background image

15

Ubiquiti Networks, Inc.

Chapter 3: AirOS™  

AirRouter User Guide

Firewall entries can be specified by using the following 
criteria:

Interface 

The interface (WLAN or LAN) where filtering of 

the incoming/passing-through packets are processed.

IP Type 

Sets which particular L3 protocol type (IP, ICMP, 

TCP, UDP) should be filtered.

Source IP/Mask 

The source IP of the packet (specified 

within the packet header), usually it is the IP of the host 
system which sends the packets.

Src Port 

The source port of the TCP/UDP packet (specified 

within the packet header), usually it is the port of the host 
system application which sends the packets.

Destination IP/Mask 

The destination IP of the packet 

(specified within the packet header), usually it is the IP of 
the system which the packet is addressed to.

Dst Port 

The destination port of the TCP/UDP packet 

(specified within the packet header), usually it is the 
port of the host system application which the packet is 
addressed to.

Comment 

Field used to enter a brief description of the 

firewall entry.

On 

Enables or disables the effect of the particular firewall 

entry. All added firewall entries are saved in system 
configuration file, however only the enabled firewall 
entries will be active on the AirRouter.

Not 

Can be used for inverting the Source IP/mask, Source 

Port, Destination IP/mask and Destination Port filtering 
criteria (i.e. if not is enabled for the specified Destination 
Port value 443, the filtering criteria will be applied to all 
the packets sent to any Destination Port except the 443 
which is commonly used by HTTPS).
Click Save to save your firewall entries or click Cancel to 
discard your changes.
All active firewall entries are stored in the FIREWALL chain 
of the ebtables filter table, while the device is operating 
in Bridge mode. Please refer to the ebtables manual for a 
detailed description of the firewall functionality in Bridge 
mode.
Click Change to save the changes made in the Network 
tab.

Router

The role of the LAN and WLAN interface will change 
depending on the Wireless Mode selected while the 
AirRouter is operating in Router mode:
•  The wireless interface and all connected wireless clients 

are considered as part of the internal LAN and the 
Ethernet interface is dedicated for the connection to 
the external network while the AirRouter is operating in 
Access Point or Access Point WDS mode.

•  The wireless interface and all of the connected wireless 

clients are considered part of the external network 
and all network devices on the LAN side as well as the 
Ethernet interface itself are considered as part of the 
internal network when the AirRouter is operating in 
Station or Station WDS mode.

Wireless/wired clients are routed from the internal 
network to the external one by default. Network Address 
Translation (NAT) functionality works the same way.

WLAN Network settings

IP Address 

This is the IP address to be represented by 

the WLAN interface which is connected to the internal 
network according to the wireless operation mode 
described above. This IP will be used for the routing of 
the internal network (it will be the Gateway IP for all 
the devices connected on the internal network). This IP 
address can be used to access the management interface 
of the AirRouter.

Netmask 

This is used to define the device IP classification 

for the chosen IP address range. 255.255.255.0 is a typical 
netmask value for Class C networks, which support IP 
address range 192.0.0.x to 223.255.255.x. Class C network 
Netmask uses 24 bits to identify the network (alternative 
notation “/24”) and 8 bits to identity the host.

Enable NAT 

Network Address Translation (NAT) enables 

packets to be sent from the wired network (LAN) to the 
wireless interface IP address and then sub-routed to other 
client devices residing on the local network while the 
AirRouter is operating in Access Point or Access Point WDS 
mode and in the reverse direction in Station and Station 
WDS
 mode.

Enable NAT Protocol 

While NAT is enabled, data packets 

could be modified in order to allow pass-through to the 
Router. To avoid packet modification of some specific 
packets, like: SIP, PPTP, FTP, RTSP; uncheck the respective 
checkbox.
NAT is implemented using the masquerade type firewall 
rules. NAT firewall entries are stored in the iptables nat 
table, while the device is operating in Router mode. Please 
refer to the iptables tutorial for detailed description of the 
NAT functionality in Router mode.

Содержание AirRouter

Страница 1: ......

Страница 2: ...View 1 Rear View 1 Chapter 2 Installation 2 Hardware Installation 2 Connecting a Wireless Client to the AirRouter 3 Chapter 3 AirOS 4 Navigation 4 Main 4 Wireless 8 Network 13 Advanced 25 Services 27...

Страница 3: ...when the AirRouter is connected to the Internet Flashes to indicate Internet activity Wireless LAN LED Displays solid green when the wireless LAN is enabled It will flash to indicate wireless activit...

Страница 4: ...he other end of the Ethernet cable to your computer 4 Launch your Web browser and type http 192 168 1 1 in the address field and press enter PC or return Mac Note Your computer needs to be on the 192...

Страница 5: ...ongratulations Basic router installation is complete Proceed to Connecting a Wireless Client to the AirRouter for information on connecting wireless clients Connecting a Wireless Client to the AirRout...

Страница 6: ...n be configured in this tab The Advanced tab also includes advanced Ethernet and traffic shaping settings Services The Services tab covers the configuration of system management services like SNMP NTP...

Страница 7: ...Every TX RX chain requires a separate antenna WLAN MAC Displays the MAC address of the AirRouter as seen on the wireless network LAN MAC Displays the MAC address of the AirRouter as seen on the LAN L...

Страница 8: ...days hours minutes and seconds Signal Strength Value represents in dBm the last received wireless signal level Noise Floor Displays the current value of the noise level in dBm Noise Floor is taken in...

Страница 9: ...dresses that the AirRouter uses for translation DHCP Server Displays the IP address of the DHCP Server assigning the WAN IP Address to the AirRouter Domain Displays the domain name Total Lease Time Sh...

Страница 10: ...long the leased IP address will be valid and reserved for particular DHCP client Hostname Displays the device name hostname of the client receiving an IP lease Interface Name Displays the interface to...

Страница 11: ...none or the WEP security method However this may compromise the security of your network When connecting STA WDS clients to an AP WDS device all security methods are available and work properly WDS Pe...

Страница 12: ...oducts The benefits of this are private networking and inherent security Using channel shifting networks instantly become invisible to the millions of Wi Fi devices in the world Frequency MHz Only app...

Страница 13: ...with Cipher Block Chaining Message Authentication Code Protocol which uses the Advanced Encryption Standard AES algorithm This is the strongest security option available If all of the wireless devices...

Страница 14: ...UDP port The most commonly used port is 1812 but that depends on the RADIUS Server you are using Radius Server Secret Specifies the password A shared secret is a case sensitive text string used to va...

Страница 15: ...for Layer 3 packet filtering and access control in Router mode SOHO Router SOHO Small Office Home Office Router is basically a derivation from Router mode In SOHO Router mode the Main Ethernet port la...

Страница 16: ...If enabled the AirRouter Bridge will communicate with other network devices by sending and receiving Bridge Protocol Data Units BPDU STP should be turned off selected by default when the AirRouter is...

Страница 17: ...ss interface and all connected wireless clients are considered as part of the internal LAN and the Ethernet interface is dedicated for the connection to the external network while the AirRouter is ope...

Страница 18: ...AirRouter is in operating in Router mode A valid Primary DNS Server IP needs to be specified for DNS Proxy functionality The internal network interface IP of the AirRouter should be specified as the D...

Страница 19: ...will be used for the host device if the DMZ Management Port option is enabled DMZ IP Enter the IP address of the internal network device and the device will be completely exposed to the external netwo...

Страница 20: ...lity as an alternative to Port Forwarding but DMZ opens all ports of the host network device to the external network DMZ Management Port Web Management Port for the AirRouter TCP IP port 80 by default...

Страница 21: ...Auto IP Aliasing Automatically generates an IP Address for the corresponding WLAN LAN interface if enabled The generated IP address is a unique Class B IP address from the 169 254 X Y range Netmask 2...

Страница 22: ...ditional security DMZ is commonly used with NAT functionality as an alternative to Port Forwarding but DMZ opens all ports of the host network device to the external network DMZ Management Port Web Ma...

Страница 23: ...ected message will be displayed A PPPoE tunnel reconnection routine can be initiated using the Reconnect button which is located in the Main tab next to the PPP interface statistics Enable DMZ The Dem...

Страница 24: ...as an alternative to Port Forwarding but DMZ opens all ports of the host network device to the external network DMZ Management Port Web Management Port for the AirRouter TCP IP port 80 by default wil...

Страница 25: ...onnect to the LAN interface while the AirRouter is operating in Station or Station WDS mode Range Start End This range determines the IP addresses given out by the DHCP server to client devices on the...

Страница 26: ...dentifier for the particular IP Alias Comments Field used for a brief description of the purpose of the alias Enabled Enables or disables the particular IP Alias All added IP Aliases are saved in the...

Страница 27: ...outer mode Click Change to save the changes made on the Network tab Static Routes In this section you can manually add static routing rules to the System Routing Table this allows you to specify that...

Страница 28: ...re If enabled ACK Timeout value will be derived dynamically using an algorithm similar to the Conservative Rate Algorithm used in AirOS v3 4 It is very recommended to use the Auto Adjust option for 80...

Страница 29: ...fined constraints the AirRouter will automatically reboot This option creates a kind of fail proof mechanism Ping Watchdog is dedicated for continuous monitoring of the particular connection to remote...

Страница 30: ...d password SSH Server The following SSH Server parameters can be set Enable SSH Server This option enables SSH access to the AirRouter Server Port SSH service TCP IP port setting Enable Password Authe...

Страница 31: ...tings Timezone Specifies the timezone according to GMT Greenwich Mean Time Enable Startup Date When enabled you are able to modify the device s startup date Startup Date Specifies the device s startup...

Страница 32: ...Update The Update button should be activated in order to proceed with firmware upgrade routine new firmware image should be uploaded into the system first Please be patient as the firmware upgrade rou...

Страница 33: ...remote system IP can be selected from the list which is generated automatically Select destination IP or may be specified manually Remote system access credentials administrator username User and Pass...

Страница 34: ...you can modify AirView Settings such as enabling or disabling charts or specifying the frequency interval Preferences Charts Enable Top Chart Select the chart to be displayed in the top chart on the m...

Страница 35: ...is the green area on the Real time chart which represents the average received power level and considers data for as long as AirView has been running You can disable this graph by unchecking the Enabl...

Страница 36: ...ght 221 g Ports 5 10 100 Ethernet Ports 1 USB Port 1 Power Port Buttons 1 Reset Button LEDs 4 LAN 1 Main WAN by default 1 Internet 1 WLAN Wireless LAN 1 Power Wireless Security WEP WPA and WPA2 Bands...

Страница 37: ...paid No Products will be accepted for replacement or repair without obtaining a Return Materials Authorization RMA number from UBIQUITI NETWORKS Products returned without an RMA number will not be pro...

Страница 38: ...rdware compatibility or field issues as quickly as possible We strive to respond to support inquiries within a 24 hour period Email support ubnt com Phone 408 942 1153 9 a m 5 p m PST Skype Ubiquiti_S...

Отзывы: