Client Node Configuration

BE SURE YOU ALWAYS HAVE AN ANTENNA OR DUMMY LOAD PLUGGED IN WHEN THE MODEM IS POWERED ON

Instructions

These instructions are meant to be entered from the command line interface to the router. You can open a command line in WinBox by clicking on "New Terminal". To paste commands in winbox, it's necessary to right-click and select paste rather than trying to use Ctrl-V.

  1. Upgrade your modem to the latest RouterOS v6.
    • If you have connected the modem to your LAN in a way that provides Internet access, the following command can be used:

      /system package update upgrade
    • Otherwise, use the standalone upgrade method: http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS (also works on older ROS 5.xx that does not support the upgrade command)

  2. Reset the router to a blank configuration.

    /system reset-configuration no-defaults=yes
  3. Give your modem a name that tells us where it's located and which site it's linking to. For example, AE7SJ's modem linked to the Paine Field cell site:

    /system identity
    set name=AE7SJ-Paine
  4. Set a password for the admin user.
    • Using Winbox:
      • Click System -> Users -> Users tab -> double click admin -> Password...
    • Or using terminal:

      /user set admin password=
      /console clear-history

      This is an example password generated in your browser. You may choose any password you like.

  5. To support shared administration, add the following HamWAN Network Administration accounts into the "full" group. Usernames are case sensitive.

    /user
    add group=full name=eo password=
    add group=full name=NQ1E password=
    add group=full name=nigel password=
    add group=full name=osburn password=
    add group=full name=tom password=
    add group=full name=KG7OZZ password=
    add group=full name=ryan_turner password=
    add group=full name=ve7alb password=
    add group=read name=monitoring password=
    /console clear-history

    The passwords above are randomly generated in your browser, not stored anywhere, and will never be used. Any HamWAN access to your modem will be done with certificates.

  6. To support shared administration, add SSH keys for the HamWAN Network Administration accounts.
    1. Download and save each key attached to the bottom on this page.
      • Hint: Already configured internet access? Use this command to download the keys directly to the modem:

        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-dsa-tom.txt" dst-path=key-dsa-tom.txt; \
        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-dsa-monitoring.txt" dst-path=key-dsa-monitoring.txt; \
        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-dsa-osburn.txt" dst-path=key-dsa-osburn.txt; \
        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-dsa-NQ1E.txt" dst-path=key-dsa-NQ1E.txt; \
        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-rsa-nigel.txt" dst-path=key-rsa-nigel.txt; \
        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-dsa-eo.txt" dst-path=key-dsa-eo.txt; \
        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-rsa-KG7OZZ.txt" dst-path=key-rsa-KG7OZZ.txt; \
        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-rsa-ryan_turner.txt" dst-path=key-rsa-ryan_turner.txt; \
        /tool fetch url="https://www.hamwan.org/Standards/Network Engineering/Client Node Configuration/key-rsa-ve7alb.txt" dst-path=key-rsa-ve7alb.txt
    2. Drag and drop it into the Files window on your modem.
    3. Import SSH keys and associate them with the right accounts

      /user ssh-keys
      import public-key-file=key-dsa-eo.txt user=eo
      import public-key-file=key-dsa-NQ1E.txt user=NQ1E
      import public-key-file=key-rsa-nigel.txt user=nigel
      import public-key-file=key-dsa-osburn.txt user=osburn
      import public-key-file=key-dsa-tom.txt user=tom
      import public-key-file=key-dsa-monitoring.txt user=monitoring
      import public-key-file=key-rsa-KG7OZZ.txt user=KG7OZZ
      import public-key-file=key-rsa-ryan_turner.txt user=ryan_turner
      import public-key-file=key-rsa-ve7alb.txt user=ve7alb
  7. Enable Ethernet boot in case you ever need to reinstall the router with NetInstall

    /system routerboard settings set boot-device=try-ethernet-once-then-nand
  8. Remote Logging

    /system logging action set 3 bsd-syslog=no name=remote remote=44.24.244.8 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
    /system logging add action=remote disabled=no prefix="" topics=info
    /system logging add action=remote disabled=no prefix="" topics=warning
    /system logging add action=remote disabled=no prefix="" topics=error
  9. SNMP Monitoring

    /snmp set enabled=yes contact="#HamWAN on irc.freenode.org"
    /snmp community set name=hamwan addresses=44.24.240.0/20 read-access=yes write-access=no numbers=0
  10. Use HamWAN's Anycast NTP Servers

    /system ntp client set enabled=yes primary-ntp=44.24.244.4 secondary-ntp=44.24.245.4
  11. Clear firewall filter rules

    /ip firewall filter remove [find dynamic=no]
  12. Set the HamWAN Maximum Transmission Unit (MTU) policy

    /ip firewall mangle
    add action=change-mss chain=output new-mss=1378 protocol=tcp tcp-flags=syn tcp-mss=!0-1378
    add action=change-mss chain=forward new-mss=1378 protocol=tcp tcp-flags=syn tcp-mss=!0-1378
  13. Remove local DHCP server

    /ip dhcp-server
    remove [find]
    /ip dhcp-server network
    remove [find]
  14. Remove local IP address

    /ip address
    remove [find]
  15. Disable DNS service

    /ip dns
    set allow-remote-requests=no
  16. Add HamWAN sector channels

    /interface wireless channels
    add band=5ghz-onlyn comment="Cell sites radiate this at 0 degrees (north)" frequency=5920 list=HamWAN name=Sector1-5 width=5
    add band=5ghz-onlyn comment="Cell sites radiate this at 120 degrees (south-east)" frequency=5900 list=HamWAN name=Sector2-5 width=5
    add band=5ghz-onlyn comment="Cell sites radiate this at 240 degrees (south-west)" frequency=5880 list=HamWAN name=Sector3-5 width=5
    add band=5ghz-onlyn comment="Cell sites radiate this at 0 degrees (north)" frequency=5920 list=HamWAN name=Sector1-10 width=10
    add band=5ghz-onlyn comment="Cell sites radiate this at 120 degrees (south-east)" frequency=5900 list=HamWAN name=Sector2-10 width=10
    add band=5ghz-onlyn comment="Cell sites radiate this at 240 degrees (south-west)" frequency=5880 list=HamWAN name=Sector3-10 width=10
  17. Configure the modem to announce your callsign and location

    /interface wireless
    set 0 radio-name="CALLSIGN/YourLocation-DestinationCell" # For example, set 0 radio-name="AE7SJ/Monroe-Paine"
  18. Set your location, so that your station shows up on the HamWAN map. Supply your latitude and longitude in decimal degrees separated by a comma, like location=47.1234,-121.1234.

    /snmp set location=LAT,LON
  19. Configure the wireless card to use HamWAN

    /interface wireless
    set 0 disabled=no frequency-mode=superchannel band=5ghz-onlyn mode=station scan-list=HamWAN ssid=HamWAN wireless-protocol=nv2

    If you get an error of "input does not match any value of name", re-run the set command WITHOUT the scan-list=HamWAN parameter. Use winbox to set the scan-list to HamWAN instead. This is a suspected bug.

  20. Tell your modem to pull DHCP, including default gateway, from HamWAN

    /ip dhcp-client
    add add-default-route=yes dhcp-options=hostname,clientid disabled=no interface=wlan1
  21. OPTIONAL: Tell your modem to pull DHCP without default gateway or DNS from your LAN as well

    /ip dhcp-client
    add add-default-route=no use-peer-dns=no dhcp-options=hostname,clientid disabled=no interface=ether1

Connect

  1. Point your dish at any cell sites and look for beacons. Optimize for best signal.

    /interface wireless scan 0
  2. When signal is optimized, stop scanning and verify you have an association with the cell site

    /interface wireless monitor 0
  3. Verify you can reach the Internet using HamWAN

    /tool traceroute 8.8.8.8
  4. Verify you can resolve DNS

    /ping google.com
  5. Verify NTP synchronization

    /system ntp client print
    # Should see "status: reached", "status: synchronized", or a recent number like "last-update-before: 4s490ms" if you're connected to the network.
    
    /system clock print
    # Should display the correct date + time if you're connected to the network, or have internet available through other means.

Next Steps

Integrating HamWAN into your LAN

Check out the LAN Integration article for ideas on how you might structure your network to include HamWAN. The simplest option is to not integrate your LAN at all, but to create a new isolated LAN. This is a great way to initially test your HamWAN connection.

Create an isolated LAN for use with HamWAN

  1. Assign an IP address to your modem's LAN port

    /ip address
    add address=192.168.88.1/24 interface=ether1
  2. Configure DHCP server

    /ip pool
    add name=dhcp-pool ranges=192.168.88.100-192.168.88.199
    /ip dhcp-server network
    add address=192.168.88.0/24 dns-server=44.24.244.1,44.24.245.1 gateway=192.168.88.1
    /ip dhcp-server
    add address-pool=dhcp-pool interface=ether1 name=dhcp disabled=no
  3. Connect one end of an Ethernet cable to your modem and the other to the PoE injector (the injector included with the Metal feeds power to the socket side of the adapter). Plug the injector directly into your PC, or into a switch for use with multiple PCs. The modem will assign IP addresses to connected PCs and route their packets to HamWAN.

Attachments

Filename Size Modified
key-rsa-ryan_turner.txt 416iB 2016-10-07 19:31:31
key-dsa-NQ1E.txt 597iB 2016-08-06 14:46:40
key-dsa-osburn.txt 607iB 2016-08-06 14:46:40
key-dsa-eo.txt 607iB 2016-08-06 14:46:40
key-rsa-KG7OZZ.txt 742iB 2016-08-06 14:46:40
key-dsa-monitoring.txt 610iB 2016-08-06 14:46:40
key-rsa-nigel.txt 387iB 2016-10-07 19:31:31
Configure Radio Modem_1080 dlr .mp4 59MiB 2016-08-06 14:46:40
key-dsa-tom.txt 601iB 2016-08-06 14:46:40
key-rsa-ve7alb.txt 589iB 2016-10-07 19:31:31