltegor.zachod)# chmod u+x webserver.sh
• Save new settings in AP’s flash memory.
Online.PL/APPro (Poltegor.zachod)# flash save

138 ADVANCED TOPICS
• New settings will be activated after each restart of your AP device. You can also activate
new configuration without restarting the AP. You just need to restart inetd daemon. First, you
need to find pid of the daemon on process list, then stop it with kill command, and start the
process again.
Online.PL/APPro (Poltegor.zachod)# ps
PID Uid VmSize Stat Command
1 admin 364 S init
2 admin SW [keventd]
3 admin SWN [ksoftirqd_CPU0]
4 admin SW [kswapd]
5 admin SW [bdflush]
6 admin SW [kupdated]
7 admin SW [mtdblockd]
29 admin 244 S /sbin/watchdog -t 20 /dev/watchdog
474 admin 488 S -sh
476 admin 372 S /usr/sbin/crond -f
477 admin 272 S /usr/sbin/rtl8181d
478 admin 416 S /bin/sh /usr/sbin/watchdog.sh
5246 admin 284 S telnetd
5247 admin 544 S -sh
5511 admin 364 S inetd
6361 admin 220 S sleep 1140
6406 admin 404 S /bin/webs
6423 admin 332 R ps
Online.PL/APPro (Poltegor.zachod)# kill 5511
Online.PL/APPro (Poltegor.zachod)# inetd
• After restarting the inetd you should check whether your new configuration works properly.
You can do that by entering http://ap_ip_address:1080/ in your Web browser address.
You should see the following message:
No access to the Internet

The connection is blocked.
Please, contact customer support, tel xx xx xx xx xx.
• In case of any problems, check again steps described above.

• You can manually create a list of clients you want to present with the above message:
iptables -t nat -I PREROUTING -p tcp -s client.ip.address --dport 80 -j
DNAT --to ap.ip.address:1080
ADVANCED TOPICS 139
• Save the client list in /etc/firewall/nat.sh:
Online.PL/APPro (Poltegor.zachod)#vi /etc/firewall/nat.sh

# use the flash save command to save this file
# place for your rules:
iptables -t nat -I PREROUTING -p tcp -s 192.168.15.12 --dport 80 -j
DNAT --to 192.168.3.3:1080
• Remember to save edited file in device’s flash memory with the flash save command,
and to activate new configuration using the reload command.
If your AP needs more extensive configuration changes, create

/usr/local/user.sh file, which will be automatically launched during
device restart or activating its configuration. With flash save command you
can save /usr/local/user.sh file and the whole /usr/local and /etc
directories to device’s flash memory. Remember, that in the case of launching
processes with /usr/local/user.sh file you should stop processes that
are already active (that were launched in previous instance). This script has
to be created with multiple calls taken into consideration, since it is launched
not only during system start, but also every time you click on Apply
Changes button or issue the reload command.
6.3 Modifying system files

Changes made to system files (e.g. scripts that change device’s configuration) should be saved in AP’s
flash memory. In order to save the changes, you should:
• Compress selected files:

tar -zcvf /tmp/user.tgz /etc /usr/local /bin/plik1 /usr/sbin/plik2 ...
• Save the files in AP’s flash memory:

flash save-file /tmp/user.tgz
Files saved this way will be automatically restored from flash memory when AP
is restarting. Remember that erroneous configuration in one of the files could
disable your AP until you restore its default configuration.
If user space in flash memory gets occupied, flash save command becomes
unavailable (this command uses the same flash space). Of course, flash save-
config command still will be accessible. The amount of flash memory reserved
for file saving is 128 KB.
140 ADVANCED TOPICS
6.4 Disconnecting specific client station

To disable communications between your AP and another device or computer a with known MAC
address (e.g. 00111e000d4e), type the following command:
/bin/iwpriv wlan0 del_sta 00111e000d4e
6.5 Extended connection logging with syslog

With syslog module you can log large volumes of information (on a separate server) about state of
network connections. When syslog is enabled, you can avoid limitations imposed by the relatively small
memory capacity of the AP.
Entering the following commands:

ifconfig wlan0 down
/bin/iwpriv wlan0 set_mib rssi_dump=1
/bin/iwpriv wlan0 set_mib crc_log=1
ifconfig wlan0 up
will enable logging of system events.
With dmesg command you can display large amounts of information related to connection status:
[1] rssi 44% real 47 tx 11 rx 11
[2] rssi 41% real 41 tx 11 rx 11
[1] rssi 44% real 34 tx 11 rx 11
[2] rssi 41% real 38 tx 11 rx 11
first field refers to station number, next – to RSSI value, and the tx 11 with rx 11 describe current
speeds of data sending and receiving from a given station (in this case – 11 Mbit/s).
6.6 Repairing corrupted firmware with TFTP

If upgraded firmware for Ovislink 5460 device turns out to be corrupted, you still can reactivate your
Access Point with a special ‘rescue’ firmware version. To restore the firmware:
• Download a special firmware version from the following address:

http://approsoftware.com/download/rtl8186/recovery/5460recovery.bin.
• Configure your computer with Linux system to have the IP address of 192.168.1.2.
• Connect your AP directly with that computer (without any routers on the path).
• Turn off your AP.
• Push and hold the Reset button (make sure that you actually press this button!).
ADVANCED TOPICS 141
• With the Reset button pressed, turn on your AP– the Status LED should be alight.
• Keep that button pressed for another five seconds or so, until the Status LED goes out.
• Release the Reset button.
• Send new firmware to your AP with the following command:
tftp -m binary 192.168.1.6 -c put 5460recovery.bin.
• Wait while the AP saves new data to the flash memory and restarts (this could take up to
three minutes). At the end of this operation Status LED will go out, and the WLAN LED
should start blinking.
At this point your device should be accessible at its default IP address (192.168.100.252). Log on to
AP’s Web interface and continue with firmware update procedure by following the guidelines shown
on your screen.
With this procedure, you can also upgrade Ovislink 5460 to any version of APPro54G firmware. You
just need to upload it instead of ‘rescue’ firmware file.
Procedure described above must not be used in AP devices other than

Ovislink 5460. The procedure is especially not intended for Planet 4035
Access Point.
6.7 Optimizing performance

Optimizing performance in WiFi networks requires comprehensive knowledge and experience. That’s
why it’s recommended to comply with the following guidelines, and (if needed) to get more help from
an experienced WiFi network administrator.
Maximum performance in WiFi networks.

• In APPro54G standard version:
r 802.11b: 5 Mbit/s;
r 802.11b, with QoS enabled, TCP protocol: 4,5 Mbit/s;
r 802.11b, with Traffic Manager enabled, TCP protocol: 5 Mbit/s;
r 802.11g: 8 Mbit/s (TCP) and 11 Mbit/s (UDP);
r 802.11g, with QoS enabled: 4.5 Mbit/s (TCP) and 9 Mbit/s (UDP);
r 802.11g, with Traffic Manager enabled: 6 Mbit/s (TCP) and 11 Mbit/s (UDP).
• In APPro54G turbo version:

r 802.11g: 12 Mbit/s (TCP) and 23 Mbit/s (UDP)
r 802.11g, with Traffic Manager enabled: 10 Mbit/s (TCP) and 17 Mbit/s (UDP).
142 ADVANCED TOPICS
Above results were obtained in a controlled test environment and with the following features disabled:
NAT, NETBIOS Filtering, Port Filtering and Port Forwarding. Also the Quality of Service and the Traffic
Manager features were disabled unless specified otherwise.
General guidelines:
• Use only WiFi antennas from renowned manufacturers. On base stations you should install
collinear or sector antennas with the vertical polarization, and on client stations – panels
made with microstrip technology.
• When you install antennas, remember that the higher the antenna’s gain, the narrower the
vertical angle of WiFi signal radiation. This angle ranges from 3 to 30 degrees, which in
practice means that you need to install antennas on the same level, or to tilt base station’s
antenna towards the clients.
• Antennas need to “see” one another without any obstacles, and additionally ensure that
nothing stands in the way in the so called Fresnel zone. In short, this zone can be regarded
as a straight tunnel that connects the base station with its client. Depending on the distance
between these devices, the tunnel’s diameter varies from 5 to 30 meters (greater distance
means bigger diameter). The zone should be free of any trees, rooftops, chimneys, and such
like.
• The length of antennas’ cables should not exceed 3 meters, and they should be made by
renowned makers (along with installed connectors).
• Client stations should be placed at similar distances from the base station.
• If your network’s performance has a high priority, a single base station shouldn’t be connected
with more than 15 WiFi clients. This is a result of wireless transmission system’s limitations.
• When choosing a wireless channel for your network, the best one would be placed at least 3
channels from other channels occupied in your area. Never select channels adjacent to ones
that are occupied by devices that emit a strong signal.
The following settings are available on Wireless/Advanced Settings page of APPro54G Web
interface.
Recommended optimized settings for the 802.11b mode:

• Modulation: 802.11b;
• ACK Timeout: 170 to 255;
• Beacon Interval: 100 to 500;
• TX Power: 18dBm;
• Tx Rate: 11 Mbit;
• Busy channel sensing: Energy Detection;
• Long retry limit: 3;
• Short retry limit: 1;
• Preamble Type: Short.
Recommended optimized settings for the 802.11g mode:
• Modulation: 802.11g;
ADVANCED TOPICS 143

• Tx Rate: 36 or 54Mbit.
or alternatively:
• TX Rate: Auto;
• Tx Operation Rate: 36 or 54 Mbit;
• Tx Basic Rate: 36 or 54 Mbit.
and then:
• Preamble Type: Short;
• Disable G-Protection: select this option if there are no 802.11b devices in your
network. Otherwise, this option should be disabled.
Recommended optimized settings for the 802.11b/g mode

• Modulation: Both (g+b);
• TX Rate: Auto;
• Tx Operation Rate: 1, 2, 5.5, 11, 36 or 54 Mbit;
• Tx Basic Rate: 1, 2, 5.5, 11, 36 or 54 Mbit;
• Preamble Type: Short;
• Disable G-Protection: In mixed mode, this option should be disabled.
“Safe” settings recommended for networks that experience problems with correct
data transmission.
• Modulation: Both (g+b);
• Enable Packet Aggregation: disable this option;
• ACK Timeout: 255;
• Fragment Threshold: 2346;
• RTS Threshold: 2347;
• Beacon Interval: 100;
• DTIM Period: 3;
• Tx Rate: Auto;
• Tx Operation Rate: select all options;
144 ADVANCED TOPICS
• Tx Basic Rate: 1, 2, 5.5, 11;

• Preamble Type: Long;
• Disable G-Protection: disable this option.
Optimizing device’s throughput.
Some of APPro54G features can put a significant load on AP’s processor. The biggest impact on
performance comes form NAT and QoS features.
• After enabling QoS feature, remember that traffic coming out of APPro54G device should not
exceed 4 Mbit/s.
• With the Traffic Manager enabled, the maximum transmission speed comes to about
6 Mbit/s.
• Maximum bandwidth assigned to a single client with the Traffic Manager should not exceed
2 Mbit/s.
• After enabling the NAT feature, the maximum transmission speed amounts to 8 Mbit/s.
To achieve a maximum transfer in 802.11g mode, disable the following features:
• NETBIOS Filtering (Wireless/Advanced Settings page);
• Port Filtering;
• Port Forwarding;
• Quality of Service;
• Traffic Manager (all these options are found in TCP/IP section).
If you need transfer speeds higher than 10 Mbit/s, it’s recommended that you install APPro54G turbo
edition. Additionally, you should enable Traffic Manager in TCP/IP Bridge mode, and shouldn’t use
such features as NETBIOS Filtering, Port Filtering, Port Forwarding or Quality of Service.
Examples of network designs.

The page http://approsoftware.com/download/projects/ contains examples of WiFi networks
that you can build using APPro54G devices:
• a network for up to 20 users;
• a network for up to 40 users;
• a network that’s elastically upgradeable.

homepage: http://approsoftware.com/
ADVANCED TOPICS 145
6.8 Common issues in low-performance networks

If your network experiences significant delays, packet losses, performance drops, or disconnecting your
clients, you need to find the causes of such issues, and remove them (if possible). Start the
troubleshooting with the following actions:
• Check the values returned by the ping command for packets with a length of 100 bytes.
Such packets should be sent to each client without any losses and in time shorter than
5 ms.
• Try the ping command for packets that are 1300 bytes long. Also here you shouldn’t
experience any losses, and the measured time shouldn’t exceed 12 ms.
• Log on to your AP with a Telnet client and issue the command
cat /proc/wlan0/sta_info. Next, check if each client station has the proper values
for entries listed below (values below are just examples):
r tx_bytes: 266623897,
r rx_bytes: 566937573,
r tx_pkts: 484798,
r rx_pkts: 620389,
r tx_fail: 100 (this value shouldn’t exceed 0.1% of the tx_pkts value),
r rssi: 55 (this value shouldn’t be lower than 40),
r current_tx_rate: 11 (tx_rate and rx_rate values should be identical in all
devices),
r current_rx_rate: 11.
If the tests give a negative result for one of connections, the probable cause of your network’s issues is
an incorrect antenna setup or a configuration on client’s side. If improper values are found in a larger
number of clients, you need to check the antenna and the configuration of the base station.
• Familiarize yourself with the guidelines from section 6.7, and check whether you didn’t
exceed device’s maximum transfer rate in a given configuration.
• Set the “safe” configuration of a wireless interface, described in section 6.7.
• Check the effects of changing the Disable G-Protection option.
• If your problem lies in the periodical disconnection of client stations, or in signal loss that
repeats every couple of seconds, you need to disable the packet aggregation option.
• If your network suffers from large delays (indicated with high ping values), the problem may
be caused by setting too a low transfer speed in relation to client traffic. Minimum transfer
speed that ensures reasonably low delays is 5.5 Mbit/s. If the traffic exceeds bandwidth of a
given connection segment, you need to lower its volume with the Traffic Manager
feature. Adjust transfer limits until you achieve acceptable delays.
• If your network suffers from large delays and low performance, your problems may be
caused by an overloaded AP device, that has to handle excessive traffic volumes (see:
section 6.7) or too many wireless clients. In such cases you can either upgrade APPro54G
software to turbo edition, disable some of the traffic control features, or divide your traffic
between several access points.
146 ADVANCED TOPICS
• In the case of recurring losses of larger data packets, your network may suffer from
interferences originating from adjacent WiFi channels or other devices operating in the area.
If you cannot switch to another WiFi channel, or such a change doesn’t improve the
situation, check how your network operates after lowering the Fragment Threshold
parameter (on Wireless/Advanced Settings page). Suggested values are 1500, 1000,
800 and 500.
• If your problem consists of delays and data loss, but only when the network’s under high
traffic load, your problems may be caused by a hidden WiFi station. In such a case test
how your network operates after lowering the RTS Threshold parameter (on
Wireless/Advanced Settings page). Suggested values are 1500, 1000, 800 and 500.
• If the problems occur only in APC mode, ensure that you enabled MAC address masking
(APC MAC Translation option on TCP/IP Advanced Settings page).

homepage: http://approsoftware.com/
6.9 Analysis and interpretation of system log

With the event log (system log or syslog) you can analyze network’s performance and pinpoint the
causes of many malfunctions. Thanks to syslog, you can also obtain other information, e.g. about
attempts of unauthorized access to your network. Despite the fact that the syslog isn’t very advanced,
it’s supported by a large number of network devices. The following messages are the most common
ones in the event log:
• Associate to AP successfully – 00:4F:62:04:AE:86 – A client station was
successfully associated with a base station.
• A wireless client is disassociated – 00:14:A4:2D:0C:27 – A client station
disconnected from a base station.
• A STA is expired – 00:4F:62:02:07:82 – A station with a given MAC address was
regarded inactive (it found itself outside AP’s range or it switched to power-saving mode).
• A expired STA is resumed – 00:4F:62:02:07:82 – A station with a given MAC
address became active again.
• A STA is deleted by application program – 00:14:A4:2D:0C:27 – A station
was disconnected by an AP.
• ipt_unclean – [komunikat] – A packet was rejected because of invalid format, incorrect
header, etc.
• Rejected packet: IN=br0 OUT=br0 SRC=217.196.208.101 DST=62.111.156.53
SPT=1824 DPT=80 – A packet with shown parameters was rejected by the Traffic Manager
because the option Unlisted Clients Traffic is set to Deny.
• Oversized packet: IN=br0 OUT=br0 SRC=62.111.156.20 DST=62.111.156.19
SPT=56424 DPT=5432 – A packet with shown parameters was rejected because it exceeded
the maximum size of 1500 bytes.
• root login on 'ttyp0' – An administrator successfully logged on to an AP.
ADVANCED TOPICS 147
• login attempt for nonexistent user – Someone attempted to log on with an invalid
username.
• invalid password for 'admin' on 'ttyp1' – Someone attempted to log on with an
invalid password.
• Process '/usr/sbin/webs.sh' (pid 17437) exited. Scheduling it for
restart – The Web server was restarted (this is a normal behavior of an AP).
• Starting pid 21324, console /dev/null: '/usr/sbin/webs.sh' – Launching a
Web server started (this is a normal behavior of an AP).
• br0: port 1(wlan0) [komunikat] – A change of bridge’s configuration (this is a normal
behavior of an AP).
• HTB init, kernel part version 3.17 – A change of QoS configuration
(this is a normal behavior of an AP).
6.10 PPPoE settings

If you have to enable PPPoE Relay or PPPoE Client features, you need to take the following issues
into consideration:
• PPPoE Relay feature is needed only when your AP operates as a router, and it has to be
transparent to PPPoE protocol.
• To separate client and Internet network completely (on TCP/IP protocol level), and at the
same time to enable relaying PPPoE traffic, you should:
r configure your device as a router without any IP address assigned to the interface to
which the client is connected;
r enable PPPoE Relay feature;
r configure PPPoE software on a client computer.
PPPoE client integrated with APPro54G software supports hubs based on

Mikrotik system, and also the MSCHAPv2 authentication.
• To ensure proper operation of PPPoE client in APC mode, it’s recommended to disable
masking of MAC addresses.
148 TROUBLESHOOTING
7 Troubleshooting
If your AP is not operating properly, it doesn’t necessarily mean that it is defective. Often you can
resolve the problem or find its cause after you adapt just a few simple advices.
• Check your antenna. Usually a faulty antenna causes 90% of all problems with wireless
connectivity. If you use no name antennas, for testing you should replace them with some
good-quality products (recommended brands are Dipol, Interline, and Elbox) or use the
antenna provided with your AP device.
• Use network devices of similar class, if possible. Some older models, e.g. based on Atmel or
ACX 100 chipsets, will not communicate with more recent WiFi devices.
• To ensure the proper operation of a wireless connection, test it at 100% of optical visibility,
and with clean Fresnel zone (an area of radio energy propagation along the axis connecting
the transmitter with the receiver).
• Check whether the packets with a length of 1400 bytes can be transmitted. If the
transmission gets disrupted (packets are lost), usually it indicates problems with the antennas.
• Upgrade device’s firmware to the latest version of APPro54G or APlite54G (shown in red on
APPro homepage – Download section).
• Ensure that QoS and Traffic Manager are configured according to guidelines found
in section 3.10.
• Ensure that the wireless interface is configured according to guidelines found in sections 6.7
and 6.8.
7.1 How to report problems with software

Before you submit any error report, install the latest available version of the software. There’s a pretty
good chance that the problem you want to report was already spotted by other users and fixed. Also
make sure, that your problem isn’t a result of improper configuration of APPro54G or wrong
assumptions about your network. The best method to avoid some problems is to reset the AP and alter
the settings from there. If your problem persists, you need to describe it properly and submit it with an
e-mail and on our forum.
• If you’re convinced that the problem is connected with the functionality significant for all
users, make a submission on our forum: http://approsoftware.com/ and send an e-
mail with additional information to service@approsoftware.com address.
• If you think that the problem occurs only in your specific configuration, send only an e-mail
to service@approsoftware.com address.
• If you just need some help in configuring your device, start a new thread on our forum.
Before you submit your problem, create a log for tech support:
• Log on to the Web interface of APPro54G;

• Open the Other / System Settings / Technical support page;
TROUBLESHOOTING 149
• Click on Generate button;

• When the progress indicator reaches the end, re-open the Other / System Settings /
Technical support page;
• Download the file available via the get technical support link.
Tech support file contains IP and MAC addresses, as well as login and access
password to the AP device. This file shouldn’t be made available to any
third parties (e.g. via the Internet).
In the case of reporting a problem using an e-mail or online forum:
• Precisely describe the nature of your problem. Use ping and traceroute commands to obtain
additional information.
• Try to describe your network’s topology. Including some illustration would be a good idea.
• Include a file obtained with get technical support link (see: page 115).
• Add some information about AP’s configuration (include screenshots if needed).
• Include info on versions of software, AP models and antenna types (and their
manufacturers) on both ends of your connection.
Include information such as:
• IP addresses assigned to ports in your device;

• device’s operating mode (Router/Bridge/NAT);
• type of connection and how your AP is connected to the Internet;
• how you encountered the problem and what are the symptoms.
After receiving your e-mail, the authors of APPro54G software will contact you
only if they require some additional information to resolve the problem.
Received submissions are ordered and the discovered errors will be fixed
in successive editions of APPro54G. Usually, we recreate the configuration
that causes the problems. However, you need to remember that some
problems have sources that are independent from us, such as the hardware’s
performance, or errors in third-party software. In such cases fixing a problem
may not be possible
7.2 Sending the AP for service

If a malfunctioning device is under warranty and was bought in Alfanet’s store, you need to fill in the
form from http://approsoftware.com/ site, print it, and include with your AP.
150 APPENDICES
8. Appendices
A. Literature
The field of wireless networks is very broad. To make the most of a WiFi network and devices’
capabilities, you need to master some extensive knowledge. Creators of APPro54G software
recommend following resources:
Internet
• http://approsoftware.com/ – homepage of APPro54G and APLite54G software;
also contains the list of national representatives;
• http://www.dslreports.com/faq/wlan – useful information on computer networks;
• http://www.wi-fitechnology.com/ – forum dedicated to computer networks;
• http://www.linux.ie/newusers/beginners-linux-guide/ – guide for beginners in
Linux use and administration;
• http://www.ssuet.edu.pk/~amkhan/Linuxbooks/OReilly%20%20Linux_
Network_Administrator's_Guide_Second_Edition.pdf – PDF file with book
Linux – network administration guide.
Books that you need to know

• Matthew S. Gast – 802.11 Wireless Networks: The Definitive Guide;
• Rob Flickenger – Wireless Hacks 100 Industrial-Strength Tips & Tools;
• Craig Hunt – TCP/IP Network Administration;
• Aeleen Frisch – Essential System Administration Pocket Reference.
Books worth reading

• Bruce Potter, Bob Fleck – 802.11. Security;
• Andrew Lockhart – Network Security Hacks;
• Nitesh Dhanjani, Justin Clarke – Network Security Tools;
• Arnold Robbins – vi Editor. Pocket Reference.
Other useful books

• Cameron Newham, Bill Rosenblatt – Learning the Bash Shell;
• Michael D. Bauer – Linux Server Security;
• Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes – Linux Security Cookbook.
• Aeleen Frisch – Essential System Administration, Third Edition, RM 2003.
APPENDICES 151
B. CE certificate
152 APPENDICES
APPENDICES 153
154 APPENDICES
APPENDICES 155
C. New firmware versions

APPro54G software is constantly improved. Its latest versions are available on the following Web page:
http://approsoftware.com/download/rtl8186/APPRO54G Each firmware version has a file
name in the following format:
appro54g-c-dd.mm.yyyy.bin,
appro54g-s-dd.mm.yyyy.bin,
where:
• letter c indicates current software version, intended for experienced users;
• letter s indicates stable version, which is recommended for installation;
• in place of dd.mm.yyyy letters there’s date of firmware publication.
Before you install new firmware, read the CHANGELOG file, which contains information on
changes and release notes for each version of APPro54G. For a detailed description of the installation
process, see page 15.
APPro54G software contains modules available under GPL or other open

licenses. According to GPL license requirements, source code of programs
under GPL is available for download on
http://approsoftware.com/download/rtl8186/src/ Web page.
D. New versions of this Guide

Errata, supplements, and most recent versions of this Guide are available on
http://approsoftware.com/instrukcja/ Web page.
APPro will be available soon
on 5GHz devices
and outdoor devices!
Visit: http://approsoftware.com/
Cena:20z∏ ISBN-13: 978-83-924807-4-7

Appro54g Ovislink Eng 2

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Appro54g Ovislink Eng 2

Încărcat de

Drepturi de autor:

Formate disponibile

APPro54G

Software User’s Guide.

2007 © by Alfanet Sp. z o.o., Wroc∏aw

2007 © by Alfanet Sp. z o.o., Wroc∏aw

Design and DTP:

The APProSoftware.com Team.

3. Step by step: common configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

4. AP’s Web interface . . . ............................................ 88

4.3 TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

4.4 Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

4.5 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

5. Configuration using Linux console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

6. Advanced topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

C New firmware versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

D New versions of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Alfanet, SP. z o.o.

1.2 Basic modes of operation

At this time, the following versions of APPro54G are available:

WISP (wireless connection sharing)

Wireless Router (WAN connection sharing)

2.1 Starting the AP device

2.2 Accessing the Web interface

Network settings for Windows XP

Default settings of Access Point

To configure your PC’s network settings for communication with AP

Opening device’s management panel

• APPro54G management page will be shown in browser window. If your copy of

Registered users will receive messages strictly concerning APPro54

2.3 Restoring AP’s default settings

To restore default settings using AP’s Web interface:

Default settings will be written to device’s memory, but they won’t be

2.4 Changing the access password

To change APPro54G’s access password:

2.5 Confirming and activating new settings

2.6 Updating the firmware

To upgrade APPro54G software in AP device:

It is extremely important to ensure that the uploaded file contains correct

3. Step by step: common configurations

• On Wireless/Security page set the following options:

• On Wireless/Advanced Settings page set the following options:

• On TCP/IP/Basic Settings page set the following options:

• On TCP/IP/Advanced Settings page set the following options:

3.2 APC Mode

• On Wireless/Security page set the following options:

• On Wireless/Advanced Settings page set the following options:

• On TCP/IP/Basic Settings page set the following options:

• On TCP/IP/Advanced Settings page set the following options:

3.3 Bridge Master mode

• On Wireless/Security page set the following options:

• On Wireless/Advanced Settings page set the following options:

• On TCP/IP/Basic Settings page set the following options:

• On TCP/IP/Advanced Settings page set the following options:

3.4 Bridge Slave mode

• On Wireless/Basic Settings page set the following options:

• On Wireless/Security page set the following options:

• On Wireless/Advanced Settings page set the following options:

• On TCP/IP/Basic Settings page set the following options:

• On TCP/IP/Advanced Settings page set the following options:

3.5 WISP mode (wireless connection sharing)

Example of addressing scheme for computers in LAN network

• On Wireless/Security page set the following options:

• On Wireless/Advanced Settings page set the following options:

• On TCP/IP/Basic Settings page set the following options:

• On TCP/IP/Advanced Settings page set the following options: