Template:Networking rutos manual wireless: Difference between revisions

From Teltonika Networks Wiki
No edit summary
No edit summary
 
(39 intermediate revisions by 4 users not shown)
Line 12: Line 12:
==Summary==
==Summary==


The <b>Wireless</b> section of the Network tab can be used to manage and configure WiFi Access Points and WiFi Stations (clients) . This chapter of the user manual provides an overview of the Wireless section for {{{name}}} devices.
The <b>Wireless</b> section of the Network tab can be used to manage and configure WiFi Access Points, WiFi Stations (clients) and WiFi devices. This chapter of the user manual provides an overview of the Wireless section for {{{name}}} devices.
{{#switch: {{{series}}} | TAP100 | TAP200= | #default= {{Template:Networking_rutos_manual_basic_advanced_webui_disclaimer  
{{#switch: {{{series}}} | TAP100 | TAP200= | #default= {{Template:Networking_rutos_manual_basic_advanced_webui_disclaimer  
| series = {{{series}}}
| series = {{{series}}}
Line 21: Line 21:
{{#switch: {{{wifi}}}
{{#switch: {{{wifi}}}
| 2 = {{{name}}} devices support IEEE 802.11b/g/n and 802.11e_WMM wireless technologies.
| 2 = {{{name}}} devices support IEEE 802.11b/g/n and 802.11e_WMM wireless technologies.
| 5 = {{{name}}} devices support IEEE 802.11ac (WiFi 5) with data transmission rates up to 867 Mbps (Dual Band, MU-MIMO), 802.11r fast transition.
| 5 = {{#switch: {{{name}}} | RUTC50 = {{{name}}} devices support IEEE 802.11b/g/n/ac/ax with data transmission rates up to 3603Mbps on 5GHz, 576Mbps on 2.4GHz (Dual Band, MU-MIMO), 802.11r fast transition.| #default = {{{name}}} devices support IEEE 802.11ac (WiFi 5) with data transmission rates up to 867 Mbps (Dual Band, MU-MIMO), 802.11r fast transition.}}
}}
}}


Line 28: Line 28:
The <b>SSIDs</b> section is used to configure your wireless access points (AP) and wireless clients (STA).
The <b>SSIDs</b> section is used to configure your wireless access points (AP) and wireless clients (STA).


{{#switch:{{{name}}}
{{#switch:{{{series}}}
|TCR100 = [[File:Networking_rutos_manual_wireless_wifi_5_tcr1_v4.png|border|class=tlt-border]]
|TCR1 = [[File:Networking_rutos_manual_wireless_wifi_tcr1.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_wireless_wifi_tap100_v1.png|border|class=tlt-border]]
|TAP100|TAP200 = [[File:Networking_rutos_manual_wireless_wifi_{{{wifi}}}_tap.png|border|class=tlt-border]]
|TAP200 = [[File:Networking_rutos_manual_wireless_wifi_tap200_v1.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_wireless_wifi_{{{wifi}}}_v4.png|border|class=tlt-border]]
|RUT241|RUT200|RUT951|RUT956|RUT906|RUT901 = [[File:Networking rutos manual wireless wifi 2 v2 mixed.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_wireless_wifi_{{{wifi}}}_v3.png|border|class=tlt-border]]
}}
}}


Above is the overview of the SSIDS Overview window. It displays active access points{{#switch:{{{series}}}|TAP100|TAP200=.|#default=  and stations.}}  
Above is the overview of the SSIDS Overview window. It displays active access points{{#switch:{{{series}}}|TAP100|TAP200=.|#default=  and stations.}}  
Here you can turn on or off your WiFi interfaces, remove them or start configuring by clicking on  
Here you can turn on or off your WiFi interfaces, remove them or start configuring by clicking on  
  <b>Edit</b> button on the right side of interface.{{#switch:{{{series}}}|TAP100|TAP200=|#default= You can also configure your WiFi devices by clicking <b>Edit</b> button in the right side of each table header. To configure your Wireless device as Client press '''Scan''' button to scan the surrounding area and attempt to connect to a new wireless access point.}}
  <b>Edit</b> button on the right side of interface.{{#switch:{{{series}}}|TAP100|TAP200=|#default= To configure your Wireless device as Client press '''Scan''' button to scan the surrounding area and attempt to connect to a new wireless access point.}}


{{#ifeq: {{{series}}} | TCR1 |
{{#ifeq: {{{series}}} | TCR1 |
====Guest Network====
====Guest Network====


Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure.
Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure.|}}
|}}


{{#switch:{{{series}}}|TAP100|TAP200= ===Radio Settings===|#default= ====Global Settings====}}
===Radio===
----
----
The <b>{{#switch:{{{series}}}|TAP100|TAP200=Radio|#default=Global}} Settings</b> section is used for configuring WiFi hardware parameters. You can find this section {{#switch:{{{series}}}|TAP100|TAP200=|#default=by clicking the 'Edit' button next to a wireless device (<u>not an interface</u>)}} in the Network → {{#switch:{{{series}}}|TAP100|TAP200=Wireless → Radio page.|#default=SSIDS page:}}
The <b>Global Settings</b> section is used for configuring the country code which is used for regulatory purposes (different areas allow different maximum transmit power and operating frequencies) and WiFi hardware parameters. You can change parameters by clicking the 'Edit' button next to a wireless device (<u>not an interface</u>) in the Network → SSIDS page:
{{#switch:{{{name}}}
{{#switch:{{{name}}}
|TAP100 =
|TCR1 = [[File:Networking_rutos_manual_wireless_radio_tcr1.png|border|class=tlt-border]]
|TAP200 =
|TAP100|TAP200 = [[File:Networking_rutos_manual_wireless_radio_{{{wifi}}}_tap.png|border|class=tlt-border]]
|TCR1 = [[File:Networking_rutos_manual_wireless_global_settings_edit_button_tcr1_v3.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_wireless_radio_{{{wifi}}}.png|border|class=tlt-border]]
|RUT241|RUT200|RUT951|RUT956|RUT906|RUT901 = [[File:Networking rutos manual wireless wifi 2 v2 mixed.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_wireless_global_settings_edit_button_v4.png|border|class=tlt-border]]
}}
}}


{{#switch:{{{series}}}|TAP100|TAP200= ====General Setup====|#default= =====General Setup=====}}
<table class="nd-mantable">
    <tr>
        <th>Field</th>
      <th>Value</th>
      <th>Description</th>
    </tr>
    <tr>
    <td>Country code</td>
        <td>country code; default: <b>US - United States</b></td>
        <td>SO/IEC 3166 alpha2 country codes as defined in ISO 3166-1 standard.</td>
    </tr>
</table>
 
====General Setup====


The <b>General Setup</b> section is used to turn a wireless device on or off, select the operating frequency (WiFi mode and channel), transmit power and define a country code.  
The <b>General Setup</b> section is used to turn a wireless device on or off, select the operating frequency (WiFi mode, channel and channel width) and transmit power.  


A wireless 2.4 GHz WiFi channel requires a signaling band roughly 22 MHz wide, radio frequencies of neighboring channels numbers significantly overlap each other. Choose a WiFi channel according to the busyness of other channels. You can download a free WiFi analyzer app on your phone, laptop or other WiFi device and check which channel is the least populated.  
A wireless 2.4 GHz WiFi channel requires a signaling band roughly 22 MHz wide, radio frequencies of neighboring channels numbers significantly overlap each other. Choose a WiFi channel according to the busyness of other channels. You can download a free WiFi analyzer app on your phone, laptop or other WiFi device and check which channel is the least populated.  
Line 67: Line 75:
|TAP100 = [[File:Networking_rutos_manual_wireless_global_settings_edit_button_tap100_v3.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_wireless_global_settings_edit_button_tap100_v3.png|border|class=tlt-border]]
|TAP200 = [[File:Networking_rutos_manual_wireless_global_settings_edit_button_tap200_v1.png|border|class=tlt-border]]
|TAP200 = [[File:Networking_rutos_manual_wireless_global_settings_edit_button_tap200_v1.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_wireless_global_settings_general_setup_v2.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_wireless_global_settings_general_setup_v3.png|border|class=tlt-border]]
}}
}}


Line 88: Line 96:
     <tr>
     <tr>
       <td>Mode</td>
       <td>Mode</td>
       <td>N | Legacy; default: <b>N</b></td>
       <td>{{#ifeq:{{{wifi6}}}| 1 | AX {{!}} N {{!}} Legacy; default: <b>AX</b> | N {{!}} Legacy; default: <b>N</b>}}</td>
       <td>Wireless N (802.11n) supports a maximum theoretical transfer rate of 300mbps with 2 antennas. It can reach up to 450 Mbps with 3 antennas. Though typical speeds are more accurately around 130 Mbps. The legacy standards include 802.11a, 802.11b, and 802.11g.</td>
       <td>Wireless {{#ifeq:{{{wifi6}}}| 1 | AX (802.11ax) supports a maximum theoretical transfer rate of 576mbps with 2 antennas.| N (802.11n) supports a maximum theoretical transfer rate of 300mbps with 2 antennas. It can reach up to 450 Mbps with 3 antennas. Though typical speeds are more accurately around 130 Mbps. The legacy standards include 802.11a, 802.11b, and 802.11g.}}</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 108: Line 116:
     <tr>
     <tr>
       <td>Mode</td>
       <td>Mode</td>
       <td>N <nowiki>|</nowiki> AC; default: <b>AC</b></td>
       <td>{{#ifeq:{{{wifi6}}}| 1 | AX {{!}} N {{!}} AC; default: <b>AX</b> | N {{!}} AC; default: <b>AX</b>}}</td>
       <td>Choose between 802.11n and 802.11ac standards.</td>
       <td>Choose between {{#ifeq:{{{wifi6}}}| 1 | 802.11ax,|}} 802.11n and 802.11ac standards.</td>
     </tr>
     </tr>
     <tr>
     <tr>
       <td>Channel</td>
       <td>Channel</td>
       <td>Auto {{!}} 36(5180 MHz) {{!}} 40(5200 MHz) {{!}} 44(5220 MHz) {{!}} 48(5240 MHz) {{!}} 52(5260 MHz) {{!}} 56(5280 MHz) {{!}} 60(5300 MHz) {{!}} 64(5320 MHz) {{!}} 68(5340 MHz) {{!}} 72(5360 MHz) {{!}} 76(5380 MHz) {{!}} 80(5400 MHz) {{!}} 84(5420 MHz) {{!}} 88(5440 MHz) {{!}} 92(5460 MHz) {{!}} 96(5480 MHz) {{!}} 100(5500 MHz) {{!}} 104(5520 MHz) {{!}} 108(5540 MHz) {{!}} 112(5560 MHz) {{!}} 116(5580 MHz) {{!}} 120(5600 MHz) {{!}} 124(5620 MHz) {{!}} 128(5640 MHz) {{!}} 132(5660 MHz) {{!}} 136(5680 MHz) {{!}} 140(5700 MHz) {{!}} 144 (5720 MHz) {{!}} 149 (5745 MHz) {{!}} 153 (5765 MHz) {{!}}157 (5785 MHz) {{!}} 161 (5805 MHz) {{!}} 165 (5825 MHz); default: <b>36(5180 MHz)</b></td>
       <td>Auto {{!}} 36(5180 MHz) {{!}} 40(5200 MHz) {{!}} 44(5220 MHz) {{!}} 48(5240 MHz) {{!}} 52(5260 MHz) {{!}} 56(5280 MHz) {{!}} 60(5300 MHz) {{!}} 64(5320 MHz) {{!}} 68(5340 MHz) {{!}} 72(5360 MHz) {{!}} 76(5380 MHz) {{!}} 80(5400 MHz) {{!}} 84(5420 MHz) {{!}} 88(5440 MHz) {{!}} 92(5460 MHz) {{!}} 96(5480 MHz) {{!}} 100(5500 MHz) {{!}} 104(5520 MHz) {{!}} 108(5540 MHz) {{!}} 112(5560 MHz) {{!}} 116(5580 MHz) {{!}} 120(5600 MHz) {{!}} 124(5620 MHz) {{!}} 128(5640 MHz) {{!}} 132(5660 MHz) {{!}} 136(5680 MHz) {{!}} 140(5700 MHz) {{!}} 144 (5720 MHz) {{!}} 149 (5745 MHz) {{!}} 153 (5765 MHz) {{!}}157 (5785 MHz) {{!}} 161 (5805 MHz) {{!}} 165 (5825 MHz); default: <b>Auto</b></td>
       <td>A wireless 5 GHz WiFi channel also requires a signaling band roughly 22 MHz wide, but since its channel with is 20 MHZ ir overlaps less with neighboring channels, but it is still recommended to pick a channel with no other active Access Points and preferably one that has no active Access Point on two adjacent channels on each side as well.</td>
       <td>A wireless 5 GHz WiFi channel also requires a signaling band roughly 22 MHz wide, but since its channel with is 20 MHZ ir overlaps less with neighboring channels, but it is still recommended to pick a channel with no other active Access Points and preferably one that has no active Access Point on two adjacent channels on each side as well.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Width</td>
         <td>Width</td>
         <td>20 MHz <nowiki>|</nowiki> 40 MHz <nowiki>|</nowiki> 80 MHz; default: <b>80MHz</b></td>
         <td>20 MHz {{!}} 40 MHz {{!}} 80 MHz {{#ifeq:{{{wifi6}}}| 1 | 160 |}}; default: <b>80MHz</b></td>
         <td>A 40 MHz channel width bonds two 20 MHz channels together, forming a 40 MHz channel width, 8 MHZ channel bonds four 20 MHz channels; therefore, it allows for greater speed and faster transfer rates. But not if those channels are crowded with noise and interference. In crowded areas with a lot of frequency noise and interference, a single 20MHz channel will be more stable. 80 MHz width channel is faster than 40MHz which is faster than 20 MHz but it doesn’t perform as well in crowded areas.</td>
         <td>A 40 MHz channel width bonds two 20 MHz channels together, forming a 40 MHz channel width, 8 MHZ channel bonds four 20 MHz channels; therefore, it allows for greater speed and faster transfer rates. But not if those channels are crowded with noise and interference. In crowded areas with a lot of frequency noise and interference, a single 20MHz channel will be more stable. 80 MHz width channel is faster than 40MHz which is faster than 20 MHz but it doesn’t perform as well in crowded areas.</td>
     </tr>
     </tr>
Line 130: Line 138:
         <td>[{{#switch:{{{series}}}|TAP100|TAP200=13%|#default=5%}}...100%]; default: <b>100 %</b></td>
         <td>[{{#switch:{{{series}}}|TAP100|TAP200=13%|#default=5%}}...100%]; default: <b>100 %</b></td>
         <td>The transmit power of an access point radio is proportional to its effective range – the higher the transmit power, the more distance that a signal can travel, and/or the more physical materials that it can effectively penetrate and still have data successfully resolved at the receiver.</td>
         <td>The transmit power of an access point radio is proportional to its effective range – the higher the transmit power, the more distance that a signal can travel, and/or the more physical materials that it can effectively penetrate and still have data successfully resolved at the receiver.</td>
    </tr>
    <tr>
    <td>Country code</td>
        <td>country code; default: <b>{{#switch:{{{series}}}|TAP100|TAP200=00 - World|#default=US - United States}}</b></td>
        <td>SO/IEC 3166 alpha2 country codes as defined in ISO 3166-1 standard.</td>
     </tr>
     </tr>
</table>
</table>


{{#switch:{{{series}}}|TAP100|TAP200= ====Advanced Settings====|#default= =====Advanced Settings=====}}
====Advanced Settings====


The <b>Advanced Settings</b> section is used to configure how the wireless Access Point will work from a hardware perspective.
The <b>Advanced Settings</b> section is used to configure how the wireless Access Point will work from a hardware perspective.
Line 144: Line 147:
{{#switch:{{{series}}}
{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking_rutos_manual_wireless_global_settings_advanced_settings_tap100_v1.png|border|class=tlt-border]]
|TAP100|TAP200 = [[File:Networking_rutos_manual_wireless_global_settings_advanced_settings_tap100_v1.png|border|class=tlt-border]]
|#default =[[File:Networking_rutos_manual_wireless_global_settings_advanced_settings_v1.png|border|class=tlt-border]]
|#default =[[File:Networking_rutos_manual_wireless_global_settings_advanced_settings_v2.png|border|class=tlt-border]]
}}
}}
<table class="nd-mantable">
<table class="nd-mantable">
Line 224: Line 227:
</table>
</table>


{{#switch:{{{series}}}|TAP100|TAP200= |#default= =====WiFi Scanner=====
===SSIDs Configuration===
----
----
The <b>WiFi Scanner</b> provides you with the possibility to scan and collect information about connected devices and surrounding access points. The collected data is sent using the [[{{{name}}} Data to Server|Data to Server]] functionality with Kinesis argument.
The <b>Interface Configuration</b> section is used to configure the parameters of Wireless Access Points {{#switch:{{{series}}}|TAP100|TAP200=|#default= or Clients}}. You can find this section by clicking the 'Edit' button next to a wireless interface (<u>not a device</u>) in the Network → SSIDs page:
{{#switch: {{{series}}}
{{#switch: {{{name}}}
  | #default =
|#default = [[File:Networking_rutos_manual_wireless_wifi_{{{wifi}}}_v4.png|border|class=tlt-border]]
  | RUT36X|RUT9|TCR1|RUT2|RUT2M|RUT9M = <u><b>Note:</b> WiFi Scanner is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.</u>
|TCR100 = [[File:Networking rutos manual wireless wifi 5 tcr1 v4.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_wireless_interface_configuration_edit_button_tap100_v5.png|border|class=tlt-border]]
|TAP200 = [[File:Networking_rutos_manual_wireless_wifi_tap200_v2.png|border|class=tlt-border]]
|RUT241|RUT200|RUT951|RUT956|RUT906|RUT901 = [[File:Networking rutos manual wireless wifi 2 v4 mixed.png|border|class=tlt-border]]
}}
}}
[[File:Networking_rutos_manual_wireless_global_settings_wifi_scanner_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
    <tr>
        <th>Field</th>
        <th>Value</th>
        <th>Description</th>
    </tr>
    <tr>
      <td>Enable</td>
      <td>off {{!}} on; default: <b>off</b></td>
      <td>Enables or disables WiFi scanner.</td>
    </tr>
      <tr>
      <td>Interval</td>
      <td>integer; default: <b>10</b></td>
      <td>Interval between scans in seconds.</td>
    </tr>
</table>}}


====Interface Configuration====
====General Setup====
----
The <b>Interface Configuration</b> section is used to configure the parameters of Wireless Access Points{{#switch:{{{series}}}|TAP100|TAP200=|#default= or Clients}}. You can find this section by clicking the 'Edit' button next to a wireless device (<u>not an interface</u>) in the Network → SSIDs page:
{{#switch: {{{name}}}
|#default = [[File:Networking_rutos_manual_wireless_interface_configuration_edit_button_v3.png|border|class=tlt-border]]
|TCR100 = [[File:Networking_rutos_manual_wireless_interface_configuration_edit_button_tcr1_v3.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_wireless_interface_configuration_edit_button_tap100_v4.png|border|class=tlt-border]]
|TAP200 = [[File:Networking_rutos_manual_wireless_wifi_tap200_v1.png|border|class=tlt-border]]
|RUT241|RUT200|RUT951|RUT956|RUT906|RUT901 = [[File:Networking rutos manual wireless interface configuration edit button mixed v2.png|border|class=tlt-border]]
}}
=====General Setup=====
----
----
The <b>General Setup</b> tab contains basic options for ESSID and network interface.
The <b>General Setup</b> tab contains basic options for SSID and network interface.
{{#switch: {{{series}}}
{{#switch: {{{series}}}
|#default = [[File:Networking_rutos_manual_wireless_interface_configuration_general_setup_v2.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_wireless_interface_configuration_general_setup_v4.png|border|class=tlt-border]]
|TCR1 = [[File:Networking_rutos_manual_wireless_interface_configuration_general_setup_tcr1_v2.png|border|class=tlt-border]]
|TCR1 = [[File:Networking_rutos_manual_wireless_interface_configuration_general_setup_tcr1_v4.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_wireless_interface_configuration_general_setup_tap100_v3.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_wireless_interface_configuration_general_setup_tap100_v4.png|border|class=tlt-border]]
|TAP200 = [[File:Networking_rutos_manual_wireless_interface_configuration_general_setup_tap200_v1.png|border|class=tlt-border]]
|TAP200 = [[File:Networking_rutos_manual_wireless_interface_configuration_general_setup_tap200_v2.png|border|class=tlt-border]]}}
}}
 
<table class="nd-mantable">
<table class="nd-mantable">
     <tr>
     <tr>
Line 280: Line 257:
         <td>off {{!}} on; default: <b>on</b></td>
         <td>off {{!}} on; default: <b>on</b></td>
         <td>Enables or disables WiFi interface.</td>
         <td>Enables or disables WiFi interface.</td>
     </tr>{{#switch:{{{series}}}|TAP200=
     </tr>
    <tr>
        <td>Radios</td>
        <td>2.4 GHz {{!}} 5GHz; default: <b>2.4 GHz</b></td>
        <td>SSID will use these radios. Use one of them if you want seperate SSIDs for each radio or use all of them if you want combined SSID.</td>
    </tr>|#default=}}{{#switch:{{{series}}}|TAP100|TAP200=|#default=
     <tr>
     <tr>
         <td>Mode</td>
         <td>Mode</td>
         <td>Client {{!}} Access Point {{!}} Mesh {{!}} Multi AP; default: <b>Access Point</b></td>
         <td>{{#switch:{{{series}}}|TAP100|TAP200=|#default=Client {{!}}}} Access Point {{!}} Mesh {{#switch:{{{series}}}|TAP100|TAP200=|#default={{!}} Multi AP}}; default: <b>Access Point</b></td>
         <td>Defines what role this interface will do, Access point to supply WiFi for other devices, Client to use other devices WiFi for WWAN and Mesh to act as mesh network gateway or a node in a mesh network.</td>
         <td>Defines what role this interface will do, Access point to supply WiFi for other devices, Client to use other devices WiFi for WWAN and Mesh to act as mesh network gateway or a node in a mesh network.</td>
     </tr>}}{{#switch:{{{series}}}|TAP100|TAP200=|#default=
     </tr>
     <tr>
     <tr>
       <th>Access Point mode</th>
       <th>Access Point mode</th>
         <th></th>
         <th></th>
         <th></th>     
         <th></th>     
     </tr>}}
     </tr>{{#ifeq:{{{wifi}}}|5|
     <tr>
     <tr>
         <td>{{#switch:{{{series}}}|TAP100|TAP200=SSID|#default=ESSID}}</td>
         <td>Radios</td>
         <td>Factory {{#switch:{{{series}}}|TAP100|TAP200=SSID|#default=ESSID}} is different for every device; default: <b></b></td>
         <td>2.4 GHz {{!}} 5GHz; default: <b>2.4 GHz or 5 GHz</b></td>
         <td>{{#switch:{{{series}}}|TAP100|TAP200=Service Set Identifier.|#default=Extended Service Set Identifier is a name used to identify access point which is shown when client tries to connect to it.}}</td>
         <td>SSID will use these radios. Use one of them if you want seperate SSIDs for each radio or use all of them if you want combined SSID.</td>
     </tr>{{#switch:{{{series}}}|TAP200=
     </tr>|}}
     <tr>
     <tr>
         <td>Chiper</td>
         <td>SSID</td>
         <td>Auto {{!}} Force CCMP (AES) {{!}}  Force TKIP {{!}} Force TKIP and CCMP (AES); default: <b>Auto</b></td>
         <td>Factory SSID is different for every device; default: <b></b></td>
         <td> An algorithm for performing encryption or decryption.</td>
         <td>Service Set Identifier is a name used to identify access point which is shown when client tries to connect to it.</td>
     </tr>|#default=}}
     </tr>
     <tr>
     <tr>
         <td>Password</td>
         <td>Password</td>
         <td>string; default: <b>none</b></td>
         <td>string; default: <b>none</b></td>
         <td>Custom passphrase used for authentication (at least 8 characters long).</td>
         <td><li>Custom passphrase used for authentication (at least 8 characters long).</li><li>Another option is to use the 'Dice' icon, which generates random passwords.</li></td>
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=
    <tr>
      <td>Encryption</td>
      <td>No encryption {{!}} WPA-PSK/WPA2-PSK Mixed Mode {{!}} WPA2-PSK {{!}} WPA2-EAP {{!}}
WPA2-EAP/WPA3-EAP Mixed Mode {{!}} WPA3-EAP {{!}} WPA2-PSK/WPA3-SAE Mixed Mode
{{!}} WPA3-SAE {{!}} OWE; default: <b>WPA2-PSK</b></td>
      <td>The type of encryption used on this Wireless Interface.  
Opportunistic Wireless Encryption (<b>OWE</b>) - no password is required and
all wireless traffic is encrypted (safer than <b>No Encryption</b>).</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>VLAN ID</td>
         <td>{{#switch:{{{series}}}|TAP100|TAP200=VLAN ID|#default=Network}}</td>
        <td>integer [1..4094]; default: <b>Default</b></td>
         <td>{{#switch:{{{series}}}|TAP100|TAP200=default {{!}} +add new; default: <b>default</b>|#default=network interfaces {{!}} +add new; default: <b>lan</b>}}</td>
         <td>Choose default or define a network VLAN ID.</td>
         <td>{{#switch:{{{series}}}|TAP100|TAP200=Use tagged VLAN from the network as untagged VLAN on the SSID.|#default=Choose the network(s) you want to attach to this wireless interface or fill out the create field to define a new network.}}</td>
    </tr>|#default=}}{{#switch:{{{series}}}|TAP100|TAP200=|#default=
    <tr>
        <td>Network</td>
        <td>network interfaces; default: <b>lan</b></td>
         <td>Choose the network(s) you want to attach to this wireless interface or fill out the create field to define a new network.</td>
    </tr>}}{{#switch:{{{series}}}|TAP100|TAP200=|#default=
    <tr>
        <td>Hide ESSID</td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>Hide extended Service Set Identifier.</td>
     </tr>{{#ifeq:{{{series}}}|TCR1|
     </tr>{{#ifeq:{{{series}}}|TCR1|
     <tr>
     <tr>
Line 351: Line 304:
     </tr>
     </tr>
     <tr>
     <tr>
         <td>ESSID</td>
         <td>Auto-reconnect</td>
         <td>Factory ESSID is different for every device; default: <b></b></td>
        <td>on {{!}} off; default: <b>on</b></td>
        <td>Enables automatic reconnection to the configured access point on connection loss.</td>
    </tr>{{#ifeq:{{{wifi}}}|5|
    <tr>
        <td>Radios</td>
        <td>2.4 GHz {{!}} 5GHz; default: <b>2.4 GHz or 5 GHz</b></td>
        <td>SSID will use these radios. Use one of them if you want seperate SSIDs for each radio or use all of them if you want combined SSID.</td>
    </tr>|}}
    <tr>
        <td>SSID</td>
         <td>Factory SSID is different for every device; default: <b></b></td>
         <td>Extended Service Set Identifier is a name used to identify access point to which client will connect.</td>
         <td>Extended Service Set Identifier is a name used to identify access point to which client will connect.</td>
     </tr>
     </tr>
Line 363: Line 326:
         <td>Password</td>
         <td>Password</td>
         <td>string; default: <b>none</b></td>
         <td>string; default: <b>none</b></td>
         <td>Custom passphrase used for authentication (at least 8 characters long).</td>
         <td><li>Custom passphrase used for authentication (at least 8 characters long).</li><li>Another option is to use the 'Dice' icon, which generates random passwords.</li></td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 369: Line 332:
         <td>network interfaces; default: <b>Auto</b></td>
         <td>network interfaces; default: <b>Auto</b></td>
         <td>Choose the network you want to attach to this wireless interface or fill out the Custom field to define a new network (you will be redirected to the newly created network configuration page).</td>
         <td>Choose the network you want to attach to this wireless interface or fill out the Custom field to define a new network (you will be redirected to the newly created network configuration page).</td>
     </tr>}}{{#switch:{{{series}}}|TAP100|TAP200=|#default=
     </tr>}}{{#switch:{{{series}}}|TAP100|TAP200=
     <tr>
     <tr>
         <th>Mesh mode</th>
         <th>Mesh mode</th>
Line 379: Line 342:
         <td>integer; default: <b>none</b></td>
         <td>integer; default: <b>none</b></td>
         <td>Mesh network identifier.</td>
         <td>Mesh network identifier.</td>
    </tr>{{#ifeq:{{{wifi}}}|5|
    <tr>
        <td>Radios</td>
        <td>2.4 GHz {{!}} 5GHz; default: <b>2.4 GHz or 5 GHz</b></td>
        <td>SSID will use these radios. Use one of them if you want seperate SSIDs for each radio or use all of them if you want combined SSID.</td>
    </tr>|}}
    <tr>
        <td>Password</td>
        <td>string; default: <b>none</b></td>
        <td><li>Custom passphrase used for authentication (at least 8 characters long).</li><li>Another option is to use the 'Dice' icon, which generates random passwords.</li></td>
    </tr>
    |#default=
    <tr>
        <th>Mesh mode</th>
        <th></th>
        <th></th>   
     </tr>
     </tr>
    <tr>
        <td>Mesh ID</td>
        <td>integer; default: <b>none</b></td>
        <td>Mesh network identifier.</td>
    </tr>{{#ifeq:{{{wifi}}}|5|
    <tr>
        <td>Radios</td>
        <td>2.4 GHz {{!}} 5GHz; default: <b>2.4 GHz or 5 GHz</b></td>
        <td>SSID will use these radios. Use one of them if you want seperate SSIDs for each radio or use all of them if you want combined SSID.</td>
    </tr>|}}
     <tr>
     <tr>
         <td>Password</td>
         <td>Password</td>
         <td>string; default: <b>none</b></td>
         <td>string; default: <b>none</b></td>
         <td>Custom passphrase used for authentication (at least 8 characters long).</td>
         <td><li>Custom passphrase used for authentication (at least 8 characters long).</li><li>Another option is to use the 'Dice' icon, which generates random passwords.</li></td>
     </tr>
     </tr>
         <tr>
         <tr>
Line 394: Line 383:
         <th></th>
         <th></th>
         <th></th>     
         <th></th>     
     </tr>
     </tr>{{#ifeq:{{{wifi}}}|5|
    <tr>
        <td>Radios</td>
        <td>2.4 GHz {{!}} 5GHz; default: <b>2.4 GHz or 5 GHz</b></td>
        <td>SSID will use these radios. Use one of them if you want seperate SSIDs for each radio or use all of them if you want combined SSID.</td>
    </tr>|}}
     <tr>
     <tr>
         <td>Network</td>
         <td>Network</td>
Line 412: Line 406:
</table>
</table>


{{#switch:{{{series}}}|TAP100|TAP200=|#default= =====Wireless Security=====
====Additional Settings====
----
 
[[File:Networking rutos manual wireless interface configuration additional settings access point v1.png|border|class=tlt-border]]
 
<table class="nd-mantable">
    <tr>
        <th>Field</th>
      <th>Value</th>
      <th>Description</th>
    </tr>
    <tr>
      <th>Access point</th>
        <th></th>
        <th></th>   
    </tr>
    <tr>
        <td>Hide SSID</td>
        <td>on {{!}} off; default: <b>off</b></td>
        <td>Hide Service Set Identifier </td>
    </tr>
    <tr>
      <td>Isolate Clients</td>
      <td>off {{!}} on; default: <b>off</b></td>
      <td>Prevents client to client communication on the same subnet.</td>
    </tr>
    <tr>
        <td>802.11v BSS Transition Management</td>
        <td>on {{!}} off; default: <b>off</b></td>
        <td>A suggestion (or advice) given to a client, which the client can choose to follow or ignore</td>
    </tr>
    <tr>
        <td>802.11k Radio Resource Measurement</td>
        <td>on {{!}} off; default: <b>off</b></td>
        <td>Helps devices search quickly for nearby APs that are available as roaming targets by creating an optimized list of channels.</td>
    </tr>
    <tr>
        <td>Disassociate On Low Acknowledgement</td>
        <td>off {{!}} on; default: <b>on</b></td>
        <td>Allow AP mode to disconnect stations/clients based on low Acknowledgement condition.</td>
    </tr>
</table>
{{#switch:{{{series}}}|TAP100|TAP200=|#default=
----
[[File:Networking rutos manual wireless interface configuration additional settings client multi ap v3.png|border|class=tlt-border]]
 
<table class="nd-mantable">
    <tr>
        <th>Field</th>
      <th>Value</th>
      <th>Description</th>
    </tr>
    <tr>
      <th>Client & Multi AP</th>
        <th></th>
        <th></th>   
    </tr>
    <tr>
        <td>Enable fast roaming</td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>Requests background scans for the purpose of roaming within an ESS.</td>
    </tr>
    <tr>
        <td>Redirect captive portal</td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>Also known as <b>Travelmate</b>. Enables captive portal redirection. More information about using <b>Travelmate</b> can be found [[Connecting_to_a_Hotspot_WiFi_for_Internet_Connectivity|here]].</td>
    </tr>
    </table>}}
----
 
[[File:Networking rutos manual wireless interface configuration mesh additional settings v2.png|border|class=tlt-border]]
 
<table class="nd-mantable">
    <tr>
        <th>Field</th>
      <th>Value</th>
      <th>Description</th>
    </tr>
    <tr>
      <th>Mesh</th>
        <th></th>
        <th></th>   
    </tr>
    <tr>
        <td>Forward mesh peer traffic </td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>Enables mesh peer traffic forwarding.</td>
    </tr>
    <tr>
        <td>RSSI threshold for joining </td>
        <td>integer [0..1]; default: <b>0</b></td>
        <td>0 = not using RSSI threshold, 1 = do not change driver default.</td>
    </tr>
    </table>
 
====Wireless Security====
----
----
The <b>Wireless Security</b> tab is used to determine what kind of encryption your WLAN will use.  
The <b>Wireless Security</b> tab is used to determine what kind of encryption your WLAN will use.  


[[File:Networking_rutos_manual_wireless_interface_configuration_wireless_security_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_wireless_interface_configuration_wireless_security_v4.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 427: Line 516:
       <td>Encryption</td>
       <td>Encryption</td>
          
          
       <td>No encryption {{!}} WPA-PSK {{!}} WPA2-PSK {{!}} WPA-PSK/WPA2-PSK Mixed Mode {{!}} WPA3-SAE {{!}} WPA2-PSK/WPA3-SAE Mixed Mode
       <td>No encryption {{!}} WPA-PSK {{!}} WPA2-PSK {{!}} WPA-PSK/WPA2-PSK Mixed Mode {{!}} WPA3-SAE {{!}} WPA2-PSK/WPA3-SAE Mixed Mode
{{!}} WPA-EAP {{!}} WPA2-EAP {{!}} OWE {{#switch:{{{name}}}|RUT241|RUT200|RUT951|RUT956|RUT906 =
{{!}} OWE {{!}} WPA-EAP {{!}} WPA2-EAP {{!}} WPA2-EAP/WPA3-EAP Mixed Mode {{!}} WPA3-EAP Mixed Mode {{!}} WPA3-EAP; default: <b>WPA2-PSK</b></td>
|#default = {{!}} WPA2-EAP/WPA3-EAP Mixed Mode {{!}} WPA3-EAP}}; default: {{#switch:{{{name}}}
|RUT241|RUT200|RUT951|RUT956|RUT906|RUT901 = <b>WPA2-PSK/WPA3-SAE Mixed Mode</b>
|#default = <b>WPA2-PSK</b>
}}</td>
       <td>The type of encryption used on this Wireless Interface.  
       <td>The type of encryption used on this Wireless Interface.  
Opportunistic Wireless Encryption (<b>OWE</b>) - no password is required and  
Opportunistic Wireless Encryption (<b>OWE</b>) - no password is required and  
Line 438: Line 523:
     </tr>
     </tr>
     <tr>
     <tr>
       <th>With all encryptions</th>
       <th>WPA-PSK, WPA2-PSK, WPA-PSK/WPA2-PSK Mixed Mode, WPA3-EAP</th>
         <th></th>
         <th></th>
         <th></th>     
         <th></th>     
Line 448: Line 533:
     </tr>
     </tr>
     <tr>
     <tr>
       <th>WPA3-SAE, WPA2-PSK/WPA3-SAE Mixed Mode</th>
       <th>WPA-PSK, WPA2-PSK, WPA-PSK/WPA2-PSK Mixed Mode, WPA3-SAE, WPA2-PSK/WPA3-SAE Mixed Mode</th>
         <th></th>
         <th></th>
         <th></th>     
         <th></th>     
Line 455: Line 540:
     <td>Password</td>
     <td>Password</td>
         <td>string; default: <b>none</b> </td>
         <td>string; default: <b>none</b> </td>
         <td>A custom passphrase used for authentication (at least 8 characters long).</td>
         <td><li>Custom passphrase used for authentication (at least 8 characters long).</li><li>Another option is to use the 'Dice' icon, which generates random passwords.</li></td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 494: Line 579:
     <tr>
     <tr>
     <td>NAS id</td>
     <td>NAS id</td>
        <td>string; default: <b>none</b></td>
        <td>Network access server identifier.</td>
    </tr>
        <tr>
      <th><span style="color:green;">Mesh mode: WPA3-SAE, No encryption</span></th>
        <th></th>
        <th></th>   
    </tr>
    <tr>
    <td>Password</td>
         <td>string; default: <b>none</b> </td>
         <td>string; default: <b>none</b> </td>
        <td><li>Custom passphrase used for authentication (at least 8 characters long).</li><li>Another option is to use the 'Dice' icon, which generates random passwords.</li></td>
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
    <tr>
      <th><span style="color:red;">Client mode: WPA-EAP, WPA2-EAP, WPA2-EAP/WPA3-EAP Mixed Mode, WPA3-EAP</span></th>
        <th></th>
        <th></th>   
    </tr>
    <tr>
    <td><span style="color:red;">EAP-Method</span></td>
        <td><span style="color:brown;">TLS</span> {{!}} <span style="color:blue;">TTLS</span> {{!}} <span style="color:blue;">PEAP</span> {{!}} <span style="color:blue;">FAST</span>; default: <b><span style="color:brown;">TLS</span></b> </td>
         <td>Network access server identifier.</td>
         <td>Network access server identifier.</td>
     </tr>
     </tr>
</table>}}
    <tr>
    <td><span style="color:brown;">Use PKCS#12 format</span></td>
        <td>off {{!}} <span style="color:green;">on</span>; default: <b>off</b> </td>
        <td>Use PKCS#12 file format for client certificate.</td>
    </tr>
    <tr>
    <td><span style="color:green;">PKCS#12 client certificate file</span></td>
        <td>- (interactive button)</td>
        <td>Use PKCS#12 file format for client certificate.</td>
    </tr>
    <tr>
    <td><span style="color:green;">PKCS#12 passphrase</span></td>
        <td>string; default: <b>none</b></td>
        <td>Passphrase used to decrypt PKCS #12 certificates..</td>
    </tr>
    <tr>
    <td>Certificate files from device</td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>Choose this option if you want to select certificate files from device.</td>
    </tr>
    <tr>
    <td>CA-Certificate</td>
        <td>.crt file; default: <b>none</b></td>
        <td>This file can have one or more trusted CA certificates. If CA-Certificate is not included, server certificate will not be verified. This is insecure and a trusted CA-Certificate should always be configured when using EAP-TLS/TTLS/PEAP/FAST.</td>
    </tr>
    <tr>
    <td><span style="color:brown;">Client-Certificate</span></td>
        <td>.crt file; default: <b>none</b></td>
        <td>Client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity..</td>
    </tr>
    <tr>
    <td><span style="color:brown;">Private Key</span></td>
        <td>.key file; default: <b>none</b></td>
        <td>TLS client key file.</td>
    </tr>
    <tr>
    <td><span style="color:brown;">Password of Private Key</span></td>
        <td>string; default: <b>none</b></td>
        <td>Password of Private Key.</td>
    </tr>
    <tr>
    <td><span style="color:blue;">Authentication</span></td>
        <td>EAP-GTC {{!}} EAP-MD5 {{!}} EAP-MSCHAPv2 {{!}} <span style="color:olive;">EAP-TLS</span> {{!}} PAP {{!}} CHAP {{!}} MSCHAP {{!}} MSCHAPv2; default: <b>EAP-GTC</b> </td>
        <td>Used as the username for authentication.</td>
    </tr>
    <tr>
    <td><span style="color:olive;">Inner certificate files from device</span></td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>Choose this option if you want to select certificate files from device.</td>
    </tr>
    <tr>
    <td><span style="color:olive;">Inner CA-Certificate</span></td>
        <td>.crt file; default: <b>none</b></td>
        <td>Inner CA-Certificate.</td>
    </tr>
    <tr>
    <td><span style="color:olive;">Inner Client-Certificate</span></td>
        <td>.crt file; default: <b>none</b></td>
        <td>Inner Client-Certificate.</td>
    </tr>
    <tr>
    <td><span style="color:olive;">Inner Private Key</span></td>
        <td>.key file; default: <b>none</b></td>
        <td>Inner Private Key.</td>
    </tr>
    <tr>
    <td><span style="color:olive;">Password of inner Private Key</span></td>
        <td>string; default: <b>none</b></td>
        <td>Password of inner Private Key.</td>
    </tr>
    <tr>
    <td>Identity</td>
        <td>string; default: <b>none</b> </td>
        <td>Used as the username for authentication.</td>
    </tr>
    <tr>
    <td>Anonymous Identity</td>
        <td>string; default: <b>none</b> </td>
        <td>Shown as username outside the encrypted tunnel. Not used for authentication.</td>
    </tr>
    <tr>
    <td><span style="color:blue;">Password</span></td>
        <td>string; default: <b>none</b> </td>
        <td>Used for authentication.</td>
    </tr>}}
</table>


=====MAC Filter=====
====MAC Filter====
----
----
The <b>MAC Filter</b> tab is used for setting up rules that allow or exclude devices with specified MAC addresses from connecting to your WiFi network.  
The <b>MAC Filter</b> tab is used for setting up rules that allow or exclude devices with specified MAC addresses from connecting to your WiFi network.  
Line 505: Line 695:
{{#switch:{{{series}}}
{{#switch:{{{series}}}
|TAP100 = [[File:Networking_rutos_manual_wireless_interface_configuration_mac_filter_tap100_v1.png|border|class=tlt-border]]
|TAP100 = [[File:Networking_rutos_manual_wireless_interface_configuration_mac_filter_tap100_v1.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_wireless_interface_configuration_mac_filter_v2.png|border|class=tlt-border]]}}
|#default = [[File:Networking_rutos_manual_wireless_interface_configuration_mac_filter_v3.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 535: Line 725:
</table>
</table>


=====Advanced Settings=====
====Advanced Settings====
----
----
{{#switch:{{{series}}}
 
|TAP100 = [[File:Networking rutos manual wireless interface configuration advanced settings tap100_v1.png|border|class=tlt-border]]
[[File:Networking rutos manual wireless interface configuration advanced settings access_point_v2.png|border|class=tlt-border]]
|TAP200 = [[File:Networking rutos manual wireless interface configuration advanced settings tap200_v1.png|border|class=tlt-border]]
|#default = [[File:Networking rutos manual wireless interface configuration advanced settings access_point.png|border|class=tlt-border]]}}


<table class="nd-mantable">
<table class="nd-mantable">
Line 552: Line 740:
         <th></th>
         <th></th>
         <th></th>     
         <th></th>     
    </tr>
    <tr>
      <td>Isolate Clients</td>
      <td>off {{!}} on; default: <b>off</b></td>
      <td>Prevents client to client communication on the same subnet.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 588: Line 771:
         <td>Association will be refused if a client/station attempts to associate with a listen interval greater than this value.</td>
         <td>Association will be refused if a client/station attempts to associate with a listen interval greater than this value.</td>
     </tr>
     </tr>
    <tr>
        <td>Disassociate On Low Acknowledgement</td>
        <td>off {{!}} on; default: <b>on</b></td>
        <td>Allow AP mode to disconnect stations/clients based on low Acknowledgement condition.</td>
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
     <tr>
     <tr>
         <td>WDS</td>
         <td>WDS</td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points (APs) in a network</td>
         <td>A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points (APs) in a network.</td>
     </tr>}}
     </tr>
     <tr>
     <tr>
         <td>WMM Mode</td>
         <td>WMM Mode</td>
         <td>off {{!}} on; default: <b>on</b></td>
         <td>off {{!}} on; default: <b>on</b></td>
         <td>Wi-Fi Multimedia (WMM), previously known as Wireless Multimedia Extensions (WME), is a subset of the 802.11e wireless LAN (WLAN) specification that enhances quality of service (QoS) on a network by prioritizing data packets according to four categories. </td>
         <td>Wi-Fi Multimedia (WMM), previously known as Wireless Multimedia Extensions (WME), is a subset of the 802.11e wireless LAN (WLAN) specification that enhances quality of service (QoS) on a network by prioritizing data packets according to four categories. </td>
     </tr>{{#switch:{{{series}}}|TAP100|TAP200=
     </tr>
     <tr>
     <tr>
         <td>Hide SSID</td>
         <td>802.11w Management frame protection</td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>Disabled {{!}} Optional {{!}} Required; default: <b>Disabled</b></td>
         <td>Hide Service Set Identifier.</td>
         <td>Enables Management frame protection (MFP or PMF). By default it is set to 'Required' when using WPA3 encryption.</td>
     </tr>|#default=}}
     </tr>
</table>
</table>


{{#switch:{{{series}}}|TAP100|TAP200 =
{{#switch:{{{series}}}|TAP100|TAP200 =
|#default = [[File:Networking rutos manual wireless interface configuration advanced settings client_multi_ap.png|border|class=tlt-border]]
|#default = [[File:Networking rutos manual wireless interface configuration advanced settings client_v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
     <tr>
     <tr>
Line 619: Line 797:
     </tr>
     </tr>
     <tr>
     <tr>
       <th>Client & Multi AP</th>
       <th>Client</th>
         <th></th>
         <th></th>
         <th></th>     
         <th></th>     
Line 652: Line 830:
         <td>positive integer; default: <b>none</b> </td>
         <td>positive integer; default: <b>none</b> </td>
         <td>Association will be refused if a client/station attempts to associate with a listen interval greater than this value.</td>
         <td>Association will be refused if a client/station attempts to associate with a listen interval greater than this value.</td>
    </tr>
    <tr>
        <td>Disassociate On Low Acknowledgement</td>
        <td>off {{!}} on; default: <b>on</b></td>
        <td>Allow AP mode to disconnect stations/clients based on low Acknowledgement condition.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 662: Line 835:
         <td>off {{!}} on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points (APs) in a network</td>
         <td>A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points (APs) in a network</td>
    </tr>
    <tr>
        <td>Enable fast roaming</td>
        <td>off {{!}} on; default: <b>on</b></td>
        <td>Requests background scans for the purpose of roaming within an ESS.</td>
     </tr>
     </tr>
</table>}}
</table>}}


{{#switch:{{{series}}}|TAP100|TAP200 =
 
|#default = [[File:Networking rutos manual wireless interface configuration advanced settings tap200 v1.png|border|class=tlt-border]]
[[File:Networking rutos manual wireless interface configuration mesh advanced settings v1.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
     <tr>
     <tr>
Line 679: Line 847:
     </tr>
     </tr>
     <tr>
     <tr>
       <th>Mesh</th>
       <th>{{#switch:{{{series}}}|TAP100|TAP200=Mesh|#default=Mesh & Multi AP}}</th>
         <th></th>
         <th></th>
         <th></th>     
         <th></th>     
    </tr>
    <tr>
      <td>Forward mesh peer traffic</td>
      <td>off {{!}} on; default: <b>off</b></td>
      <td></td>
    </tr>
    <tr>
        <td>RSSI threshold for joining</td>
        <td>number; default: <b>none</b> </td>
        <td>0 = not using RSSI threshold, 1 = do not change driver default.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 723: Line 881:
         <td>Association will be refused if a client/station attempts to associate with a listen interval greater than this value.</td>
         <td>Association will be refused if a client/station attempts to associate with a listen interval greater than this value.</td>
     </tr>
     </tr>
    <tr>
</table>
        <td>Disassociate On Low Acknowledgement</td>
        <td>off {{!}} on; default: <b>on</b></td>
        <td>Allow AP mode to disconnect stations/clients based on low Acknowledgement condition.</td>
    </tr>
    <tr>
        <td>WDS</td>
        <td>off {{!}} on; default: <b>off</b></td>
        <td>A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points (APs) in a network</td>
    </tr>
</table>}}


=====Fast Transition=====
====Fast Transition====
----
----
The <b>Fast Transition</b> tab is only available when in <b>General setup</b> section <b>802.11r Fast Transition</b> option is enabled.
The <b>Fast Transition</b> tab is only available when in <b>General setup</b> section <b>802.11r Fast Transition</b> option is enabled.


[[File:Networking rutos manual wireless interface configuration fast transition settings.png|border|class=tlt-border]]
[[File:Networking rutos manual wireless interface configuration fast transition settings_v1.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 769: Line 917:
  </table>
  </table>


{{#switch:{{{series}}}|TAP100|TAP200=|#default= =====Fast Roaming=====
{{#switch:{{{series}}}|TAP100|TAP200=|#default= ====Fast Roaming====
----
----
The <b>Fast Roaming</b> tab is only available when in <b>General setup</b> section <b>Client</b> mode is selected and in <b>Advanced settings</b> tab <b>Enable fast roaming</b> option is enabled.
The <b>Fast Roaming</b> tab is only available when in <b>General setup</b> section <b>Client</b> mode is selected and in <b>Advanced settings</b> tab <b>Enable fast roaming</b> option is enabled.


[[File:Networking rutos manual wireless interface configuration fast roaming settings.png|border|class=tlt-border]]
[[File:Networking rutos manual wireless interface configuration fast roaming settings_v1.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 817: Line 965:
To begin configuring WiFi Client first click the 'Scan' button to scan the surrounding area and attempt to connect to a new wireless access point.
To begin configuring WiFi Client first click the 'Scan' button to scan the surrounding area and attempt to connect to a new wireless access point.


[[File:Networking_rutos_manual_wireless_scan_button.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_wireless_scan_button_v1.png|border|class=tlt-border]]


After which you will be redirected to the window shown below, where you will see list of available WiFi Access Points in the area. Choose one according to your liking and press the '''Join Network''' button next to it.
After which you will be redirected to the window shown below, where you will see list of available WiFi Access Points in the area. Choose one according to your liking and press the '''Join Network''' button next to it.
Line 829: Line 977:
Next window that opens will be '''Device Configuration'''. Values there, mostly, should be left unchanged to avoid connection problems, because they are dictated by Access Point. Other than that, only difference from Access Point settings are in ''Interface Configuration → General Setup'' section, where '''Mode''' is set to '''Client''', and '''Network''' attached to this wireless interface is '''wifi1''' instead of LAN
Next window that opens will be '''Device Configuration'''. Values there, mostly, should be left unchanged to avoid connection problems, because they are dictated by Access Point. Other than that, only difference from Access Point settings are in ''Interface Configuration → General Setup'' section, where '''Mode''' is set to '''Client''', and '''Network''' attached to this wireless interface is '''wifi1''' instead of LAN


[[File:Networking_rutos_manual_wireless_scan_button_results_join_network_general_setup_v3.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_wireless_scan_button_results_join_network_general_setup_v4.png|border|class=tlt-border]]


Click '''Save & Apply''' and if you configured correctly, you will have Wireless Client working.
Click '''Save & Apply''' and if you configured correctly, you will have Wireless Client working.
Line 847: Line 995:
To begin click the 'Add' button below of wireless interface in the Network → Wireless page:
To begin click the 'Add' button below of wireless interface in the Network → Wireless page:


[[File:Networking rutos manual wireless mesh gateway add button v4.png|border|class=tlt-border]]
[[File:Networking rutos manual wireless mesh gateway add button v5.png|border|class=tlt-border]]


In '''General Setup''' tab change '''Mode''' to '''Mesh''', set '''Mesh ID''' (this number has to be the same in all nodes that connect to this wireless mesh network) and select desired '''Network''' which will be attached to the interface. Click '''Save & Apply'''.
In '''General Setup''' tab change '''Mode''' to '''Mesh''', set '''Mesh ID''' (this number has to be the same in all nodes that connect to this wireless mesh network) and select desired '''Network''' which will be attached to the interface. Click '''Save & Apply'''.


[[File:Networking rutos manual wireless mesh gateway 1_v2.png|Networking rutos manual wireless mesh gateway general settings|border|class=tlt-border]]
[[File:Networking rutos manual wireless mesh gateway 1_v3.png|Networking rutos manual wireless mesh gateway general settings|border|class=tlt-border]]


Next navigate to '''Wireless Security''' tab and select '''WPA3-SAE''' encryption to add authentication layer. The password must match in all devices within the mesh network.
Next navigate to '''Wireless Security''' tab and select '''WPA3-SAE''' encryption to add authentication layer. The password must match in all devices within the mesh network.


[[File:Networking rutos manual wireless mesh gateway 2_v2.png|Networking rutos manual wireless mesh gateway security|border|class=tlt-border]]
[[File:Networking rutos manual wireless mesh gateway 2_v3.png|Networking rutos manual wireless mesh gateway security|border|class=tlt-border]]


Lastly, in '''Advanced Settings''' tab enable '''Forward mesh peer traffic''' and set '''RSSI threshold for joining''' to -80. Leave the rest as set by default.
Lastly, in '''Advanced Settings''' tab enable '''Forward mesh peer traffic''' and set '''RSSI threshold for joining''' to -80. Leave the rest as set by default.


[[File:Networking rutos manual wireless mesh gateway 3_v2.png|Networking rutos manual wireless mesh gateway advanced settings|border|class=tlt-border]]
[[File:Networking rutos manual wireless mesh gateway 3_v4.png|Networking rutos manual wireless mesh gateway advanced settings|border|class=tlt-border]]


Click '''Save & Apply''' and if you configured correctly, you will have wireless mesh gateway ready.
Click '''Save & Apply''' and if you configured correctly, you will have wireless mesh gateway ready.
Line 865: Line 1,013:
=====Mesh Node=====
=====Mesh Node=====


Mesh node is configured the same way as mesh gateway. Node has to match gateway's wireless mesh interface configuration. Additionally, LAN interface has to be setup as DHCP client:
Mesh node is configured the same way as mesh gateway. Node has to match gateway's wireless mesh interface configuration. Additionally, WAN interface has to be setup as DHCP client:
 
1. Access router‘s WebUI. Navigate to Network → Interfaces.
 
2. Press pencil icon on the right of the LAN interface.


[[File:Networking rutx11 configuration example wireless mesh mesh node configuration 1 v3.png|border|class=tlt-border]]
1. Access router‘s WebUI. Navigate to Network → WAN.


3. Change Protocol to DHCP.
2. Press edit button on the right of the WAN interface.


[[File:Networking rutx11 configuration example wireless mesh mesh node configuration 2 v3.png|border|class=tlt-border]]
[[File:Networking rutx11 configuration example wireless mesh mesh node configuration 1 v5.png|border|class=tlt-border]]


Click '''Save & Apply''' and If everything was setup correctly, mesh node should be ready use.
3. Change Protocol to DHCP and select necessary device . Click '''Save & Apply''' and If everything was setup correctly, mesh node should be ready use.


====Multi AP====
====Multi AP====
Line 883: Line 1,027:
The <b>Multi AP</b> feature is used to configure access to multiple wireless access points from one page. To create Multi AP wireless interface click the 'Add' button below of wireless interface in the Network → Wireless page:
The <b>Multi AP</b> feature is used to configure access to multiple wireless access points from one page. To create Multi AP wireless interface click the 'Add' button below of wireless interface in the Network → Wireless page:


[[File:Networking rutos manual wireless mesh gateway add button v4.png|border|class=tlt-border]]
[[File:Networking rutos manual wireless mesh gateway add button v5.png|border|class=tlt-border]]


In General Setup tab change Mode to Multi AP, select desired Network which will be attached to the interface. You can also select scan time and upload file with Access Points list.
In General Setup tab change Mode to Multi AP, select desired Network which will be attached to the interface. You can also select scan time and upload file with Access Points list.


[[File:Networking_rutos_manual_wireless_multi_ap_create_network_v2.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_wireless_multi_ap_create_network_v3.png|border|class=tlt-border]]


=====Access Points=====
=====Access Points=====
Line 893: Line 1,037:
You can either configure multiple <b>access points</b> from this page of the WebUI or you can upload a file with a list of access point configurations. The file should contains WiFi access point configuration options and values, which should be defined as <b>option: value</b> (for example, <i>ssid: home_wifi</i>). The SSID option is mandatory.
You can either configure multiple <b>access points</b> from this page of the WebUI or you can upload a file with a list of access point configurations. The file should contains WiFi access point configuration options and values, which should be defined as <b>option: value</b> (for example, <i>ssid: home_wifi</i>). The SSID option is mandatory.


[[File:Networking_rutos_manual_wireless_multi_ap_access_points.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_wireless_multi_ap_access_points_v1.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 938: Line 1,082:
Each WiFi interface has a specially designed QR code that contains information about the SSID and password of the WiFi network. After pressing the button [[File:Networking_rutos_manual_wireless_qr_code_button.png]], a QR code appears with the network's SSID and password, which you can download locally by pressing the 'Download' button. If you only want a QR code without additional information, uncheck the 'Include credentials' box.
Each WiFi interface has a specially designed QR code that contains information about the SSID and password of the WiFi network. After pressing the button [[File:Networking_rutos_manual_wireless_qr_code_button.png]], a QR code appears with the network's SSID and password, which you can download locally by pressing the 'Download' button. If you only want a QR code without additional information, uncheck the 'Include credentials' box.


[[File:Networking_rutos_manual_wireless_qr_code.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_wireless_qr_code_v1.png|border|class=tlt-border]]


{{#switch:{{{series}}}|TAP100|TAP200=|#default= ==Relay Configuration==
{{#switch:{{{series}}}|TAP100|TAP200=|#default= ==Relay Configuration==

Latest revision as of 07:44, 9 October 2024

The information in this page is updated in accordance with firmware version .


Summary

The Wireless section of the Network tab can be used to manage and configure WiFi Access Points, WiFi Stations (clients) and WiFi devices. This chapter of the user manual provides an overview of the Wireless section for {{{name}}} devices. If you're having trouble finding this page or some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Advanced" button, located at the top of the WebUI.

Wireless

SSIDS


The SSIDs section is used to configure your wireless access points (AP) and wireless clients (STA).

[[File:Networking_rutos_manual_wireless_wifi_{{{wifi}}}_v4.png|border|class=tlt-border]]

Above is the overview of the SSIDS Overview window. It displays active access pointsand stations. Here you can turn on or off your WiFi interfaces, remove them or start configuring by clicking on

Edit button on the right side of interface.To configure your Wireless device as Client press Scan button to scan the surrounding area and attempt to connect to a new wireless access point.


Radio


The Global Settings section is used for configuring the country code which is used for regulatory purposes (different areas allow different maximum transmit power and operating frequencies) and WiFi hardware parameters. You can change parameters by clicking the 'Edit' button next to a wireless device (not an interface) in the Network → SSIDS page: [[File:Networking_rutos_manual_wireless_radio_{{{wifi}}}.png|border|class=tlt-border]]

Field Value Description
Country code country code; default: US - United States SO/IEC 3166 alpha2 country codes as defined in ISO 3166-1 standard.

General Setup

The General Setup section is used to turn a wireless device on or off, select the operating frequency (WiFi mode, channel and channel width) and transmit power.

A wireless 2.4 GHz WiFi channel requires a signaling band roughly 22 MHz wide, radio frequencies of neighboring channels numbers significantly overlap each other. Choose a WiFi channel according to the busyness of other channels. You can download a free WiFi analyzer app on your phone, laptop or other WiFi device and check which channel is the least populated.

Many home networks utilize routers that by default run on channel 6 on the 2.4 GHz band. Neighboring WiFi home networks that run over the same channel generate radio interference that can cause significant network performance slowdowns for users. Reconfiguring a network to run on a different wireless channel helps minimize these slowdowns. Therefore, pick a channel with no other active Access Points and preferably one that has no active Access Point on two adjacent channels on each side as well. If you don't feel like doing this, set the 'Channel' field to Auto and the device will pick the least busy channel in your location automatically.

Field Value Description
Enable off | on; default: on Turns Wireless device on or off.
Operating Frequency (2.4 GHz)
Mode N | Legacy; default: N Wireless N (802.11n) supports a maximum theoretical transfer rate of 300mbps with 2 antennas. It can reach up to 450 Mbps with 3 antennas. Though typical speeds are more accurately around 130 Mbps. The legacy standards include 802.11a, 802.11b, and 802.11g.
Channel Auto | 1 (2412 MHz) | 2 (2417 MHz) | 3 (2422 MHz) | 4 (2427 MHz) | 5 (2432 MHz) | 6 (2437 MHz) | 7 (2442 MHz) | 8 (2447 MHz) | 9 (2452 MHz) | 10 (2457 MHz) | 11 (2462 MHz); default: Auto A wireless 2.4 GHz WiFi channel requires a signaling band roughly 22 MHz wide, radio frequencies of neighboring channels numbers significantly overlap each other. Therefore, pick a channel with no other active Access Points and preferably one that has no active Access Point on two adjacent channels on each side as well.
Width 20 MHz | 40 MHz; default: 20 MHz A 40 MHz channel width bonds two 20 MHz channels together, forming a 40 MHz channel width; therefore, it allows for greater speed and faster transfer rates. But not if those channels are crowded with noise and interference. In crowded areas with a lot of frequency noise and interference, a single 20MHz channel will be more stable. 40MHz channel width allows for greater speed and faster transfer rates but it doesn’t perform as well in crowded areas.
Transmit Power [5%...100%]; default: 100 % The transmit power of an access point radio is proportional to its effective range – the higher the transmit power, the more distance that a signal can travel, and/or the more physical materials that it can effectively penetrate and still have data successfully resolved at the receiver.

Advanced Settings

The Advanced Settings section is used to configure how the wireless Access Point will work from a hardware perspective.

Field Value Description
Operating Frequency (2.4 GHz)
Allow legacy 802.11b rates off | on; default: on Turn on to enable connections that uses legacy 802.11b standard.
Distance Optimization integer [0..65535]; default: none HT Distance to farthest network member in meters.
Fragmentation threshold integer [256..2346]; default: none The smallest packet size that can be fragmented and transmitted by multiple frames. In areas were interference is a problem, setting a lower fragment threshold might help reduce the probability of unsuccessful packet transfers, thus increasing speed
RTS/CTS threshold integer [0..2347]; default: none RTS/CTS (Request to Send/Clear to Send) are mechanisms, used to reduce frame collisions introduced by the hidden node problem. It can help resolve problems arising when several access points are in the same area, contending
Force 40MHz mode off | on; default: off Always use 40MHz channels even if the secondary channel overlaps. Using this option does not comply with IEEE 802.11n-2009!
Beacon interval integer [15..65535]; default: none Beacon signal interval in seconds.

SSIDs Configuration


The Interface Configuration section is used to configure the parameters of Wireless Access Points or Clients. You can find this section by clicking the 'Edit' button next to a wireless interface (not a device) in the Network → SSIDs page: [[File:Networking_rutos_manual_wireless_wifi_{{{wifi}}}_v4.png|border|class=tlt-border]]

General Setup


The General Setup tab contains basic options for SSID and network interface.

}}
Field Value Description
Enable off | on; default: on Enables or disables WiFi interface.
Mode Client | Access Point | Mesh | Multi AP; default: Access Point Defines what role this interface will do, Access point to supply WiFi for other devices, Client to use other devices WiFi for WWAN and Mesh to act as mesh network gateway or a node in a mesh network.
Access Point mode
SSID Factory SSID is different for every device; default: Service Set Identifier is a name used to identify access point which is shown when client tries to connect to it.
Password string; default: none
  • Custom passphrase used for authentication (at least 8 characters long).
  • Another option is to use the 'Dice' icon, which generates random passwords.
  • Network network interfaces | +add new; default: lan Choose the network(s) you want to attach to this wireless interface or fill out the create field to define a new network.
    802.11r Fast Transition off | on; default: off Enables fast roaming among access points that belong to the same Mobility Domain
    Client mode
    Auto-reconnect on | off; default: on Enables automatic reconnection to the configured access point on connection loss.
    SSID Factory SSID is different for every device; default: Extended Service Set Identifier is a name used to identify access point to which client will connect.
    BSSID mac address; default: none Basic service set identifier.
    Password string; default: none
  • Custom passphrase used for authentication (at least 8 characters long).
  • Another option is to use the 'Dice' icon, which generates random passwords.
  • Network network interfaces; default: Auto Choose the network you want to attach to this wireless interface or fill out the Custom field to define a new network (you will be redirected to the newly created network configuration page).
    Mesh mode
    Mesh ID integer; default: none Mesh network identifier.
    Password string; default: none
  • Custom passphrase used for authentication (at least 8 characters long).
  • Another option is to use the 'Dice' icon, which generates random passwords.
  • Network network interfaces; default: Auto Choose the network you want to attach to this wireless interface or fill out the Custom field to define a new network (you will be redirected to the newly created network configuration page).
    Multi AP
    Network network interfaces; default: Auto Choose the network you want to attach to this wireless interface or fill out the Custom field to define a new network (you will be redirected to the newly created network configuration page).
    Scan time (sec) number; default: 60 Time between scans of available access points (minimum 30 sec.)
    Upload AP list - (interactive button) Uploads a list of access point configurations.

    Additional Settings


    Field Value Description
    Access point
    Hide SSID on | off; default: off Hide Service Set Identifier
    Isolate Clients off | on; default: off Prevents client to client communication on the same subnet.
    802.11v BSS Transition Management on | off; default: off A suggestion (or advice) given to a client, which the client can choose to follow or ignore
    802.11k Radio Resource Measurement on | off; default: off Helps devices search quickly for nearby APs that are available as roaming targets by creating an optimized list of channels.
    Disassociate On Low Acknowledgement off | on; default: on Allow AP mode to disconnect stations/clients based on low Acknowledgement condition.

    Field Value Description
    Client & Multi AP
    Enable fast roaming off | on; default: off Requests background scans for the purpose of roaming within an ESS.
    Redirect captive portal off | on; default: off Also known as Travelmate. Enables captive portal redirection. More information about using Travelmate can be found here.

    Field Value Description
    Mesh
    Forward mesh peer traffic off | on; default: off Enables mesh peer traffic forwarding.
    RSSI threshold for joining integer [0..1]; default: 0 0 = not using RSSI threshold, 1 = do not change driver default.

    Wireless Security


    The Wireless Security tab is used to determine what kind of encryption your WLAN will use.

    Field Value Description
    Encryption No encryption | WPA-PSK | WPA2-PSK | WPA-PSK/WPA2-PSK Mixed Mode | WPA3-SAE | WPA2-PSK/WPA3-SAE Mixed Mode | OWE | WPA-EAP | WPA2-EAP | WPA2-EAP/WPA3-EAP Mixed Mode | WPA3-EAP Mixed Mode | WPA3-EAP; default: WPA2-PSK The type of encryption used on this Wireless Interface.

    Opportunistic Wireless Encryption (OWE) - no password is required and

    all wireless traffic is encrypted (safer than No Encryption).
    WPA-PSK, WPA2-PSK, WPA-PSK/WPA2-PSK Mixed Mode, WPA3-EAP
    Cipher Auto | Force CCMP (AES) | Force TKIP | Force TKIP and CCMP (AES); default: Auto An algorithm for performing encryption or decryption.
    WPA-PSK, WPA2-PSK, WPA-PSK/WPA2-PSK Mixed Mode, WPA3-SAE, WPA2-PSK/WPA3-SAE Mixed Mode
    Password string; default: none
  • Custom passphrase used for authentication (at least 8 characters long).
  • Another option is to use the 'Dice' icon, which generates random passwords.
  • WPA-EAP, WPA2-EAP, WPA2-EAP/WPA3-EAP Mixed Mode, WPA3-EAP
    Radius-Authentication-Server string; default: none Ip address of the authentification server.
    Radius-Authentication-Port string; default: none Default port for the server is 1812.
    Radius-Authentication-Secret string; default: none Server's shared secret.
    Radius-Accounting-Server string; default: none Ip address of the accounting server.
    Radius-Accounting-Port string; default: none Default port for the server is 1813.
    Radius-Accounting-Secret string; default: none Server's shared secret.
    NAS id string; default: none Network access server identifier.
    Mesh mode: WPA3-SAE, No encryption
    Password string; default: none
  • Custom passphrase used for authentication (at least 8 characters long).
  • Another option is to use the 'Dice' icon, which generates random passwords.
  • Client mode: WPA-EAP, WPA2-EAP, WPA2-EAP/WPA3-EAP Mixed Mode, WPA3-EAP
    EAP-Method TLS | TTLS | PEAP | FAST; default: TLS Network access server identifier.
    Use PKCS#12 format off | on; default: off Use PKCS#12 file format for client certificate.
    PKCS#12 client certificate file - (interactive button) Use PKCS#12 file format for client certificate.
    PKCS#12 passphrase string; default: none Passphrase used to decrypt PKCS #12 certificates..
    Certificate files from device off | on; default: off Choose this option if you want to select certificate files from device.
    CA-Certificate .crt file; default: none This file can have one or more trusted CA certificates. If CA-Certificate is not included, server certificate will not be verified. This is insecure and a trusted CA-Certificate should always be configured when using EAP-TLS/TTLS/PEAP/FAST.
    Client-Certificate .crt file; default: none Client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity..
    Private Key .key file; default: none TLS client key file.
    Password of Private Key string; default: none Password of Private Key.
    Authentication EAP-GTC | EAP-MD5 | EAP-MSCHAPv2 | EAP-TLS | PAP | CHAP | MSCHAP | MSCHAPv2; default: EAP-GTC Used as the username for authentication.
    Inner certificate files from device off | on; default: off Choose this option if you want to select certificate files from device.
    Inner CA-Certificate .crt file; default: none Inner CA-Certificate.
    Inner Client-Certificate .crt file; default: none Inner Client-Certificate.
    Inner Private Key .key file; default: none Inner Private Key.
    Password of inner Private Key string; default: none Password of inner Private Key.
    Identity string; default: none Used as the username for authentication.
    Anonymous Identity string; default: none Shown as username outside the encrypted tunnel. Not used for authentication.
    Password string; default: none Used for authentication.

    MAC Filter


    The MAC Filter tab is used for setting up rules that allow or exclude devices with specified MAC addresses from connecting to your WiFi network. This tab is only visible when Wireless interface Mode is set to Access Point.

    Field Value Description
    MAC-address filter Disable | Allow listed only | Allow all except listed; default: Disable Defines how the MAC Filter should function.
    • Allow listed only – only allows devices with specified MAC addresses to connect to your Wireless Access Point.
    • Allow all except listed - blocks devices with specified MAC addresses from connecting to your Wireless Access Point.
    MAC-List MAC; default: none List of MAC addresses to be included or excluded from connecting to your Wireless Access Point.
    Remove from whitelist off | on; default: off Enables MAC removal from whitelist when device reaches IP block counter.

    Advanced Settings


    Field Value Description
    Access point
    Short Preamble off | on; default: on Uses Short Preamble, it uses shorter data strings that adds less data to transmit the error redundancy check which means that it is much faster.
    DTIM interval seconds; default: none Delivery Traffic Indication Message Interval.
    Time interval for rekeying GTK seconds; default: none Period of time in between automatic changes of the group key, which all devices on the network share.
    Disable Inactivity Polling off | on; default: off Inactivity polling can be disabled to disconnect stations based on inactivity timeout so that idle stations are more likely to be disconnected even if they are still in range of the AP.
    Station inactivity limit seconds; default: none Station inactivity limit in seconds. If a station/client does not send anything in st time frame, an empty data frame is sent to it in order to verify whether it is still in range. If this frame is not acknowledged, the station will be disassociated and then deauthenticated.
    Maximum allowed Listen Interval positive integer; default: none Association will be refused if a client/station attempts to associate with a listen interval greater than this value.
    WDS off | on; default: off A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points (APs) in a network.
    WMM Mode off | on; default: on Wi-Fi Multimedia (WMM), previously known as Wireless Multimedia Extensions (WME), is a subset of the 802.11e wireless LAN (WLAN) specification that enhances quality of service (QoS) on a network by prioritizing data packets according to four categories.
    802.11w Management frame protection Disabled | Optional | Required; default: Disabled Enables Management frame protection (MFP or PMF). By default it is set to 'Required' when using WPA3 encryption.

    Field Value Description
    Client
    Short Preamble off | on; default: on Uses Short Preamble, it uses shorter data strings that adds less data to transmit the error redundancy check which means that it is much faster.
    DTIM interval seconds; default: none Delivery Traffic Indication Message Interval.
    Time interval for rekeying GTK seconds; default: none Period of time in between automatic changes of the group key, which all devices on the network share.
    Disable Inactivity Polling off | on; default: off Inactivity polling can be disabled to disconnect stations based on inactivity timeout so that idle stations are more likely to be disconnected even if they are still in range of the AP.
    Station inactivity limit seconds; default: none Station inactivity limit in seconds. If a station/client does not send anything in st time frame, an empty data frame is sent to it in order to verify whether it is still in range. If this frame is not acknowledged, the station will be disassociated and then deauthenticated.
    Maximum allowed Listen Interval positive integer; default: none Association will be refused if a client/station attempts to associate with a listen interval greater than this value.
    WDS off | on; default: off A Wireless Distribution System (WDS) is a system that enables the wireless interconnection of access points (APs) in a network


    Field Value Description
    Mesh & Multi AP
    Short Preamble off | on; default: on Uses Short Preamble, it uses shorter data strings that adds less data to transmit the error redundancy check which means that it is much faster.
    DTIM interval seconds; default: none Delivery Traffic Indication Message Interval.
    Time interval for rekeying GTK seconds; default: none Period of time in between automatic changes of the group key, which all devices on the network share.
    Disable Inactivity Polling off | on; default: off Inactivity polling can be disabled to disconnect stations based on inactivity timeout so that idle stations are more likely to be disconnected even if they are still in range of the AP.
    Station inactivity limit seconds; default: none Station inactivity limit in seconds. If a station/client does not send anything in st time frame, an empty data frame is sent to it in order to verify whether it is still in range. If this frame is not acknowledged, the station will be disassociated and then deauthenticated.
    Maximum allowed Listen Interval positive integer; default: none Association will be refused if a client/station attempts to associate with a listen interval greater than this value.

    Fast Transition


    The Fast Transition tab is only available when in General setup section 802.11r Fast Transition option is enabled.

    Field Value Description
    NAS id string; default: empty Used for fast transition and Radius server.
    Mobility Domain HEX string; default: empty 4-character hexadecimal ID
    Reassociation Deadline integer [1000..65535]; default: empty Time units (TUs / 1.024 ms)
    FT protocol FT over DS | FT over Air; default: FT over DS Defines how nagotiation will happen using Fast Transition protocol.

    Fast Roaming


    The Fast Roaming tab is only available when in General setup section Client mode is selected and in Advanced settings tab Enable fast roaming option is enabled.

    Field Value Description
    Mode Simple | Learn; default: Simple Defines how the MAC Filter should function.
    • Simple: Periodic background scans based on signal strengt
    • Learn: Learns channels used by the network and tries to avoid scans on other channels
    Short interval integer [5..86400]; default: 30 Defines the interval between background scans (in seconds) if the actual signal level of the currently connected access point is worse than signal threshold
    Long interval integer [5..86400]; default: 300 Defines the interval between background scans (in seconds) if the actual signal level of the currently connected access point is better than signal threshold
    Signal threshold integer [-90..-30]; default: -70 Defines a threshold (in dBm) that determines if short interval or longer interval will be used

    Configuration examples


    Client Mode

    {{{name}}} can also work as a WiFi client. Configuring client mode is nearly identical to Access Point, except for the fact that most of the options are dictated by the WiFi Access Point that the router is connecting to. Changing them can result in an interrupted connection to that router.

    To begin configuring WiFi Client first click the 'Scan' button to scan the surrounding area and attempt to connect to a new wireless access point.

    After which you will be redirected to the window shown below, where you will see list of available WiFi Access Points in the area. Choose one according to your liking and press the Join Network button next to it.

    You again will be redirected to following window, where you will need to enter WPA passphrase.

    Next window that opens will be Device Configuration. Values there, mostly, should be left unchanged to avoid connection problems, because they are dictated by Access Point. Other than that, only difference from Access Point settings are in Interface Configuration → General Setup section, where Mode is set to Client, and Network attached to this wireless interface is wifi1 instead of LAN

    Click Save & Apply and if you configured correctly, you will have Wireless Client working.

    Mesh Mode

    {{{name}}} can also be configured as a mesh gateway or as a node (router) connecting to a mesh gateway.

    When {{{name}}} is configured as mesh gateway it provides internet access to other mesh nodes. When configured as mesh node it acts as a mesh router which forwards traffic to and from mesh gateway. Nodes also connect other wireless devices to the network such as laptops and cellphones.

    For complete wireless mesh network example please visit Wireless Mesh configuration example.

    Mesh Gateway

    When configuring {{{name}}} as a mesh gateway internet connectivity is required.

    To begin click the 'Add' button below of wireless interface in the Network → Wireless page:

    In General Setup tab change Mode to Mesh, set Mesh ID (this number has to be the same in all nodes that connect to this wireless mesh network) and select desired Network which will be attached to the interface. Click Save & Apply.

    Networking rutos manual wireless mesh gateway general settings

    Next navigate to Wireless Security tab and select WPA3-SAE encryption to add authentication layer. The password must match in all devices within the mesh network.

    Networking rutos manual wireless mesh gateway security

    Lastly, in Advanced Settings tab enable Forward mesh peer traffic and set RSSI threshold for joining to -80. Leave the rest as set by default.

    Networking rutos manual wireless mesh gateway advanced settings

    Click Save & Apply and if you configured correctly, you will have wireless mesh gateway ready.

    Mesh Node

    Mesh node is configured the same way as mesh gateway. Node has to match gateway's wireless mesh interface configuration. Additionally, WAN interface has to be setup as DHCP client:

    1. Access router‘s WebUI. Navigate to Network → WAN.

    2. Press edit button on the right of the WAN interface.

    3. Change Protocol to DHCP and select necessary device . Click Save & Apply and If everything was setup correctly, mesh node should be ready use.

    Multi AP

    The Multi AP feature is used to configure access to multiple wireless access points from one page. To create Multi AP wireless interface click the 'Add' button below of wireless interface in the Network → Wireless page:

    In General Setup tab change Mode to Multi AP, select desired Network which will be attached to the interface. You can also select scan time and upload file with Access Points list.

    Access Points

    You can either configure multiple access points from this page of the WebUI or you can upload a file with a list of access point configurations. The file should contains WiFi access point configuration options and values, which should be defined as option: value (for example, ssid: home_wifi). The SSID option is mandatory.

    Field Value Description
    SSID string; default: none SSID of an access point.
    Key string; default: none Pre-shared key, a custom passphrase used for user authentication (at least 8 characters long).
    Enable off | on; default: off Turns an access point configuration on or off.
    Delete - (interactive button) Deletes the access point configuration next to the button.

    Option names in the file should be provided in lower case letters. AP list file example:

    ssid: RUT_1
    enable: 1
    key: 12345678
    ssid: RUT_2
    enable: 0
    key: 87654321
    

    Once uploaded, the contents of the file should become visible in the Access Points list.

    WiFi QR codes


    Each WiFi interface has a specially designed QR code that contains information about the SSID and password of the WiFi network. After pressing the button , a QR code appears with the network's SSID and password, which you can download locally by pressing the 'Download' button. If you only want a QR code without additional information, uncheck the 'Include credentials' box.

    Relay Configuration

    The Relay Configuration section is used to relay and dynamically redirect incoming connections to a target host. Its main purpose is extending the wireless network. For example, when the device is in Wireless Station (client) mode, it can be used to bridge WAN and LAN interfaces to create a larger wireless network.
    You can find a detailed usage example here.


    Field Value Description
    Enabled off | on; default: off Turns the relay configuration on or off.
    Interface network interface; default: none Network interface associated with the wireless interface.
    Wireless interface network interface; default: none Wireless interface associated with the relay configuration.

    [[Category:{{{name}}} Network section]]