Sveasoft Manual Alchemy Firmware by xcu16608

VIEWS: 49 PAGES: 45

More Info
									        Sveasoft Manual

       Alchemy Firmware



For the Linksys WRT54G and WRT54GS

          wireless routers
Sveasoft Firmware Guide for WRT54G         4

Hardware                                    4
  Net Diagram of the WRT54G                 4
  The GUI                                  10

Basic Configuration                        11

WAN (Internet) Supported Connections       11

Router                                     13

DHCP                                       14

Time Settings                              15

MAC Address Cloning                        17
 Cloning the MAC Address                   17
 Finding the MAC Address                   17

Advanced Routing                           19

Wireless Settings                          20

Basic Settings                             20

Security                                   21

MAC Filter                                 23

Advanced Settings                          24

WDS                                        26

WDS Quick Setup Guide                      27

Security and VPN Settings                  32

Firewall                                   32

VPN                                        33

Application and Gaming                     34

Port Range Forwarding                      34

DMZ                                        35

Administration                             36

Management                                 36

Log                                        37

Diagnostics                                38

Factory Defaults                           39

                                       2
Firmware Upgrade                       40

Status                                 41

Router Information                     41

Internet                               42

Local Network                          43

Wireless                               44
  Part 2: The Command Line Shell       45




                                   3
                        Sveasoft Firmware Guide for WRT54G

Hardware

Net Diagram of the WRT54G




(Thanks to pribeiro @net.ipl.pt) Here is a comment on the above diagram by the author:
http://www.seattlewireless.net/index.cgi/LinksysWrt54g#head-
7eb5292f6d828986548ff4e8f574eae34d47cda6 "Here goes my view of the network architecture of
the WRT54G (and other clones) A hardware switch with 5 ports, 4 are the external lan ports (1 to
4), the fifth is connected to the "router" module that has 3 ports (eth0, eth1 and eth2, in Linux
terms), eth0 made the connection to the switch module, eth1 is the WAN port that connects to the
outside world (ADSL, CABLE, etc.) and finally eth2 connect to the wireless module ... Have you
missed something ??? I hope so, if you question is "eth2 and eth0 aren't in the same layer2 lan ?",
that's the right point! eth2 and eth0 seem to be software bridged by the Linux kernel an act as a
unique L3 interface as "br0". This is a nice thing, in the future we probably can split the wireless
(eth2) and the switch (eth0) and do a better control of the traffic (iptables) between them. PS: Sorry
for my bad English! -- pribeiro @net.ipl.pt "

Note #1: the default configuration for this device is to have a bridge between the wireless
(WLAN)(eth2) and the switch (LAN)(eth0). This means the WLAN and LAN will be using the
same IP subnet and DHCP server (unless you manually change from the linux command line).

Note #2: the WAN(Wide Area Networking)(eth1) port is labelled "Internet" on the v1 and v2
WRT54G's

Four versions of the router exist: version 1.0, version 1.1, version 2.0, and WRT54GS v2.0S. The
firmware is binary compatible with the first three versions. The WRT54GS's firmware in its default
configuration is too big to fit in the EEPROM inside the earlier three versions, although Sveasoft

                                                  4
has managed to modify it to fit. More info and discussion:
http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=742




                                            5
WRT54G V1.0

  •   BCM4702 MIPS CPU
  •   BCM4306 802.11a/b/g MAC processor
  •   BCM2050 802.11b/g radio transceiver
  •   MAC processor and radio unit on separate mini-PCI card
  •   125 MHz MIPS processor
  •   4MB Flash EEPROM
  •   16MB RAM
  •   integrated 5 port Ethernet switch (4 external ports, 1 connected internally)
  •   1 external Internet/WAN port
  •   5 volt 2 amp power supply (10 watts)
  •   internal photos http://seattlewireless.net/mattw/photos/linksyswrt54g/gallery/

WRT54G V1.1

  •   BCM4702
  •   BCM4306
  •   All chips on main board
  •   125 MHz MIPS processor
  •   4MB Flash EEPROM
  •   16MB RAM
  •   integrated 5 port Ethernet switch (4 external ports, 1 connected internally)
  •   1 external Internet/WAN port
  •   12 volt 1 amp power supply (12 watts)

WRT54G V2.0

  •   BCM4702, BCM4306, BCM2050 into one chip (BCM4712)
  •   ADM6996L controller datasheet
  •   200 MHz MIPS processor
  •   4MB Flash EEPROM
  •   16MB RAM
  •   integrated 5 port Ethernet switch (4 external ports, 1 connected internally)
  •   1 external Internet/WAN port
  •   wireless lan interface eth1 - vlan0
  •   wired lan interface eth0 - vlan1
  •   onboard pinouts for serial (2 ports)
  •   LED's handled with a bitmask write to /dev/gpio
  •   12 volt 1 amp power supply (12 watts)

WRT54GS V2.0S

  •   BCM4712, Speedbooster chipset
  •   ADM6996L controller (datasheet link)
  •   200 MHz MIPS processor
  •   8MB Flash EEPROM
  •   32MB RAM
  •   integrated 5 port Ethernet switch (4 external ports, 1 connected internally)

                                                 6
•   1 external Internet/WAN port
•   Onboard pinouts for serial (2 ports)
•   12 volt 1 amp power supply (12 watts)




                                            7
Identifying the Router Model Number
There are a few ways to find your model number:


1.) via the web interface. Point your browser to

http://your.WRT54G's.ip/SysInfo.htm                    i.e. http://192.168.1.1/SysInfo.htm


You should then see something like this with hardware info at the bottom (version 1 and 1.1 may
report as 1.x, while 2.0 reports as 2.0):

Vendor:LINKSYS

ModelName:WRT54G

Firmware Version:Satori-pre3-2 v2.02.2.7sv , Mar 21 2004

#:000

Boot Version:v1.5

CodePattern:W54G

Country:US



RF Status:enabled

RF Firmware Version:Satori-pre3-2 v2.02.2.7sv

RF Domain:US (channel 1~11)

RF Channel:1

RF SSID:() XXX



-----Dynamic Information

RF Mac Address:00:0C:41:E3:XX:XX

LAN Mac Address:00:0C:41:E3:XX:XX

WAN Mac Address:00:0C:41:E3:XX:XX

Hardware Version:1.x

                                                   8
2.) look at the sticker on the bottom of the router. Be aware that the packaging box it came in may
indicate a different version. You can identify the router version based on the serial number on the
box. " http://www.dslreports.com/forum/remark,9471112mode=flat and
http://www.dslreports.com/forum/remark,9463214mode=flat state that the version 2 would also
come in a version 1.1 box." The version would be recognizable by the serial number:
CDF5XXXX is version 2
CDF4XXXX and lower are v1.1 or version 1"
CDF1XXXX is version 1

Reference:
  http://groups.yahoo.com/group/WRT54G/message/1581
(I (hkazemi) personally bought a WRT54G v2.0 and it came in a box with packaging labelled v1.1.
I also have a v1.0 and its serial number began with CDF1XXXX.)

3.) via the command line (shell) interface you can look at the results of the 'ifconfig' command. If
you see a vlan0 and vlan1 interface then you have a v2, not a v1.0/v1.1.

4.) via the command line (shell) interface you can look at the results of the 'dmesg' command. You
can look at the cpu speed and memory size information to identify whether you have a v1/v1.1, v2,
or GS.




References:
  http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=974 (Thanks to Trix who pointed out
this method!)
  http://www.dslreports.com/forum/remark,9664195mode=flat
  http://www.dslreports.com/forum/remark,9325788mode=flat?hilite=WRT54G+version
  http://www.smallnetbuilder.com/ProductOpinions-WRT54G.php



Eth interface differences between the versions: v1.0/1.1 and v2.0 'et' distinction
 http://sveasoft.com/modules/phpBB2/viewtopic.php?t=191



Power supply info references:
 http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=967
 http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=482



More detailed information is on the    Seattle Wireless WRT54g page.




                                                   9
The GUI

The Sveasoft firmware is based on various versions of Linksys firmware, and as such the GUI/web
interface is also a derivative of the standard version. Hence some of what is mentioned in the GUI
section may be very similar to what is provided in the built-in router documentation.

   •   Basic configuration information (WAN settings, IP addresses, etc.)
           !   WAN (Internet) Supported Connections: Basic configuration (WAN/Internet, IP
               addresses, etc.)
           !   Router: IP Gateway Setup
           !   DHCP: IP Allocation
           !   Time Setting: Router Time Zone
           !   DDNS: Dynamic DNS (a persistent hostname that automatically points to your
               dynamic IP)
           !   Mac Address Cloning: Configure your WRT54G to spoof your current MAC
               (required by some ISPs)
           !   Advanced Routing: Advanced Internet routing (OSPF, static routes, etc)
   •   Wireless Settings related to wireless networking (network ID, encryption, WDS, etc.)
           !   Basic Settings: Basic wireless network settings, required to operate (network ID,
               channel, etc)
           !   Security: Settings that control wireless encryption and authentication
           !   MAC Filter: Additional security settings allowing one to limit access to a few
               specific wireless cards
           !   Advanced Settings: Miscellaneous settings that govern the wireless system (antenna
               diversity, transmission power, etc)
           !   WDS: Settings that control the Wireless Distribution System, allowing you to
               connect wirelessly to other access points to extend your network footprint
   •   Security and VPN settings
           !   Firewall: Enable and configure the built in firewall
           !   VPN: Enable the VPN pass-through for different protocols
   •   Application & Gaming: Port forwarding and DMZ configuration
           !   Port Range Forwarding: Forward external ports to computers on your LAN
           !   DMZ: Make the router forward all the ports to any computer on your LAN
   •   Administration: WRT54G management (system options, firmware upgrades, etc.)
           !   Management: Enable and configure advanced features
           !   Log: Enable different logging options on the router
           !   Diagnostics: Run command shell commands
           !   Factory Defaults: Reset your router to the factory defaults
           !   Firmware Upgrade: Upgrade your router's firmware
   •   Status: Current system status (and client listings)
           !   Router: Router and Internet connection status
           !   LAN: LAN interface and DHCP status
           !   Wireless: Wireless related information such as Channel, mode, signal strength, etc.


                                                  10
                                    Basic Configuration

WAN (Internet) Supported Connections
Most users purchase the WRT54G to connect a network to the Internet, regardless of whether they
operate small (1 AP) or large (2+ AP) networks. This section discusses the steps necessary to
connect a single WRT54G to the Internet using the WAN port. ADD NOTE ABOUT LINKS TO
SETTING UP WDS OR CLIENT MODE HERE.

The Sveasoft firmware can utilize the following configurations on the WAN port (labelled
"Internet"):




   •   Automatic Configuration DHCP: this is the setting utilized by most broadband providers. If
       DHCP is selected, the WRT54G requests its configuration information from your Internet
       provider. Typically, when using DHCP, your IP address will change periodically. Consider
       using a Dynamic DNS service if you wish to be able to access your network using the same
       name, regardless of what your actual IP is.
   •   Static IP: Users who have been assigned IP addresses by their provider can enter that
       information manually by selecting this option. Users who are unsure should default to
       DHCP (which is the default factory setting), as static IP settings may cause problems with
       your connection.
   •   PPPoE (Point-to-Point Protocol over Ethernet)__1: Some providers (usually DSL
       providers) require users to connect using PPP on top of their Ethernet connection. If your
       provider requires this combination, you must select this option.
   •   PPTP (Point-to-Point Tunnelling Protocol)__2: PPTP allows users to tunnel their
       information securely to a remote destination. This configuration is not typically required by
       an Internet provider, although some providers utilize PPTP connections to provide power
       users with "public IP" addresses. Unless your provider has specifically mentioned this
       service or you are a power user (who isn't likely to read this document), it is safe to ignore
       this option.

                                                11
   •   Heart Beat Signal (Australian ISP, Telstra Bigpond's Login tool)__3

These types can be selected from the drop-down menu next to Internet Connection. The information
required and available features will differ depending on what kind of connection type you select.
Some descriptions of this information are included here:

Internet IP Address and Subnet Mask - This is the Router's IP Address and Subnet Mask as seen
by external users on the Internet (including your ISP). If your Internet connection requires a static
IP address, then your ISP will provide you with a Static IP Address and Subnet Mask.

Default Gateway - Your ISP will provide you with the Gateway IP Address.

User Name and Password - Enter the User Name and Password you use when logging onto your
ISP through a PPPoE, PPTP or Heartbeat Signal connection.

Connect on Demand - You can configure the Router to disconnect your Internet connection after a
specified period of inactivity (Max Idle Time). If your Internet connection has been terminated due
to inactivity, Connect on Demand enables the Router to automatically re-establish your connection
as soon as you attempt to access the Internet again. If you wish to activate Connect on Demand,
click the radio button. If you want your Internet connection to remain active at all times, enter 0 in
the Max Idle Time field. Otherwise, enter the number of minutes you want to have elapsed before
your Internet connection terminates.

MTU - MTU specifies the largest packet size permitted for Internet transmission. Keep the default
setting, Auto, to have the Router select the best MTU for your Internet connection. To specify a
MTU size, select Manual, and enter the value desired (default is 1400). You should leave this value
in the 1200 to 1500 range. (Typical MTU Settings are ADSL = 1492, Ethernet = 1500)

Keep Alive Option - This option keeps you connected to the Internet indefinitely, even when your
connection sits idle. To use this option, click the radio button next to Keep Alive. The default
Redial Period is 30 seconds (in other words, the Router will check the Internet connection every 30
seconds).

Note 1 For More Information regarding PPP can be found Here

Note 2 For more information regarding PPTP Can be found Here

Note 3 Heart Beat Server: The Australian ISP, Bigpond requires a heartbeat packet to be accepted
from an ISP owned server to maintain the connection. The IP address of this server must be entered
here. Please see the Bigpond Setup page to find out which IP address to use.

2 pages link to SV-Setup-Internet:

   •   SV-Guide
   •   SV-QuickSetupGuide




                                                  12
Router




  •   IP Address - This is the Router IP Address as seen on the internal LAN. The default value
      is 192.168.1.1.
  •   Subnet Mask - This is the Router Subnet Mask as seen on the internal LAN. The default
      value is 255.255.255.0.
  •   Gateway - This is the IP address of the LAN gateway.




                                              13
DHCP




DHCP Server 1 - Select Enable or if you already have a DHCP server on your network or you do
not want a DHCP server, then select Disable.

Starting IP Address - Enter a numerical value for the DHCP server to start with when issuing IP
addresses. Do not start with 192.168.1.1 (the IP address of the Router).

Maximum Number of DHCP Users - Enter the maximum number of PCs that you want the
DHCP server to assign IP addresses to. The absolute maximum is 253--possible if 192.168.1.2 is
your starting IP address.

Client Lease Time - The Client Lease Time is the amount of time a network user will be allowed
connection to the Router with their current dynamic IP address. Enter the amount of time, in
minutes, that the user will be "leased" this dynamic IP address.

Static DNS 1-3 - The Domain Name System (DNS)2 is how the Internet translates domain or
website names into Internet addresses or URLs. Your ISP will provide you with at least one DNS
Server IP Address. If you wish to utilize another, enter that IP Address in one of these fields. You
can enter up to three DNS Server IP Addresses here. The Router will utilize these for quicker access
to functioning DNS servers.

WINS - The Windows Internet Naming Service (WINS) manages each PC's interaction with the
Internet. If you use a WINS server, enter that server's IP Address here. Otherwise, leave this blank.

Note 1 - The DHCP server can be turned off from Administration->Management->DHCPd
Note 2 - The DNS server can be turned off from Administration->Management->DNSMasq




                                                 14
Time Settings




Select the time zone for your location. If your location experiences daylight savings, leave the
checkmark in the box next to Automatically adjust clock for daylight saving changes.

It should be noted that the WRT54G does not have a real time clock instead current time is
determined via NTP.1



Note 1 - The NTP server can be turned off from Administration->Management->NTP




                                                 15
DDNS




DDNS -- Assigns a fixed host and domain name to a dynamic Internet IP address. It is useful when
you are hosting your own website, FTP server, or other server behind the Router. Before using this
feature, you need to sign up for DDNS service at www.dyndns.org, a DDNS service provider.

DDNS Service

To disable DDNS Service, keep the default setting, Disable. To enable DDNS Service, follow these
instructions:

   1. Sign up for DDNS service at www.dyndns.org, and write down your User Name, Password,
      and Host Name information.
   2. On the DDNS screen, select Enable.
   3. Complete the User Name, Password, and Host Name fields.
   4. Click the Save Settings button to save your changes. Click the Cancel Changes button to
      cancel unsaved changes.

Internet IP Address - The Router current Internet IP Address is displayed here.

Status - The status of the DDNS service connection is displayed here.




                                                16
MAC Address Cloning




Cloning the MAC Address

To clone your network adapter's MAC address onto the Router and avoid calling your ISP to
change the registered MAC address, follow these instructions:

   1. Select Enable.
   2. Enter your adapter's MAC address in the MAC Address field.
   3. Click the Save Settings button.

Note: To disable MAC address cloning, keep the default setting, Disable.

Finding the MAC Address

MAC address is a 12-digit code assigned to a unique piece of hardware for identification. Some
ISPs require that you register the MAC address of your network card/adapter, which was connected
to your cable or DSL modem during installation. If your ISP requires MAC address registration,
find your adapter's MAC address by following the instructions for your PC's operating system.

Windows 98/Millennium:

   1.   Click the Start button, and select Run.
   2.   Type winipcfg in the field provided, and press the OK key.
   3.   Select the Ethernet adapter you are using.
   4.   Click More Info.
   5.   Write down your adapter's MAC address.

Windows 2000/XP:

   1.   Click the Start button, and select Run.
   2.   Type cmd in the field provided, and press the OK key.
   3.   At the command prompt, run ipconfig /all, and look at your adapter's physical address.
   4.   Write down your adapter's MAC address.

Mac OS X:

   1. Load System Preferences
   2. Select the Network pane
   3. On the top combo box named "Show" select "Built-in Ethernet"
                                                 17
4. Select the Ethernet tab and you should see a field called "Ethernet ID" followed by your
   adapter's physical address.




                                            18
Advanced Routing




                   19
                                     Wireless Settings

Basic Settings




   •   Wireless Mode - (Client/Access Point1/Adhoc) Router acts as a communication hub for
       users of a wireless device to connect to a wired LAN. Client mode: This mode is used when
       we want the WRT54G to be connected to an AP (Access Point) like a client device (i.e.
       emulate a PCMCIA card or a PCI card). In this mode you cannot connect to the WRT54G
       that is in client mode using another wireless client device. Also, you may have only one
       Ethernet device connected on the Ethernet LAN ports (although this single Ethernet device
       could be a second WRT54G in AP mode. AP mode: This is the default mode. It acts like a
       half-duplex HUB in the wired networks. Ad-Hoc mode: to be added later...
   •   Network Mode - Select one of the following values according to the type of wireless clients
       that will be connecting to your network:
           o   Mixed (Default value): If you have Wireless-G and 802.11b devices in your network
           o   G-Only: If you have only Wireless-G devices
           o   B-Only: If you would like to limit your network to only 802.11b devices (The G-
               clients still can connect)
           o Disabled: If you want to disable wireless networking
   •   Wireless Network Name SSID - The SSID is the network name shared among all devices
       in a wireless network. The SSID must be identical for all devices in the wireless network. It
       is case-sensitive and must not exceed 32 alphanumeric characters, which may be any
       keyboard character. Make sure this setting is the same for all devices in your wireless
       network. For added security, Linksys recommends that you change the default SSID
       (linksys) to a unique name of your choice.
   •   Wireless Channel - Select the appropriate channel from the list provided to correspond with
       your network settings, between 1 and 14). All devices in your wireless network must use the
       same channel in order to function correctly.
   •   Wireless SSID Broadcast - When wireless clients survey the local area for wireless
       networks to associate with, they will detect the SSID broadcast by the Router. To broadcast
       the Router SSID, keep the default setting, Enable. If you do not want to broadcast the Router
       SSID, then select Disable. It is recommended to disable it due to security, but if it disabled
       some "stupid" devices cannot connect.

Note 1AP


                                                20
Security




The router supports four different types of security settings for your network. Wi-Fi Protected
Access (WPA) Pre-Shared key, WPA Remote Access Dial In User Service (RADIUS), RADIUS,
and Wire Equivalence Protection (WEP).

Wireless Security in a Nutshell
The Sveasoft WRT54G firmware includes support for several different wireless encryption
schemes. Your choice will depend on the modernity of your client hardware and software, and your
concern about security and/or the easy ability to allow roaming access.

WEP is the oldest and best supported "wireline" encryption available for 802.11b/g. Unfortunately,
WEP is hideously insecure. Unless you change keys very frequently, it can be cracked quickly.
However, many older 802.11 cards don't support anything but WEP. If this applies to you, you can
buy a new card to use WEP. For a discussion about some WPA-upgradeable cards, see
http://wifinetnews.com/archives/002875.html. ADD NOTE ABOUT WEP RADIUS SUPPORT
HERE?

WPA (pre-shared key and RADIUS) are newer attempts to secure wireless communication. Many
new cards support this encryption, and it is generally considered to be a step up from WEP,
although it is still susceptible to some forms of attack. WPA also adds support for more
sophisticated, RADIUS-based, authentication, although it is unlikely that many home users will
spend the time to configure the software necessary to support it. See
http://www.hackfaq.org/wireless-networks/wpa-wi-fi-protected-access.shtml for more discussion.

Because your Internet traffic is transmitted to anyone within range who cares to listen, it is always a
better idea to use application-level encryption when communicating sensitive data (SSL, SSH, etc).
Also remember, the more security you add, the harder time your authorized visiting users will have
configuring it.




                                                  21
Available wireless encryption schemes
  •   WPA Pre-Shared Key - There are two encryption options for WPA Pre-Shared Key, TKIP
      and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger
      encryption method and incorporates Message Integrity Code (MIC) to provide protection
      against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric
      128-Bit block data encryption. To use WPA Pre-Shared Key, enter a password in the WPA
      Shared Key field between 8 and 63 characters long. You may also enter a Group Key
      Renewal Interval time between 0 and 99,999 seconds.
  •   WPA RADIUS - WPA RADIUS uses an external RADIUS server to perform user
      authentication. To use WPA RADIUS, enter the IP address of the RADIUS server, the
      RADIUS Port (default is 1812) and the shared secret from the RADIUS server.
  •   RADIUS: RADIUS utilizes either a RADIUS server for authentication or WEP for data
      encryption. To utilize RADIUS, enter the IP address of the RADIUS server and its shared
      secret. Select the desired encryption bit (64 or 128) for WEP and enter either a passphrase or
      a manual WEP key.
  •   WEP: There are two levels of WEP encryption, 64-bit and 128-bit. The higher the
      encryption bit, the more secure your network, however, speed is sacrificed at higher bit
      levels. To utilize WEP, select the desired encryption bit, and enter a passphrase or a WEP
      key in hexadecimal format.




                                                22
MAC Filter




The Wireless MAC Filters feature allows you to control which wireless-equipped PCs may or may
not communicate with the Router's depending on their MAC addresses. To disable the Wireless
MAC Filters feature, keep the default setting, Disable. To set up a filter, click Enable, and follow
these instructions:

   1. If you want to block specific wireless-equipped PCs from communicating with the Router,
      then keep the default setting, Prevent PCs listed from accessing the wireless network. If you
      want to allow specific wireless-equipped PCs to communicate with the Router, then click
      the radio button next to Permit only PCs listed to access the wireless network.
   2. Click the Edit MAC Filter List button. Enter the appropriate MAC addresses into the MAC
      fields.
   3. Click the Save Settings button to save your changes. Click the Cancel Changes button to
      cancel your unsaved changes. Click the Close button to return to the Advanced Wireless
      screen without saving changes.

Note: For each MAC field, the MAC address should be entered in this format: xxxxxxxxxxxx (the
x's represent the actual characters of the MAC address).

Note: For information on how to find your interface's MAC address, see the Mac Address Cloning
page.




                                                 23
Advanced Settings




  •   Authentication Type - The default is set to Auto, which allows either Open System or
      Shared Key authentication to be used. For Open System authentication, the sender and the
      recipient do NOT use a WEP key for authentication. For Shared Key authentication, the
      sender and recipient use a WEP key for authentication. If you want to use only Shared Key
      authentication, then select Shared Key.
  •   Basic Rate - The default value is set to Default. Depending on the wireless mode you have
      selected, a default set of supported data rates will be selected. The default setting will ensure
      maximum compatibility with all devices. You may also choose to enable all data rates by
      selecting ALL. For compatibility with older Wireless-B devices, select 1-2Mbps.
  •   Transmission Rate - The default setting is Auto. The range is from 1 to 54Mbps. The rate
      of data transmission should be set depending on the speed of your wireless network. You
      can select from a range of transmission speeds, or keep the default setting, Auto, to have the
      Router automatically use the fastest possible data rate and enable the Auto-Fallback feature.
      Auto-Fallback will negotiate the best possible connection speed between the Router and a
      wireless client.
  •   CTS Protection Mode - The default value is set to Disabled. When set to Auto, a protection
      mechanism will ensure that your Wireless-B devices will connect to the Wireless-G Router
      when many Wireless-G devices are present. However, performance of your Wireless-G
      devices may be decreased.
  •   Beacon Interval - The default value is 100. Enter a value between 1 and 65,535
      milliseconds. The Beacon Interval value indicates the frequency interval of the beacon. A
      beacon is a packet broadcast by the Router to synchronize the wireless network.
  •   DTIM Interval - The default value is 1. This value, between 1 and 255 milliseconds,
      indicates the interval of the Delivery Traffic Indication Message (DTIM). A DTIM field is a
      countdown field informing clients of the next window for listening to broadcast and
      multicast messages. When the Router has buffered broadcast or multicast messages for


                                                 24
    associated clients, it sends the next DTIM with a DTIM Interval value. Its clients hear the
    beacons and awaken to receive the broadcast and multicast messages.
•   Fragmentation Threshold - This value should remain at its default setting of 2346. The
    range is 256-2346 bytes. It specifies the maximum size for a packet before data is
    fragmented into multiple packets. If you experience a high packet error rate, you may
    slightly increase the Fragmentation Threshold. Setting the Fragmentation Threshold too low
    may result in poor network performance. Only minor modifications of this value are
    recommended.
•   RTS Threshold - This value should remain at its default setting of 2347. The range is 0-
    2347 bytes. Should you encounter inconsistent data flow, only minor modifications are
    recommended. If a network packet is smaller than the preset RTS threshold size, the
    RTS/CTS mechanism will not be enabled. The Router sends Request to Send (RTS) frames
    to a particular receiving station and negotiates the sending of a data frame. After receiving
    an RTS, the wireless station responds with a Clear to Send (CTS) frame to acknowledge the
    right to begin transmission.
•   TX Antenna - Transmit via which Antenna (Auto / Left / Right)
•   RX Antenna - Receive via which Antenna (Auto / Left / Right)
•   Xmit Power - Expressed as Milliwatts, Default being 28, maximum being 84. Some have
    reported that running Transmission power @ 84mw will put undue strain on the router,
    and/or degrade everyday traffic. Others report no problems at 84 mw. Consensus
    recommendation is somewhere ~48-64mw, your mileage will vary.




                                             25
WDS




 •    WDS_Link #x - This is only to identify your WDS link. The wds0.2 virtual interface is
      WDS Link #1, the wds0.3 virtual interface is WDS Link #2 and so on...
 •    Mac_Address - This is where you enter the MAC address of the router's wireless interface
      that you are connecting to. This can be found either through the WEB interface (admin -->
      STATUS --> Wireless) or by incrementing the last digit of the MAC which is located
      bottom of the router by 2 (in HEX).
 •    IP_Address - This setting is to configure the ip address for the WDS interface itself. It is
      recommended to use a different subnet than your local network.
 •    Subnet_Mask - This is the WDS interface netmask for the above ip configuration. The
      value should be 255.255.255.252, other values have caused issues with WDS setup. In
      particular, do not use the same subnet mask as your local network if you are putting your
      WDS IP addresses in a subset of the subnet of your local network (i.e. If your LAN is
      network 10.0.0.x/mask 255.255.255.0 don't use 10.0.0.15, 10.0.0.16, and mask
      255.255.255.0 for WDS. 10.0.0.15, 10.0.0.16 with mask 255.255.255.252 appeared to work
      in preliminary testing. If you follow the recommendation not to put your WDS and local
      network within the same subnet, then this note shouldn't even apply to you.)
 •    Default_Gateway - The Default gateway is the machine that you want as the gateway
      between the local network (LAN) and the other networks (WAN). This is the default route
      when packets that are not destined for the local network will be sent down for further
      processing and delivery. It may be left as 0.0.0.0 ('blank) for basic WDS setups.


                                               26
WDS Quick Setup Guide
This guide is intended for those who are looking for simple step by step instructions on how to set
up WDS using SVEASOFT firmware.

This guide should work on Satori-4 firmware and Alchemy Pre3-5 (to include Wolf’s Beta Builds
w25 and above) on WRT54G (all versions) and WRT54GS (all versions) Linksys routers.

This guide is for a simple WDS network. Its intent is to get you up and running with at least 2
WRT’s with standard equipment. This guide does not include steps for client mode or any
advanced routing protocols. This guide does not include instructions on how to flash firmware
versions to your WRT(s).

This guide assumes that your internet connection is not IP addressed in the 192.168.1.X/24 range.
If it is, notes are included on what to do.

The following scenario should match most users’ simple network. This scenario creates a WDS
link between two WRTs. Sorry, no screen shots.

Note: the following terms are synonymous – AP, router and WRT

INTRUCTIONS:

WRT1 is connected to the internet and WRT2 is your WDS connected AP.

Set each router back to factory defaults and flash to Satori-4, Alchemy Pre3_5 or Wolf’s Beta
Builds then set to factory defaults again.

Next:

   1. On WRT1 configure your WAN port to work with your internet modem. This is under
      (Basic -> Internet Setup).

   2. On WRT1 set your LAN (Basic -> Network Setup) settings to 192.168.1.1 with subnet
      mask as 255.255.255.0. You don't need to worry about a default gateway.

   Note: If your internet modem gives out address in the 192.168.1.X range then use 192.168.2.1
   for your LAN settings and DHCP settings.

   3. On WRT1 setup DHCP

   4. On WRT1 go to Status -> Wireless and write down that MAC address.

   5. On WRT2 go to Basic -> Internet Setup and disable it.

   Note: If you are using Satori-4 leave the Basic -> Internet Setup to its default (Automatic
   Configuration-DHCP) as the disable feature was added in Alchemy. Since you are not using
   the WAN port it really doesn’t matter anyway.



                                                 27
   6. On WRT2 go to Basic -> Network Setup and address it 192.168.1.2 with the subnet mask
      as 255.255.255.0 and the default gateway as 192.168.1.1 and disable DHCP

   Note: If the note for step 2 applies then address 192.168.2.2 with the gateway as 192.168.2.1
   and still disable DHCP.

   7. On WRT2 go to Status -> Wireless and write down that MAC address.

   8. At this point you have the wired WAN and LAN setup on WRT1 and the LAN setup on
      WRT2. Now let’s work on the Wireless...

   9. On WRT1 go to Wireless and set the wireless channel and SSID to what ever you want (for
      this scenario I will use channel 1 with an SSID of WRT1)

   10. On WRT1 go to Wireless -> WDS and disable Lazy WDS (should already be disabled) and
       choose LAN on the first WDS line and put in the MAC address of WRT2 that you obtained
       from step 7.

   11. On WRT2 go to Wireless and set the wireless channel to the same channel as WRT1 (in this
       scenario it is channel 1) and the SSID to what ever you want (for this scenario I will set the
       SSID as WRT2)

   12. On WRT2 go to Wireless -> WDS and disable Lazy WDS (should already be disabled) and
       choose LAN on the first WDS line and put in the MAC address of WRT1 that you obtained
       from step 4.


At this point WDS should be working. You can associate a wireless client to SSID WRT2 and test
connectivity to the internet.

Additional Notes:

I normally setup WDS with the WRTs a few feet apart as to keep my running back and forth to a
minimum. That is why I like to use a different SSID on the WDS connected AP. This way I know
I am associated with the correct WRT.

If it is not working you can keep the client associated with SSID WRT2 but wire (CAT5) a LAN
port (not the WAN) from the WRT2 to a LAN port on WRT1. If all your settings (not WDS just
regular TCP/IP settings on Basic -> Internet and Basic -> Network) are correct your associated
client should connect through to the internet. If the wired connection (CAT5) does not work then
troubleshoot your IP settings not WDS.

If it does work then you can work on adding other features such as MAC filtering, WEP, power
boost, etc. You can even use the same SSID. There are a few threads in the SVEASOFT forums on
how to increase the speed of your WDS link. At a minimum I would use Frameburst on both APs.

You can use the free “Windows Client/Server Bandwidth Tester” tool to test your speeds across the
link. It is available at: www.mikrotik.com/download.html (It’s towards the bottom of the page.)


                                                28
This guide should get you familiar with the basics and help you understand WDS. Once you get the
basics down there are many advanced features to learn and try. GOOD LUCK!

Final Note: If there are any changes or errors in this document, please let me know and so I can
keep it as up to date as possible.




                                                29
Router #1 (Internet Connection)

LAN IP: 192.168.1.1

LAN MASK: 255.255.255.0

LAN Gateway: 192.168.1.1



LAN DHCP enabled starting with 192.168.1.11 and issuing 90 ip's



WDS IP: 10.0.0.1

WDS MASK: 255.255.255.252

WDS MAC: Enter the WIRELESS MAC address of router #2 (Status/Wireless
Subtab)



Router #2 (No WAN Connection - LAN and Wireless Only)

LAN IP: 192.168.1.101

LAN MASK: 255.255.255.0

LAN Gateway: 192.168.1.1



LAN DHCP enabled starting with 192.168.1.111 and issuing 90 ip's



WDS IP: 10.0.0.2

WDS MASK: 255.255.255.252

WDS MAC: Enter the WIRELESS MAC address of router #1 (Status/Wireless
Subtab)




                                   30
Q. Does WDS have a lot of overhead and reduce bandwidth?
A. Sveasoft wrote:
WDS will halve the throughput as it needs to double transmit the data. 802.11b/g are half duplex
which means only one side is transmitting at a time. WDS means double transmissions must take
place and effectively halves the bandwidth.

hkazemi wrote:
This should be true for wireless client PCs connected wirelessly to the second WRT54G. Client PCs
connected directly via wired ethernet to the second WRT54G shouldn't see the bandwidth cut in
half.
Reference: http://sveasoft.cyberemail.org/forum/viewtopic.php?t=83



Q. Can I run my WDS links on different subnets in Satori pre3.3?
A. Yes...via the shell in pre3.3, probably via the WDS tab in pre3.4 or so:

If you want separate subnets in Satori-pre3.3 for your WDS links please
add them in the rc_startup script.



Code:

wl wds none

wl wds [MAC 1] [MAC 2] (etc)

ip addr [IP 1]/[netmask] dev wds0.2

ip addr [IP 2]/[netmask] dev wds0.3

             ... etc ...



You will still be able to see the WDS strength in the web interface.



You may also want to add "wl wds none" in your rc_shutdown script.

Reference:    http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=1026



References:
 http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=789
 http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=756

                                                 31
                              Security and VPN Settings

Firewall




  •   Firewall - Enable / Disable
  •   Block Anonymous Internet Requests - By enabling the Block WAN Request feature, you
      can prevent your network from being "pinged," or detected, by other Internet users. The
      Block WAN Request feature also reinforces your network security by hiding your network
      ports. Both functions of the Block WAN Request feature make it more difficult for outside
      users to work their way into your network. This feature is enabled by default. Select Disable
      to disable this feature.




                                               32
VPN




 •    IPSec - Internet Protocol Security (IPSec) is a suite of protocols used to implement secure
      exchange of packets at the IP layer. To allow IPSec tunnels to pass through the Router,
      IPSec Pass-Through is enabled by default. To disable IPSec Pass-Through, uncheck the box
      next to IPSec.
 •    PPTP - Point-to-Point Tunnelling Protocol is the method used to enable VPN sessions to a
      Windows NT 4.0 or 2000 server. To allow PPTP tunnels to pass through the Router, PPTP
      Pass-Through is enabled by default. To disable PPTP Pass-Through, uncheck the box next
      to PPTP.
 •    L2TP - Short for Layer Two (2) Tunnelling Protocol, an extension to the PPP protocol that
      enables ISPs to operate Virtual Private Networks (VPNs). L2TP merges the best features of
      two other tunnelling protocols: PPTP from Microsoft and L2F from Cisco Systems. Like
      PPTP, L2TP requires that the ISP's routers support the protocol




                                              33
                                  Application and Gaming

Port Range Forwarding




The Port Range Forwarding screen sets up public services on your network, such as web servers, ftp
servers, e-mail servers, or other specialized Internet applications. (Specialized Internet applications
are any applications that use Internet access to perform functions such as videoconferencing or
online gaming. Some Internet applications may not require any forwarding.)

When users send this type of request to your network via the Internet, the Router will forward those
requests to the appropriate PC. Any PC whose port is being forwarded to must have a static IP
address, either by having its DHCP client function disabled, or by having a static DHCP entry
defined (see DHCPd for help on this). Using a dynamic IP address is not recommended, as its IP
may change.

   •   Customized Applications - Enter the name of the public service or other Internet application
       in the field provided.
   •   External Port- Enter the numbers of the External Ports (the port numbers seen by users on
       the Internet).
   •   TCP/UDP Protocol
   •   IP Address - Enter the FULL IP Address of the PC running the application.
   •   Enable - Click the Enable checkbox to enable port forwarding for the application.




                                                  34
DMZ




The DMZ hosting feature allows one local user to be exposed to the Internet for use of a special-
purpose service such as Internet gaming or videoconferencing. DMZ hosting forwards all the ports
at the same time to one PC. The Port Forwarding feature is more secure because it only opens the
ports you want to have opened, while DMZ hosting opens all the ports of one computer, exposing
the computer so the Internet can see it.

Any PC whose port is being forwarded must have its DHCP client function disabled and should
have a new static IP address assigned to it because its IP address may change when using the DHCP
function.




                                                35
                                        Administration

Management




   •   Router Password - Change the password used to administer the router
   •   Bandwidth Management - Enable and configure Bandwidth Management
   •   Boot Wait - Enable or disable the boot wait feature
   •   Cron - Enable and configure the cron daemon
   •   DHCPd - Enable or disable the DHCP daemon and set static DHCP entries
   •   DNS Masq - Enable or disable the DNS server
   •   Firewall - Enable or disable the system's firewall
   •   NAS
   •   NTP Client - Enable or disable the NTP daemon
   •   PPP
   •   PPTP - Enable and configure the built in PPTP server
   •   Reset Button - Enable or disable the Reset Button daemon
   •   Routing - Configure advanced routing options
   •   SSHD - Enable and configure SSH access to the router
   •   Syslogd - Enable the syslog daemon
   •   Telnet - Enable or disable telnet access to the router
   •   Tftpd - Enable or disable the tftp daemon used to upload new firmware images
   •   UPnP - Enable or disable the UPnP features on the router

"The Enable/Disable flags under Administration->Management are designed to be the "master
switches" in the system. If you disable anything here it is disabled everywhere." The following was
made in regards to the Satori pre3.3 and earlier builds. It may have been implemented in later
builds. "I will be moving the few odd parameter settings out of the Enable/Disable area so they will
be pure, system-wide off/on settings for the major services." Quoted from Sveasoft on March 28,
2004. Reference: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=1033




                                                 36
Log




  •   Log - The Router can keep logs of all incoming or outgoing traffic for your Internet
      connection. To keep activity logs, select Enable. To see a temporary log of the Router's most
      recent incoming traffic, click the Incoming Access Log button. To see a temporary log of
      the Router's most recent outgoing traffic, click the Outgoing Access Log button.




                                               37
Diagnostics




  •   Command Shell Parameters - Click Run to Execute a Script or Busy Box Command




                                          38
Factory Defaults




  •   Restore Factory Defaults - Click the Yes button to reset all configuration settings to their
      default values, and then click the Save Settings button. Note: Any settings you have saved
      will be lost when the default settings are restored. This feature is disabled by default.




                                                39
Firmware Upgrade




You should not upgrade the firmware via Wireless. You could break your box.
Click Browse, select the binary (.bin), click OK, and then upload.
Wait, and DO NOT unplug, or turn off the router.




                                              40
                                           Status

Router Information




  •   Firmware Version - The version number of the firmware currently installed is displayed
      here.
  •   Current Time - The current date and time are displayed here (See NTP)
  •   Router Name
  •   Host Name - The Host Name is the name of the Router. This entry is necessary for some
      ISPs.
  •   Domain Name - The Domain Name is the name of the Router's domain. This entry is
      necessary for some ISPs.




                                              41
Internet




  •   Login Type - The current Internet connection type is displayed here.
  •   IP Address - Internet IP Address
  •   Subnet Mask - Internet Subnet Mask
  •   Default Gateway - Default Internet Gateway
  •   DNS 1, 2, 3 - IP Addresses currently used by the Router are shown here. Multiple DNS IP
      settings are common. In most cases, the first available DNS entry is used.




                                             42
Local Network




  •   MAC Address - The MAC Address of the LAN interface is displayed here.
  •   IP Address and Subnet Mask - The current IP Address and Subnet Mask of the Router, as
      seen by users on your local area network (LAN), are displayed here.
  •   DHCP Server - The status of the Router's DHCP server function is displayed here.




                                             43
Wireless




  •   MAC Address - The MAC Address of the wireless interface is displayed here.
  •   Mode - The Mode of the wireless network is displayed here.
  •   SSID - The SSID of the wireless network is displayed here.
  •   DHCP - The status of the Router's DHCP server function is displayed here.
  •   Channel - The Channel of the wireless network is displayed here.
  •   Encryption Function - The status of the WEP encryption is displayed here.
  •   Clients - Mac address and Signal Strength of Wireless Clients
  •   WDS Signal - Mac Address and Signal Strength of WDS Clients




                                             44
Part 2: The Command Line Shell

The Sveasoft firmware makes it easy to access your router from a command line shell interface over
Telnet, SSH, or even through the web-shell command submission form. If you are interested in
using more advanced features and capabilities of your router, or want troubleshoot some problems
the web GUI can't help you with, or just plain and simple like using the shell, this section will
interest you. As this router runs Linux, the shell is a Linux shell and will respond to Linux shell
commands...i.e. 'ls' instead of 'dir', 'ifconfig' instead of 'ipconfig /all', etc.

   •   Shell Documentation




                                                45

								
To top