AirRouter AirOS Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

AirRouter

AirOS

Page 16 / 38 Scroll up to view Page 11 - 15

Ubiquiti Networks, Inc.

Chapter 3: AirOS™

AirRouter User Guide

•

Static

Choose this option to assign the static IP settings

for the bridge interface.

Note:

IP Address and Netmask settings should

be consistent with the address space of the

network segment where the AirRouter resides.

IP Address

Enter the IP address of the device while

Static Bridge IP Address mode is selected. This IP will

be used for AirRouter management purposes.

Netmask

This is a value which when expanded into

binary provides a mapping to define which portions

of IP address groups can be classified as host devices

and network devices. Netmask defines the address

space of the network segment where the AirRouter

resides. 255.255.255.0 (or /24) Netmask is commonly

used on many C Class IP networks.

Gateway IP

Typically, this is the IP address of the host

router which provides the point of connection to the

Internet. This can be a DSL modem, Cable modem, or

a WISP gateway router. The AirRouter will direct the

packets of data to the gateway if the destination host

is not within the local network.

Note:

Bridge

mode, the Gateway IP address

should be from the same address space (on the

same network segment) as the AirRouter.

Primary DNS IP

Enter the IP address of the Primary

DNS (Domain Name System) server.

Secondary DNS IP

Enter the IP address of the

Secondary DNS (Domain Name System) server. This

entry is optional and only used if the primary DNS

server is not responding.

Spanning Tree Protocol

Multiple interconnected bridges

create larger networks using the IEEE 802.1d Spanning

Tree Protocol (STP), which is used for finding the shortest

path within network and to eliminate loops from the

topology.

If enabled, the AirRouter Bridge will communicate with

other network devices by sending and receiving Bridge

Protocol Data Units (BPDU). STP should be turned off

(selected by default) when the AirRouter is the only bridge

on the LAN or when there are no loops in the topology

as there is no need for the bridge to participate in the

Spanning Tree Protocol in this case.

Auto IP Aliasing

Automatically generates an IP Address

for the corresponding WLAN/LAN interface if enabled.

The generated IP address is a unique Class B IP address

from the 169.254.X.Y range (Netmask 255.255.0.0) which is

intended for use within the same network segment only.

Auto IP always starts with 169.254.X.Y while X and Y are

last 2 digits from the MAC address of the device (i.e. if the

MAC is 00:15:6D:A3:04:FB, Generated unique Auto IP will

be 169.254.4.251).

IP Aliases

IP aliases for the internal and external network

interface can be configured. IP Aliases can be specified

using the

IP Aliases

configuration window which is opened

when you click

Configure

•

The alternative IP address for the LAN or WLAN

interface, which can be used for the routing or device

management purposes.

•

Netmask

The network address space identifier for the

particular IP Alias.

•

Comments

Field used for a brief description of the

purpose of the alias.

•

Enabled

Enables or disables the particular IP Alias. All

added IP Aliases are saved in the system configuration

file, however only the enabled IP Aliases are active on

the AirRouter.

Newly IP Aliases can be saved by click the

Save

button

or discarded by clicking the

Cancel

button in the

Aliases

configuration window.

Firewall Settings

Firewall functionality on the bridge interface can be

enabled by selecting

Enable Firewall

. Bridge Firewall

rules can be configured, enabled or disabled while using

Firewall

configuration window which opens when you

click

Configure

Page 17 / 38

Ubiquiti Networks, Inc.

Chapter 3: AirOS™

AirRouter User Guide

Firewall entries can be specified by using the following

criteria:

Interface

The interface (WLAN or LAN) where filtering of

the incoming/passing-through packets are processed.

IP Type

Sets which particular L3 protocol type (IP, ICMP,

TCP, UDP) should be filtered.

Source IP/Mask

The source IP of the packet (specified

within the packet header), usually it is the IP of the host

system which sends the packets.

Src Port

The source port of the TCP/UDP packet (specified

within the packet header), usually it is the port of the host

system application which sends the packets.

Destination IP/Mask

The destination IP of the packet

(specified within the packet header), usually it is the IP of

the system which the packet is addressed to.

Dst Port

The destination port of the TCP/UDP packet

(specified within the packet header), usually it is the

port of the host system application which the packet is

addressed to.

Comment

Field used to enter a brief description of the

firewall entry.

Enables or disables the effect of the particular firewall

entry. All added firewall entries are saved in system

configuration file, however only the enabled firewall

entries will be active on the AirRouter.

Not

Can be used for inverting the Source IP/mask, Source

Port, Destination IP/mask and Destination Port filtering

criteria (i.e. if not is enabled for the specified Destination

Port value 443, the filtering criteria will be applied to all

the packets sent to any Destination Port except the 443

which is commonly used by HTTPS).

Click

Save

to save your firewall entries or click

Cancel

discard your changes.

All active firewall entries are stored in the FIREWALL chain

of the ebtables filter table, while the device is operating

Bridge

mode. Please refer to the ebtables manual for a

detailed description of the firewall functionality in Bridge

mode.

Click

Change

to save the changes made in the

Network

tab.

Router

The role of the LAN and WLAN interface will change

depending on the Wireless Mode selected while the

AirRouter is operating in

Router

mode:

•

The wireless interface and all connected wireless clients

are considered as part of the internal LAN and the

Ethernet interface is dedicated for the connection to

the external network while the AirRouter is operating in

Access Point

Access Point WDS

mode.

•

The wireless interface and all of the connected wireless

clients are considered part of the external network

and all network devices on the LAN side as well as the

Ethernet interface itself are considered as part of the

internal network when the AirRouter is operating in

Station

Station WDS

mode.

Wireless/wired clients are routed from the internal

network to the external one by default. Network Address

Translation (NAT) functionality works the same way.

WLAN Network settings

IP Address

This is the IP address to be represented by

the WLAN interface which is connected to the internal

network according to the wireless operation mode

described above. This IP will be used for the routing of

the internal network (it will be the Gateway IP for all

the devices connected on the internal network). This IP

address can be used to access the management interface

of the AirRouter.

Netmask

This is used to define the device IP classification

for the chosen IP address range. 255.255.255.0 is a typical

netmask value for Class C networks, which support IP

address range 192.0.0.x to 223.255.255.x. Class C network

Netmask uses 24 bits to identify the network (alternative

notation “/24”) and 8 bits to identity the host.

Enable NAT

Network Address Translation (NAT) enables

packets to be sent from the wired network (LAN) to the

wireless interface IP address and then sub-routed to other

client devices residing on the local network while the

AirRouter is operating in

Access Point

Access Point WDS

mode and in the reverse direction in

Station

and

Station

WDS

mode.

Enable NAT Protocol

While NAT is enabled, data packets

could be modified in order to allow pass-through to the

Router. To avoid packet modification of some specific

packets, like: SIP, PPTP, FTP, RTSP; uncheck the respective

checkbox.

NAT is implemented using the masquerade type firewall

rules. NAT firewall entries are stored in the iptables nat

table, while the device is operating in

Router

mode. Please

refer to the iptables tutorial for detailed description of the

NAT functionality in

Router

mode.

Page 18 / 38

Ubiquiti Networks, Inc.

Chapter 3: AirOS™

AirRouter User Guide

Static routes should be specified in order for the packets

to pass-through the AirRouter if NAT is disabled in while

operating in

Router

mode.

Enable DHCP Server

Dynamic Host Configuration

Protocol (DHCP) Server assigns IP addresses to clients

which will associate to the wireless interface while the

AirRouter is operating in

Access Point

WDS mode and assigns IP addresses to clients which

will connect to the LAN interface while the AirRouter is

operating in

Station

Station WDS

mode.

•

Range Start/End

This range determines the IP

addresses given out by the DHCP server to client

devices on the internal network which use dynamic IP

configuration.

•

Netmask

This is used to define the device IP

classification for the chosen IP address range.

255.255.255.0 is a typical netmask value for Class C

networks, which support IP address range 192.0.0.x to

223.255.255.x. Class C network Netmask uses 24 bits to

identify the network (alternative notation “/24”) and 8

bits to identity the host.

•

Lease Time

The IP addresses given out by the DHCP

server will only be valid for the duration specified

by the lease time. Increasing the time ensures client

operation without interruption, but could introduce

potential conflicts. Lowering the lease time will avoid

potential address conflicts, but might cause more slight

interruptions to the client while it acquires a new IP

addresses from the DHCP server. The time is expressed

in seconds.

Enable DNS Proxy

The DNS Proxy forwards the Domain

Name System requests from the hosts which reside in the

internal network to the DNS server while the AirRouter is

in operating in

Router

mode. A valid Primary DNS Server

IP needs to be specified for DNS Proxy functionality. The

internal network interface IP of the AirRouter should be

specified as the DNS server in the host configuration in

order for the DNS Proxy to be able to get the DNS requests

and translate domain names to IP addresses afterwards.

Port Forwarding

Port forwarding allows specific ports of

the hosts residing in the internal network to be forwarded

to the external network. This is useful for number of

applications such as FTP servers, gaming, etc. where

different host systems need to be seen using a single

common IP address/port.

Port Forwarding rules can be set in the

Port Forwarding

window, which is opened by enabling

Port Forwarding

and then clicking

Configure

Port Forwarding entries can be specified by using the

following criteria:

•

Private IP

The IP of the host which is connected to the

internal network and needs to be accessible from the

external network.

•

Private Port

The TCP/UDP port of the application

running on the host which is connected to the internal

network. The specified port will be accessible from the

external network.

•

Type

The L3 protocol (IP) type which needs to be

forwarded from the internal network.

•

Public Port

The TCP/UDP port of the AirRouter which

will accept and forward the connections from the

external network to the host connected to the internal

network.

•

Comments

Enter a brief description of the port

forwarding functionality such as FTP server, Web server,

or game server.

•

Enabled

Enables or disables the effect of the particular

port forwarding entry. All the added firewall entries are

saved in the system configuration file, however only

the enabled port forwarding entries are used on the

AirRouter.

Save your port forwarding entries by clicking

Save

discard your changes by clicking

Cancel

Page 19 / 38

Ubiquiti Networks, Inc.

Chapter 3: AirOS™

AirRouter User Guide

LAN Network Settings

LAN IP Address

This is the IP address to be represented

by the LAN or WLAN interface which is connected to the

external network according to the wireless operation

mode described previously. This IP address can be used for

routing and device management purposes.

The external network interface can be set for static IP or

can be set to obtain an IP address from the DHCP server

which should reside in the external network. One of the

IP assignment modes must be selected for the external

network interface:

•

DHCP

Choose this option to obtain the IP address,

Gateway and DNS address dynamically from the

external DHCP server.

•

PPPoE

Choose this option to obtain the IP address,

Gateway and DNS address dynamically from the

external PPPoE server.

•

Static

Choose this option to assign the static IP settings

for the external interface.

DHCP

DHCP Fallback IP

If the AirRouter is set to Dynamic

IP Address mode (DHCP) and is unable to obtain an IP

address from a valid DHCP server, it will fall back to the

static IP address listed here.

DHCP Fallback Netmask

If the AirRouter is set to

Dynamic IP Address mode (DHCP) and unable to obtain an

IP address from a valid DHCP server, it will fall back to the

static Netmask listed here.

Enable DMZ

The Demilitarized zone (DMZ) can be

enabled and used so that services such as Web Servers,

Proxy Servers, and E-mail Servers can still serve the local

network and are at the same time isolated from it for

additional security. DMZ is commonly used with NAT

functionality as an alternative to Port Forwarding but DMZ

opens all ports of the host network device to the external

network.

•

DMZ Management Port

Web Management Port for

the AirRouter (TCP/IP port 80 by default) will be used for

the host device if the DMZ Management Port option is

enabled.

•

DMZ IP

Enter the IP address of the internal network

device and the device will be completely exposed to the

external network.

Auto IP Aliasing

Automatically generates an IP Address

for the corresponding WLAN/LAN interface if enabled.

The generated IP address is a unique Class B IP address

from the 169.254.X.Y range (Netmask 255.255.0.0) which is

intended for use within the same network segment only.

Auto IP always starts with 169.254.X.Y while X and Y are

last 2 digits from the MAC address of the device (i.e. if the

MAC is 00:15:6D:A3:04:FB, Generated unique Auto IP will

be 169.254.4.251).

IP Aliases

IP aliases for the internal and external network

interface can be configured. IP Aliases can be specified

using the

IP Aliases

configuration window which is opened

when you click

Configure

•

The alternative IP address for the LAN or WLAN

interface, which can be used for the routing or device

management purposes.

•

Netmask

The network address space identifier for the

particular IP Alias.

•

Comments

Field used for a brief description of the

purpose of the alias.

•

Enabled

Enables or disables the particular IP Alias. All

added IP Aliases are saved in the system configuration

file, however only the enabled IP Aliases are active on

the AirRouter.

Newly IP Aliases can be saved by click the

Save

button

or discarded by clicking the

Cancel

button in the

Aliases

configuration window.

Change MAC Address

When enabled, the MAC address

of the respective interface can be changed. This is

especially useful if your ISP only assigns one valid IP

address and it is associated to a specific MAC address;

usually used by Cable operators or some WISPs.

PPPoE

Point-to-Point Protocol over Ethernet (PPPoE) is a

virtual private and secure connection between two

systems which enables encapsulated data transport. It is

commonly used as the medium for subscribers to connect

to Internet Service Providers (typically DSL).

Page 20 / 38

Ubiquiti Networks, Inc.

Chapter 3: AirOS™

AirRouter User Guide

Select the IP Address option PPPoE to configure a PPPoE

tunnel in order to connect to an ISP. Only the external

network interface can be configured as a PPPoE client as

all the traffic will be sent via this tunnel. The IP address,

Default gateway IP and DNS server IP address will be

obtained from the PPPoE server after PPPoE connection is

established. The broadcast address is used for the PPPoE

server discovery and tunnel establishment.

A valid username and password are required for the PPPoE

connection:

PPPoE Username

Username to connect to the server

(must match the configured on the PPPoE server).

PPPoE Password

Password to connect to the server

(must match the configured on the PPPoE server).

Show

Check this box to display the PPPoE password

characters.

PPPoE MTU/MRU

The size (in bytes) of the Maximum

Transmission Unit (MTU) and Maximum Receive Unit

(MRU) used for data encapsulation while transferring

through the PPP tunnel; (MTU/MRU default value: 1492)

PPPoE Encryption

Enables the use of MPPE encryption.

The IP address of the PPP interface will be displayed on

the

Main

tab next to the PPP interface statistics if it is

obtained through the established PPPoE connection,

otherwise a

Not Connected

message will be displayed.

A PPPoE tunnel reconnection routine can be initiated

using the

Reconnect

button which is located in the

Main

tab next to the PPP interface statistics.

Enable DMZ

The Demilitarized zone (DMZ) can be

enabled and used so that services such as Web Servers,

Proxy Servers, and E-mail Servers can still serve the local

network and are at the same time isolated from it for

additional security. DMZ is commonly used with NAT

functionality as an alternative to Port Forwarding but DMZ

opens all ports of the host network device to the external

network..

•

DMZ Management Port

Web Management Port for

the AirRouter (TCP/IP port 80 by default) will be used for

the host device if the DMZ Management Port option is

enabled.

•

DMZ IP

Enter the IP address of the internal network

device and the device will be completely exposed to the

external network.

Auto IP Aliasing

Automatically generates an IP Address

for the corresponding WLAN/LAN interface if enabled.

The generated IP address is a unique Class B IP address

from the 169.254.X.Y range (Netmask 255.255.0.0) which is

intended for use within the same network segment only.

Auto IP always starts with 169.254.X.Y while X and Y are

last 2 digits from the MAC address of the device (i.e. if the

MAC is 00:15:6D:A3:04:FB, Generated unique Auto IP will

be 169.254.4.251).

IP Aliases

IP aliases for the internal and external network

interface can be configured. IP Aliases can be specified

using the

IP Aliases

configuration window which is opened

when you click

Configure

•

The alternative IP address for the LAN or WLAN

interface, which can be used for the routing or device

management purposes.

•

Netmask

The network address space identifier for the

particular IP Alias.

•

Comments

Field used for a brief description of the

purpose of the alias.

•

Enabled

Enables or disables the particular IP Alias. All

added IP Aliases are saved in the system configuration

file, however only the enabled IP Aliases are active on

the AirRouter.

Newly IP Aliases can be saved by click the

Save

button

or discarded by clicking the

Cancel

button in the

Aliases

configuration window.

Change MAC Address

When enabled, the MAC address

of the respective interface can be changed. This is

especially useful if your ISP only assigns one valid IP

address and it is associated to a specific MAC address;

usually used by Cable operators or some WISPs.

Rate

Popular AirRouter Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share