From wiliGear wiki

Contents 1 WILI-AP-PRO Access 2 General Skin Use 2.1 Refresh 2.2 Submit 2.3 Save 2.4 Reboot 2.5 Logout 3 Web Statistics 3.1 System Information 3.2 Interfaces 3.3 Wireless Statistics 3.3.1 Peers Pop-Up Window 3.3.2 Peer Stats Pop-Up Window 3.4 Routes 3.5 ARP Table 4 System Configuration 4.1 Administrative Account 4.2 License 4.3 Skins 4.4 Management 4.4.1 Clock/NTP 4.4.2 RCMS 4.4.3 Instant Settings 4.5 Maintenance 5 Network Configuration 5.1 Bridge Mode 5.2 Router Mode 5.3 Advanced Mode 5.4 Network Interfaces 5.4.1 Network Settings 5.4.2 IP Aliases 5.5 Bridges 5.5.1 Bridge Creation 5.5.2 Bridge Editing 5.6 VLAN 5.6.1 Creating a VLAN 5.7 DNS 5.8 Routes 5.8.1 Static Routes 5.8.2 Dynamic Routing 5.9 Firewall Rules 5.9.1 Port Forwarding 5.9.2 DMZ 6 Radio Settings 7 Wireless Settings 7.1 Wireless Interfaces 7.2 Virtual Radios 7.3 Wireless Settings 8 Wireless Security 8.1 Authentication 8.2 Access Control 9 Expert Mode - Configuration File Management 9.1 Edit Configuration 10 Services 10.1 Wireless Client Statistics 10.2 SSH 10.3 Syslog 10.4 HTTP 11 Tools 11.1 Site Survey 11.2 Antenna Alignment 11.3 Traffic Generator 11.3.1 Rates Test 11.3.2 ACK Timeout Test 11.3.3 Throughput Test

WILI-AP-PRO Access

The device requests an IP address via DHCP by default. If no response is received from the DHCP server then the access point uses the default address 192.168.2.66. If your network has a DHCP server, the IP address will be automatically assigned to the AP from DHCP server IP address range. Use WILIBOX Java utility WILI Discovery (integrated in the WILI Scout utility) to locate the access point on the network and view its IP address. After the IP address of the WILI AP was determinated enter that IP address into a web browser on a computer on the same subnet to login into the WILI AP web management.

Default administrator logon settings are: User Name: admin Password: admin01

After successful administrator login you will see the main page of the WILI AP device Web management interface. The WILI AP device now is ready for configuration. For instructions on changing the administrator’s password refer to the corresponding section Administrative Account.

General Skin Use

Refresh

Statistics pages or other pages that may change frequently and do not have any configurable items may have a Refresh button available which when clicked refreshes the information on the page.

For Instance, the Wireless Statistics page changes frequently, so refreshing the page often may be beneficial.

Submit

Configuration pages contain a page-wide submit button at the top of the screen that submits all changes made on a single page to a temporary configuration cache. In previous versions, it may have been necessary to click a Change button in multiple sections on the page. This is no longer necessary.

The Submit button does not save the configuration permanently, only temporary. Once the Submit button is pressed, the SAVE button must also be pressed to save the configuration to the device.

It is OK to edit multiple consecutive pages using the Submit button before clicking the SAVE button.

Save

Whenever a Submit button has been clicked on any page, the message “This config contains unsaved changes, click to SAVE” appears in the header of the web page. The SAVE button is clickable. By clicking save, all temporary changes made by clicking Submit will be applied to the actual configuration of the device. No changes will be made unless the SAVE button is clicked.

Changes will not take effect until the device is rebooted.

Reboot

After the SAVE button has been pressed, the device will need to be rebooted before any changes will take effect. The message “REBOOT device to apply changes” will appear. The REBOOT is clickable. When REBOOT is clicked, the device will be rebooted and will come back up with all changes applied.

Logout

Click LOGOUT link on the top right corner of the main menu to leave the Web management interface:

When the LOGOUT button is clicked, the administrator is redirected to the login page.

Web Statistics

System Information

This screen displays an at-a-glance view of helpful system information and statistics. This screen is displayed after a successful login.

Uptime - shows the amount of time the system has been running without being shutdown or rebooted. Shown in format HH:MM:SS.

Hardware Revision - shows current hardware revision.

Device Name- specifies the type of device currently running. Example: wili-ap-pro.

Firmware Version - displays version of firmware currently loaded on the board. The relevant information is the numerical firmware version shown in bold below. WILI-S.WILIBOARD.v5.23.SL3512.wili-ap-pro.21109.081002.024046

Average System Load - shows an average of the processor load in three given amounts of time: 1 minute, 5 minutes, and 15 minutes. The number (x 100) is a percentage of CPU load for the respective time period. 0.00 = Idle CPU; 1.00 = CPU was utilized 100%; 1.00 + x CPU was over utilized x amount

System Memory - shows available memory (RAM) that can be used by system resources

License Status - shows whether or not license is valid or not. If license is not valid, any changes in the configuration file will not take effect. All WILI products should contain a valid license. If a different version of firmware is uploaded (e.g. WILI-Mesh image is loaded on a unit that is licensed for WILI-S, the license will no longer be valid). If your license is not valid, please contact customer service.

Active Skin - displays the name of currently activated skin. We often make skin updates so check in Firmware Factory at http://www.wiligear.com frequently for images with updated skin versions!

Interfaces

The Interfaces page displays general network statistics for all interfaces

Network Statistics - the network statistics section shows detailed receive and transmit statistics for each interface

Network Configuration - displays main parameters of each IP-level interface MAC address, IP address, Netmask

Refresh - click to refresh current statistics

Wireless Statistics

The Wireless Statistics screen displays useful information regarding your wireless interfaces

Wireless Statistics

Shows general wireless statistics for each wireless interface running on your device

Status - displays whether the interface is up or down

Link - the general quality of the interface. This number is an average of the quality of all associated peers

Level - the general signal strength of the interface. This number is the sum of the Link and the Noise Level.

Noise - the level of noise around the interface

Invalid Network ID - number of packets received with a different Network ID or SSID. This is used to detect configuration problems or adjacent network existence running on the same frequency.

Decryption Errors - number of packets hardware was unable to decrypt. This can be used to detect invalid encryption settings.

Invalid Fragments - number of packets for which the hardware was not able to properly reassemble the link layer fragments

Retry Count - number of packets that the hardware failed to deliver

Miscellaneous Errors - other packets lost in relation with specific wireless operations

Missed Beacons - number of periodic beacons from the cell or access point missed. Beacons are sent at regular intervals to maintain cell coordination; failure to receive them usually indicates that the radio is out of range.

Peers/Access-Points

View Peer List - displays a pop-up window with a list of associated clients for each wireless interface. Displays Mode, MAC Address, Quality (quality is determined by a signal to noise ratio), signal level, noise level, and association data rate.For the detailed information refer to the Peer Pop-Up Window section.

View Peer Stats - displays a pop-up window with a list of usage stats for associated clients. Displays hardware address of client, Friendly Name of client if available, Association time, Received bytes, Sent bytes, and SSID client is connected to. For the detailed information refer to the Peer Statistics Pop-Up Window section.

Radio Information - provides information for each wireless interface running on the device.

Peers Pop-Up Window

Displays Mode, MAC Address, Quality (quality is determined by a signal to noise ratio), signal level, noise level, association data rate, custom association label, and IP address (if available)

The IP address is loaded from the local ARP table, so unless the client is talking directly to the device (such as in routing mode) the IP address may not be available.

To add a custom label to associated peers for easier management, you can type in a name in the text field and click update.

Once updated, this label is stored to the device and will appear every time the client associates.

Peer Stats Pop-Up Window

Provides statistics for clients associated to any of the Access Points on the Wiligear Unit. This feature only works if the option Enable wireless clients statistics has been turned on in the Services section.

Peer Stats will not be available for interfaces operating in client mode.

The following information is available:

Hardware Address - this is the MAC address of the wireless client that is associating

Friendly Name - this is the friendly name that is available if one has been entered in the Wireless Peers section. This is read only in the Peer Stats section

Association Time - the time the client associated to the access point. For this to work properly, the time settings must be configured in Management.

Received Bytes - traffic received on the AP from the client

Sent Bytes - traffic sent from the AP to the client

ESSID - SSID client is associated to

Routes

The routes page displays the IP-route table for each interface

ARP Table

The ARP Table page displays the table of ARP (Address Resolution Protocol) entries. ARP entries will only exist for units that the unit is talking directly to via IP. If the device is in bridge mode, not all clients should show up in this list.

System Configuration

Administrative Account

Allows changing of the administrative password. This username/password is the same for both web access and SSH access.

We recommend to change the default administrator password as soon as possible.

Username – displays the username of the current connected administrator. This parameter is not changeable.

Old password – enter the old administrator password.

New password – enter the new administrator password for user authentication.

Verify password – re-enter the new password to verify its accuracy.

The only way to gain access to the web management if you forget the administrator password is to reset the WILI-AP to factory default settings.

Default administrator login settings are: User Name: admin Password: admin01

License

Allows viewing of current license and the ability to upload new license files.

License status – displays the validity status of current license.

• valid – this license status means that devise has full functionality of the purchased WILI-S firmware release. With a valid license, you can get all service releases of the purchased FW version for free.
• not valid – this license status provides only a very limited functionality.

If the device has an invalid license uploaded, only very limited set of the device functionality is enabled:

• It runs only with a default configuration. Only a single BSSID is allowed; DHCP client runs on WAN interface, DHCP servers run on LAN and Wireless interfaces.
• It is impossible to change the configuration. All features are locked down until a valid license is presented. Any changes made in configuration will be stored in the flash memory of the device. Thus only a default setting will be used after the reboot.

Download current license file – click to download current device license file to your local PC.

License File Upload – click for the license file upload on the device.

Be sure for certain you are uploading a valid license file.

After the new license file is uploaded, the device must be rebooted for changes to take effect. For instructions how to reboot the device, refer to the section Reboot on the Maintenance page.

In case the fault license file has been uploaded, the device becomes inactive after reboot and the default configuration will be uploaded with the dynamic IP address given by the local DHCP server.

The license will be still valid after resetting the device to defaults.

Skins

Activate - sets the device to use the currently selected skin. Will also give the opportunity to revert back to skin’s default configuration

Delete - will delete the currently selected skin (Cannot delete built-in skin)

Download - downloads the currently selected skin as a .TAR package

Upload New Skin - allows the upload of custom skins. Accepts .TAR/.TGZ packages

Management

Clock/NTP

There are two ways to configure the time on a Wiligear unit:

• Manual Entry of Time

• NTP (Network Time Protocol)

The NTP (Network Time Protocol) client synchronizes the clock of the WILI AP device with a selected time server. Choose the configuration mode as NTP and specify the following settings:

Configuration – choose the system clock configuration mode [NTP/Manual].

Timezone – select the timezone. Time zone should be specified as a difference between local time and GMT time.

WILI-S uses timezone conversions according the ISO committee's decision to create time expressions using offsets from UTC rather than to UTC (i.e., having opposite sign). For example, if GMT time is 10:11, but correct local time is 12:11, then timezone has to be set to -2.00 hour.

Save last known time – select to recall the timestamp that was saved on last reboot. When the NTP is enable, this option will set system clock to last reboot time if no NTP servers are available.

Add – click to add NTP server

Delete – click to remove selected NTP servers from the device system.

Server IP – specify the trusted NTP server IP or hostname for synchronizing time with [IP address]

To adjust the clock settings manually, choose the configuration mode as Manual and specify the following settings:

Configuration – choose the system clock configuration mode [NTP/Manual].

Timezone – select the timezone. Time zone should be specified as a difference between local time and GMT time.

WILI-S uses timezone conversions according the ISO committee's decision to create time expressions using offsets from UTC rather than to UTC (i.e., having opposite sign). For example, if GMT time is 10:11, but correct local time is 12:11, then timezone has to be set to -2.00 hour.

Save last known time – select to recall the timestamp that was saved on last reboot.

Date – specify the new date value in format YYYY.MM.DD.

Time – specify the time in format hh:mm.

If device hardware has no internal clock, the configured manual time will be reset to the specified date and time after each device reboot.

RCMS

RCMS (Remote Configuration Management Server) is a centralized monitoring and management solution for Wiligear products. At the heart of RCMS is a powerful and efficient engine that securely gathers, interprets and records information from registered network devices, and makes that information available to network administrators through a convenient, secure, and attractive Web interface.

RCMS settings must be defined on each individual client before the RCMS server can receive information about the device.

An RCMS server is required in order to utilize the RCMS functionality.

Enable RCMS - Enable/Disable RCMS daemon to run

RCMS server URL - URL for RCMS daemon to send heartbeat packets. e.g. http://rcms.thebestwispontheplanet.net/heartbeat.php

This address is not a real address. The RCMS Server must be running on a valid server accessible by the device.

If the standalone Java application WILI Scout is to be used instead of RCMS server as the whole, the IP address with port 8282 of the server with the continuously running WILI Scout must be specified (e.q. rcms.heartbeat.url=http://192.168.2.2:8282/heartbeat.php)

Heartbeat Interval - Interval in seconds between subsequent heartbeat notifications (Default: 30)

Heartbeat timeout - Maximum number of seconds to wait for a response from the RCMS server before considering the connection as having timed out. (Default: 60)

Statistics Update Interval - Heartbeat interval in seconds between statistics collection (Default: 300)

Statistics items - Allow adding/removing statistics items based on an SNMP OID to be monitored by RCMS

Instant Settings

By default WILI-S settings are applied when the device first boots. This means that settings must be stored in the configuration of the device, and then those settings are loaded when the device is rebooted. Some options have the ability to be changed instantly.

Allow Instant Setting Changes - select to enable Instant changes.

When this option is selected, a Set button will appear to any configuration options that have instant change capabilities.

Once the Set button is clicked, the changes will be applied immediately and also stored in the devices configuration. When the device is rebooted, those changes will remain.

Maintenance

WILI skin has an ability to generate a troubleshooting file that contains a valuable information about device configuration, routes, log files, command outputs and etc. Using the troubleshooting file the device itself gathers information instead of you. This is helpful for submitting problems to WILIBOX support team.

Download troubleshooting file - select to download a troubleshooting file. This package includes various files that include current radio stats and debug messages:

• Output from /var/log/messages
• Running configuration file
• Various stats from device

Reboot – reboot device with the last saved configuration.

Reset to factory defaults – click to reset the device to factory default values.

Resetting the device is an irreversible process. Current configuration and the administrator password will be set back to the factory default. Nevertheless the device license will be still valid after resetting the device to defaults.

Firmware Upgrade - allows the upload of firmware images. To update your device firmware use the Firmware upgrade section under the Maintenance menu, select the firmware file and click the Upload button:

Current Firmware Version – displays version of the current firmware.

Browse… – click the button to select the new image from a folder on the PC.

Upload – upload the new firmware.

When updating FW image with different main version, a new license key should be uploaded on WILI AP first. Otherwise the device will be inactive after reboot and the default configuration will be uploaded with the dynamic IP address given by the local DHCP server. For information on how to upload a license file please refer to the appropriate section License.

The WILI AP device system firmware upgrade is compatible with all configuration settings. When the device is upgraded with a newer version or the same version builds, all the system’s configuration will be preserved after the upgrade.

The new firmware image is uploaded to the controller’s temporary memory. It is necessary to save the firmware into the WILI AP permanent memory. Click the Upgrade button:

Upgrade – upgrade device with the uploaded image and reboot the system.

Do not switch off and do not disconnect the device from the power supply during the firmware update process as the device could be damaged.

Network Configuration

There are three operating modes the device can function as, bridged mode, router mode, or advanced mode

• Bridged mode bridges all interfaces on the device together
• Router mode bridges all interfaces except one designated WAN interface
• Advanced mode allows you to create custom bridges and separate interfaces according to your needs

Bridge Mode

By default the device is configured in Bridged Mode. Bridged mode groups all interfaces into an OSI layer 2 bridge. A bridge connects multiple network segments/interfaces together and allows traffic to pass among them.

Enable STP (Spanning Tree Protocol) - STP, or Spanning Tree Protocol, is useful if there are potential loops in your network layout. If a network loop occurs, your network may experience a broadcast storm, and STP protects against this.

LAN network settings

When in bridge mode you have the ability to enter the following information:

• IP Address
• Subnet Mask
• Default gateway
• DNS Server 1
• DNS Server 2

Since all of the interfaces are bridged, the unit will be accessible from any interface on the unit at the IP specified.

E.G. By default the unit is bridged with an IP Address of 192.168.2.254. This means that if you connect wirelessly to the default AP you can connect to the unit at 192.168.2.254 or if you connect by cable you can access it at 192.168.2.254

Router Mode

Router mode separates the device into two subnets, a LAN subnet and a WAN subnet. When setting the device to Router Mode, you must select the interface you want to function as the WAN interface. Once the WAN interface is selected, all other interfaces are grouped together to form the LAN bridge. The WAN interface and LAN bridge will have separate IP settings and will reside on separate IP subnets.

E.G. If the Ethernet interface is designated as the WAN interface, all wireless interfaces (ath0, wds1, etc) will be added to the LAN bridge. Or if the WDS interface is designated as the WAN interface, the Ethernet and parent wireless interface (eth0, wds1) will be added to the LAN bridge.

This can be useful for the following scenarios:

• Only one public IP is available and multiple computers need to share that IP address
• Separation is needed between an Access Point and the rest of the network

Enable NAT - NAT, or Network Address Translation, allows a group of computers to share one public IP address to access outside networks. This is enabled by default.

Enable STP (Spanning Tree Protocol) - STP, or Spanning Tree Protocol, is useful if there are potential loops in your network layout. If a network loop occurs, your network may experience a broadcast storm, and STP protects against this.

LAN Network Settings

This section configures IP settings for the LAN interface. This section is always enabled. When the device is in Bridge Mode, all five textboxes are available; however, in Router Mode, Default Gateway, DNS Server 1, and DNS Server 2 are not available.

DHCP Mode

DHCP Mode has two options: Disabled and Server.

Disabled does not provide any DHCP functionality. A static IP must be set.

DHCP Server sets a DHCP server to run on the LAN subnet. This is typical in Router Mode when providing network access to a group of computers separated from your WAN subnet.

DHCP Start - the beginning IP for the IP range in which to hand out IP addresses.

DHCP End - the ending IP for the IP range in which to hand out IP addresses.

DHCP Netmask - the 32 bit mask used to identify the local portion of the LAN subnet (e.g. 255.255.255.0).

DHCP Gateway - the IP address to hand out to DHCP clients as the gateway to pass all traffic (In this case it will be the LAN IP address of the device.

DHCP lease time - the amount of time (in seconds) until the DHCP lease expires on the server.

DHCP DNS server - the IP address to hand out to DHCP clients as the DNS server (In this case it will be the LAN IP address of the device).

Show DHCP Leases - will open a new window with a list of current DHCP leases on the LAN interface.

WAN Network Settings

This section configures the interface connecting your device to outside networks in router mode.

WAN Mode: The WAN interface has three options for connection type: Static IP, DHCP Client, and PPPoE

Static IP allows the entry of a static IP address and IP information:

DHCP client allows the radio to obtain WAN IP information automatically from a DHCP server on the network

PPPoE mode allows radio to authenticate against a PPPoE server and obtain IP information from server once authenticated

Advanced Mode

Advanced Mode is for advanced users that need more flexibility in their network setup than bridge or router mode.

This mode allows you to do things such as:

• Add/Remove bridges with the Bridge Builder
• Add/Remove interfaces from bridges
• Assign IP Information to individual interfaces
• Add multiple IP addresses to single interfaces
• Create VLAN Interfaces

The Interfaces section is only available in Advanced Mode.

Network Interfaces

The Interfaces section is only available in Advanced Mode

The Network Interfaces screen displays a summary of all interfaces in the unit that IP address information can be assigned to. Any interfaces that are included in a bridge will not be displayed in the interface list since IP information cannot be applied to it.

The following information is displayed in the summary table:

Interface Name (Can be physical interface, bridge, radio, VLAN, or virtual radio).

Status – (enabled/disabled) Displays current status of interface.

IP Address – Displays primary IP address for device. If address is 0.0.0.0, no IP address has been set for this interface. IP Aliases (secondary addresses) are not displayed here.

Subnet Mask – The subnet mask for the primary IP address assigned to interface.

NAT Status – (enabled/disabled) Displays whether NAT is enabled or disabled on the interface.

DHCP Mode – (none/client/server) Displays what DHCP mode the current interface is operating with.

Has IP Aliases – (yes/no) Displays whether interface has an IP Aliases enabled.

Edit Button– Clicking this button will open a new page that allows viewing/editing of current interface’s Network Settings.

Network Settings

This section contains the network settings for the interface selected from the Network Interfaces page.

Enable - Enables/Disables interface

IP Address - The IP address of the current interface (e.g. 192.168.2.254)

Subnet Mask - The Subnet Mask of the current interface (e.g. 255.255.255.0)

Default Gateway - The default gateway IP address to send all traffic on this interface to (e.g. 192.168.2.1).

Enable NAT - Enables Network Address Translation (NAT). When this is enabled, all IP traffic headed outbound on current interface will be masqueraded behind the IP of the current interface.

DHCP Mode - selection of which DHCP mode to implement on the interface, if any. There are two modes available:

Client – if DHCP Client is enabled, interface will attempt to pick up DHCP address from a server on the network. If no DHCP server is present, interface will reside on static IP address entered in IP address field above.

Server – enables a DHCP server on current interface that will assign IP addresses to clients on same network. When a client connects, the DHCP server will assign an IP address from the designated pool of IPs with appropriate settings.

DHCP Start - sets the beginning IP for the IP range in which to hand out IP addresses.

DHCP End - sets the ending IP for the IP range in which to hand out IP addresses.

DHCP Netmask - is the 32 bit mask used to identify the local portion of the LAN subnet (e.g. 255.255.255.0).

DHCP Gateway - is the IP address to hand out to DHCP clients as the gateway to pass all traffic (In this case it will be the LAN IP address of the device.

DHCP lease time - is the amount of time (in seconds) until the DHCP lease expires on the server.

DHCP DNS server - is the IP address to hand out to DHCP clients as the DNS server (In this case it will be the LAN IP address of the device).

Show DHCP Leases - will open a new window with a list of current DHCP leases on the LAN interface.

IP Aliases

It is possible with IP Aliasing to add multiple IP addresses to a single interface. The interface will then be accessible from any of the IP Aliases or the standard IP.

IP Address - The additional IP address that is being added to the interface

Subnet Mask - The subnet mask of the alias being added

Bridges

The Bridges section is only available in Advanced Mode

The Bridges section allows the creation/deletion of interface bridges. A bridge transparently relays traffic between multiple network interfaces. There are a few restrictions when using bridges:

• It is not possible to add a device to multiple bridges
• VLANs cannot be created on bridge interfaces they can only be added to them
• A bridge cannot be added to another bridge

Bridge Creation

To create a new bridge, there must be at least one interface available that is not already in a bridge.

1. Select one or more interfaces that will make up the bridge
2. Select the ‘Create New Bridge’ drop down option
3. Click the Add button
4. A new bridge section will be created that contains the selected interfaces

Bridge names are incremental. Naming starts at br0, and is incremented by one, so the next bridge will be br1, then br2 and so on.

To add interfaces to existing bridges, there must be at least one interface available that is not already in a bridge

1. Select one or more interfaces that will be added to the bridge
2. Select the desired bridge in the drop down menu
3. Click Add
4. The selected interfaces will be added to the selected bridge

Bridge Editing

Each bridge is displayed in incremental order along with associated settings for each bridge

Enable Bridge - Enables/disables the bridge. Disabling the bridge does not disable the interfaces in the bridge.

Enable STP - Enables/disables STP (Spanning Tree Protocol) for the bridge. Spanning Tree Protocol is useful if you may have loops in your network layout. If you are running multiple or redundant bridges, then you need to enable the Spanning Tree Protocol (STP) to optimize multiple hops and avoid bridging loops. Normally redundant bridges would result in duplicated packets which would saturate the connected networks. Bridges configured to use STP negotiate the shortest possible link between the connected networks and disable all other possible links. If a link fails STP recalculates the links and can enable a workaround for the failed link. For the bridge to take part in this negotiation, STP must be enabled. It is disabled by default when creating the bridge.

Remove Bridge - Removes the bridge. Removing the bridge will free all of the interfaces contained in the bridge, allowing interfaces to have separate IP information or be added to other bridges

For each interface in the bridge, the following options are available:

Enable Interface - Enables/Disables selected interface. Disabling an interface does not remove the interface from the bridge.

Remove Interface - To remove an interface from the bridge check the Remove Interface checkbox and click the Update button.

Remove All - To remove all interfaces from the bridge, click the Remove All buttons. This will free all of the interfaces contained in the bridge, allowing interfaces to have separate IP information or to be added to other bridges.

VLAN

The VLAN Section is only available in Advanced mode

Wiligear products are capable of 802.1Q VLAN Tagging. A Virtual Local Area Network (VLAN) is a method of creating independent logical networks within a physical network. This helps in reducing the broadcast domain and aids in network administration by separating logical segments of a LAN (like company departments) that should not exchange data using a LAN.

Creating a VLAN

VLANs are created ‘on top’ of parent interfaces and given an integer ID

Valid IDs are integer numbers between 2 and 4095

When a VLAN is created on top of a parent interface, a new interface is created with the name of the parent interface name and a dot or ‘.’ then the VLAN ID appended E.G. If a VLAN is created with an ID of 100 on interface ixp1, a new interface will be created named ixp1.100

Limitations:

• VLANs cannot be created on top of bridges
• VLANs can be created on top of wireless interfaces, but VLANs do not have wireless extensions, so VLAN interfaces will not show up in the Wireless Settings

DNS

The DNS Section is only available in Advanced mode

The DNS section allows you to specify what DNS servers the device will use to resolve hostnames There are a few requirements for the DNS Servers:

• DNS Servers must be entered in IP format
• DNS Servers must either be on same subnet as device or routes must be set up between device and server

Routes

This section allows for setting up special routes to route IP traffic in other places than the default gateway.

Static Routes

Destination - The Subnet ID of the subnet you want traffic routed to a different location.

Subnet Mask - The 32 bit mask identifying the routed subnet.

Default Gateway - The IP to route all traffic in specified route to. (This IP must already be accessible by device)

Make sure the route is correct before adding. Web configuration will allow routes to be added even if incorrect! Use a subnet calculator to verify.

Dynamic Routing

WILI devices contain the Quagga routing suite and provide the capability of performing RIP and OSPF.

Since Quagga is based on text based configuration files, device provides the ability to edit these configuration files directly.

Since there are many different configuration options for the Quagga suite, please refer directly to the Quagga site for any questions regarding Quagga configuration: http://www.quagga.net/docs.php

Firewall Rules

The Firewall Rules section gives you the ability to pass traffic behind an interface that has NAT enabled. For instance if the unit is in router mode with NAT enabled on the WAN interface, no devices on the outside of the WAN interface can see any private IPs on the LAN side of the unit. By using port forwarding or DMZ you can pass traffic through to these private IP addresses.

Port Forwarding

This option allows traffic to pass through the NAT firewall from the public IP to a specified private IP on a certain port.

Source Port - Port that will be accessed externally using the public IP address. e.g. http://www.wiligear.com:8080 (port 8080).

Private IP address - IP address behind NAT that public traffic will get forwarded to. e.g. Web server on 192.168.2.200.

Destination Port - Listening port on private computer behind NAT. e.g. HTTP listening port on internal web server 192.168.2.200:80.

Protocol - TCP traffic, UDP traffic, or Both.

DMZ

This allows the device to forward all incoming traffic on the WAN interface to an internal IP address behind the NAT firewall. Doing this allows one computer to function as if it is not behind the firewall.

Radio Settings

This section configures the physical aspects of the wireless interfaces. Any settings in this section will apply to the physical interface and any virtual interfaces created on top of it.

Country Code - The default country is United States. This cannot be changed without running the international version of the firmware.

Enable Radio - This checkbox enables or disables the physical radio. Disabling the radio will also disable any virtual interfaces created on the physical radio.

IEEE Mode - Sets the 802.11 mode of the radio. Options include (A, B Only, G Only, B/G)

Current Channel - Displays the channel the radio is currently operating on. If radio is currently set to Client Mode and is not connected to an Access Point, radio may be roaming and display different channels at different times.

Channel - A list of available channels the radio can operate on. If in Access Point mode and set to Auto, radio will scan around to find the least noisy channel at boot time and operate on it.

Channel Size - (Full/Half/Quarter) The default channel bandwidth for 802.11a is 20mhz wide. The default for 802.11g is 22mhz. Changing the channel size to a half or quarter size channel can allow for a more efficient use of the 802.11 spectrum. Reducing the channel size will increase the power density and at the same time can reduce noise and interference. However, reducing the channel size will result in a drop in available throughput by a half or a fourth of a standard sized channel’s throughput when using half or quarter size channels respectively.

Only clients that have support for smaller channel sizes will be able to associate to Access Points that have been set to use a half/quarter channel size. Most laptop users will not be able to associate to an AP in half/quarter channel mode.

Automatic Data Rate Mode - Enabling this function will allow the radio to change the association’s data rate depending on the quality of the link. This is helpful in environments where the quality of links may change or can be unpredictable.

Data Rate, Mbps - The data rate this radio will associate at when connecting to peers. If radio is functioning in Auto Data Rate Mode, this option depicts the MAX data rate the radio can associate at.

Transmit Power (dBm) - The output power of the physical radio. If value is set higher than radio can perform at, the next highest available power setting is used. (e.g. if a txpower of 30dbm is used but the radio only goes up to 26dbm, the radio will actually run at 26dbm even though it says 30dbm.)

If using a high-gain antenna, it may be necessary to lower transmit power to stay in accordance with FCC regulations.

ACK Timeout - 802.11 radios have an ACK Timeout setting (acknowledgement timeout) where if the transmitting radio doesn’t get a response from the receiving radio within a certain timeframe it will assume the packets have been lost and retransmit the packets. If you have long range links, the time to send a message and then get a response back will increase and may exceed the standard ACK timeout settings. On long-range links, increasing this setting will reduce retransmits and improve the quality of the link. However, at the same time, if you have short links and your ACK settings are too high, if a packet gets lost in transit, the sender will wait longer to retransmit than usual which will degrade the link unnecessarily.

The formula to determine a baseline ACK setting is: ACK = 23 + (Distance in meters / 150)

This is just a guideline, and adjustments may need to be made depending on environment.

Fragmentation - The fragmentation threshold which determines whether data frames will be fragmented and what size.

RTS - (Request to Send) Specifies the maximum packet size until the radio sends a ‘Request to Send’

Wireless Settings

Wireless Interfaces

This section displays a summary of all wireless interfaces (physical and virtual) running on the device. Physical interfaces are shown in bold, with virtual interfaces shown as sub-items under the physical interfaces

The following information is available in the summary table:

Interface Name

Parent – the parent of the interface. If the interface is the physical interface

SSID – The Service Set Identifier of the wireless access point or client

Mode – The mode of the interface (AP/Client)

Edit Button – Displays a new page that allows viewing or editing the properties of the associated wireless interface

Delete Button (Only available for virtual interfaces) – Deletes the selected virtual interface

Virtual Radios

Creation of Virtual Radios (VSSIDs) is also available from the Wireless Interfaces screen.

1. Select the parent radio virtual radio will be created on from the Create a New Virtual Radio drop down menu and click OK.
2. The wireless settings for the virtual interface will be displayed
3. Modify settings appropriately and click the OK button
4. A virtual radio will be created with the label <interface name>-vap<index-1> where index is the count of virtual radios on the parent radio. (e.g. The third virtual AP created on ath0 will be named ath0-vap2)

There are a few rules to keep in mind when using Virtual Radios:

• Virtual Radios can only be created on parent radios that are operating in AP mode. Parent radios operating in client mode will not appear in the drop down menu.
• Only one virtual radio may run in Client Mode on a parent interface at one time
• When a virtual radio is created that is set to Client Mode, the parent interface will be ‘down’ until the client virtual radio is associated to an AP
• Virtual Radios do not use the same hardware MAC as the parent interfaces, so if using an Access Control List or MAC authentication be sure to get the correct MAC in the Statistics Wireless section
• Virtual Radios will run on the same channel as the parent radio
• Each virtual radio can run security settings separate from other virtual radios and the parent radio

Wireless Settings

This section contains settings for the wireless interfaces. These settings can be applied independently to physical and virtual radios.

Operating Mode - select the operating mode [ap/client]. There are two wireless operating modes: AP and Client

AP - Enables the radio to function as an Access Point. When in AP mode, wireless clients can see the AP broadcast and associate to it if settings are configured correctly.

Client - Sets the radio to run in client, or managed, mode. When in client mode, radio does not broadcast an SSID and clients cannot connect to it. Client mode allows the radio to connect to other radios functioning as an AP.

Changing a parent radio from AP to Client mode will delete all Virtual Radios already created on that interface since no Virtual Radios may be created on a parent radio that is operating in Client mode.

Proprietary Transparent Bridge - enabling this function allows all traffic to pass through the client radio to the access point transparently. This function must be enabled on the AP and Client radios. When this option is disabled, Client radios will connect in Station mode and perform Proxy-Arp on all traffic going from the Client to the AP. The Client will proxy all traffic being transferred through it to the AP and make it look to the AP that all traffic is coming from one MAC address even if there are multiple hosts connected to the Client radio. Enabling Transparent Bridge allows all traffic to pass freely and is MAC-transparent. This is sometimes referred to as WDS (Wireless Distribution System).

This is only supported on WILI-S to WILI-S setups.

Throughput Enhancements - performance enhancements available for the radio (Only available for 802.11A and 802.11G)

• Fast Frames - Frame aggregation (allows up to 3000 bytes), as well as timing modification
• Packet Bursting - More data frames per given period of time
• Compression - Lempel Ziv real-time hardware data compression

SSID - specify the SSID (Service Set Identifier). This is the SSID that will either be broadcasted if radio is in AP mode, or that the radio will scan for and attempt to connect to if in Client mode.

Broadcast SSID - enables or disables the broadcasting of the SSID for APs. (This is not available for interfaces operating in client mode)

Quality of Service (WMM) - subset of 802.11e. Provides basic QoS features to 802.11 networks. WMM prioritizes traffic based on four “Access Categories” – Voice, Video, Best Effort, and Background. It is suitable for simple applications that require QoS such as Voice over IP (VoIP).

Client Isolation - layer 2 isolation that blocks clients from communicating with each other.

Wireless Security

Authentication

WILI-S supports various authentication/encryption methods. The Wireless Security page displays all wireless interfaces (physical and virtual) and allows security settings to be applied per interface.

Authentication Method - Select which authentication method the radio will run as

None – No security is implemented on this interface

WPA-PSK-TKIP – WPA pre-shared key security using the TKIP (Temporal Key Integrity Protocol) algorithm

WPA-PSK-CCMP – WPA pre-shared key security using the CCMP (AES) algorithm

WPA2-PSK-TKIP – WPA2 pre-shared key security using the TKIP (Temporal Key Integrity Protocol) algorithm

WPA2-PSK-CCMP – WPA2 pre-shared key security using the CCMP (AES) algorithm

WEP64 – Wireless Equivalent Privacy (64 bit)

WEP128 – Wireless Equivalent Privacy (128 bit)

Passphrase - This field accepts a pre-shared key that will be used when authenticating against peer radio Accepted Values:

WPA/WPA2 - Pass phrases of length from 8 to 63 characters (All characters allowed)

WEP-64bit - 5 hexadecimal pairs delimited by colons (00:11:22:33:44)

WEP-128bit - 13 hexadecimal pairs delimited by colons (00:11:22:33:44:00:11:22:33:44:00:11:22)

Access Control

Access Control provides the ability to limit associations wirelessly based on MAC address to an AP by creating an Access Control List (ACL).

If Instant setting changes have been enabled, the Access Control List operations will happen immediately.

Policy - There are two policies for creating an Access Control List.

Allow – All MAC addresses are allowed by default EXCEPT the MAC addresses listed (this means the ACL is more of a MAC blacklist)

Deny – All MAC addresses are denied by default EXCEPT the MAC addresses listed (this means the ACL is more of a MAC whitelist)

Interface - Select which interface to implement the Access Control list on (physical or virtual)

Only one ACL (either accept or deny) can be implemented per interface at one time

There are two ways to add MAC addresses to Access Control Lists:

• Enter MAC addresses individually
• Upload text file containing MAC addresses

When entering a MAC address individually, the following options are available:

MAC - A single MAC address to add to current list (00:11:22:33:44:55)

Friendly Name - (Optional) Add a friendly name to MAC address. This can help to distinguish MAC addresses if the Access Control List becomes large

When uploading a text file with multiple MAC addresses, the following options are available:

Upload list of MACs - Upload a file (comma-separated or newline separated) that will be added to the existing list of ACL MAC addresses

Expert Mode - Configuration File Management

Allows advanced users the ability to modify configuration file directly

Upload New Configuration File - Allows upload of custom or backup configuration files

Download Running Configuration File - Download the config that the device is currently running

Edit Configuration

Editing the configuration file directly can be useful if you need configuration options that are too advanced to be included into the web configuration, or for fine tuning after the web configuration has been used to apply general settings.

Making changes in the skin’s web configuration after directly modifying the configuration file may cause any changes made in configuration file to be LOST!

Save - Saves current configuration file to the device. When the device reboots, current configuration will be effective

Reset - Clears any changes made to the configuration file in current edit

Read Active - Loads the last saved configuration file from device memory

Read Backup - Loads the next-to-last saved configuration file from device memory

Adjust edit area height - Adjusts the number of lines viewable of the configuration text box

Incorrect changes in the configuration file can render the device unusable!

Services

Wireless Client Statistics

The Access Points provide the functionality to monitor wireless peer traffic in real-time.

Enabled Peer statistics can be viewed on Wireless statistics page by using View Peer Stats button. The following information is available:

• Associated peer’s hardware MAC address
• Associated peer’s friendly name
• Association Time
• Received bytes (traffic received on the AP from the client)
• Sent bytes (traffic sent from the AP to the client)
• SSID client is connected to

For the detailed information about wireless client statistics refer to the Peer Statistics Pop-Up Window section.

SSH

Configuration for the SSH daemon

Enable SSH - Enables or disables the SSH daemon

Port - Specifies which port SSH will accept connections on

Syslog

Configuration for the Syslog (System Log)

Message Level - Specifies the verbosity of the logs and the detail to which to keep logs

Forward Enabled - Enables logs to be sent to an external Syslog server

Host IP Address - IP Address of external Syslog server

Host Port - Port Syslog server listens on

Forward message level - Specifies detail of which to forward logs

Forward backup enabled - Allow a secondary or backup Syslog server

Forward host IP address - Backup external Syslog server

Forward Host Port - Port Backup Syslog server listens on

HTTP

Enables or disables configuration/management through HTTP.

https is always enabled

Tools

Site Survey

The Site Survey test shows overview information for any wireless networks that are within communication range of the device. Using this test, an administrator can scan for working access points, check their operating channels, WEP encryption and see signal/noise levels. An administrator can use this feature to identify a clear channel to set the Wiligear device to that will not receive interference from adjacent APs.

MAC Address - The MAC address of the remote wireless radio.

ESSID - Extended Service Set Identifier – Identifying name of the wireless access point.

Encryption - Specifies whether the AP has encryption enabled or disabled.

Signal Strength - The receive signal strength the device is picking up from remote radio.

Noise Floor - Measures the amount of noise in the area of the device.

Frequency - Displays the frequency the remote radio is running at.

Channel - Displays the channel the remote radio is running on.

Choose Wireless Interface - Will select the wireless radio to run the scan on.

Running the site survey tool momentarily disables normal operation of the radio!

Connect to selected radio - If radio is in client mode, selecting an Access Point’s radio button and clicking this button will automatically set up a client for that Access Point.

Antenna Alignment

The antenna alignment test measures signal quality between the bridge/access point and other wireless networking devices. For best results during the antenna alignment test, turn off all wireless networking devices within range of the device except the device(s) with which you are trying to align the antenna. Watch the constantly updated display in the Alignment Test window as you adjust the antenna.

Choose wireless interface - select the wireless interface on which the Antenna Alignment test will be performed.

The Antenna Alignment test results appear when you click the Start button, and finishes when you click Stop button.

Traffic Generator

The built-in traffic generator provides a method of determining the speed of a link, or how much traffic can travel across a link in a given amount of time. This is useful when setting up or troubleshooting wireless links.

Rates Test

The Rates Test section is a supplement to the Traffic Generator tool that allows you to manually set the maximum data rate the radio will communicate at.

Set - Temporarily sets the radio to associate at selected data rate (to be used for testing with the traffic generator)

Save - Saves the data rate to the device so the device will continue to operate at that data rate in the future

ACK Timeout Test

The ACK Timeout Test is a supplement for the Traffic Generator tool that allows manipulation of ACK settings at run-time. ACK timeout settings generally only need to be changed for long distance links.

Set - Temporarily sets the ACK timeout for the radio

Save - Saves the ACK timeout value to the device so the device will continue to use this ACK timeout value in the future

Throughput Test

Tests the amount of throughput that can be passed across the wireless link at a time

Operating Mode - The two operating modes are Server and Client.

• Server opens a connection and waits for another throughput test in client mode to begin and begin communication with the server
• Client will contact a throughput test running in Server mode and begin the test. When the test isn’t run in duplex mode, the client downloads the data from the Server. So the traffic goes from the Server to the Client.

Protocol - Specifies the protocol to run the test on (either TCP or UDP).

Host - This is the IP address of the device acting as the throughput test server. This is entered on the client side of the throughput test.

Duplex Traffic - This toggles the option to make the traffic full duplex. When disabled, traffic goes in the direction of Server -> Client. When enabled the traffic goes from Server -> Client and Client -> Server at the same time.

Start - In server mode, begins the server daemon listening. In client mode, contacts server and begins test.

Stop - Stops the test.

Show Results - Shows current results of test on screen. Test does not need to be complete for this to run.