I've completed my "site test" from my home in Mill Creek to the SnoCo (Everett) DEM on 1.2GHz at one watt, with my antenna inside my house and the Everett 1.2GHz antenna half-way up their tower, so I'm ready to take the next step. Going back and reading the archives for the past few months, I do have a question: In one thread, I note the arguments against changing the SSH port. Does that apply to just network management nodes, or does it apply to all clients? A related question is, do the HamWAN network admins require login access to client radios? -- Dean
Hello Dean, HamWAN operates entirely on a shared admin model. We have a few trusted people who we rely on to manage the infrastructure of the network. This *does* include every client modem, as if the infrastructure changes in the future (It will, I guarantee it) the admins can access the client modems and re-configure to match the changes. This also applies when talking about SSH ports, in that if every modem in the network is using an odd SSH port, it simply becomes unmanageable. We do recommend if it is your preference to add a firewall rule to limit SSH to the 44.0.0.0/8 subnet, which will effectively protect against scanners. (We also run a (reactive) script on our edge routers that blocks IPs that make scanning attempts against devices on the network.) Thanks, Nigel K7NVH
On 2014-03-11 15:55, Nigel Vander Houwen wrote:
Hello Dean,
HamWAN operates entirely on a shared admin model. We have a few trusted people who we rely on to manage the infrastructure of the network.
This *does* include every client modem, as if the infrastructure changes in the future (It will, I guarantee it) the admins can access the client modems and re-configure to match the changes....
Thanks, Nigel K7NVH
Does that include clients allowing network admins "root" access? If so, that's a non-starter for me.
Hi Dean, It's your device and you're welcome to connect to the network whether you decide to give the admins access to your modem or not. It's recommended, but not required. Especially for network geeks who may already know what they are doing. :) -Cory NQ1E On Tue, Mar 11, 2014 at 4:13 PM, Dean Gibson AE7Q <hamwan@ae7q.net> wrote:
On 2014-03-11 15:55, Nigel Vander Houwen wrote:
Hello Dean,
HamWAN operates entirely on a shared admin model. We have a few trusted people who we rely on to manage the infrastructure of the network.
This *does* include every client modem, as if the infrastructure changes in the future (It will, I guarantee it) the admins can access the client modems and re-configure to match the changes....
Thanks, Nigel K7NVH
Does that include clients allowing network admins "root" access? If so, that's a non-starter for me.
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
To add to what Cory said, The goal is not to remove control or access from the user. It's simply for network management. It's very much an experimental network, so if you choose not to allow admin accounts on your modem, the network may change and you will be responsible for maintaining it yourself. I'd also like to bring up a parallel with other commercial ISPs. You end up in the same situation. For example, with comcast, you can either rent a modem from them, which they have full admin control of, and may not give you any access at all, or you buy a modem yourself, and configure it to work with them, and any issues or changes are your own responsibility. For us the problem is far more significant. The HamWAN network is changing and evolving all the time, unlike a network like comcast's which is relatively stable. The methods of connecting / authenticating to the network will change, and you should be prepared for that if you decide that allowing a few trusted users on your modem is an unacceptable risk, despite these users having full administrative access to ALL of the rest of the HamWAN network routing your packets. In any case, as Cory said, it is your choice, but the recommended one is what's documented on the wiki instructions. Nigel K7NVH
If you put your modem outside of your firewall (which is where mine is, in spite of the fact that I haven't successfully connected yet), your exposure is no worse than being attacked from another host connected to the HamWAN network*. You *do* have a firewall on your network, right? ;^) * Well, ok, speaking as a professional security geek (which is what I do for a living), it *is* in fact very slightly worse. Assuming the firmware of the modem could be compromised to launch attacks, it's a higher-bandwidth lower-latency connection to pound on your network from, which, in theory, is less secure. But given the speed of the HamWAN network, the delta is pretty small, and given that the modems run a semi-proprietary (and fairly uncommon) OS, the odds of the modem itself becoming a leapfrog platform for staging attacks are pretty insignificant. And again, assuming you've got a halfway decent firewall in the middle (ie, not just a cheap consumer device that does NAT, but an actual firewall), I wouldn't worry about it. Jeff N0GQ On Tue, Mar 11, 2014 at 4:27 PM, Nigel Vander Houwen <nigel@k7nvh.com>wrote:
To add to what Cory said,
The goal is not to remove control or access from the user. It's simply for network management. It's very much an experimental network, so if you choose not to allow admin accounts on your modem, the network may change and you will be responsible for maintaining it yourself.
I'd also like to bring up a parallel with other commercial ISPs. You end up in the same situation. For example, with comcast, you can either rent a modem from them, which they have full admin control of, and may not give you any access at all, or you buy a modem yourself, and configure it to work with them, and any issues or changes are your own responsibility.
For us the problem is far more significant. The HamWAN network is changing and evolving all the time, unlike a network like comcast's which is relatively stable. The methods of connecting / authenticating to the network will change, and you should be prepared for that if you decide that allowing a few trusted users on your modem is an unacceptable risk, despite these users having full administrative access to ALL of the rest of the HamWAN network routing your packets.
In any case, as Cory said, it is your choice, but the recommended one is what's documented on the wiki instructions.
Nigel K7NVH
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
-- -=jeff=-
Hmm, let's see: 1. If you happen to get root access on any of my Linux boxes and do "rm -rf /" or "rm -rf /bin" or "rm -rf /sbin" or "rm -rf /sys" or "rm -rf /usr" or "rm -rf /lib" (or any other modifications to those directories), nothing will happen. Depending upon what I've been doing recently, "rm -rf /etc" (or other directories) may or may not work. When I used SCSI hard drives (which back then typically had a jumper to force read-only access), that was enforced by hardware in addition to a software configuration. Whether I make similar mods to the MikroTik OS configuration, remains to be seen. 2. I run bind (named), ntpd, and postfix in a chroot environment. 3. SSH does not run on port 22 (nor does it run on a port # > 1024). PostgreSQL is not available on port 5432. Postfix does not allow submissions on port 25. I don't use self-signed keys. I don't type root passwords. Etc. 4. I've run externally-available DNS servers for 15 years, and I've *never* allowed recursive queries outside my LAN. 5. Before I installed FiOS, I asked the (then) Verizon rep whether if could support idiot customers with had back-door access to the provided modem, and when the answer was yes, I set up a DMZ. When people visit my house and need WiFi or wired access, they're in the DMZ. I have run various versions of Windows for decades, and until recently without anti-virus software (some of it is just soothing or alarming junk), without ever getting a virus. However, before I made the above modifications (except the last) to my Linux boxes over a decade ago, I did have an otherwise-secure Linux box compromised by a vulnerability in ISC bind: my server was #3 in a five-stage leapfrog attack on a bank. This was before the above modifications over a decade ago. Since then, I've been paranoid. You too can be paranoid, with only a little effort (or experience). Oh, and when I was run running a public NTP server (my one serious mistake; see: http://www.ultimeth.com/Abandon.html ), I had people accessing my NTP hostname without getting permission, so I changed the hostname (and let authorized users know), and then pointed the old hostname to 127.0.0.1 (I have other "useful" but unsupported services similarly configured). Boy, did that make one person mad; he complained to the NTP mailing list (which was somehow unsympathetic). I guess entitlement is alive and well on the Internet ... So yes, I'll take the risk that a change to the HamWAN network will render my link temporarily unusable. -- Dean On 2014-03-11 17:11, Jeff Francis(tm) wrote:
If you put your modem outside of your firewall (which is where mine is, in spite of the fact that I haven't successfully connected yet), your exposure is no worse than being attacked from another host connected to the HamWAN network*. You *do* have a firewall on your network, right? ;^)
* Well, ok, speaking as a professional security geek (which is what I do for a living), it *is* in fact very slightly worse. Assuming the firmware of the modem could be compromised to launch attacks, it's a higher-bandwidth lower-latency connection to pound on your network from, which, in theory, is less secure. But given the speed of the HamWAN network, the delta is pretty small, and given that the modems run a semi-proprietary (and fairly uncommon) OS, the odds of the modem itself becoming a leapfrog platform for staging attacks are pretty insignificant. And again, assuming you've got a halfway decent firewall in the middle (ie, not just a cheap consumer device that does NAT, but an actual firewall), I wouldn't worry about it.
Jeff N0GQ
On Tue, Mar 11, 2014 at 4:27 PM, Nigel Vander Houwen <nigel@k7nvh.com <mailto:nigel@k7nvh.com>> wrote:
To add to what Cory said,
The goal is not to remove control or access from the user. It's simply for network management. It's very much an experimental network, so if you choose not to allow admin accounts on your modem, the network may change and you will be responsible for maintaining it yourself.
I'd also like to bring up a parallel with other commercial ISPs. You end up in the same situation. For example, with comcast, you can either rent a modem from them, which they have full admin control of, and may not give you any access at all, or you buy a modem yourself, and configure it to work with them, and any issues or changes are your own responsibility.
For us the problem is far more significant. The HamWAN network is changing and evolving all the time, unlike a network like comcast's which is relatively stable. The methods of connecting / authenticating to the network will change, and you should be prepared for that if you decide that allowing a few trusted users on your modem is an unacceptable risk, despite these users having full administrative access to ALL of the rest of the HamWAN network routing your packets.
In any case, as Cory said, it is your choice, but the recommended one is what's documented on the wiki instructions.
Nigel K7NVH
OK, so I have a radio and antenna from Bart, assembled and on a mast inside my house. I've run through the steps on the Wiki, except for: 1. Shared admin, and 2. Remote logging & SNMP monitoring (which I will do when I have a connection). I've run all the way up to "/interface wireless scan 0", which doesn't seem to report anything, not totally unexpected since I'm inside my house. My DHCP server supplies an IP address to the radio on either the DMZ or LAN, and that's how I now connect with WinBox. So, now more questions ... 1. When I click on the "Wireless" tab in WinBox, the "interfaces" tab shows the correct SSID ("HamWAN"), but a frequency of 5180. That seems odd. However, the "Channels" tab correctly shows the values set from the HamWAN Wiki for "Client Node Configuration". 2. Is there a better way to do a scan other than the command (eg, a WinBox button somewhere)? 3. The antenna instructions talk about sealing the cable to the radio with some sort of tape. I know I'm getting ahead of myself here, but what to people use/recommend? This is when I noticed that when you mount the radio, the untaped N-connector seems to be oriented to catch rain. Seems like a weird design decision. Any other comments are welcome as well ...
Dean, 1. The frequency is somewhat of a "default" so to say, the channels defined are ones the modem will automatically look for, so it will connect to whichever it can find. 2. I don't use winbox, so I can't speak to that, but yes, /interface wireless scan 0 is how I run a scan. Maybe someone else can speak to winbox options. 3. In theory N connectors are weather sealed by the nature of their design. The antenna asks that you tape up the connector due to their attachment of the coax to the connector itself. I generally use a layer of Scotch 33 (good electrical tape), followed by a layer of Scotch 23 (Self fusing tape) or mastic, and followed by another outer layer of Scotch 33. Nigel K7NVH On Mar 12, 2014, at 10:12 PM, Dean Gibson AE7Q <hamwan@ae7q.net> wrote:
OK, so I have a radio and antenna from Bart, assembled and on a mast inside my house. I've run through the steps on the Wiki, except for: Shared admin, and Remote logging & SNMP monitoring (which I will do when I have a connection). I've run all the way up to "/interface wireless scan 0", which doesn't seem to report anything, not totally unexpected since I'm inside my house. My DHCP server supplies an IP address to the radio on either the DMZ or LAN, and that's how I now connect with WinBox.
So, now more questions ... When I click on the "Wireless" tab in WinBox, the "interfaces" tab shows the correct SSID ("HamWAN"), but a frequency of 5180. That seems odd. However, the "Channels" tab correctly shows the values set from the HamWAN Wiki for "Client Node Configuration". Is there a better way to do a scan other than the command (eg, a WinBox button somewhere)? The antenna instructions talk about sealing the cable to the radio with some sort of tape. I know I'm getting ahead of myself here, but what to people use/recommend? This is when I noticed that when you mount the radio, the untaped N-connector seems to be oriented to catch rain. Seems like a weird design decision. Any other comments are welcome as well ...
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
Dean, if you know what sector you're shooting for, you can make your life a little easier by temporarily typing the frequency directly into the "Scan List" field instead of selecting the HamWAN scan-list. This will not allow the modem to find other sectors, but it will lock the receiver down to that 1 frequency to maximize your signal-hunting adventures. The "Frequency" field you're referring to control the Access Point mode frequency, and not the Station mode (which you should be using). Station mode frequencies are entirely controlled by scan-list. Feel free to share a copy of "/interface wiress export verbose" so that we can verify your config is right. --Bart On 3/12/2014 10:17 PM, Nigel Vander Houwen wrote:
Dean,
1. The frequency is somewhat of a "default" so to say, the channels defined are ones the modem will automatically look for, so it will connect to whichever it can find. 2. I don't use winbox, so I can't speak to that, but yes, /interface wireless scan 0 is how I run a scan. Maybe someone else can speak to winbox options. 3. In theory N connectors are weather sealed by the nature of their design. The antenna asks that you tape up the connector due to their attachment of the coax to the connector itself. I generally use a layer of Scotch 33 (good electrical tape), followed by a layer of Scotch 23 (Self fusing tape) or mastic, and followed by another outer layer of Scotch 33.
Nigel K7NVH
On Mar 12, 2014, at 10:12 PM, Dean Gibson AE7Q <hamwan@ae7q.net <mailto:hamwan@ae7q.net>> wrote:
OK, so I have a radio and antenna from Bart, assembled and on a mast inside my house. I've run through the steps on the Wiki, except for:
1. Shared admin, and 2. Remote logging & SNMP monitoring (which I will do when I have a connection).
I've run all the way up to "/interface wireless scan 0", which doesn't seem to report anything, not totally unexpected since I'm inside my house. My DHCP server supplies an IP address to the radio on either the DMZ or LAN, and that's how I now connect with WinBox.
So, now more questions ...
1. When I click on the "Wireless" tab in WinBox, the "interfaces" tab shows the correct SSID ("HamWAN"), but a frequency of 5180. That seems odd. However, the "Channels" tab correctly shows the values set from the HamWAN Wiki for "Client Node Configuration". 2. Is there a better way to do a scan other than the command (eg, a WinBox button somewhere)? 3. The antenna instructions talk about sealing the cable to the radio with some sort of tape. I know I'm getting ahead of myself here, but what to people use/recommend? This is when I noticed that when you mount the radio, the untaped N-connector seems to be oriented to catch rain. Seems like a weird design decision.
Any other comments are welcome as well ...
_______________________________________________ PSDR mailing list PSDR@hamwan.org <mailto:PSDR@hamwan.org> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
On 2014-03-12 22:21, Bart Kus wrote:
/interface wireless export verbose
[admin@AE7Q-Paine] > /interface wireless export verbose # jan/02/1970 00:40:00 by RouterOS 6.10 # software id = LTNR-CTND # /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 0 degrees (north)" \ disabled=no extension-channel=disabled frequency=5920 list=HamWAN name=\ Sector1 width=5 add band=5ghz-onlyn comment=\ "Cell sites radiate this at 120 degrees (south-east)" disabled=no \ extension-channel=disabled frequency=5905 list=HamWAN name=Sector2 width=\ 5 add band=5ghz-onlyn comment=\ "Cell sites radiate this at 240 degrees (south-west)" disabled=no \ extension-channel=disabled frequency=5890 list=HamWAN name=Sector3 width=\ 5 /interface wireless security-profiles set [ find default=yes ] authentication-types="" eap-methods=passthrough \ group-ciphers=aes-ccm group-key-update=5m interim-update=0s \ management-protection=disabled management-protection-key="" mode=none \ mschapv2-password="" mschapv2-username="" name=default \ radius-eap-accounting=no radius-mac-accounting=no \ radius-mac-authentication=no radius-mac-caching=disabled \ radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \ static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\ none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \ static-sta-private-algo=none static-sta-private-key="" \ static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\ none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=\ "" wpa2-pre-shared-key="" /interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=none allow-sharedkey=\ no antenna-gain=0 area="" arp=enabled band=5ghz-a/n basic-rates-a/g=6Mbps \ bridge-mode=enabled channel-width=20/40mhz-ht-above compression=no \ country=no_country_set default-ap-tx-limit=0 default-authentication=yes \ default-client-tx-limit=0 default-forwarding=yes dfs-mode=none \ disable-running-check=no disabled=no disconnect-timeout=3s distance=\ dynamic frame-lifetime=0 frequency=5180 frequency-mode=superchannel \ frequency-offset=0 hide-ssid=no ht-ampdu-priorities=0 ht-amsdu-limit=8192 \ ht-amsdu-threshold=8192 ht-basic-mcs=\ mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any \ ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,\ mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,\ mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" ht-txchains=0 \ hw-fragmentation-threshold=disabled hw-protection-mode=none \ hw-protection-threshold=0 hw-retries=7 interworking-profile=disabled \ l2mtu=2290 mac-address=D4:CA:6D:54:B4:F5 max-station-count=2007 mode=\ station mtu=1500 multicast-buffering=enabled multicast-helper=default \ name=wlan1-gateway noise-floor-threshold=default nv2-cell-radius=30 \ nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \ nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \ periodic-calibration=default periodic-calibration-interval=60 \ preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\ AE7Q/MillCreek-Paine rate-selection=advanced rate-set=default scan-list=\ HamWAN security-profile=default ssid=HamWAN station-bridge-clone-mac=\ 00:00:00:00:00:00 supported-rates-a/g=\ 6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps tdma-period-size=2 \ tx-power-mode=default update-stats-interval=disabled wds-cost-range=\ 50-150 wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no \ wds-mode=disabled wireless-protocol=nv2 wmm-support=disabled /interface wireless manual-tx-power-table set wlan1-gateway manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mb\ ps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17\ ,HT20-0:17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT2\ 0-7:17,HT40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:\ 17,HT40-7:17" /interface wireless nstreme set wlan1-gateway disable-csma=no enable-nstreme=no enable-polling=yes \ framer-limit=3200 framer-policy=none /interface wireless align set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\ 00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \ frames-per-second=25 receive-all=no ssid-all=no /interface wireless sniffer set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \ multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\ no streaming-max-rate=0 streaming-server=0.0.0.0 /interface wireless snooper set channel-time=200ms multiple-channels=yes receive-errors=no
I discovered a clever technique for initially orienting the antenna: Using Google Earth, I draw a line from the Node (in this case the DEM antenna at Paine field), to my house (5.02 miles 149.89 degrees). No only does that give me a pretty good initial bearing (300), but I get to see what obstacles are in my way (it isn't pretty) for various prospective antenna locations. So, I see I'm squarely in the DEM SE (60-180 degree) sector. Which brings me to my next question: Where is this "scan list" and where do I set it? Is there a way to configure the radio to get the date/time from a local NTP server? That would make its logs a little more meaningful ... On 2014-03-12 22:21, Bart Kus wrote:
Dean, if you know what sector you're shooting for, you can make your life a little easier by temporarily typing the frequency directly into the "Scan List" field instead of selecting the HamWAN scan-list. This will not allow the modem to find other sectors, but it will lock the receiver down to that 1 frequency to maximize your signal-hunting adventures.
The "Frequency" field you're referring to control the Access Point mode frequency, and not the Station mode (which you should be using). Station mode frequencies are entirely controlled by scan-list.
Feel free to share a copy of "/interface wiress export verbose" so that we can verify your config is right.
--Bart
On 3/12/2014 10:17 PM, Nigel Vander Houwen wrote:
Dean,
1. The frequency is somewhat of a "default" so to say, the channels defined are ones the modem will automatically look for, so it will connect to whichever it can find. 2. I don't use winbox, so I can't speak to that, but yes, /interface wireless scan 0 is how I run a scan. Maybe someone else can speak to winbox options. 3. In theory N connectors are weather sealed by the nature of their design. The antenna asks that you tape up the connector due to their attachment of the coax to the connector itself. I generally use a layer of Scotch 33 (good electrical tape), followed by a layer of Scotch 23 (Self fusing tape) or mastic, and followed by another outer layer of Scotch 33.
Nigel K7NVH
On Mar 12, 2014, at 10:12 PM, Dean Gibson AE7Q <hamwan@ae7q.net <mailto:hamwan@ae7q.net>> wrote:
OK, so I have a radio and antenna from Bart, assembled and on a mast inside my house. I've run through the steps on the Wiki, except for:
1. Shared admin, and 2. Remote logging & SNMP monitoring (which I will do when I have a connection).
I've run all the way up to "/interface wireless scan 0", which doesn't seem to report anything, not totally unexpected since I'm inside my house. My DHCP server supplies an IP address to the radio on either the DMZ or LAN, and that's how I now connect with WinBox.
So, now more questions ...
1. When I click on the "Wireless" tab in WinBox, the "interfaces" tab shows the correct SSID ("HamWAN"), but a frequency of 5180. That seems odd. However, the "Channels" tab correctly shows the values set from the HamWAN Wiki for "Client Node Configuration". 2. Is there a better way to do a scan other than the command (eg, a WinBox button somewhere)? 3. The antenna instructions talk about sealing the cable to the radio with some sort of tape. I know I'm getting ahead of myself here, but what to people use/recommend? This is when I noticed that when you mount the radio, the untaped N-connector seems to be oriented to catch rain. Seems like a weird design decision.
Any other comments are welcome as well ...
_______________________________________________ PSDR mailing list PSDR@hamwan.org <mailto:PSDR@hamwan.org> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
Ah, that should be *330* bearing to Paine (and I'm a math major, too!). Turns out I didn't really need it. Using Google Earth, I noted the first visual "landmark" on the drawn path to the remote stations (eg, Paine), and I just visually aim at that. Anyway, through a second-story window (open): [admin@AE7Q-Paine] > /interface wireless scan 0 ADDRESS SSID BAND CHA.. FREQ SIG NF SNR RADIO-NAME A RT D4:CA:6D:7A:B8:07 HamWAN 5ghz-n 5mhz 5905 -89 -118 29 Paine-S2 [admin@AE7Q-Paine] > /interface wireless monitor 0 status: connected-to-ess band: 5ghz-n-5mhz frequency: 5905MHz wireless-protocol: nv2 tx-rate: 1.5Mbps rx-rate: 1.5Mbps ssid: HamWAN bssid: D4:CA:6D:7A:B8:07 radio-name: Paine-S2 signal-strength: -89dBm signal-strength-ch0: -89dBm tx-signal-strength: -88dBm tx-signal-strength-ch0: -88dBm noise-floor: -118dBm signal-to-noise: 29dB tx-ccq: 10% rx-ccq: 10% authenticated-clients: 1 current-distance: 10 wds-link: no bridge: no routeros-version: 6.7 last-ip: 50.46.168.128 current-tx-powers: 6Mbps:31(25/31),9Mbps:31(25/31),12Mbps:31(25/31),18Mbps:31(25/31), 24Mbps:31(25/31),36Mbps:29(23/29),48Mbps:29(23/29),54Mbps:27(21/27), HT20-0:29(23/29),HT20-1:29(23/29),HT20-2:29(23/29),HT20-3:29(23/29), HT20-4:29(23/29),HT20-5:27(21/27),HT20-6:27(21/27),HT20-7:26(20/26) notify-external-fdb: no I think the antenna needs to go higher ... (grin). Nevertheless, the "traceroute 8.8.8.8" and "ping google.com" worked, as did an inbound ping. What an "icky" OS, but it works. Is the antenna pattern more sensitive (narrow) in the vertical axis? That's what I would guess from the antenna shape, but antennae are strange and mysterious creatures ... I'm thinking very seriously of picking up a 2nd radio/antenna combo this week, to play with. -- Dean AE7Q On 2014-03-12 22:45, Dean Gibson AE7Q wrote:
I discovered a clever technique for initially orienting the antenna: Using Google Earth, I draw a line from the Node (in this case the DEM antenna at Paine field), to my house (5.02 miles 149.89 degrees). No only does that give me a pretty good initial bearing (*300*), but I get to see what obstacles are in my way (it isn't pretty) for various prospective antenna locations. So, I see I'm squarely in the DEM SE (60-180 degree) sector.
Which brings me to my next question: Where is this "scan list" and where do I set it?
Is there a way to configure the radio to get the date/time from a local NTP server? That would make its logs a little more meaningful ...
On 2014-03-12 22:21, Bart Kus wrote:
Dean, if you know what sector you're shooting for, you can make your life a little easier by temporarily typing the frequency directly into the "Scan List" field instead of selecting the HamWAN scan-list. This will not allow the modem to find other sectors, but it will lock the receiver down to that 1 frequency to maximize your signal-hunting adventures.
The "Frequency" field you're referring to control the Access Point mode frequency, and not the Station mode (which you should be using). Station mode frequencies are entirely controlled by scan-list.
Feel free to share a copy of "/interface wireless export verbose" so that we can verify your config is right.
--Bart
On 3/12/2014 10:17 PM, Nigel Vander Houwen wrote:
Dean,
1. The frequency is somewhat of a "default" so to say, the channels defined are ones the modem will automatically look for, so it will connect to whichever it can find. 2. I don't use winbox, so I can't speak to that, but yes, /interface wireless scan 0 is how I run a scan. Maybe someone else can speak to winbox options. 3. In theory N connectors are weather sealed by the nature of their design. The antenna asks that you tape up the connector due to their attachment of the coax to the connector itself. I generally use a layer of Scotch 33 (good electrical tape), followed by a layer of Scotch 23 (Self fusing tape) or mastic, and followed by another outer layer of Scotch 33.
Nigel K7NVH
On Mar 12, 2014, at 10:12 PM, Dean Gibson AE7Q <hamwan@ae7q.net <mailto:hamwan@ae7q.net>> wrote:
OK, so I have a radio and antenna from Bart, assembled and on a mast inside my house. I've run through the steps on the Wiki, except for:
1. Shared admin, and 2. Remote logging & SNMP monitoring (which I will do when I have a connection).
I've run all the way up to "/interface wireless scan 0", which doesn't seem to report anything, not totally unexpected since I'm inside my house. My DHCP server supplies an IP address to the radio on either the DMZ or LAN, and that's how I now connect via WinBox.
So, now more questions ...
1. When I click on the "Wireless" tab in WinBox, the "interfaces" tab shows the correct SSID ("HamWAN"), but a frequency of 5180. That seems odd. However, the "Channels" tab correctly shows the values set from the HamWAN Wiki for "Client Node Configuration". 2. Is there a better way to do a scan other than the command (eg, a WinBox button somewhere)? 3. The antenna instructions talk about sealing the cable to the radio with some sort of tape. I know I'm getting ahead of myself here, but what do people use/recommend? This is when I noticed that when you mount the radio, the untaped N-connector seems to be oriented to catch rain. Seems like a weird design decision.
Any other comments are welcome as well ...
On Thu, Mar 13, 2014 at 4:31 PM, Dean Gibson AE7Q <hamwan@ae7q.net> wrote:
Anyway, through a second-story window (open):
[admin@AE7Q-Paine] > /interface wireless scan 0 ADDRESS SSID BAND CHA.. FREQ SIG NF SNR RADIO-NAME A RT D4:CA:6D:7A:B8:07 HamWAN 5ghz-n 5mhz 5905 -89 -118 29 Paine-S2
That's impressive for simply aiming out a window! Put some effort into aiming and you should be able to get a good signal.
I think the antenna needs to go higher ... (grin). Nevertheless, the "traceroute 8.8.8.8" and "ping google.com" worked, as did an inbound ping. What an "icky" OS, but it works.
Is the antenna pattern more sensitive (narrow) in the vertical axis? That's what I would guess from the antenna shape, but antennae are strange and mysterious creatures ...
I don't have a good feel for which axis is narrower, but they certainly both need some attention. Find peak signal strength by varying azimuth, then do the same for elevation. Make sure you're not on a side lobe. That'll be the strong signal just left and right of the strongest signal. You may also find the various locations on the roof are better than others. Survey a few before mounting permanently. Tom KD7LXL
I'm going to second Tom on this one. I have places on my roof where I can get no signal, and 5 feet over get decent signal, and a different five feet get pretty good signal. Play with it a bit. Also, yes, both elevation and azimuth are pretty sensitive. You'll definitely want to play with both to improve the signal. -89 isn't terribly strong, but with some fiddling I would hope you can get in a bit stronger. Nigel K7NVH
On 2014-03-13 16:40, Tom Hayward wrote:
On Thu, Mar 13, 2014 at 4:31 PM, Dean Gibson AE7Q <hamwan@ae7q.net> wrote:
Anyway, through a second-story window (open):
[admin@AE7Q-Paine] > /interface wireless scan 0 ADDRESS SSID BAND CHA.. FREQ SIG NF SNR RADIO-NAME A RT D4:CA:6D:7A:B8:07 HamWAN 5ghz-n 5mhz 5905 -89 -118 29 Paine-S2 That's impressive for simply aiming out a window! Put some effort into aiming and you should be able to get a good signal.
You don't know how much time I spent aiming it to even get it that good ... the window test was to see if there was any hope of a connection. Now that there is, I'll be moving it higher
Congrats! Although that's a very low signal level. Trying different lateral positions might improve it (various points along roof line for example). If you've got a clear shot, you might wanna try for Haystack too, just for fun. No idea on the vertical axis performance. There is a project to enable 3D radiation pattern measurement here. I've got the dual-axis rotor control software written, and I'm now working on developing a radar system that'll eliminate multipath effects as sources of measurement error. I've managed to get 6GHz pulses as narrow as 7ns (nanoseconds). Last night I also fixed a major source of jitter problems, so progress is being made on this front. So yes, we will eventually know the full 3D performance of antennas, and even 4D if you consider frequency as a dimension. --Bart On 03/13/2014 04:31 PM, Dean Gibson AE7Q wrote:
Ah, that should be *330* bearing to Paine (and I'm a math major, too!). Turns out I didn't really need it. Using Google Earth, I noted the first visual "landmark" on the drawn path to the remote stations (eg, Paine), and I just visually aim at that.
Anyway, through a second-story window (open):
[admin@AE7Q-Paine] > /interface wireless scan 0 ADDRESS SSID BAND CHA.. FREQ SIG NF SNR RADIO-NAME A RT D4:CA:6D:7A:B8:07 HamWAN 5ghz-n 5mhz 5905 -89 -118 29 Paine-S2 [admin@AE7Q-Paine] > /interface wireless monitor 0 status: connected-to-ess band: 5ghz-n-5mhz frequency: 5905MHz wireless-protocol: nv2 tx-rate: 1.5Mbps rx-rate: 1.5Mbps ssid: HamWAN bssid: D4:CA:6D:7A:B8:07 radio-name: Paine-S2 signal-strength: -89dBm signal-strength-ch0: -89dBm tx-signal-strength: -88dBm tx-signal-strength-ch0: -88dBm noise-floor: -118dBm signal-to-noise: 29dB tx-ccq: 10% rx-ccq: 10% authenticated-clients: 1 current-distance: 10 wds-link: no bridge: no routeros-version: 6.7 last-ip: 50.46.168.128 current-tx-powers: 6Mbps:31(25/31),9Mbps:31(25/31),12Mbps:31(25/31),18Mbps:31(25/31), 24Mbps:31(25/31),36Mbps:29(23/29),48Mbps:29(23/29),54Mbps:27(21/27), HT20-0:29(23/29),HT20-1:29(23/29),HT20-2:29(23/29),HT20-3:29(23/29), HT20-4:29(23/29),HT20-5:27(21/27),HT20-6:27(21/27),HT20-7:26(20/26) notify-external-fdb: no
I think the antenna needs to go higher ... (grin). Nevertheless, the "traceroute 8.8.8.8" and "ping google.com" worked, as did an inbound ping. What an "icky" OS, but it works.
Is the antenna pattern more sensitive (narrow) in the vertical axis? That's what I would guess from the antenna shape, but antennae are strange and mysterious creatures ...
I'm thinking very seriously of picking up a 2nd radio/antenna combo this week, to play with.
-- Dean AE7Q
On 2014-03-12 22:45, Dean Gibson AE7Q wrote:
I discovered a clever technique for initially orienting the antenna: Using Google Earth, I draw a line from the Node (in this case the DEM antenna at Paine field), to my house (5.02 miles 149.89 degrees). No only does that give me a pretty good initial bearing (*300*), but I get to see what obstacles are in my way (it isn't pretty) for various prospective antenna locations. So, I see I'm squarely in the DEM SE (60-180 degree) sector.
Which brings me to my next question: Where is this "scan list" and where do I set it?
Is there a way to configure the radio to get the date/time from a local NTP server? That would make its logs a little more meaningful ...
On 2014-03-12 22:21, Bart Kus wrote:
Dean, if you know what sector you're shooting for, you can make your life a little easier by temporarily typing the frequency directly into the "Scan List" field instead of selecting the HamWAN scan-list. This will not allow the modem to find other sectors, but it will lock the receiver down to that 1 frequency to maximize your signal-hunting adventures.
The "Frequency" field you're referring to control the Access Point mode frequency, and not the Station mode (which you should be using). Station mode frequencies are entirely controlled by scan-list.
Feel free to share a copy of "/interface wireless export verbose" so that we can verify your config is right.
--Bart
On 3/12/2014 10:17 PM, Nigel Vander Houwen wrote:
Dean,
1. The frequency is somewhat of a "default" so to say, the channels defined are ones the modem will automatically look for, so it will connect to whichever it can find. 2. I don't use winbox, so I can't speak to that, but yes, /interface wireless scan 0 is how I run a scan. Maybe someone else can speak to winbox options. 3. In theory N connectors are weather sealed by the nature of their design. The antenna asks that you tape up the connector due to their attachment of the coax to the connector itself. I generally use a layer of Scotch 33 (good electrical tape), followed by a layer of Scotch 23 (Self fusing tape) or mastic, and followed by another outer layer of Scotch 33.
Nigel K7NVH
On Mar 12, 2014, at 10:12 PM, Dean Gibson AE7Q <hamwan@ae7q.net <mailto:hamwan@ae7q.net>> wrote:
OK, so I have a radio and antenna from Bart, assembled and on a mast inside my house. I've run through the steps on the Wiki, except for:
1. Shared admin, and 2. Remote logging & SNMP monitoring (which I will do when I have a connection).
I've run all the way up to "/interface wireless scan 0", which doesn't seem to report anything, not totally unexpected since I'm inside my house. My DHCP server supplies an IP address to the radio on either the DMZ or LAN, and that's how I now connect via WinBox.
So, now more questions ...
1. When I click on the "Wireless" tab in WinBox, the "interfaces" tab shows the correct SSID ("HamWAN"), but a frequency of 5180. That seems odd. However, the "Channels" tab correctly shows the values set from the HamWAN Wiki for "Client Node Configuration". 2. Is there a better way to do a scan other than the command (eg, a WinBox button somewhere)? 3. The antenna instructions talk about sealing the cable to the radio with some sort of tape. I know I'm getting ahead of myself here, but what do people use/recommend? This is when I noticed that when you mount the radio, the untaped N-connector seems to be oriented to catch rain. Seems like a weird design decision.
Any other comments are welcome as well ...
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
OK, when I click on "Wireless sniffer" I see a bunch of packets (about 10/sec) from 98:FC:11:6F:A8:B0 (which is not the radio's MAC), 5GHz-N beacon on 5180MHz, signal strength hovers around -90, rate 6.0Mbps. The "Wireless snooper" shows the three HamWAN channels with zero activity. On 2014-03-12 22:17, Nigel Vander Houwen wrote:
Dean,
1. The frequency is somewhat of a "default" so to say, the channels defined are ones the modem will automatically look for, so it will connect to whichever it can find. 2. I don't use winbox, so I can't speak to that, but yes, /interface wireless scan 0 is how I run a scan. Maybe someone else can speak to winbox options. 3. In theory N connectors are weather sealed by the nature of their design. The antenna asks that you tape up the connector due to their attachment of the coax to the connector itself. I generally use a layer of Scotch 33 (good electrical tape), followed by a layer of Scotch 23 (Self fusing tape) or mastic, and followed by another outer layer of Scotch 33.
Nigel K7NVH
On Mar 12, 2014, at 10:12 PM, Dean Gibson AE7Q <hamwan@ae7q.net <mailto:hamwan@ae7q.net>> wrote:
OK, so I have a radio and antenna from Bart, assembled and on a mast inside my house. I've run through the steps on the Wiki, except for:
1. Shared admin, and 2. Remote logging & SNMP monitoring (which I will do when I have a connection).
I've run all the way up to "/interface wireless scan 0", which doesn't seem to report anything, not totally unexpected since I'm inside my house. My DHCP server supplies an IP address to the radio on either the DMZ or LAN, and that's how I now connect with WinBox.
So, now more questions ...
1. When I click on the "Wireless" tab in WinBox, the "interfaces" tab shows the correct SSID ("HamWAN"), but a frequency of 5180. That seems odd. However, the "Channels" tab correctly shows the values set from the HamWAN Wiki for "Client Node Configuration". 2. Is there a better way to do a scan other than the command (eg, a WinBox button somewhere)? 3. The antenna instructions talk about sealing the cable to the radio with some sort of tape. I know I'm getting ahead of myself here, but what to people use/recommend? This is when I noticed that when you mount the radio, the untaped N-connector seems to be oriented to catch rain. Seems like a weird design decision.
Any other comments are welcome as well ...
_______________________________________________ PSDR mailing list PSDR@hamwan.org <mailto:PSDR@hamwan.org> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
participants (6)
-
Bart Kus -
Cory (NQ1E) -
Dean Gibson AE7Q -
Jeff Francis(tm) -
Nigel Vander Houwen -
Tom Hayward