Embed Size (px)
Citation preview
Universal Software for NETSHe networkdevices
User Manual
Section 4. Network
Stanislav Korsakov, “NETSHe Lab”
2009-2017
Yaroslavl
ContentsContents................................................................................................................................................2Network Interfaces...............................................................................................................................3
Configuration of Ethernet interfaces and aliases........................................................................3Configuration of dynamic interfaces (ppp-interfaces)................................................................5Configuration of wireless interfaces...........................................................................................5Configuration of tunnel interfaces..............................................................................................6
Zones....................................................................................................................................................6Bridges..................................................................................................................................................7Interface Bonding.................................................................................................................................7Network Interfaces setting in NETSHe................................................................................................8
PPTP/L2TP/PPPoE/3G connections...........................................................................................8How to establish PPPoE connection.........................................................................................11Interface Placement into Wan zone...........................................................................................12I got messages 'At first set up interfaces...'...............................................................................13I got message 'At first set up zones and assign interfaces...'.....................................................13Wireless interfaces wlan0 (wlanX) are setuped on both devices, but I can not ping other device....................................................................................................................................................13Wireless interfaces do not have connection..............................................................................14
Wireless interfaces setup....................................................................................................................14Setup for TDMA Point to Point (P2P) mode............................................................................14
General setup...................................................................................................................15Setup of BS......................................................................................................................15Setup of CPE...................................................................................................................15
Signal noise Ratio.....................................................................................................................18AES encryption for TDMA modes...........................................................................................18ANI (Atheros Noise Immunity)................................................................................................19Antenna Gain............................................................................................................................20Effective power.........................................................................................................................21WPA-EAP variants setup..........................................................................................................22Error detection, error correction and data transfer repeat.........................................................23MAC-based restrictions in AP-mode........................................................................................23Frame compression for wireless interfaces...............................................................................25Upload / download ratio in P2P TDMA mode..........................................................................25External burst synchronization in TDMA modes......................................................................26'Monitor' type of wireless interfaces.........................................................................................27The 'Ad-Hoc/Mesh point' type of wireless interfaces...............................................................27Fine tuning of wireless interfaces in TDMA modes.................................................................28
Beacon bypassing............................................................................................................28Beacon bypassing setup...................................................................................................28Link quality related recommendations............................................................................29Possible throughput enchancement..................................................................................29
VLAN switching................................................................................................................................29VLAN sample setup in WebUI...........................................................................................................30
VLAN interface creation...........................................................................................................30Bridge creation..........................................................................................................................31Switching setup.........................................................................................................................32Easy VLAN passthrough setup.................................................................................................33VLAN Switching Configuration Samples................................................................................36
Network InterfacesWeb-interface displays information (IP-address, netmask, number of sent and received packets, etc.) about all interfaces existing in the system. You can specify new interfaces, including virtual ones (using names like eth0.1), aliases (using names like eth0:1), wirelessinterfaces, bridges (using names like br0), bonded and dynamic interfaces. Here you can also edit settings of any existing interface.
This page displays interface loading charts. For wireless interfaces this page also displays parameters of wireless environment. All charts are drawn in near to real-time mode.There are several types of interface configuration dialogues:
Configuration of Ethernet interfaces and aliases.
When configuring virtual interfaces and bridges this dialogue acquires some additional fields. You can use DHCP for auto configuration or specify parameters manually, such as IP-address, netmask, gateway, etc.
Ethernet specific settings like speed, duplex and so on can be configured for ordinal ethernet interfaces as shown on picture below.
Please, keep in mind that most of Atheros/QCA based devices ethernet may choose wrong settings when third party devices which can not run auto negotiation or have auto negotiation broken.To get working setup, we offer to configure all devices in the network to 10BMbps full duplex and to disable auto negotiation function.
Configuration of dynamic interfaces (ppp-interfaces).
This type of interface configuration dialogue is used for dynamic connections with PPP/PPTP/PPPoE/PPPoA protocols, where the device acts as a network client. The following parameters can be configured: type of connection, device or interface used to establish connection, etc.
Configuration of wireless interfaces.
“IP settings” tab of this dialogue is the same as Ethernet interface configuration dialogue. “Wireless” and “Additional” tabs contain some specific parameters to be set up for wirelessdevices: operational mode, current frequency, modulation, encryption, etc.
Please, keep in mind that NETSHe supports up to four independent radios (wireless modules) and many wireless interfaces per every radio.
E.g. NETSHe supports up to 8 independent Access Points (AP) per radio, one Ad-Hoc andone TDMA interface and a lot of Clients.
Wireless interfaces for first radio msut have names 'wlan0', 'wlan4', wlan8', 'wlan12', etc. Interfaces for second radio must have names like 'wlan1', 'wlan5', w;an9', etc. Interface names for third radio start from 'wlan2' with step in 4. For fourth — from 'wlan3'.
To create new wireless interface, please fo to 'Network->Interfaces' menu and type new interface name in field 'Input name of interface to add' and press 'New' button. In a new page, configure new wireless interface as you wish and do not forget tick 'Enable interface'check-box. Reboot device to apply new settings.
Configuration of tunnel interfaces.
ZonesZone is a basic property of the firewall. Zones are logical networks and the device is connected to a zone by at least one of its network interfaces. A typical configuration contains two zones: worldwide (Wan) and internal network (Lan). Besides, the device can be connected to other zones, e. g. to a demilitarized zone (Dmz).The total number of zones is practically unlimited.
This page displays zones and contains easy zone control tools (for creating, deleting zones and changing the content of each zone). Originally all interfaces are unassigned and located in the “Unassigned interfaces” box. Simply grab the required interface with themouse, drag it to the proper zone and drop there. You can re-assign interfaces and make them unassigned in the same manner. Because firewall rules are based on zones and their interfaces, be careful not to lose connection to the device by moving an interface between zones.
BridgesThis page displays bridges and contains easy bridge control tools (for creating, deleting bridges and changing the content of each bridge). Please remember, that bridge names begin with ‘br’.
Originally all interfaces are unassigned and located in the “Unassigned interfaces” box. Simply grab the required interface with the mouse, drag it to the proper bridge and drop there. You can re-assign interfaces and make them unassigned in the same manner.
Any bridge is an Ethernet-like network interface and is managed in the same wayThe number of bridges in NETSHe can be more than one
Interface BondingThis page displays bonded interfaces and contains easy control tools (for creating, deleting bonded interfaces and changing the content of each one). Please remember, that bonding interface names begin with ‘bond’ and/or “teql”.
Originally all interfaces are unassigned and located in the “Unassigned interfaces” box. Simply grab the required interface with the mouse, drag it to the proper box and drop there. You can re-assign interfaces and make them unassigned in the same manner.
Any bonded interface is an Ethernet-like network interface and is managed in the same way.
Network Interfaces setting in NETSHe
PPTP/L2TP/PPPoE/3G connections
If you answered “yes” in the setup wizard field “Do you use PPTP/L2TP/PPPoE/3G protocol to connect to the upstream hardware/provider?” you can pass to “Interface Setting”.It is essential to remember WAN-interface name on the previous steps of setup wizard (usually eth0 or eth0.1)Find out the name of the interface in WAN-zone.For dynamic interfaces setting it is essential to know the name of the interface used to get connected.Select the menu item “Network-Zones” to find it out.On the opened page you should find interfaces available in WAN-zone. We are interested in the interface names starting with eth.
Remember such interface in WAN-zone, it is eth0
Create new interface ppp0Select the menu item “Network-Interfaces.Type in the name of the interface ppp0 in the upper field , press the button “New” as shown on the screenshot.
PPTP-interface setting. L2TP and PPoE-interfaces setting is analogous. 10Find the page of interface settingTick “ Enable Interface”
Select “PPTP” connection type.Type in username and password assigned by the provider.Type in the name of the server which is to be connected to.Type the name of the interface (usually eth0 or eth.0.1) in the field “Master device or interface”. In this case it is eth0.Tick the fields “Replace default route”, “Use peer DNS”, “Reboot the service after saving”Press the button “Save”.
How to establish PPPoE connection.
Open interface list (Menu «Network — Interfaces») and new interface name ppp0 (use nonexisting name with pppX template, where X is the number)into field «Input name of interface to add» as showed below
Then press «New» button.
You will be redirected on interface edit page.
Please, tick «Enable interface» checkbox, choose type of connection as «PPPoE» from dropbox, put username and password, put interface to establish connection (eth0, wlan0, wlan1 are available for JWAP603), put service name if required, tick required checkboxes («Use peer DNS», «Replace existing route»...) as showed below.
PPTP and L2TP connections have the same setup.
Interface Placement into Wan zone
Remember that only setup wizard created interfaces are automatically placed into WAN zone.Other interfaces should be placed into WAN-zone manually.Choose the menu item “Network-Zones”. On the new screen you can see a new interface named ppp0 located in the “Unassigned interfaces” box ( or in LAN-zone list)
I got messages 'At first set up interfaces...'
It means, that you did not have any setuped interfaces. Please, go to the menu 'Network->Interfaces', create and setup at least one interface.
I got message 'At first set up zones and assign interfaces...'
Assign interfaces to the two (at least) zones — Lan and Wan.
Wireless interfaces wlan0 (wlanX) are setuped on both devices, but I can not ping other device.
Please, login to console through ssh and type command 'iw wlan0 station dump'. If you see mac-address of remote device in the command output, it means that both devices have a connection.To resolve the issue :for bridge mode check that wlan0 interface are added to the bridge (type 'brctl show' in a console or check bridges in Web-UI). If interface is not a part of a bridge, add it to the bridge and reboot the device.
For routing mode, check that valid ip-address and netmask are assigned to the interface orDHCP-server / client are enabled.
Wireless interfaces do not have connection.
Output for 'iw wlan0 station dump' command is empty.
All wireless interfaces to have a connection should be setuped for equal frequency, channel width, channel shifting, encryption and authorization methods, MTU. For encryption, they should use equal keys.
For TDMA modes, they should have equal submode and amount of nodes in the network.
For CSMA/CA modes, they should have the same SSIDs.
Wireless interfaces setup.
Setup for TDMA Point to Point (P2P) mode.
Setup for TDMA P2P mode contains three phases — general setup, Basestation (BS) specific setup and CPE specific setup.
General setup.
BS and CPE should have the same channel width settings, the same MTU settings for the wireless device and the same Frequnecy settings. Also, the BS and CPE should have the same encryption settings.
Setup of BS.
To setup BS, choose 'TDMA 'in the 'Mode' selector and 'TDMA Basestation' in the 'TDMA version' selector as showed in the figure below.
Place '2' in the 'Amount of TDMA nodes' field. Choose required TDMA slot size and TX/RX ratio. Then press 'Save' button and reboot the device.
Setup of CPE.
To setup CPE, choose 'TDMA' in the 'Mode' selector, 'TDMA CPE' in the 'TDMA version' selector and place BS mac-address in the 'Remote Radio MAC-address' field as showed in the figure below.
Press 'Save' button and reboot the device.
Setup for TDMA Point to Multipoint (P2MP) mode.
Setup of TDMA P2MP mode is very similar to the P2P setup. General requirements and setup of CPE are absolutely similar to the P2P setup. To setup of Basestation for P2MP mode just specify actual node amount in the 'Amount of the TDMA nodes' field as showed below.
To activate settings, press 'Save' button and reboot the device.
It should be noted, that the CPE obtains settings like timeslot size, TX/RX ratio and mount of nodes in the network from the Basestation in the automatic mode.
Signal noise Ratio
Signal, Average signal and Noise are shown as a chart as showed below for all modes (including TDMA P2P).
In the figure, You can see Noise level in -95dBm, Signal level and Average signal level in -38dBm.
AES encryption for TDMA modes.
To enable AES encryption for any TDMA modes, You should choose WPA2 (Personal) encryption and specify 16 symbols length passphrase (key) as showed below.
It should be noted, that all devices in one network should have the same settings (key too).It should be noted, that the encryption decreases throughput in TDMA network.
ANI (Atheros Noise Immunity).
ANI is a permanent process and it is enabled in the firmware by default. The ANI process starts when the hardware is powered on and (or) wireless interface is initialized. The ANI process uses some initial (presetted) data when it starts.Usually, the start data relates to the minimal noise level.
To help the driver to adopt to the noise level faster, We provide a tool to specify initial values that can be differ from the default.
This values can not be interpreted as exact 'noise related' values, but the values can be interpreted as sequence 'Low noise level->Medium noise level->High noise level'.
To match this concept, we provide a tool to manage initial ANI values as showed below.
You can keep in mind, that values 0-3 relate to 'Low noise level', the values 4-6 relate to 'Medium noise level and the values 7-10 to the 'High noise level'.
We do not recommend to setup any initial Noise immunity level when you do not understand real noise environment.
Antenna Gain.
We provide a tool to inform wireless driver and hardware about real antenna which is usedwith the hardware.
To inform the hardware, put the antenna gain in the dB as showed below
It should be noted, that any changes of Encryption, ANI, Antenna gain should be saved and the device should be rebooted.
Effective power.
The device does automatic tx power management if tx power setuped in 0 in the Web-UI. The maximal tx power is limited by the current regulatory domain settings. When the antenna gain is specified, the device keeps it in mind and calculates tx power for wireless card to be within regulatory domain limitation. Also, the wireless device knows that it is in the MIMO modes and calculates tx power accordingly.
WPA-EAP variants setup.
To setup WPA-EAP configure wireless interface as showed below
Setup RADIUS server address, secret, athorization and accounting ports in 'Base settings','Radius client' tab.
Save changes and reboot device.
Setup RADIUS server accordingly. Create required certificates, accounts and passphrases.
Setup wireless interface for the WPA-EAP variants.
We have attached the screenshot for WPA-EAP TLS, but the screenshot is in Russian.
Error detection, error correction and data transfer repeat.
To do error detection, cyclic redundance code is used. To provide forward error correction LDPC (low density parity-check code) is used.Receiver sends special acknowledge frame to the transmitter to confirm that the unicast frame is received without errors (or errors are fixed with LDPC). Any receiver does not ack any broadcast and (or) multicast frames.Transmitter repeats unicast frame transmission if does not receive acknowledge frame from the receiver within a timeout (receiver did not receive a frame or transmitter did not receive an acknowledgement). The maximal number of retransmissions for TDMA modes is 3 (Each unicast frame shall be transmitted 3 times without acknowledgements then dropped).
MAC-based restrictions in AP-mode.
To deny access from unwanted stations just put their MAC-addresses todeny field as showed below
To allow connections from specified stations only, put their MAC-addresses to the allow field as showed below
Frame compression for wireless interfaces.
To enable frame compression tick 'Enable compression' checkbox. Also you can specify frame size. All frames that have size exceeds specified value will be compressed. By default, frame size in 512 bytes is used. Usually, compression does not have effect for frames with less size.Device sends frame without compression, if compressed frame size is bigger than original.It should be noted, that the mix of devices with compression option and devices from othervendors is prohibited.
Upload / download ratio in P2P TDMA mode.
P2P and P2MP TDMA modes have variable and configured TX/RX ratio. By default, this modes have symmetrical TX/RX rate.It is possible to specify TX/RX ratio during Basestation's configuration as showed below.
This settings mean, that TX and RX slots for Basestation will have 3/2 ratio. Of course, it means that TX and RX slots for CPE will have 2/3 ratio.We do not recommend using of ratios biggest than 1/8 (8/1).
External burst synchronization in TDMA modes.
Each interface in TDMA mode can act as external burst synchronization source (server) forother devices in different TDMA networks and use external burst synchronization source (act as client) to perform better synchronization (interference mitigation).
To setup source, tick enable checkbox and specify interface ID. Ids for all sources should not intersect.
To setup client, tick enable checkbox and specify Ids that will be used as sources.
'Monitor' type of wireless interfaces.
Monitor is a special type of wireless interface. This type allows you to capture traffic (wireless frames) that goes through all wireless interfaces on the specified wireless PHY (controller).It should be noted, that monitor interface does not transmit any kind of wireless traffic, just receives. The monitor interface provides ability to capture service (special) frames for the PHY.It is required to have at least one wireless interface with ordinary type (Access Point, Ad-Hoc, Client/Managed, TDMA) to setup the Monitor interface.It is possible to create monitor interface for any types of wireless interfaces per PHY.
A more information can be obtained from http://wireless.kernel.org/en/users/Documentation/iw#Modifying_monitor_interface_flags
To setup the Monitor interface just select Monitor type from the combobox. No more setttings required.
The 'Ad-Hoc/Mesh point' type of wireless interfaces.
Here is the two types of interfaces are provided. First is ordinary Ad-Hoc (or ibss). A more information can be obtained from http://wireless.kernel.org/en/users/Documentation/iw
To setup Ad-Hoc interface, specify frequency, SSID, encryption if required. The Ad-Hoc wireless interface could not be joined to the network bridge directly. Thus, ip-settings should be done for Ad-hoc interface or this interface can be used in the MESH-network with batman_adv (It is required to have bat0 interface setuped).
The second one is the wireless mesh interface according to the 802.11s standard.
To setup Mesh interface, specify the MESH id (in the SSID field), frequency and encryption(if required). The Mesh interface will be created if the bat0 interface does not setuped (enabled) and 'Append to the MESH-network' checkbox is ticked.The Mesh interfaces can be joined to the network bridge directly.
Fine tuning of wireless interfaces in TDMA modes.
Beacon bypassing.
The beaconing in TDMA modes uses timeslot time for non-tx purposes. By default, wireless interface in TDMA modes sends beacon frame at each round, when round = Amount of nodes * timeslot size.Thus, the user can try improve throughput by bypass of beacons transmission in some rounds and use of freed time to transmit data frames.
The software provides this capability. To activate it, use wireless interface configuration page, tab «Additional» to specify the amount of rounds to transmit beacon frame.
Beacon bypassing setup.
The sample is figured out below.
It should be noted, that values 0 and 1 in this field mean 'transmit beacon for every round'.
When the value is specified and saved, the device should be rebooted.
Link quality related recommendations.
We do not recommend to use non-default settings in cases of poor link quality, because it affects nodes synchronization.We do not recommend to use values biger than 4.
Possible throughput enchancement.
In normal conditions, beacon bypassing can increase link throughput up to 20%.
VLAN switching.
VLAN switching (including tagging and untagging) is implemented through network bridges.You can join to the bridge(s) tagged (VLAN — ethX.Y, wlanX.Y, bat0.Y) and untagged (ordinary — ethX, wlanX, bat0) interfaces.
To use VLAN switching, you should remember two simple rules:The frames which enter network bridge through VLAN interface and leave the network
bridge through ordinary interface, do not have VLAN tags.The frames which leave the network bridge through VLAN interface, haveVLAN tags and VLAN ID for these frames is the same as for the VLAN interface.Both rules are independent to the existing or non-existing VLAN tag and VLAN ID in the VLAN tag.Thus, for the bridge that contains eth0 and eth1.120 interfaces, frames which leave the eth0 interface will not have VLAN tags (will be untagged) and frames which leave the eth1.120 interface will have VLAN tags (will be tagged) with VLAN ID 120.
Next rule is significant for the devices with setuped network bridge and without any VLAN interfaces:
The network bridges in this device are transparent for any tagged and untagged traffic.
When the device has network bridge with the ordinary interfaces only and the device has at least one VLAN interface setuped for the ordinary interface from the bridge, this bridge is untransparent for the tagged traffic and transparent for the untagged.
VLAN sample setup in WebUI.
The VLAN setup contains three stage: VLAN interface creation; Bridge creation; Bridge configuration.
VLAN interface creation
To create VLAN interfaces for Ethernet interface, go to the edit page of appropriate interface (e.g. Eth1)
Configure required interfaces as showed above and press 'Save' button.
For other interfaces (wlanX, bat0), the process is the same.
Bridge creation
VLAN switching requires to create network bridge(s). We recommend to create bridge withname that has the same number as the joined VLAN interfaces.
For example, to pass through the VLAN with ID 121, we create network bridge with name br121 as showed below.
Switching setup
To provide VLAN passthrough, we should to join in the network bridge only VLAN interfaces.
In the sample above, the traffic with VLAN ID 5 will be received by device with Ethernet
port and passed to the network as untagged traffic.
To setup access VLAN, we should create VLAN interface bat0.5 and setup network bridge br0 as showed below.
In this sample, untagged traffic from the eth0 port will be tagged with VLAN ID 5. Tagged traffic with VLAN ID 5 will be untegged when passed to the eth0 port.Tagged traffic with VLAN ID will be passed through.
Easy VLAN passthrough setup.
To simplify the VLAN passthrough setup, we provide separate configuration page under menu 'Network->VLANs->Passthrough'.
As a sample task, will create passthrough VLANs 5 and 10.
Put 5 to the 'Specify new VLAN tag..' field and press 'New' button.
When done, you will have the page like showed in the figure below.
At the next step, drag required interface to the br.5 box
Then press 'Save' button and go to the tag 10.
You will see the figure like showed below during the process.
Reboot the device and use the setuped config.
VLAN Switching Configuration Samples
Let us configure the sample scenarios as VLAN 5 (IP Address 10.0.0.10/ 24) to tagand Untag the data at Ethernet Interface and VLAN 10 data to be passthrough.
In the BTS end radio both VLAN 5 and VLAN 10 data should be in Passthroughmode, the configuration is similar as mentioned in Section 10.1 above.
At client end radio VLAN 5 data to be in Tag/ Untag mode and VLAN 10 to be inPassthrough mode.
First, configure VLAN 10 in passthrough mode at Client end radio as shown inSection 10.1 & 10.2 above.
Go to Menu NETWORK INTERFACES and click on the bat0 interface.
In the following bat0 interface window, in SLAVE VLAN INTERFACE Tab, click onthe ADDITION button to add the new VLAN ID for Tag and Untag.
Add the VLAN ID details as shown in the below window and press on “SAVE”button.
Go to the Menu NETWORK BRIDGES
In this window, drag the bat0 interface from br0 to Unassigned Interfaces, and dragthe bat0.5 interface into br0 as shown in the below figure.
Save and reboot the radio.
In this sample configuration untagged traffic from the eth0 port will be tagged withVLAN ID 5, and tagged traffic with VLAN ID 5 will be untagged when it passed tothe eth0 port. The VLAN ID 10 data will passthrough over the wireless link.
The VLAN configuration process for Point to Multi-Point modes is the similar toshowed above.
The typical scenario for VLAN configuration in P2MP modes is showed on the figurebelow.
To implement this scenario, VLAN passthrough should be setuped for VLANManagement, 1, 2 and 3 for Basestation as it is describer in a chapter 10.1.VLAN passthrough should be setuped for Management VLAN and VLAN 1 forClient 1. IP address may be specified for management VLAN bridge for Client 1 tohave access to the device from the Management VLAN.
VLAN switching (access VLAN) should be setuped for Client 2 (Data VLAN 2) andfor Client 3 (Data VLAN 3) as described in a chapter 10.3.VLAN interfaces with VLAN ID matched to the Management VLAN should becreated for interfaces bat0 for Client2 and 3. The IP-addresses from ManagementVLAN should be assigned to the created interfaces to have access to the Clientsonly from the carrier side.
Client1 eth0bat0
Client3 eth0bat0
Client2 eth0bat0
BS bat0eth0
