=================================================== WILI-S 5.26 Master Release Notes July 15, 2009 =================================================== ABOUT ===== WILI Software is a portable embedded Linux based software platform suited to implement a highly functional, secure and manageable wired and wireless IP networking devices: HotSpot access points, access controllers, enterprise access points, fixed 802.11a/b/g wireless network elements, base stations and customer premise equipment (CPE) and high performance, secure point to point or point to multi point wireless bridges. Document includes information about the latest WILI Software release (WILI-S further in this document) targeted for the Gateworks Avila, Zinwell ZW4x00, LanReady AP-1000 and FN522, ADI Pronghorn Metro hardware platforms and Wistron RDAT-81, PC Engines WRAP.2C, Compex WP54G/WP54AG, WILIBOARD WBD-111, WBD-500 (http://www.wiligear.com) devices. SOFTWARE DESCRIPTION ==================== The WILI-S Highlights --------------------- WLAN * Wi-Fi compliant * IEEE 802.11a/b/g * WMM/Half and Quarter Rates/Security Band * Atheros Super AG * WPA/WPA2 PSK and Enterprise * Multiple broadcasted SSIDs * Per MBSSID security policy * VLAN to MBSSID mapping * Antenna diversity * Adjustable RF output power * Layer 2 user isolation AAA * Multiple authentication methods: UAM, 802.1x/EAP (using RADIUS backend) * Per LAN/VLAN/WLAN AAA policies * WISPr compliant * RADIUS authentication failover * RADIUS accounting failover/backup * Remote user login, logout, session status control via HTTPs/XML * Per user bandwidth management * Authenticated clients limit per BSSID. IP Router and IP address management * Static IP address fallback * Static IP routing table * Source routing * NAT/NAPT (IP masquerading) * Multiple IP addresses per interface - aliases * Port-forwarding * 802.1q VLAN support * Source routing * Transparent VPN client pass-through (PPTP, IPsec ESP) * Customizable Firewall * DHCP server, relay gateway (suboptions), DHCP client * Multiple DHCP IP address pools on device * SMTP redirection (e-mail) VPN * IPsec tunnels w/ optional dynamic rekeying support * GRE (Generic Routing Encapsulation) tunnels * OpenVPN point-to-point or server-to-multiclient encrypted tunnels Management * Secure management via HTTPS, SSH, SNMP * SNMP v1/v2c/v3 (incl. authentication and encryption) * Management subnet for remote AP and switch management * Automatic remote firmware update (using RCMS) * Automatic white/black list update * RCMS (automatic provisioning system allows to configure, upgrade firmware & monitor devices centrally) WILI-CORE skin * Statistic pages, including system information, wireless and wired interface statistics, routing and ARP tables * Configuration page * Administrator account's password configuration * License upload/download * Skin management * Firmware update, reset to factory defaults, reboot * Site survey (may temporary disable wireless connection) * Antenna adjustment tools SYSTEM REQUIREMENTS =================== Operating System ---------------- The operation of WILI-S is independent of the operating system on the client stations. For configuration and device management WILIBOX recommends using a PC with web browser that supports SSLv3/TLSv1 and Java Script. Optionally WILI-S can be managed via SSH (CLI) or RCMS (automatic provisioning system). Third party tools compliant with SNMP v1/v2/v3 (*) protocol can be used to monitor current status and performance of the device. AAA Server ---------- RADIUS server (RFC2865-2866) is required in order to authenticate users and to enable accounting. This product has been tested for interoperability with various RADIUS servers available in the market. For 802.1x based authentication the RADIUS server must support EAP (Extensible Authentication Protocol) authentication type. Web Server ---------- For management purposes WILI-S includes a web server with both HTTP and HTTPs protocol support. Provided Web management features are dependent on currently loaded skin. (*) These features are not available on Wistron RDAT-81 and Compex WP54G/WP54AG hardware: * IPSec * SNMP v3 * OpenVPN * Inadyn dynamic DNS client (*) These features are not available on WBD-500 hardware: * IPSec WHAT'S NEW =================== Version WILI-S 5.26 (differences from WILI-S 5.24) * New firmware version for WBD-111 hardware revision 2.x * Enabled OpenVPN support * Implemented extended 802.11 SNMP MIB with wireless statistics * Increased client statistics timeout form 10 to 300 seconds * statsd daemon adds information about currently associated wireless clients * Possibility to view ACL list MAC adresses * aaad accounting module sends client IP address to RADIUS DB during the authentication * UAM portal name can have DNS version * Empty configuration keys are not removed from configuration file * Enabled CONNMARK iptables module * Fixed ZW4400 irq "nobody cared" problem Version WILI-S 5.24 (differences from WILI-S 5.23) * New key sshd.keepalive = [seconds]. * Fixed XScale ethernet driver dropping received packets larger than MTU value. * Bandwidth limitation per IP when in bridge was not working for downlink traffic. * Decreased default ARPNAT cache expiration value to 200sec. * Boot of XScale based devices was extremely slow when configuration contained >100 VLANs. * Added ethtool support to RDAT-81/WBD-500 devices. Version WILI-S 5.23 (differences from WILI-S 5.22) * RTC support on AP1000/AVILA hardware. * Fixed DNSmasq stalling and stoping responding to DNS requests. * Fixed spontaneous device reboots when radio signal quality is very low in G mode. * Compex WP54/WP54AG was missing EBT_VLAN module. * Fixed STP on wireless interfaces * Other changes: new SSH server dropbear version 0.51, allmulti flag is set on all interfaces by default, fixed OOM condition when working in an environment together with Mikrotik devices in WDS mode, increased delay reading/writing MII registers. Version WILI-S 5.22 (differences from WILI-S 5.21) * Fixed Denial of Service with specific SNMP request (WBD-111). * Fixed kernel crash in netlink_run_queue() on Xscale platform. * RADIUS 'Class' Attribute support in AAAD. * Increased watchdog timeout from 15s to 45s. * Fixed ethernet Driver rewriting small packet TCP headers when it shouldn't (WBD-111). * Increased RADIUS client auth/acct timeout and retry default values. * Fixed issues with DHCP lease expiration time. * DNSmasq upgraded, fixes issue when server stops resolving. * Improved bandwidth shaping in AAAD. * Added inadyn-mt dynamic DNS client. * Fixed RCMS agent generating useless debug messages at 'fatal' level. * Changed 'acktimeout' and 'ctstimeout' default values to 48, both of them will always be set to the same value, if they are configured but not equal, bigger of specified values will be used. * New keys for multicast configuration in netconf section: mcast..address, mcast..lladdress, allmulti. * Different wireless driver fixes. Version WILI-S 5.21 (differences from WILI-S 5.20) * Implemented new configuration key radio..ani for controlling interference mitigation/Ambient Noise Immunity (ANI). * Fixed problem with UAM, device returned wrong RADIUS NAS-Port-Id if bridge contained more than 256 ports. * In previous version 5.20 discovery daemon did not start while DHCP client was waiting for an IP address. * Specifying maximum wireless data rate did not limit upper rate when used together with automatic rate mode. * Added new configuration key ulogd.loglevel=[debug,info,notice,err,crit]. * Added new PPPoE client keys: pppoe..persist, pppoe..holdoff. * Wiliboard sometimes crashed when writing to flash (/etc/persistent). * Implemented netconf..mtu configuration key. * Implemented new PPPD configuration options: ppp..lcp_echo_failure, ppp..lcp_echo_interval. * Fixed device crash with some specific radio settings. Version WILI-S 5.20 (differences from WILI-S 5.02) * Implemented RADIUS MAC authentication. * Support of more detailed associated clients information in skins. * Static bandwidth control (w/o RADIUS). * Implemented interface name aliases for easier configuration of RCMS statistics. * Fixed issue with station supervision on bridge not working with multiple AAA daemons on bridge ports. * Traffic monitor in skins. * aaad will be started even if client did not get an IP address from DHCP server. * Support of USB 3G modems on WILIBOARD hardware. * Extended RCMS agent with support of multicast discovery. * Troubleshooting support. * Remote device recovery on boot. * Implemented sysconf configuration plugin for Quagga routing suite. * Support of multicasts at higher rates. * PPPoE support. * IGMP snooping. * Various WILI-SKINS improvements. Version WILI-S 5.02 (differences from WILI-S 5.01) * G-only (pureg) mode now works with quarter rates. * Other wireless driver fixes: allowed TX power was too low in some countries, data rate selection module fixes: communication is now possible over links with lower link quality. * Fixed crash when loading kernel module with configuration settings: modules.status=enabled modules.1.status=enabled modules.1.name=ip_conntrack modules.1.arguments=hashsize=81920 * Autochannel could set the same channel on multiple radios, now channel selection is randomized if multiple free channels are available. * Fixed SNMP segfault when traversing ieee8021paeMIB. * Fixed SNMP not responding after doing snmpbulkget with non existing OID. * Increased default accounting interim update interval to 5 minutes, also interim updates are not sent immediately on client IP address change, they are delayed. * Dynamic VLAN fix: problem was with multiple clients on different VLANs but on the same bridge, only one VLAN could access the bridge at any given time. * UAM placeholders now support %wanip variable. * DHCP relay agent information option (option 82) support. * Station supervision daemon now checks for MAC address changes. * NTP daemon retries synchronization forever and does not pause boot sequence for 15 seconds if NTP server is not reachable as it was before. Version WILI-S 5.01 (differences from WILI-S 5.00) * BusyBox update to version 1.5.0, this fixes more than 1.5 min. reboot lag on RDAT-81 device. * Licensing scheme change, no licence time limit. * F/W upgrade shows firmware versions, added licence check warning. * Dynamic Turbo fixes. * Implemented support for WILIBOX Firmware Factory. * Half/Quarter rates fixes (for ar5414 cards). * Multicast based device discovery from WAN side. * Fixed kernel crash observed while listing channels with wlanconfig in a loop. * Fixed whitelist/blacklist module, in some circumstances on x86 hardware it crashed the kernel. * Fixed site survey reporting WPA encrypted APs as using WEP encryption. * Fixed HTB traffic shaping system, on x86 PC hardware it crashed the kernel under high load. * Fixed endianess issues with arpnat, added new options: o ebtables.arpnat.expiration = [sec] Default: 25200 s o ebtables.arpnat.debug = [enabled|disabled] Default: disabled o ebtables.arpnat.bootpnat = [enabled|disabled|relay] Default: enabled o ebtables.arpnat.pppoenat = [enabled|disabled] Default: enabled * Fixed Compex WP54(AG/G) Ethernet driver freeze. * Fixed netconf plugin ignoring interface alias keys. * Fixed issues with TPC on RDAT-81. * Enabled FastFrames, WMM and FrameBurst in default configurations. Version WILI-S 5.00 (differences from WILI-S 3.5) * Updated wireless driver, supports latest generation Atheros cards. Features: * Half/quarter rates support * 802.11j - 4.9 GHz security/Public safety band support * 802.11e - WMM (QoS) * 802.11h - Spectrum and Transmit Power Management Extensions * Atheros super features * 802.11i/RSN/WPA2 pre-authentication support. * RCMS agent with network usage statistics. * P2P traffic control. * Updated WPA supplicant, dropbear SSH server. * Fixed memory leaks, possible deadlock situations in AAA daemon code. * Fixed potential problems in UAM redirector redird, made some optimizations. * Improved white/black list handling performance. * New WDS implementation does not require to specify MAC address of WDS peer in configuration. KNOWN ISSUES ============ * RDAT-81 device specific: ath0 radio card reports as if it was a 802.11 a/b/g radio, in fact it only works in 802.11a mode. * If IGMP snooping is on and WILI SCOUT software is used from a wireless side, device discovery won't work. UPGRADE NOTES ============== When upgrading from 3.5 version firmwares, note that: * configuration of WDS interfaces has changed, you may need to reconfigure your WDS interfaces. For more information check WILI User's Guide on our website: http://www.wilibox.com INSTALLATION NOTES ================== Default configuration --------------------- Use the following procedure to access WILI-S based device Web management pages via Wireless interface. Connecting the first time through WLAN interface ------------------------------------------------ Please follow step-by-step instructions in order to connect to the WILI-S based device for configuration and management activities. 1a. For hardware powered directly from the mains connect a power adapter to the WILI-S based device. 1b. For hardware powered via PoE adapter connect PoE adapter's P+Data port with the WAN port of the WILI-S based device. 2a. Connect one Ethernet patch cable to the WAN port of WILI-S based device and to an Ethernet port of a broadband Internet modem or router. 2b. Connect one Ethernet patch cable to the PoE adapter's Data port and to an Ethernet port of a broadband Internet modem or router. 3. Setup a wireless network adapter on your computer (Go to Start>Settings>Network Connections>Right click on Wireless Network Connection associated with the wireless adapter) by selecting Properties. 4. Setup wireless network adapter's IP address (choose Internet Protocol (TCP/IP)> click Properties). 5. Make sure that your wireless network adapter is configured to obtain IP address automatically. 6. Enable wireless network connection. 7. Choose a wireless device with SSID WILI-S from a list of available wireless networks. 8. Open the Web browser and type default wireless interface IP address: http://192.168.4.1 RDAT-81 device has 2 integrated radio modules, 802.11a radio has IP address 192.168.4.1, alternatively for access in 802.11b/g mode try: http://192.168.5.1 After the connection is established, you will see WILI-S Web interface. 9. Enter user name 'admin' and password 'admin01' to access the Web management. It is strongly recommended to change default user's password. 10. After successful administrator log in you will see the system information page of the WILI-S device Web management interface. Now the WILI-S device is ready for configuration. For further instructions on Web management refer to the respective documentation. Connecting for the first time through WAN interface ----------------------------------------------- Use the following procedure to access the WILI-S based device Web management pages via WAN interface: 1a. On a network without DHCP server configure your PC with a static IP address on the 192.168.2.0 subnet with mask 255.255.255.0 1b. On a network with running DHCP server, leave your current configuration and go to step 2. 2. Connect the WILI-S based device WAN interface to the same physical network as your PC. Open the Web browser and type either the default IP address of the WILI-S based device: http://192.168.2.66 or IP address provided for device by DHCP server. 2. Enter the WILI-S based device administrator's login details to access the Web management: default administrator's user name is 'admin' and password is 'admin01'. 3. After successful administrator log in you will see system information page of the WILI-S device Web management interface. Now the WILI-S device is ready for configuration. Console Connection ------------------ Use the following procedure to access the WILI-S based device using a serial connection cable (if available on board). 1. Connect the power adapter to the WILI-S based device. 2. Connect the device to your management terminal using the serial connection cable and start a terminal session (using an application such as HyperTerminal) with the following settings: +------------------+-------------------------+ | Setting | Value | +==================+=========================+ | Bits per second | 115200 | +------------------+-------------------------+ | Data bits | 8 | +------------------+-------------------------+ | Parity | none | +------------------+-------------------------+ | Stop bits | 1 | +------------------+-------------------------+ | Flow control | none | +------------------+-------------------------+ 3. When connected correctly the login prompt appears allowing you to enter the administrator's login and password: default administrator's login settings are: user name 'admin' and password: 'admin01'. 4. Enter the default login credentials and you will be successfully logged in the WILI-S based device CLI management interface: For further instructions on CLI management refer to the respective section in WILI-S User's Guide. Configuration ------------- Detailed information on the configuration of a device, its available options and documentation is provided in WILI-S and WILI-CORE Skin User's Guides accordingly. Additional information can be found on www.wilibox.com and forum pages as well. Firmware Update --------------- Firmware updates can be done from the System/Maintenance menu when using Web management. Alternatively firmware updates can be done via RCMS server. Please consult appropriate manual for the purchased product. TECHNICAL SUPPORT ================= If you encounter any problems when installing or using your WILI-S product please refer to the WILIBOX web site www.wilibox.com for local support contacts. Also, questions can be asked at http://www.wilibox.com/forum/. Latest firmware updates are available at the download area on www.wilibox.com. =========== End of File ===========